November 2024 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Blog Stats
- 75,561 hits
Tag Archives: 2013
11. Exam Essentials for Principles of Security Models, Design, and Capabilities
know the details about each of the access control models and their functions: The state machine model ensures that all instances of subjects accessing objects are secure. The information flow model is designed to prevent unauthorized, insecure, or restricted information … Continue reading
Posted in CISSP-Study
Tagged 2013, CISSP Study Requirements, Principles of Security Models Design and Capabilities
Comments Off on 11. Exam Essentials for Principles of Security Models, Design, and Capabilities
10. Exam Essentials for PKI and Cryptographic Applications
Asymmetric key cryptography is another way of saying public key encryption. Understand the key types used in asymmetric cryptography: public keys are freely shared whereas private keys are kept secret. to encrypt a message, the use the recipient’s public key. … Continue reading
Posted in CISSP-Study
Tagged 2013, CISSP Study Requirements, PKI and Cryptographic Applications
Comments Off on 10. Exam Essentials for PKI and Cryptographic Applications
9. Exam Essentials for Cryptography and Symmetric Key Algorithms
Understand the role that confidentiality, integrity, and nonrepudiation play in cryptosystems. Know how cryptosystems can be used to achieve authentication goals by providing assurances as to the identity of the user. one possible scheme that uses authentication is the challenge-response … Continue reading
Posted in CISSP-Study
Tagged 2013, CISSP Study Requirements, Cryptography and Symmetric Key Algorithms
Comments Off on 9. Exam Essentials for Cryptography and Symmetric Key Algorithms
8. Exam Essentials for Malicious Code and Application Attacks
Understand the propagation techniques used by viruses. File Inflection, service injection, boot sector infection, macro infection. Most antivirus programs use signature-based detection algorithms to look for telltale patterns of known viruses. It’s essential to update virus definition files in order … Continue reading
Posted in CISSP-Study
Tagged 2013, CISSP Study Requirements, Malicious Code and Application Attacks
Comments Off on 8. Exam Essentials for Malicious Code and Application Attacks
7. Exam Essentials for Software Development Security
Describe the functioning of viruses, worms, trojan horses and logic bombs. Viruses: oldest form of malicious code objects. Trojan Horses: Cover application with secret, usually malicious, payload. Logic bombs: Dormant malicious code that awaits for an event to trigger. Worms:A … Continue reading
Posted in CISSP-Study
Tagged 2013, CISSP Study Requirements, Software Development Security
Comments Off on 7. Exam Essentials for Software Development Security
6. Exam Essentials for Risk and Personnel Management
3rd party governance is the system of oversight that may be mandated by law, regulation, industry standards, or licensing requirements. Overall risk management is the process of identifying factors that could damage or disclose data, evaluating those factors in light … Continue reading
Posted in CISSP-Study
Tagged 2013, CISSP Study Requirements, Risk and Personnel Management
Comments Off on 6. Exam Essentials for Risk and Personnel Management
5. Exam Essentials for Security Governance Concepts, Principles and Policies
Primary goals are contained in the CIA. The three principles are considered the most important within the realm of security. Confidentiality is the principle that objects are not disclosed to unauthorized subjects. Integrity is the principle that objects retain their … Continue reading
Posted in CISSP-Study
Tagged 2013, CISSP Study Requirements, Security Governance Concepts Principles and Policies
Comments Off on 5. Exam Essentials for Security Governance Concepts, Principles and Policies
4. Exam Essentials for Secure Communications and Network Attacks
Remote access security management requires that security system designers address the hardware and software components of an implementation along with issues related to policy, work tasks, and encryption. Protocols & mechanisms that may be used on LANS and WANS are: … Continue reading
Posted in CISSP-Study
Tagged 2013, CISSP Study Requirements, Secure Communications and Network Attacks
Comments Off on 4. Exam Essentials for Secure Communications and Network Attacks
3. Exam Essentials for Secure Network Architecture and Network Components
Know the OSI model layers AND the protocols under each. Application: http, ftp, lpd, smtp, telnet, tftp, edi, pop3, imap, snmp, nntp, s-rpc, set Presentation: ascii, ebcdicm, tiff, jpeg, mpeg, midi Session: nfs, sql, rpc Transport: spx, ssl, tls, tcp, … Continue reading
Posted in CISSP-Study
Tagged 2013, CISSP Study Requirements, Secure Network Architecture and Network Components
Comments Off on 3. Exam Essentials for Secure Network Architecture and Network Components
2. Exam Essentials for Access Control Attacks and Monitoring
Understand basic risk elements Risk is the likelihood that a threat can exploit a vulnerability and cause damage to assets. Asset valuation identifies the value of assets Threat modeling identifies threats against these assets Vulnerability analysis identifies weaknesses in an … Continue reading
Posted in CISSP-Study
Tagged 2013, Access Control Attacks and Monitoring, CISSP Study Requirements
Comments Off on 2. Exam Essentials for Access Control Attacks and Monitoring