Certified: The CISSP Prepcast

Welcome to The Bare Metal Cyber C I S S P Prepcast. This series helps you prepare for the I S C squared C I S S P exam with focused explanations and practical context.

Today, we’re going to take a lighter, more accessible approach to exam preparation. In this episode, we’ll explore memory tricks and mnemonics designed specifically for the C I S S P. These simple tools can help you recall critical concepts quickly and accurately. Whether you’re taking notes, reviewing a domain, or tackling a difficult question under pressure, having a strong set of mental shortcuts will give you a real advantage.

We’ll begin with a set of memory aids for risk management—one of the more calculation-heavy areas of the exam. You’ve probably encountered the terms Single Loss Expectancy, Annualized Rate of Occurrence, and Annualized Loss Expectancy. It’s easy to confuse them, but this simple reminder can help: remember that A L E equals S L E multiplied by A R O. Or said another way, your Annualized Loss Expectancy is your expected yearly loss, based on what a single incident costs you and how often it is likely to occur. One phrase to lock it in: “A L E is your yearly expectation—single loss multiplied by how often it occurs.”

Another helpful acronym for qualitative risk analysis is P A I R. This stands for Probability, Impact, Assessment, and Response. Just remember that P A I R helps you manage risk by pairing the likelihood of an event with its impact and planning how to respond. These four steps are commonly used in real-world risk evaluations, and you’ll often find them embedded in exam questions that ask about qualitative or scenario-based risk decision-making.

Now let’s shift to access control models—an area where terminology tends to get tangled. Starting with Mandatory Access Control, or M A C. To simplify it, just think of it as “Military Access Control.” This reminds you that it is strict, centralized, and used in environments where rules are enforced without exception. The data owner does not make the decisions—the system does.

Next is Discretionary Access Control, or D A C. One way to remember this is by thinking of “Data Owner Access Control.” In this model, the user or data owner has the ability to set permissions. It’s more flexible but less secure than M A C, and you’ll often see this used in consumer and commercial systems.

Then there’s Role-Based Access Control, or R B A C. Think of it this way—“Roles Bring Access Control.” Instead of assigning permissions to users individually, permissions are granted to roles, and users are assigned those roles. This is a scalable and efficient model, often used in enterprise environments.

Finally, there’s Attribute-Based Access Control, or A B A C. An easy phrase to remember is “Attributes Build Access Control.” This model grants access based on user attributes, resource attributes, and environmental conditions. It’s dynamic and policy-driven, allowing for complex rule sets and granular control.

Now let’s tackle two core principles that appear on almost every part of the exam—the C I A triad and A A A. The C I A triad stands for Confidentiality, Integrity, and Availability. One way to remember this is with the phrase: “C I A protects your secrets, accuracy, and uptime.” This trio forms the backbone of security design, and most questions about security goals tie back to one or more parts of the C I A triad.

Then there’s A A A—Authentication, Authorization, and Accountability. A simple phrase here is: “A A A ensures users are Authenticated, Authorized, and Accountable.” First, you prove who the user is. Then, you check what they are allowed to do. Finally, you ensure actions are recorded and traceable.

For more cyber related content and books, please check out cyber author dot me. Also, there are other podcasts on Cybersecurity and more at Bare Metal Cyber dot com.

Let’s continue with cryptography, where some simple mnemonics can make complex terms easier to retain. For symmetric encryption, think about Advanced Encryption Standard, Data Encryption Standard, and Triple Data Encryption Standard. Here’s a phrase to anchor them: “A E S is Advanced and Fast. D E S is Deprecated and Old. Triple D E S is Triple Strength but Slower.” That quick comparison gives you speed, security, and currency in one sentence.

As for asymmetric encryption, the main algorithms you’ll encounter are R S A, Elliptic Curve Cryptography, and Diffie-Hellman. Here’s a fast way to remember them: “R S A is the Reliable Security Algorithm. Elliptic Curve is Efficient and Compact. Diffie-Hellman is your Dual-party Handshake.” Each of these plays a role in key exchange, digital signatures, and confidentiality, and each name tells you something about what it does best.

Incident response is another major area where a strong mnemonic can make all the difference. A common model is P I C E R L, which stands for Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. Here’s an easy way to make it stick: “P I C E R L prepares you to handle incidents properly from start to finish.” Every word in that sentence aligns with a step in the response process and helps you keep your incident response plan in order.

In digital forensics, one of the most important ideas is the order of volatility. You need to know which data disappears first and which data lasts longest. A helpful phrase is “C P U R A M D A S D.” It’s not a real word, but it helps you remember the order: Cache, RAM, Paging files, User data, Logs, and finally Archive media. This list goes from most to least volatile, helping you answer questions about evidence collection and proper sequencing.

Now let’s tackle network security—specifically, the layers of the O S I model. One of the most well-known mnemonics here is “All People Seem To Need Data Processing.” That maps directly to Application, Presentation, Session, Transport, Network, Data Link, and Physical layers. It flows from the top of the stack down to the bottom, which is the direction you’ll need to understand for many questions about protocols, devices, and troubleshooting.

Similarly, the T C P I P model is often reduced to just four layers: Network Interface, Internet, Transport, and Application. The memory phrase here is “N I T A guides packets from cables to applications.” This gives you a neat reminder of how a packet travels through the protocol stack—from physical transmission to the final user interaction.

Using these kinds of memory aids not only boosts your recall but also helps you make faster decisions under pressure. When you are in the exam environment and faced with a complex or layered question, you will be able to quickly match these mnemonics to the answer choices and eliminate distractors.

Thanks for joining us for this episode of The Bare Metal Cyber C I S S P Prepcast. For more episodes, tools, and study support, visit us at Bare Metal Cyber dot com.