For The Software Capability Maturity Model you can also think of it in terms of working out! Initial - starting point Repeatable- stay with your workout routine If you do that you will get Defined. Once you are defined it’s just a matter of Managing your gains. If you can do that, you will stay Optimized 😊
Thanks mate! It doesn't matter if I pass the exam or not, all the effort that you put in creating these videos - is appreciated! God bless you mate! keep the good content coming... :)
Bell LaPedula = Difficult to read and difficult to write down, therefore "No" read up and write down (if read is UP then write is DOWN), bIba and Clark-WIlson = The "I" in them stands for integrity / Goguen and Sutherland are men of "Integrity"
For the control categories (preventive, detective, corrective, deterrent, recovery, compensating, directive) I use "Prevention Detects Common Data Recovery Chaos & Disasters". I know that the logic is not 100% clean as prevention does not detect, but many words fit already. So I can live with the twist...
Hi Pete thank you so much for your material. I am French and I would like to share the way I learn the 4 canons of the code of ethics. I use the 1st letter P protect... A act... P provide... A advance... => it gives the acronym PAPA that means "dady" in French it is pretty relevant to memorise when speacking responsible code of conduct 😉
I provisionally passed today! Thank you so much for the succinct info filled video. I used this video as last minute prep a week before taking the test!
@Liliana Carranza I used the ISC2 materials (app, book, extra test book), all-in-one book, a boot camp, study group, and watched this channel and destination certification.
Love your techniques... Do you have a video on the OSI Model actual application? For example, the ports and or related dependencies that are required for the OSI Model to work. I took the practice Exam and one question was asked about at which layer does an encrypted authentication between a client software package and a firewall occurs?
Thanks! OSI model? I talk about it in a couple of spots. I show the protocols at each layer here -ruclips.net/video/_nyZhYnCNLA/видео.html. Exam shouldn't go deep on protocol and layer matching. Will be more about function and the right protocol for specific situations, which we cover throughout the full course video - ruclips.net/video/_nyZhYnCNLA/видео.html
You're so welcome! Good luck on the exam. Make sure you check out my CISSP playlist! ruclips.net/p/PL7XJSuT7Dq_XPK_qmYMqfiBjbtHJRWigD&si=KRsxWk5yT5pcpUcj
It definitely has value and is a proven technique, although more difficult for most to perfect. I lean on spaced repetition with candidates because it is easier most, and addresses long-term retention, and as a result, more likely to lead to comprehension of the underlying material.
Question about where the initial Triage happens. At the detection phase or Response ? I got study question wrong because i stated that the Triage happens at the Response phase per this video. The correct answer on the study question was at the Detections phase. Please advise
No, it happens at the first phase post-detection. Here's the evidence from two authoritative sources. You don't see the word triage mentioned to many times so it's a good question, but my language in the incident response section of the full course (watch here - ruclips.net/video/_nyZhYnCNLA/видео.htmlsi=5gh4NcX2v5WoARug&t=22277) and my use of the word triage in the Response section is consistent with the Official Study Guide, where on page 892 says: "one of their first tasks is to assess the situation. This normally occurs in a rolling fashion, with the first responders performing a simple assessment to triage activity and get the disaster response under way." If you look at this resource (swimlane.com/blog/how-to-do-incident-response-triage-right/) it confirms triage happens in the first phase after detection, also consistent with my video link above.
Further supporting my evidence below, with Detection being the first phase, you cannot triage an issue until AFTER detection. You cannot assess what has not yet been detected, which is a distinct first phase. You cannot triage has not yet been detected.
Per Wikipedia: Although not developed under the OSI Reference Model and not strictly conforming to the OSI definition of the transport layer, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) of the Internet Protocol Suite are commonly categorized as layer-4 protocols within OSI. Transport Layer Security (TLS) does not strictly fit inside the model either. It contains characteristics of the transport and presentation layers. en.m.wikipedia.org/wiki/OSI_model. Bottom line is TLS shares characteristics of layer 4 and layer 5. I don't think the distinction in this one off scenario is going to cause you any headaches on the exam. Good luck on exam day. 🍀🤞
Excellent stuff! But I found a bug: according to CISSP TLS is Transport not Presentation layer. 6:38 isn't Containment meant to occur in Detection phase? "Response The response phase also called as containment phase. As the name suggests..."
Complicated it seems. Per Wikipedia, "Transport Layer Security (TLS) does not strictly fit inside the model either. It contains characteristics of the transport and presentation" en.wikipedia.org/wiki/OSI_model. Explains why it may appear in different layers in different charts on the Internet.
this 2-minute segment more closely maps to the terminology of the official study ruclips.net/video/mLuLtIsDjK8/видео.html. You can also read about this topic in Chapter 17, which may help provide deeper detail. Appreciate you taking time to make comments.
OSI - Please Do Not Teach Stupid People Acronyms. 😂 And then on the Bell and Biba when trying to remember which is the simple and which is Star property: You have to read before you can write. Reading is simpler than writing. Therefore read = simple and write = *.
Want to run a mnemonic past you for SYSLOG levels. Emergencies are critical except when nobody is distressed. Emergency Alert Critical Error Warning Notification Information Debug
wow , I'm glad I came here. Thank you !!
Enjoy! Let me know if any questions as you prepare.
For The Software Capability Maturity Model you can also think of it in terms of working out!
Initial - starting point
Repeatable- stay with your workout routine
If you do that you will get Defined. Once you are defined it’s just a matter of Managing your gains. If you can do that, you will stay Optimized 😊
I like it! Thanks for sharing! 👍
Vcccccvvvvvvvvvvvv
This is good example understanding which leads to memorization.
Thanks mate! It doesn't matter if I pass the exam or not,
all the effort that you put in creating these videos - is appreciated! God bless you mate! keep the good content coming... :)
Happy to help! Good luck Naman! 👍
Bell LaPedula = Difficult to read and difficult to write down, therefore "No" read up and write down (if read is UP then write is DOWN), bIba and Clark-WIlson = The "I" in them stands for integrity / Goguen and Sutherland are men of "Integrity"
Hey Victor! Thanks for taking time to share your memory devices! Those are two I have not hear before. 👍
Thanks for the great mnemonics. ACID and IDEAL are acronyms that don't need ones I think.
Agree with you there, but thought I'd offer... just in case. 😉
No WURD = Biba =No Write Up, No Read Down
That's a good one! 💡
For the control categories (preventive, detective, corrective, deterrent, recovery, compensating, directive) I use "Prevention Detects Common Data Recovery Chaos & Disasters". I know that the logic is not 100% clean as prevention does not detect, but many words fit already. So I can live with the twist...
Perfection is the enemy of progress. If it meets your need, the twist looks like an appropriate compromise to me. 👍
Hi Pete thank you so much for your material. I am French and I would like to share the way I learn the 4 canons of the code of ethics. I use the 1st letter P protect... A act... P provide... A advance... => it gives the acronym PAPA that means "dady" in French it is pretty relevant to memorise when speacking responsible code of conduct 😉
Makes sense! Thanks for sharing!
I provisionally passed today! Thank you so much for the succinct info filled video. I used this video as last minute prep a week before taking the test!
Hi, did you use any simulator?
@Liliana Carranza I used the ISC2 materials (app, book, extra test book), all-in-one book, a boot camp, study group, and watched this channel and destination certification.
More relevant for the OSI model, from layer 1 up: Please Do Not Toss Security Processes Aside
;-)
That definitely meets the relevance test I mentioned and I have never heard that one! Thanks for taking time to share!
Thanks for all your videos. These memorization tips were invaluable and helped me pass the exam this week 🥳
Glad it helped! CONGRATULATIONS! 🏆🎉🌟
Love your techniques... Do you have a video on the OSI Model actual application? For example, the ports and or related dependencies that are required for the OSI Model to work. I took the practice Exam and one question was asked about at which layer does an encrypted authentication between a client software package and a firewall occurs?
Thanks! OSI model? I talk about it in a couple of spots. I show the protocols at each layer here -ruclips.net/video/_nyZhYnCNLA/видео.html. Exam shouldn't go deep on protocol and layer matching. Will be more about function and the right protocol for specific situations, which we cover throughout the full course video - ruclips.net/video/_nyZhYnCNLA/видео.html
Brilliant types. The techniques for learning are genius. Thank heavens I found this. Thank you :}
You're so welcome! Good luck on the exam. Make sure you check out my CISSP playlist! ruclips.net/p/PL7XJSuT7Dq_XPK_qmYMqfiBjbtHJRWigD&si=KRsxWk5yT5pcpUcj
Richard!
That made me smile. Keep it up sir!
Thanks, will do! 😉
Great content...Keep up the good work!
Thank you! Will do!
Dingo species comment made me laugh... Great stuff looking forward to the other domain videos !
LOL. Next installment coming soon. 😉
I find using memory palaces works wonders.
It definitely has value and is a proven technique, although more difficult for most to perfect. I lean on spaced repetition with candidates because it is easier most, and addresses long-term retention, and as a result, more likely to lead to comprehension of the underlying material.
Nice, thank’s a lot!
Happy to help!
Question about where the initial Triage happens. At the detection phase or Response ? I got study question wrong because i stated that the Triage happens at the Response phase per this video. The correct answer on the study question was at the Detections phase. Please advise
Based on the CBK, i believe the triage happens at the detection phase. Just a heads up
No, it happens at the first phase post-detection. Here's the evidence from two authoritative sources. You don't see the word triage mentioned to many times so it's a good question, but my language in the incident response section of the full course (watch here - ruclips.net/video/_nyZhYnCNLA/видео.htmlsi=5gh4NcX2v5WoARug&t=22277) and my use of the word triage in the Response section is consistent with the Official Study Guide, where on page 892 says: "one of their first tasks is to assess the situation. This normally occurs in a rolling fashion, with the first responders performing a simple assessment to triage activity and get the disaster response under way." If you look at this resource (swimlane.com/blog/how-to-do-incident-response-triage-right/) it confirms triage happens in the first phase after detection, also consistent with my video link above.
Further supporting my evidence below, with Detection being the first phase, you cannot triage an issue until AFTER detection. You cannot assess what has not yet been detected, which is a distinct first phase. You cannot triage has not yet been detected.
3:54 the OSG 9th ed. describes TLS as part of the Transport layer
Per Wikipedia: Although not developed under the OSI Reference Model and not strictly conforming to the OSI definition of the transport layer, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) of the Internet Protocol Suite are commonly categorized as layer-4 protocols within OSI. Transport Layer Security (TLS) does not strictly fit inside the model either. It contains characteristics of the transport and presentation layers. en.m.wikipedia.org/wiki/OSI_model. Bottom line is TLS shares characteristics of layer 4 and layer 5. I don't think the distinction in this one off scenario is going to cause you any headaches on the exam. Good luck on exam day. 🍀🤞
Excellent stuff!
But I found a bug: according to CISSP TLS is Transport not Presentation layer.
6:38 isn't Containment meant to occur in Detection phase?
"Response
The response phase also called as containment phase. As the name suggests..."
Complicated it seems. Per Wikipedia, "Transport Layer Security (TLS) does not strictly fit inside the model either. It contains characteristics of the transport and presentation" en.wikipedia.org/wiki/OSI_model. Explains why it may appear in different layers in different charts on the Internet.
this 2-minute segment more closely maps to the terminology of the official study ruclips.net/video/mLuLtIsDjK8/видео.html. You can also read about this topic in Chapter 17, which may help provide deeper detail. Appreciate you taking time to make comments.
Thank you 🙏🏾
No problem 😊
Thank you.
You're welcome!
You should change channel's name as "Gem's factory" 😃
😁👍
Great content. Do you have this in Powerpoint format?
Looking for a study reference? If I provide in PDF format, will that work?
@@InsideCloudAndSecurity Yes, sir. That would be great.
Here it is in pdf format - 1drv.ms/b/s!AmhtzcmYt5AViK1RKrDYhCHdHvnCkw?e=i4zP7J
@@InsideCloudAndSecurity Thank you. I really appreciate this.
You're welcome😉
BINGO 👏👏👏👏
Hey Claudia! Glad to hear that! 👍
OSI - Please Do Not Teach Stupid People Acronyms. 😂
And then on the Bell and Biba when trying to remember which is the simple and which is Star property:
You have to read before you can write. Reading is simpler than writing. Therefore read = simple and write = *.
Well Beth, that acronym is just plain mean! 🤣😆😂
Want to run a mnemonic past you for SYSLOG levels. Emergencies are critical except when nobody is distressed.
Emergency
Alert
Critical
Error
Warning
Notification
Information
Debug
That tracks! Is it helping you?
Thank you
Anytime