Tag: security

Password policies in Windows

To access the password policy in Windows just go to Start and type in the search box secpol.msc. Click on secpol and you’ll be presented with the security policy. Go to Account Policies, then click on Password Policy. The options, explained: History – how many passwords will Windows store (you won’t be able to reuse… Continue reading Password policies in Windows

ISO ISMS history

The ISO is developing a new series of security standards, the first of which is ISO 27001, Information Technology—Security Techniques— Information Security Management Systems—Requirements. ISO 27001 replaces British Standard (BS) 7799, Part 2. BS 7799, Part 1 evolved into ISO 17799, Information Technology—Security Techniques—Code of Practice for Information Security Management and is now known as… Continue reading ISO ISMS history

CISSP CBK 10 – Physical Security

Physical Security Controls Types of controls:  – Administrative controls – Facility selection or construction – Facility management – Personnel controls – Training – Emergency response and procedures  – Technical controls – Access controls – Intrusion detection – Alarms – Monitoring (CCTV) – Heating, ventilation and air conditioning (HVAC) – Power supply – Fire detection and… Continue reading CISSP CBK 10 – Physical Security

CISSP CBK 7 – Operations Security

Controls and Protections To protect hardware, software and media resources from: – Threats in an operating environment – Internal or external intruders – Operators who are inappropriately accessing resources Categories of Controls: – Preventative Controls: Are designed to lower the amount and impact of unintentional errors that are entering the system and to prevent unauthorized… Continue reading CISSP CBK 7 – Operations Security

CISSP CBK 6 – Security Architecture & Models

Security Model Is a statement that outlined the requirements necessary to properly support a certain security policy. Computer Architecture CPU – Central Processing Unit: Is a microprocessor. Contains a control unit, an ALU / Arithmetic Logic Unit and primary storage. Instructions and data are held in the primary storage unit needed by the CPU. The… Continue reading CISSP CBK 6 – Security Architecture & Models

CISSP CBK 4 – Applications & Systems Development Security

Database systems and database management Types of databases: – Hierarchical – Mesh – Object-oriented – Relational DBMS / Database Management System A suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users. Database: A collection of data stored in a meaningful way that enables… Continue reading CISSP CBK 4 – Applications & Systems Development Security

CISSP CBK 3 – Security Management Practices

Fundamental Principles of Security Security objectives Confidentiality: Provides the ability to ensure that the necessary level of secrecy is enforced. Integrity: Is upheld when the assurance of accuracy and reliability of information and system is provided and unauthorized modification of data is prevented. Availability: Prevents disruption of service of productivity. Definitions Vulnerability: Is a software,… Continue reading CISSP CBK 3 – Security Management Practices

CISSP CBK 2 – Telecommunications & Network Security

Open System Interconnect Model Protocol – Standard set of rules that determine how systems will communicate across networks. OSI Model             TCP/IP   Application            Application Presentation Session Transport             Host-to-host Network               Internet Data Link             Network Access Physical Each layer adds its own information to the data packet.