CISSP Study Guide - (ISC)² Chapter Raleigh Durham
CISSP Study Guide
CERTIFICATION TRAINING
John Sisler
DATASAGE INC | 321 COMMONS WALK CIR CARY NC 27519
CISSP Study GuideCISSP Study Guide
Contents
Chapter 1 ? Taking the Exam......................................................................................................................................................... 10
Chapter 2 - Cryptography .............................................................................................................................................................. 10
Cryptography Concepts ............................................................................................................................................................. 10
Cryptography History ................................................................................................................................................................ 11
Cryptosystem Features.............................................................................................................................................................. 12
Encryption Systems ................................................................................................................................................................... 13
Substitution Ciphers .................................................................................................................................................................. 14
Symmetric Algorithms ............................................................................................................................................................... 15
5 Modes of DES...................................................................................................................................................................... 16
Triple DES (3DES) ................................................................................................................................................................... 18
Advanced Encryption Standard (AES).................................................................................................................................... 18
International Data Encryption Algorithm (IDEA) ................................................................................................................... 18
Skipjack .................................................................................................................................................................................. 18
Blowfish ................................................................................................................................................................................. 18
Twofish .................................................................................................................................................................................. 18
RC4 or ARC4........................................................................................................................................................................... 18
RC5......................................................................................................................................................................................... 18
RC6......................................................................................................................................................................................... 19
CAST....................................................................................................................................................................................... 19
Asymmetric Algorithms ............................................................................................................................................................. 19
Diffie-Hellman........................................................................................................................................................................ 19
Key Agreement Process ......................................................................................................................................................... 19
RSA......................................................................................................................................................................................... 19
El Gamal................................................................................................................................................................................. 19
Elliptic Curve Cryptosystem (ECC) ......................................................................................................................................... 20
Knapsack................................................................................................................................................................................ 20
Zero Knowledge Proof ........................................................................................................................................................... 20
Message Integrity...................................................................................................................................................................... 20
Hash Functions ...................................................................................................................................................................... 20
Message Digest Algorithms ................................................................................................................................................... 20
Digital Signatures....................................................................................................................................................................... 21
Public Key Infrastructure (PKI)............................................................................................................................................... 22
Key Management .................................................................................................................................................................. 23
CISSP Study Guide
Page 1 of 125
CISSP Study GuideCISSP Study Guide
Trusted Platform Module .......................................................................................................................................................... 24
Encryption Communication Levels ............................................................................................................................................ 25
Link Encryption ...................................................................................................................................................................... 25
End-to-End Encryption........................................................................................................................................................... 25
Email Security ............................................................................................................................................................................ 25
Internet Security........................................................................................................................................................................ 26
Cryptography Attacks ................................................................................................................................................................ 27
Chapter 3 ? Physical Security ........................................................................................................................................................ 29
Threat Mitigation Techniques ................................................................................................................................................... 29
Geographical Man Made and Political Threats ......................................................................................................................... 29
Natural Threats and Mitigation ............................................................................................................................................. 29
Communications.................................................................................................................................................................... 29
Man-Made Threats................................................................................................................................................................ 29
Site and Facility Design.............................................................................................................................................................. 30
Layered Defense Model......................................................................................................................................................... 30
Crime Prevention Through Environmental Design (CPTED) .................................................................................................. 30
Physical Security Plan Goals .................................................................................................................................................. 31
Facility Selection Issues ......................................................................................................................................................... 31
Computer and Equipment Rooms ......................................................................................................................................... 31
Perimeter Security..................................................................................................................................................................... 32
Barriers or Bollards ................................................................................................................................................................ 33
Fences and Gates................................................................................................................................................................... 33
Perimeter Intrusion Detection Systems ................................................................................................................................ 33
Lighting Systems .................................................................................................................................................................... 34
Types of Lighting.................................................................................................................................................................... 34
Additional Perimeter Measures ............................................................................................................................................ 34
Building and Internal Security ................................................................................................................................................... 34
Doors ..................................................................................................................................................................................... 34
Glass Entries .......................................................................................................................................................................... 36
Additional Interior Considerations ........................................................................................................................................ 36
Secure Data Centers and Fire Detection Systems ..................................................................................................................... 36
Data Centers .......................................................................................................................................................................... 36
Environmental Security and Fire Detection Systems ............................................................................................................ 36
Types of Power Issues ............................................................................................................................................................... 37
Dirty Power Protection .......................................................................................................................................................... 38
HVAC Guidelines........................................................................................................................................................................ 38
CISSP Study Guide
Page 2 of 125
CISSP Study GuideCISSP Study Guide
Equipment Security and Personal Security ............................................................................................................................... 38
Equipment ............................................................................................................................................................................. 38
Personal ................................................................................................................................................................................. 38
Chapter 4 - Security Architecture and Design ............................................................................................................................... 40
Security Model Concepts .......................................................................................................................................................... 40
System Architecture .................................................................................................................................................................. 40
Computing Platforms ................................................................................................................................................................ 40
Virtual Computing ..................................................................................................................................................................... 41
Security Services........................................................................................................................................................................ 41
System Concepts ....................................................................................................................................................................... 41
CPU ........................................................................................................................................................................................ 41
RAM ....................................................................................................................................................................................... 41
ROM....................................................................................................................................................................................... 42
Memory Concepts ..................................................................................................................................................................... 42
Enforcing Process Security and Multitasking ............................................................................................................................ 43
Security System Architecture .................................................................................................................................................... 44
Trusteed Computer System Evaluation Criteria (Orange Book Concepts) ............................................................................ 44
The Open Group Architecture Framework (TOGAF) ............................................................................................................. 44
Security Architecture Documentation................................................................................................................................... 45
Security Models and Modes...................................................................................................................................................... 45
Bell-LaPadula Model.............................................................................................................................................................. 45
Biba Model ............................................................................................................................................................................ 46
Clark-Wilson Integrity Model ................................................................................................................................................ 46
Additional Models ................................................................................................................................................................. 46
Security Modes.......................................................................................................................................................................... 47
System Evaluation and Assurance Levels .................................................................................................................................. 47
ITSEC Ratings ......................................................................................................................................................................... 47
Common Criteria Assurance Levels ....................................................................................................................................... 47
Common Criteria ................................................................................................................................................................... 48
Certification and Accreditation ................................................................................................................................................. 48
Types of Accredidation .......................................................................................................................................................... 48
Security Architecture Threats.................................................................................................................................................... 49
Concerns with XML................................................................................................................................................................ 49
Database Security and Distributed System Security ................................................................................................................. 49
Data Mining Warehouse........................................................................................................................................................ 49
Distributed Systems Security................................................................................................................................................. 49
CISSP Study Guide
Page 3 of 125
CISSP Study GuideCISSP Study Guide
Chapter 5 ? Access Control............................................................................................................................................................ 51
Access Control Concepts ........................................................................................................................................................... 51
Default Stance ....................................................................................................................................................................... 51
Defense in Depth ................................................................................................................................................................... 51
Identification and Authentication ............................................................................................................................................. 51
zaThree Factors for Authentication....................................................................................................................................... 52
Password Types and Management ........................................................................................................................................... 52
Password Policies ...................................................................................................................................................................... 53
Password Types and Management ........................................................................................................................................... 53
Ownership Factors................................................................................................................................................................. 53
Ownership Character Physiological Behavioral Factors ............................................................................................................ 53
Characteristic Factors ................................................................................................................................................................ 53
Physiological Characteristic Factors ...................................................................................................................................... 53
Behavioral Characteristic Factors .......................................................................................................................................... 54
Biometric Considerations .......................................................................................................................................................... 54
Biometric Methods ranked by effectiveness:........................................................................................................................ 54
Biometric Methods ranked by user acceptance:................................................................................................................... 54
Authorization Concepts............................................................................................................................................................. 55
Authorization Concepts............................................................................................................................................................. 56
Federated Identity ................................................................................................................................................................. 57
User Accountability ................................................................................................................................................................... 57
Vulnerability Assessment .......................................................................................................................................................... 57
Penetration Testing and Threat Modeling ................................................................................................................................ 58
Penetration Strategies........................................................................................................................................................... 58
Threat Modeling........................................................................................................................................................................ 58
Access Control Categories ......................................................................................................................................................... 59
Access Control Types: ............................................................................................................................................................ 59
Access Control Models .............................................................................................................................................................. 59
Access Control Matrix............................................................................................................................................................ 60
Access Control Administration .................................................................................................................................................. 60
Provisioning Life Cycle............................................................................................................................................................... 60
Access Control Monitoring ........................................................................................................................................................ 61
IDS Implementations ............................................................................................................................................................. 61
Signature Based Implementations ........................................................................................................................................ 61
Access Control Threats .............................................................................................................................................................. 61
Password Threats .................................................................................................................................................................. 61
CISSP Study Guide
Page 4 of 125
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- reading essentials and study guide
- book of revelation study guide
- study guide
- acts of the apostles executable outlines
- the book of revelation bible study guide
- utah notary public study guide and handbook
- gentle lowly study guide soli deo gloria
- cissp study guide isc ² chapter raleigh durham
- boundaries study guide
Related searches
- photosynthesis study guide answers
- genesis study guide pdf
- 6th grade science study guide pdf
- biology 101 study guide printable
- ftce study guide pdf
- study guide for philosophy 101
- photosynthesis study guide quizlet
- science ged study guide 2019
- clep college composition study guide pdf
- chapter 2 study guide answers
- raleigh durham news observer
- chapter 1 study guide biology