01
15%
Security and Risk Management
Bảo mật & Quản lý Rủi ro
Governance, risk, compliance, ethics, and legal frameworks
View LessonsCISSP Certification Study Wiki
Bilingual (Tiếng Việt / English) · Applied to Fintech Security
8 Domains
125–175 Adaptive Questions
Passing Score: 700/1000
Fintech Context
🚀 Bắt đầu từ đây / Start Here
Đọc mục này trước khi bắt đầu học / Read this section before diving into the domains
📋
Study Methodology & 8-Week Plan
Lộ trình 8 tuần, phương pháp học, cách dùng 3 cuốn sách chính / 8-week roadmap, study methods, how to use the 3 core books
Open Guide
🧠
ISC2 Managerial Mindset
Tư duy CISO, 7 quy tắc vàng, 15 câu ví dụ / CISO thinking, 7 golden rules, 15 example questions with analysis
Open Guide
⚡
Exam Tips & Tricks
Chiến thuật làm bài CAT, bẫy thường gặp, chuẩn bị ngày thi / CAT question strategy, common traps, exam day prep
Open Guide
📚 8 Domains — 48 Lessons
Click domain để xem danh sách bài học / Click domain to view lesson list
Total weight: 100%
02
10%
Asset Security
Bảo mật Tài sản
Data classification, ownership, privacy, and retention
View Lessons
03
13%
Security Architecture and Engineering
Kiến trúc & Kỹ thuật Bảo mật
Security models, cryptography, and secure design principles
View Lessons
04
13%
Communication and Network Security
Bảo mật Mạng & Truyền thông
Network protocols, secure topologies, and transmission security
View Lessons
05
13%
Identity and Access Management (IAM)
Quản lý Danh tính & Quyền truy cập
Authentication, authorization, access control models
View Lessons
06
12%
Security Assessment and Testing
Đánh giá & Kiểm thử Bảo mật
Vulnerability assessment, pen testing, audit, and metrics
View Lessons
07
13%
Security Operations
Vận hành Bảo mật
Incident response, forensics, monitoring, and continuity
View Lessons
08
11%
Software Development Security
Bảo mật Phát triển Phần mềm
SDLC, secure coding, DevSecOps, and code review
View LessonsExam Weight Distribution
D1
15%
D2
10%
D3
13%
D4
13%
D5
13%
D6
12%
D7
13%
D8
11%
🎯 Luyện tập / Practice Quizzes
100 câu hỏi theo từng domain — 100 questions per domain
D1
100 Questions
Security & Risk Management
- Ethics, Risk Formulas (SLE/ALE)
- BCP/BIA, Legal Compliance
Start Quiz
D2
100 Questions
Asset Security
- Data Roles, Classification, Privacy Laws
- Data Destruction
Start Quiz
D3
100 Questions
Architecture & Engineering
- Security Models (BLP/Biba), Cryptography
- PKI, Physical Security
Start Quiz
D4
100 Questions
Network Security
- OSI Attacks, Firewall Types, IPSec
- WPA3, Email Security
Start Quiz
D5
100 Questions
IAM
- MFA Factor Types, Access Control Models
- PAM, JML Process
Start Quiz
D6
100 Questions
Assessment & Testing
- CVSS Scoring, Pen Test Phases
- OWASP Top 10, SOC 2
Start Quiz
D7
100 Questions
Security Operations
- NIST IR Phases, Order of Volatility
- BCP/DRP, Fire Suppression
Start Quiz
D8
100 Questions
Software Dev Security
- SDLC, STRIDE, DevSecOps
- BOLA, Supply Chain
Start Quiz
⚡ Tham khảo Nhanh / Quick Reference
Most-tested CISSP formulas, mnemonics, and rules — know these cold
| Formula / Concept | Value / Meaning |
|---|---|
SLE = AV × EF
|
Single Loss Expectancy |
ALE = SLE × ARO
|
Annual Loss Expectancy |
RTO + WRT ≤ MTD
|
Recovery time constraint |
STRIDE
|
Spoofing, Tampering, Repudiation, Info Disclosure, DoS, Elevation of Privilege |
BLP = Confidentiality
|
No Read UP, No Write DOWN |
Biba = Integrity
|
No Read DOWN, No Write UP |
ISC2 Canon Priority
|
Society → Principals → Profession → Self |
OWASP #1 (2021)
|
Broken Access Control (NOT Injection) |
CVSS Critical
|
9.0–10.0 → patch within 24–48 hrs |
MFA Rule
|
Must combine DIFFERENT factor types |
Data Owner
|
Always a BUSINESS role (not IT) |
Risk Acceptance
|
MANAGEMENT decision (not IT) |