Unlock the full potential of your projects.
Show full map

SSCP

Technology
Guilherme Queiroz

SSCP CERTIFICATION STUDY GUIDE - ISC2

Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
SSCP by Mind Map: SSCP

1. ISC2 Code of Ethics

1.1. https://www.isc2.org/ethics

1.2. Preamble

1.3. Canons

1.4. Computer Ethics Institute (10 Commandments)

1.5. Ethics Working Group

2. Security Operations & Administration

2.1. Controls

2.1.1. Preventative

2.1.1.1. security guard

2.1.1.2. security policies

2.1.1.3. encryption data

2.1.2. Detection

2.1.2.1. sensors alarm system

2.1.2.2. IDS

2.1.2.3. Audit

2.1.3. Corrective

2.1.3.1. call the police (SOC)

2.1.3.2. disaster recovery plan

2.1.3.3. backup/recovery

2.2. Asset Management

2.2.1. Life Cycle

2.2.1.1. Design

2.2.1.2. construction

2.2.1.3. Commissioning

2.2.1.4. operating

2.2.1.5. maintaning

2.2.1.6. Reporting

2.2.1.7. Upgrading

2.2.1.8. Disposing

2.2.2. PRIORITIZE (Why they exists ? How much they cost ?)

2.2.3. Hardware

2.2.4. Software

2.2.4.1. License

2.2.4.2. versions (exploit)

2.2.5. Data

2.2.5.1. Classification

2.2.5.1.1. Backups

2.2.5.1.2. Storage Area

2.2.5.2. Encryption

2.2.5.3. Dispose

2.2.5.4. Policies

2.2.5.4.1. USB Drive

2.2.5.4.2. Personal Data

2.2.5.4.3. Retention Policy

2.2.5.4.4. DLP

2.2.5.4.5. Destroy Data

3. CIA Security Triad

3.1. Confidentiality

3.1.1. Permissions

3.2. Integrity

3.2.1. Hash

3.3. Availability

3.3.1. Disaster recovery

3.3.2. Backup

4. AAA's of Security

4.1. Authorization

4.2. Accounting

4.3. Authentication

4.3.1. Single Factor

4.3.2. Multi Factor

4.3.3. SSO

4.3.4. Kerberos (TCP/UDP 88)

4.3.4.1. KDC (Key Distribution Center)

4.3.4.2. AS (Authentication Server)

4.3.4.3. TGS (Ticket Granting Server)

4.3.5. Proof of Identify

4.3.5.1. Something YOU KNOW

4.3.5.2. Something YOU ARE

4.3.5.2.1. Behavioral

4.3.5.2.2. Physiological

4.3.5.3. Something YOU HAVE

4.3.6. Trust relantionship

4.3.6.1. One Way Trust

4.3.6.2. Two Way Trust

4.3.6.3. Transitive Trusts

4.3.7. Identify Management

4.3.7.1. Authorization

4.3.7.2. Proofing

4.3.7.2.1. classic

4.3.7.2.2. dynamic (on the fly)

4.3.7.2.3. out of band (call, SMS)

4.3.7.2.4. risk & behavior based

4.3.7.3. Password Policies

4.3.7.4. Provisioning

4.3.7.4.1. Automated

4.3.7.4.2. Groups Improve

4.3.7.4.3. De-provision

4.3.7.5. Maintenance

4.3.7.5.1. Lockout Policies

4.3.7.5.2. Time Restrictions

4.3.7.5.3. De-provision (Disable accounts)

4.3.7.6. Entitlement (privilege)

4.3.7.6.1. Admins should have separate administrative accounts

4.3.7.6.2. Groups is better than individual users

4.3.8. Access Controls

4.3.8.1. DAC (discretionary)

4.3.8.1.1. Most granular control

4.3.8.1.2. ACLs or DACLs

4.3.8.1.3. Access Control Entries (ACEs)

4.3.8.1.4. users have control over their files

4.3.8.2. Non-Discretionary

4.3.8.2.1. administrators control access granted to users (MAC Models)

4.3.8.2.2. prevent system files

4.3.8.3. RBAC (Role Based)

4.3.8.4. ABAC

4.3.8.5. Subject

4.3.8.5.1. users

4.3.8.5.2. computers

4.3.8.5.3. devices

4.3.8.5.4. app

4.3.8.5.5. networks

4.3.8.6. objects

4.3.8.6.1. data

4.3.8.6.2. hardware

4.3.8.6.3. networks

4.3.8.6.4. app

4.3.8.6.5. facilities

4.3.8.7. MAC Architecture Models (mandatory)

4.3.8.7.1. Bell-LaPadula model (confidentiality)

4.3.8.7.2. Biba model (Data Integrity)

4.3.8.7.3. Clark-Wilson model (Information Integrity)

4.3.8.7.4. Chinese Wall (brewer-Nash)