Flylib.com

Books Software

 
 
 

Category list


Similar pages

APPLICATION AND SYSTEMS-DEVELOPMENT SECURITY


Buy on amazon.com >>
Gregg M.
    << Previous page
    Table of contents
    Next page >>

    APPLICATION AND SYSTEMS-DEVELOPMENT SECURITY

    1. Polyinstantiation allows different records to exist in the same table at various security levels.

    2. Database models can be relational, using attributes ( columns ) and tuples (rows); hierarchical, combining records and fields in a logical tree structure; or distributed, storing information in more than one database.

    3. The system life cycle includes the following stages: project initiation, functional design and planning, system design, functional review, software development, product installation, operation and maintenance, and disposal and replacement.

    OPERATIONS SECURITY

    1. Operational security can be enhanced by implementing good employee controls, such as new hire orientation, separation of duties , job rotation, least privilege, and mandatory vacations .

    2. Penetration testing is the process of evaluating the organization's security measures. These tests can be performed in a number of ways, including internal, external, whitebox testing, and blackbox testing.

    3. Clipping levels are the thresholds implemented for certain types of errors or mistakes that are allowed without alarm.

    BUSINESS CONTINUITY PLANNING

    1. The Business Continuity Planning (BCP) process as defined by ISC2 has the following five steps:

       

      1.

      Project management and initiation

      2.

      Business impact analysis (BIA)

      3.

      Recovery strategy

      4.

      Plan design and development

      5.

      Testing, maintenance, awareness, and training

    2. The BIA is the second step of the BCP process. Its role is to describe what impact a disaster would have on business operations.

    3. BCP testing includes

      Checklist — Copies of the plan are sent to different department managers and business unit managers for review.

      Tabletop — Members of the emergency management team and business unit managers meet in conference to discuss the plan.

      Walkthrough — Actual simulation of the real thing takes place.

      Functional — Operations of the new and old site can be run in parallel.

      Full interruption — A complete a test of the BCP plan is performed.

    4. Data center backup methods include

      Cold site — An empty room with only rudimentary electrical, power, and computing capability

      Warm site — Partially configured

      Hot site — Ready to go and an expensive option

    LAW, INVESTIGATIONS, AND ETHICS

    1. The ISC2 code of ethics states that CISSPs will Protect society, the commonwealth, and the infrastructure

      Act honorably, honestly, justly, responsibly, and legally

      Provide diligent and competent service to principles

      Advance and protect the profession

    2. RFC 1087 states that the following activities are unethical:

      Seeking to gain unauthorized access to the resources of the Internet

      Disrupting the intended use of the Internet

      Wasting resources (people, capacity, computer) through such actions

      Destroying the integrity of computer-based information

      Compromising the privacy of users

    3. The Computer Ethics Institute lists the Ten Commandments of Computer Ethics, which should also be reviewed before the exam.

    CRYPTOGRAPHY

    1. Two types of encryption algorithms exist: two-way and one-way functions. Two-way functions are used to operate on plain text to encrypt it with the intention of later operating on that cipher text in some way to decipher or decrypt it.

    2. Two-way functions include symmetric and asymmetric algorithms.

    3. Symmetric cryptography works by providing both parties the same key for encryption and decryption. It provides confidentiality and is hard to break. Its weakness is that the keys are subject to exposure and must be transmitted through a channel other than the message.

    4. Data Encryption Standard (DES) is a block encryption algorithm that is based on IBM's 128-bit algorithm; 56 bits make up the key and 8 bits are used for parity. DES can be implemented in one of four modes:

      Electronic Code Book (ECB) — Native encryption mode that is used for small amounts of data. ECB is the weakest form of DES.

      Cipher Block Chaining (CBC) — Works by taking each data from the previous and applying it to the next .

      Cipher Feedback Mode (CFB) — Emulates a stream cipher and can be used when the encryption of individual characters is required.

      Output Feedback Mode (OFB) — Also emulates a stream cipher and generates random binary bits that are combined with the plain text to create cipher text.

    5. Asymmetric algorithms use two different keys. The advantage is that key distribution is easier. Asymmetric algorithms are not as fast as symmetric systems.

    6. Asymmetric algorithms include Diffie-Hellman, El Gamal, and Elliptic Curve Cryptosystem algorithms.

    7. Common hashing algorithms include MD2, MD4, MD5, HAVAL, and SHA-1.

    8. A public key infrastructure (PKI) allows individuals using the Internet to obtain and share cryptographic keys from a trusted authority. The PKI consists of four basic components and is governed by the X.509 standards:

      Certificate Authority (CA) — Used to verify and issue digital certificates. The certificate includes the public key and information about it.

      Registration Authority (RA) — Verifies authenticity for the CA.

      Repository — Accepts certificates and distributes them to authorized parties.

      Archive — Responsible for the long- term storage of archived information distributed from the CA.


    Buy on amazon.com >>
    Gregg M.
      << Previous page
      Table of contents
      Next page >>

      Similar products

       
      flylib.com © Copyright 2008-2013. All Rights Reserved.
      if you may any questions please contact us: flylib@qtcs.net
      Privacy policy