Physical Security Controls Types of controls: – Administrative controls – Facility selection or construction – Facility management – Personnel controls – Training – Emergency response and procedures – Technical controls – Access controls – Intrusion detection – Alarms – Monitoring (CCTV) – Heating, ventilation and air conditioning (HVAC) – Power supply – Fire detection and… Continue reading CISSP CBK 10 – Physical Security
Tag: cissp
CISSP CBK 9 – Law, Investigations & Ethics
Ethics ISC2: Code of Ethics Canons – – Protect society, the commonwealth and the infrastructure – Act honorably, honestly, justly, responsibly and legally – Provide diligent and competent service to principals. – Advance and protect the profession. IAB – Internet Activites Board: Unethical and unacceptable behaviour – – Purposely seeking to gain unauthorized access… Continue reading CISSP CBK 9 – Law, Investigations & Ethics
CISSP CBK 8 – Business Continuity Planning & Disaster Recovery Planning
BCP / Business Continuity Planning Prime elements: – Scope and Plan Initiation – Business Impact Assessment – Business Continuity Plan Development – Plan Approval and Implementation Scope and Plan Initiation: Marks the beginning of the BCP process It entails creating the scope for the plan. Roles and Responsibilities The BCP Commitee: Should be formed and… Continue reading CISSP CBK 8 – Business Continuity Planning & Disaster Recovery Planning
CISSP CBK 7 – Operations Security
Controls and Protections To protect hardware, software and media resources from: – Threats in an operating environment – Internal or external intruders – Operators who are inappropriately accessing resources Categories of Controls: – Preventative Controls: Are designed to lower the amount and impact of unintentional errors that are entering the system and to prevent unauthorized… Continue reading CISSP CBK 7 – Operations Security
CISSP CBK 6 – Security Architecture & Models
Security Model Is a statement that outlined the requirements necessary to properly support a certain security policy. Computer Architecture CPU – Central Processing Unit: Is a microprocessor. Contains a control unit, an ALU / Arithmetic Logic Unit and primary storage. Instructions and data are held in the primary storage unit needed by the CPU. The… Continue reading CISSP CBK 6 – Security Architecture & Models
CISSP CBK 5 – Cryptography
Definitions Algorithm: The set of mathematical rules used in encryption and decryption. Cryptography: Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individuals. Cryptosystem: Hardware or software implementation of cryptography that transforms a message to cipher text and back to plain-text. Cryptanalysis:… Continue reading CISSP CBK 5 – Cryptography
CISSP CBK 4 – Applications & Systems Development Security
Database systems and database management Types of databases: – Hierarchical – Mesh – Object-oriented – Relational DBMS / Database Management System A suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users. Database: A collection of data stored in a meaningful way that enables… Continue reading CISSP CBK 4 – Applications & Systems Development Security
CISSP CBK 3 – Security Management Practices
Fundamental Principles of Security Security objectives Confidentiality: Provides the ability to ensure that the necessary level of secrecy is enforced. Integrity: Is upheld when the assurance of accuracy and reliability of information and system is provided and unauthorized modification of data is prevented. Availability: Prevents disruption of service of productivity. Definitions Vulnerability: Is a software,… Continue reading CISSP CBK 3 – Security Management Practices
CISSP CBK 2 – Telecommunications & Network Security
Open System Interconnect Model Protocol – Standard set of rules that determine how systems will communicate across networks. OSI Model TCP/IP Application Application Presentation Session Transport Host-to-host Network Internet Data Link Network Access Physical Each layer adds its own information to the data packet.
CISSP CBK 1 – Access Control Systems & Methodology
Security principles Confidentiality: The assurance that information is not disclosed to unauthorized individuals, programs or processes. Integrity: Information must be accurate, complete and protected from unauthorized modification. Availability: Information, systems and resources need to be available to users in a timely manner so productivity will not be affected. Personal note: Conformity with legislation