CISSP Journey · Part 1 of Series
CISSP Mnemonics Cheat Sheet:
Thor’s Guide to All 8 Domains
The ultimate memory cheat sheet — decoded, domain-mapped, and designed for daily review. My personal road to CISSP starts here.
Every CISSP candidate hits the same wall: 8 domains, hundreds of frameworks, models, and acronyms — and an exam that tests whether you truly understand them, not just recognize them. This CISSP mnemonics cheat sheet helps you remember all 8 domains using Thor’s Mnemonics — a battlefield reference created by security educator Thor Pedersen. Memorization alone won’t cut it, but without a strong memory foundation, deep understanding can’t take hold either. Treat this page as your daily 5-minute warm-up: read through it every morning before your study session, and watch these concepts move from short-term recall into long-term memory. Bookmark it now and come back tomorrow.
Why Mnemonics Actually Work for CISSP
The CISSP exam covers 8 domains, hundreds of frameworks, models, protocols, and attack types. Trying to brute-force memorise all of it is a recipe for burnout. Mnemonics work because they hijack how your brain stores information — they attach abstract sequences to vivid, memorable images or phrases your brain already knows how to hold.
Thor Pedersen (thorteaches.com) has spent years building the most effective mnemonic system for CISSP. In this article, I’ve taken every mnemonic from his cheat sheet and organised them by domain, explained the logic behind each, and added context so you understand why the mnemonic maps to the concept — not just the acronym itself.
How to use this article: Don’t try to read all 8 domains in one sitting. Bookmark this page. Spend 5 minutes each morning on one domain. By the end of 8 days, you’ve touched every domain. Then cycle again.
CISSP Exam Domain Weights
Not all domains are equal on the exam. Before we dive into mnemonics, know where the marks live:
Domain 1 carries the highest weight at 16%. That means every mnemonic in Domain 1 is worth double the effort. But don’t neglect the rest — IAM, Architecture, and Operations together account for nearly 40% of the exam.
01
// Domain 1 · Highest Weight (16%)
Security & Risk Management Exam Heavy
Ethics, governance, risk analysis, legal frameworks, and security policies. The “thinking” domain — heavy on concepts, frameworks, and formulas.
ISC2 Code of Ethics
PAPA
P rotect society ·
A ct honorably ·
P rovide competent service ·
A dvance the profession
Why it sticks: “PAPA” = a father figure. A good father Protects his family, Acts with honour, Provides for them, and Advances their future. The ISC2 Canon follows the same parental hierarchy — society first, then the profession. The order matters on the exam: protecting society always trumps all other duties.
CIA Triad (and its opposite)
CIA = DAD (inverted)
C onfidentiality · I ntegrity · A vailability
Opposite:D isclosure · A lteration · D estruction
Opposite:
Why it sticks: The CIA Triad is the foundation of everything in security. Its evil twin “DAD” is what attackers try to do — a bad dad Discloses your secrets, Alters your data, and Destroys your systems. Whenever an exam question describes an attack, map it back to which part of DAD it represents — that tells you which part of CIA was violated.
Due Diligence vs Due Care
Diligence = Detect | Care = Correct
Due Diligence = Do your research, detect the risks (the “D” matches)
Due Care = Act on it, correct the problem (the “C” matches)
Due Care = Act on it, correct the problem (the “C” matches)
Why it sticks: Think of Due Diligence as the CSI investigator phase — finding and identifying risks. Due Care is the ER doctor phase — treating the patient. You can’t care before you’re diligent. The exam loves to flip these. Lock it in: DiligEnce → dEtEct (both have two E’s), CarE → corrEct.
Quantitative Risk Formulas Exam Critical
ALE = SLE × ARO
ALE = Annual Loss Expectancy
SLE = Single Loss Expectancy (AV × EF)
ARO = Annualised Rate of Occurrence
AV = Asset Value · EF = Exposure Factor
SLE = Single Loss Expectancy (AV × EF)
ARO = Annualised Rate of Occurrence
AV = Asset Value · EF = Exposure Factor
Arrow-Sled story: Picture a drunk guy (ALE = a beer) shooting ARROWs while riding a SLEd. ArROw SLEd = ARO × SLE = ALE.
SleAVEF: Mario says “I’ve got something up my sleav-ef” — SLE = AV × EF. The formula chain: know your asset value (AV), calculate how much you’d lose per incident (EF %), that gives you SLE — then multiply by how often it happens per year (ARO) to get ALE. That’s how much you should budget for countermeasures — never spend more on a control than the ALE.
SleAVEF: Mario says “I’ve got something up my sleav-ef” — SLE = AV × EF. The formula chain: know your asset value (AV), calculate how much you’d lose per incident (EF %), that gives you SLE — then multiply by how often it happens per year (ARO) to get ALE. That’s how much you should budget for countermeasures — never spend more on a control than the ALE.
NIST Risk Management Framework (RMF)
“Crime Scene Investigators Always Act Modestly”
C ategorize →
S elect →
I mplement →
A ssess →
A uthorize →
M aintain
Why it sticks: CSI Agents always investigate in order. They first Categorize the crime scene (what kind?), Select which forensic tools to apply, Implement their investigation, Assess the evidence, Authorize a verdict, and maintain the case file. The “Modestly” is a gentle reminder that Maintain comes last — the job isn’t done at authorization.
ISO 27000-Series Standards
“Raging Crackheads Risk Health”
R equirements (ISO 27001) ·
C ode of practice (ISO 27002)
R isk Management (ISO 27005) ·
H ealth (ISO 27799)
Pattern recognition: ISO 27001 = ISMS Requirements (the “must-have” standard). ISO 27002 = Code of Practice (the “how-to” guide). ISO 27005 = Risk Management specifically. ISO 27799 = Healthcare sector. The ridiculous phrase locks in the right order. The exam won’t ask you to recite all four — but it will describe a scenario and ask which standard applies.
02
// Domain 2 · 10% of Exam
Asset Security
Data classification, ownership, retention policies, and data handling requirements. Know your labels — they appear on scenario questions constantly.
Government Data Classification Labels Scenario Favourite
“U Should Count Six Tauntauns”
U nclassified →
S ensitive But Unclassified (SBU) →
C lassified →
S ecret →
T op Secret
Why it sticks: A Tauntaun is the snow creature from Star Wars — an absurd, unforgettable image that your brain can’t ignore. The “Six” in the phrase is a red herring — there are only 5 levels. That mismatch actually helps you remember the sentence isn’t literal. The order goes from lowest to highest sensitivity. Commercial equivalent: Public → Internal → Confidential → Restricted. Exam tip: Government = USCST. Commercial = PICR.
Domain 2 is about who is responsible for data. Remember the key roles: the Data Owner (executive level, decides classification), the Data Custodian (IT, implements controls), and the Data User (follows policy). The exam loves to ask “who is responsible for classifying data?” — answer: the owner, not IT.
03
// Domain 3 · 13% of Exam
Security Architecture & Engineering
Security models, cryptography, physical security, hardware architecture, and secure design principles.
Bell-LaPadula Model — Confidentiality Exam Critical
NRU · NWD · NR/W U/D
Simple Security (No Read Up): Cannot read data at a higher level
Star Property (No Write Down): Cannot write data to a lower level
Strong Star: No read or write across levels — most strict
Star Property (No Write Down): Cannot write data to a lower level
Strong Star: No read or write across levels — most strict
The leak prevention model. Bell-LaPadula was designed for military confidentiality. Think of a Private soldier — they can write UP (report to their General) but can NEVER read the General’s classified orders. And the General can’t write DOWN (leak classified orders to the private’s unclassified channel). The direction arrows: Read DOWN is OK (you can read your own level or below). Write UP is OK (you can send info upward). Reverse either → violation. Quick test: “No read up, no write down” = Bell-LaPadula.
Biba Model — Integrity Exam Critical
NRD · NWU · Invocation NR/W U
Simple Integrity (No Read Down): Cannot read from a lower integrity level
Star Integrity (No Write Up): Cannot write to a higher integrity level
Invocation Property: Cannot invoke services at higher integrity levels
Star Integrity (No Write Up): Cannot write to a higher integrity level
Invocation Property: Cannot invoke services at higher integrity levels
The garbage-in prevention model. Biba is the exact opposite of Bell-LaPadula, but for integrity instead of confidentiality. Think of a hospital: a surgeon (high integrity) cannot use untested data from a random website (low integrity) — that’s No Read Down. And a junior intern cannot write directly into the surgeon’s treatment plan — that’s No Write Up. Garbage in = corrupted data out. Memory hook: Bell = Confidentiality (spies). Biba = Integrity (surgeons). Both use NO READ / NO WRITE but in opposite directions.
Hashing Algorithms
Look for “HA” or “MD” in the name
SHA-1, SHA-256, SHA-3 — all hashing (SHA = Secure HA sh Algorithm)
MD5, MD4 — hashing (MD = Message Digest)
MD5, MD4 — hashing (
The pattern rule: If the algorithm name contains “HA” (SHA) or starts with “MD” — it’s a one-way hash function. Hashes verify integrity, not confidentiality — they don’t encrypt, they fingerprint. MD5 = 128-bit, SHA-1 = 160-bit, SHA-256 = 256-bit. The bigger the bit length, the more collision-resistant. MD5 and SHA-1 are considered broken/deprecated — exam questions about “legacy” integrity checks almost always reference these two.
Asymmetric Encryption Algorithms
DEREK-Q
D iffie-Hellman ·
E l Gamal ·
R SA ·
E CC ·
K napsack ·
Q uantum
Why asymmetric? These algorithms use a key pair — public key to encrypt, private key to decrypt. “DEREK” sounds like a name you can picture — imagine Derek as a cryptographer holding two keys. RSA is the king of this list — used in HTTPS, SSH, and digital signatures. ECC (Elliptic Curve Cryptography) gives equivalent security to RSA with much shorter key lengths — preferred in mobile/IoT. Diffie-Hellman doesn’t encrypt data — it’s used for secure key exchange only.
Symmetric Encryption Algorithms
23BRAIDS
2 fish · 3 DES · B lowfish · R C5 · A ES · I DEA · D ES · S kipjack
Symmetric = same key to encrypt and decrypt. “23 braids” gives you 8 algorithms in one image. AES is the current gold standard (128, 192, or 256-bit keys). 3DES applies DES three times — legacy but still tested. DES is broken (56-bit key). RC4 is a stream cipher (not in this list — it fits Ciphers separately). RC5 in this list is a block cipher. Skipjack = NSA-designed, used in the controversial Clipper chip. Exam tip: symmetric is faster but requires secure key distribution — that’s the core tradeoff vs. asymmetric.
Stream vs Block Ciphers
Stream = RC4 only | Block = Everything else
Stream cipher: Encrypts 1 bit/byte at a time (RC4) — fast, used in wireless (WEP, WPA)
Block cipher: Encrypts in fixed chunks (AES = 128-bit blocks) — more secure
Block cipher: Encrypts in fixed chunks (AES = 128-bit blocks) — more secure
The RC4 exception: On the CISSP exam, if you see RC4, think stream cipher and think legacy/broken in modern contexts (WEP uses RC4 — that’s why WEP is insecure). Everything else in the symmetric list is a block cipher. Block ciphers use “modes of operation” like CBC, ECB, CTR — you’ll encounter these in crypto questions. ECB mode is the weakest (identical plaintext blocks = identical ciphertext blocks). CBC adds randomness with an Initialization Vector (IV).
Fire Extinguisher Classes
A=Ash · B=Boil · C=Current · D=Dent · K=Kitchen
A sh = Combustible materials (wood, paper) ·
B oil = Flammable liquids
C urrent = Electrical fires ·
D ent = Metal/combustible metals
K itchen = Cooking oils/fats (grease fires)
Data center relevance: Class C (Current = electrical) is what you’ll need in a server room. Never use water (Class A extinguisher) on electrical fires. Halon or clean agent suppression systems are preferred in data centers because they don’t damage equipment. On the exam: server room fire → clean agent. Kitchen fire → Class K. Memory: A-B-C-D-K = “Ash Burns Circuits Denting Kitchens.”
Evaluation Assurance Levels (EAL 1–7)
FSMM-SSF → “For Sure My Mother-So Sweet Forever”
EAL1: F unctionally tested · EAL2: S tructurally tested
EAL3:M ethodically tested · EAL4: M ethodically designed
EAL5:S emi-formally designed · EAL6: S emi-formally verified
EAL7:F ormally verified
EAL3:
EAL5:
EAL7:
The Common Criteria scale. EAL levels are from the CC (Common Criteria) standard for product security evaluation. EAL4 is the highest commercially feasible level — governments and enterprises typically require EAL4+. EAL7 is theoretical/research-grade (military systems). The exam rarely asks you to define all 7 — but it will ask whether a product’s EAL level meets a security policy requirement in a scenario. Tip: EAL4 = “methodically designed and tested” is the magic phrase for enterprise procurement.
CPU Pipelining Order
FDEW — “Few Developers Execute Well”
F etch → D ecode → E xecute → W rite-back
Hardware architecture basics. CPU pipelining appears in CISSP as part of hardware security — understanding how a processor works is foundational to understanding execution-level exploits (buffer overflows, return-oriented programming). Fetch the instruction from memory → Decode what it means → Execute the operation → Write the result back to a register. Attacks like Spectre/Meltdown target the Execute stage through speculative execution.
Defense in Depth
Mnemonic: Onion Defense (layering). An onion has concentric layers — each one must be peeled before reaching the core. Security works the same way: physical controls → network controls → host controls → application controls → data controls. If one layer fails, the next one holds. This concept appears in every domain on the CISSP exam — it’s the meta-strategy behind all other controls.
04
// Domain 4 · 13% of Exam
Communication & Network Security
OSI model, TCP/IP, protocols, network attacks, and secure communications design.
OSI Model — 7 Layers Exam Critical
Bottom→Top: “Please Do Not Throw Sausage Pizza Away”
Top→Bottom: “All People Seem To Need Data Processing”
The two sentences cover both directions. Use the table below to lock in layer numbers — the exam uses numbers AND names.
| Layer | Name | Memory Hook | Protocols / Devices |
|---|---|---|---|
| 1 | Physical | Please (P) | Cables, Hubs, Repeaters |
| 2 | Data Link | Do (D) | Switches, MAC addresses, Ethernet |
| 3 | Network | Not (N) | Routers, IP, ICMP |
| 4 | Transport | Throw (T) | TCP, UDP, Ports |
| 5 | Session | Sausage (S) | NetBIOS, PPTP |
| 6 | Presentation | Pizza (P) | SSL/TLS, JPEG, ASCII, Encryption |
| 7 | Application | Away (A) | HTTP, DNS, FTP, SMTP |
TCP/IP Model (4 Layers)
NITA
N etwork Access ·
I nternet ·
T ransport ·
A pplication
OSI vs TCP/IP mapping: TCP/IP is the real-world implementation. OSI Layers 1+2 → TCP/IP Network Access. OSI Layer 3 → TCP/IP Internet. OSI Layer 4 → TCP/IP Transport. OSI Layers 5+6+7 → TCP/IP Application. The exam may ask you to map a protocol to both models — HTTPS lives at Application in both, but TLS negotiation touches Presentation (OSI Layer 6).
TCP Header Flags
“Unskilled Attackers Pester Real Security Folks”
U RG · A CK · P SH · R ST · S YN · F IN
Attack relevance: SYN is the key flag for SYN flood attacks (DoS). Attacker sends thousands of SYN packets without completing the three-way handshake (SYN → SYN-ACK → ACK), exhausting the server’s connection table. RST is used to terminate connections — RST injection attacks abuse this. FIN scanning (a Nmap technique) sends FIN packets to open ports to identify firewalled vs unfiltered ports. ACK is critical for stateful firewall inspection.
DHCP Process
DORA
D iscover →
O ffer →
R equest →
A CK
Think of Dora the Explorer: She Discovers the map (broadcast), gets an Offer from Boots, Requests to follow it, and gets ACKnowledged to proceed. DHCP starvation attacks flood the server with DISCOVER packets using fake MACs, exhausting the IP pool. DHCP snooping on switches is the defence — it filters untrusted DHCP responses.
4 D’s of Physical Security
Deter → Deny → Detect → Delay
The layered physical model. Deter bad actors from attempting access (signs, lighting, cameras). Deny physical access (fences, locks, mantraps). Detect intrusion attempts (motion sensors, guards). Delay long enough for response (reinforced doors, security protocols). The order matters — deterrence is always the cheapest control.
05
// Domain 5 · 13% of Exam
Identity & Access Management (IAM)
Authentication, authorisation, access control models, and identity lifecycle.
Multi-Factor Authentication
Know · Have · Are
Something you Know (password, PIN) · Something you Have (token, smart card) · Something you Are (biometric)
Exam trap: A username and password are BOTH “something you know” — that’s single-factor, not two-factor, regardless of entering two fields. True MFA requires factors from different categories. A PIN + fingerprint = MFA (Know + Are). A password + security question = single-factor (both Know). Some definitions also include: Somewhere you Are (location-based) and Something you Do (behavioural biometrics).
Access Control Types Scenario Favourite
2C – 3D – PR
2C: C orrective, C ompensating
3D:D etective, D eterrent, D irective
PR:P reventative, R ecovering
3D:
PR:
The 7 control types decoded:
• Preventative — stops the attack (firewall, locks, encryption)
• Detective — finds the attack after it starts (IDS, audit logs, CCTV)
• Corrective — fixes damage (patching, restoring backups)
• Deterrent — discourages the attacker (warning banners, guards)
• Compensating — substitutes for a missing primary control
• Directive — tells people what to do (policy, training)
• Recovering — restores normal operations (DRP activation)
Exam tip: The question will describe a scenario — map the control to its type. “The company deployed an IDS” = Detective. “The policy states users must use strong passwords” = Directive.
• Preventative — stops the attack (firewall, locks, encryption)
• Detective — finds the attack after it starts (IDS, audit logs, CCTV)
• Corrective — fixes damage (patching, restoring backups)
• Deterrent — discourages the attacker (warning banners, guards)
• Compensating — substitutes for a missing primary control
• Directive — tells people what to do (policy, training)
• Recovering — restores normal operations (DRP activation)
Exam tip: The question will describe a scenario — map the control to its type. “The company deployed an IDS” = Detective. “The policy states users must use strong passwords” = Directive.
The Ring Model (Protection Rings)
-VM KODU
Ring -1 = VM Hypervisor · Ring 0 = Kernel · Ring 1 = OS · Ring 2 = Drivers · Ring 3 = User applications
The trust hierarchy. Ring 0 (Kernel) is the most trusted — it has direct hardware access. Ring 3 (User) is least trusted — applications run here, isolated from hardware. Ring -1 was added for virtualisation hypervisors (they need to sit beneath the OS kernel). Privilege escalation attacks aim to move from Ring 3 to Ring 0. “KODU” sounds like a coding environment — remember: code runs in Ring 3 under user context.
06
// Domain 6 · 12% of Exam
Security Assessment & Testing
Vulnerability assessments, pen testing, audits, and DREAD/STRIDE threat modelling.
STRIDE Threat Model
STRIDE
S poofing · T ampering · R epudiation · I nformation Disclosure · D oS · E scalation of Privilege
Microsoft’s threat model — maps to CIA + more.
• Spoofing → violates Authentication
• Tampering → violates Integrity
• Repudiation → violates Non-repudiation
• Information Disclosure → violates Confidentiality
• DoS → violates Availability
• Escalation → violates Authorisation
Use STRIDE during the design phase — it’s a proactive framework. The CISSP exam uses STRIDE in Software Development (Domain 8) and Threat Modelling questions.
• Spoofing → violates Authentication
• Tampering → violates Integrity
• Repudiation → violates Non-repudiation
• Information Disclosure → violates Confidentiality
• DoS → violates Availability
• Escalation → violates Authorisation
Use STRIDE during the design phase — it’s a proactive framework. The CISSP exam uses STRIDE in Software Development (Domain 8) and Threat Modelling questions.
DREAD Risk Rating
DREAD
D amage · R eproducibility · E xploitability · A ffected users · D iscoverability
Used to score each STRIDE threat. Each dimension is scored 0–10, and the average gives a DREAD score. High DREAD = prioritise patching/mitigating this threat first. Discoverability is sometimes debated — some organisations remove it (low discoverability can create false security). In CISSP exam context, treat DREAD as a 5-category scoring model for vulnerability prioritisation.
07
// Domain 7 · 13% of Exam
Security Operations
Incident response, forensics, BCP/DRP, change management, and cyber attack lifecycle.
Incident Response Process
PDRMR³L
P repare · D etect · R espond · M itigate · R eport · R ecover · R emediate · L essons Learned
The R³ (three R’s) is key: After mitigating an incident you must Report (document what happened), Recover (restore systems), then Remediate (fix the root cause permanently). Many teams stop at recovery — the exam knows this. “Lessons Learned” is the final, critical step that feeds back into Preparation, making the cycle complete. Without lessons learned, you’re doomed to repeat the same incident.
Digital Forensics Process
“I Prefer Coffee Everytime Anyone Provides Donuts”
I dentification · P reservation · C ollection · E xamination · A nalysis · P resentation · D ecision
Chain of custody lives here. The most legally critical step is Preservation — collecting evidence improperly (without write blockers, without hashing) makes it inadmissible in court. The order is non-negotiable: you must Identify what you have before you Preserve it, Collect it before you Examine it. “Presentation” = presenting evidence to court/management. “Decision” = the legal verdict or action taken. Never skip Preservation.
7 Steps of a Cyber Attack
RSA ESA O
R econnaissance · S canning · A ccess & Escalation · E xfiltration · S ustainment · A ssault · O bfuscation
The attacker’s playbook. Compare this to the Cyber Kill Chain (Lockheed Martin’s version) which you’ll also see referenced. Reconnaissance = OSINT, passive scanning. Scanning = active enumeration (Nmap). Access = exploitation. Escalation = privilege escalation. Exfiltration = data theft. Sustainment = persistence (backdoors, rootkits). Assault = the visible attack (ransomware detonation). Obfuscation = covering tracks (log deletion). Defenders must identify at which stage an attack is caught — earlier = less damage.
BCP/DRP Steps
Policy → BIA → Controls → Strategy → DRP → Test → Maintain
BCP Policy → Business Impact Analysis → Identify preventive controls → Recovery strategies → Develop DRP → Training & Testing → Maintenance
BIA is the cornerstone. Everything in BCP/DRP flows from the BIA — it identifies critical systems (MTD, RTO, RPO), their maximum tolerable downtime, and the financial/operational impact of disruption. RTO = how fast you must recover. RPO = how much data loss is acceptable. MTD = maximum time before the business fails. If MTD < RTO, your recovery plan is already failing — that gap is a CISSP trap question.
Change Management Steps
RRA/RTID
R equest → R eview → A pprove/Reject → T est → I mplement → D ocument
Test before you implement — always. This is the most commonly violated step in real-world environments and therefore a favourite CISSP scenario. “A patch was deployed to production servers without testing and caused an outage” — the violation is implementing before testing. Document comes last, not first.
08
// Domain 8 · 10% of Exam
Software Development Security
SDLC, secure coding, maturity models, database security, and code review frameworks.
SW-CMM Maturity Levels
“I Ran Down My Ostrich”
I nitial · R epeatable · D efined · M anaged · O ptimized
The chaos-to-excellence scale. Level 1 (Initial) = ad hoc chaos, heroics, unpredictable. Level 2 (Repeatable) = basic project management, some process. Level 3 (Defined) = documented, standardised processes. Level 4 (Managed) = measured and controlled with metrics. Level 5 (Optimized) = continuous improvement and innovation. Most organisations sit at Level 2–3. Level 5 is the gold standard. The CISSP exam will give you a scenario describing an organisation’s process maturity and ask which CMM level applies.
SDLC Models
SDLC1: IDIOD | SDLC2: “I Reckon All Dem Dere Taters’ Really Delicious”
SDLC1 (Simple): I nitiation · D esign · I mplement · O perate · D ispose
SDLC2 (Full): Initiation · Requirements · Architecture · Design · Develop · Test · Release · Dispose
SDLC2 (Full): Initiation · Requirements · Architecture · Design · Develop · Test · Release · Dispose
“Don’t be an IDIOD” — the humour locks in the 5-phase version. The full 8-phase version (SDLC2) mirrors real-world development. Security must be integrated at EVERY phase — this is “Security by Design” or DevSecOps. The CISSP exam heavily tests where security activities belong: threat modelling → Design phase. Code review → Develop phase. Penetration testing → Test phase. Patch management → Operate phase. Secure data destruction → Dispose phase.
Database ACID Properties
ACID
A tomic · C onsistency · I solation · D urability
Database integrity foundation. Atomic = transactions are all-or-nothing (bank transfer: either both debit+credit happen, or neither do). Consistency = the DB stays in a valid state before and after each transaction. Isolation = concurrent transactions don’t interfere. Durability = committed transactions survive crashes (written to disk). ACID violations = data integrity incidents. SQL injection attacks specifically violate the Isolation property — they inject malicious transactions that corrupt the expected query logic.
IDEAL Process Improvement Model
IDEAL
I nitiating · D iagnosing · E stablishing · A cting · L earning
CMM’s companion framework for improvement initiatives. IDEAL is used to plan and execute process improvement projects — it tells you how to move up CMM levels. Initiating = decide to improve. Diagnosing = assess current state. Establishing = plan the improvement. Acting = implement it. Learning = review what worked. The exam may pair IDEAL with CMM scenarios — “what is the next step in the IDEAL model after diagnosing the process gaps?”
COBIT Framework
It has “IT” in the name — it’s IT governance
COBIT = Control Objectives for Information and Related Technologies. The mnemonic is literal — COBIT literally contains “IT” and it is literally an IT governance framework. It bridges business goals to IT processes. When the exam gives a scenario about aligning IT with business strategy or board-level IT accountability — the answer is usually COBIT. Don’t confuse with ITIL (service management) or ISO 27001 (security requirements).
⏱ Your 5-Minute Daily Review Routine
- 1Pick one domain section per morning. Rotate through all 8 over 8 days, then cycle again.
- 2Read each mnemonic phrase aloud. Vocalising activates additional memory pathways.
- 3Cover the expansion and try to recall what each letter stands for. Click “Show Logic” only if you can’t recall.
- 4Write one sentence connecting the mnemonic to a real-world scenario you’ve encountered in your career.
- 5Flag the ones that don’t stick. Those are your exam weak spots — add them to your flashcard app.
📖 CISSP Journey Series — Part 1 of ongoing
This is just the beginning.
This article covers the foundational mnemonic layer — what to remember. Future articles in this series will go deeper: domain-by-domain practice questions, real-world case studies mapping my IT career to CISSP concepts, and a full study plan breakdown. Subscribe to IlmBytesTech to follow along as I document the full journey to passing the CISSP exam.
