CISSP Cheat Sheet

April 4, 2017 | Author: Alex Dcosta | Category: N/A
Share Embed Donate


Short Description

Download CISSP Cheat Sheet...

Description

• Division D – Minimal Protection • Division C – Discretionary Protection − C1 – Discretionary Security Protection • Identification and authentication Separation of users and data • Discretionary protection of resources − C2 – Controlled Access Protection More finely grained DAC Individual accountability through login procedures • Object reuse • Protect audit trail Resource isolation Required System Documentation and user manuals.

• Division B – Mandatory Protection − B1 – Labeled Protection • Labels and mandatory access control • Process isolation in system architecture • Design specifications and verification • Device labels Informal statement of the security policy model Data sensitivity labels Mandatory Access Control (MAC) over select subjects and objects Label exportation capabilities All discovered flaws must be removed or otherwise mitigated Design specifications and verification − B2 – Structured Protection -Config Mgt* • Device labels and subject sensitivity labels • Trusted path • Separation of operator and administrator functions* • Covert channel analysis Security policy model clearly defined and formally documented DAC and MAC enforcement extended to all subjects and objects Covert storage channels are analyzed for occurrence and bandwidth Carefully structured into protection-critical and non-protection-critical elements Design and implementation enable more comprehensive testing and review Authentication mechanisms are strengthened Trusted facility management is provided with administrator and operator segregation Strict configuration management controls are imposed − B3 – Security Domains • Security administrator role defined* • Trusted recovery* • Monitor events and notify security personnel Satisfies reference monitor requirements Structured to exclude code not essential to security policy enforcement Significant system engineering directed toward minimizing complexity Security administrator role defined Audit security-relevant events Automated imminent intrusion detection, notification, and response Trusted system recovery procedures Covert timing channels are analyzed for occurrence and bandwidth An example of such a system is the XTS-300, a precursor to the XTS-400

• Division A – Verified Protection (very few) − A1 – Verified Design • Formal methods of design and testing Functionally identical to B3 Formal design and verification techniques including a formal top-level specification Formal management and distribution procedures

Bell-LaPadula (MAC) Biba (Integrity) NO WRITE DOWN NO WRITE UP NO READ UP NO READ DOWN USERFile to Write

Clark-Wilson Integrity Separation of Duties App Authentication 1. Least Privelege 2. Separation of Duty 3. Rotation of duties

Column Atribute Degree ↑ CAD / CRT ↓ Cardinality Rows Tuple

Concept Exposure Factor Singel Loss Expectancy Annualized Rate of Occurance (ARO) Annualized Loss of Expectancy (ALE)

Formula % of Loss caused by threat Asset Value x Exposure Factor (EF) Frequency of threat occurance per year Single Loss Expectancy (SLE) x Away Pizza Sausage Take Not Do Please

EAL 1 Functionally tested EAL 2 Structurally tested EAL 3 Methodically tested and checked EAL 4 Methodically designed, tested, and reviewed EAL 5 Semiformally designed and tested EAL 6 Semiformally verified design and tested EAL 7 Formally verified design and tested EAL measures how the needs are met Protection Profiles – describe objectives, and the environmental, functional, and assurance level expectations Target of Evaluation (TOE) – Product proposed to provide the needed security solution Security Target – Written by vendor explaining mechanisms that meet security and assurance requirements Evaluated Products List EPL- list of evaluated products Threat Agents Can Exploit A Vulnerability Resulting in A Risk Virus Lack of antivirus software Virus Infection Hacker services running on a server Unauthorized access to information Fire Lack of fire extinguishers System malfunction CANONS Protect society, the commonwealth, and the infrastructure Act honorably, honestly, justly, responsibly, and legally Provide diligent and competent service to principals

A Priest Saw Ten Nuns Doing Pushups

Confidentiality Integrity Availability ↑ CIA / DAD ↓ Disclosure Alteration Destruction

OSI Application Presentation Session Transport Network Datalink Physical

TCP/IP Application

Transport Internet Network Interface

Advance and protect the profession

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF