CISSP MindMap By Dr Seyedmostafa Safavi
The CISSP certification has long been considered the highest standard in protection certifications, and it's no simple feat to put those letters next to your signature. To apply, you must have at least five years' full-time experience directly in the infosec industry, or four years' experience and a college degree. According to (ISC)2, 141,607 individuals kept CISSP qualification worldwide as of July 2020. In this post we are helping you to make the study and preparation much easier and sweet...
1. Cost
1.1. Exam Fee 699 USD or 650 EUR
1.1.1. + annual maintenance fee of $125
1.2. Rescheduled for a $50
1.3. $100 fee to cancel the exam
2. Exam
2.1. Questions
2.1.1. three hours, up to 150 questions, in an adaptive exam
2.2. How to pass?
2.2.1. score of 700 points or greater out of 1000 possible points
2.3. Tests
2.3.1. Cccure.org
2.3.2. FreePracticeTests
3. Web Resources
3.1. ISC2
3.1.1. How to get Certified
3.1.2. Candidate Information Bulletins
3.1.3. Registration
4. Video Resources
4.1. Hours o f Video
4.2. More Will be added soon
5. CISSP MindMap
5.1. Domain 1. Security Management Practices
5.1.1. Fundamental Principles of Security
5.1.1.1. AIC triad
5.1.1.1.1. Availability
5.1.1.1.2. Integrity
5.1.1.1.3. Confidentiality
5.1.2. Security Definitions
5.1.2.1. vulnerability
5.1.2.1.1. is a weakness in a system that allows a threat source to compromise its security
5.1.2.2. threat
5.1.2.2.1. is any potential danger that is associated with the exploitation of a vulnerability
5.1.2.3. risk
5.1.2.3.1. is the likelihood of a threat source exploiting a vulnerability and the corresponding business impact
5.1.2.4. exposure
5.1.2.4.1. is an instance of being exposed to losses
5.1.2.5. “control,” “countermeasure,” and “safeguard”
5.1.2.6. threat agent
5.1.2.7. asset
5.1.3. Control Types
5.1.3.1. 1
5.1.3.1.1. • Preventive
5.1.3.1.2. • Detective
5.1.3.1.3. • Corrective
5.1.3.1.4. • Deterrent
5.1.3.1.5. • Recovery
5.1.3.1.6. • Compensating
5.1.3.2. 2
5.1.3.2.1. • Administrative
5.1.3.2.2. • Physical
5.1.3.2.3. • Technical
5.1.4. Security Frameworks
5.1.4.1. Security Program Development
5.1.4.1.1. • ISO/IEC 27000 series
5.1.4.2. Enterprise Architecture Development
5.1.4.2.1. • Zachman Framework
5.1.4.2.2. • TOGAF
5.1.4.2.3. Military-Oriented Architecture Frameworks
5.1.4.2.4. Enterprise Security Architecture
5.1.4.3. Security Controls Development
5.1.4.3.1. • COBIT 5
5.1.4.3.2. • NIST SP 800-53
5.1.4.3.3. • COSO Internal Control—Integrated Framework
5.1.4.4. Process Management Development
5.1.4.4.1. • ITIL
5.1.4.4.2. • Six Sigma
5.1.4.4.3. • Capability Maturity Model Integration (CMMI)
5.1.4.5. Life cycle
5.1.4.5.1. 1. Plan and organize
5.1.4.5.2. 2. Implement
5.1.4.5.3. 3. Operate and maintain
5.1.4.5.4. 4. Monitor and evaluate
5.1.5. The Crux of Computer Crime Laws
5.1.5.1. • 18 USC 1029
5.1.5.1.1. Fraud and Related Activity in Connection with Access Devices
5.1.5.2. • 18 USC 1030
5.1.5.2.1. Fraud and Related Activity in Connection with Computers
5.1.5.3. • 18 USC 2510 et seq.
5.1.5.3.1. Wire and Electronic Communications Interception and Interception of Oral Communications
5.1.5.4. • 18 USC 2701 et seq.
5.1.5.4.1. Stored Wire and Electronic Communications and Transactional Records Access
5.1.5.5. • Digital Millennium Copyright Act
5.1.5.6. • Cyber Security Enhancement Act of 2002
5.1.6. Complexities in Cybercrime
5.1.6.1. Electronic Assets
5.1.6.2. The Evolution of Attacks
5.1.6.2.1. advanced persistent threat (APT)
5.1.6.2.2. Common Internet Crime Schemes
5.1.6.3. International Issues
5.1.6.3.1. Organisation for Economic Co-operation and Development (OECD) Guidelines
5.1.6.3.2. General Data Protection Regulation (GDPR) 2016
5.1.6.3.3. Import/Export Legal Requirements
5.1.6.3.4. Types of Legal Systems
5.1.7. Intellectual Property Laws
5.1.7.1. Trade Secret
5.1.7.1.1. is something that is proprietary to a company and important for its survival and profitability.
5.1.7.2. Copyright
5.1.7.3. Trademark
5.1.7.3.1. is used to protect a word, name, symbol, sound, shape, color, or combination of these
5.1.7.3.2. World Intellectual Property Organization (WIPO)
5.1.7.4. Patent
5.1.7.4.1. is the strongest form of intellectual property protection.
5.1.7.5. Internal Protection of Intellectual Property
5.1.7.6. Software Piracy
5.1.7.6.1. End User License Agreement (EULA)
5.1.7.6.2. The Federation Against Software Theft (FAST)
5.1.7.6.3. Business Software Alliance
5.1.7.6.4. Digital Millennium Copyright Act (DMCA)
5.1.7.6.5. Copyright Directive
5.1.8. Privacy
5.1.8.1. Personally identifiable information (PII)
5.1.8.1.1. Typical compenents
5.1.8.1.2. can fall into the PII
5.1.8.2. Law
5.1.8.2.1. Federal Privacy Act of 1974
5.1.8.2.2. Gramm-LeachBliley Act of 1999 (GLBA)
5.1.8.2.3. Health Insurance Portability and Accountability Act (HIPAA)
5.1.8.2.4. HITECH
5.1.8.2.5. USA PATRIOT Act
5.1.8.2.6. Canada’s Personal Information Protection
5.1.8.2.7. Electronic Documents Act
5.1.8.2.8. New Zealand’s Privacy Act of 1993
5.1.8.2.9. Payment Card Industry Data Security Standard (PCI DSS)
5.1.8.2.10. Federal Information Security Management Act (FISMA) of 2002
5.1.8.3. Ways to Deal with Privacy
5.1.8.3.1. • Laws on government FPA, VA ISA, USA PATRIOT
5.1.8.3.2. • Laws on corporations HIPAA, HITECH, GLBA, PIDEDA
5.1.8.3.3. • Self-regulation PCI DSS
5.1.8.3.4. • Individual user Passwords, encryption, awareness
5.1.9. Data Breaches
5.1.9.1. U.S. Laws Pertaining to Data Breaches
5.1.9.1.1. Health Insurance Portability and Accountability Act
5.1.9.1.2. Health Information Technology for Economic and Clinical Health Act
5.1.9.1.3. Gramm-Leach-Bliley Act of 1999
5.1.9.1.4. Economic Espionage Act of 1996
5.1.9.1.5. State Laws
5.1.9.2. Other Nations’ Laws Pertaining to Data Breaches
5.1.10. Policies, Standards, Baselines, Guidelines, and Procedures
5.1.10.1. Level
5.1.10.1.1. • Strategic
5.1.10.1.2. • Tactical
5.1.10.2. Security Policy
5.1.10.2.1. is an overall general statement produced by senior management
5.1.10.2.2. The policy provides the foundation
5.1.10.2.3. Types of Policies
5.1.10.2.4. outlined
5.1.10.2.5. a common hierarchy of security policies
5.1.10.3. Standards
5.1.10.3.1. Standards refer to mandatory activities, actions, or rules.
5.1.10.3.2. eg. ISO/IEC 27000 series
5.1.10.4. Baselines
5.1.10.4.1. refers to a point in time that is used as a comparison for future changes
5.1.10.4.2. eg. Evaluation Assurance Level (EAL) 4 baseline
5.1.10.5. Guidelines
5.1.10.5.1. are recommended actions and operational guides to users, IT staff, operations staff, and others
5.1.10.6. Procedures
5.1.10.6.1. are detailed step-by-step tasks that should be performed to achieve a certain goal
5.1.10.7. Implementation
5.1.10.7.1. support them shows DUE CARE
5.1.11. Risk Management
5.1.11.1. Concept
5.1.11.1.1. RM is the process of identifying and assessing risk, reducing it to an acceptable level, and ensuring it remains at that level
5.1.11.2. the major categories
5.1.11.2.1. • Physical damage: Fire, water, vandalism, power loss, and natural disasters
5.1.11.2.2. • Human interaction: Accidental or intentional action or inaction that can disrupt productivity
5.1.11.2.3. • Equipment malfunction: Failure of systems and peripheral devices
5.1.11.2.4. • Inside and outside attacks: Hacking, cracking, and attacking
5.1.11.2.5. • Misuse of data: Sharing trade secrets, fraud, espionage, and theft
5.1.11.2.6. • Loss of data: Intentional or unintentional loss of information to unauthorized receivers
5.1.11.2.7. • Application error: Computation errors, input errors, and buffer overflows
5.1.11.3. Holistic Risk Management
5.1.11.3.1. NIST SP 800-39 defines
5.1.11.4. Information Systems Risk Management Policy
5.1.11.4.1. ISRM policy should address
5.1.11.4.2. The Risk Management Team
5.1.11.4.3. The Risk Management Process
5.1.12. Threat Modeling
5.1.12.1. Threat Modeling Concepts
5.1.12.1.1. Vulnerabilities
5.1.12.1.2. Threats
5.1.12.2. Threat Modeling Methodologies
5.1.12.2.1. Attack Trees
5.1.12.2.2. Reduction Analysis
5.1.13. Risk Assessment and Analysis
5.1.13.1. four main goals
5.1.13.1.1. • Identify assets and their value to the organization.
5.1.13.1.2. • Determine the likelihood that a threat exploits a vulnerability.
5.1.13.1.3. • Determine the business impact of these potential threats.
5.1.13.1.4. • Provide an economic balance between the impact of the threat and the cost of the countermeasure.
5.1.13.2. Risk Assessment Team
5.1.13.3. The Value of Information and Assets
5.1.13.4. Costs That Make Up the Value
5.1.13.4.1. assigning values to assets
5.1.13.4.2. reasons
5.1.13.5. Identifying Vulnerabilities and Threats
5.1.13.6. Methodologies for Risk Assessment
5.1.13.6.1. NIST SP 800-30, Revision 1.
5.1.13.6.2. Facilitated Risk Analysis Process(FRAP)
5.1.13.6.3. OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)
5.1.13.6.4. AS/NZS ISO 31000
5.1.13.6.5. ISO/IEC 27000 Series
5.1.13.6.6. Failure Modes and Effect Analysis (FMEA)
5.1.13.6.7. fault tree analysis
5.1.13.6.8. CRAMM(Central Computing and Telecommunications Agency Risk Analysis and Management Method)
5.1.13.6.9. Choose methodology
5.1.13.7. Risk Analysis Approaches
5.1.13.7.1. Automated Risk Analysis Methods
5.1.13.7.2. Steps of a Quantitative Risk Analysis
5.1.13.7.3. Results of a Quantitative Risk Analysis
5.1.13.8. Qualitative Risk Analysis
5.1.13.8.1. qualitative methods walk through different scenarios of risk possibilities and rank the seriousness of the threats and the validity of the different possible countermeasures based on opinions
5.1.13.8.2. The Delphi Technique
5.1.13.9. Protection Mechanisms
5.1.13.9.1. Control Selection
5.1.13.10. Total Risk vs. Residual Risk
5.1.13.10.1. threats × vulnerability × asset value = total risk
5.1.13.10.2. total risk (threats × vulnerability × asset value) × controls gap = residual risk
5.1.13.10.3. total risk – countermeasures = residual risk
5.1.13.11. Handling Risk
5.1.13.11.1. Untitled
5.1.14. Supply Chain Risk Management
5.1.14.1. NIST SP 800-161
5.1.14.1.1. “Supply Chain Risk Management Practices for Federal Information Systems and Organizations.”
5.1.14.2. Upstream and Downstream Suppliers
5.1.14.2.1. Hardware
5.1.14.2.2. Software
5.1.14.2.3. Services
5.1.15. Risk Management Frameworks
5.1.15.1. Commonly Accepted Risk Management Frameworks
5.1.15.1.1. • NIST RMF (SP 800-37r1)
5.1.15.1.2. • ISO 31000:2018
5.1.15.1.3. • ISACA Risk IT
5.1.16. Business Continuity and Disaster Recovery
5.1.16.1. Concepts
5.1.16.1.1. disaster recovery plan (DRP)
5.1.16.1.2. business continuity plan (BCP)
5.1.16.1.3. business continuity management (BCM)
5.1.16.2. Standards and Best Practices
5.1.16.2.1. NIST SP 800-34, Revision 1, “Contingency Planning Guide for Federal Information Systems”
5.1.16.2.2. Untitled
5.1.16.2.3. standards-based
5.1.16.3. Making BCM Part of the Enterprise Security Program
5.1.16.4. BCP Project Components
5.1.16.4.1. BCP committee
5.1.16.4.2. The initiation process for the BCP program
5.1.16.4.3. Scope of the Project
5.1.16.4.4. BCP Policy
5.1.16.4.5. Project Management
5.1.16.4.6. Business Continuity Planning Requirements
5.1.17. Personnel Security
5.1.17.1. minimize the risks by implementing preventive measures
5.1.17.1.1. Separation of duties
5.1.17.1.2. Rotation of duties (rotation of assignments)
5.1.17.1.3. mandatory vacation
5.1.17.2. Hiring Practices
5.1.17.2.1. Possible background check criteria
5.1.17.3. Onboarding
5.1.17.3.1. Steps
5.1.17.3.2. Nondisclosure agreements (NDAs) must be developed and signed by new employees
5.1.17.4. Termination
5.1.17.4.1. • The employee must leave the facility immediately under the supervision of a manager or security guard.
5.1.17.4.2. • The employee must surrender any identification badges or keys, be asked to complete an exit interview, and return company supplies.
5.1.17.4.3. • That user’s accounts and passwords should be disabled or changed immediately.
5.1.17.5. Security Awareness Training
5.1.17.5.1. Presenting the Training
5.1.17.5.2. Periodic Content Reviews
5.1.17.5.3. Training Assessments
5.1.18. Security Governance
5.1.18.1. Metrics
5.1.18.1.1. industry best practices
5.1.18.1.2. Untitled
5.1.19. Ethics
5.1.19.1. the Code of Ethics
5.1.19.1.1. • Protect society, the common good, necessary public trust and confidence, and the infrastructure
5.1.19.1.2. • Act honorably, honestly, justly, responsibly, and legally
5.1.19.1.3. • Provide diligent and competent service to principals
5.1.19.1.4. • Advance and protect the profession
5.1.19.2. The Computer Ethics Institute
5.1.19.2.1. Ten Commandments of Computer Ethics
5.1.19.3. The Internet Architecture Board
5.1.19.3.1. It is responsible for the architectural oversight of the Internet Engineering Task Force (IETF) activities, Internet Standards Process oversight and appeal, and editor of Requests for Comments (RFCs).
5.1.19.3.2. unethical and unacceptable behavior
5.1.19.3.3. RFC 1087 is called “Ethics and the Internet.”
5.1.19.3.4. Untitled
5.2. Domain 2. Asset Security
5.2.1. Information Life Cycle
5.2.1.1. 1. Acquisition
5.2.1.2. 2. Use
5.2.1.3. 3. Archival
5.2.1.3.1. Backup
5.2.1.3.2. Archive
5.2.1.4. 4. Disposal
5.2.2. Classification
5.2.2.1. EXAM TIP
5.2.2.1.1. Each classification level should have its own handling and destruction requirements.
5.2.2.1.2. An information asset can be either the data, the device on which it is stored and used, or both
5.2.2.2. Classifications Levels
5.2.2.2.1. commercial business
5.2.2.2.2. military purposes
5.2.2.2.3. Untitled
5.2.2.2.4. criteria parameters for determine the sensitivity of data
5.2.2.3. Classification Controls
5.2.2.3.1. Classification Procedures
5.2.3. Layers of Responsibility
5.2.3.1. EXAM TIP
5.2.3.1.1. Senior management always carries the ultimate responsibility for the organization.
5.2.3.2. Executive Management
5.2.3.2.1. Chief Executive Officer
5.2.3.2.2. Chief Financial Officer
5.2.3.2.3. chief information officer (CIO)
5.2.3.2.4. chief privacy officer (CPO)
5.2.3.2.5. chief security officer (CSO)
5.2.3.3. Data Owner
5.2.3.3.1. Data ownership takes on a different meaning when outsourcing data storage requirements.
5.2.3.4. Data Custodian
5.2.3.4.1. is responsible for maintaining and protecting the data.
5.2.3.5. System Owner
5.2.3.5.1. is responsible for one or more systems
5.2.3.6. Security Administrator
5.2.3.6.1. is responsible for implementing and maintaining specific security network devices and software in the enterprise
5.2.3.7. Supervisor(user manager)
5.2.3.7.1. is ultimately responsible for all user activity and any assets created and owned by these users
5.2.3.8. Change Control Analyst
5.2.3.8.1. is responsible for approving or rejecting requests to make changes to the network, systems, or software.
5.2.3.9. Data Analyst
5.2.3.9.1. is responsible for ensuring that data is stored in a way that makes the most sense to the company and the individuals who need to access and work with it.
5.2.3.10. User
5.2.3.10.1. is any individual who routinely uses the data for work-related tasks
5.2.3.11. Auditor
5.2.3.11.1. is to periodically check that everyone is doing what they are supposed to be doing and to ensure the correct controls are in place and are being maintained securely.
5.2.4. Retention Policies
5.2.4.1. Developing a Retention Policy
5.2.4.1.1. • What data do we keep?
5.2.4.1.2. • How long do we keep this data?
5.2.4.1.3. • Where do we keep this data?
5.2.4.2. How We Retain
5.2.4.2.1. • Taxonomy
5.2.4.2.2. • Classification
5.2.4.2.3. • Normalization
5.2.4.2.4. • Indexing
5.2.4.3. How Long We Retain
5.2.4.3.1. Untitled
5.2.4.4. What Data We Retain
5.2.4.4.1. e-Discovery
5.2.5. Protecting Privacy
5.2.5.1. Data Owners
5.2.5.2. Data Processers
5.2.5.3. Data Remanence
5.2.5.3.1. Erasing
5.2.5.3.2. Clearing/Overwriting
5.2.5.3.3. Purging
5.2.5.3.4. Degaussing
5.2.5.3.5. Sanitization
5.2.5.3.6. Destruction
5.2.5.3.7. Declassification
5.2.5.3.8. Encryption
5.2.5.4. Limits on Collection
5.2.6. Protecting Assets
5.2.6.1. Data Security Controls
5.2.6.1.1. NIST Special Publication 800-111, “Guide to Storage Encryption Technologies for End User Devices,”
5.2.6.1.2. Data at Rest
5.2.6.1.3. Data in Motion
5.2.6.1.4. Data in Use
5.2.6.2. Media Controls
5.2.6.2.1. Media should be clearly marked and logged, its integrity should be verified, and it should be properly erased of data when no longer needed.
5.2.6.2.2. Clearing is acceptable when media will be reused in the same physical environment for the same purposes
5.2.6.2.3. Dumpster diving
5.2.6.2.4. Media management
5.2.6.2.5. Protecting Mobile Devices
5.2.6.2.6. Paper Records
5.2.6.2.7. Safes
5.2.7. Data Leakage
5.2.7.1. The costs commonly include
5.2.7.1.1. • Investigating the incident and remediating the problem
5.2.7.1.2. • Contacting affected individuals to inform them about the incident
5.2.7.1.3. • Penalties and fines to regulatory agencies
5.2.7.1.4. • Contractual liabilities
5.2.7.1.5. • Mitigating expenses (such as free credit monitoring services for affected individuals)
5.2.7.1.6. • Direct damages to affected individuals
5.2.7.2. Data Leak Prevention(DLP)
5.2.7.2.1. General Approaches to DLP
5.3. Domain 3. Security Architecture and Engineering
5.3.1. System Architecture
5.3.1.1. standards
5.3.1.1.1. IEEE Recommended Practice for Architectural Description of Software-Intensive Systems. 2000.
5.3.1.1.2. ISO/IEC/IEEE 42010. System Architecture. year 2011
5.3.1.1.3. Untitled
5.3.2. Computer Architecture
5.3.2.1. encompasses
5.3.2.1.1. central processing unit,
5.3.2.1.2. memory chips
5.3.2.1.3. logic circuits
5.3.2.1.4. storage devices
5.3.2.1.5. input and output devices
5.3.2.1.6. security components
5.3.2.1.7. buses
5.3.2.1.8. networking interfaces
5.3.2.2. central processing unit (CPU)
5.3.2.2.1. program status word (PSW)
5.3.2.3. Multiprocessing
5.3.2.4. Memory Types
5.3.2.4.1. Random access memory (RAM)
5.3.2.4.2. additional types of RAM
5.3.2.4.3. Read-Only Memory(ROM)
5.3.2.4.4. Cache Memory
5.3.2.4.5. Memory Mapping
5.3.2.4.6. Buffer Overflows
5.3.2.4.7. Memory Leaks
5.3.3. Operating Systems
5.3.3.1. Process Management
5.3.3.1.1. multiprogramming
5.3.3.1.2. multitasking
5.3.3.1.3. Untitled
5.3.3.1.4. two categories of interrupts
5.3.3.1.5. Memory Stacks
5.3.3.1.6. Thread Management
5.3.3.1.7. Process Scheduling
5.3.3.1.8. Process Activity
5.3.3.2. Memory Management
5.3.3.2.1. The goals of memory management
5.3.3.2.2. five basic responsibilities
5.3.3.2.3. Memory Protection Issues
5.3.3.2.4. Virtual Memory
5.3.3.3. Input/Output Device Management
5.3.3.3.1. Type
5.3.3.3.2. Interrupts
5.3.3.4. CPU Architecture Integration
5.3.3.4.1. microarchitectures
5.3.3.4.2. Isolation
5.3.3.4.3. CPU Operation Modes
5.3.3.4.4. Process Domain
5.3.3.5. Operating System Architectures
5.3.3.5.1. Monolithic
5.3.3.5.2. layered operating system architecture
5.3.3.5.3. Microkernel architecture
5.3.3.5.4. hybrid microkernel architecture
5.3.3.5.5. Untitled
5.3.3.6. Virtual Machines
5.3.3.6.1. Virtual machines can be used to provide secure, isolated sandboxes for running untrusted applications.
5.3.3.6.2. ...
5.3.4. System Security Architecture
5.3.4.1. Security Policy
5.3.4.1.1. is a strategic tool that dictates how sensitive information and resources are to be managed and protected
5.3.4.2. Security Architecture Requirements
5.3.4.2.1. trusted computing base (TCB)
5.3.4.2.2. Security Perimeter
5.3.4.2.3. Reference Monitor
5.3.4.2.4. Security Kernel
5.3.5. Security Models
5.3.5.1. Bell-LaPadula Model(1970s)
5.3.5.1.1. enforces the confidentiality aspects of access control
5.3.5.1.2. is called a multilevel security system
5.3.5.1.3. it provides and addresses confidentiality only
5.3.5.1.4. Three main rules
5.3.5.2. Biba Model
5.3.5.2.1. is a security model that addresses the integrity of data within a system
5.3.5.2.2. three main rules
5.3.5.3. Clark-Wilson Model
5.3.5.3.1. protecting the integrity of information
5.3.5.3.2. elements
5.3.5.4. Noninterference Model
5.3.5.4.1. to ensure any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level
5.3.5.4.2. Covert Channels
5.3.5.5. Brewer and Nash Model
5.3.5.5.1. also called the Chinese Wall model
5.3.5.5.2. states that a subject can write to an object if, and only if, the subject cannot read another object that is in a different dataset.
5.3.5.5.3. The main goal of the model is to protect against conflicts of interest by users’ access attempts.
5.3.5.6. Graham-Denning Model
5.3.5.6.1. define
5.3.5.6.2. rules
5.3.5.7. Harrison-Ruzzo-Ullman Mode(HRU)
5.3.5.7.1. This model shows how a finite set of procedures can be available to edit the access rights of a subject.
5.3.5.7.2. HRU model is used by software designers to ensure that no unforeseen vulnerability is introduced and the stated access control goals are achieved
5.3.6. Systems Evaluation
5.3.6.1. Common Criteria(CC)
5.3.6.1.1. name: ISO/IEC 15408
5.3.6.1.2. Evaluation Assurance Level (EAL)
5.3.6.1.3. protection profile
5.3.6.1.4. Components
5.3.7. Certification vs. Accreditation
5.3.7.1. Certification
5.3.7.1.1. is the comprehensive technical evaluation of the security components and their compliance for the purpose of accreditation.
5.3.7.2. Accreditation
5.3.7.2.1. is the formal acceptance of the adequacy of a system’s overall security and functionality by management
5.3.7.3. Certification and accreditation (C&A)
5.3.7.3.1. Federal Information Security Management Act of 2002 (FISMA)
5.3.8. Open vs. Closed Systems
5.3.8.1. Open Systems
5.3.8.1.1. Systems described as open are built upon standards, protocols, and interfaces that have published specifications.
5.3.8.2. Closed Systems
5.3.8.2.1. Systems referred to as closed use an architecture that does not follow industry standards.
5.3.9. Systems Security
5.3.9.1. Client-Based Systems
5.3.9.2. Client/Server Systems
5.3.9.3. Distributed Systems
5.3.9.4. Cloud Computing
5.3.9.4.1. • Software as a Service (SaaS)
5.3.9.4.2. • Platform as a Service (PaaS)
5.3.9.4.3. • Infrastructure as a Service (IaaS)
5.3.9.5. Parallel Computing
5.3.9.5.1. Bit-level parallelism
5.3.9.5.2. Instruction-level parallelism
5.3.9.5.3. Task-level parallelism
5.3.9.5.4. data parallelism
5.3.9.6. Database Systems
5.3.9.6.1. Aggregation
5.3.9.6.2. Inference
5.3.9.7. Web-Based Systems
5.3.9.7.1. analyzing the website architecture
5.3.9.7.2. failing securely
5.3.9.7.3. (WAFs
5.3.9.7.4. security through obscurity
5.3.9.7.5. encryption
5.3.9.7.6. human element.
5.3.9.8. Mobile Systems
5.3.9.8.1. issues
5.3.9.8.2. enterprise mobile device security
5.3.9.9. Cyber-Physical Systems
5.3.9.9.1. Embedded Systems
5.3.9.9.2. Internet of Things
5.3.9.9.3. Industrial Control Systems(ICS)
5.3.10. A Few Threats to Review
5.3.10.1. Maintenance Hooks
5.3.10.1.1. Countermeasures
5.3.10.2. Time-of-Check/Time-of-Use Attacks(TOC/TOU)
5.3.10.2.1. Race conditions
5.3.10.2.2. Countermeasures
5.3.11. Cryptography Definitions and Concepts
5.3.11.1. Definitions and Concepts
5.3.11.1.1. plaintext
5.3.11.1.2. ciphertext
5.3.11.1.3. algorithm
5.3.11.1.4. key
5.3.11.2. Cryptosystems
5.3.11.2.1. • Software
5.3.11.2.2. • Protocols
5.3.11.2.3. • Algorithms
5.3.11.2.4. • Keys
5.3.11.3. Kerckhoffs’ Principle
5.3.11.3.1. the only secrecy involved with a cryptography system should be the key
5.3.11.3.2. the algorithm should be publicly known
5.3.11.4. The Strength of the Cryptosystem
5.3.11.4.1. million-instruction-per-second (MIPS)
5.3.11.5. One-Time Pad
5.3.11.5.1. • The pad must be used only one time.
5.3.11.5.2. • The pad must be as long as the message.
5.3.11.5.3. • The pad must be securely distributed and protected at its destination.
5.3.11.5.4. • The pad must be made up of truly random values.
5.3.11.5.5. • Secured at sender’s and receiver’s sites
5.3.11.6. Running and Concealment Ciphers
5.3.11.6.1. running key cipher
5.3.11.6.2. concealment cipher
5.3.11.7. Steganography
5.3.11.7.1. • Carrier A signal, data stream, or file that has hidden information (payload) inside of it
5.3.11.7.2. • Stegomedium The medium in which the information is hidden
5.3.11.7.3. • Payload The information that is to be concealed and transmitted
5.3.11.7.4. method
5.3.12. Types of Ciphers
5.3.12.1. Types of Ciphers
5.3.12.1.1. Substitution Ciphers
5.3.12.1.2. Transposition Ciphers
5.3.13. Methods of Encryption
5.3.13.1. Symmetric
5.3.13.1.1. strengths and weakness
5.3.13.1.2. examples
5.3.13.2. Asymmetric Algorithms
5.3.13.2.1. strengths and weakness
5.3.13.2.2. examples
5.3.13.3. Block Ciphers
5.3.13.4. Stream Ciphers
5.3.13.5. Initialization Vectors
5.3.13.5.1. characteristics
5.3.13.6. Cryptographic Transformation Techniques
5.3.13.6.1. • Compression
5.3.13.6.2. • Expansion
5.3.13.6.3. • Padding
5.3.13.6.4. • Key mixing
5.3.13.7. Hybrid Encryption Methods
5.3.13.8. Session Keys
5.3.14. Types of Symmetric Systems
5.3.14.1. • Data Encryption Standard (DES)
5.3.14.1.1. Data Encryption Algorithm (DEA)
5.3.14.1.2. 56 bits make up the true key
5.3.14.1.3. The result is 64-bit blocks of ciphertext
5.3.14.1.4. brute-force attack
5.3.14.1.5. DES Modes
5.3.14.2. • Triple-DES (3DES)
5.3.14.2.1. Triple-DES
5.3.14.3. • Advanced Encryption Standard (AES)
5.3.14.3.1. AES candidates
5.3.14.3.2. rounds
5.3.14.4. • International Data Encryption Algorithm (IDEA)
5.3.14.5. • Blowfish
5.3.14.6. • RC4, RC5, and RC6
5.3.14.6.1. Cryptography Notation
5.3.15. Types of Asymmetric Systems
5.3.15.1. Diffie-Hellman Algorithm
5.3.15.1.1. MQV (Menezes-Qu-Vanstone)
5.3.15.1.2. based on the difficulty of calculating logarithms in a finite field.
5.3.15.2. RSA
5.3.15.2.1. Diving into Numbers
5.3.15.2.2. One-Way Functions
5.3.15.2.3. provides: digital signatures, secure key distribution, and encryption.
5.3.15.3. El Gamal
5.3.15.3.1. based on the difficulty of calculating logarithms in a finite field.
5.3.15.3.2. used for digital signatures, encryption, and key exchange.
5.3.15.4. Elliptic Curve Cryptosystems(ECC)
5.3.15.4.1. provides: digital signatures, secure key distribution, and encryption.
5.3.15.5. Knapsack
5.3.15.5.1. was discovered to be insecure and is not currently used in cryptosystems
5.3.15.6. Zero Knowledge Proof
5.3.16. Message Integrity
5.3.16.1. The One-Way Hash
5.3.16.1.1. Hash Message Authentication Code (HMAC)
5.3.16.1.2. Cipher Block Chaining Message Authentication Code (CBC-MAC)
5.3.16.1.3. Cipher-Based Message Authentication Code (CMAC)
5.3.16.1.4. CCM
5.3.16.2. Various Hashing Algorithms
5.3.16.2.1. characteristics
5.3.16.3. MD4
5.3.16.4. MD5
5.3.16.5. SHA
5.3.16.6. Attacks Against One-Way Hash Functions
5.3.16.6.1. Birthday Attack
5.3.17. Public Key Infrastructure
5.3.17.1. Certificate Authorities
5.3.17.1.1. registration authority (RA)
5.3.17.1.2. Online Certificate Status Protocol (OCSP)
5.3.17.2. Certificates
5.3.17.2.1. The Registration Authority(RA)
5.3.17.3. PKI Steps
5.3.17.4. made up
5.3.17.4.1. • Certification authority
5.3.17.4.2. • Registration authority
5.3.17.4.3. • Certificate repository
5.3.17.4.4. • Certificate revocation system
5.3.17.4.5. • Key backup and recovery system
5.3.17.4.6. • Automatic key update
5.3.17.4.7. • Management of key histories
5.3.17.4.8. • Timestamping
5.3.17.4.9. • Client-side software
5.3.17.5. supplies the following security services
5.3.17.5.1. • Confidentiality
5.3.17.5.2. • Access control
5.3.17.5.3. • Integrity
5.3.17.5.4. • Authentication
5.3.17.5.5. • Nonrepudiation
5.3.18. Applying Cryptography
5.3.18.1. Services of Cryptosystems
5.3.18.1.1. provide the following services
5.3.18.2. Digital Signatures
5.3.18.2.1. • A message can be encrypted, which provides confidentiality.
5.3.18.2.2. • A message can be hashed, which provides integrity.
5.3.18.2.3. • A message can be digitally signed, which provides authentication, nonrepudiation, and integrity.
5.3.18.2.4. • A message can be encrypted and digitally signed, which provides confidentiality,authentication, nonrepudiation, and integrity.
5.3.18.3. Digital Signature Standard
5.3.18.3.1. Digital Signature Standard (DSS).
5.3.18.3.2. Untitled
5.3.18.4. Key Management
5.3.18.4.1. Kerberos
5.3.18.4.2. Key Management Principles
5.3.18.5. Trusted Platform Module
5.3.18.5.1. TPM Uses
5.3.18.6. Digital Rights Management (DRM)
5.3.19. Attacks on Cryptography
5.3.19.1. Ciphertext-Only Attacks
5.3.19.1.1. most common type
5.3.19.2. Known-Plaintext Attacks
5.3.19.3. Chosen-Plaintext Attacks
5.3.19.4. Chosen-Ciphertext Attacks
5.3.19.5. Differential Cryptanalysis
5.3.19.6. Linear Cryptanalysis
5.3.19.7. Side-Channel Attacks
5.3.19.8. Replay Attacks
5.3.19.9. Algebraic Attacks
5.3.19.10. Analytic Attacks
5.3.19.11. Statistical Attacks
5.3.19.12. Social Engineering Attacks
5.3.19.13. Meet-in-the-Middle Attacks
5.3.20. Site and Facility Security
5.3.20.1. broad categories
5.3.20.1.1. • Natural environmental threats
5.3.20.1.2. • Supply system threats
5.3.20.1.3. • Manmade threats
5.3.20.1.4. • Politically motivated threats
5.3.21. The Site Planning Process
5.3.21.1. physical security program
5.3.21.1.1. • Crime and disruption prevention through deterrence
5.3.21.1.2. • Reduction of damage through the use of delaying mechanisms
5.3.21.1.3. • Crime or disruption detection
5.3.21.1.4. • Incident assessment
5.3.21.1.5. • Response procedures
5.3.21.2. metrics
5.3.21.2.1. Untitled
5.3.21.3. Crime Prevention Through Environmental Design(CPTED)
5.3.21.3.1. Natural Access Control
5.3.21.3.2. Natural Surveillance
5.3.21.3.3. Natural Territorial Reinforcement
5.3.21.4. Designing a Physical Security Program
5.3.21.4.1. investigate
5.3.21.4.2. various regulations
5.3.21.4.3. Facility
5.3.21.4.4. Construction
5.3.21.4.5. Entry Points
5.3.21.4.6. Internal Compartments
5.3.21.4.7. Distribution Facilities
5.3.21.4.8. Storage Facilities
5.3.22. Internal Support Systems
5.3.22.1. Electric Power
5.3.22.1.1. Power Protection
5.3.22.1.2. Electric Power Issues
5.3.22.1.3. Preventive Measures and Good Practices
5.3.22.2. Environmental Issues
5.3.22.2.1. Fire Prevention, Detection, and Suppression
5.4. Domain 4. Communication and Network Security
5.4.1. Open Systems Interconnection Reference Model
5.4.1.1. described by ISO Standard 7498-1,
5.4.1.2. The OSI and TCP/IP networking models
5.4.1.2.1. Untitled
5.4.1.3. Protocol
5.4.1.3.1. A network protocol is a standard set of rules that determines how systems will communicate across networks.
5.4.1.4. Application Layer
5.4.1.4.1. protocols
5.4.1.5. Presentation Layer
5.4.1.5.1. standards
5.4.1.6. Session Layer
5.4.1.6.1. different modes
5.4.1.6.2. Secure RPC (SRPC)
5.4.1.6.3. protocols
5.4.1.7. Transport Layer
5.4.1.7.1. protocols
5.4.1.8. Network Layer
5.4.1.8.1. protocols
5.4.1.9. Data Link Layer
5.4.1.9.1. the Logical Link Control (LLC)
5.4.1.9.2. Media Access Control (MAC).
5.4.1.9.3. framing
5.4.1.9.4. protocols
5.4.1.10. Physical Layer
5.4.1.10.1. converts bits into voltage for transmission
5.4.1.10.2. standard interfaces
5.4.1.11. Multilayer Protocols
5.4.1.11.1. Distributed Network Protocol 3 (DNP3)
5.4.1.11.2. Controller Area Network Bus(CAN bus)
5.4.2. TCP/IP Model
5.4.2.1. TCP
5.4.2.1.1. Port Types
5.4.2.1.2. TCP Handshake
5.4.2.1.3. attack
5.4.2.1.4. Data Structures
5.4.2.1.5. Major Differences Between TCP and UDP
5.4.2.2. IP Addressing
5.4.2.2.1. Subnetting
5.4.2.2.2. supernetting
5.4.2.2.3. IPv4 Addressing
5.4.2.2.4. Time to Live (TTL)
5.4.2.2.5. Type of Service (ToS)
5.4.2.3. IPv6
5.4.2.3.1. IP next generation (IPng),
5.4.2.3.2. Network Address Translation
5.4.2.3.3. Automatic tunneling
5.4.2.3.4. Various IPv4 to IPv6 tunneling techniques
5.4.2.4. Layer 2 Security Standards
5.4.2.4.1. 802.1AE
5.4.2.4.2. IEEE 802.1AR
5.4.2.5. Converged Protocols
5.4.2.5.1. • Fibre Channel over Ethernet (FCoE)
5.4.2.5.2. • Multiprotocol Label Switching (MPLS)
5.4.2.5.3. • Internet Small Computer System Interface (iSCSI)
5.4.2.5.4. IP convergence
5.4.3. Transmission Media
5.4.3.1. Types of Transmission
5.4.3.1.1. signal
5.4.3.1.2. types
5.4.3.1.3. transmission
5.4.3.1.4. Cabling
5.4.4. Wireless Networks
5.4.4.1. Wireless Communications Techniques
5.4.4.1.1. eg
5.4.4.1.2. Spread Spectrum
5.4.4.1.3. Orthogonal Frequency-Division Multiplexing
5.4.4.2. WLAN Components
5.4.4.2.1. Service Set ID (SSID).
5.4.4.2.2. Basic Service Set (BSS).
5.4.4.2.3. access point (AP)
5.4.4.3. Evolution of WLAN Security
5.4.4.3.1. IEEE Standard 802.11
5.4.4.3.2. IEEE Standard 802.11i
5.4.4.3.3. IEEE Standard 802.1X
5.4.4.4. Wireless Standards
5.4.4.4.1. 802.11
5.4.4.4.2. 802.11b
5.4.4.4.3. 802.11a
5.4.4.4.4. 802.11e
5.4.4.4.5. 802.11f
5.4.4.4.6. 802.11g
5.4.4.4.7. 802.11h
5.4.4.4.8. 802.11j
5.4.4.4.9. 802.11n
5.4.4.4.10. 802.11ac
5.4.4.4.11. 802.16
5.4.4.4.12. 802.15.4
5.4.4.4.13. Bluetooth Wireless
5.4.4.5. Best Practices for Securing WLANs
5.4.4.5.1. Change the default SSID. Each AP comes with a preconfigured default SSID value.
5.4.4.5.2. • Implement WPA2 and 802.1X to provide centralized user authentication (e.g., RADIUS, Kerberos). Before users can access the network, require them to authenticate.
5.4.4.5.3. • Use separate VLANs for each class of users, just as you would on a wired LAN.
5.4.4.5.4. • If you must support unauthenticated users (e.g., visitors), ensure they are connected to an untrusted VLAN that remains outside your network’s perimeter.
5.4.4.5.5. • Deploy a wireless intrusion detection system (WIDS).
5.4.4.5.6. • Physically put the AP at the center of the building. The AP has a specific zone of coverage it can provide.
5.4.4.5.7. • Logically put the AP in a DMZ with a firewall between the DMZ and internal network.
5.4.4.5.8. Allow the firewall to investigate the traffic before it gets to the wired network.
5.4.4.5.9. • Implement VPN for wireless devices to use. This adds another layer of protection for data being transmitted.
5.4.4.5.10. • Configure the AP to allow only known MAC addresses into the network. Allow only known devices to authenticate. But remember that these MAC addresses are sent in cleartext, so an attacker could capture them and masquerade himself as an authenticated device.
5.4.4.5.11. • Carry out penetration tests on the WLAN. Use the tools described in this section to identify APs and attempt to break the current encryption scheme being used.
5.4.4.6. two main microwave wireless transmission
5.4.4.6.1. Satellites
5.4.4.6.2. terrestrial
5.4.4.7. Mobile Wireless Communication
5.4.4.7.1. “multiple access” technologies
5.4.4.7.2. Mobile Technology Generations
5.4.5. Networking Foundations
5.4.5.1. Network Topology
5.4.5.1.1. Ring Topology
5.4.5.1.2. Bus Topology
5.4.5.1.3. Star Topology
5.4.5.1.4. Mesh Topology
5.4.5.2. Media Access Technologies
5.4.5.2.1. Token Passing
5.4.5.2.2. CSMA
5.4.5.2.3. Collision Domains
5.4.5.2.4. Polling
5.4.5.2.5. Ethernet
5.4.5.2.6. Token Ring
5.4.5.2.7. FDDI
5.4.5.3. Transmission Methods
5.4.5.3.1. broadcast
5.4.5.3.2. multicast
5.4.5.3.3. unicast
5.4.6. Network Protocols and Services
5.4.6.1. Address Resolution Protocol
5.4.6.2. Dynamic Host Configuration Protocol
5.4.6.2.1. Untitled
5.4.6.2.2. Untitled
5.4.6.3. Reverse Address Resolution Protocol (RARP)
5.4.6.4. Bootstrap Protocol (BOOTP)
5.4.6.4.1. was created after RARP to enhance the functionality that RARP provides for diskless workstations
5.4.6.5. Internet Control Message Protocol(ICMP)
5.4.6.5.1. Attacks Using ICMP
5.4.6.6. Simple Network Management Protocol (SNMP)
5.4.6.6.1. Management Information Base (MIB).
5.4.6.6.2. SNMP v3
5.4.6.6.3. ports (161 and 162)
5.4.6.7. Domain Name Service
5.4.6.7.1. Internet DNS and Domains
5.4.6.7.2. DNS Threats
5.4.6.8. E-mail Services
5.4.6.8.1. Simple Mail Transfer Protocol (SMTP)
5.4.6.8.2. Post Office Protocol (POP)
5.4.6.8.3. Internet Message Access Protocol (IMAP)
5.4.6.8.4. E-mail Relaying
5.4.6.8.5. E-mail Threats
5.4.6.9. Network Address Translation
5.4.6.9.1. private IP address ranges
5.4.6.9.2. Three basic types of NAT
5.4.6.10. Routing Protocols
5.4.6.10.1. autonomous systems (ASs).
5.4.6.10.2. Interior Gateway Protocol (IGP)
5.4.6.10.3. Dynamic vs. Static
5.4.6.10.4. Route flapping
5.4.6.10.5. Distance-Vector vs. Link-State
5.4.6.10.6. Interior Routing Protocols/Interior Gateway Protocols
5.4.6.10.7. Exterior Routing Protocols
5.4.6.10.8. Routing Protocol Attacks
5.4.7. Network Components
5.4.7.1. • Repeaters
5.4.7.1.1. hub
5.4.7.2. • Bridges
5.4.7.2.1. functions
5.4.7.2.2. work at the data link layer
5.4.7.2.3. Forwarding Tables
5.4.7.3. • Routers
5.4.7.3.1. network layer
5.4.7.3.2. Main Differences Between Bridges and Routers
5.4.7.4. • Switches
5.4.7.4.1. Multilayered switches
5.4.7.4.2. Layer 3 and 4 Switches
5.4.7.4.3. Layer 2 switches
5.4.7.4.4. Multiprotocol Label Switching (MPLS)
5.4.7.4.5. Virtual LANs (VLANs)
5.4.7.5. Gateways
5.4.7.5.1. Network Device Differences
5.4.7.6. PBXs
5.4.7.6.1. A Private Branch Exchange (PBX) is a private telephone switch that is located on a company’s property
5.4.7.6.2. Network Diagramming
5.4.7.7. Firewalls
5.4.7.7.1. demilitarized zone (DMZ)
5.4.7.7.2. use
5.4.7.7.3. types
5.4.7.7.4. three main firewall architectures
5.4.7.7.5. Fragmentation Attacks
5.4.7.7.6. common firewall rules
5.4.7.8. Proxy Servers
5.4.7.8.1. forwarding proxy
5.4.7.8.2. open proxy
5.4.7.8.3. reverse proxy
5.4.7.9. Unified Threat Management
5.4.7.9.1. issues
5.4.7.10. Content Distribution Networks
5.4.7.11. Software Defined Networking
5.4.7.11.1. Approaches to SDN
5.4.7.12. Endpoints
5.4.7.13. Honeypot
5.4.7.14. Network Access Control (NAC)
5.4.7.15. Virtualized Networks
5.4.8. Intranets and Extranets
5.4.8.1. Value-added Networks
5.4.9. Metropolitan Area Networks
5.4.9.1. Metro Ethernet
5.4.9.2. SONET
5.4.10. Wide Area Networks
5.4.10.1. Telecommunications Evolution
5.4.10.1.1. • Copper lines carry purely analog signals.
5.4.10.1.2. • T1 lines carry up to 24 conversations.
5.4.10.1.3. • T3 lines carry up to 28 T1 lines.
5.4.10.1.4. • Fiber optics and the SONET network.
5.4.10.1.5. • Asynchronous Transfer Mode (ATM) over SONET.
5.4.10.2. Dedicated Links
5.4.10.2.1. T-carriers
5.4.10.2.2. E-Carriers
5.4.10.2.3. Optical Carrier
5.4.10.2.4. More Multiplexing
5.4.10.3. WAN Technologies
5.4.10.3.1. CSU/DSU
5.4.10.3.2. Switching
5.4.10.3.3. Frame Relay
5.4.10.3.4. Virtual Circuits
5.4.10.3.5. X.25
5.4.10.3.6. Asynchronous Transfer Mode (ATM)
5.4.10.3.7. Synchronous Data Link Control (SDLC)
5.4.10.3.8. High-level Data Link Control (HDLC)
5.4.10.3.9. Point-to-Point Protocol (PPP)
5.4.10.3.10. High-Speed Serial Interface (HSSI)
5.4.10.3.11. Summary
5.4.11. Communications Channels
5.4.11.1. Multiservice Access Technologies
5.4.11.1.1. combine several types of communication categories (data, voice, and video) over one transmission line.
5.4.11.2. H.323 Gateways
5.4.11.2.1. a standard that deals with video, real-time audio, and data packet–based transmissions where multiple users can be involved with the data exchange.
5.4.11.3. Digging Deeper into SIP
5.4.11.3.1. two major components
5.4.11.3.2. Untitled
5.4.11.4. IP Telephony Issues
5.4.11.4.1. SPIT (Spam over Internet Telephony).
5.4.11.4.2. countermeasures
5.4.12. Remote Access
5.4.12.1. Dial-up Connections
5.4.12.1.1. security measures
5.4.12.2. Integrated Services Digital Network (ISDN)
5.4.12.2.1. Three ISDN implementations
5.4.12.3. DSL
5.4.12.3.1. • Symmetric DSL (SDSL)
5.4.12.3.2. • Asymmetric DSL (ADSL)
5.4.12.3.3. • High-bit-rate DSL (HDSL)
5.4.12.3.4. • Very High-Data-Rate Digital Subscriber Line (VDSL)
5.4.12.3.5. • Rate-Adaptive Digital Subscriber Line (RADSL)
5.4.12.4. Cable Modems
5.4.12.4.1. Data-Over-Cable Service Interface Specifications (DOCSIS)
5.4.12.5. VPN
5.4.12.5.1. Point-To-Point Tunneling Protocol
5.4.12.5.2. Layer 2 Tunneling Protocol
5.4.12.5.3. Internet Protocol Security
5.4.12.5.4. Transport Layer Security VPN
5.4.12.6. Authentication Protocols
5.4.12.6.1. Password Authentication Protocol (PAP)
5.4.12.6.2. Extensible Authentication Protocol (EAP)
5.4.12.6.3. Challenge Handshake Authentication Protocol (CHAP)
5.4.13. Network Encryption
5.4.13.1. Encryption at Different Layers
5.4.13.1.1. • End-to-end encryption happens within the applications.
5.4.13.1.2. • TLS encryption takes place at the session layer.
5.4.13.1.3. • PPTP encryption takes place at the data link layer.
5.4.13.1.4. • Link encryption takes place at the data link and physical layers.
5.4.13.2. E-mail Encryption Standards
5.4.13.2.1. Pretty Good Privacy (PGP)
5.4.13.2.2. Multipurpose Internet Mail Extensions (MIME)
5.4.13.2.3. Secure MIME (S/MIME)
5.4.13.3. Internet Security
5.4.13.3.1. HTTP
5.4.13.3.2. HTTP Secure (HTTPS)
5.4.13.3.3. Secure Sockets Layer (SSL)
5.4.13.3.4. Transport Layer Security
5.4.13.3.5. Cookies
5.4.13.3.6. Secure Shell (SSH)
5.4.14. Network Attacks
5.4.14.1. EXAM TIP
5.4.14.1.1. (ISC) 2dropped network attacks from this domain in the April 2018 update
5.4.14.2. Denial of Service
5.4.14.2.1. Malformed Packets
5.4.14.2.2. Flooding
5.4.14.2.3. distributed denial-of-service (DDoS)
5.4.14.2.4. Ransomware
5.4.14.3. Sniffing
5.4.14.3.1. DNS Hijacking
5.4.14.4. Drive-by Download
5.4.14.4.1. A drive-by download occurs when a user visits a website that is hosting malicious code and automatically gets infected.
5.5. Domain 5. Identity and Access Management
5.5.1. Security Principles
5.5.1.1. • Availability
5.5.1.2. • Integrity
5.5.1.3. • Confidentiality
5.5.2. Identification, Authentication, Authorization, and Accountability
5.5.2.1. Race Condition
5.5.2.2. Four steps must happen for a subject to access an object
5.5.2.2.1. Untitled
5.5.2.3. Identification and Authentication
5.5.2.3.1. Strong authentication
5.5.2.3.2. multifactor authentication (MFA)
5.5.2.3.3. Identity Management(IdM)
5.5.2.3.4. Identity and access management (IAM)
5.5.2.3.5. Directories
5.5.2.3.6. Web access management (WAM)
5.5.2.4. Authentication Methods
5.5.2.4.1. Credential Management Systems
5.5.2.4.2. Biometrics
5.5.2.4.3. Passwords
5.5.2.4.4. Cognitive Password
5.5.2.4.5. One-Time Password
5.5.2.4.6. Cryptographic Keys
5.5.2.5. Authorization
5.5.2.5.1. Access Criteria
5.5.2.5.2. Default to No Access
5.5.2.5.3. Need to Know
5.5.2.5.4. Single Sign-On
5.5.2.6. Accountability
5.5.2.6.1. events
5.5.2.6.2. Keystroke Monitoring
5.5.2.7. Session Management
5.5.2.7.1. • Timeout
5.5.2.7.2. • Inactivity
5.5.2.7.3. • Anomaly
5.5.2.8. Federation
5.5.2.8.1. Access Control and Markup Languages
5.5.2.8.2. OpenID
5.5.2.8.3. OAuth
5.5.2.8.4. OpenID Connect (OIDC)
5.5.3. Integrating Identity as a Service
5.5.3.1. On-premise
5.5.3.1.1. An on-premise (or on-premises) IdM system is one in which all needed resources remain under your physical control.
5.5.3.2. Cloud
5.5.3.3. Integration Issues
5.5.3.3.1. “Measure twice and cut once.”
5.5.3.3.2. Establishing Connectivity
5.5.3.3.3. Establishing Trust
5.5.3.3.4. Incremental Testing
5.5.3.3.5. Integrating Federated Systems
5.5.3.4. Establishing Connectivity
5.5.4. Access Control Mechanisms
5.5.4.1. Discretionary Access Control
5.5.4.1.1. Identity-Based Access Control
5.5.4.2. Mandatory Access Control
5.5.4.2.1. Multilevel security (MLS)
5.5.4.2.2. “security labels”
5.5.4.3. Role-Based Access Control
5.5.4.3.1. ACLs
5.5.4.3.2. Core RBAC
5.5.4.3.3. Hierarchical RBAC
5.5.4.3.4. • Static Separation of Duty (SSD) Relations through RBAC
5.5.4.3.5. • Dynamic Separation of Duties (DSD) Relations through RBAC
5.5.4.3.6. can be managed in the following ways:
5.5.4.4. Rule-Based Access Control
5.5.4.5. Attribute-Based Access Control
5.5.4.5.1. some possible attributes
5.5.5. Access Control Techniques and Technologies
5.5.5.1. Constrained User Interfaces
5.5.5.1.1. Database views
5.5.5.1.2. Physically constraining a user interface
5.5.5.2. Remote Access Control Technologies
5.5.5.2.1. Remote Authentication Dial-In User Service (RADIUS)
5.5.5.2.2. Terminal Access Controller Access Control System (TACACS)
5.5.5.2.3. TACACS+
5.5.5.2.4. Diameter
5.5.5.3. Access Control Matrix
5.5.5.3.1. Access Control Lists
5.5.5.4. Content-Dependent Access Control
5.5.5.4.1. database views
5.5.5.5. Context-Dependent Access Control
5.5.6. Managing the Identity and Access Provisioning Life Cycle
5.5.6.1. Provisioning
5.5.6.1.1. Provisioning pertains to the creation of user objects or accounts.
5.5.6.2. User Access Review
5.5.6.2.1. • Extended vacation or sabbatical
5.5.6.2.2. • Hospitalization
5.5.6.2.3. • Long-term disability (with an expected future return)
5.5.6.2.4. • Investigation for possible wrong-doing
5.5.6.2.5. • Unexpected disappearance
5.5.6.3. System Account Access Review
5.5.6.3.1. every system account eventually needs to be disabled or deprovisioned.
5.5.6.4. Deprovisioning
5.5.7. Controlling Physical and Logical Access
5.5.7.1. Access Control Layers
5.5.7.1.1. Administrative controls
5.5.7.1.2. Physical controls
5.5.7.1.3. Technical controls:
5.5.8. Access Control Practices
5.5.8.1. Unauthorized Disclosure of Information
5.5.8.1.1. Object Reuse
5.5.8.1.2. Emanation Security
5.5.9. Access Control Monitoring
5.5.9.1. Intrusion Detection Systems
5.5.9.1.1. network-based IDS (NIDS)
5.5.9.1.2. host-based IDS (HIDS)
5.5.9.1.3. Signature-based
5.5.9.1.4. Anomaly-based
5.5.9.1.5. Application-based IDS
5.5.9.2. Intrusion Prevention Systems
5.5.9.3. Honeypot
5.5.9.4. Network Sniffers
5.5.10. Threats to Access Control
5.5.10.1. Dictionary Attack
5.5.10.1.1. Countermeasures
5.5.10.2. Brute-Force Attacks
5.5.10.2.1. Countermeasures
5.5.10.3. Spoofing at Logon
5.5.10.3.1. a fake logon screen
5.5.10.4. Phishing and Pharming
5.5.10.4.1. social engineering
5.5.10.4.2. Spear-Phishing
5.6. Domain 6. Security Assessment and Testing
5.6.1. Assessment, Test, and Audit Strategies
5.6.1.1. Information System Security Audit Process
5.6.1.1.1. 1. Determine the goals, because everything else hinges on this.
5.6.1.1.2. 2. Involve the right business unit leaders to ensure the needs of the business are identified and addressed.
5.6.1.1.3. 3. Determine the scope, because not everything can be tested.
5.6.1.1.4. 4. Choose the audit team, which may consist of internal or external personnel, depending on the goals, scope, budget, and available expertise.
5.6.1.1.5. 5. Plan the audit to ensure all goals are met on time and on budget.
5.6.1.1.6. 6. Conduct the audit while sticking to the plan and documenting any deviations therefrom.
5.6.1.1.7. 7. Document the results, because the wealth of information generated is both valuable and volatile.
5.6.1.1.8. 8. Communicate the results to the right leaders in order to achieve and sustain a strong security posture.
5.6.1.2. Internal Audits
5.6.1.2.1. • Mark your calendars
5.6.1.2.2. • Prepare the auditors
5.6.1.2.3. • Document everything
5.6.1.2.4. • Make the report easy to read
5.6.1.3. External Audits
5.6.1.3.1. • Learn the contract
5.6.1.3.2. • Schedule in- and out-briefs
5.6.1.3.3. • Travel in pairs
5.6.1.3.4. • Keep it friendly
5.6.1.4. Third-Party Audits
5.6.1.4.1. Signing a nondisclosure agreement
5.6.1.4.2. Facilitating Third-Party Audits
5.6.1.5. Test Coverage
5.6.2. Auditing Technical Controls
5.6.2.1. Vulnerability Testing
5.6.2.1.1. • Personnel testing
5.6.2.1.2. • Physical testing
5.6.2.1.3. • System and network testing
5.6.2.2. Penetration Testing
5.6.2.2.1. five-step process:
5.6.2.2.2. varying degrees of knowledge
5.6.2.3. War Dialing
5.6.2.3.1. private branch exchanges (PBXs)
5.6.2.3.2. facsimile (FAX)
5.6.2.4. Other Vulnerability Types
5.6.2.4.1. Kernel flaws
5.6.2.4.2. • Buffer overflows
5.6.2.4.3. • Symbolic links
5.6.2.4.4. • File descriptor attacks
5.6.2.4.5. • Race conditions
5.6.2.4.6. • File and directory permissions
5.6.2.5. Postmortem
5.6.2.6. Log Reviews
5.6.2.6.1. Network Time Protocol (NTP)
5.6.2.6.2. Preventing Log Tampering
5.6.2.6.3. Synthetic Transactions
5.6.2.6.4. Real User Monitoring
5.6.2.7. Misuse Case Testing
5.6.2.8. Code Reviews
5.6.2.9. Code Testing
5.6.2.10. Interface Testing
5.6.3. Auditing Administrative Controls
5.6.3.1. Account Management
5.6.3.1.1. Adding Accounts
5.6.3.1.2. Modifying Accounts
5.6.3.1.3. Suspending Accounts
5.6.3.2. Backup Verification
5.6.3.2.1. Types of Data
5.6.3.2.2. Verification
5.6.3.3. Disaster Recovery and Business Continuity
5.6.3.3.1. Testing and Revising the Business Continuity Plan
5.6.3.3.2. Maintaining the Plan
5.6.3.3.3. BCP Life Cycle
5.6.3.4. Security Training and Security Awareness Training
5.6.3.4.1. Social Engineering
5.6.3.4.2. Online Safety
5.6.3.4.3. Data Protection
5.6.3.4.4. Culture
5.6.3.5. Key Performance and Risk Indicators
5.6.3.5.1. Key Performance Indicators
5.6.3.5.2. Key Risk Indicators
5.6.4. Reporting
5.6.4.1. Analyzing Results
5.6.4.2. Writing Technical Reports
5.6.4.2.1. key elements of a good technical audit report
5.6.5. Management Review and Approval
5.6.5.1. Before the Management Review
5.6.5.2. Reviewing Inputs
5.6.5.3. Management Approval
5.7. Domain 7. Security Operations
5.7.1. Administrative Management
5.7.1.1. Security and Network Personnel
5.7.1.1.1. tasks
5.7.1.2. Accountability
5.7.1.3. Clipping Levels
5.7.2. Physical Security
5.7.2.1. Facility Access Control
5.7.2.1.1. Locks
5.7.2.2. Personnel Access Controls
5.7.2.2.1. Electronic access control (EAC) tokens
5.7.2.2.2. piggybacking
5.7.2.2.3. Identification and authentication can be verified by matching an anatomical attribute (biometric system), using smart or memory cards (swipe cards), presenting a photo ID to a security guard, using a key, or providing a card and entering a password or PIN
5.7.2.3. External Boundary Protection Mechanisms
5.7.2.3.1. control types
5.7.2.3.2. Fencing
5.7.2.3.3. Bollards
5.7.2.3.4. Lighting
5.7.2.3.5. Surveillance Devices
5.7.2.3.6. Visual Recording Devices
5.7.2.4. Intrusion Detection Systems
5.7.2.4.1. IDSs can be used to detect changes
5.7.2.4.2. Electromechanical systems
5.7.2.4.3. A photoelectric system
5.7.2.4.4. passive infrared (PIR) system
5.7.2.4.5. acoustical detection system
5.7.2.4.6. Wave-pattern motion detectors
5.7.2.4.7. proximity detector, or capacitance detector
5.7.2.5. Patrol Force and Guards
5.7.2.6. Dogs
5.7.2.7. Auditing Physical Access
5.7.2.8. Internal Security Controls
5.7.3. Secure Resource Provisioning
5.7.3.1. Asset Inventory
5.7.3.1.1. Tracking Hardware
5.7.3.1.2. Tracking Software
5.7.3.2. Asset Management
5.7.3.2.1. Media Management
5.7.3.3. Configuration Management
5.7.3.3.1. Change Control Process
5.7.3.4. Trusted Recovery
5.7.3.4.1. type of failure
5.7.3.4.2. After a System Crash
5.7.3.4.3. Security Concerns
5.7.3.5. Input and Output Controls
5.7.3.6. System Hardening
5.7.3.6.1. Gold Master (GM)
5.7.3.6.2. Locked-down systems are referred to as bastion hosts.
5.7.3.7. Remote Access Security
5.7.3.8. Provisioning Cloud Assets
5.7.4. Network and Resource Availability
5.7.4.1. keeping that information available
5.7.4.1.1. • Redundant hardware
5.7.4.1.2. • Fault-tolerant technologies
5.7.4.1.3. • Service level agreements (SLAs)
5.7.4.1.4. • Solid operational procedures
5.7.4.2. Mean Time Between Failures
5.7.4.2.1. (MTBF)
5.7.4.2.2. mean time to failure (MTTF)
5.7.4.3. Mean time to repair (MTTR)
5.7.4.3.1. is the expected amount of time it will take to get a device fixed and back into production after its failure
5.7.4.4. Single Points of Failure
5.7.4.4.1. Redundant array of independent disks (RAID)
5.7.4.4.2. Direct access storage device (DASD)
5.7.4.4.3. massive array of inactive disks (MAID).
5.7.4.4.4. Redundant Array of Independent Tapes
5.7.4.4.5. storage area network (SAN)
5.7.4.4.6. Clustering
5.7.4.4.7. Grid Computing
5.7.4.5. Backups
5.7.4.5.1. Hierarchical storage management (HSM)
5.7.4.6. Contingency Planning
5.7.4.7. Summary of Technologies That Improve Resource Availability
5.7.4.7.1. • Redundant servers
5.7.4.7.2. • RAID, MAID, RAIT
5.7.4.7.3. • Direct access storage device
5.7.4.7.4. • Storage area networks
5.7.4.7.5. • Clustering
5.7.4.7.6. • Grid computing
5.7.4.7.7. • Backups
5.7.5. Preventing and Detecting
5.7.5.1. The steps of this generalized process
5.7.5.1.1. 1. Understand the risk.
5.7.5.1.2. 2. Use the right controls.
5.7.5.1.3. 3. Use the controls correctly.
5.7.5.1.4. 4. Manage your configuration.
5.7.5.1.5. 5. Assess your operation.
5.7.5.2. Continuous Monitoring
5.7.5.2.1. NIST Special Publication 800-137, “Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations,” defines information security continuous monitoring as “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.”
5.7.5.3. Firewalls
5.7.5.4. Intrusion Detection and Prevention Systems
5.7.5.5. Whitelisting and Blacklisting
5.7.5.6. Antimalware
5.7.5.7. Vulnerability Management
5.7.5.7.1. Software Vulnerabilities
5.7.5.7.2. Process Vulnerabilities
5.7.5.7.3. Human Vulnerabilities
5.7.5.8. Patch Management
5.7.5.8.1. Unmanaged Patching
5.7.5.8.2. Centralized Patch Management
5.7.5.9. Sandboxing
5.7.5.10. Honeypots and Honeynets
5.7.5.11. Egress Monitoring
5.7.5.12. security information and event management (SIEM)
5.7.5.13. Outsourced Services
5.7.5.13.1. managed security services providers (MSSPs)
5.7.6. The Incident Management Process
5.7.6.1. incident response team
5.7.6.1.1. • A list of outside agencies and resources to contact or report to.
5.7.6.1.2. • An outline of roles and responsibilities.
5.7.6.1.3. • A call tree to contact these roles and outside entities.
5.7.6.1.4. • A list of computer or forensic experts to contact.
5.7.6.1.5. • A list of steps to take to secure and preserve evidence.
5.7.6.1.6. • A list of items that should be included in a report for management and potentially the courts.
5.7.6.1.7. • A description of how the different systems should be treated in this type of situation.
5.7.6.2. Computer Emergency Response Team (CERT)
5.7.6.3. The Cyber Kill Chain
5.7.6.3.1. 1. Reconnaissance
5.7.6.3.2. 2. Weaponization
5.7.6.3.3. 3. Delivery
5.7.6.3.4. 4. Exploitation
5.7.6.3.5. 5. Installation
5.7.6.3.6. 6. Command and Control (C&C)
5.7.6.3.7. 7. Actions on the Objective
5.7.6.4. Detection
5.7.6.5. Response
5.7.6.6. Mitigation
5.7.6.7. Reporting
5.7.6.7.1. • Summary of the incident
5.7.6.7.2. • Indicators
5.7.6.7.3. • Related incidents
5.7.6.7.4. • Actions taken
5.7.6.7.5. • Chain of custody for all evidence (if applicable)
5.7.6.7.6. • Impact assessment
5.7.6.7.7. • Identity and comments of incident handlers
5.7.6.7.8. • Next steps to be taken
5.7.6.8. Recovery
5.7.6.9. Remediation
5.7.7. Investigations
5.7.7.1. Computer Forensics and Proper Collection of Evidence
5.7.7.1.1. Scientific Working Group on Digital Evidence (SWGDE)
5.7.7.2. Motive, Opportunity, and Means
5.7.7.3. Computer Criminal Behavior
5.7.7.4. Incident Investigators
5.7.7.5. Different Types of Assessments an Investigator Can Perform
5.7.7.5.1. Network analysis
5.7.7.5.2. Media analysis
5.7.7.5.3. Software analysis
5.7.7.5.4. Hardware/embedded device analysis
5.7.7.6. Types of Investigations
5.7.7.6.1. Administrative
5.7.7.6.2. Criminal
5.7.7.6.3. Civil
5.7.7.6.4. Regulatory
5.7.7.7. The Forensic Investigation Process
5.7.7.7.1. • Identification
5.7.7.7.2. • Preservation
5.7.7.7.3. • Collection
5.7.7.7.4. • Examination
5.7.7.7.5. • Analysis
5.7.7.7.6. • Presentation
5.7.7.7.7. • Decision
5.7.7.8. Forensics Field Kits
5.7.7.8.1. • Documentation tools Tags, labels, and time-lined forms
5.7.7.8.2. • Disassembly and removal tools Antistatic bands, pliers, tweezers, screwdrivers, wire cutters, and so on
5.7.7.8.3. • Package and transport supplies Antistatic bags, evidence bags and tape, cable ties, and others
5.7.7.9. Surveillance, Search, and Seizure
5.7.7.9.1. Surveillance
5.7.8. Disaster Recovery
5.7.8.1. Concept
5.7.8.1.1. maximum tolerable downtime (MTD)
5.7.8.1.2. recovery time objective (RTO)
5.7.8.1.3. work recovery time (WRT)
5.7.8.2. Relation
5.7.8.2.1. Untitled
5.7.8.3. Business Process Recovery
5.7.8.3.1. • Required roles
5.7.8.3.2. • Required resources
5.7.8.3.3. • Input and output mechanisms
5.7.8.3.4. • Workflow steps
5.7.8.3.5. • Required time for completion
5.7.8.3.6. • Interfaces with other processes
5.7.8.4. Recovery Site Strategies
5.7.8.4.1. • Hot site
5.7.8.4.2. • Warm site
5.7.8.4.3. • Cold site
5.7.8.4.4. Reciprocal Agreements
5.7.8.4.5. Redundant Sites
5.7.8.5. Supply and Technology Recovery
5.7.8.5.1. Hardware Backups
5.7.8.5.2. Software Backups
5.7.8.6. Backup Storage Strategies
5.7.8.6.1. Online backup
5.7.8.6.2. Electronic Backup Solutions
5.7.8.6.3. Choosing a Software Backup Facility
5.7.8.6.4. Documentation
5.7.8.6.5. Human Resources
5.7.8.7. End-User Environment
5.7.8.7.1. Availability
5.7.9. Liability and Its Ramifications
5.7.9.1. Liability
5.7.9.1.1. Due Care
5.7.9.1.2. Due Diligence
5.7.9.2. Liability Scenarios
5.7.9.2.1. Personal Information
5.7.9.2.2. Hacker Intrusion
5.7.9.3. Third-Party Risk
5.7.9.4. Contractual Agreements
5.7.9.4.1. • Outsourcing agreements
5.7.9.4.2. • Hardware supply
5.7.9.4.3. • System maintenance and support
5.7.9.4.4. • System leasing agreements
5.7.9.4.5. • Consultancy service agreements
5.7.9.4.6. • Website development and support
5.7.9.4.7. • Nondisclosure and confidentiality agreements
5.7.9.4.8. • Information security management agreements
5.7.9.4.9. • Software development agreements
5.7.9.4.10. • Software licensing
5.7.9.5. Procurement and Vendor Processes
5.7.9.5.1. vendor management governing process
5.7.9.5.2. Request for Proposals (RFP)
5.7.10. Insurance
5.7.10.1. Cyber insurance
5.7.10.2. business interruption insurance
5.7.11. Implementing Disaster Recovery
5.7.11.1. a goal must contain certain key information
5.7.11.1.1. • Responsibility
5.7.11.1.2. • Authority
5.7.11.1.3. • Priorities
5.7.11.1.4. • Implementation and testing
5.7.11.2. Personnel
5.7.11.2.1. • Damage assessment team
5.7.11.2.2. • Recovery team
5.7.11.2.3. • Relocation team
5.7.11.2.4. • Restoration team
5.7.11.2.5. • Salvage team
5.7.11.2.6. • Security team
5.7.11.3. Assessment
5.7.11.3.1. procedures
5.7.11.3.2. criteria
5.7.11.4. Restoration
5.7.11.4.1. to the alternate site
5.7.11.4.2. salvage team
5.7.11.5. Communications
5.7.11.5.1. emergency communications plan
5.7.11.6. Training
5.7.12. Personal Safety Concerns
5.7.12.1. Emergency Management
5.7.12.1.1. OEP
5.7.12.1.2. fail-safe device
5.7.12.1.3. Duress
5.7.12.1.4. Travel
5.7.12.1.5. Training
5.8. Domain 8. Software Development Security
5.8.1. Goals
5.8.1.1. Software should perform its intended tasks - nothing more, nothing less
5.8.1.2. Develop software and systems in budget and on schedule
5.8.2. Open Source vs. Proprietary Code
5.8.3. A TCB depends on Trusted Software
5.8.4. Overview of programming languages
5.8.4.1. 1st generation: Machine or Binary code
5.8.4.2. 2nd generation : ASM
5.8.4.3. 3rd generation : Spoken language
5.8.4.4. Compiled / Interpreted / Hybrid
5.8.5. Principles of Programming
5.8.5.1. Modularity
5.8.5.2. Top-down design
5.8.5.3. Limited control structures
5.8.5.4. Limited control structures
5.8.5.5. Limited scope of variables
5.8.6. Methodologies
5.8.6.1. Structured Programming
5.8.6.2. Object-Oriented Programming
5.8.6.3. Computer-Aided Software Engineering (CASE) tools
5.8.7. Good Coding Practices
5.8.7.1. Least privileges
5.8.7.2. Hiding secrets
5.8.7.3. Layered defense
5.8.7.4. Weakest link
5.8.8. Development Models
5.8.8.1. Software Engineering Models
5.8.8.1.1. Simplistic Model
5.8.8.1.2. Waterfall Model
5.8.8.1.3. Spiral Model
5.8.8.1.4. Cost Estimation Techniques
5.8.8.1.5. Rapid Application Development (RAD)
5.8.8.1.6. Cleanroom Model
5.8.8.1.7. Iterative Development Method
5.8.8.1.8. Prototyping Model
5.8.8.1.9. System Development Life Cycle (SDLC)
5.8.8.1.10. The Software Capability Maturity Model
5.8.8.1.11. IDEAL Model
5.8.9. Object Oriented Programming
5.8.9.1. Object Oriented Concepts
5.8.9.1.1. Class
5.8.9.1.2. Data Abstraction
5.8.9.1.3. Inheritance
5.8.9.1.4. Polymorphism
5.8.9.1.5. Polyinstantiation
5.8.9.2. Phases of Development for Object Oriented Orientation (OOO)
5.8.9.2.1. Object Oriented Requirements Analysis (OORA)
5.8.9.2.2. Object Oriented Analysis (OOA)
5.8.9.2.3. Domain Analysis (DA)
5.8.9.2.4. Object Oriented Design (OOD)
5.8.9.2.5. Object Oriented Programming( OOP)
5.8.10. Tools and Languages
5.8.10.1. JAVA
5.8.10.2. ActiveX
5.8.10.3. Dynamic Data Exchange (DDE)
5.8.10.4. Object Linking and Embedding (OLE)
5.8.10.5. Component Object Model (COM) & Distributed Component Object Model (DCOM)
5.8.10.6. Common Object Request Broker Architecture (CORBA)
5.8.10.7. Expert Systems
5.8.11. Databases
5.8.11.1. Types
5.8.11.1.1. File-based
5.8.11.1.2. Hierarchical
5.8.11.1.3. Network
5.8.11.1.4. Object-Oriented
5.8.11.1.5. Relational
5.8.11.2. Terms
5.8.11.2.1. Database Management System
5.8.11.2.2. Data Definition Language
5.8.11.2.3. Primary Key
5.8.11.2.4. Foreign Key
5.8.11.2.5. SELECT Command
5.8.11.2.6. Normalization
5.8.11.2.7. Bind variable
5.8.11.2.8. Data Warehouse
5.8.11.3. Database Security
5.8.11.3.1. Basics of Database Security
5.8.11.3.2. Discretionary vs Mandatory
5.8.11.3.3. Relational vs Object Oriented
5.8.12. Configuration & Management
5.8.13. Application Vulnerabilities
5.8.13.1. Malicious Mobile Code
5.8.13.2. DNS Hijacking
5.8.13.3. XSS
5.8.13.4. SQL Injection
5.8.13.5. DoS DDoS
5.8.13.6. Flooding
5.8.13.7. Virus
5.8.13.7.1. Trojan
5.8.13.7.2. Polymorphic
5.8.13.7.3. Stealth
5.8.13.7.4. Retro
5.8.13.7.5. Boot Sector
5.8.13.7.6. Macro
5.8.13.8. Worm