Sunday, July 8, 2018

CISSP Common Body of Knowledge - Domain One, a study aid

The Common Body of Knowledge (CBK) for the Certified Information Systems Security Professional (CISSP) is a lengthy document with a lot of terminology that may be new to those studying it. As part of my preparation for the exam, I started a list of keywords that jumped out at me. As that list expanded, it occurred to me that this would be an excellent basis for a series of crossword puzzles. To that end, here's the first one.

Note, this is by no means a definitive list of keywords. These are just some keywords that came to the fore as I studied. You might find others. I might create another crossword as I continue working through Domain One.


4 An inspection that ensures that expectations and standards are met.

5 The stability of the state of something over a period of me.

6 To isolate dues so that they must be performed by more than one person.

7 Laws or by-laws enacted by governing bodies to control the activities of a subordinate group.

9 A violation of established law.

10 The assurance that the information accessed is correct and free from unauthorized modification.

12 The individual planning or perpetrating an event.

14 The foundational elements that guides one's thoughts and actions.

15 An uncertain event or condition that, if it occurs, has the potential to negatively impact the organization.

20 The assurance that only those individuals with appropriate permission can access information.

24 To ensure that the latest software is in use.

25 The means of ensuring that an activity is being performed with appropriate permission.

27 To observe what is taking place in real-me.

28 A firm belief in the reliability or truth of something.

29 In the case of Information Security, an unauthorized restriction placed on a system.


1 A safeguard that protects against a specific threat.

2 The leadership and organizational structures and processes that ensure that the organization achieves its strategies and objectives.

3 A plan that demonstrates expected reaction to stimulus.

4 Something of value (to an organization in this case).

8 The means of ensuring that the source or destination of a communication is truthfully conveyed.

9 An unscheduled, and unexpected termination of a process or system.

11 To aect the application of core security principles.

13 An event or situation that, if it occurred, would prevent the organization from operating in its normal manner, if at all.

16 The assurance that systems and information required, can be accessed when needed.

17 The acronym that refers to the various stages of a system's existence.

18 A copy of information.

19 The opinion generally held by those external to an organization.

21 The importance given to dierent elements in a collection.

22 A system for gathering and maintaining information.

23 To improve the application of core security principles.

26 A negative action taken against an organization or system.

No comments:

Post a Comment