🏠 Back to Exam Syllabus 📺 RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 1.2 - Understand & Apply Security Concepts (Part 1 of 2)

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series builds the foundation under every security decision in Domain 1. It walks through the core goals security protects, what each one means in practice, what their failures look like, and the extra properties that round out a complete security model — the vocabulary every later control is measured against.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

What are the core goals of security?

Three properties form the heart of the field: confidentiality, integrity, and availability. Together they are so central they earn their own name, the core triad. Most controls you meet are really serving one of these three, and most risks are measured by the harm they do to them.

What happens when these protections fail?

Flip each goal and you get its failure. Disclosure is confidentiality breaking — secrets getting out. Alteration is integrity breaking — data changed without approval. Destruction is availability breaking — a resource wrecked or taken offline. Learning these failures gives you a fast diagnostic: when something goes wrong, name which property just fell.

Can you have too much security?

Yes, and it is a real trap. Lock confidentiality down too hard and authorized users cannot get their work done; over-tighten integrity and the same restriction hits availability; swing too far toward open availability and secrecy and accuracy start to leak. Security is a balance, not a dial you crank to maximum — match the protection to what the asset is worth.

What is nonrepudiation?

Nonrepudiation means someone cannot deny an action they actually took. It stops a user from claiming they never sent that message or approved that transfer. You build it from identification, authentication, and careful logging, with digital signatures and transaction records making it hold. Without it, accountability collapses, because anyone can simply say it was not me.

What ties identity to accountability?

A foundational set of access services. On the surface it is authentication, authorization, and accounting, but it really unfolds into five steps: identification (you claim who you are), authentication (you prove it), authorization (the system decides what you may touch), auditing (it records what you do), and accounting (someone reviews those records to hold you responsible). Drop any one, and the chain of accountability breaks.

📚 Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 1.2 - Understand & Apply Security Concepts (Part 1 of 2).