CISSP Accelerator

🚨 In the CISSP exam, you risk getting copyright related questions wrong - not because you don't know the law, but because you could be carrying one false assumption into the exam.

Most people think copyright is something you apply for.
Something you register. Something that takes time and paperwork.

It doesn't.

The moment you create an original work - a book, a song, a photograph, a piece of code, a painting - you own the copyright.
Automatically.
No registration required.

While there is a formal process to obtain a copyright, officially registering a copyright is NOT a prerequisite for copyright enforcement.

That is one of the most important things to understand about copyright, and it's a concept the CISSP exam could very well test.

Now here's an act related to copyright that you should be aware of - DMCA.

DMCA - the Digital Millennium Copyright Act - is a US law that takes copyright protection into the digital world.

It makes it a crime to illegally copy digital copyright material.

Not that just, it also criminalizes the creation and use of tools or technology designed to bypass the protection mechanisms on that material.

Think of the copy protection on a DVD, or the license controls on software. Those are DRM - Digital Rights Management - controls.

DMCA makes it illegal to circumvent them. Not just the act of copying - but even building the tool that could do it.

Hope that helps.

Pointer Dereferencing - one of those CISSP concepts that, once you understand, feels so simple, otherwise, you can get so easily confused in its questions.

Let’s simplify it.

Imagine your system’s memory like a set of lockers.

Locker address = where the data is stored
Value = what’s inside the locker

Now, instead of directly working with the value, programs sometimes store the address of that locker.

That’s called a pointer.

👉 Pointer = “Go to this address and fetch whatever is there”

So what is pointer dereferencing?

It’s simply:

👉 Going to that address
👉 And fetching the actual value

Pointer → address
Dereferencing → fetching the actual value at that address

Now here’s where things get interesting (and dangerous)

What if the pointer is pointing to…

👉 nothing (NULL value)?
👉 an empty location?
👉 an invalid value?

That’s when you get a "null pointer exception".

The program goes looking for a value…

…and finds nothing.

Result?

❌ Crash
❌ Unexpected behavior

Why does this matter for CISSP?

Because this is not just a programming concept.

It connects to:

- secure coding practices
- application reliability
- vulnerability prevention
- input validation and error handling

And yes… you can absolutely get questions around this.

Most people try to memorize terms like this.

But CISSP doesn’t test memory.

It tests whether you actually understand what’s happening behind the scenes.

If you’re serious about clearing CISSP…

And you want to actually understand concepts like these (instead of just cramming)…

I’m starting the next CISSP cohort from Domain 1 next week.

If you’d like to join, book a quick 1:1 call with me (at https://calendly.com/hemantsajwan ) and I’ll walk you through how the program works and whether it’s the right fit for you.

Let’s make this simple 👍

Hemant Sajwan Welcome to my scheduling page. Please follow the instructions to add an event to my calendar.

Cohesion & Coupling

This is one of those CISSP topics candidates think they understand… until they see the actual question.

Let me simplify it for you.

🔹 Cohesion = What a module does

It measures how focused a program, class, or module is.

✅ High Cohesion = Performs a few related tasks only
❌ Low Cohesion = Performs many unrelated tasks

Example:

A chef who only cooks food = High cohesion 🍝

A chef who cooks, takes orders, handles billing, and delivers food = Low cohesion 😵‍💫

Why does it matter?

Because high cohesion makes systems:

✔ Easier to maintain
✔ Easier to understand
✔ Easier to reuse

🔹 Coupling = How dependent modules are on each other

It measures how much one module relies on another.

❌ High Coupling = Change one module, break five others
✅ Low Coupling = Modules work independently

Why does it matter?

Because low coupling makes systems:

✔ Easier to modify
✔ Easier to test
✔ Less fragile

🔥 Remember, what we're after is:

✅ High Cohesion
✅ Low Coupling

That is the combination you want to remember.

Most professionals fail CISSP not because concepts are hard…

They fail because nobody explained them clearly enough.

If you’re serious about passing CISSP and want personalized guidance, strategy, and concept clarity:

📩 Book a 1:1 with me by clicking here: https://calendly.com/hemantsajwan

Let’s identify your weak areas, fix your approach, and accelerate your path to CISSP.

Most people preparing for CISSP know the CIA Triad.

Confidentiality.
Integrity.
Availability.

But here’s something many miss 👇

There’s another triad you should know — DAD.

And no, it’s not random.

DAD represents the failure of CIA.

Let’s break it down:

🔹 Disclosure -> Failure of Confidentiality
If sensitive information is exposed to unauthorized parties, confidentiality has failed. That exposure is called disclosure.

🔹 Alteration -> Failure of Integrity
If data is modified without authorization, integrity is compromised. That unauthorized change is alteration.

🔹 Destruction -> Failure of Availability
If systems or data are no longer accessible when needed, availability has failed. This includes scenarios like Denial of Service (DoS) attacks.

So remember:

CIA = What we’re trying to protect
DAD = What happens when we fail

One of the most common reasons people lose marks in CISSP isn’t lack of knowledge.

It’s answering at the wrong altitude.

This is where NIST 800-39 becomes a quiet but powerful framework.

The goal of NIST 800-39 is to provide guidance on managing information security risk in an organization.

However, it doesn’t start with tools, firewalls, or controls.
It starts with business risk.

It breaks risk management into three tiers:

Tier 1 - Organization
This is where risk appetite, risk tolerance, and strategy are defined.
Think board-level and executive decisions.

Tier 2 - Business processes
Here, those strategic decisions (taken at Tier 1) guide how business units and missions operate.

Tier 3 - Information systems
Only here do systems, controls, and implementations enter the picture.

Next thing to remember about the NIST 800-39 is the process it uses for risk management.

It describes 4 steps for that:

Frame -> Assess -> Respond -> Monitor (FARM)

CISSP doesn’t test this as a definition.
It tests it as judgment.

If a question talks about setting direction, you’re framing.
If it talks about prioritizing threats, you’re assessing.
If it asks what action to take, you’re responding.
If it’s about ongoing effectiveness, you’re monitoring.

Miss the stage, and you’ll pick a technically correct but strategically wrong answer.

That’s the trap.

So, make sure you don't just understand the concepts, but also understand how those concepts apply to real-world scenarios.