Exam cram

Presented here is the revision of the concepts discussed in the previous four chapters, that is, chapters sixteen through nineteen. They are provided in bullet points as snippets that are easy to revise. These snippets are for a quick revision and reinforcement of the knowledge learned.

CISSP CBK Domain #7 –€ security operations

The following bullet points presented in an exam cram format are for a quick revision. They cover important points from the security operations domain. The covered topics include implementing and managing physical security, physical security principles for site and facilities, environmental security practices for site and facilities, logging and monitoring activities, understanding and supporting investigations, securing the provision of resources, operations security, resource protection techniques, foundational concepts on incident management, preventative measures, patch and vulnerability management, change management principles, and disaster recovery and business continuity exercises:

  • Physical access to operational areas needs to have appropriate controls for strong authentication and authorization.
  • Controlling access to operational areas and, in the process, identifying and blocking unauthorized intrusions to the operational areas are primary security requirements.
  • Physical security design should include security parameters for the physical facility, the geographic operating location, and supporting facilities.
  • The physical facility is usually the building, other structures, a vehicle housing the system, and network components.
  • Based on their operating location, systems are characterized as static, mobile, or portable.
  • Natural threats, such as earthquake and flooding, and man-made threats, such as burglary, civil disorders, and so on, characterize the security of the geographic operating location.
  • Supporting facilities are those services (both technical and human) that underpin the operation of the system.
  • Unauthorized intrusions are a common threat to physical security.
  • Other threats for physical and operations security include theft, heat and temperature, humidity, electrical disruptions, and more.
  • Lack of physical entry controls, lack of accountability, insufficient business continuity plans, lack of power controls systems, and more are some of the common vulnerabilities in this domain.
  • Security controls including monitoring processes for physical and operations are subdivided into perimeter security and interior security.
  • High-rise walls, fences, and locks are preventative controls in this domain.
  • Fire alarm, motion detectors, and more, are detective controls in this domain.
  • Armed response, mantrap systems, and more are reactive controls in this domain.
  • Guards, dogs, and lighting are some of the deterrent controls in this domain.
  • Perimeter security relates to the security considerations pertaining to the boundaries. Securing the entry and exit points of the facility, networks, and more will fall under perimeter security.
  • Guards and dogs are the form of security control to prevent, detect, deter, and react to an intrusion event.
  • Fences, high-rise walls, gates, mantraps, and turnstiles are some of the access control mechanisms for perimeter security.
  • A turnstile is also called a baffle gate.
  • Locks such as preset or programmable ones are preventative access control mechanisms in physical and operations security domain.
  • Lighting is a deterrent control and is used to discourage intruders as well as detect suspicious movements.
  • Closed circuit television, heat sensors, and biometric devices are used in physical and operation security as monitoring and access control mechanisms.
  • Interior security refers to the security considerations pertaining to the facilities that are inside the perimeter.
  • Unauthorized intrusions are detected through motion detectors and controlled through mantrap systems.
  • Fire is an important threat to be considered for physical and operations security.
  • Based on the type of combustible material, fire is classified as Class A, Class B, Class C, and Class D.
  • Class A combustible materials are wood, paper, cloth, rubber. Most of the plastics also fall into this class.
  • Class B combustible materials are oils, greases, oil-based paints, lacquers, and flammable liquids and gases
  • Class C is predominantly some electrical equipment that is energized.
  • Class D refers to flammable chemicals such as magnesium and sodium.
  • Fire detectors are based on heat, flame, or smoke detection.
  • Fire-suppression mediums include water, soda acid, CO2, and halon.
  • Halon is a suppressing medium that is no longer allowed to be used, as it is designated as an ozone-depleting substance.
  • Fire extinguishers include water sprinklers and gas dischargers.
  • Water sprinklers consist of wet pipe, dry pipe, deluge, and preaction.
  • Gas dischargers generally use CO2 as an extinguisher.
  • Clean electrical power is a requirement for proper equipment functioning.
  • Some of the electrical power-related parameters that could affect equipment's include noise, Electromagnetic Interference (EMI), and Radio Frequency Interference (RFI).
  • For proper functioning of the computer systems, the humidity levels should be between 40 and 60 percent.
  • Auditing is a process to check and validate the effectiveness of controls. The primary tool that assists in the audit is an audit trail.
  • Audit trail contains all the recorded events. One of the most important audit trail in the physical and operational security domains is the access details to the data center and other control rooms.
  • The record of access events is stored in a file called a log. The access log contains the events that are related to access attempts, and error logs contain the exceptions.
  • Physical security also deals with procedures that need to be followed during emergencies. An emergency is an undesired event that may disturb operations for a prolonged period of time.
  • System startup and shutdown procedures lay down guidelines and activities that need to be performed in a way so that security can not be compromised during system/data migration or relocation.
  • Evacuation procedures address the priorities in terms of evacuating assets from the disaster site and properly handling such assets.
  • Training and awareness plays an important role during emergencies. The personnel need to be aware of the emergency procedures. Periodical mock tests are conducted to ensure that the activities that need to be performed during an emergency or disaster are rehearsed and all deviances are documented. Such tests are also called evacuation drills.
  • Physical security is also concerned with the physical protection of equipment as well.
  • Equipment security controls include cable locks, encryption, port protection, switches, BIOS checks, and more.
  • Mean Time Between Failure (MTBF) is a time measurement that specifies an average time between failures. This time is called the useful life of the device.
  • Mean Time To Repair (MTTR) indicates the downtime or the average time required to repair the device.
  • Data destruction is done by way of formatting the media or degaussing it.
  • Degaussing is an effective method of destroying the data in a magnetic media.
  • Data remanence is the residual data that remains when the data is not completely erased or destroyed.
  • Computer investigations are also called computer forensics. This process deals with collecting, preserving, and producing the evidences that pertain to computer crimes.
  • Information such as location, time, discovery, securing, controlling, and maintenance of the evidence is called the chain of evidence.
  • The cycle of activities from the discovery of evidence to preservation, transportation, admission in the court, and returning to the owner is called the evidence life cycle.
  • An incident is an event that could possibly violate information security. The violation may breach the Confidentiality, Integrity, and Availability requirements of information assets.
  • When a systematic and procedural way of managing incidents is established in an organization, then it is called incident management.
  • Incident management consists of incident reporting and response to such reports.
  • Incident management involves actions that are predominantly corrective in nature.
  • Some of the incident management controls include intrusion detection controls, vulnerability assessment and penetration testing, patch management, and configuration management.
  • Business continuity planning (BCP) is used to ensure that the continuity of IT operations is maintained from a primary or alternate location during an incident or disastrous event based on the business process requirements.
  • In the BCP domain, our focus will be on specific threat events that could have a devastating impact on the functioning of the organization as a whole, and the IT infrastructure in specifically.
  • BCP is a process that proactively addresses the continuation of business operations during and aftermath of disruptive events. The aim here is to prevent interruptions to operations.
  • The goal of BCP is used to ensure the continuity of business operations without impacting the organization as a whole.
  • While designing the BCP, availability should be considered as the most important factor.
  • People are the most important asset in business operations. Hence, life safety or preventing human loss is one of the primary objectives of BCP. Another important objective of BCP is to avoid any serious damage to business.
  • Business Impact Analysis (BIA) is a type of risk assessment exercise that tries to assess qualitative and quantitative impacts on the business due to a disruptive event.
  • BCP should be appropriate, adequate, and complete.
  • BCP resources should include the availability of processes and people to implement the processes.
  • Recovery Time Objective (RTO) is the timeframe within which the systems should be recovered (indicated in terms of hours/days).
  • Recovery Point Objective (RPO) is the maximum period of time (or amount) of transaction data that the business can afford to lose during a successful recovery.
  • Disaster recovery is a process that enables the business to recover from an event that affects normal business operations for a prolonged period.
  • Both BCP and Disaster Recovery Planning (DRP) are targeted at continuity or the resumption of business processes as the case may be.
  • The goal of disaster recovery planning is to effectively manage the operations during disaster and to ensure proper coordination of different teams.
  • The objective of disaster recovery planning is to continue the business/IT operations in a secondary site during disaster and restore them back to the primary site in a timely manner.
  • On declaration of disaster the recovery team is entrusted with implementing the recovery procedure
  • The salvage team: This team will be responsible for returning business operations to primary site.
  • A primary site is the one where normal business operations including IT operations take place.
  • A secondary site is referred to as a backup to the primary site. Generally, secondary sites are geographically located in a different region.
  • A hot site is an alternate backup site that is fully configured with computer systems; Heating, Ventilation, and Air Conditioning (HVAC), and power supply.
  • A cold site, as the name implies, contains no computers or other computing equipment. Only HVAC, power, and the office space are available.
  • A warm site is between hot and cold sites. In this type of arrangement, the computing facilities, such as computers and other communication elements, as well as HVAC and power are available.
  • A dual site refers to mirroring the exact operations and data in alternative sites.
  • Electronic vaulting is a batch process used to dump the data at periodical intervals to a remote backup system.
  • Remote journaling is a parallel processing system that writes the data in a remote system at the alternate site. This type of backup is used where the RTO is less and a high degree of fault tolerance is required.
  • Database shadowing is used to duplicate data into multiple sites from the remote journaling process. This type of system is used where a fault-tolerance requirement is of the highest degree.
  • Checklist review is a review process for checking the disaster recovery plan by the managements of various business units.
  • A structured walk-through is a tabletop exercise that the management team of various business unit meets to review each and every step in a sequential manner.
  • A imulation tessimulation test is a testing process used to simulate the event in testing environment.
  • A parallel test is a testing process used to test the coordination of other essential groups such as medical and fire services, including internal teams and adherence to communication procedures.
  • A null test is a type of test that tries to simulate a real emergency or disaster event.

CISSP CBK Domain #8 –€ software development security

The following bullet points presented in an exam cram format for a quick revision. They cover important points from the software development security domain. The covered topics include software development life cycle models, security in the software development life cycle, security controls in development environments, assurance requirements in software, software security testing, and security impact analysis on the acquired software:

  • Systems engineering is a term that connotes the application of engineering concepts while designing application systems that are complex and large.
  • When a system is developed using the system engineering process, then the development activity goes through a life cycle model and is called a System Development Life Cycle (SDLC). Software development is an activity in system development life cycle models.
  • A system development life cycle model consists of many processes. They start from establishing the needs (initiation) and go through to archiving or destruction (disposal).
  • Software development is a part of systems development life cycle. Within the development phase, there are many stages and processes. The activity or cycle starts from specification development based on which the overall system is designed and implemented.
  • Software development models include simplistic models, such as the waterfall model, iterative models, such as the incremental model or the spiral model, and complex models, such as the agile framework.
  • Some of the important security controls in the software development include the following:
    • The separation of development, test, and operational facilities
    • Change control processes and procedures
    • Security controls and the testing of vendor-supplied software packages
    • Checking and covert channels
  • Object-oriented systems use the concept of objects that work together with other objects in a system to achieve certain objectives.
  • An object-oriented programming method uses a collection of objects that communicate and coordinate with other objects to achieve a desired objective. Sending or receiving messages and processing instructions are some of the functions of these objects.
  • Object-Oriented Analysis (OOA) is an analysis process for producing conceptual model, and Object-Oriented Design (OOD) is used to design the ways (how) in which to implement the conceptual models produced in the analysis process.
  • Artificial intelligence systems are used in information technology that tries to mimic human brains in perception and decision making. From a security perspective, an artificial intelligence system can be a protector from attacks as well as a perpetrator of attacks.
  • An expert system is an artificial intelligence-based system that tries to reproduce the performance of one or more human experts.
  • Neural network is a type of artificial intelligence system that tries to mimic the neural processing of the human brain. They are used in applications such as speech recognition, image analysis, software agents, and more.
  • A database system defines the storage and manipulation of data, while a Database Management System (DBMS) is a set of software programs that are used to perform and control the operations of a database system.
  • Common web application vulnerabilities fall under the categories of access control, code permission, code quality, cryptographic, environmental, error handling, logic errors, validation, and more.
  • Common attacks on web applications include attacks on functionality, data structure, authentication, protocol, resource, and more.
  • Memory and address protection is a control used to ensure controlled access to the memory and address locations by the application. The core focus is to limit access and prevent overwriting other memory areas.
  • Access control is a process used to ensure access to authorized entities and to block unauthorized entities.
  • File protection is a mechanism used to ensure that files are accessed and modified by authorized entities in a controlled manner.
  • Authentication is a process to identify and authorize legitimate entities.
  • Reliability is a quality parameter used to ensure that the application systems are performing efficiently and effectively.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.148.104.124