Frigør det fulde potentiale i dine projekter.
Vis hele kortet
Kopier og rediger map Kopier

CISSP

Andre
AH
Aung Htet
Kom i gang. Det er Gratis
eller tilmeld med din email adresse
Lignende mindmaps Mindmap-oversigt
CISSP af Mind Map: CISSP

1. Access Controls

1.1. You should be able to identify the type of any given access control. Access controls may be preventive (to stop unwanted or unauthorized activity from occurring), detective (to discover unwanted or unauthorized activity), or corrective (to restore systems to normal after an unwanted or unauthorized activity has occurred). Deterrent access controls attempt to discourage violation of security policies, by encouraging people to decide not to take an unwanted action. Recovery controls attempt to repair or restore resources, functions, and capabilities after a security policy violation. Directive controls attempt to direct, confine, or control the action of subjects to force or encourage compliance with security policy. Compensation controls provide options or alternatives to existing controls to aid in enforcement and support of a security policy.

1.1.1. Preventive

1.1.2. Detective

1.1.3. Corrective

1.1.4. Deterrent

1.1.5. Recovery

1.1.6. Directive

1.1.7. Compensation

1.2. Implementinon Methods

1.2.1. Administrative

1.2.2. Logical/ Technical

1.2.3. Physical

2. Asset Security

2.1. Classification

2.1.1. Commercial

2.1.1.1. confidential, private, sensitive, and public

2.1.2. Military

2.2. Act/ Law

2.2.1. Safe Harbor

2.2.1.1. Notice, choice, onward transfer, security, data integrity, access, enforcement

2.2.2. E.U DPD (Data Protection Directive)

2.2.2.1. The Data Protection Directive’s principles do not address data retention time periods. The seven principles are notice, purpose, consent, security, disclosure, access, and accountability.

3. Misc

3.1. SOC Reports

3.1.1. SOC 2 reports typically cover 6 months of operations. SOC 1 reports cover a point in time.

4. Communication & Network Security

4.1. packet filters are called first generation firewalls, Stateful packet inspection firewalls are known as second-generation firewalls. application level gateway firewalls are known as third generation firewalls <Next Gen>UTM, or Unified Threat Management is a concept used in next generation firewalls,

5. Identity & Access Management

6. Security And Risk Managemet

7. Evaluation Methods, Cert & Accred..

7.1. TCSEC (orange book)

7.1.1. D: Minimal Protection

7.1.2. C: Discretionary Protection C1: Discretionary Security Protection C2: Controlled Access Protection

7.1.3. B: Mandatory Protection B1: Labeled Security B2:Structured Protection B3: Security Domains

7.1.4. A: Verified Protection A1: Verified Design

7.2. ITSEC

7.2.1. assurance

7.2.1.1. effectiveness(Q)

7.2.1.2. correctness(E)

7.3. TNI (Red Book)

7.3.1. Trusted Network Interpretation

7.4. Int'l Common Criteria

7.4.1. Target of Evaluation(ToE)

7.4.1.1. system or product

7.4.2. Security Target (ST)

7.4.2.1. sec requirement/ operational enviroment

7.4.3. Protection Profile (PP)

7.4.3.1. indenpendent set of security requirement and objective for a specific category of products or systems i.e FW/ IDS

7.4.4. Evaluation Assurance Level (EAL)

7.4.4.1. score of tested product or system

7.4.4.2. Levels

7.4.4.2.1. EAL1= Functionally Tested

7.4.4.2.2. EAL2 = Structurally Tested

7.4.4.2.3. EAL3= Methodically tested & checked

7.4.4.2.4. EAL4= Methodically designed, tested & reviewed

7.4.4.2.5. EAL5= Semi-formally designed & tested

7.4.4.2.6. EAL6= Semi-formally verified, designed & tested

7.4.4.2.7. EAL7= Formally verified, designed & tested

8. Security Engineering

8.1. Models

8.1.1. Confidentiality

8.1.1.1. Bell-LaPadula

8.1.1.1.1. Simple security property

8.1.1.1.2. * security property

8.1.1.1.3. State Machine Model

8.1.2. Integrity

8.1.2.1. Clark-wilson

8.1.2.1.1. Primary Concepts

8.1.2.2. Biba

8.1.2.2.1. State Machine Model

8.1.2.2.2. The two rules of Biba are the simple rule of no read‐down and the star rule of no write‐up.

8.1.3. Information flow model

8.1.4. Chinese wall model

8.1.4.1. Brewr-Nash

8.1.4.2. Brewer and Nash model prevents conflicts of interest.

8.1.5. Non interference

8.1.6. take-grant

8.1.6.1. take

8.1.6.2. grant

8.1.6.3. create

8.1.6.4. remove

8.1.7. Zachman Framework

8.1.7.1. what, how, where, who, when & why

8.1.7.1.1. Planner, Owner, Designer, builder, programmer, users

8.1.8. Graham-Denning

8.1.8.1. Objects

8.1.8.2. subjects

8.1.8.3. rules

8.1.8.3.1. 8-Rules

8.2. Modes of Operations

8.2.1. Dedicated

8.2.1.1. object of one classification label only

8.2.1.2. subject = equal or greater than label of Obj

8.2.1.2.1. must have a valid security clearance for the highest level of information processed by the system, they must have access approval for all information processed by the system, and

8.2.1.2.2. need to know for all the information stored and processed on the system

8.2.2. System High

8.2.2.1. Obj = mixed labels

8.2.2.2. Subj = clearance

8.2.2.3. the user must have a valid security clearance for all information processed by the system, access approval for all information processed by the system, and a valid need to know for some, but not necessarily all.

8.2.3. Compartmented

8.2.3.1. subj = clearance

8.2.3.1.1. do not have the formal approval/ need to know for all info

8.2.3.1.2. formal system-enforced need to know to access

8.2.3.2. used technical control

8.2.4. Multistate

8.2.4.1. obj = differing sensitivity labels , are certified to handle data from different security classifications simultaneously by implementing protection mechanisms that segregate data appropriately.

8.2.4.2. reference monitor

8.2.4.2.1. to mediate access between subj & obj

8.2.5. Confinement restricts a process to reading from and writing to certain memory locations. Bounds are the limits of memory a process cannot exceed when reading or writing. Isolation is the mode a process runs in when it is confined through the use of memory bounds.

8.3. Secure System Design Concepts

8.3.1. Layering

8.3.1.1. Separate HW & SW functionality into modular tiers

8.3.1.2. generic list of security architecture layers: >Hardware >Kernel and device drivers >OS >Applications

8.3.2. Abstraction

8.3.2.1. hide unnecessary details from the user

8.3.2.2. provides a way to manage the complexity

8.3.3. Security Domains

8.3.3.1. list of objects a subject is allowed to access

8.3.3.2. Kernels

8.3.3.2.1. User Mode

8.3.3.2.2. Kernel Mode

8.3.4. Ring Model

8.3.4.1. 0 - Kernel

8.3.4.2. 1 - Other OS components that do not fit into Ring 0

8.3.4.3. 2 - Device Drivers

8.3.4.4. 3 - User Applications

8.3.5. Opened & Closed Systems

8.3.5.1. Opened

8.3.5.1.1. used standard HW/SW

8.3.5.2. Closed

8.3.5.2.1. used proprietary HW/SW

8.3.6. Multitasking & Multiprocessing

8.3.6.1. Mulitasksing

8.3.6.1.1. allow multiple tasks to run simultaneously on one CPU

8.3.6.2. Multiprogramming

8.3.6.2.1. allow multiple programs to run simultaneously on one CPU

8.3.6.3. Multithreading

8.3.6.3.1. multiple threads running simultaneously on one CPU

8.3.6.4. Multiprocessing

8.3.6.4.1. runs multiple processes on multiple CPUs.

8.3.6.4.2. Two Types

8.4. Crypto

8.4.1. El Gamal

8.4.1.1. from Diffie Hellman

8.4.1.2. double length (2X) of encrypt msg

8.4.1.3. Not supported by Digital Signature

8.4.2. Elliptic Curve Crypto (ECC)

8.4.2.1. 1024 RSA = 160 ECC

8.4.3. SHA-1

8.4.3.1. 160 bit (fix) message digest (regardless of size of inputs)

8.4.4. Encryption

8.4.4.1. TKIP

8.4.4.1.1. Used in WPA

8.4.4.2. AES

8.4.4.2.1. Used in WPA2

8.4.4.3. IDEA

8.4.4.3.1. Used in PGP (Pretty Good Privacy) email

8.4.4.4. Bcrypt (blowfish)

8.4.4.4.1. Linux systems use bcrypt to encrypt passwords, and bcrypt is based on Blowfish. Bcrypt adds 128 additional bits as a salt to protect against rainbow table attacks.

8.4.4.4.2. Blowfish has a 64-bit block size and a variable key length from 32 bits up to 448 bits.

8.4.5. Certificate

8.4.5.1. CA’s private key

8.4.5.1.1. To digitally sign the completed certificate, The last step of the certificate creation process is the digital signature. During this step, the certificate authority signs the certificate using its own private key.

8.4.5.2. CA'S public key

8.4.5.2.1. authenticity of that certificate by using the CA’s public key to validate the digital signature contained on the certificate.

8.4.6. Operation Mode

8.4.6.1. DES

8.4.6.1.1. Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR)

8.4.6.2. AES

8.4.7. Attacks

8.4.7.1. Brute‐force attacks are attempts to randomly find the correct cryptographic key. Known plaintext, chosen ciphertext, and chosen plaintext attacks require the attacker to have some extra information in addition to the ciphertext. The meet‐in‐the‐middle attack exploits protocols that use two rounds of encryption. The man‐in‐the‐middle attack fools both parties into communicating with the attacker instead of directly with each other. The birthday attack is an attempt to find collisions in hash functions. The replay attack is an attempt to reuse authentication requests.