Tag: cissp

  • CISSP CBK 10 – Physical Security

    Physical Security Controls Types of controls:  – Administrative controls – Facility selection or construction – Facility management – Personnel controls – Training – Emergency response and procedures  – Technical controls – Access controls – Intrusion detection – Alarms – Monitoring (CCTV) – Heating, ventilation and air conditioning (HVAC) – Power supply – Fire detection and…

  • CISSP CBK 9 – Law, Investigations & Ethics

    Ethics ISC2: Code of Ethics Canons –   – Protect society, the commonwealth and the infrastructure – Act honorably, honestly, justly, responsibly and legally – Provide diligent and competent service to principals. – Advance and protect the profession. IAB – Internet Activites Board: Unethical and unacceptable behaviour – – Purposely seeking to gain unauthorized access…

  • CISSP CBK 8 – Business Continuity Planning & Disaster Recovery Planning

    BCP / Business Continuity Planning Prime elements: – Scope and Plan Initiation – Business Impact Assessment – Business Continuity Plan Development – Plan Approval and Implementation Scope and Plan Initiation: Marks the beginning of the BCP process It entails creating the scope for the plan. Roles and Responsibilities The BCP Commitee: Should be formed and…

  • CISSP CBK 7 – Operations Security

    Controls and Protections To protect hardware, software and media resources from: – Threats in an operating environment – Internal or external intruders – Operators who are inappropriately accessing resources Categories of Controls: – Preventative Controls: Are designed to lower the amount and impact of unintentional errors that are entering the system and to prevent unauthorized…

  • CISSP CBK 6 – Security Architecture & Models

    Security Model Is a statement that outlined the requirements necessary to properly support a certain security policy. Computer Architecture CPU – Central Processing Unit: Is a microprocessor. Contains a control unit, an ALU / Arithmetic Logic Unit and primary storage. Instructions and data are held in the primary storage unit needed by the CPU. The…

  • CISSP CBK 5 – Cryptography

    Definitions Algorithm: The set of mathematical rules used in encryption and decryption. Cryptography: Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individuals. Cryptosystem: Hardware or software implementation of cryptography that transforms a message to cipher text and back to plain-text. Cryptanalysis:…

  • CISSP CBK 4 – Applications & Systems Development Security

    Database systems and database management Types of databases: – Hierarchical – Mesh – Object-oriented – Relational DBMS / Database Management System A suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users. Database: A collection of data stored in a meaningful way that enables…

  • CISSP CBK 3 – Security Management Practices

    Fundamental Principles of Security Security objectives Confidentiality: Provides the ability to ensure that the necessary level of secrecy is enforced. Integrity: Is upheld when the assurance of accuracy and reliability of information and system is provided and unauthorized modification of data is prevented. Availability: Prevents disruption of service of productivity. Definitions Vulnerability: Is a software,…

  • CISSP CBK 2 – Telecommunications & Network Security

    Open System Interconnect Model Protocol – Standard set of rules that determine how systems will communicate across networks. OSI Model             TCP/IP   Application            Application Presentation Session Transport             Host-to-host Network               Internet Data Link             Network Access Physical Each layer adds its own information to the data packet.

  • CISSP CBK 1 – Access Control Systems & Methodology

    Security principles Confidentiality: The assurance that information is not disclosed to unauthorized individuals, programs or processes. Integrity: Information must be accurate, complete and protected from unauthorized modification. Availability: Information, systems and resources need to be available to users in a timely manner so productivity will not be affected. Personal note: Conformity with legislation