cissp course - part 3 - res. · pdf filereproduction prohibited cissp course part 3...
TRANSCRIPT
Reproduction prohibited
CISSP COURSEPART 3
ENTREPRENEUR | CISO ADVISOR | CYBERFEMINIST | PEERLYST BRAND AMBASSADOR | TOP 50 CYBER INFLUENCER | @RESPONSIBLE CYBER
MAGDA LILIA CHELLY
1
Reproduction prohibited
OVERVIEW
ISC2 REQUIREMENTS ON INDIVIDUALS
THESE INCLUDE:
• BACKGROUND
• FIVE YEARS EXPERIENCE IN ANY OF THE 8 DOMAINS OR FOUR YEARS EXPERIENCE AND A COLLEGE
DEGREE
• TEST FEE
• APPROVED APPLICATION
• AGREEMENT TO THE ISC2 CODE OF ETHICS
2
Reproduction prohibited
DOMAINS
THE 8 DOMAINS ARE:
1. SECURITY AND RISK MANAGEMENT
2. ASSET SECURITY
3. SECURITY ENGINEERING
4. COMMUNICATION AND NETWORK SECURITY
5. IDENTITY AND ACCESS MANAGEMENT
6. SECURITY ASSESSMENT AND TESTING
7. SECURITY OPERATIONS
8. SOFTWARE DEVELOPMENT SECURITY
3
Reproduction prohibited
SECURITY OPERATIONS
5
The Operations Security domain used to identify the controls over hardware,
media and the operators with access privileges to any of these resources.
• Operations Department Responsibilities
• Incident response and attack prevention
• Patch and vulnerability management
Reproduction prohibited
SECURITY OPERATIONS
6
Need to know principle Grant users access
only to data or resources they need
Least privilege Only the privileges
necessary to perform assigned task
The need to know is mainly used in military
for individuals with clearance. Least privilege
can be considered as an extension.
Reproduction prohibited
SECURITY OPERATIONS
7
Aggregation Collection of
privileges over time
Job rotation Movement of
employees from one job to
another
Reproduction prohibited
SECURITY OPERATIONS
8
Data classifications is key for
security + Marking
Properly handling, storing, and
destroying data.
Reproduction prohibited
SECURITY OPERATIONS
9
Service Level Agreements
Commitment between a
service provider and a client
Reproduction prohibited
SECURITY OPERATIONS
10
Transitive TrustTwo-way relationship between parent
and child domains
Reproduction prohibited
SECURITY OPERATIONS
11
Separation of DutiesSeparation of privilege = Principle of least
privilege with applications and processes.
Two-Person Control or Split-
Password Rule
Reproduction prohibited
SECURITY OPERATIONS
14
Hardware Inventories
Software Licensing
Physical Assets
Virtual Assets
Cloud Based Assets
Reproduction prohibited
SECURITY OPERATIONS
16
Backups on tapes At least two
copies of backups
One copy onsite and second
copy at a secure location offsite
Reproduction prohibited
SECURITY OPERATIONS
18
MTTF = Different time between failures (MTBF)
MTBF = Amount of time between failures
Reproduction prohibited
SECURITY OPERATIONS
21
Smaller organizations often
choose not to evaluate,
test, and approve patches
Reproduction prohibited
SECURITY OPERATIONS
23
Evidence collection and handling (e.g., chain of custody, interviewing)
Reporting and documenting
Investigative techniques (e.g., root-cause analysis, incident handling)
Digital forensics (e.g. media, network, software, and embedded devices)
Investigation types: Operational, Criminal, Civil, Regulatory, Electronic
discovery (eDiscovery)
Reproduction prohibited
SECURITY OPERATIONS
24
Operational Investigation
Example: Server performance issue
Operational Investigation
Reproduction prohibited
SECURITY OPERATIONS
25
Criminal Investigations
Example: Investigate an employee
beyond a reasonable doubt
Reproduction prohibited
SECURITY OPERATIONS
26
Civil Investigations
Example: Investigate an employee
preponderance of the evidence
Reproduction prohibited
SECURITY OPERATIONS
27
Electronic Discovery
Paper records and electronic records, as well as
eDiscovery:
• Information Governance
• Identification
• Preservation
• Collection
• Processing
• Review
• Analysis
• Production
• Presentation
Reproduction prohibited
SECURITY OPERATIONS
28
admissible evidence:
• Relevant
• Material
• Competent
• Real evidence (also known as object
evidence)
• Documentary evidence (Example:
logs)
• Testimonial Evidence
Reproduction prohibited30
‘’A cybercrime is an abuse or misuse where a computer or
device containing a computer is the object, subject, tool, or
symbol, and the perpetrator intentionally made or could
have made gain.’’
SECURITY OPERATIONS
Reproduction prohibited31
▪ People violate trust
▪ People commit crimes
▪ Cybercriminals deceive
▪ Cybercriminals think they are too smart to be caught
▪ Security professionals can be potentially dangerous
▪ Cybercriminals copy other cybercriminals
▪ Cybercriminals find computers are attractive targets; it’s from behind a screen
SECURITY OPERATIONS
Reproduction prohibited32
▪ Hacktivism
▪ Cyber Crime
▪ Cyber Espionage
▪ Cyberterrorism
▪ Cyber Warfare
SECURITY OPERATIONS
Reproduction prohibited
SECURITY OPERATIONS
33
• Business Attacks
• Financial Attacks
• Terrorist Attacks
• Grudge Attacks
• Thrill Attacks
Reproduction prohibited
SECURITY OPERATIONS
34
• Scanning: Reconnaissance attack
• Compromise: Unauthorized access
• Malicious code: Viruses and spyware, and
More
• Denial of service: DoS
Reproduction prohibited
SECURITY OPERATIONS
35
Incident Response Process
• Detection and identification
• Response and reporting
• Recovery and remediation
Reproduction prohibited
SECURITY OPERATIONS
36
In the isolation and containment phase of incident response, it is
critical that you leave the system in a running state. Do not power
down the system.
Turning off the computer destroys
the contents of volatile memory
and may destroy evidence.
Reproduction prohibited
SECURITY OPERATIONS
37
■ What is the nature of the incident, how was it initiated, and by whom?
■ When?
■ Where?
■ What tools did the cyber criminal use?
■ What were the damages?
Reproduction prohibited
SECURITY OPERATIONS
38
“Ethics and the Internet,” Request for Comments (RFC) 1087, any below
activity is unacceptable and unethical:
■ Unauthorized access to Internet resources
■ Internet Use Disruption
■ Resources Waste
■ Integrity compromise of computer-based information
■ Privacy compromise
Reproduction prohibited
SOFTWARE DEVELOPMENT SECURITY
40
The Software Development Security domain refers to the controls that are
included within systems and applications software and the steps used in their
development.
• Software Development Models
• Database Models and Relational Database Components
• Application environment and security controls
• Effectiveness of application security
Reproduction prohibited
SOFTWARE DEVELOPMENT SECURITY
41
■ First-generation languages (1GL)
■ Second-generation languages (2GL)
■ Third-generation languages (3GL)
■ Fourth-generation languages (4GL)
■ Fifth-generation languages (5GL)
Reproduction prohibited
SOFTWARE DEVELOPMENT SECURITY
44
Conceptual definition
Functional requirements determination
Control specifications development
Design review
Code review walk-through
System test review
Maintenance and change management
Reproduction prohibited
SOFTWARE DEVELOPMENT SECURITY
45
The waterfall model ++ Validation
and verification = The modified
waterfall model
Reproduction prohibited
SOFTWARE DEVELOPMENT SECURITY
46
The waterfall model ++ Validation
and verification = The modified
waterfall model
Reproduction prohibited
SOFTWARE DEVELOPMENT SECURITY
47
Individuals and interactions over processes
and tools
Working software over comprehensive
documentation
Customer collaboration over contract
negotiation
Responding to change over following a plan
Reproduction prohibited
SOFTWARE DEVELOPMENT SECURITY
49
I: Initiating
2: Diagnosing
3: Establishing
4: Acting
5: Learning
Reproduction prohibited
SOFTWARE DEVELOPMENT SECURITY
51
The DevOps approach seeks
to resolve these issues by
bringing the three functions
together in a single
operational model.
Reproduction prohibited
SOFTWARE DEVELOPMENT SECURITY
53
White-box Testing
Black-box Testing
Gray-box Testing
Static Testing
Dynamic Testing
Reproduction prohibited
SOFTWARE DEVELOPMENT SECURITY
54
Expert systems and
Neural Networks
Function