Question

[Chris.J....@fluor.com]

Afternoon,

I'd like to know the difference between  aggregation vs inference, its REALLY wreaking my nerves!!!
Chris Williams | FLUOR | Senior IT Auditor | * Chris.J.Williams@fluor.com |( 864-281.8268 | IODC 20.8268 | M 864-525-0402 |www.fluor.com  NYSE: FLR------------------------------------------------------------
The information transmitted is intended only for the person
or entity to which it is addressed and may contain
proprietary, business-confidential and/or privileged material. 
If you are not the intended recipient of this message you are
hereby notified that any use, review, retransmission, dissemination,
distribution, reproduction or any action taken in reliance upon
this message is prohibited. If you received this in error, please
contact the sender and delete the material from any and all
computers and other devices. 

Any views expressed in this message are those of the individual
sender and may not necessarily reflect the views of the company. 
------------------------------------------------------------

[VT]

Hi Chris,

Here is my explanation of Aggregation vs Inference 

Aggregation - Uncovering restricted information by using data collected through different venues.

Inference - Taking information gathered during aggregation phase and making an assumption out of it.

Kelly also explains very well in the link that I shared - https://www.cybrary.it/s3ss10n/aggregation-inference-and-polyinstantiation/

[CCCure Support]

Great question,

Let me extend the definition a little bit.

Chris is on the right path but failed to mention a few things.

AGGREGATION

With aggregation, you do normal queries without breaking any rules.   However, the sum of the information you have gathered may represent a level of Classification higher than the parts that you have accessed.   A good example of this is when I was within the Department of Defense (DoD).    Every year we had to write an annual performance report on every employee within my department.  Each of the annual reports had a classification of CONFIDENTIAL.   However, if I had 24 people in my section and I would store in physical or electronic format the 24 reports together, then it would be considered SECRET.   So in short:  You are not uncovering information but you need to treat it with a higher level of security if you collect a lot of data together.

INFERENCE

Chris is totally right.   You assume and make up new information based on the information you have.  However, it is not only restricted to information gathered during the aggregation phase.  I could be any data set, even a single data set that has not been sanitised properly could be used for that purpose.  The inference is a technique often times used in illegal or malicious activity.  For example,  you walk by a nice car and you notice on the dash there is a mount for an expensive 7 inch GPS from Garmin but the GPS is not in the mount.    You then INFER the GPS may be in the glove compartment, the thief will break the window and steal it.  It could also be in the digital world as well.   You notice a specific stock from a company is being sold in very large volume a day before their annual earnings report is due.    You could INFER the earning might not be as good as expected by the analysts.

Any of those terms could be a great topic for the real exam.  Make sure you fully understand them.

Best regards to all

Clement

--
===========================================================
Another resource brought to you by CCCure for our Learners
 
Having any issues, contact us at: sup...@cccure.com
 
Visit our NEW quiz at: https://cccure.education/
 
Visit our learning portal at: https://cccure.training
 
Visit the CCCure web store at: https://www.cccure.com
===========================================================
---
You received this message because you are subscribed to the Google Groups "CISSP Study Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cissptalks+...@googlegroups.com.
To post to this group, send email to cissp...@googlegroups.com.
Visit this group at https://groups.google.com/group/cissptalks.
To view this discussion on the web visit https://groups.google.com/d/msgid/cissptalks/00535b22-ddd7-4bd7-be78-cdaf69ac58e0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

---------------------------------------------------------------------------------------------

Clement Dupuis, CD
CCCure Owner and Founder
Chief Learning Officer (CLO) and Security Evangelist
The CCCure Family of Portals
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

For support or queries send an email to:  Sup...@CCCure.Com

----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Learning Portal  -  Find the best Security Tutorials

The CCCure Quiz Engine
 
Knowledge sharing and giving back to the community

[Chris.J....@fluor.com]

Morning,

What are in your opinion the main domains to focus on?

Chris Williams | FLUOR | Senior IT Auditor | * Chris.J.Williams@fluor.com |( 864-281.8268 | IODC 20.8268 | M 864-525-0402 |www.fluor.com  NYSE: FLR

.
To view this discussion on the web visit https://groups.google.com/d/msgid/cissptalks/CAA3tmKu366CctWYPMvjJdA8zHFV1jyzMh%2BXprsWSRmp%3DVxzT5g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

------------------------------------------------------------

[CCCure Support]

Here is a breakdown:

---

FIRST:  I must say due to the limited number of questions on the exam (100 to 150 questions max), you must do good on the majority of them.

MOST IMPORTANT DOMAIN ON THE EXAM

Many people have heard that some domains are more important than others as far as the number of questions they will get on the real exam. This is true, There are some key domains that you must do well to ensure a passing mark on the real exam. For the past 12 years, I have been doing CISSP® training and anytime someone would miss the exam I have seen a fixed pattern that emerged. All of the people that failed did badly on one or two of the key domains or the most important domains.

See the list of domains below, the most important domains are at the top of the list and the domains at the bottom of the list are the least important domains.  The list is in order of importance for the exam, the most important domains are at the top of the list and the least important domains are at the bottom.

* Security and Risk Management       (16%)
* Security Operations                (16%)
* Identity and Access Management     (13%)
* Security Engineering               (12%)
* Communication and Network Security (12%)
Security Assessment and Testing    (11%)
Software Development Security      (10%)
Asset security                     (10%)

The domains in BOLD with a star (*) before the names are the most important domains on the exam but you must also be familiar with the other domains as well.  When you get 698 on your exam, it means that one more question would have allowed you to pass the exam.  So do take the time to review ALL of the domains.

Start your studies by Reviewing the top 5 domains and making sure you master those domains.  Then review the other 3 domains.   As you get closer to your exam, go back to the top 5 domains and ensure this is fresh as you walk into the exam room.

---

To view this discussion on the web visit https://groups.google.com/d/msgid/cissptalks/OFB8CEEB80.8D838822-ON852583FA.00410245-852583FA.004116FB%40fluor.com.

For more options, visit https://groups.google.com/d/optout.