MindMap Gallery Clipping Level CISSP
This is a mind map that contains information about the clipping level.
Edited at 2020-10-12 03:24:58Clipping Level CISSP
Telecommunications & Network Security
Understand secure networkarchitecture and design
OSI and TCP/IP models
Open Systems Interconnect (OSI) Model
Layer 7: Application
Layer 6: Presentation
Layer 5: Session
Layer 4: Transport
Layer 3: Network
TCP (Connection Oriented)
UDP (Connectionless)
Layer 2: Data Link
Frame Check Sequence (FCS)
Layer 1: Physical
Media
Copper
100m
Fiber
MultiMode Fiber (2 km)
SingleMode Fiber (100s km)
Wireless
Service Set IDentifier (SSID)
Access Point (AP)
802.11g
2.4 Ghz
54Mbps
802.11a
5 Ghz
54Mbps
802.11n
2.4 & 5 Ghz
300+ Mbps
802.11ac
800+ Mbps
5 Ghz
WiFi Protected Access (WPA)
802.11i (WPA2)
Wired Equivalent Privacy (WEP)
Temporal Key Integrity Protocol (TKIP)
Topologies
Bus
Star
Ring
Mesh
TCP/IP
Application
Transport
Internetwork
Network Access
IP networking
VLANs
Encapsulation
Adds header information to payload
Deencapsulation
Removes header informationfrom payload
Routing Protocols
RIP
RFC 1058
Distance Vector Algorithm
15 Hop Maximum
OSPF
RFC 1131
LinkState Algorithm
BGP
RFC 1654
Implications of multilayer protocols
Supervisory Control And DataAcquisition (SCADA)
Modbus
Fieldbus
Distributed Network Protocol (DNP)
Securing network components
Hardware
Modems
Switches
Routers
Wireless Access Points
Transmission media
Wired
Wireless
Fiber
Network access control devices
Firewalls
Proxies
Endpoint security
Establish securecommunication channels
Voice
POTS
PBX
VoIP
Multimedia collaboration
Remote Meetings
Instant Messaging
Remote access
Screen Scraping
Virtual Desktops
Telecommuting
VPN
Point to Point TunnellingProtocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
Data communications
SSL
TLS
MultiProtocol Label Switching (MPLS)
QoS
Packet Switched
Segmentation
WAN
T1, T3
E1, E3
OC1, OC12
Asynchronous Transfer Mode (ATM)
Frame Relay
xDSL
Integrated Services DigitalNetwork (ISDN)
Bearer (B) Channel
Data (D) Channel
IPSec
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Transport Mode
Host to Host
Tunnel Mode
Network to Network
Security Association (SA)
Negotiated Algorithms & Keys
Methods
Manual Keying
Internet Key Exchange (IKE)
Auth'd by X.509 Certs
DiffieHellman Key Exchange
Creates session keys
Two required for each direction
Understand network attacks
DDoS
Spoofing
Host Based IDS (HIDS)
Network Based IDS (NIDS)
Access Control
Control access by applying thefollowingconcepts/methodologies/techniques
Policies
Types of controls (preventive,detective, corrective)
Before Event
Directive
Preventive
Deterrent
During Event
Detective
After Event
Compensating
Recovery
Corrective
Techniques (nondiscretionary,discretionary and mandatory)
Identification and Authentication
Factors
Type 1: Know
Type 2: Have
Type 3: Are
False Rejection Rate (FRR)
False Acceptance Rate (FAR)
Crossover Error Rate (CER)
Systems
Single Sign On (SSO)
Kerberos
Key Distribution Center (KDC)
Realm
Ticket Granting Service (TGS)
Ticket Granting Ticket (TGT)
Authentication Service (AS)
Secure European System for Applicationin a Multivendor Environment(SESAME)
Web Access Management (WAM)
Identity Management (IdM)
Federation/Trust
Directory Services
Lightweight Directory AccessProtocol (LDAP)
Organization
Organizational Unit
Person
Device
Group
Domain Name System (DNS)
Active Directory
Centralized access control
Extensible Authentication Protocol (EAP)
Remote Authentication DialInUser Service (RADIUS)
Challengeresponse
Diameter
Terminal Access ControllerAccess Control System(TACACS+)
Remote Access Service (RAS)
Password Authentication Protocol (PAP)
Challenge HandshakeAuthentication Protocol (CHAP)
802.1X
Decentralized/distributed accesscontrol techniques
Authorization mechanisms
Authorization
Privileges
Access
Rights
Discretionary Access Control (DAC)
Access Control List (ACL)
Mandatory Access Control (MAC)
Security Labels
Rolebased Access Control (RBAC)
Rulebased Access Control
Logging and monitoring
Clipping Level
Intrusion Detection (IDS)
Signature Based
Anomaly Based
Intrusion Protection (IPS)
NIPS/HIPS
Understand access control attacks
Threat modeling
Asset valuation
Vulnerability analysis
Access aggregation
Assess effectiveness of access controls
User entitlement
Access review & audit
Identity and access provisioninglifecycle (provisioning, review,revocation)
Security Architecture & Design
Understand the fundamental concepts of securitymodels (e.g., Confidentiality, Integrity, and MultilevelModels)
Multilevel Models
Latticebased
Matrixbased
Noninterference
Security Models
BellLaPadula (BLP)
Write Up Read Down
Confidentiality Focus
Biba Integrity Model
Write Down Read Up
Integrity Focus
Lipner Model
Mix of BLP & Biba
ClarkWilson Integrity Model
Information Integrity Focus
Brewer and Nash (Chinese Wall) Model
Separation to avoid conflict ofinterests in company
GrahamDenning
Assigning Rights Focus
Subject & Object Creation
HarrisonRuzzonUllman
Integrity of Access Rights
Extension of GrahamDenning
Architecture Frameworks
Zachman Framework
Enterprise Architecture Focus
Sherwood Applied BusinessSecurity Architecture (SABSA)
Enterprise Security Architecture Focus
The Open Group ArchitectureFramework (TOGAF)
Iterative approach relying heavily onmodularization, standardization & proventech.
Information TechnologyInfrastructure Library (ITIL)
Aligns IT to Business Needs
Understand the components ofinformation systems security evaluationmodels
Product evaluation models (common criteria)
State Machine Model
Flow Model
Understand security capabilities of informationsystems (memory protection, virtualization,trusted platform module)
CPU
Processor Function (CPU)
Fetch
Decode
Execute
Store
Multitasking
Time windows to split up tasks
Protected Mode (Ring 3) User Mode
Privileged Mode (Ring 0) Kernel Mode
Multiprocessing
Many CPUs in a System
Multithreading
Applications usage of CPU times
Memory
Primary
CPU Registers
L1 & L2 Cache
Main Memory
Secondary
Disk Drives
Optical Media
USB Drives
Tape Drives
External NAS/SAN
Virtual Memory
Uses Secondary to emulate Primary
Firmware
Embedded hardware ROM (BIOS)
Storage
Storage Area Network (SAN)
Fibre Channel
iSCSI (IP Based)
Block Level
Network Attached Storage (NAS)
File Level Access
Multi protocol support
Redundant Array of IndependentDisk (RAID)
RAID 0
Striped Set
RAID 1
Disk Mirror
RAID 4
Disk Striping w/Parity Disk
RAID 5
Disk Striping w/Party spreadacross disks
RAID 6
Disk Striping w/Two parityblocks spread across disks
RAID 0+1
Mirrored Stripes (RAID 0 StripedDisks Mirrored)
RAID 10
Striped mirrors (RAID 1 Mirroreddisks Striped)
Striping = Performances
Mirroring = Fault Tolerance
Virtualization
Gateway between OS & Hardware
Cost effeciency
Operational efficiencies
Resource efficiencies
Cloud Computing
Platform as a Service (PaaS)
Software as a Service (SaaS)
Infrastructure as a Service (IaaS)
Deployment Models
Private
Public
Community
Hybrid
Trusted Computing Base (TCB)
Process Activation
Domain switching (Changingsecurity Levels)
Memory Protection
I/O Operations
Reference Monitor
Manages access controlsbetween subject & object
Certification & Accreditation
Trusted Computer SystemEvaluation Criteria (TCSEC)(OrangeBook)
Classes (A,B.C.D)
Criteria (A1, B3, B2, B1, C2, C1, D
Information Technology SecurityEvaluation Criteria (ITSEC)
Assurance
E0E6
Functionality
FC1, FC2, FB1, FB2, FB3
Common Criteria (ISO/IEC 15408)
Protection Profile (PP)
Target of Evaluation (TOE)
Security Target (ST)
Evaluation Assurance Levels (EAL)
Database Security
Hierarchiacal DataBaseManagement System (DBMS)
Parent <> Child Hierarchy/Relationship
Single Tree
Single Table
Network DBMS
Stored as related objects
Many to many relationships
Relational DBMS
Structured in tables for relationships
Most Common (Oracle,Sybase, MySQL, MSSQL)
Terminology
Structured Query Language (SQL)
Open Database Connectivity (ODBC)
Extensible Markup Language (XML)
Object Linking and Embedding (OLE)
Active X Data Object (ADO)
Polyinstantiation
Normalization
Views
Data warehouse
DB <> Warehouse collection
Data mining
User <> Warehouse formatting
Understand the vulnerabilities ofsecurity architectures
System
Emanations
TEMPEST
State Attacks
Time Of Check, Time Of Use (TOCTOU)
Vulnerabilities of transitionsbetween states
Covert Channels
Maintenance communications
Technology and process integration(single point of failure, service orientedarchitecture)
Operations Security
Understand security operations concepts
Needtoknow/least privilege
Separation of duties and responsibilities
Monitor special privileges
Job rotation
Marking, handling, storing anddestroying of sensitiveinformation
Record retention
Employ resource protection
Media management
Asset management
Implement and supportpatch and vulnerabilitymanagement
Implement preventativemeasures against attacks
Understand change andconfiguration management
Understand system resilienceand fault tolerancerequirements
Manage incident response
Detection
Response
Reporting
Recovery
Remediation and review
Physical (Environmental) Security
Understand site and facilitydesign considerations
Crime Prevention ThroughEnvironmental Design (CPTED)
Physical Layout
Monitoring
Hardening
Power Faults
Blackout
Brownout
Sag
Fault
Spike
Surge
Noise
Transient
InRush
Support the implementation and operation ofperimeter security (e.g., physical access controland monitoring, audit trails/access logs)
Fences
Heights
1 Meter
2 Meters
2.5 Meters
Guage (Smaller = Thicker)
6
9
11
12
Bollards
Natural
Trees
Berms
Gullies
Walls
Doors
Fail Safe
Fail Secure
Tailgating/Piggybacking
CCTV
5 footcandles (fc) for proper crit areas
2 fc for normal operations
Windows
Plate
Tempered
Acrylic Polycarbonate
Laminate
Embedded Wire
Lighting
Fluorescent
LED
Mercury Vapor
Sodium Vapor
Quartz
Support the implementation andoperation of internal security
Escort Requirements
Visitor Control
Keys & Locks
Locks
Key
Combination
Biometric
Electronic
Radio Frequency
Magnetic Stripe
Shear Point
Support the implementation and operation offacilities security (e.g., technologyconvergence)
Communications and server rooms
Restricted and work area security
Data center security
Intrusion Detection
Active Infrared
Watches for breaks in beam
Passive Infrared
Detects heat signatures
Utilities and Heating, Ventilation andAir Conditioning(HVAC)considerations
Volume
Size of facility considerations
Humidity Levels
Equipment requirements
Temperature
Consistent
Quality
Dust & Contaminant Removal
Water issues
Leakage
Flooding
Fire
Prevention
Detection
Suppression
Requirements
Oxygen
Heat
Fuel
Oxygen
Types
Class A
Combustibles Common
ASH
Class B
Combustible Fluid
BOIL
Class C
Electrical
CURRENT
Class D
Metals
DRIVE
Class K
Cooking
KITCHEN
Combustible, Fluids, Excite, Me, K?
Support the protection andsecuring of equipment
Understand personnel privacy andsafety (e.g., duress, travel, monitoring)
Goals
Deter
Signs, Fences
Delay
Locks
Detect
Sensors, Cameras
Assess
Weather Emergency Process
Respond
Reaction Team
Recover
Data Restoration
Life, Health & Safety take precedence.
Legal, Regulations,Investigations & Compliance
# [Legal, Regulations, Investigations & Compliance](https://mm.tt/1621204551)
Understand legal issues thatpertain to information securityinternationally
Computer crime
Any illegal action where data on acomputer is accessed withoutpermission.
Identity theft
Investment fraud
Employment faud
Intellectual property
Patent
Strongest Form
Trademark
Associated with words, symbols, colors
Copyright
Trade secrets
Must provide some benefit
Reasonable protection must be applied
Licensing
Software categories
Commercial
Academic
Shareware
Freeware
Master Agreements
EndUser Licensing Agreements (EULA)
Import/Export
Transborder data flow
World Intellectual PropertyOrganization (WIPO)
Organization for EconomicCooperation and Development(OECD)
Wassenaar Arrangement
Council of Europe Convention ofCybercrime
Privacy
Personally Identifiable Information (PII)
Varies based on organization & country
Payment Card Industry DataSecurity Standard (PCI DSS)
US Health Insurance Portabilityand Accountability Act (HIPAA)
Personal Information Protectionand Electronic Documents Act(PIPEDA)
Federal Information SecurityManagement Act (FISMA)
UK Data Protection Act (DPA)
European Union (EU) DataProtection Directive
Understand professional ethics
(ISC)² Code of Professional Ethics
CISSP Expectation
Set the example
Encourage adoption
Support organization's code of ethics
RFC 1807
Internet Architecture Board (IAB)
Formal Ethic Theory
Teleology (Utilitarian)
Deontology (Obligation)
Understand and support investigations
Policy, roles and responsibilities (e.g.,rules of engagement, authorization,scope)
Incident handling and response
Five Stages
1. Triage
2. Investigate
3. Containment
4. Analysis & Tracking
5. Recovery
Evidence collection and handling
Aspects of Investigations
Acquisition
Authentication
Analysis
Suspect Identification
Means, Opportunity, Motive (MOM)
Locard's Principle of Exchange
Criminals leave something behind
Digital Forensics
Indentification
Collect & Preserve
Examine
Present Findings
Chain of Custody
Who
What
When
Where
How
Authenticity
Reporting and documenting
Understand forensic procedures
Media analysis
Network analysis
Software analysis
Hardware/embedded device analysis
Types of Evidence
Direct
Provided by witness
Real
Something physical
Documentary
Contracts & Legal Papers
Demonstrative
Expert Testimony
Hearsay
Second Hand
Criteria Required
Authentic
Accurate
Complete
Convincing
Admissible
Understand compliancerequirements and procedures
Regulatory environment
HIPAA
SOX
US GrammLeechBlileyFinancial Services ModernizationAct (GLBA)
BASEL II
PCI DSS
Audits
Reporting
Ensure security in contractual agreements andprocurement processes (e.g., cloud computing,outsourcing, vendor governance)
Legal Systems
Common
Components
Legal Precedent
Customs
Societal Tradition
Adversarial Litigation
Reasonable Doubt
Criminal
Loss of freedom
Tort
Deals with Civil Matters
Administrative
Regulations & Control of power
Civil
Relies on legislation & written rules
Codebased
Napoleonic
Religious
Customary
Mixed
Maritime
Legal Concepts
Jusrisdiction
Sovereignty
Liability
Negligence
Due Care
Due Diligence
Obligation
Business Continuity &Disaster Recovery Planning
Understand business continuity requirements
Develop and document projectscope and plan
Obtain leadership buyin
Standards
BS 25999
BS 22301
ISO 27001 Annex A
NIST SP 80034
Conduct business impact analysis
Identify and prioritize criticalbusiness functions
Determine maximum tolerabledowntime and other criteria
Recovery Time Objective (RTO)
Mean Time To Recovery (MTTR)
Mean Time Between Failures (MTBF)
Maximum Tolerable Period ofDowntime (MTPD)
Maximum Tolerable Downtime (MTD)
Assess exposure to outages
Local
Regional
Global
Define recovery objectives
Recovery Point Objectives (RPO)
Backup Strategies
Cold
Hot
Full
Differential
Incremental
Develop a recovery strategy
Implement a backup storage strategy
Offline Storage
Electronic Vaulting
Tape Rotation
Recovery site strategies
Dual Data Center
Hot
Warm
Cold
Mobile
Understand disaster recovery process
Response
Personnel
Communications
Assessment
Restoration
Provide training
Exercise, assess and maintain the plan
Version Control
Update plans annually at a minimum
Distribution
Assessment Types
Full Interruption
Shutdown & Relocate
Parallel Testing
Recreation of Work
Simulation
Functional Test/War Game
Walk Through
Tabletop
Desk Check
Review Plan