Computer Science > STUDY GUIDE > CISSP_Certification_training (All)

CISSP_Certification_training

Document Content and Description Below

CISSP Study Guide CERTIFICATION TRAININGCISSP Study GuideCISSP Study Guide Page 1 of 125 CISSP Study Guide Contents Chapter 1 – Taking the Exam......................................................................................................................................................... 10 Chapter 2 - Cryptography .............................................................................................................................................................. 10 Cryptography Concepts............................................................................................................................................................. 10 Cryptography History ................................................................................................................................................................ 11 Cryptosystem Features.............................................................................................................................................................. 12 Encryption Systems ................................................................................................................................................................... 13 Substitution Ciphers.................................................................................................................................................................. 14 Symmetric Algorithms............................................................................................................................................................... 15 5 Modes of DES...................................................................................................................................................................... 16 Triple DES (3DES) ................................................................................................................................................................... 18 Advanced Encryption Standard (AES).................................................................................................................................... 18 International Data Encryption Algorithm (IDEA) ................................................................................................................... 18 Skipjack.................................................................................................................................................................................. 18 Blowfish ................................................................................................................................................................................. 18 Twofish .................................................................................................................................................................................. 18 RC4 or ARC4........................................................................................................................................................................... 18 RC5......................................................................................................................................................................................... 18 RC6......................................................................................................................................................................................... 19 CAST....................................................................................................................................................................................... 19 Asymmetric Algorithms............................................................................................................................................................. 19 Diffie-Hellman........................................................................................................................................................................ 19 Key Agreement Process......................................................................................................................................................... 19 RSA......................................................................................................................................................................................... 19 El Gamal................................................................................................................................................................................. 19 Elliptic Curve Cryptosystem (ECC) ......................................................................................................................................... 20 Knapsack................................................................................................................................................................................ 20 Zero Knowledge Proof ........................................................................................................................................................... 20 Message Integrity...................................................................................................................................................................... 20 Hash Functions ...................................................................................................................................................................... 20 Message Digest Algorithms ................................................................................................................................................... 20 Digital Signatures....................................................................................................................................................................... 21 Public Key Infrastructure (PKI)............................................................................................................................................... 22 Key Management .................................................................................................................................................................. 23CISSP Study GuideCISSP Study Guide Page 2 of 125 CISSP Study Guide Trusted Platform Module.......................................................................................................................................................... 24 Encryption Communication Levels............................................................................................................................................ 25 Link Encryption ...................................................................................................................................................................... 25 End-to-End Encryption........................................................................................................................................................... 25 Email Security............................................................................................................................................................................ 25 Internet Security........................................................................................................................................................................ 26 Cryptography Attacks................................................................................................................................................................ 27 Chapter 3 – Physical Security ........................................................................................................................................................ 29 Threat Mitigation Techniques ................................................................................................................................................... 29 Geographical Man Made and Political Threats ......................................................................................................................... 29 Natural Threats and Mitigation ............................................................................................................................................. 29 Communications.................................................................................................................................................................... 29 Man-Made Threats................................................................................................................................................................ 29 Site and Facility Design.............................................................................................................................................................. 30 Layered Defense Model......................................................................................................................................................... 30 Crime Prevention Through Environmental Design (CPTED) .................................................................................................. 30 Physical Security Plan Goals .................................................................................................................................................. 31 Facility Selection Issues ......................................................................................................................................................... 31 Computer and Equipment Rooms ......................................................................................................................................... 31 Perimeter Security..................................................................................................................................................................... 32 Barriers or Bollards................................................................................................................................................................ 33 Fences and Gates................................................................................................................................................................... 33 Perimeter Intrusion Detection Systems ................................................................................................................................ 33 Lighting Systems .................................................................................................................................................................... 34 Types of Lighting.................................................................................................................................................................... 34 Additional Perimeter Measures ............................................................................................................................................ 34 Building and Internal Security ................................................................................................................................................... 34 Doors ..................................................................................................................................................................................... 34 Glass Entries .......................................................................................................................................................................... 36 Additional Interior Considerations ........................................................................................................................................ 36 Secure Data Centers and Fire Detection Systems ..................................................................................................................... 36 Data Centers.......................................................................................................................................................................... 36 Environmental Security and Fire Detection Systems ............................................................................................................ 36 Types of Power Issues ............................................................................................................................................................... 37 Dirty Power Protection.......................................................................................................................................................... 38 HVAC Guidelines........................................................................................................................................................................ 38CISSP Study GuideCISSP Study Guide Page 3 of 125 CISSP Study Guide Equipment Security and Personal Security ............................................................................................................................... 38 Equipment ............................................................................................................................................................................. 38 Personal................................................................................................................................................................................. 38 Chapter 4 - Security Architecture and Design ............................................................................................................................... 40 Security Model Concepts .......................................................................................................................................................... 40 System Architecture.................................................................................................................................................................. 40 Computing Platforms ................................................................................................................................................................ 40 Virtual Computing ..................................................................................................................................................................... 41 Security Services........................................................................................................................................................................ 41 System Concepts ....................................................................................................................................................................... 41 CPU ........................................................................................................................................................................................ 41 RAM ....................................................................................................................................................................................... 41 ROM....................................................................................................................................................................................... 42 Memory Concepts..................................................................................................................................................................... 42 Enforcing Process Security and Multitasking ............................................................................................................................ 43 Security System Architecture .................................................................................................................................................... 44 Trusteed Computer System Evaluation Criteria (Orange Book Concepts) ............................................................................ 44 The Open Group Architecture Framework (TOGAF) ............................................................................................................. 44 Security Architecture Documentation................................................................................................................................... 45 Security Models and Modes...................................................................................................................................................... 45 Bell-LaPadula Model.............................................................................................................................................................. 45 Biba Model ............................................................................................................................................................................ 46 Clark-Wilson Integrity Model ................................................................................................................................................ 46 Additional Models ................................................................................................................................................................. 46 Security Modes.......................................................................................................................................................................... 47 System Evaluation and Assurance Levels.................................................................................................................................. 47 ITSEC Ratings ......................................................................................................................................................................... 47 Common Criteria Assurance Levels ....................................................................................................................................... 47 Common Criteria ................................................................................................................................................................... 48 Certification and Accreditation ................................................................................................................................................. 48 Types of Accredidation .......................................................................................................................................................... 48 Security Architecture Threats.................................................................................................................................................... 49 Concerns with XML................................................................................................................................................................ 49 Database Security and Distributed System Security ................................................................................................................. 49 Data Mining Warehouse........................................................................................................................................................ 49 Distributed Systems Security................................................................................................................................................. 49CISSP Study GuideCISSP Study Guide Page 4 of 125 CISSP Study Guide Chapter 5 – Access Control............................................................................................................................................................ 51 Access Control Concepts ........................................................................................................................................................... 51 Default Stance ....................................................................................................................................................................... 51 Defense in Depth................................................................................................................................................................... 51 Identification and Authentication ............................................................................................................................................. 51 zaThree Factors for Authentication....................................................................................................................................... 52 Password Types and Management ........................................................................................................................................... 52 Password Policies ...................................................................................................................................................................... 53 Password Types and Management ........................................................................................................................................... 53 Ownership Factors................................................................................................................................................................. 53 Ownership Character Physiological Behavioral Factors ............................................................................................................ 53 Characteristic Factors................................................................................................................................................................ 53 Physiological Characteristic Factors ...................................................................................................................................... 53 Behavioral Characteristic Factors .......................................................................................................................................... 54 Biometric Considerations .......................................................................................................................................................... 54 Biometric Methods ranked by effectiveness:........................................................................................................................ 54 Biometric Methods ranked by user acceptance:................................................................................................................... 54 Authorization Concepts............................................................................................................................................................. 55 Authorization Concepts............................................................................................................................................................. 56 Federated Identity................................................................................................................................................................. 57 User Accountability ................................................................................................................................................................... 57 Vulnerability Assessment .......................................................................................................................................................... 57 Penetration Testing and Threat Modeling ................................................................................................................................ 58 Penetration Strategies........................................................................................................................................................... 58 Threat Modeling........................................................................................................................................................................ 58 Access Control Categories......................................................................................................................................................... 59 Access Control Types:............................................................................................................................................................ 59 Access Control Models .............................................................................................................................................................. 59 Access Control Matrix............................................................................................................................................................ 60 Access Control Administration .................................................................................................................................................. 60 Provisioning Life Cycle............................................................................................................................................................... 60 Access Control Monitoring........................................................................................................................................................ 61 IDS Implementations ............................................................................................................................................................. 61 Signature Based Implementations ........................................................................................................................................ 61 Access Control Threats.............................................................................................................................................................. 61 Password Threats .................................................................................................................................................................. 61CISSP Study GuideCISSP Study Guide Page 5 of 125 CISSP Study Guide Social Engineering Threats .................................................................................................................................................... 61 Chapter 6 - Software Development Security................................................................................................................................. 63 System Development Life Cycle ................................................................................................................................................ 63 Testing and Validation........................................................................................................................................................... 63 Software Development Security Best Practices .................................................................................................................... 63 Software Development Methods.............................................................................................................................................. 63 Programming Languages........................................................................................................................................................... 68 Object-Oriented Programming.............................................................................................................................................. 68 Programming Concepts ......................................................................................................................................................... 68 Distributed Object-Oriented System ..................................................................................................................................... 68 Database Architecture and Models........................................................................................................................................... 68 Database interface Languages............................................................................................................................................... 69 Data Warehousing and Data Mining ..................................................................................................................................... 69 Database Threats................................................................................................................................................................... 69 Access Control ....................................................................................................................................................................... 69 Access Control Mechanisms.................................................................................................................................................. 69 Monitoring for Problems....................................................................................................................................................... 69 Knowledge Based System...................................................................................................................................................... 70 Software Threats ................................................................................................................................................................... 70 More Malware....................................................................................................................................................................... 70 Rootkit ................................................................................................................................................................................... 70 Source Code Issues ................................................................................................................................................................ 70 Malware Protection............................................................................................................................................................... 70 Software Security Effectiveness ............................................................................................................................................ 70 Chapter 7 – Information Security Governance and Risk Management......................................................................................... 71 Principles and Terms ................................................................................................................................................................. 71 Security Frameworks and Methodologies............................................................................................................................. 71 Security Framework and Methodologies .............................................................................................................................. 73 Top Down versus Bottom Up................................................................................................................................................. 74 Risk Assessment ........................................................................................................................................................................ 74 Asset Value and Threat Identification ....................................................................................................................................... 75 Security Governance Components............................................................................................................................................ 77 Policies................................................................................................................................................................................... 78 Information Classification Life Cycle ......................................................................................................................................... 80 Commercial businesses usually classify data using four levels: ............................................................................................ 80 Military and Government:..................................................................................................................................................... 80CISSP Study GuideCISSP Study Guide Page 6 of 125 CISSP Study Guide Roles and Responsibilities ..................................................................................................................................................... 80 Personnel Security................................................................................................................................................................. 81 Security Training.................................................................................................................................................................... 81 Security Budget, Metrics, and Effectiveness ......................................................................................................................... 82 Chapter 8 Telecommunications and Network Security................................................................................................................. 83 Application Layer................................................................................................................................................................... 83 Presentation Layer................................................................................................................................................................. 83 Session Layer ......................................................................................................................................................................... 83 Transport Layer...................................................................................................................................................................... 83 Network Layer ....................................................................................................................................................................... 84 Data Link Layer ...................................................................................................................................................................... 85 Physical Layer ........................................................................................................................................................................ 85 TCP/IP Model......................................................................................................................................................................... 85 Encapsulation ........................................................................................................................................................................ 86 IP Addressing ......................................................................................................................................................................... 86 Asynchronous vs. Synchronous ............................................................................................................................................. 87 Broadband vs. Baseband ....................................................................................................................................................... 87 Unicast, Multicast, and Broadcast......................................................................................................................................... 87 Wired vs. Wireless ................................................................................................................................................................. 87 Twisted Pair ........................................................................................................................................................................... 88 Twisted Pair Variants............................................................................................................................................................. 88 Fiber Optic ............................................................................................................................................................................. 88 Network Topologies .................................................................................................................................................................. 89 Ring........................................................................................................................................................................................ 89 Bus ......................................................................................................................................................................................... 89 Star ........................................................................................................................................................................................ 89 Hybrid .................................................................................................................................................................................... 89 Ethernet................................................................................................................................................................................. 89 Token Ring 802.5 ................................................................................................................................................................... 90 Collision Domains .................................................................................................................................................................. 90 Contention Methods ............................................................................................................................................................. 90 ARP ........................................................................................................................................................................................ 91 DHCP...................................................................................................................................................................................... 91 Other Network Protocols and Services ................................................................................................................................. 91 Network Routing ....................................................................................................................................................................... 91 Network Devices.................................................................................................................................................................... 92CISSP Study GuideCISSP Study Guide Page 7 of 125 CISSP Study Guide Hub ........................................................................................................................................................................................ 92 Switch .................................................................................................................................................................................... 92 Other Devices ........................................................................................................................................................................ 92 Firewall Architectures............................................................................................................................................................ 92 Other Devices ........................................................................................................................................................................ 92 Cloud Computing................................................................................................................................................................... 92 Network Types....................................................................................................................................................................... 93 WAN Technologies ................................................................................................................................................................ 93 OC Lines SONET ..................................................................................................................................................................... 93 CSU/DSU ................................................................................................................................................................................ 93 Circuit Switching vs. Packet Switching................................................................................................................................... 93 Additional WAN Technologies............................................................................................................................................... 93 VOIP security ......................................................................................................................................................................... 94 Remote Connection Technologies......................................................................................................................................... 94 Dial-Up................................................................................................................................................................................... 94 Cable...................................................................................................................................................................................... 94 VPN Components................................................................................................................................................................... 94 IPsec Components ................................................................................................................................................................. 94 RADIUS and TACACS .............................................................................................................................................................. 95 Remote Authentication Protocols ......................................................................................................................................... 95 Wireless Networks 802.11 Techniques ................................................................................................................................. 95 Wireless Networks Cellular or Mobile Wireless Techniques................................................................................................. 95 WLAN 802.11 Standards........................................................................................................................................................ 95 Wireless Networks Short Range ............................................................................................................................................ 95 WLAN Security Models .......................................................................................................................................................... 96 Network Cable Threats.......................................................................................................................................................... 96 ICMP Attacks.......................................................................................................................................................................... 96 DNS Attack............................................................................................................................................................................. 96 Email Attacks ......................................................................................................................................................................... 96 Wireless Attacks .................................................................................................................................................................... 96 Other Attacks......................................................................................................................................................................... 97 Chapter 9 - Operations Security .................................................................................................................................................... 98 Concepts.................................................................................................................................................................................... 98 Protecting Tangible and Intangible Assets ................................................................................................................................ 98 Facilities ................................................................................................................................................................................. 98 Hardware............................................................................................................................................................................... 98CISSP Study GuideCISSP Study Guide Page 8 of 125 CISSP Study Guide Software ................................................................................................................................................................................ 98 Asset Management ................................................................................................................................................................... 98 Media Management.................................................................................................................................................................. 98 Storage Options..................................................................................................................................................................... 99 Storage Management Issues ............................................................................................................................................... 100 Sanitizing and Disposing of Data ......................................................................................................................................... 100 Network and Resource Management ................................................................................................................................. 100 Incident Response Management Steps ............................................................................................................................... 100 Change Management .......................................................................................................................................................... 100 Audit and Review................................................................................................................................................................. 100 Threats and Preventative Measures.................................................................................................................................... 101 System Hardening................................................................................................................................................................ 101 Monitoring and Reporting................................................................................................................................................... 101 Chapter 10 – Business Continuity and Disaster Recovery........................................................................................................... 102 Concepts.................................................................................................................................................................................. 102 BIA Development................................................................................................................................................................. 104 Identify Critical Processes and Resources ........................................................................................................................... 104 Identify Outage impacts.......................................................................................................................................................... 104 Identify outage impacts and estimate downtime ............................................................................................................... 104 Identify Resource Requirements ......................................................................................................................................... 105 Identify Recovery Proorities ................................................................................................................................................ 105 Business Continuity Scope and Plan........................................................................................................................................ 105 Preventive Controls................................................................................................................................................................. 105 Create Recovery Strategies ..................................................................................................................................................... 106 Categorize Asset Priority ..................................................................................................................................................... 107 Data Recovery Terms .............................................................................................................................................................. 108 Critical Terms and Duties ........................................................................................................................................................ 109 BCP Testing .......................................................................................................................................................................... 110 BCP Testing .......................................................................................................................................................................... 111 Chapter 11 – Legal, Regulations, Investigations, and Compliance .............................................................................................. 112 Digital Crime............................................................................................................................................................................ 112 Major Legal Systems................................................................................................................................................................ 112 Privacy ..................................................................................................................................................................................... 114 Personally Identifiable Information (PII) ............................................................................................................................. 114 Laws and Regulations .......................................................................................................................................................... 115 European Union (EU)........................................................................................................................................................... 116CISSP Study GuideCISSP Study Guide Page 9 of 125 CISSP Study Guide Liability ................................................................................................................................................................................ 117 Incidence Response ............................................................................................................................................................. 118 Forensics and Digital Investigations .................................................................................................................................... 118 Security and Professional Ethics.............................................................................................................................................. 122 Appendices .................................................................................................................................................................................. 124 Current CISSP Domains............................................................................................................................................................ 125CISSP Study GuideCISSP Study Guide Page 10 of 125 CISSP Study Guide Chapter 1 – Taking the Exam

[Show More]

Last updated: 2 months ago

Preview 1 out of 126 pages

Buy Now

Instant download