cissp course - cloudinary · pdf filereproduction prohibited overview isc2 requirements on...
TRANSCRIPT
![Page 1: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/1.jpg)
Reproduction prohibited
CISSP COURSEPART 1
ENTREPRENEUR | CISO ADVISOR | CYBERFEMINIST | PEERLYST BRAND
AMBASSADOR | TOP 50 CYBER INFLUENCER | @RESPONSIBLE CYBER
MAGDA LILIA CHELLY
1
![Page 2: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/2.jpg)
Reproduction prohibited
OVERVIEW
ISC2 REQUIREMENTS ON INDIVIDUALS
THESE INCLUDE:
• BACKGROUND
• FIVE YEARS EXPERIENCE IN ANY OF THE 10 DOMAINS OR FOUR YEARS EXPERIENCE AND
A COLLEGE DEGREE
• TEST FEE
• APPROVED APPLICATION
• AGREEMENT TO THE ISC2 CODE OF ETHICS
2
![Page 3: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/3.jpg)
Reproduction prohibited
DOMAINS
THE 8 DOMAINS ARE:
1. SECURITY AND RISK MANAGEMENT
2. ASSET SECURITY
3. SECURITY ENGINEERING
4. COMMUNICATION AND NETWORK SECURITY
5. IDENTITY AND ACCESS MANAGEMENT
6. SECURITY ASSESSMENT AND TESTING
7. SECURITY OPERATIONS
8. SOFTWARE DEVELOPMENT SECURITY
3
![Page 4: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/4.jpg)
Reproduction prohibited4
SECURITY AND RISK MANAGEMENT
![Page 5: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/5.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
5
• Confidentiality: Ensures that information
is not compromised or shared.
• Integrity: Ensures that data is not
damaged or modified.
• Availability: Ensures that information is
always available when needed.
Availability
![Page 6: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/6.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
6
Identification
Authentication
Authorization
Auditing
Accounting
Username
Password
Access rights
Logs
Review
![Page 7: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/7.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
7
NONREPUDIATION The subject of an
activity or event is not in measure to deny that the
event happened
DATA HIDING The data is prevented from
access
![Page 8: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/8.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
8
Data Owner responsible for classifying information
Data Custodian responsible for prescribed protection implementation
DUE CARE Doing the right thing
DUE DILIGENCE Continuing to do the right thing
![Page 9: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/9.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
9
SECURITY MANAGEMENT Strategic (Long term
plan with goals, mission, and objectives), tactical
(Midterm plan with detailed goals), and operational plans
(Short term plan)
![Page 10: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/10.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
10
Procedures
Guidelines
Standards
PoliciesSecurity governance practicesdefining, and directing the security efforts
![Page 11: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/11.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
11
CONTROL OBJECTIVES FOR INFORMATION & RELATED
TECHNOLOGY (COBIT) security concept
infrastructure
![Page 12: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/12.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
12
The annual costs of safeguards
should not exceed the expected
annual cost of asset loss.
![Page 13: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/13.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
13
A quantitative risk analysis
calculates the ALE, which is
the annual loss of an
asset if expected threats are
realized.
![Page 14: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/14.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
14
![Page 15: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/15.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
15
Delphi Risk Analysis
• Group discussion method
• Opinion
• Comments are written anonymously
• Consent
![Page 16: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/16.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
16
Property Quantitative Qualitative
Financial costs
Automated
History
Without calculations
Low history required
Easy
Smooth communication
![Page 17: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/17.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
17
![Page 18: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/18.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
18
Control types are:
• Preventive• Detective• Corrective• Deterrent• Recovery• Directive• Compensative
Co
ntr
ols Administrative
Logical
Physical
![Page 19: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/19.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
19
Employees & hiring process should take in consideration:
• Collusion
• Screening
• Background checks
• Security clearances
• Employment agreements
• Nondisclosure agreements
![Page 20: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/20.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
20
Separation of duties Critical task division between
several employees
Least Privilege Minimum access
Job Rotation Rotate personnel
Mandatory vacations One or two weeks of vacation
![Page 21: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/21.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
21
Criminal law Protect basic principles
Civil law Protect transactions between people and
organizations
Administrative law Protect day-to-day operations
![Page 22: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/22.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
22
Copyrights Authorship protection
Trademarks Names, and logos protection
Patents Invention protection
Trade secret Company’s operation protection
©
™®
![Page 23: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/23.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
23
![Page 24: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/24.jpg)
Reproduction prohibited24
ASSET SECURITY
![Page 25: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/25.jpg)
Reproduction prohibited
ASSET SECURITY
25
Personally identifiable information (PII) Data that
can identify an individual
Protected health information (PHI) Health-related
data related to an individual
![Page 26: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/26.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
26
Top Secret
Secret
Confidential
Sensitive but Unclassified
Unclassified
Confidential / Private
Sensitive
Public
![Page 27: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/27.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
27
Sanitization represents processes
removing data from a system or from
media.
Data remanence is the data that stays
on a hard drive as residual magnetic
flux.
![Page 28: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/28.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
28
Degaussing is the process of reducing or eliminating an unwanted
magnetic field (or data) stored on tape and disk media.
Erasing media is deleting data.
Clearing, or overwriting, is preparing media for reuse.
Purging is a more intense form of clearing.
![Page 29: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/29.jpg)
Reproduction prohibited
SECURITY & RISK MANAGEMENT
29
To remove data from solid state drives (SSDs), commonly is used
destruction.
![Page 30: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/30.jpg)
Reproduction prohibited
ASSET SECURITY
30
The EU Data Protection law enforce protection of privacy
data.
Safe Harbor principles is a method of ensuring that third
parties are complying with the EU Data Protection law.
The seven principles are notice, choice, onward transfer,
security, data integrity, access, and enforcement.
![Page 31: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/31.jpg)
Reproduction prohibited31
SECURITY ENGINEERING
![Page 32: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/32.jpg)
Reproduction prohibited
SECURITY ENGINEERING
32
Work function, or work factor Strength of a
cryptography system
![Page 33: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/33.jpg)
Reproduction prohibited
SECURITY ENGINEERING
33
• Fixed-length output
• One-way
• Functionality
• Collision free
![Page 34: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/34.jpg)
Reproduction prohibited
SECURITY ENGINEERING
34
Zero-knowledge proof communication concept with no real data transfer, example digital signature
Split knowledgeMultiple users required to perform the operation
![Page 35: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/35.jpg)
Reproduction prohibited
SECURITY ENGINEERING
35
(n*n)-1/2 n
![Page 36: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/36.jpg)
Reproduction prohibited
SECURITY ENGINEERING
36
![Page 37: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/37.jpg)
Reproduction prohibited
SECURITY ENGINEERING
37
Digital Signature Standard (DSS)
SHA-1 and SHA-2 message digest functions
+
One encryption algorithms (Digital Signature Algorithm (DSA);Rivest, Shamir, Adleman (RSA); or Elliptic Curve DSA (ECDSA) )
![Page 38: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/38.jpg)
Reproduction prohibited
SECURITY ENGINEERING
38
![Page 39: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/39.jpg)
Reproduction prohibited
SECURITY ENGINEERING
39
![Page 40: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/40.jpg)
Reproduction prohibited
SECURITY ENGINEERING
40
Certification Technical evaluation
Accreditation Process of formal acceptance
![Page 41: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/41.jpg)
Reproduction prohibited
SECURITY ENGINEERING
41
CPU classification
• Multitasking: A single processor
• Multiprogramming: A single processor
• Multiprocessing: Multiple processors
![Page 42: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/42.jpg)
Reproduction prohibited
SECURITY ENGINEERING
42
Dedicated systems all users have clearance, access
permissions, and need to know for all data
System high mode No need-to-know
Compartmented No need-to-know & no access
permission requirement
Multilevel mode Removes all three requirements
![Page 43: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/43.jpg)
Reproduction prohibited
SECURITY ENGINEERING
43
TCSEC Trusted Computer System Evaluation Criteria
(TCSEC), United States Government Department of Defence
ITSEC Information Technology Security Evaluation
Criteria, by the Commission of the European Communities
TCB Trusted computing base (hardware, firmware,
and/or software components)
![Page 44: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/44.jpg)
Reproduction prohibited
SECURITY ENGINEERING
44
The Reference Monitor
Part of the TCB
Validates access to resource
Rings of protection work with TCB
File
Subject
Reference
Monitor
Object
Security Kernel
![Page 45: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/45.jpg)
Reproduction prohibited
SECURITY ENGINEERING
45
Ring 0: OS Kernel/Memory
Ring 1: Others OS Components
Ring 2: Drivers, Protocols
Ring 3: User-Level programs
and applications
![Page 46: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/46.jpg)
Reproduction prohibited
SECURITY ENGINEERING
46
BRING YOUR OWN DISASTER
BYOD
NO, NO, NO :p
BRING YOUR OWN DEVICE
![Page 47: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/47.jpg)
Reproduction prohibited
SECURITY ENGINEERING
47
A covert channel Method that is used to transfer information but that is not normally used for information.
![Page 48: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/48.jpg)
Reproduction prohibited
SECURITY ENGINEERING
48
Buffer overflow, no, no, no not Buffalo Flow …
Size check failure and memory data writing
![Page 49: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/49.jpg)
Reproduction prohibited
SECURITY ENGINEERING
49
Time-of-check-to-time-of-use or TOCTTOU
Watch the state of data or resources
![Page 50: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/50.jpg)
Reproduction prohibited
SECURITY ENGINEERING
50
Physical Security
A MUSTSite management, personnel controls, awareness training, and emergency response andprocedures
![Page 51: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/51.jpg)
Reproduction prohibited
SECURITY ENGINEERING
51
Technical physical controls
Intrusion detection, alarms, CCTV, monitoring, HVAC, power supplies, and fire detection and suppression
![Page 52: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/52.jpg)
Reproduction prohibited
SECURITY ENGINEERING
52
The humidity should be between 40% to 60%.
The temperature should be between 10 and 26 Celsius or 50-80 Fahrenheit.
![Page 53: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/53.jpg)
Reproduction prohibited
SECURITY ENGINEERING
53
Physical controls
Fencing, lighting, locks, construction materials, mantraps, dogs, andguards
![Page 54: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/54.jpg)
Reproduction prohibited
SECURITY ENGINEERING
54
PREVENTATIVE CONTROLSNo internal or external access
DETECTIVE CONTROLSTrack an unauthorized transaction
CORRECTIVE CONTROLSRecover or restore operations
DETERRENT CONTROLSUsed to encourage or increase compliance
![Page 55: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/55.jpg)
Reproduction prohibited
SECURITY ENGINEERING
55
![Page 56: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/56.jpg)
Reproduction prohibited56
COMMUNICATION & NETWORK SECURITY
![Page 57: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/57.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
57
TCP/IP is similar to the OSI model
![Page 58: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/58.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
58
• Transfer of bits
Example of equipment:
• Network interface controller
• Repeater
• Ethernet hub
• Modem
• Fiber media converter
PHYSICAL LAYER
![Page 59: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/59.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
59
• Combines bits into bytes and bytes into frames
• Uses MAC addresses
• Error detection
Sub-Layers:
• Logical link control sublayer
• Media access control sublayer
Example of equipment:
• Bridges
• Layer 2 switches = multi-port bridges DATA LAYER
![Page 60: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/60.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
60
• Serial Line Internet Protocol (SLIP)
• Point-to-Point Protocol (PPP)
• Address Resolution Protocol (ARP)
• Reverse Address Resolution Protocol (RARP)
• Layer 2 Forwarding (L2F)
• Layer 2 Tunnelling Protocol (L2TP)
• Point-to-Point Tunnelling Protocol (PPTP)
• Integrated Services Digital Network (ISDN)
DATA LAYER
![Page 61: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/61.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
61
• Logical addressing
NETWORK LAYERExample of equipment:
• Router
• Switches
![Page 62: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/62.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
62
L2 switch Switching only
It uses MAC addresses to switch the packets from a port to the destination
port
L3 switch Switching, IP addresses & routing
For intra-VLAN communication, it uses the MAC address table. For extra-
VLAN communication, it uses the IP routing table.
![Page 63: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/63.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
63
• Internet Control Message Protocol (ICMP)
• Routing Information Protocol (RIP)
• Open Shortest Path First (OSPF)
• Border Gateway Protocol (BGP)
• Internet Group Management Protocol (IGMP)
• Internet Protocol (IP)
• Internet Protocol Security (IPSec)
• Internetwork Packet Exchange (IPX)
• Network Address Translation (NAT)
• Simple Key Management for Internet Protocols (SKIP)
NETWORK LAYER
![Page 64: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/64.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
64
• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP)
• Sequenced Packet Exchange (SPX)
• Secure Sockets Layer (SSL)
• Transport Layer Security (TLS)
TRANSPORT LAYER
![Page 65: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/65.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
65Source: https://en.wikipedia.org/wiki/Transport_layer
![Page 66: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/66.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
66
• Authentication• Authorization• Session restoration
• Network File System (NFS)
• Structured Query Language (SQL)
• Remote Procedure Call (RPC)
SESSION LAYER
![Page 67: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/67.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
67
• Data Presentation/Translation, example XML, PHP, GIF, and JPEG • Encryption • Compression
PRESENTATION LAYER
‘’For example, HyperText Transfer Protocol (HTTP), usually presented as
an application-layer protocol, uses presentation-layer features to display
data.’’
![Page 68: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/68.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
68
• American Standard Code for Information Interchange (ASCII)
• Extended Binary-Coded Decimal Interchange Mode (EBCDICM)
• Tagged Image File Format (TIFF)
• Joint Photographic Experts Group (JPEG)
• Moving Picture Experts Group (MPEG)
• Musical Instrument Digital Interface (MIDI)
PRESENTATION LAYER
![Page 69: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/69.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
69
• User interface for applications
![Page 70: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/70.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
70
• Hypertext Transfer Protocol (HTTP)
• File Transfer Protocol (FTP)
• Simple Mail Transfer Protocol (SMTP)
• Telnet
• Trivial File Transfer Protocol (TFTP)
• Post Office Protocol version 3 (POP3)
• Internet Message Access Protocol (IMAP)
• Simple Network Management Protocol (SNMP)
![Page 71: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/71.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
71
Frame
Data packetDestination
address
Source
addressType
Frame check
sequence
6 bytes 6 bytes 2 bytes 46–1500 bytes 4 bytes
![Page 72: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/72.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
72
TCP/IP Model
coaxial, fiber optic, wireless
Networkaccess andlocalnetwork
UDP
Internet
Host-to-hostTCP
Process andapplication
Network interface cards
FTP SMTP RIP DNS SNMP
ARP RARP
IP IGMP ICMP
![Page 73: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/73.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
73
IPv4 (32 bits) vs IPv6 (128 bits)
![Page 74: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/74.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
74
IPv6 application rules
Initial address: 2008:0cb9:0000:0000:0000:ee00:0052:7329
After removing all leading zeroes:
2008:0cb9:0:0:0:ee00:0052:7329
After omitting consecutive groups of zeroes:
2008:0cb9::ee00:0052:7329
The loopback address, 0000:0000:0000:0000:0000:0000:0000:0001 is equivalent
to ::1
![Page 75: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/75.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
75
Address Class Range and Class Description
A0.0.0.0 to 126.0.0.0
Mask 255.0.0.0First byte defines network
B128.0.0.0 to 192.255.0.0
Mask 255.255.0.0First two bytes define network
C192.0.0.0 to 223.255.255.0
Mask 255.255.255.0First three bytes define network
D 224.0.0.0 to 239.255.255.255 Multicast traffic
E 240.0.0.0 to 255.255.255 Reserved for future use
IP document (RFC 721)
![Page 76: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/76.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
76
ICMP Internet Control Messaging Protocol
![Page 77: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/77.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
77
ARP Address Resolution ProtocolRARP Reverse Address Resolution Protocol
ARP only works between devices in the same IP subnet.
![Page 78: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/78.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
78
The TCP three-way handshakeURG: Urgent data
ACK: Significant acknowledgement number field
PSH: Need to push buffered data to the application
RST: Reset TCP connection
SYN: Synchronize with the new sequence number value
FIN: Final data
![Page 79: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/79.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
79
UDP Protocol
Connectionless protocol
No handshake
Data
Data
Data
Data
![Page 80: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/80.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
80
Service TCP UDP
Reliability
Connection
Congestion Control
Speed
![Page 81: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/81.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
81
20 FTP data
21 FTP control
22 SSH
23 Telnet
25 SMTP
53 DNS
69 TFTP
80 HTTP
110 POP3
119 NNTP
123 NTP
143 IMAP4
443 HTTPS
Well Known ports: 0-1023 for a total of 65535
Example of security practices: Moving SSH off the default
port of 22 will deter some of the non-targeted and script
kiddie type attacks
![Page 82: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/82.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
82Source: http://www.planetoftunes.com
![Page 83: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/83.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
83
Mesh Topology: All workstations are connected to each-
other
• Advantage: Dedicated connection for all workstations.
• Disadvantage: The more wires required for each
connection.
Star Topology: All workstations are connected to the
central equipment
• Advantage: Other workstations can connect easily
without affecting rest of the network.
• Disadvantage: Single point of failure (Central hub or
switch)
Bus Topology: All workstations are connected to a
backbone
• Advantage: Requires less cable length.
• Disadvantage: Single Point of Failure (Backbone)
![Page 84: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/84.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
84
BNCRJ-45
10Base2
10BaseT
![Page 85: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/85.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
85
Twisting wires helps
reduce the effect of
stray capacitance, noise
and signal loss.
![Page 86: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/86.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
86
Wireless technologies
Wireless encryption standards:
• Wired Equivalent
Privacy (WEP)
• Wi-Fi Protected Access
(WPA)
• WPA2
![Page 87: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/87.jpg)
Reproduction prohibited
COMMUNICATION & NETWORK SECURITY
87
Warwalking: Walking around
Wardriving: Driving around
Warflying: Flying around to look
Warchalking: Drawing of symbols in public
places to advertise an open Wi-Fi network
![Page 88: CISSP COURSE - Cloudinary · PDF filereproduction prohibited overview isc2 requirements on individuals these include: • background • five years experience in any of the 10 domains](https://reader033.vdocuments.site/reader033/viewer/2022051600/5aa7da287f8b9a6d5a8cdbec/html5/thumbnails/88.jpg)
Reproduction prohibited
THANK YOU !
PLEASE FEEL FREE TO ASK QUESTIONS OR SHARE YOUR TIPS
88