Mnemonics and Memorization Techniques for CISSP Exam

I cannot take credit for creating these mnemonics. They are the result of various online searches and the efforts of others. Kudos to their creators. 

OSI Layer - Please Do Not Touch Steve's Pet Alligator (Physical, Data Link, Network, Transport, Session, Presentation, Application)
Data at Each Stage of OSI Layer - Don't Don't Don't Stop Pouring Free Beer (Data Data Data Segment Packet Frame Bits) OR Some People F*** Bit**es (Segments, Packets, Frames, Bits) 
TCP/IP Layer - NITA (Network, Internet, Transport, Application)
Evaluation Assurance Model - Father Son Mother My Sweet Small Family (F S M M S S F) (Functionally Tested, Structurally Tested, Methodically tested and checked, Methodically designed, tested and reviewed, Semi-formally designed and tested, Semi-formally designed, verified and tested, Formally designed, verified and tested
Asymmetric Cryptography = DEREK (Diffie-Hellman ElGamal RSA ECC Knapsack)
Symmetric Cryptography = 23BRAIDS (Twofish 3DES Blowfish RC5 AES IDEA DES SAFER)
Fire extinguisher - A = Ashes (regular fires like paper and wood) B = Boil (liquids like gasoline) C = Electri C ity D = Dent - like a metal can K = Kitchen (oil/grease)
MAC (mandatory access control) is known as the lattice model (Big Mac with Lettuce)
MD5 is a 128-bit hash because 8 minus 2 minus 1 = 5
SkipJack has 8 letters. Key size is "80 bits"
Twofish - There is a process involved here called Whitening. Mental image of literally 2 fish "whitening" each others teeth.

Blowfish - This is for key size, which can be 32 up to 448. I again think about "blowing" air into a fish, and imagining the fish getting bigger and bigger. Thus, it starts at 32 but can be "blown" up to 448 bits.
Biba - The I in biba means Integrity
Ring Computing Model: Zero KODU (0 Kernel, 1 OS, 2, Drivers, 3 Users)
Retina Scan vs Iris Scan. Retina is a longer word than Iris. Retina is longer hence more detailed hence more intrusive. Iris stays same for the life of the person. Retina are blood vessels. Iris is mostly used.
Patent = 20 years. Notice there is the word "ten" in Patent. 10 fits better into 20, than it does 70 (Copyright)
Trade Mark is 10 years.
USPTO: United States Patents and Trademark Office (Library of Congress takes care of Copyright)
(Trade Secret is protected by Economics Espionage Act)
RAID 0: Striping - 0 looks like a circle (person going in circles and leaving data everywhere (on both hard drives) 
RAID 1: Mirroring - 1 or | looks like a mirror
Risk = Threat x Vulnerability (RISK TV)

ALE = ARO x SLE
ALE (CAUSES) AROSLE (🍺 = 😍)
SLE = AV x EF 
SLEAVEF (Up my sleeve(f))
ALE = Annual Loss Expectancy
SLE = Single Loss Expectancy
ARO = Annualized Rate of Occurrence (e.g; 1 flood in 20 years, 1/20 = 0.05)
AV = Asset Value (value of asset after depreciation)
EF = Exposure Factor (% damage with single occurrence - e.g; 80% of server unusable after a breach)
NIST 800-37 (Risk Management Framework) - People Can See I Am Always Monitoring (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor)
Business Continuity Planning

1. Project Scope and Planning - Organization Review, BCP Team Selection, Resource Requirements and Legal and Regulatory Requirements
2. BIA (Business Impact Analysis) - Identifying Priorities, Risk Identification, Likelihood Assessment, Impact Assessment, Resource Prioritization (Quantitative (ALE, MTD, AV, etc) and Qualitative)
3. Continuity Planning - Strategy Development (Risk Acceptance)and Provisions and Processes 
4. Plan Approval and Implementation (Plan testing, Maintenance, Documentation, etc

C(ow)P(ig)SOW -

• Clearing Can be recovered (Deleting),
• Purging is Permanent,
• Sanitizing is Same as Purging,
• Overwriting with 0s and 1s, 
• Wiping is Writing (overwriting that is)

Domain 7
Incident Response: Think of a Drumroll aka DRMRRRL when there is an incident (Detect, Response, Mitigate, Report, Recover, Remediate, Lessons Learnt): In Mitigate, you contain, in Recover, you bring to last good known state, in Remediate, you do RCA/fix the Root Cause)
Canons of ISC - PAPA
Protect society, the common good, necessary public trust and confidence, and the infrastructure (Social Responsibility, no unethical hacking), 
Act honorably, honestly, justly, responsibly, and legally (Maintain Integrity, don't lie, etc)
Provide diligent and competent service to principals (Protect organization you are working for) , 
Advance and protect profession (Don't share exam questions, false endorsement)
CSUSAD - Information Lifecycle (Create, Save, Use, Share, Archive, Destroy)
Fagan Inspection (Code Review): Planets Orbit Perfectly In Round Formations (Planning, Overview, Preparation, Inspection, Rework, Followup)

Domain 8
Software Capability Maturity Model (IDEAL is the other model) - How mature is your capability?
(Think of mature software developers liking Oreo cookies)  I Really Don't Mind Oreos (Initiating, Repeatable (lifecycle management, proper QA), Defined (documented), Managed (is Quantitative, and Quality Mgmt), Optimized(Change Management is followed)
​Change Management Process - Red Rabbits Are Trained In Dancing (Request, Review, Accept/Reject, Testing, Implement, Document)
Change and Configuration Management - Rabbits Chasing Rabbits (Request, Change Control, Release Control)(Request - Red, Change Control - Rabbits Are Trained, Release Control - In Dancing)
5 Phases of SDLC
RDITE - Real Developers Ideas Take Effort (Requirements Analysis, Design, Implementation, Testing, Evolution)

​

​Work in Progress Below
Agile is a Framework: Scrum (most popular), Kanban and SAFe are examples are Agile Framework.
DevOps or DevSecOps can be used alongside Agile

3. Bell-Lapdula - I made a little one-liner jingle for this. I say it like this: Bell, LA PA DU LA - CON FI DEN SHI AL IT E. I've repeated this many times in my head, and in fact, I recall this from my SSCP studies 4 years ago.
4. Running key (or “book”) ciphers often use a passage from a commonly available book as the encryption key. I remember this because in IT, we use a "Run book", so anytime I see a practice question asking How a Running key works, I remember "Run Book".
10. TCSEC vs ITSEC = Orange Book. Orange has vitamin C in it, ITSEC does not.
​Threat Modelling:

• Based on Assets, Attackers, SW
• Stride (SW), PASTA (Asset), DREAD (?)

Standards / Acts / Regulations 
ISO 27001   -> info sec mgmt system 
ISO 22301   -> BCP MS – business continuity management system 
PCI-DSS   -> card security 
NIST 800-37   -> IS information security  
FEDRAMP ->  Federal risk and authorization program 
GLBA act – Privacy Financial services 
SOX -> Publicly Traded Companies – s not a standard but a law for publicliy traded companies doing business in US 
PIPEDA - > Canada - Personal Information Protection and Electronic Documents Act of Canada 
GDPR -> EU – Privacy
HIPPS -> Healthcare