Computer Science  >  STUDY GUIDE  >  CISSP_Certification_training (All)

CISSP_Certification_training

Document Content and Description Below

CISSP Study Guide CERTIFICATION TRAININGCISSP Study GuideCISSP Study Guide Page 1 of 125 CISSP Study Guide Contents Chapter 1 – Taking the Exam.................................................. ... ....................................................................................................... 10 Chapter 2 - Cryptography .............................................................................................................................................................. 10 Cryptography Concepts............................................................................................................................................................. 10 Cryptography History ................................................................................................................................................................ 11 Cryptosystem Features.............................................................................................................................................................. 12 Encryption Systems ................................................................................................................................................................... 13 Substitution Ciphers.................................................................................................................................................................. 14 Symmetric Algorithms............................................................................................................................................................... 15 5 Modes of DES...................................................................................................................................................................... 16 Triple DES (3DES) ................................................................................................................................................................... 18 Advanced Encryption Standard (AES).................................................................................................................................... 18 International Data Encryption Algorithm (IDEA) ................................................................................................................... 18 Skipjack.................................................................................................................................................................................. 18 Blowfish ................................................................................................................................................................................. 18 Twofish .................................................................................................................................................................................. 18 RC4 or ARC4........................................................................................................................................................................... 18 RC5......................................................................................................................................................................................... 18 RC6......................................................................................................................................................................................... 19 CAST....................................................................................................................................................................................... 19 Asymmetric Algorithms............................................................................................................................................................. 19 Diffie-Hellman........................................................................................................................................................................ 19 Key Agreement Process......................................................................................................................................................... 19 RSA......................................................................................................................................................................................... 19 El Gamal................................................................................................................................................................................. 19 Elliptic Curve Cryptosystem (ECC) ......................................................................................................................................... 20 Knapsack................................................................................................................................................................................ 20 Zero Knowledge Proof ........................................................................................................................................................... 20 Message Integrity...................................................................................................................................................................... 20 Hash Functions ...................................................................................................................................................................... 20 Message Digest Algorithms ................................................................................................................................................... 20 Digital Signatures....................................................................................................................................................................... 21 Public Key Infrastructure (PKI)............................................................................................................................................... 22 Key Management .................................................................................................................................................................. 23CISSP Study GuideCISSP Study Guide Page 2 of 125 CISSP Study Guide Trusted Platform Module.......................................................................................................................................................... 24 Encryption Communication Levels............................................................................................................................................ 25 Link Encryption ...................................................................................................................................................................... 25 End-to-End Encryption........................................................................................................................................................... 25 Email Security............................................................................................................................................................................ 25 Internet Security........................................................................................................................................................................ 26 Cryptography Attacks................................................................................................................................................................ 27 Chapter 3 – Physical Security ........................................................................................................................................................ 29 Threat Mitigation Techniques ................................................................................................................................................... 29 Geographical Man Made and Political Threats ......................................................................................................................... 29 Natural Threats and Mitigation ............................................................................................................................................. 29 Communications.................................................................................................................................................................... 29 Man-Made Threats................................................................................................................................................................ 29 Site and Facility Design.............................................................................................................................................................. 30 Layered Defense Model......................................................................................................................................................... 30 Crime Prevention Through Environmental Design (CPTED) .................................................................................................. 30 Physical Security Plan Goals .................................................................................................................................................. 31 Facility Selection Issues ......................................................................................................................................................... 31 Computer and Equipment Rooms ......................................................................................................................................... 31 Perimeter Security..................................................................................................................................................................... 32 Barriers or Bollards................................................................................................................................................................ 33 Fences and Gates................................................................................................................................................................... 33 Perimeter Intrusion Detection Systems ................................................................................................................................ 33 Lighting Systems .................................................................................................................................................................... 34 Types of Lighting.................................................................................................................................................................... 34 Additional Perimeter Measures ............................................................................................................................................ 34 Building and Internal Security ................................................................................................................................................... 34 Doors ..................................................................................................................................................................................... 34 Glass Entries .......................................................................................................................................................................... 36 Additional Interior Considerations ........................................................................................................................................ 36 Secure Data Centers and Fire Detection Systems ..................................................................................................................... 36 Data Centers.......................................................................................................................................................................... 36 Environmental Security and Fire Detection Systems ............................................................................................................ 36 Types of Power Issues ............................................................................................................................................................... 37 Dirty Power Protection.......................................................................................................................................................... 38 HVAC Guidelines........................................................................................................................................................................ 38CISSP Study GuideCISSP Study Guide Page 3 of 125 CISSP Study Guide Equipment Security and Personal Security ............................................................................................................................... 38 Equipment ............................................................................................................................................................................. 38 Personal................................................................................................................................................................................. 38 Chapter 4 - Security Architecture and Design ............................................................................................................................... 40 Security Model Concepts .......................................................................................................................................................... 40 System Architecture.................................................................................................................................................................. 40 Computing Platforms ................................................................................................................................................................ 40 Virtual Computing ..................................................................................................................................................................... 41 Security Services........................................................................................................................................................................ 41 System Concepts ....................................................................................................................................................................... 41 CPU ........................................................................................................................................................................................ 41 RAM ....................................................................................................................................................................................... 41 ROM....................................................................................................................................................................................... 42 Memory Concepts..................................................................................................................................................................... 42 Enforcing Process Security and Multitasking ............................................................................................................................ 43 Security System Architecture .................................................................................................................................................... 44 Trusteed Computer System Evaluation Criteria (Orange Book Concepts) ............................................................................ 44 The Open Group Architecture Framework (TOGAF) ............................................................................................................. 44 Security Architecture Documentation................................................................................................................................... 45 Security Models and Modes...................................................................................................................................................... 45 Bell-LaPadula Model.............................................................................................................................................................. 45 Biba Model ............................................................................................................................................................................ 46 Clark-Wilson Integrity Model ................................................................................................................................................ 46 Additional Models ................................................................................................................................................................. 46 Security Modes.......................................................................................................................................................................... 47 System Evaluation and Assurance Levels.................................................................................................................................. 47 ITSEC Ratings ......................................................................................................................................................................... 47 Common Criteria Assurance Levels ....................................................................................................................................... 47 Common Criteria ................................................................................................................................................................... 48 Certification and Accreditation ................................................................................................................................................. 48 Types of Accredidation .......................................................................................................................................................... 48 Security Architecture Threats.................................................................................................................................................... 49 Concerns with XML................................................................................................................................................................ 49 Database Security and Distributed System Security ................................................................................................................. 49 Data Mining Warehouse........................................................................................................................................................ 49 Distributed Systems Security................................................................................................................................................. 49CISSP Study GuideCISSP Study Guide Page 4 of 125 CISSP Study Guide Chapter 5 – Access Control............................................................................................................................................................ 51 Access Control Concepts ........................................................................................................................................................... 51 Default Stance ....................................................................................................................................................................... 51 Defense in Depth................................................................................................................................................................... 51 Identification and Authentication ............................................................................................................................................. 51 zaThree Factors for Authentication....................................................................................................................................... 52 Password Types and Management ........................................................................................................................................... 52 Password Policies ...................................................................................................................................................................... 53 Password Types and Management ........................................................................................................................................... 53 Ownership Factors................................................................................................................................................................. 53 Ownership Character Physiological Behavioral Factors ............................................................................................................ 53 Characteristic Factors................................................................................................................................................................ 53 Physiological Characteristic Factors ...................................................................................................................................... 53 Behavioral Characteristic Factors .......................................................................................................................................... 54 Biometric Considerations .......................................................................................................................................................... 54 Biometric Methods ranked by effectiveness:........................................................................................................................ 54 Biometric Methods ranked by user acceptance:................................................................................................................... 54 Authorization Concepts............................................................................................................................................................. 55 Authorization Concepts............................................................................................................................................................. 56 Federated Identity................................................................................................................................................................. 57 User Accountability ................................................................................................................................................................... 57 Vulnerability Assessment .......................................................................................................................................................... 57 Penetration Testing and Threat Modeling ................................................................................................................................ 58 Penetration Strategies........................................................................................................................................................... 58 Threat Modeling........................................................................................................................................................................ 58 Access Control Categories......................................................................................................................................................... 59 Access Control Types:............................................................................................................................................................ 59 Access Control Models .............................................................................................................................................................. 59 Access Control Matrix............................................................................................................................................................ 60 Access Control Administration .................................................................................................................................................. 60 Provisioning Life Cycle............................................................................................................................................................... 60 Access Control Monitoring........................................................................................................................................................ 61 IDS Implementations ............................................................................................................................................................. 61 Signature Based Implementations ........................................................................................................................................ 61 Access Control Threats.............................................................................................................................................................. 61 Password Threats .................................................................................................................................................................. 61CISSP Study GuideCISSP Study Guide Page 5 of 125 CISSP Study Guide Social Engineering Threats .................................................................................................................................................... 61 Chapter 6 - Software Development Security................................................................................................................................. 63 System Development Life Cycle ................................................................................................................................................ 63 Testing and Validation........................................................................................................................................................... 63 Software Development Security Best Practices .................................................................................................................... 63 Software Development Methods.............................................................................................................................................. 63 Programming Languages........................................................................................................................................................... 68 Object-Oriented Programming.............................................................................................................................................. 68 Programming Concepts ......................................................................................................................................................... 68 Distributed Object-Oriented System ..................................................................................................................................... 68 Database Architecture and Models........................................................................................................................................... 68 Database interface Languages............................................................................................................................................... 69 Data Warehousing and Data Mining ..................................................................................................................................... 69 Database Threats................................................................................................................................................................... 69 Access Control ....................................................................................................................................................................... 69 Access Control Mechanisms.................................................................................................................................................. 69 Monitoring for Problems....................................................................................................................................................... 69 Knowledge Based System...................................................................................................................................................... 70 Software Threats ................................................................................................................................................................... 70 More Malware....................................................................................................................................................................... 70 Rootkit ................................................................................................................................................................................... 70 Source Code Issues ................................................................................................................................................................ 70 Malware Protection............................................................................................................................................................... 70 Software Security Effectiveness ............................................................................................................................................ 70 Chapter 7 – Information Security Governance and Risk Management......................................................................................... 71 Principles and Terms ................................................................................................................................................................. 71 Security Frameworks and Methodologies............................................................................................................................. 71 Security Framework and Methodologies .............................................................................................................................. 73 Top Down versus Bottom Up................................................................................................................................................. 74 Risk Assessment ........................................................................................................................................................................ 74 Asset Value and Threat Identification ....................................................................................................................................... 75 Security Governance Components............................................................................................................................................ 77 Policies................................................................................................................................................................................... 78 Information Classification Life Cycle ......................................................................................................................................... 80 Commercial businesses usually classify data using four levels: ............................................................................................ 80 Military and Government:..................................................................................................................................................... 80CISSP Study GuideCISSP Study Guide Page 6 of 125 CISSP Study Guide Roles and Responsibilities ..................................................................................................................................................... 80 Personnel Security................................................................................................................................................................. 81 Security Training.................................................................................................................................................................... 81 Security Budget, Metrics, and Effectiveness ......................................................................................................................... 82 Chapter 8 Telecommunications and Network Security................................................................................................................. 83 Application Layer................................................................................................................................................................... 83 Presentation Layer................................................................................................................................................................. 83 Session Layer ......................................................................................................................................................................... 83 Transport Layer...................................................................................................................................................................... 83 Network Layer ....................................................................................................................................................................... 84 Data Link Layer ...................................................................................................................................................................... 85 Physical Layer ........................................................................................................................................................................ 85 TCP/IP Model......................................................................................................................................................................... 85 Encapsulation ........................................................................................................................................................................ 86 IP Addressing ......................................................................................................................................................................... 86 Asynchronous vs. Synchronous ............................................................................................................................................. 87 Broadband vs. Baseband ....................................................................................................................................................... 87 Unicast, Multicast, and Broadcast......................................................................................................................................... 87 Wired vs. Wireless ................................................................................................................................................................. 87 Twisted Pair ........................................................................................................................................................................... 88 Twisted Pair Variants............................................................................................................................................................. 88 Fiber Optic ............................................................................................................................................................................. 88 Network Topologies .................................................................................................................................................................. 89 Ring........................................................................................................................................................................................ 89 Bus ......................................................................................................................................................................................... 89 Star ........................................................................................................................................................................................ 89 Hybrid .................................................................................................................................................................................... 89 Ethernet................................................................................................................................................................................. 89 Token Ring 802.5 ................................................................................................................................................................... 90 Collision Domains .................................................................................................................................................................. 90 Contention Methods ............................................................................................................................................................. 90 ARP ........................................................................................................................................................................................ 91 DHCP...................................................................................................................................................................................... 91 Other Network Protocols and Services ................................................................................................................................. 91 Network Routing ....................................................................................................................................................................... 91 Network Devices.................................................................................................................................................................... 92CISSP Study GuideCISSP Study Guide Page 7 of 125 CISSP Study Guide Hub ........................................................................................................................................................................................ 92 Switch .................................................................................................................................................................................... 92 Other Devices ........................................................................................................................................................................ 92 Firewall Architectures............................................................................................................................................................ 92 Other Devices ........................................................................................................................................................................ 92 Cloud Computing................................................................................................................................................................... 92 Network Types....................................................................................................................................................................... 93 WAN Technologies ................................................................................................................................................................ 93 OC Lines SONET ..................................................................................................................................................................... 93 CSU/DSU ................................................................................................................................................................................ 93 Circuit Switching vs. Packet Switching................................................................................................................................... 93 Additional WAN Technologies............................................................................................................................................... 93 VOIP security ......................................................................................................................................................................... 94 Remote Connection Technologies......................................................................................................................................... 94 Dial-Up................................................................................................................................................................................... 94 Cable...................................................................................................................................................................................... 94 VPN Components................................................................................................................................................................... 94 IPsec Components ................................................................................................................................................................. 94 RADIUS and TACACS .............................................................................................................................................................. 95 Remote Authentication Protocols ......................................................................................................................................... 95 Wireless Networks 802.11 Techniques ................................................................................................................................. 95 Wireless Networks Cellular or Mobile Wireless Techniques................................................................................................. 95 WLAN 802.11 Standards........................................................................................................................................................ 95 Wireless Networks Short Range ............................................................................................................................................ 95 WLAN Security Models .......................................................................................................................................................... 96 Network Cable Threats.......................................................................................................................................................... 96 ICMP Attacks.......................................................................................................................................................................... 96 DNS Attack............................................................................................................................................................................. 96 Email Attacks ......................................................................................................................................................................... 96 Wireless Attacks .................................................................................................................................................................... 96 Other Attacks......................................................................................................................................................................... 97 Chapter 9 - Operations Security .................................................................................................................................................... 98 Concepts.................................................................................................................................................................................... 98 Protecting Tangible and Intangible Assets ................................................................................................................................ 98 Facilities ................................................................................................................................................................................. 98 Hardware............................................................................................................................................................................... 98CISSP Study GuideCISSP Study Guide Page 8 of 125 CISSP Study Guide Software ................................................................................................................................................................................ 98 Asset Management ................................................................................................................................................................... 98 Media Management.................................................................................................................................................................. 98 Storage Options..................................................................................................................................................................... 99 Storage Management Issues ............................................................................................................................................... 100 Sanitizing and Disposing of Data ......................................................................................................................................... 100 Network and Resource Management ................................................................................................................................. 100 Incident Response Management Steps ............................................................................................................................... 100 Change Management .......................................................................................................................................................... 100 Audit and Review................................................................................................................................................................. 100 Threats and Preventative Measures.................................................................................................................................... 101 System Hardening................................................................................................................................................................ 101 Monitoring and Reporting................................................................................................................................................... 101 Chapter 10 – Business Continuity and Disaster Recovery........................................................................................................... 102 Concepts.................................................................................................................................................................................. 102 BIA Development................................................................................................................................................................. 104 Identify Critical Processes and Resources ........................................................................................................................... 104 Identify Outage impacts.......................................................................................................................................................... 104 Identify outage impacts and estimate downtime ............................................................................................................... 104 Identify Resource Requirements ......................................................................................................................................... 105 Identify Recovery Proorities ................................................................................................................................................ 105 Business Continuity Scope and Plan........................................................................................................................................ 105 Preventive Controls................................................................................................................................................................. 105 Create Recovery Strategies ..................................................................................................................................................... 106 Categorize Asset Priority ..................................................................................................................................................... 107 Data Recovery Terms .............................................................................................................................................................. 108 Critical Terms and Duties ........................................................................................................................................................ 109 BCP Testing .......................................................................................................................................................................... 110 BCP Testing .......................................................................................................................................................................... 111 Chapter 11 – Legal, Regulations, Investigations, and Compliance .............................................................................................. 112 Digital Crime............................................................................................................................................................................ 112 Major Legal Systems................................................................................................................................................................ 112 Privacy ..................................................................................................................................................................................... 114 Personally Identifiable Information (PII) ............................................................................................................................. 114 Laws and Regulations .......................................................................................................................................................... 115 European Union (EU)........................................................................................................................................................... 116CISSP Study GuideCISSP Study Guide Page 9 of 125 CISSP Study Guide Liability ................................................................................................................................................................................ 117 Incidence Response ............................................................................................................................................................. 118 Forensics and Digital Investigations .................................................................................................................................... 118 Security and Professional Ethics.............................................................................................................................................. 122 Appendices .................................................................................................................................................................................. 124 Current CISSP Domains............................................................................................................................................................ 125CISSP Study GuideCISSP Study Guide Page 10 of 125 CISSP Study Guide Chapter 1 – Taking the Exam [Show More]

Last updated: 3 years ago

Preview 1 out of 126 pages

Buy Now

Instant download

We Accept:

Payment methods accepted on Scholarfriends (We Accept)
Preview image of CISSP_Certification_training document

Buy this document to get the full access instantly

Instant Download Access after purchase

Buy Now

Instant download

We Accept:

Payment methods accepted on Scholarfriends (We Accept)
Report Copyright Violation

Reviews( 0 )

STUDY GUIDE

$13.00

Buy Now

We Accept:

Payment methods accepted on Scholarfriends (We Accept)

Instant download

Can't find what you want? Try our AI powered Search

69
0

Document information

Connected school, study & course

About the document

Uploaded On

Aug 14, 2021

Number of pages

126

Written in

All

Type

STUDY GUIDE

Seller

Profile illustration for Cheryshev
Cheryshev

Member since 4 years

102 Documents Sold

Reviews Received
6
4
1
0
1
Send Message
Additional information

This document has been written for:

Course

Computer Science

Category

STUDY GUIDE

Uploaded

Aug 14, 2021

Downloads

 0

Views

 69

Document Keyword Tags

More From Cheryshev

View all Cheryshev's documents »

Recommended For You

Get more on STUDY GUIDE »
$13.00
Buy Now
What is Scholarfriends

Scholarfriends.com Online Platform by Browsegrades Inc. 651N South Broad St, Middletown DE. United States.

Get to know us
About Us
Privacy Statement
Refund Policy
Terms and Conditions
Contact Us
Blog
We are here to help

We're available through e-mail, Twitter, Facebook, and live chat.
 FAQ
 Questions? Leave a message!

Follow us on
 Twitter
Useful links
  • Join our Subreddit
  • Solutions Manuals for Accounting, Business, Economics and Management Text Books. The Popular and the Latest.
  • Popular NURSING Test Banks
  • Courses
  • Categories
    • We accept

    payment cards

    Copyright © Scholarfriends · High quality services·