Professional Documents
Culture Documents
Presenter
Class Rules
NO Eating, NO Drinking
Attendance is obligatory
Take notes so you will remember the concepts for the Exam.
CISSP CBK
CISSP Introduction
Module 5: Cryptography
Assessment
Final Exam contributes to 60% (includes all material from the beginning of
the year) 3 hours.
Important Notice:1
Study guide prepared by Derek Prueitt (Hughens Supply) and was posted on
www.cccure.org
Important Notice:2
Cloud Security and Privacy (Tim Mather, Subra Kumaraswamy, Shahed latif)
OREILLY - 2009
Important Notice:3
Hours in this semester allocated to this course are: (Total Sessions: 57;
- 2 to 3 Introduction Sessions and overall view on all Modules;
- 2 sessions (exams);
- 6 sessions public vacations;
- Remaining sessions: 46+
Access Control
Concepts/methodologies/techniques
Effectiveness
Attacks
Communication channels
Network components
Network attacks
Information classification/ownership
Personnel security
Cryptography
Encryption concepts
Digital signatures
Cryptanalytic attacks
Countermeasure principles
Operations Security
Operations Security used to identify the controls over hardware, media and
the operators with access privileges to any of these resources.
Resource protection
Incident response
Recovery strategy
Provide training
Legal issues
Investigations
Forensic procedures
Compliance requirements/procedures
Perimeter security
Internal security
Facilities security
Policies
Authorization mechanisms
Threat modeling
Asset Valuation
Vulnerability analysis
Access aggregation
User entitlement
IP Networking
End-point security
Data Communications
Control frameworks
Due care
Due Diligence
Security policies
Standards/baselines
Procedures
Guidelines
Documentation
Risk Assignment/acceptance
Countermeasure selection
Budget
Metrics
Resources
Maturity models
Change management
Configuration management
Overview: Cryptography
Foundation Concepts
Symmetric cryptography
Asymmetric Cryptography
Hybrid cryptography
Message digest
Hashing
Creation/distribution
Storage/destruction
Recovery
Key escrow
Chosen plain-text
Known plaintext
Frequency analysis
Chosen cipher-text
Implementation attacks
architectures
elements and report the pertinent information to the appropriate individual, group,
or process.
The candidate is expected to know the resources that must be protected, the
privileges that must be restricted, the control mechanisms available, the potential
for abuse of access, the appropriate controls, and the principles of good practice.
Need-to-know/least privilege
Job rotation
Record retention
Media management
Detection
Response
Reporting
Recovery
synthesize hard and soft assets to provide effective prevention and recovery for
the organization, and maintains competitive advantage and value system integrity.
BCP counteracts interruptions to business activities and should be available to
protect critical business processes from the effects of major failures or disasters. It
deals with the natural and man-made events and the consequences, if not dealt
with promptly and effectively.
Response
Personnel
Communications
Assessment
Restoration
Provide training
Computer crime
Import/export
Privacy
Media analysis
Network analysis
Software analysis
Regulatory environment
Audits
Reporting