CISSP CBK 10 – Physical Security

Physical Security Controls Types of controls:  – Administrative controls – Facility selection or construction – Facility management – Personnel controls – Training – Emergency response and procedures  – Technical controls – Access controls – Intrusion detection – Alarms – Monitoring (CCTV) – Heating, ventilation and air conditioning (HVAC) – Power supply – Fire detection and… Continue reading CISSP CBK 10 – Physical Security

CISSP CBK 9 – Law, Investigations & Ethics

Ethics ISC2: Code of Ethics Canons –   – Protect society, the commonwealth and the infrastructure – Act honorably, honestly, justly, responsibly and legally – Provide diligent and competent service to principals. – Advance and protect the profession. IAB – Internet Activites Board: Unethical and unacceptable behaviour – – Purposely seeking to gain unauthorized access… Continue reading CISSP CBK 9 – Law, Investigations & Ethics

CISSP CBK 8 – Business Continuity Planning & Disaster Recovery Planning

BCP / Business Continuity Planning Prime elements: – Scope and Plan Initiation – Business Impact Assessment – Business Continuity Plan Development – Plan Approval and Implementation Scope and Plan Initiation: Marks the beginning of the BCP process It entails creating the scope for the plan. Roles and Responsibilities The BCP Commitee: Should be formed and… Continue reading CISSP CBK 8 – Business Continuity Planning & Disaster Recovery Planning

CISSP CBK 7 – Operations Security

Controls and Protections To protect hardware, software and media resources from: – Threats in an operating environment – Internal or external intruders – Operators who are inappropriately accessing resources Categories of Controls: – Preventative Controls: Are designed to lower the amount and impact of unintentional errors that are entering the system and to prevent unauthorized… Continue reading CISSP CBK 7 – Operations Security

CISSP CBK 6 – Security Architecture & Models

Security Model Is a statement that outlined the requirements necessary to properly support a certain security policy. Computer Architecture CPU – Central Processing Unit: Is a microprocessor. Contains a control unit, an ALU / Arithmetic Logic Unit and primary storage. Instructions and data are held in the primary storage unit needed by the CPU. The… Continue reading CISSP CBK 6 – Security Architecture & Models

CISSP CBK 5 – Cryptography

Definitions Algorithm: The set of mathematical rules used in encryption and decryption. Cryptography: Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individuals. Cryptosystem: Hardware or software implementation of cryptography that transforms a message to cipher text and back to plain-text. Cryptanalysis:… Continue reading CISSP CBK 5 – Cryptography

CISSP CBK 4 – Applications & Systems Development Security

Database systems and database management Types of databases: – Hierarchical – Mesh – Object-oriented – Relational DBMS / Database Management System A suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users. Database: A collection of data stored in a meaningful way that enables… Continue reading CISSP CBK 4 – Applications & Systems Development Security

CISSP CBK 3 – Security Management Practices

Fundamental Principles of Security Security objectives Confidentiality: Provides the ability to ensure that the necessary level of secrecy is enforced. Integrity: Is upheld when the assurance of accuracy and reliability of information and system is provided and unauthorized modification of data is prevented. Availability: Prevents disruption of service of productivity. Definitions Vulnerability: Is a software,… Continue reading CISSP CBK 3 – Security Management Practices

CISSP CBK 2 – Telecommunications & Network Security

Open System Interconnect Model Protocol – Standard set of rules that determine how systems will communicate across networks. OSI Model             TCP/IP   Application            Application Presentation Session Transport             Host-to-host Network               Internet Data Link             Network Access Physical Each layer adds its own information to the data packet.

CISSP CBK 1 – Access Control Systems & Methodology

Security principles Confidentiality: The assurance that information is not disclosed to unauthorized individuals, programs or processes. Integrity: Information must be accurate, complete and protected from unauthorized modification. Availability: Information, systems and resources need to be available to users in a timely manner so productivity will not be affected. Personal note: Conformity with legislation