CISSP Cyber Training Podcast - CISSP Training Program
Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀
CISSP Cyber Training Podcast - CISSP Training Program
CCT 274: CISSP Rapid Review (Domain 4) - Part 1
Check us out at: https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv
Network security is the cornerstone of modern cybersecurity, and understanding its intricacies is essential for anyone preparing for the CISSP exam. In this comprehensive episode, Sean Gerber delivers a rapid review of Domain 4: Communications and Network Security, which constitutes 13% of the CISSP exam questions.
The episode opens with a cautionary tale about a disgruntled Chinese developer who received a four-year prison sentence for deploying a logic bomb that devastated his former employer's network. This real-world example underscores the critical importance of proper employee termination procedures and privilege management—especially for technical staff with elevated access. As Sean emphasizes, "The eyes of Sauron" should be on any high-privilege employee showing signs of discontent.
Diving into Domain 4, Sean expertly navigates through foundational concepts like the OSI and TCP/IP models, explaining how they standardize network communications and why security professionals must understand them to implement effective defense strategies. The discussion progresses through IP networking (both IPv4 and IPv6), secure protocols, multi-layer protections, and deep packet inspection—all crucial components of a robust security architecture.
Particularly valuable is Sean's breakdown of modern network technologies like micro-segmentation, which divides networks into highly granular security zones. While acknowledging its power to limit lateral movement during breaches, he cautions that implementation requires sophisticated knowledge of software-defined networking (SDN) and careful planning: "It's better to start small than to go out and think of and get too big when you're dealing with deploying these SDN type of capabilities."
Wireless security, content delivery networks, and endpoint protection receive thorough examination, with Sean emphasizing that endpoints are "your first line of detection" and advocating for comprehensive endpoint detection and response (EDR) solutions that go beyond traditional antivirus. The episode concludes with insights on voice communication security, contrasting traditional telephone networks with modern VoIP systems and their unique vulnerabilities.
Whether you're preparing for the CISSP exam or looking to strengthen your organization's network security posture, this episode provides actionable insights backed by real-world experience. Ready to deepen your understanding of cybersecurity fundamentals? Subscribe to the CISSP Cyber Training Podcast and check out the free resources available at cisspybertraining.com to accelerate your certification journey.
Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Let's go. Cybersecurity knowledge All right let's get started.
Speaker 2:Good morning everybody. It's Sean Gerber with CISSP Cyber Training, and hope you all are having a beautifully blessed day today. Today we're going to be talking about the CISSP Rapid Review and we're going to be focused on domain four. So this will be part one, obviously today. On Monday will be part one and then on Thursday it will be part two. So we try to blend in these rapid reviews for your studying preparedness and make sure that you are ready to go for the CISSP exam.
Speaker 2:But before we do, I had a quick article that I wanted to share with you all. It is actually on CSO Magazine, it's on the website they have there and it's a disgruntled developer gets a four-year sentence for revenge attack on employer's network. Now this individual, who's a Chinese national, named Davis Liu he's a former software developer at Eaton and that's the electrical company that he got four years for basically putting a logic bomb within their network. I've had this happen to me in a couple different ways. It actually didn't happen to me directly. It happened to a friend of mine in his company, and it took them years and a lot of money to get this squared away. So basically, davis Liu, he basically got four years of prison, plus three years of supervised release, for deploying a malicious logic bomb with his ex-employer. So his was going to let him go.
Speaker 2:So what did he do? He decided to go ahead and put in a logic bomb within his network that was tied to active directory. So the moment that his credentials would become deactivated or disabled, then a kill switch would be enabled and then it locked out thousands of users by deleting employee profiles and crashing the servers via an infinite java thread loop. So he knew what he was doing and he decided to put this in place. So this comes down to the fact of when someone is leaving an organization we'll come into that you better have a good plan around it, especially depending upon their capabilities. This attack was premeditated with. Basically, they have forensics, evidence that he had set up in there that he had did a privilege escalation and he hid that to allow them then do rapid file deletion once he left the company. So this is the interesting part is that he knew what exactly what he was doing and he had the credentials to do this as a software developer, senior software developer, and if you read through the article, it says that he, once he was demoted, that was the point where he made the decision I'm out and I'm going to take these people out with me. So this caused hundreds of thousands of dollars in operational damage. But I would say, from legal standpoints the friend of mine that had this same type of situation occurred with him. There was the legal, there was the operational impact that it had, but then there was also the legal aspects and it went in well over a million dollars when it was all said and done.
Speaker 2:So it's not an inexpensive endeavor and, plus all of the aspects of causing some sort of reputational damage, everything else it's chaos. So the point of it is is that as we talk about this in the CISSP, you're getting it. The main focus we talk about on CISSP cyber training is understanding more than just pay it. The information to pass the test is how do you do this within your organization? And so you need to work with your HR people. You need to also work with your folks that are dealing with your infrastructure, and you need to have a really good process in place for employee termination. That includes anybody anybody within the organization, but especially IT folks that have privileged capabilities.
Speaker 2:The part in this situation as a senior software developer yeah, he did have credentials to do the things he did. However, to be able to manipulate Active Directory to the level he did within the Eaton Corporation that's the you know. Obviously they're a large company he obviously had some level of credential creep and it was given too much in permissions related to the company. So there's a lot of things that could potentially go wrong here that maybe Eaton could have done better with from an exit standpoint. But, as well as the moment, you know that someone is used to look at him as on a PIP or a performance improvement plan, and we used to look at them as on a PIP or a performance improvement plan. If I had someone that was a senior developer that was on a PIP, then the eyes of Sauron are on that individual and I am watching what they are doing. And if you force people to have credentials that are locked up within, say, cyberark or someplace like that, you now can watch and see what they do with them as well. Now, there is no obviously easy button with this and there's no perfect solution with them as well. Now, there is no obviously easy button with this and there's no perfect solution, but this individual had way too many credentials and way too much power for him to be able to do this and what he did. So, ideally, you need to really kind of look at that within your organization. Have a good exit strategy for your people, make sure you work with HR and you work with your IT professionals to know what you have in place to prevent something similar to this happening on your network.
Speaker 2:Okay, so let's get started into domain four of the rapid review, part one hey all Sean Gerber, with CISSP Cyber Training, and today we're going to be talking about the CISSP Rapid Review. This is for Domain 4. This is the exam prep that we put out at CISSP Cyber Training, and Domain 4, communications and Network Security. Okay, so this is the question breakdown for Domain 4. As you look at this slide, all the different domains, from Domain 1 through Domain 8, are all part of the percentage that you would have for the cissp exam. But if we look at focus on domain four, there's about 13 of the questions that you will see for the exam will be part of this domain four. Now you go to cissp cyber training, you can get access to all this content that's available to you if you are watching this video, this free video that's out there. We have tons of free resources at cissp cyber training that are free from. If you want to self-study and get ready for the exam, all my free content will help you do that. If you need a little bit more help and you maybe more some more guidance around some of the content and maybe directed videos to help you walk you through each of the actual domains, you can actually have my paid resources and my mentorship product as well. So all that's available to you at CISSP Cyber Training. But the main focus on this slide is just to focus on. 13% of the questions will come from domain four.
Speaker 2:Okay, so let's roll into this. This domain 4.1, access and implement secure design principles in network architectures. Now, in this domain, in this section, domain 4.1, we're going to be talking about the OSI model, the OSI and TCP IP models that are there and kind of. Again, the ultimate goal of the rapid review is just kind of a quick overview of what you may expect to see on the exam. So when you're dealing with the OSI, it's a seven-layer conceptual framework that is set up specifically for standardizing network communication functions and the OSI model helps dramatically to help you kind of give you that plan of what you can expect to see, and the ultimate goal is you have your transport layer, you have your data layer, you have the various layers that are tied into the OSI model, and that is a key factor when you're trying to have standardization around network protocols. Then there's the TCP IP layer. This is the practical four-layer suite that underpins the entire internet. Tcp IP is an important part of the overall internet itself and it is a key, integral part of all modern networks today.
Speaker 2:Now, when you're dealing with these different types of models, there is a security thing you need to consider, and this is essential for any sort of multi-layered defense strategies that you have a good plan around OSI and you understand the TCP IP stack. It's an important part because you'll have an aspect of TCP IP connections that are occurring between two points You're going to have to understand am I getting the connection? Why am I not getting a connection? Is it because there's a SIN and there's a SIN-AC? Is there the termination or the FIN flags that are kicking off? You're going to have to understand those different types of flags and how the importance of those and just because you're studying for the exam, you go well, I don't need to worry about that, because I have a network team that deals with that for me. You're going to have to know how to communicate with your network team on the various parts of the OSI model, because you could be having data loss in various stages, or you may also have to know what are the different flags that you are dealing with as it relates to TCP IP. So all of these are an important part of the overall understanding of cybersecurity.
Speaker 2:Now the IP networking. We're going to deal with this IP, regular as itself, ip4 and IP6. Now IP as itself is the information aspects that you're going to have, the fundamental protocol for addressing, routing data packets, and that's IP networking period, and it's broken into IPv4 and IPv6. Now IPv4 is the 32-bit address that's been been out there forever that most people have adopted and utilize within their networks. However, because of the so many ip addresses tied to actual devices themselves, they then move to ip version 6, which is the 188 128 bit version, which allows for a much larger space of IP addresses and it also helps with the simplization of the configurations of these various IP addresses. However, ipv6 has not been as widely adopted as IPv4 because obviously it's been around longer and there are some challenges of people bringing IPv6 into their networks. It's eventually going to happen because there's just not enough IPs out there, especially when you're dealing with all this IoT work that's available. But, at the end of the day, ipv4 and IPv6 are both extremely important parts of any sort of networking program. Now they both require meticulous secure configurations to ensure that you're getting a proper security for each of them. Now ipv6 introduces new attack vectors such as slaac, ndp spoofing. All of those are different vectors that we didn't have in ipv4, but ipv4 has its own issues in itself, so understanding the differences between ipv4 and IPv6 is an important factor when you're studying for the exam.
Speaker 2:The next section is secure protocols. These provide confidentiality, integrity and authenticity for the data that's specifically in transit, and when we're talking secure protocols, you're talking VPNs, you're talking HTTPS, you're talking SSH, dnssec. All of these are very important parts of the overall transporting of the data and the security around this. Now it's mandatory for many sensitive communications that you have some level of secure protocols for this communication. This would include strong message ciphers, robust key management, up-to-date versions of it that are available, and you want to make sure that all of that is done, because those are key factors in any protocol that is set up specifically for transport of data between point A and point B. These can be done automatically. They can be done set up manually, but at the end of it, a secure protocol for the data transfer and the data protection is an important part of any sort of security plan that you have within your organization.
Speaker 2:Implications of multi-layer protocols Now encapsulation is an important part of you'll hear people talk about it. This is where data from higher layers are wrapped by lower layers, basically down the stack. So what it comes down to is you have your OSI model as layers, layers, as your data is leaving from basically your physical layer and it's moving. It's all the way up to the transport layer and beyond into the presentation layer. It is all encapsulated as it goes up and then, when it comes down, the encapsulation is removed. That is the data encapsulation piece that you would expect to see within the CISSP.
Speaker 2:Now the attack surface of having multi-layer protocols is that the vulnerabilities can exist in potentially any layer. So if you have multi-layer aspects, there's aspects that could come into where they potentially could bypass controls of one layer to gain access to another. So this is where it's imperative that you have a defense in-depth strategy when you're dealing with any sort of security and, as we've talked about routinely on CISSP, cyber training is having the multi layers of defense. If you have a firewall, then you have in point of detection and response. Maybe you have some honeypots that are built in there. You have defenses that are built and that are in layers so that if one person gets through one area, there may be a situation where they're alerted when they're going through another area. It's also imperative to have some deep packet inspection involved and this is in various points of your network. There would be various tags or taps that are put in place that will suck this data out. They will look at the data itself and then they will do a deep packet inspection of all the data that's transferring the wire. These are really important. There's also some regulatory requirements around that. I've worked in some companies that have had to do that and it's great product, but it does take a lot to make that and put that in place. But deep packet inspection is an important part of any security tools that you may have, depending upon the level of risk that you have within your company.
Speaker 2:Converged protocols, so you have voice over IP. Now, this is what integrates voice and video onto data networks. Bottom line is for cost savings and flexibility. Now, if you've all noticed, though, when you're dealing with some voice communications, they get a bit of a delay. Sometimes that is voice over IP that may be not totally configured correctly.
Speaker 2:Fiber optics this transmits data via light, offering obviously bandwidth issues and allowing you increased bandwidth, low latency and then, potentially, from electromagnetic interferences immunity there's. Fiber optics have become more and more transparent throughout the where most people I mean we didn't have fiber optics going to homes in the past. Now we all have. Many of us have fiber optics that come into our house specifically. So it's a great tool, allows for much faster bandwidth and it is a great product. I love fiber, just love it. Security implications of doing this, though, is it does introduce new attack vectors, such as voice over IP, eavesdropping, toll fraud which I haven't seen much of, but it is out there, obviously denial of service on the call managers and various other eavesdropping, toll fraud which I haven't seen much of, but it is out there, obviously denial of service on the call managers and various other aspects that could affect your fiber optic aspects. So there are again, as we get new technologies and new capabilities, then they become also a target for the bad guys and girls.
Speaker 2:Micro-segmentation this divides networks and data centers into various other highly granular areas and it does allow you to have some really good security segments in place to, one, manage the data, two, but also to manage the workload. So the micro segmentation I feel is a really important part of any organization. However, like anything else, if you don't have a good plan on how to do micro segmentation, a lot of times it just gets thrown together in one big bucket and the benefit that you're looking for is really kind of negated and limited. Based on that, it does significantly limit the attacker's lateral movement and it reduces the breach blast radius. In the event that somebody were to gain access to a bunch of data, the amount of data that they potentially could get because of micro segmentation can be dramatically reduced.
Speaker 2:But again back to the first point. If you don't know what you're doing and you just kind of throw everything in one bucket, it isn't as beneficial as it potentially could be. It does require sophisticated, granular firewall rules and often it's considered what they call software defined networking or SDN this it takes a special person who understands how to do SDN communications and how to do SDN firewall rules. It does. It's not hard right, I've done it myself. I've worked with some very smart people to kind of help guide me in some of this. It is not difficult. However, it does take a much bigger approach to understanding the network and what you're going to do within your network. So you just got to have a good plan before you deploy something like this. And it's better to start small than to go out and think of and get too big when you're dealing with deploying these SDN type of capabilities.
Speaker 2:Wireless networks obviously the technology uses radio waves and mobility. To ease of deployment, we all use Wi-Fi and Wi-Fi is well known and well used uh, and so because of that, though they're increasing the encryption capability of that uh, it does require require wpa2 and three. Obviously there's you can incorporate it with radius and there's also other sort of rogue ap detection that would be your um auxiliary or access points detection. That is out there as well. We used to do in the old days we would go around and look for access points with just basically a device like a Geiger counter and it would go and look for other wireless access points that were enabled. Now they've incorporated a lot of that into the device themselves and they're looking for rogue Wi-Fi outlets. So great capabilities in the Wi-Fi space. Now, obviously, the security implication of this is it's inherently susceptible for eavesdropping potentially. And then rogue APs big deal for rogue APs. I've met with them a lot, I've had to deal with those situations and they can then deal with brute force attacks and you do require strong encryption and authentication are an important part of any Wi-Fi network. Again, wi-fis are great, but just throwing them up out there shadow IT, all those things just kind of start rolling on themselves. So it's imperative that you do have a really good plan when you're deploying Wi-Fi within your network. Highly recommend that you find, maybe potentially, a person who does Wi-Fi really well within their network and talk to them.
Speaker 2:Cellular networks this is where you have technology. That's obviously 5G. It offers higher speeds, lower latencies. This allows for much better data transfers and you're not limited to point places such as Wi-Fi locations. It does incorporate involving security standards, obviously for improved authentication and encryption. When you're dealing with 5G the lower cellular capabilities of LTE and 4G they had security implications that are not as strong and robust as 5G and therefore, it's imperative that you move to 5G if possible if possible. But there's different types of threats that can affect 5G networks, such as IMSI catchers, signaling attacks, supply chain vulnerabilities and so forth. Iot is a big factor when you're dealing with 5G and there's some vulnerabilities that can be incorporated there as well, so it's really important Again, we talk about all this stuff over and over again but having a good plan on how you're going to deploy this within your networks, the use of each of these technologies, is a crucial part of your overall security game plan.
Speaker 2:Okay, the last section of domain 4.1. This is going to be with cdns and content delivery networks. Now, these are geographically distributed proxy servers that are basically caching the content, that are closer to the order you're at to increase the speed and resilience. Cdns are an important part of the way the internet works today and especially with as much content that is out there, cdns have to be used. They really do. Now, the problem is is, if they get DDoSed, if they get denial of service tax done on them, then they can go down and then it causes all kinds of latency issues. But they have DDoS mitigation, they have WAF capabilities and then they well, in many cases have TLS termination and secure content caching.
Speaker 2:Okay, some of the security implications that are involved in this. It does introduce reliance on third-party security postures that are third parties that are managing your network. Obviously, the CDN is relying on them to do the job right and to make sure that they have the security in place to protect your data. This includes potentially of cache poisoning, misconfigurations or the need to protect the original server itself. So you are relying on somebody else to protect the data and to protect the communications, and that, in turn, does incur some level of risk to you and your company.
Speaker 2:Secure network components this is what domain 4.2, so operational of heart, operation of hardware. So when you're dealing with different secure components, you want to have redundant power set up and this would be ups's uninterrupted power supplies. You may have generators in well in place as well, this to ensure you have continuous operation of these critical network devices and systems. Again, you have to understand which ones are these critical systems, but you want to have some level of redundant power for these. This could also potentially include redundant networking capabilities as well, depending upon if this is required. Your critical system is required to have network connectivity outside to the world, you may have to have another circuit specifically brought in for that specific need.
Speaker 2:Warranty and support We've talked about this with Microsoft routinely. Is that the relying on vendor warranties and support contracts for timely and hardware replacement, firmware updates and technical assistance. You need to make sure that you have a good plan around the warranties, how you're going to pay for those, how you're going to maintain the support with those and it comes down to is some of these systems may not ever have support because they're so old. How do you deal with that? That's a different conversation. But again, warranty and support is an important part of all of your networking plans. You need to ensure you have availability and resilience for your network infrastructure. A lack of redundancy or expired support contracts will lead to single points of failure. I've seen it happen where your contract hasn't been negotiated. You think you're good, the contract goes away, you don't have support and now you're spending three months trying to get your contract back up to speed and at that point in time you're vulnerable. So if you're a security professional, understanding your legal and your regulatory space is good, but also understanding your contractual aspects are an important part. A company I work with we've actually done contractual reviews for people to make sure that they have the right contracts in place for their people.
Speaker 2:Transmission media so you have different types of transmission media. You have trans twisted pair, which is your UTP and STP. You have coax. You have wireless. You have fiber optics We've kind of talked about those as well and the ultimate point is is that you want to determine which ones do you need to use and you need to understand those specifically for your the CISSP. Now, they will vary in bandwidth, distance, cost and susceptibility to interference, based on the product that you get. You deal with CAT6. It has ability to carry. Based on the product that you get you deal with Cat6, it has ability to carry high levels of data across it, but then there's some limitations on the distance in which it can go. If you're dealing with a single twisted pair versus a multi-twisted pair, how does that work for you?
Speaker 2:All of those pieces are aspects that you need to be aware of when you're dealing with your transmission media. Different media have distinct vulnerabilities specifically associated with them. Copper is an important part, but it is susceptible to eavesdropping and you will see this with. And it isn't so much that we have many copper lines now, but in the past there was a lot of copper that went through buildings and so forth. It was extremely susceptible to eavesdropping and also to electromagnetic interferences as well. Now that you have the twisted pair, and especially if it's shielded twisted pair, then you have less risk of having any sort of EMI effects that could deal with it. Fiber optics highly secure against EMI, but they're extremely fragile and they're really hard that if you break them you can't just go and connect them back together. You have to have special tools to do so. So it makes it a little bit more complicated. Wireless obviously, is the most vulnerable to eavesdropping and jamming and unauthorized access, but it also is one of the most flexible and is pretty much used ubiquitously everywhere. So understanding your transmission media pair, or your transmission media, is an important part of your CISSP, and understanding how each of those pieces are crucial will help you. As far as you're studying for this, make sure you have a good grasp of each of those types.
Speaker 2:Network access control devices these are designed as to enforce security policies on devices attempting to connect to the network, both wired and wireless. These can perform posture assessments where you're basically checking the device, health patches, antivirus and so forth. It authenticates users and devices and then grants and denies or potentially quarantines the access based on your access that you're allowed to have. And these are networks access control devices. They do prevent unauthorized or non-compliant devices from accessing a network. So if you don't have port controls in place, these NACs can actually help reduce that. If somebody were to plug something in, it can limit the effect of those devices. So, again, it reduces your attack surface and limits the spread of potential malware from an infected endpoint.
Speaker 2:Endpoint security this protects the individual computing devices such as your laptops, desktops, servers and so forth, and it is an important part of any sort of security strategy you may have. This could deal with endpoint detection and response, host base ids and ipss, dlp and host based firewalls. All of those are part of your endpoint security program and they're a common entry point for all attackers of the endpoints, because people are there and people click on links. They are crucial for detecting and preventing any sort of malware defense or infections, and I usually say the endpoints are your first line of detection. Uh, that and your people. Your people are like sensors and between them and your endpoints, they are your first line. They are the ones that are going to help identify suspicious activity. They'll help control data flows. All of those things are an important part of your endpoint detection strategy. Make sure you deploy endpoint detection and response some sort of protection and response to your endpoints right now.
Speaker 2:Now one thing to also consider is just antivirus. Right, people used to always be antivirus. It needs to be a much better solution, such as endpoint detection and response type of security suites. These are focused specifically on heuristics. They're focused on the different types of signatures. They're also based on other communications they get from the mothership that are telling them hey, these are the attacks we're seeing. Edr is a really good endpoint for you need to consider for all endpoint security.
Speaker 2:Okay, domain 4.3, public switch telephone networks PSTNs. Now, these are traditional circuit-based switch telephone network used for voice communication and it does rely on copper wires and switching centers to do the work. So this is the old school where you had somebody sitting in behind a desk and they're plugging in different wires into different ports to make the communication the connection. This is a PSTN. Granted, obviously that was really old school, but it's the traditional old type of phone network. It is susceptible to wiretapping and eavesdropping and denial of services as well. They still exist in different places. Obviously, in areas that are maybe a little less developed, they're more prevalent, but bottom line is, pstn is still out there, and you, as a security professional, need to understand what is a PSTN network Voice over IP. This is what allows for voice and multimedia communications over IP networks such as the Internet, and then, obviously, it's instead of the traditional phone lines that you would have, such as a PSTN network. Obviously, it's instead of the traditional phone lines that you would have, such as a PSTN network. They're becoming more and more developed and deployed throughout.
Speaker 2:Most companies have these, and they will include various different types of threats that can affect them, such as eavesdropping, dos attacks.
Speaker 2:Obviously, they can target your voice over IP clients if they're high IP or high value clients, and they will also target the servers as well.
Speaker 2:Gaining access to these systems can be a plethora of information, and so bad guys and girls will attack those systems. They really truly do want the VoIP systems, and if you don't have good security enabled on them, they are a high target and they can also incorporate a lot of risk for you and your organization, hence, if they were to be breached or compromised. You now are running in a situation where you become liable because you didn't put in adequate controls for them. Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes, as I would greatly appreciate your feedback. Also, check out my videos that are on YouTube and just head to my channel at CISSP Cyber Training and you will find a plethora, or a cornucopia, of content to help you pass the CISSP exam the first time. Lastly, head to CISSP Cyber Training and sign up for 360 free CISSP questions to help you in your CISSP journey. Thanks again for listening.
