วีดีโอ

First! Thank you, Gwen!

Wow a new think like a manager! Thanks Gwen! CCSP in two weeks!

Thank you. Wow, this one was interesting. I knew War Driving was the Answer but did not see it as an option. I was confused with War Walking and thought it was a made up name, lol. My test is in feb. Please keep doing these videos. Thank you!!

Maybe you cover this later, but is there a case where this won't be true? I get stung on practice questions often with this principle and always I seem to give the all-encompassing answer when a specific answer is better, or vice versa! I'm not sure, but maybe it relates to when the question is asking about *prioritized* actions, or maybe even the role of the company it states you have?

Thank you for your clarification. I was accurate in thinking this certification is a Management role. I'm going to take the CISA Exam soon, and I am looking to see what CISSP would look like for me and my work experiences as well as education experiences (I am a USAF Veteran who returned to University for a career change, graduated with my BSc in Accounting and Finance, and my MSc in Forensic Accounting). I'll study the CISSP also, it will help me towards building my next career as a Forensic Accountant or Investigator, specifically with cybercrimes and/or technology investigations. 19nov24

Thanks Gwen!

I suppose C is in line with considering CIA(AA) in regards to confidentiality and accountability.

I passed CCSP this week on my first attempt! You were absolutely right, this test is really technical but it also has a lot of managerial questions. There were numerous examples of where I clicked the technical answer "Implement DLP/other tooling" but then saw the "Employee background check" or some other people answer. Ended up switching answers on a lot of questions and passed :).

Informative....

I thought about C and then changed to A. I hate when they trick me like this with these questions!

Thanks Gwen, I passed my CISSP yesterday.

"5:35" So is criminal law not a category of law?

I've just done the cisa with a very good score and I can say one thing for sure: the mindset you're developing is the same as that for auditing. I started preparing for the CISSP a few days ago and I find it very similar to auditing. I hope to give you some good news in a few months' time.

I felt like I bombed CISSP last year and walked out with a pass! Today, I took CCSP and didn’t even get close…and didn’t feel like I did when I completed CISSP, which is to say Dread! Oh well, bought peace of mind and test again in September. Your classes taught me a lot though, so this is clearly my problem!

How much does it cost training with you?

Thanks Gwen. All resourceful/ priceless.

Please do explain Data Steward, Data User in upcoming videos.

Incredible!!!!!!

I passed CCSP with a large part thanks to you.. you’re amazing and appreciated!! 😁

That's a super helpful video thanks. The first and last were simple to me, the ones in the middle were a total blank space. Your description was concise and I now have notes for all 4 types in the answers.

I went wrong on this one for two reasons, first, I looked for "One of these things is not like the other" which should sound familiar. 3 of them referred to 'consumer' and my mind went to consumer / retail / household, not a business consumer. Then I looked at A which talked about TOE, and I remembered just about enough of common criteria to know that a Target of Evaluation was a common criteria thing. And so I chose A, which from the earlier comment I now know was not incorrect, but not the 'best' answer. Clearly 'best' in this instance needs to include it is a category of produces, and implementation independent. Thanks for these videos and your tips. I'm nearly there!

This lady is awesome. Honestly, I used this logic and it works like magic 🪄

First!

In Bell La Padula, there is a concept of 'Trusted Subject' which can violate all the * property restrictions. Not sure if it applies to Biba as well.

I chose D. But don’t you think security policy would be a better term here than corporate policy?

I was confused between A and C but chose C because I believed that whatever product you’re going to buy it should be able to address your needs above all.

This is GOLD! Thank you!

cheers Gwen, Thank you

Bookmarking 34:52 for remembering the order! Great video!!!

Your videos helped me clear the CISSP in January. Thank you, from India! :)

LOVE these, Gwen! Thank you!

Thank you 😊You are a very good teacher- even I understood 😃

12:20 😃👀

Thanks 😊

50:39 I wish. Unfortunately, small people like me are at the mercy of idiots, so it becomes personal.

44:50 Two framed photos on the wall behind you caught my eye, maybe because I am a cocky lone wolf 😄

39:20 😃 I like your style.

37:19 Indeed. Treat them with respect, support them, and make them loyal to your enterprise. If you want to be cynical about it, it’s safer and cheaper in the long run.

35:27 What for? Just to pass this test or the GRC bit of an audit?…

28:34 OK, risk analysis. I agree. However, I totally lack confidence in a system that is inherently vulnerable like hell. By default. It feels almost like on purpose. To mention but very few sources of risk: Ineffectual control of critical infrastructure that can affect matters of national security. National agencies using contractors (which is, effectively, “man-in-the-middle”s awaiting to happen). The reactive security default stance. Over- reliance on technology. Who told you that using clouds (or various forms of AI which are only as intelligent as their programmers) is a good idea? Using OSs and other software products that are purposefully deficient and with a short lifespan in order to secure further revenue to the software developers who need to sell antivirus products and suchlike. The obvious (to the outsider) promotion of a naive and narrow mindset whilst cynically speaking about Zero Trust (beware of the ‘trusted partners’). I really don’t know why people have to have an adversarial mindset (I do, actually, know- to have someone to blame for their own incompetence), but it is not really working long-term. Speaking of- has it even occurred to anyone, busy as everyone is to chase the scent of mundane technological red herrings, that any AI (or other technological system) can be hacked into, either by other humans or an alien civilisation? No. Obviously not. I truly, truly hope that humankind will not have to face a Zero Day attack from another species because as the West is awfully vulnerable, so is the entire planet one cosmic sitting duck.

27:33 There are sectors that should not be left at their own devices, at the whim of irresponsible corporate managers. Take the energy sector, transport, water supply, healthcare, telecommunications- they should be recognised for what they are i.e. critical infrastructure. Imagine a big water supply company being hacked into. Or a biolab database being compromised (modifying data would be worse than stealing it for corporate espionage purposes).

26:20 That’s where the risks assessments are flawed. Take Mitre Att&ck which is a superb endeavour. It cannot help you assess unknown risks and prepare properly (maybe against script kiddies attacks and other small hacker fish). All you can reliably assess is your defences. What do all successful attacks have in common? Or, better put, why are they successful? (*Hint* the first and most important layer of the answer is non- technical).

24:42 Yeah, video streaming. I was thinking about that, actually, when I read yesterday about UDP which I understand is much less safe than TCP. In all fairness, ensuring integrity via using HTTPS and TCP is kinda obsolete in the age of deepfakes. Maybe Communication science should not be divorced from the Information Technology. PS- I am not referring to your video. I don’t know who you really are, but I think that you are a highly intelligent lady with loads of experience. My criticism pertains to this damned test.

23:05 Accessibility or marketing? 😏 Up to this point you haven’t said anything confidential.

17:34 It is a genuinely good idea to make everyone (and I mean everyone) in an organisation more aware of risks, safety, and being money wise, BUT not at the detriment of other things. Money and technicalities of any safety system are contingent on threats, business landscape, how good you are at playing the money making game. Other things are not contingent on externalities. It’s like a human body- if its immunity is good, it can fend off all sorts of infections. Whereas your security paradigm is mostly reactive, for what I could gather, that’s why Zero Days happen. A virus in your system causes a devastating pandemic because your employees don’t know how to cyber wash their hands properly etc.

14:15 What is the average amount paid for a ransomware attack? I don’t know, let’s say $500,000. Spending $499,999 on developing your immunity to attacks by training and checking your staff’s attitudes and safety- related behaviour, sacking a few bad apples, and continuously helping the individuals to attain maturity and good posture is still cheaper.

13:37 Get your priorities right! First and foremost the human wellbeing which includes the lives of people in a hospital, so if you’re a boss who makes money off the backs of ill people, at least you could pay due diligence and part with a part of your profit to ensure that you don’t put their lives in danger by allowing a ransomware attack. Those money greedy CEOs should face criminal prosecution and not be allowed to settle in court by paying their weekly coffee budget.

12:24 I don’t know much about it, but the MFA systems are not infallible. I was reading yesterday about Kerberos, and even I (not being particularly smart and definitely not knowledgeable) could see it’s vulnerable. What good is it to rely so much on an authentication server that checks credentials with a database that has had a SQL injection? The SSO that embodies the accessibility principle at the detriment of integrity and confidentiality (since when putting all your eggs in one basket is safe practice?). As I said, I don’t know all the terminology, but I hope you will understand the idea.

10:36 I wholeheartedly agree. But my definition of ‘wisely’ doesn’t fit with the common nonsense. What do you invest in? Expensive software, pentesting services, fancy physical security devices? How much less money would you have spent had you invested in people’s training and attitudes? That’s why I’m saying your paradigm is myopic.