Table of Contents

• Key Terms & Definitions
• Key Areas
• Security Operations_Mindmap
• Resources
• Credits & Disclaimer

CISSP Mindmap – Domain 07

A comprehensive CISSP Mindmap Series will include all 8 Domains. This collection is designed to equip prospective CISSP professionals with essential resources for exam preparation, training and reference.

Incident Response

• Incident Response (IR): The methodology an organization uses to respond to and manage a cyberattack. An incident response plan aims to reduce damage, recover data, and mitigate exploited vulnerabilities.

 

Security Operations Concepts

• Need-to-Know / Least Privilege: Principles ensuring individuals have access only to the information and resources necessary for their job functions.
• Separation of Duties: A security concept that ensures critical tasks are split among multiple people to prevent fraud or data breach.
• Job Rotation: A practice involving the rotation of employees through different jobs to reduce fraud and increase understanding of various roles within security operations.

 

Investigations

• Forensics: The practice of gathering, analyzing, and preserving evidence from digital devices in a way that is legally admissible.
• Chain of Custody: The chronological documentation showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence.

 

Monitoring and Detection

• Security Information and Event Management (SIEM): A set of tools and services offering a holistic view of an organization’s information security.
• Log Management: The process of generating, transmitting, storing, analyzing, and disposing of computer security log data.

 

Business Continuity Planning (BCP)

• Business Continuity Planning (BCP): The process involved in creating a system of prevention and recovery from potential threats to a company. It ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.

 

Disaster Recovery (DR)

• Disaster Recovery (DR): Strategies and processes for recovering from a catastrophic event, ensuring the continuity of business operations at an acceptable predefined level.

Physical Security

• Physical Security Controls: Measures taken to protect systems, buildings, and related supporting infrastructure against threats associated with their physical environment.

 

Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs)

• Key Performance Indicators (KPIs): Metrics used to evaluate factors that are crucial to the success of an organization.
• Key Risk Indicators (KRIs): Metrics used to measure how risky an activity is to a company’s operational objectives.

1. Understand and Support Investigations

• Investigation Types: Understanding different types of investigations, including administrative, criminal, civil, and regulatory compliance.
• Evidence Collection and Handling: Knowing how to collect, handle, and preserve evidence to maintain its integrity for legal and administrative proceedings.

 

2. Understand Requirements for Investigation Types

• Legal and Regulatory Issues: Familiarity with legal, regulatory, and organizational requirements affecting security operations.
• Forensic Investigation: Techniques and practices for conducting secure, systematic forensic investigations of incidents.

 

3. Conduct Logging and Monitoring Activities

• Continuous Monitoring: Implementing and managing continuous monitoring processes to detect security incidents.
• Security Information and Event Management (SIEM): Using SIEM tools for real-time analysis of security alerts generated by applications and network hardware.

 

4. Secure the Provisioning of Resources

• Asset Management: Managing assets to ensure that information resources are protected throughout their lifecycle.
• Configuration Management: Keeping hardware and software configurations consistent across the organization to protect assets.

 

5. Understand and Apply Foundational Security Operations Concepts

• Need-to-Know / Least Privilege: Applying principles that limit access and privileges to only what is necessary for job functions.
• Separation of Duties and Responsibilities: Ensuring critical tasks are divided among individuals to reduce risk of fraudulent activity.

 

6. Employ Resource Protection Techniques

• Data Security Controls: Implementing controls to protect data integrity, availability, and confidentiality.
• Cryptography: Using cryptographic techniques to protect data in transit and at rest.

 

7. Conduct Incident Response

Incident Management: Processes for detecting, responding to, and managing security incidents.

• Incident Response Plan: A predefined set of instructions for detecting, responding to, and limiting the impact of an information security event.

 

8. Operate and Maintain Detective and Preventive Measures

• Firewalls, IDS/IPS: Deploying and managing firewalls and intrusion detection/prevention systems to protect networks.
• Anti-Malware Solutions, Whitelisting/Blacklisting: Using software tools to prevent, detect, and remove malicious software.

 

9. Understand and Participate in Change Management Processes

• Change Management: Processes for ensuring that changes to the IT environment are implemented in a controlled manner to maintain security, confidentiality, integrity, and availability.

 

10. Implement and Support Patch and Vulnerability Management

• Vulnerability Scanning and Remediation: Identifying, assessing, and mitigating vulnerabilities in software and systems.

 

11. Understand and Apply Security in the Software Development Lifecycle (SDLC)

• Security in SDLC: Integrating security considerations into the software development lifecycle to develop more secure applications.

 

12. Understand and Support Business Continuity (BC) and Disaster Recovery (DR) Plan

• Business Continuity Planning: Developing, maintaining, and testing BC plans to ensure an organization can continue operating during and after a disaster.
• Disaster Recovery Planning: Creating DR plans to recover IT systems, applications, and data after a disaster.

• (ISC)2 CISSP Official Study Guide (OSG) 9th Edition by Mike Chapple, James Michael Stewart, and Darril Gibson
  • Chapter 16-19, Pg760
• CISSP All-in-One Exam Guide, Ninth Edition by Fernando Maymi and Shon Harris
  • Part VII, Pg882
• Eleventh Hour CISSP® Study Guide, Third Edition by Eric Conrad, Seth Misenar, Joshua Feldma
  • Domain-07, Pg145
• Destination Certification – A Concise Guide by Rob Witcher, John Berti, Lou Hablas, Nick Mitropoulos
  • Domain-07, Pg383

• The Official (ISC)2 CISSP CBK Reference, 6th Edition by Arthur Deane and Aaron Kraus

  • Domain-07, Pg549

• (ISC)2 CISSP Official Practice Tests by Mike Chapple and David Seidl
• How to Think Like a Manager for the CISSP Exam by Luke Ahmed
• Boson Practice Exam
• Study Notes and Theory (SNT) by Luke Ahmed

• Mike Chapple’s CISSP Cert Prep on LinkedIn Learning.
• Kelly Handerhan’s CISSP Prep Course on Cybrary
• Destination CISSP Mindmap Video
• Pete Zerger’s CISSP Exam Cram 
• Prabh’s Coffee Shots
• Luke Ahmed’s Study Notes and Theory (SNT) 

We express our gratitude to the below-mentioned authors, creators, and sources which have been referred for the creation of our Interactive CISSP Mindmap – Mike Chapple and David Seidl (OSG), Luke Ahmed (SNT), Pete Zerger (Exam Cram), Prashant Mohan (Memory Palace) , Prabh (Coffee shots), Rob Witcher (destcert.com/)  and M. Waleed Khaliq (CISSP Concepts Guide).This Mindmap has been meticulously created to ensure that information is shared effectively. This Mindmap aims to offer a thorough grasp of essential concepts with a dedication to assist enhanced learning experiences. We hope that this resource helps people absorb information more thoroughly, which will lead to a broader understanding of each CISSP domains and is freely available for all.

We have already included some reference images and short notes for most of the topics so that users can more effectively refer to the content in the mindmap. If you have any information, images, or notes that can make the mindmap more effective, please feel free to share them.

https://github.com/sajinshivdas/CISSP_Interactive_Mindmap/tree/main/CISSP_Domain_07

For issues and concern please feel free to raise a issue in Github link https://github.com/sajinshivdas/CISSP_Interactive_Mindmap/issues

Connect with me www.linkedin.com/in/sajin-shivdas