Get Started. It's Free
or sign up with your email address
Rocket clouds
IA by Mind Map: IA

1. Supporting Areas

1.1. Basic Networking

1.1.1. Wired and Wireless

1.1.2. Telecom and Network Security

1.1.3. Transmission Security

1.2. Basic MIS

2. Core IA Knowledge

2.1. Core Knowledge

2.1.1. Definitions

2.1.1.1. 1

2.1.1.1.1. Control

2.1.1.1.2. Vulnerability

2.1.1.1.3. Threat

2.1.1.1.4. Attack

2.1.2. Information States

2.1.2.1. Storage

2.1.2.2. Transmission

2.1.2.3. Processing

2.1.3. Military/Government

2.1.3.1. OPSEC

2.1.3.2. INFOSEC

2.1.3.3. NSTISS Basics

2.1.3.3.1. Facets of NSTISS

3. Threat Detection and Response

3.1. Forensics

3.1.1. Forensic Analysis

3.1.2. eDiscovery

3.1.3. Incident Response

3.1.4. Intrusion Investigation

3.2. Penetration Testing

3.3. Honeypots

3.4. IDS

3.5. Audit/Accountability

3.5.1. Audits

3.5.2. Logs

3.5.3. Traceability

3.6. Threat types/classes

3.7. Cover and Deception

3.8. HUMINT

3.9. Traffic Analysis

3.10. Attribution

4. Vulnerability Controls

4.1. Cryptography

4.1.1. PKI

4.1.2. Digital Signatures

4.1.3. Symmetric Encryption

4.1.4. Asymmetric Encryption

4.1.5. Hashes

4.1.5.1. Message Digest

4.1.5.2. SHA

4.2. Access Control

4.2.1. Authentication and Identification

4.2.1.1. Capabilities

4.2.1.1.1. POSIX

4.2.1.1.2. Kerberos

4.2.1.2. Credentials

4.2.1.2.1. Something You Know

4.2.1.2.2. Something You Have

4.2.1.2.3. Something You Are

4.2.1.3. Access Control List

4.2.2. Authorization

4.2.2.1. R/W/X

4.2.2.2. DAC/MAC/RBAC

4.2.2.3. Mode of Operation

4.2.3. Physical Security

4.2.3.1. Environmental

4.2.3.2. Layered Physical Defense and Entry Points

4.2.3.3. Site Location Principles

4.2.3.4. Asset Management

4.2.3.5. Key Management

4.2.3.5.1. Physical Keys

4.2.3.5.2. Electronics Keys

4.2.3.6. COMSEC Material

4.2.3.6.1. Destruction

4.2.3.6.2. Identity and Inventory

4.2.3.6.3. Key Management Protocols

4.2.3.6.4. Access, Control, Storage

4.2.4. Network

4.2.4.1. end-to-end access control

4.2.4.2. class and node privileges

4.3. Technical Controls

4.3.1. Firewalls

4.3.2. Media

4.3.2.1. Remanence

4.3.2.2. Backups

4.3.2.3. Object Reuse

4.3.2.4. Destruction

4.3.2.5. Emergency Destruction

4.3.2.6. External Marking

4.3.2.7. Downgrade and Declassification

4.3.2.8. Sanitization

4.3.2.9. Transportation

4.3.3. EMSEC

4.3.4. Transmission Security

4.3.4.1. Covert Channels (Crosstalk)

4.3.4.2. Dial Back

4.3.4.3. Directional Signals

4.3.4.4. Freq Hopping

4.3.4.5. Jammin

4.3.4.6. Line of Sight

4.3.4.7. Line Authentication

4.3.4.8. Low Power

4.3.4.9. Msking

4.3.4.10. Optical Systems

4.3.4.11. Protected Wireline

4.3.4.12. Screening

4.3.4.13. Spread Spectrum Transmission

4.3.4.14. Burst Transmission

4.3.5. TEMPEST

4.3.5.1. Banding

4.3.5.2. Cabling

4.3.5.3. Filtered Power

4.3.5.4. Grounding

4.3.5.5. Shielding

4.3.5.6. TEMPEST Separation

4.3.5.7. Zone of Control/Zoning

4.3.5.8. Attenuation

5. Risk and Management

5.1. Risk

5.1.1. Business Continuity

5.1.2. Disaster Recovery

5.1.2.1. Response

5.1.2.2. Recovery

5.1.2.3. Restoration

5.1.3. System Certification

5.1.3.1. Accreditation

5.1.3.2. System Assessment

5.1.3.3. Systems/Services Acquisition

5.1.4. Contingency Planning

5.1.5. Risk Assessment

5.2. Management

5.2.1. Least Privilege

5.2.2. Separation of Duties

5.2.3. Personnel Management

5.2.3.1. Awareness and Training

5.2.3.2. Personnel Security

5.2.4. Configuration Management

5.2.4.1. Software Configuration Management

5.2.4.2. Computer Hardware Configuration Management

5.2.5. Roles and Responsibilites

5.3. Effectiveness of Security Programs

6. Enforcement

6.1. Legal

6.1.1. Major Legal Systems

6.1.2. Common and Civil Law

6.1.3. Government Regulations and Acts

6.1.3.1. RIAA

6.1.3.2. DMCA

6.1.3.3. Copyright

6.1.3.4. Patents

6.1.4. Computer Crimes

6.1.5. National Policy

6.1.5.1. NSTISS Policies

6.1.5.1.1. AIS Security

6.1.5.1.2. Communications Security

6.1.5.1.3. Protection of Information

6.1.5.1.4. Employee accountability for agency information

6.2. Administrative/Procedural

6.2.1. Policies

6.2.1.1. Security Policy/Plan

6.2.2. Procedures

6.2.3. Standards

6.2.4. Guidelines

6.3. Ethical

6.3.1. Professionalism

6.4. Privacy

7. Development

7.1. Ontologies and Models

7.1.1. MacCumber Model

7.1.2. Defense in Depth

7.1.3. Models (Bell-LaPadula)

7.1.4. CIA AA

7.2. Software

7.2.1. Trusted Systems

7.2.2. System Architecture

7.2.3. Applications

7.2.4. Trusted O/S and Computing Base

7.2.5. Development

7.2.5.1. Change Control Management (CCB)

7.2.5.2. Secure Development

7.2.5.2.1. Lifecycle

7.3. Network

7.3.1. public vs private

7.3.2. dial-up or dedicated