CISSP Security & Risk Management-Risk Analysis

Posted filed under CISSP.

Quantitative Analysis (ALE=SLE x ARO) ALE = Annualized Loss Expectancy (A dollar amount that estimates the loss potential from a risk in a span of year) SLE = Single Loss Expectancy (A dollar amount that is assigned to a single event that represents the company’s potential loss) ARO = Annualized Rate of Occurrence (Frequency of… Read more »

CISSP Security & Risk Management-The After-Action Review

Posted filed under CISSP.

  After-action review (AAR): a detailed examination of events that occurred from incident detection to recovery Identify areas of the BC/DR plans that worked, didn’t work, or need improvement AAR’s are conducted with all participants in attendance AAR is recorded for use as a training case AAR brings the BCP/DRP teams’ actions to a close

CISSP Security & Risk Management- Global Legal and Regulatory Issues

Posted filed under CISSP.

Computer/Cyber Crime CryptoLocker Ransomware – Spreads via email and propagates rapidly. Encrypts various file types and then a pop-up window appears to inform user about the actions performed on computer and, therefore demand a monetary payment for files to be decrypted.

CISSP LANs and Their Components

Posted filed under CISSP.

A local area network (LAN) is a critical component of a modern data network. A LAN is comprised of one or more computers, a communication protocol, a network topology, and cabling or a wireless network to connect the systems.

CISSP System Validation

Posted filed under CISSP.

No system or architecture will ever be completely secure; there will always be a certain level of risk.

CISSP Security Models of Control

Posted filed under CISSP.

Security Models of Control Security models of control are used to determine how security will be implemented, what subjects can access the system, and what objects they will have access to. Simply stated, they are a way to formalize security policy.

CISSP Security Mechanisms

Posted filed under CISSP.

Although a robust architecture is a good start, real security requires that you have security mechanisms in place to control processes and applications. Some good security mechanisms are described in the following sections.

CISSP Penetration Testing

Posted filed under CISSP.

  Penetration testing is a series of activities undertaken to identify and exploit security vulnerabilities.

CISSP Single sign-on

Posted filed under CISSP.

Single sign-on is an attempt to address a problem that is common for all users and administrators.

CISSP Access Control Models

Posted filed under CISSP.

Data access controls are established to control how subjects can access data, what they can access with it, and what they can do with it once accessed. Three primary types of access control are discussed in this section.     Mandatory Access Control (MAC)

CISSP Legal Systems

Posted filed under CISSP.

The two law systems that form the basis of legal systems in most countries are:

CISSP Kerberos

Posted filed under CISSP.

Kerberos is a network authentication protocol created by the Massachusetts Institute of Technology (MIT) that uses secret-key cryptography. Kerberos has three parts: a client, server, and trusted third party (KDC) to mediate between them.

CISSP Attacks

Posted filed under CISSP.

Types of Attacks Denial of Service (DoS) Smurf Fraggle SYN Flood Teardrop Distributed Denial of Service (DDoS) Ping Sweep Port Scan Salami attack Man-in-the-Middle Session or TCP Hijacking Replay Buffer Overflow Scareware and Ransomeware Password attack Covert channels  Web Attacks SQL Injection – An injection of SQL query through input data from client to application (database)…. Read more »

CISSP Asymmetric Systems

Posted filed under CISSP.

CISSP algorithms

Asymmetric Systems –Uses a pair of keys (private and public) for encryption and decryption

CISSP Intrusion-Detection Systems (IDS)

Posted filed under CISSP.

An IDS is designed to function as an access-control monitor. It can monitor network or host activity and record which users attempt to access specific network resources.