28 August 2025
ISC2 CC Domain 1
by
ISC2 Certification in Cybersecurity (CC)
Domain 1: Security Principles
CIA Triad
- Confidentiality – Only authorized users can access information.
- Integrity – Ensures information remains accurate and unaltered.
- Availability – Systems and data are accessible when needed.
Privacy vs Security
- Privacy: Customer control over personal data (e.g., opting out of bank marketing).
- Security: Measures protecting systems and data from breaches.
Risk Management Overview
- Assess likelihood and impact of risks.
- Apply security controls to reduce risk to acceptable levels.
Ethical Scenarios
- Retinal scanner discrimination case: highlights ethical decision-making and adherence to code of conduct.
- Emphasizes professional responsibility in handling security and privacy issues.
Key Takeaways
- Security principles guide asset protection.
- Ethical frameworks ensure responsible professional behavior.
- Risk management balances likelihood, impact, and mitigation.
Threats & Vulnerabilities Analogy: Pickpocket
Scenario:
- Tourist appears vulnerable (vulnerability).
- Pickpocket (threat actor) exploits vulnerability (threat vector).
Lesson:
- Security measures should address both vulnerabilities and potential threats.
- Analogies like this help connect theoretical concepts to real-world situations.
tags: