Pinned
1d โขย
OFFICIAL ISC2 AI security exam guidance doc
ISC2 published this yesterday. It maps out exactly how AI security concepts show up across the CISSP exam. This is NOT a new exam outline. The current outline (April 2024) already has AI baked in. But this document spells out the specifics so you know what to expect. The big picture: AI isn't a separate topic. It's woven into everything from risk management (Domain 1) to software development security (Domain 8). A few things that stood out to me: - You need to know about protecting training data and model weights (Domain 2) - Prompt injection and adversarial attacks are fair game (Domain 3) - AI red teaming is now part of security testing (Domain 6) - Managing identities for AI agents and service accounts - least privilege still applies (Domain 5) - Model drift and AI in the SOC are covered in operations (Domain 7) If you're studying right now, don't panic. Most of this maps to concepts you already know -- just applied to AI systems. But you should absolutely be familiar with terms like data poisoning, adversarial attacks, algorithmic bias, model drift, and prompt injection. On our end we're going to keep weaving more AI-focused questions into the https://cissp.app and bringing more of this into our study group discussions. I attached the PDF if you want to read the full thing.
Pinned
2d โขย
FREE CISSP Masterclass with May Brooks - Next Tuesday, April 7th
Hey everyone, We've got another masterclass coming up with May Brooks next Tuesday. If you don't know May, she's a CISSP instructor who's helped a ton of people pass the exam, and she's been a great partner to our community. This is a live session where she breaks down how top scorers actually think through exam questions, how they eliminate traps, and what separates people who pass from people who don't. If you've been studying and want to sharpen your approach before exam day, this is worth your time. When: Tuesday, April 7th at 11:00 AM Eastern / 8:00 AM Pacific Where: ๐Register here Cost: Free for study group members!
Poll
39 members have voted
Pinned
Jul '24 โขย
Introductions
Welcome to the group! Please share what you hope to gain from being here, and for fun, tell us the best piece of advice you've ever received!
3h โขย
CISSP Practice Question (Domain 2: Asset Security - AI Exam Guidance)
A financial services firm acquires a pre-trained ML model from a third-party vendor for fraud detection. During onboarding, the security team discovers the vendor cannot provide documentation on the origin of the training dataset. What should the CISO address FIRST? A. Commission an independent bias audit before production deployment B. Classify the model and its training data as high-value intellectual property C. Assess whether the undocumented data sourcing introduces unmanageable supply chain risk D. Require the vendor to retrain the model using only internally sourced datasets Come back for the answer tomorrow, or study more now!
3d โขย
CISSP Practice Question (Domain 3: Security Architecture and Engineering)
An architect proposes implementing end-to-end encryption for all internal microservice communications. The SOC team warns this will eliminate their ability to inspect east-west traffic for lateral movement detection. Both teams escalate to you. What is the BEST course of action? A. Prioritize encryption and accept reduced network visibility as residual risk B. Reject encryption to preserve the SOC's detection capabilities C. Implement encryption with TLS termination points that allow authorized inspection D. Defer the decision until a formal threat model evaluates both risks Come back for the answer tomorrow, or study more now!
1-30 of 1,958
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+30
2
+30
3
+27
4
+26
5
+17
Powered by