CISSP CBK 10 – Physical Security

Physical Security Controls Types of controls:  – Administrative controls – Facility selection or construction – Facility management – Personnel controls – Training – Emergency response and procedures  – Technical controls – Access controls – Intrusion detection – Alarms – Monitoring (CCTV) – Heating, ventilation and air conditioning (HVAC) – Power supply – Fire detection and… Continue reading CISSP CBK 10 – Physical Security

CISSP CBK 9 – Law, Investigations & Ethics

Ethics ISC2: Code of Ethics Canons –   – Protect society, the commonwealth and the infrastructure – Act honorably, honestly, justly, responsibly and legally – Provide diligent and competent service to principals. – Advance and protect the profession. IAB – Internet Activites Board: Unethical and unacceptable behaviour – – Purposely seeking to gain unauthorized access… Continue reading CISSP CBK 9 – Law, Investigations & Ethics

CISSP CBK 8 – Business Continuity Planning & Disaster Recovery Planning

BCP / Business Continuity Planning Prime elements: – Scope and Plan Initiation – Business Impact Assessment – Business Continuity Plan Development – Plan Approval and Implementation Scope and Plan Initiation: Marks the beginning of the BCP process It entails creating the scope for the plan. Roles and Responsibilities The BCP Commitee: Should be formed and… Continue reading CISSP CBK 8 – Business Continuity Planning & Disaster Recovery Planning

CISSP CBK 7 – Operations Security

Controls and Protections To protect hardware, software and media resources from: – Threats in an operating environment – Internal or external intruders – Operators who are inappropriately accessing resources Categories of Controls: – Preventative Controls: Are designed to lower the amount and impact of unintentional errors that are entering the system and to prevent unauthorized… Continue reading CISSP CBK 7 – Operations Security

CISSP CBK 6 – Security Architecture & Models

Security Model Is a statement that outlined the requirements necessary to properly support a certain security policy. Computer Architecture CPU – Central Processing Unit: Is a microprocessor. Contains a control unit, an ALU / Arithmetic Logic Unit and primary storage. Instructions and data are held in the primary storage unit needed by the CPU. The… Continue reading CISSP CBK 6 – Security Architecture & Models

CISSP CBK 5 – Cryptography

Definitions Algorithm: The set of mathematical rules used in encryption and decryption. Cryptography: Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individuals. Cryptosystem: Hardware or software implementation of cryptography that transforms a message to cipher text and back to plain-text. Cryptanalysis:… Continue reading CISSP CBK 5 – Cryptography

CISSP CBK 4 – Applications & Systems Development Security

Database systems and database management Types of databases: – Hierarchical – Mesh – Object-oriented – Relational DBMS / Database Management System A suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users. Database: A collection of data stored in a meaningful way that enables… Continue reading CISSP CBK 4 – Applications & Systems Development Security