Embed Size (px)
Citation preview
Principles of Information AssuranceCorey Schou
Dan Shoemaker
Copyright 2003
Introduction to Information Assurance (CDS)_____________________________________15McCumber Model (CDS)___________________________________________________________15
International View (DAN)__________________________________________________________15BS 7799 (DAN)_________________________________________________________________________15ISO 17799 (DAN)________________________________________________________________________15
Assurance Management____________________________________________________________15Confidentiality (CDS) (0011)_______________________________________________________________15Integrity (CDS) (0011)____________________________________________________________________15Availability (CDS) (0011)_________________________________________________________________15
Access Control (0010)_________________________________________________________15Access Control Administration (0010)________________________________________________15
Centralized Systems (0010)________________________________________________________________15Diameter (0010)_______________________________________________________________________15RADIUS (0010)_______________________________________________________________________15TACAC (0010)________________________________________________________________________15
Decentralized Systems (0010)______________________________________________________________15
Access Control Models and Techniques (0010)_________________________________________15Categories of Access Control (0011)_________________________________________________________15
System Access Controls (0011)___________________________________________________________15Data Access Controls (0011)_____________________________________________________________15
Access Control Techniques (0010)___________________________________________________________15Capability Tables and ACL (0010)_________________________________________________________15Content Dependent Access Control (0010)__________________________________________________15Restricted Interfaces (0010)______________________________________________________________15
DAC (0010)_____________________________________________________________________________15MAC (0010)____________________________________________________________________________15RBAC (0010)___________________________________________________________________________15
Concepts of Access Control (0011)___________________________________________________15Control Types (0011)_____________________________________________________________________15Access Control Services (0011)_____________________________________________________________15
Identification and Authentication (0010)______________________________________________15Authentication (0010)_____________________________________________________________________15
Biometrics (0010)______________________________________________________________________15Cognitive Password (0010)_______________________________________________________________15Cryptographic Keys (0010)_______________________________________________________________15Memory Cards (0010)___________________________________________________________________15One Time Passwords (0010)______________________________________________________________15Passphrase (0010)______________________________________________________________________15Passwords (0010)______________________________________________________________________15Smart Cards (0010)_____________________________________________________________________15
Authorization (0010)______________________________________________________________________15Stage Setting____________________________________________________________________________15
Intrusion Detection Systems (0010) (0100)_____________________________________________16Behavior Based (0010)____________________________________________________________________16Host Based (0010)________________________________________________________________________16Network Based (0010)____________________________________________________________________16Signature Based (0010)____________________________________________________________________16Pros and Cons (0010)_____________________________________________________________________16
Single Sign-On Technology (0010)___________________________________________________16Directory Services (0010)__________________________________________________________________16KERBEROS (0010)______________________________________________________________________16SESAME (0010)_________________________________________________________________________16Thin Clients? (0010)______________________________________________________________________16
Unauthorized Access Control and Attacks (0010)_______________________________________16Unauthorized Disclosure of Information (0010)_________________________________________________16Emanation Security (WAP and TEMPEST) (0010)______________________________________________16Attack Types (0010)______________________________________________________________________16
Network Attacks_______________________________________________________________________16Syn Flood__________________________________________________________________________16ICMP Flood_________________________________________________________________________16UDP Flood_________________________________________________________________________16SMURF____________________________________________________________________________16Fraggle____________________________________________________________________________16Teardrop___________________________________________________________________________16Spoofing___________________________________________________________________________16
Penetration Testing (Right Place?) (0010)_____________________________________________________16
Applications and Systems Development (0010)_____________________________________16Knowledge Based Systems and Intelligence (0010) (0011)________________________________16
Artificial Neural Network (0010) (IGGY)_____________________________________________________16Expert Systems (0010)____________________________________________________________________16
Application Security Controls_______________________________________________________16Abstraction (0011)_______________________________________________________________________16Accountability (0011)_____________________________________________________________________16Data Hiding (0011)_______________________________________________________________________16Defense in Depth (0011)___________________________________________________________________16Hardware Segmentation (0011)_____________________________________________________________16Process Isolation (0011)___________________________________________________________________16Reference Monitor (0011)__________________________________________________________________16Security Kernel (0011)____________________________________________________________________16Separation of Privilege (0011)______________________________________________________________16Service Level Agreements (0011)____________________________________________________________16Supervisor and User Modes (0011)__________________________________________________________16System High Mode (0011)_________________________________________________________________16
Data and Information Security (0011) (CDS)__________________________________________16Primary Storage (0011)____________________________________________________________________16Real and Virtual (0011)____________________________________________________________________16Secondary Storage (0011)__________________________________________________________________16
Databases (0010)__________________________________________________________________16Aggregation and Inference (0010)___________________________________________________________16Concurrency Issues (0010)_________________________________________________________________16Data Mine (0010)________________________________________________________________________16Data Warehouse (0010)___________________________________________________________________16Database Interface Languages (0010)_________________________________________________________16Database Security________________________________________________________________________16Distributed Data Model (0010)______________________________________________________________16Hierarchical Database (0010)_______________________________________________________________16Network Database Management System (0010)_________________________________________________16Object Oriented Database (0010)____________________________________________________________16Relational Data Model (0010)_______________________________________________________________17
Database Dictionary (0010)______________________________________________________________17
Structured Query Language (0010)_________________________________________________________17
Distributed Computing (0010)_______________________________________________________17Distributed Applications (0011)_____________________________________________________________17
Agents (0011)_________________________________________________________________________17Applets (0011)_________________________________________________________________________17Security in Distributed Systems (0011)_____________________________________________________17
Examples to Discuss (CDS)________________________________________________________________17ActiveX (0010)________________________________________________________________________17CGI (0010)___________________________________________________________________________17COM an DCOM (0010)_________________________________________________________________17Cookies (0010)________________________________________________________________________17Enterprise Java Bean (0010)______________________________________________________________17Java Applet (0010)_____________________________________________________________________17OLE (0010)___________________________________________________________________________17ORB and CORBA (0010)________________________________________________________________17
Malicious Actions (0010)___________________________________________________________17Brute Force (0011)_______________________________________________________________________17Denial of Service (0010)___________________________________________________________________17
Distributed Denial of Service_____________________________________________________________17Dictionary attack (0011)___________________________________________________________________17Eavesdropping (0011)_____________________________________________________________________17Hidden Code (0011)______________________________________________________________________17Inference (0011)_________________________________________________________________________17Logic Bomb (0010)_______________________________________________________________________17Pseudo Flaw (0011)______________________________________________________________________17Remote Maintenance (0011)________________________________________________________________17Smurf Attacks (0010)_____________________________________________________________________17Sniffing (0011)__________________________________________________________________________17Social Engineering (0011)_________________________________________________________________17Timing Attacks (0010)____________________________________________________________________17Traffic Analysis (0011)____________________________________________________________________17Trojan Horse (0010)______________________________________________________________________17Virus (0010)____________________________________________________________________________17Worm (0010)____________________________________________________________________________17
Object Oriented Environments and Principles (0010)___________________________________17Abstraction (0010)_______________________________________________________________________17Application Threat(s (0010)________________________________________________________________17Classes and Objects (0010)_________________________________________________________________17Polyinstantiation (0010)___________________________________________________________________17Polymorphism (0010)_____________________________________________________________________17
Project development (0010)_________________________________________________________17Software Lifecycle (0010)_________________________________________________________________17Software Development Models (0010)________________________________________________________17
Acceptance Testing (0010)_______________________________________________________________17Accreditation (0011)____________________________________________________________________17Certification (0011)_____________________________________________________________________17Change Management (0011)______________________________________________________________17Code (0011)___________________________________________________________________________17Code Review (0011)____________________________________________________________________17Conceptual definition (0011)_____________________________________________________________17Configuration Management (0011)_________________________________________________________17Design (0011)_________________________________________________________________________17Disposal (0010)________________________________________________________________________17
Functional Design Analysis and Planning (0010)______________________________________________17Functional Requirements (0011)___________________________________________________________17Functional Specifications (0011)__________________________________________________________17Implementation (0010)__________________________________________________________________18Maintenance (0010) (0011)_______________________________________________________________18Operations (0010)______________________________________________________________________18Project Initiation (0010)_________________________________________________________________18Software Development (0010)____________________________________________________________18System Design Specification (0010)________________________________________________________18System Test (0011)_____________________________________________________________________18
Writing Secure Code (???)__________________________________________________________18
Awareness, Training and Education (CDS/VIC)____________________________________18Tools (CDS)______________________________________________________________________18
Standards_______________________________________________________________________________18
Cryptography (0100) (0010) Stuff from my book?___________________________________18Cryptography Defined_____________________________________________________________18
Classes of Ciphers________________________________________________________________________18Cipher Types (0010)______________________________________________________________________18
Asymmetric Cryptography (0010)_________________________________________________________18Block Cipher (0010)____________________________________________________________________18Kerckhoff Principle (0010)_______________________________________________________________18Key Escrow (0010)_____________________________________________________________________18Stream Cipher (0010)___________________________________________________________________18Substitution Cipher (0010)_______________________________________________________________18Symmetric Cryptography (0010)__________________________________________________________18Transposition Cipher (0010)______________________________________________________________18
Key Clusters (0011)______________________________________________________________________18Encryption and Decryption (0011)___________________________________________________________18Work Factor Force times effort and work (0011)________________________________________________18
Message Authentication____________________________________________________________18Digital Signatures________________________________________________________________________18Message Digests_________________________________________________________________________18Non Repudiation_________________________________________________________________________18
Attacks (0010)____________________________________________________________________18Adaptive Chosen Plaintext Attack (0010)_____________________________________________________18Analytic Attack (0010) (0011)______________________________________________________________18Brute Force (0011)_______________________________________________________________________18Implementation Attacks (0011)_____________________________________________________________18Known Plaintext Attack (0010)_____________________________________________________________18Man in the Middle Attack (0010)____________________________________________________________18Statistical Attacks (0011)__________________________________________________________________18Specific Methods of Attack_________________________________________________________________18
Chosen Ciphertext Attack (0010)__________________________________________________________18Chosen Plaintext Attack (0010)___________________________________________________________18Ciphertext – Only Attack (0010)__________________________________________________________18
Key Issues (0011)_________________________________________________________________18Key Change (0011)_______________________________________________________________________18Key Control (0011)_______________________________________________________________________18Key Disposal (0011)______________________________________________________________________18Key Distribution (0011)___________________________________________________________________18
Key Generation (0011)____________________________________________________________________18Key Installation (0011)____________________________________________________________________18Key Escrow and Recovery (0011)___________________________________________________________18Key Storage (0011)_______________________________________________________________________18
Cryptographic Applications (0010)___________________________________________________18Encryption at Different Layers (0010)________________________________________________________18One Time Pad (0010)_____________________________________________________________________18Public Key Infrastructure (PKI) (0010)_______________________________________________________18
Certificate Revocation List (CRL) (0010)___________________________________________________18Certification Authority (CA) (0010)________________________________________________________19PKI Steps (0010)_______________________________________________________________________19Registration Authority (0010)_____________________________________________________________19
Cryptographic Protocols (0010)_____________________________________________________19Internet Security (0010)___________________________________________________________________19
HTTPS (0010)_________________________________________________________________________19IPSec (0010)__________________________________________________________________________19S/MIME (0010)________________________________________________________________________19Secure Hypertext Transfer Protocol (S-HTTP) (0010)__________________________________________19Secure Sockets Layer (SSL) (0010)________________________________________________________19SET (0010)___________________________________________________________________________19SSH2 (0010)__________________________________________________________________________19
Message Security Protocol (MSP) (0010)_____________________________________________________19Pretty Good Privacy (PGP) (0010)___________________________________________________________19Privacy Enhanced Mail (PEM) (0010)________________________________________________________19
Cryptography Definitions (0010)____________________________________________________19Attacks (0010)___________________________________________________________________________19Keys and Text (0010)_____________________________________________________________________19Keyspace (0010)_________________________________________________________________________19Spy Cipher (0010)________________________________________________________________________19Steganography (0010)_____________________________________________________________________19Strength of Crypto Systems (0010)___________________________________________________________19
Hybrid Approaches (0010)__________________________________________________________19Asymmetric Algorithm (0010)______________________________________________________________19
Diffie Hellman Key Exchange (0010)______________________________________________________19El Gamal (0010)_______________________________________________________________________19Elliptic Curve Cryptosystems (ECC) (0010)_________________________________________________19
Data Encryption (0010)____________________________________________________________________19Key Management (0010)__________________________________________________________________19Security Goals (0010)_____________________________________________________________________19Symmetric Algorithms (0010)______________________________________________________________19
Advanced Encryption Standard (AES) (0010)________________________________________________19DES (0010)___________________________________________________________________________19Triple DES (0010)______________________________________________________________________19
Message Integrity and Digital Signatures (0010)________________________________________19Electronic Signaling (0010)________________________________________________________________19
DSS? (0010)__________________________________________________________________________19Message Authentication Code (0010)_________________________________________________________19Message Integrity (0010)__________________________________________________________________19
Attacks on Hashing Functions (0010)_______________________________________________________19Hashing Algorithms (0010)______________________________________________________________19One Way Hash (0010)___________________________________________________________________19
Disaster Recovery (DRP) and Business Continuity (BCP) (0010) (DAN?)_______________19
A Background for DRP and BCP (0011)______________________________________________19Classes of Disasters (0011)_________________________________________________________________19
Natural Disaster (0011)__________________________________________________________________19Man Made Disaster (0011)_______________________________________________________________19
Disaster Recovery vs. Business Continuity (0010) (0011)_________________________________________19BCP Keeps Ops Running (0011)__________________________________________________________19DRP Restores Normal OPS (0011)_________________________________________________________19Commonality (0011)____________________________________________________________________19
Identify Critical Business Functions (0011)________________________________________________19Identify Experts (0011)________________________________________________________________19Identify Possible Disaster Scenarios (0011)________________________________________________19
BCP Development (0011)___________________________________________________________19Backups and Off-Site Storage (0011)_________________________________________________________19Document Strategy (0011)_________________________________________________________________20Documentation (0011)____________________________________________________________________20Emergency Response (0011)_______________________________________________________________20External Communications (0011)____________________________________________________________20Fire Protection (0011)_____________________________________________________________________20Identify Success Factors (0011)_____________________________________________________________20Logistics and Supplies (0011)_______________________________________________________________20Maintain the Plan (0011)___________________________________________________________________20Organization awareness and Training (0011)___________________________________________________20Personnel Notification (0011)_______________________________________________________________20Project Team Management (0011)___________________________________________________________20Senior Management Involvement (0011)______________________________________________________20Senior Management Support (0011)__________________________________________________________20Simplify Critical Functions (0011)___________________________________________________________20Software Escrow Agreements (0011)_________________________________________________________20Utilities (0011)__________________________________________________________________________20
Backups and Off-Site Facilities (0010)________________________________________________20Backup Facility Alternatives (0010)__________________________________________________________20
Hot site (0010)________________________________________________________________________20Cold site (0010)________________________________________________________________________20Warm site (0010)______________________________________________________________________20
Choosing a Software Backup Storage Facility (0010)____________________________________________20Employees and Working Environment (0010)__________________________________________________20
Business Impact Analysis (0010)_____________________________________________________20Criticality Assessment (0011)_______________________________________________________________20Defining the Resource Requirements (0011)___________________________________________________20Identifying Key Players (0011)______________________________________________________________20Setting Maximum Tolerable Downtime (0011)_________________________________________________20Threats (0011) (0010)_____________________________________________________________________20Vulnerability Assessment (0011)____________________________________________________________20
DRP and BCP Objectives (0010)_____________________________________________________20Documentation (0010)____________________________________________________________________20Emergency Response (0010)_______________________________________________________________20Maintenance (0010)______________________________________________________________________20Phase Breakdown (0010)__________________________________________________________________20Prevention (0010)________________________________________________________________________20Recovery and Restoration (0010)____________________________________________________________20Testing and Drills (0010)__________________________________________________________________20
DRP Development (0011)___________________________________________________________20
Facilitate External Communication (0011)_____________________________________________________20Maintain Physical Security (0011)___________________________________________________________20Personnel Identification (0011)______________________________________________________________20Prepare for Emergency Response (0011)______________________________________________________20
Test Recovery Plan________________________________________________________________20
Test Continuity Plan_______________________________________________________________20
Product Life Cycle (0010)__________________________________________________________20
Project Initiation Phase (0010)______________________________________________________20
Threats (0010)____________________________________________________________________20
Law, Investigation, and Ethics (0010)____________________________________________20Types of Law (0011)_______________________________________________________________20
Common Law___________________________________________________________________________20Constitutional Law_______________________________________________________________________20International Law________________________________________________________________________20
Computer Crime Investigation (0010)________________________________________________20Admissibility of Evidence (0010)____________________________________________________________20Collecting Evidence (0010)________________________________________________________________20Enticement and Entrapment (0010)__________________________________________________________21Evidence Types (0010)____________________________________________________________________21
Best Evidence_________________________________________________________________________21Hearsay Evidence______________________________________________________________________21Secondary Evidence____________________________________________________________________21
Forensics (0010)_________________________________________________________________________21Incident Handling (0010)__________________________________________________________________21Incident Response Plan (0010)______________________________________________________________21Incident Response Team (0010)_____________________________________________________________21Search and Seizure (0010)_________________________________________________________________21Trial (0010)_____________________________________________________________________________21Who should Perform Investigation (0010)_____________________________________________________21
Ethics (0010)_____________________________________________________________________21General Ethics Discussion_________________________________________________________________21Computer Ethics Institute__________________________________________________________________21Internet Activities Board___________________________________________________________________21ISC2__________________________________________________________________________________21
Types of Attacks__________________________________________________________________21Hacking (0010)__________________________________________________________________________21Terrorist Attacks_________________________________________________________________________21Military Attacks_________________________________________________________________________21Intelligence Attacks_______________________________________________________________________21Financial Attacks_________________________________________________________________________21Business Attacks_________________________________________________________________________21Grudge Attacks__________________________________________________________________________21Recreation______________________________________________________________________________21Tools__________________________________________________________________________________21
Data Diddling_________________________________________________________________________21Dumpster Diving_______________________________________________________________________21Excessive Privilege_____________________________________________________________________21IP Spoofing___________________________________________________________________________21Password Sniffing______________________________________________________________________21
Salami_______________________________________________________________________________21Social Engineering_____________________________________________________________________21Wiretapping___________________________________________________________________________21
Prosecution Problems______________________________________________________________21Investigation____________________________________________________________________________21
Evidence_____________________________________________________________________________21Conducting Investigation________________________________________________________________21Incident Handling and Response___________________________________________________________21
What does an attacker look like?____________________________________________________21Hackers (0011)__________________________________________________________________________21Script Kiddies (0011)_____________________________________________________________________21Virus Writers (0011)______________________________________________________________________21Phreakers (0011)_________________________________________________________________________21
Organization Liabilities and Ramifications (0010)______________________________________21Legal Liability___________________________________________________________________________21
Employee Suits________________________________________________________________________21Downstream Liability___________________________________________________________________21
Privacy Issues___________________________________________________________________________21Electronic Communicat9ion Privacy Act of 1986_____________________________________________21Employee Monitoring___________________________________________________________________21Gramm Leach Bliley Act 1999____________________________________________________________21Health Insurance Portability and Accountability Act (HIPPA)___________________________________21Privacy Act of 1974____________________________________________________________________21Transborder Information Flow____________________________________________________________21
Security Principles_______________________________________________________________________22
Types of Law (0010)_______________________________________________________________22International Laws________________________________________________________________________22
Australia_____________________________________________________________________________22United Kingdom_______________________________________________________________________22Netherlands___________________________________________________________________________22
Administrative Law_______________________________________________________________________22Civil Law_______________________________________________________________________________22Criminal Law___________________________________________________________________________22
18 US Code 1029 (Credit Card Fraud)______________________________________________________2218 US Code 1030 (Computer Fraud and abuse)_______________________________________________2218 US Code 2319 (Copyrights)____________________________________________________________2218 US Code 2511 (Interception)___________________________________________________________2218 US Code 2701 (Access to Electronic Info)________________________________________________22Child Pornography_____________________________________________________________________22Computer Security Act of 1987___________________________________________________________22Mail Fraud____________________________________________________________________________22Patriot Act____________________________________________________________________________22Wire Fraud___________________________________________________________________________22
Federal Policies__________________________________________________________________________22Computer Fraud and Abuse Act 1986_______________________________________________________22Economic Espionage act of 1996__________________________________________________________22Federal Sentencing Guidelines____________________________________________________________22
State Laws______________________________________________________________________________22Texas________________________________________________________________________________22Georgia______________________________________________________________________________22Florida_______________________________________________________________________________22Maryland_____________________________________________________________________________22
Intellectual Property______________________________________________________________________22
Copyright____________________________________________________________________________22Patent________________________________________________________________________________22Trade Secret__________________________________________________________________________22Trademark____________________________________________________________________________22
Software Piracy__________________________________________________________________________22
Operations Security (0010)_____________________________________________________22A General Concept (0011)__________________________________________________________22
Anti Virus Management (0011)_____________________________________________________________22Backup of Critical Information (0011)________________________________________________________22Need to know (0011)______________________________________________________________________22Least Privilege (0011)_____________________________________________________________________22Privileged Functions (0011)________________________________________________________________22Privacy (0011)___________________________________________________________________________22Legal Requirements (0011)_________________________________________________________________22Illegal Activities (0011)___________________________________________________________________22Records Retention (0011)__________________________________________________________________22Handling Sensitive Information (0011)_______________________________________________________22
Configuration Management and Media Control (0010)__________________________________22Data Controls (Input and Output)____________________________________________________________22Media Controls__________________________________________________________________________22
Operations Control (0010)__________________________________________________________22Administrative Control____________________________________________________________________22
Clipping levels________________________________________________________________________22Job Rotation__________________________________________________________________________22Least Privilege_________________________________________________________________________22Mandatory Vacations___________________________________________________________________22Need to Know_________________________________________________________________________22Separation of Duties____________________________________________________________________23
Control Categories_______________________________________________________________________23Due Care_______________________________________________________________________________23
Reacting to failures and recovering (0010)_____________________________________________23Trusted Recovery (0010)__________________________________________________________________23
Operational Responsibility_________________________________________________________23Deviation from Standards__________________________________________________________________23Unscheduled Initial Program Loads__________________________________________________________23Unusual or Unexplained Occurrence_________________________________________________________23
Software Backups (0010)___________________________________________________________23Backups________________________________________________________________________________23Network Availability______________________________________________________________________23
Physical Security (0010)_______________________________________________________23Location Selection_________________________________________________________________23
Choose a Secure Location__________________________________________________________________23Designate a Security Facility_______________________________________________________________23
Electrical Power and Environmental Issues (0010)______________________________________23Environmental Consideration (0010)_________________________________________________________23Power Interference (0010)_________________________________________________________________23UPS (0010)_____________________________________________________________________________23Ventilation (0010)________________________________________________________________________23Water, Steam and Gas (0010)_______________________________________________________________23
Fire Detection and Suppression (0010)________________________________________________23Emergency Response (0010)_______________________________________________________________23Fire Detection (0010)_____________________________________________________________________23Fire Extinguishing Issues (0010)____________________________________________________________23Fire Prevention (0010)____________________________________________________________________23Fire Suppression(0010)____________________________________________________________________23Fire Types (0010)________________________________________________________________________23Halon (0010)____________________________________________________________________________23Water Sprinkler (0010)____________________________________________________________________23
Perimeter Security (0010)__________________________________________________________23Entrance Protection (0010)_________________________________________________________________23Facility Access (0010)____________________________________________________________________23Fencing (0010)__________________________________________________________________________23Intrusion Detection (0010)_________________________________________________________________23Lighting (0010)__________________________________________________________________________23Locks (0010)____________________________________________________________________________23Surveillance Devices (0010)________________________________________________________________23
Physical Security Controls (0010)____________________________________________________23Computing Area (0010)___________________________________________________________________23Facility Construction (0010)________________________________________________________________23Facility Location (0010)___________________________________________________________________23Hardware Backup (0010)__________________________________________________________________23
Security Management Practices (0010)___________________________________________23Security Audit____________________________________________________________________23
Audit Trails_____________________________________________________________________________23Anatomy of an Audit Record_____________________________________________________________23Types of Audit Trail____________________________________________________________________23Finding Trouble in Logs_________________________________________________________________23Problem Management and Audit Trail______________________________________________________23Retaining Audit Logs___________________________________________________________________23Protection of Audit Logs_________________________________________________________________23
Monitoring_____________________________________________________________________________23Facilities Monitoring____________________________________________________________________23Intrusion Detection_____________________________________________________________________23Keystroke Monitoring___________________________________________________________________24Penetration Testing_____________________________________________________________________24Responding to Events___________________________________________________________________24
CERT?_____________________________________________________________________________24Traffic and Trends Analysis______________________________________________________________24Violation Analysis______________________________________________________________________24
Employee Management (0010)______________________________________________________24Operational and Administrative Controls (0011)________________________________________________24
Background Checking (0011)_____________________________________________________________24Background Checks and Security Clearance (0011)____________________________________________24Employment Agreements (0011)__________________________________________________________24Hiring and Termination Practice (0011)_____________________________________________________24Job Description (0011)__________________________________________________________________24Job Requirements (0011)________________________________________________________________24Job Rotation (0011)_____________________________________________________________________24Job Specifications (0011)________________________________________________________________24Roles and Responsibilities (0011)__________________________________________________________24Separation of Duties (0011)______________________________________________________________24
Information Classification (0010)____________________________________________________24Government vs Commercial model (CDS)_____________________________________________________24
Commercial Data Classification (0011)_____________________________________________________24Governmental Data Classification (0011)____________________________________________________24
Management Responsibilities (0010)_________________________________________________24
Risk Calculation (0010)____________________________________________________________24Dealing with Risk (0010)__________________________________________________________________24Quantitative and Qualitative (0010)__________________________________________________________24Selection of Countermeasures (0010)_________________________________________________________24
Risk Management (0010)___________________________________________________________24Risk Analysis (0010)______________________________________________________________________24Risk Control (0011)______________________________________________________________________24Risk Identification (0011)__________________________________________________________________24
Roles and Responsibilities (0010)____________________________________________________24DAA – need better name (CDS)_____________________________________________________________24Data Custodian (0010)____________________________________________________________________24Data Owner (0010)_______________________________________________________________________24ISSO (CDS)_____________________________________________________________________________24Security Auditor (0010)___________________________________________________________________24System Certifier (CDS)____________________________________________________________________24Systems Administrator (CDS)______________________________________________________________24User (0010)_____________________________________________________________________________24
Security Control Types (0010)_______________________________________________________24Administrative Controls (0011)_____________________________________________________________24Change Controls (0011)___________________________________________________________________24Media Controls (0011)____________________________________________________________________24Privileged Entity Controls (0011)____________________________________________________________24Resource Protection (0011)_________________________________________________________________24Trusted Recovery (0011)__________________________________________________________________24
Security Policies and Supporting Counterparts (0010)___________________________________24Baselines (0010)_________________________________________________________________________24Guidelines (0010)________________________________________________________________________24Procedures (0010)________________________________________________________________________24Security Policy (0010)____________________________________________________________________24Standards (0010)_________________________________________________________________________24
Threats (0010) (0011) Countermeasures______________________________________________24Employee Sabotage (0011)_________________________________________________________________24Errors and Omissions (0011)_______________________________________________________________24Fraud (0011)____________________________________________________________________________24Hackers and Crackers (0011)_______________________________________________________________25Industrial Espionage (0011)________________________________________________________________25Loss of Physical and Infrastructure Support (0011)______________________________________________25Malicious Code (0011)____________________________________________________________________25Theft (0011)____________________________________________________________________________25
Security Models and Architecture (0010)__________________________________________25Architecture (0011)________________________________________________________________25
Open and Closed Systems (0011)____________________________________________________________25Protection Rings (0011)___________________________________________________________________25Recovery Procedures (0011)________________________________________________________________25Security Modes (0011)____________________________________________________________________25
Trusted Security Base (0011)_______________________________________________________________25
Operations Systems Security Mechanisms (0010)_______________________________________25Process Isolation (0010)___________________________________________________________________25Protection Rings (0010)___________________________________________________________________25Reference Monitor (0010)__________________________________________________________________25Security Kernel (0010)____________________________________________________________________25Trusted Computing Base (0010)_____________________________________________________________25Virtual Machine (0010)____________________________________________________________________25
Security Evaluation Criteria (0010)__________________________________________________25Certification vs Accreditation (0010) (0011)___________________________________________________25
DITSCAP (0011)______________________________________________________________________25NIACAP (0011)_______________________________________________________________________25
Evaluation (0010)________________________________________________________________________25BS 7799 (DAN)_______________________________________________________________________25Common Criteria (0010) (0011)___________________________________________________________25European Information Technology Security Evaluation Criteria (ITSEC) (0011)_____________________25Information Technology Security Evaluation Criteria (0010)____________________________________25ISO 17788 (DAN)______________________________________________________________________25Rainbow Series (OBE but..) (0010)________________________________________________________25Trusted Computer System Evaluation Criteria (0010) (0011)____________________________________25Trusted Network Interpretation (0011)______________________________________________________25
Security Models (0010) Some Belong in Access Control?_________________________________25Integrity VS Privacy Which model is which (CDS)______________________________________________25Access Matrix (0010) (0011)_______________________________________________________________25Bell – LaPadula (0010)____________________________________________________________________25Biba (0010)_____________________________________________________________________________25Brewer and Nash Model (0010)_____________________________________________________________25Clark – Wilson (0010)_____________________________________________________________________25Graham – Denning (0010)_________________________________________________________________25Harrison – Ruszzo – Ulman (0010)__________________________________________________________25Information Flow Model (0010)_____________________________________________________________25Non-Interference (0010)___________________________________________________________________25State Machines (0010)____________________________________________________________________25Take Grant (0011)________________________________________________________________________25
System Components (0010) (See the Big Computer) Early chapter?_______________________25Central Processing Unit (0010)______________________________________________________________25Data Access Storage (0010)________________________________________________________________25Firmware_______________________________________________________________________________25General Architecture of Systems (Von Neumann Bit) (0010)______________________________________25Hardware_______________________________________________________________________________25ISO Model 7 layer ? (CDS)_________________________________________________________________25Operating States (0010)___________________________________________________________________25Pointers etc (CDS)_______________________________________________________________________25Processing Instructions (0010)______________________________________________________________25Software_______________________________________________________________________________26Storage and Memory Types (0010)__________________________________________________________26Virtual Storage (0010)____________________________________________________________________26
Telecommunications and Network Security (0010)__________________________________26Network Types (0011)_____________________________________________________________26
Local Area (0011)________________________________________________________________________26Wide Area (0011)________________________________________________________________________26
Cables and Data Transmission Types (0010)___________________________________________26802-11 (CDS)___________________________________________________________________________26Asynchronous and Synchronous (0010)_______________________________________________________26Broadband and Base band (0010)____________________________________________________________26Cable Issues (0010)_______________________________________________________________________26Coaxial Cable (0010)_____________________________________________________________________26Fiber (0010)_____________________________________________________________________________26Fire Ratings (0010)_______________________________________________________________________26Microwave (CDS)________________________________________________________________________26Signals (0010)___________________________________________________________________________26Transmission Methods (0010)______________________________________________________________26Twisted Pair Cable (0010)_________________________________________________________________26
Fault Tolerance Methods and Mechanisms (0010)______________________________________26RAID (0010)____________________________________________________________________________26Clustering (0010)________________________________________________________________________26Backup (0010)___________________________________________________________________________26
LAN Technologies (0010)___________________________________________________________26Media Access Technologies (0010)__________________________________________________________26
Ethernet (0010)________________________________________________________________________26Polling (0010))________________________________________________________________________26Token (0010)__________________________________________________________________________26
Network Topologies (0010)________________________________________________________________26Bus (0010)____________________________________________________________________________26Ring (0010)___________________________________________________________________________26Star (0010)____________________________________________________________________________26
Protocols (0010)_________________________________________________________________________26Address Resolution Protocol (ARP) (0010)__________________________________________________26Boot Protocol (0010)____________________________________________________________________26Internet Control Message Protocol (ICMP) (0010)____________________________________________26Reverse Address Resolution Protocol (RARP) (0010)__________________________________________26
Network Devices and Services (0010)_________________________________________________26Bridge (0010)___________________________________________________________________________26Brouter (0010)___________________________________________________________________________26Firewalls (0010)_________________________________________________________________________26
Administration (0010)___________________________________________________________________26Architecture (0010)_____________________________________________________________________26Packet Filter (0010)_____________________________________________________________________26Proxy Firewall (0010)___________________________________________________________________26State Firewall (0010)____________________________________________________________________26
Gateway (0010)__________________________________________________________________________26Network Services (0010)__________________________________________________________________26
DNS (0010)___________________________________________________________________________26NAT (0010)___________________________________________________________________________26
Remote Connection (0010)_________________________________________________________________26CHAP (0010)_________________________________________________________________________26EAP (0010)___________________________________________________________________________26PAP (0010)___________________________________________________________________________26PPP (0010)___________________________________________________________________________26SLIP (0010)___________________________________________________________________________26
Repeater (0010)__________________________________________________________________________27Router (0010)___________________________________________________________________________27Switches (0010)__________________________________________________________________________27
VLAN (0010)_________________________________________________________________________27VPN (0010)_____________________________________________________________________________27
IPSec (0010)__________________________________________________________________________27L2TP (0010)__________________________________________________________________________27PPTP (0010)__________________________________________________________________________27
Remote Access Methods and Technologies (0010)_______________________________________27Remote Access (0010)____________________________________________________________________27Wireless Technology (0010)________________________________________________________________27
Access Points (0010)____________________________________________________________________27OSA and SKA (0010)___________________________________________________________________27Spread Spectrum (0010)_________________________________________________________________27SSID (0010)__________________________________________________________________________27WAP (0010)__________________________________________________________________________27
Telecommunications_______________________________________________________________27Cell Phone Clone (0010)___________________________________________________________________27E-Mail Security (0011)____________________________________________________________________27
E-mail Monitoring (CDS)________________________________________________________________27E-mail Storage (CDS)___________________________________________________________________27E-mail Privacy (CDS)___________________________________________________________________27
Facsimile Security (0011)__________________________________________________________________27PBX Threat (0010)_______________________________________________________________________27
PBX Fraud (0011)______________________________________________________________________27PBX Abuse (0011)_____________________________________________________________________27
TCP/IP Model (0010)______________________________________________________________27Extranets (0010)_________________________________________________________________________27Internet Protocol (0010)___________________________________________________________________27Intranets (0010)__________________________________________________________________________27ISO/OSI Seven Layers (0011)______________________________________________________________27
Physical Layer_________________________________________________________________________27Data Link_____________________________________________________________________________27Network______________________________________________________________________________27Transport_____________________________________________________________________________27Session______________________________________________________________________________27Presentation___________________________________________________________________________27Application___________________________________________________________________________27
Networks (0010)_________________________________________________________________________27
Telecommunications Protocols and Devices (0010)______________________________________27ATM (0010)____________________________________________________________________________27Cable Modems (0010)_____________________________________________________________________27CSU/DSU (0010)________________________________________________________________________27Dedicated Link (0010)____________________________________________________________________27DSL (0010)_____________________________________________________________________________27FDDI (0010)____________________________________________________________________________27Frame Relay (0010)______________________________________________________________________27HDLC (0010)___________________________________________________________________________27ISDN (0010)____________________________________________________________________________27Multiservice Access Technology (0010)______________________________________________________27Quality of Service (0010)__________________________________________________________________27S/WAN (0010)__________________________________________________________________________27SDLC (0010)____________________________________________________________________________27SMDS (0010)___________________________________________________________________________27SONET (0010)__________________________________________________________________________27WAN Switching (0010)___________________________________________________________________27X.25 (0010)_____________________________________________________________________________28
Items looking for home (0100)__________________________________________________28CERT – Where does it go?__________________________________________________________28
Non-Computer FAX type stuff PBX?_________________________________________________28
Challenge of Survivability (0100)____________________________________________________28Compare and Contrast Security and Survivability (0100)_________________________________________28Define Survivability (0100)________________________________________________________________28Describe Layered approaches (0100)_________________________________________________________28Identify and define the components of the Information Security Model – Security Model, Information security Properties and Security measures. (0100)______________________________________________________28
Asset and Risk Management (0100)__________________________________________________28
Policy Formulation and Implementation (0100)________________________________________28
TCP/IP Security (0100)____________________________________________________________28
Threats Vulnerabilities and Attacks (0100)____________________________________________28
Host System Hardening (0100)______________________________________________________28
Secure Network Infrastructure (0100)________________________________________________28
Deploying Firewalls (0100)_________________________________________________________28
Secure Remote Access (0100)________________________________________________________28
Writing a Security Plan (CDS/?)_____________________________________________________28
Reliability and Availability Calculations______________________________________________28MTTR_________________________________________________________________________________28MTBF_________________________________________________________________________________28
Valuing Assets (ISSA and CDS Class Notes)____________________________________________28
Introduction to Information Assurance (CDS)
McCumber Model (CDS)International View (DAN)
BS 7799 (DAN)ISO 17799 (DAN)
Assurance ManagementConfidentiality (CDS) (0011)Integrity (CDS) (0011)Availability (CDS) (0011)
Access Control (0010)
Access Control Administration (0010)Centralized Systems (0010)
Diameter (0010)RADIUS (0010)TACAC (0010)
Decentralized Systems (0010)Access Control Models and Techniques (0010)
Categories of Access Control (0011)System Access Controls (0011)Data Access Controls (0011)
Access Control Techniques (0010)Capability Tables and ACL (0010)Content Dependent Access Control (0010)Restricted Interfaces (0010)
DAC (0010)MAC (0010)RBAC (0010)
Concepts of Access Control (0011)Control Types (0011)Access Control Services (0011)
Identification and Authentication (0010)Authentication (0010)
Biometrics (0010)Cognitive Password (0010)Cryptographic Keys (0010)Memory Cards (0010)One Time Passwords (0010)Passphrase (0010)Passwords (0010)Smart Cards (0010)
Authorization (0010)Stage Setting
Intrusion Detection Systems (0010) (0100)Behavior Based (0010)Host Based (0010)Network Based (0010)Signature Based (0010)Pros and Cons (0010)
Single Sign-On Technology (0010)Directory Services (0010)KERBEROS (0010)SESAME (0010)Thin Clients? (0010)
Unauthorized Access Control and Attacks (0010)Unauthorized Disclosure of Information (0010)Emanation Security (WAP and TEMPEST) (0010)Attack Types (0010)
Network AttacksSyn FloodICMP FloodUDP FloodSMURFFraggleTeardropSpoofing
Penetration Testing (Right Place?) (0010)
Applications and Systems Development (0010)
Knowledge Based Systems and Intelligence (0010) (0011)Artificial Neural Network (0010) (IGGY)Expert Systems (0010)
Application Security ControlsAbstraction (0011)Accountability (0011)Data Hiding (0011)Defense in Depth (0011)Hardware Segmentation (0011)Process Isolation (0011)Reference Monitor (0011)Security Kernel (0011)Separation of Privilege (0011)Service Level Agreements (0011)Supervisor and User Modes (0011)System High Mode (0011)
Data and Information Security (0011) (CDS)Primary Storage (0011)Real and Virtual (0011)Secondary Storage (0011)
Databases (0010)Aggregation and Inference (0010)Concurrency Issues (0010)Data Mine (0010)Data Warehouse (0010)Database Interface Languages (0010)Database SecurityDistributed Data Model (0010)Hierarchical Database (0010)Network Database Management System (0010)Object Oriented Database (0010)Relational Data Model (0010)
Database Dictionary (0010)Structured Query Language (0010)
Distributed Computing (0010)Distributed Applications (0011)
Agents (0011)Applets (0011)Security in Distributed Systems (0011)
Examples to Discuss (CDS)
ActiveX (0010)CGI (0010)COM an DCOM (0010)Cookies (0010)Enterprise Java Bean (0010)Java Applet (0010)OLE (0010)ORB and CORBA (0010)
Malicious Actions (0010)Brute Force (0011)Denial of Service (0010)
Distributed Denial of ServiceDictionary attack (0011)Eavesdropping (0011)Hidden Code (0011)Inference (0011)Logic Bomb (0010)Pseudo Flaw (0011)Remote Maintenance (0011)Smurf Attacks (0010)Sniffing (0011)Social Engineering (0011)Timing Attacks (0010)Traffic Analysis (0011)Trojan Horse (0010)Virus (0010)Worm (0010)
Object Oriented Environments and Principles (0010)Abstraction (0010)Application Threat(s (0010)Classes and Objects (0010)Polyinstantiation (0010)Polymorphism (0010)
Project development (0010)Software Lifecycle (0010)Software Development Models (0010)
Acceptance Testing (0010)Accreditation (0011)Certification (0011)Change Management (0011)Code (0011)Code Review (0011)Conceptual definition (0011)Configuration Management (0011)Design (0011)Disposal (0010)Functional Design Analysis and Planning (0010)Functional Requirements (0011)Functional Specifications (0011)Implementation (0010)Maintenance (0010) (0011)Operations (0010)Project Initiation (0010)Software Development (0010)System Design Specification (0010)System Test (0011)
Writing Secure Code (???)
Awareness, Training and Education (CDS/VIC)
Tools (CDS)Standards
Cryptography (0100) (0010) Stuff from my book?
Cryptography DefinedClasses of CiphersCipher Types (0010)
Asymmetric Cryptography (0010)Block Cipher (0010)Kerckhoff Principle (0010)Key Escrow (0010)Stream Cipher (0010)Substitution Cipher (0010)Symmetric Cryptography (0010)Transposition Cipher (0010)
Key Clusters (0011)Encryption and Decryption (0011)Work Factor Force times effort and work (0011)
Attacks (0010)Adaptive Chosen Plaintext Attack (0010)Analytic Attack (0010) (0011)Brute Force (0011)Implementation Attacks (0011)Known Plaintext Attack (0010)Man in the Middle Attack (0010)Statistical Attacks (0011)Specific Methods of Attack
Chosen Ciphertext Attack (0010)Chosen Plaintext Attack (0010)Ciphertext – Only Attack (0010)
Cryptographic Applications (0010)Encryption at Different Layers (0010)One Time Pad (0010)Public Key Infrastructure (PKI) (0010)
Certificate Revocation List (CRL) (0010)Certification Authority (CA) (0010)PKI Steps (0010)Registration Authority (0010)
Cryptographic Protocols (0010)Internet Security (0010)
HTTPS (0010)IPSec (0010)S/MIME (0010)Secure Hypertext Transfer Protocol (S-HTTP) (0010)Secure Sockets Layer (SSL) (0010)SET (0010)SSH2 (0010)
Message Security Protocol (MSP) (0010)Pretty Good Privacy (PGP) (0010) Privacy Enhanced Mail (PEM) (0010)
Cryptography Definitions (0010)
Attacks (0010)Keys and Text (0010)Keyspace (0010)Spy Cipher (0010)Steganography (0010)Strength of Crypto Systems (0010)
Hybrid Approaches (0010)Asymmetric Algorithm (0010)
Diffie Hellman Key Exchange (0010)El Gamal (0010) Elliptic Curve Cryptosystems (ECC) (0010)
Data Encryption (0010)Key Management (0010)Security Goals (0010)Symmetric Algorithms (0010)
Advanced Encryption Standard (AES) (0010)DES (0010)Triple DES (0010)
Key Issues (0011)Key Change (0011)Key Control (0011)Key Disposal (0011)Key Distribution (0011)Key Generation (0011)Key Installation (0011)Key Escrow and Recovery (0011)Key Storage (0011)
Message AuthenticationDigital SignaturesMessage Digests Non Repudiation
Message Integrity and Digital Signatures (0010)Electronic Signaling (0010)
DSS? (0010)Message Authentication Code (0010)Message Integrity (0010)
Attacks on Hashing Functions (0010)Hashing Algorithms (0010)One Way Hash (0010)
Disaster Recovery (DRP) and Business Continuity (BCP) (0010) (DAN?)
A Background for DRP and BCP (0011)Classes of Disasters (0011)
Natural Disaster (0011)Man Made Disaster (0011)
Disaster Recovery vs. Business Continuity (0010) (0011)BCP Keeps Ops Running (0011)DRP Restores Normal OPS (0011)Commonality (0011)
Identify Critical Business Functions (0011)Identify Experts (0011)Identify Possible Disaster Scenarios (0011)
BCP Development (0011)Backups and Off-Site Storage (0011)Document Strategy (0011)Documentation (0011)Emergency Response (0011)External Communications (0011)Fire Protection (0011)Identify Success Factors (0011)Logistics and Supplies (0011)Maintain the Plan (0011)Organization awareness and Training (0011)Personnel Notification (0011)Project Team Management (0011)Senior Management Involvement (0011)Senior Management Support (0011)Simplify Critical Functions (0011)Software Escrow Agreements (0011)Utilities (0011)
Backups and Off-Site Facilities (0010)Backup Facility Alternatives (0010)
Hot site (0010)Cold site (0010)Warm site (0010)
Choosing a Software Backup Storage Facility (0010)Employees and Working Environment (0010)
Business Impact Analysis (0010)Criticality Assessment (0011)Defining the Resource Requirements (0011)Identifying Key Players (0011)Setting Maximum Tolerable Downtime (0011)Threats (0011) (0010)Vulnerability Assessment (0011)
DRP and BCP Objectives (0010)Documentation (0010)Emergency Response (0010)Maintenance (0010)Phase Breakdown (0010)
Prevention (0010)Recovery and Restoration (0010)Testing and Drills (0010)
DRP Development (0011)Facilitate External Communication (0011)Maintain Physical Security (0011)Personnel Identification (0011)Prepare for Emergency Response (0011)
Test Recovery PlanTest Continuity PlanProduct Life Cycle (0010)Project Initiation Phase (0010)Threats (0010)
Law, Investigation, and Ethics (0010)
Types of Law (0011) (0010)Administrative LawCommon LawConstitutional Law
Civil LawIntellectual Property
Copyright
Patent
Trade Secret
TrademarkCriminal Law
18 US Code 1029 (Credit Card Fraud)18 US Code 1030 (Computer Fraud and abuse)18 US Code 2319 (Copyrights)18 US Code 2511 (Interception)18 US Code 2701 (Access to Electronic Info)Child PornographyComputer Security Act of 1987Mail FraudPatriot ActWire Fraud
Federal PoliciesComputer Fraud and Abuse Act 1986Economic Espionage act of 1996Federal Sentencing Guidelines
State LawsTexasGeorgiaFloridaMaryland
International LawsAustraliaUnited KingdomNetherlands
Software PiracyComputer Crime Investigation (0010)
Admissibility of Evidence (0010)Collecting Evidence (0010)Enticement and Entrapment (0010)Evidence Types (0010)
Best EvidenceHearsay EvidenceSecondary Evidence
Forensics (0010)Incident Handling (0010)Incident Response Plan (0010)Incident Response Team (0010)
Search and Seizure (0010)Trial (0010)Who should Perform Investigation (0010)
Ethics (0010)General Ethics DiscussionComputer Ethics Institute Internet Activities BoardISC2
Types of AttacksHacking (0010)Terrorist AttacksMilitary AttacksIntelligence AttacksFinancial AttacksBusiness AttacksGrudge AttacksRecreationTools
Data DiddlingDumpster DivingExcessive PrivilegeIP SpoofingPassword SniffingSalamiSocial EngineeringWiretapping
Prosecution ProblemsInvestigation
EvidenceConducting InvestigationIncident Handling and Response
What does an attacker look like?Hackers (0011)Script Kiddies (0011)Virus Writers (0011)Phreakers (0011)
Organization Liabilities and Ramifications (0010)Legal Liability
Employee SuitsDownstream Liability
Privacy IssuesElectronic Communicat9ion Privacy Act of 1986Employee MonitoringGramm Leach Bliley Act 1999Health Insurance Portability and Accountability Act (HIPPA)Privacy Act of 1974Transborder Information Flow
Security PrinciplesTypes of Law (0010)
Operations Security (0010)
A General Concept (0011)Anti Virus Management (0011)Backup of Critical Information (0011)Need to know (0011)Least Privilege (0011)Privileged Functions (0011)Privacy (0011)Legal Requirements (0011)Illegal Activities (0011)Records Retention (0011)Handling Sensitive Information (0011)
Configuration Management and Media Control (0010)Data Controls (Input and Output)Media Controls
Operations Control (0010)Administrative Control
Clipping levelsJob RotationLeast PrivilegeMandatory VacationsNeed to KnowSeparation of Duties
Control CategoriesDue Care
Reacting to failures and recovering (0010)Trusted Recovery (0010)
Operational ResponsibilityDeviation from StandardsUnscheduled Initial Program LoadsUnusual or Unexplained Occurrence
Software Backups (0010)BackupsNetwork Availability
Physical Security (0010)
Location SelectionChoose a Secure LocationDesignate a Security Facility
Electrical Power and Environmental Issues (0010)Environmental Consideration (0010)Power Interference (0010)UPS (0010)Ventilation (0010)Water, Steam and Gas (0010)
Fire Detection and Suppression (0010)Fire Types (0010)Fire Prevention (0010)Fire Detection (0010)Emergency Response (0010)Fire Extinguishing Issues (0010)Fire Suppression (0010)
Halon (0010)Water Sprinkler (0010)
Perimeter Security (0010)Facility Access (0010)Perimeter Protection (0010)
Fencing (0010)Intrusion Detection (0010)Lighting (0010)Locks (0010)
Surveillance Devices (0010)Physical Security Controls (0010)
Computing Area (0010)Facility Construction (0010)Facility Location (0010)Hardware Backup (0010)
Security Management Practices (0010)
Security AuditAudit Trails
Anatomy of an Audit RecordTypes of Audit TrailFinding Trouble in LogsProblem Management and Audit TrailRetaining Audit LogsProtection of Audit Logs
MonitoringFacilities MonitoringIntrusion DetectionKeystroke MonitoringPenetration TestingResponding to Events
CERT?Traffic and Trends AnalysisViolation Analysis
Employee Management (0010)Operational and Administrative Controls (0011)
Background Checking (0011)Background Checks and Security Clearance (0011)Employment Agreements (0011)Hiring and Termination Practice (0011)Job Description (0011)Job Requirements (0011)Job Rotation (0011)Job Specifications (0011)Roles and Responsibilities (0011)Separation of Duties (0011)
Information Classification (0010)Government vs Commercial model (CDS)
Commercial Data Classification (0011)Governmental Data Classification (0011)
Management Responsibilities (0010)Risk Calculation (0010)
Dealing with Risk (0010)Quantitative and Qualitative (0010)Selection of Countermeasures (0010)
Risk Management (0010)Risk Analysis (0010)Risk Control (0011)Risk Identification (0011)
Roles and Responsibilities (0010)DAA – need better name (CDS)Data Custodian (0010)Data Owner (0010)ISSO (CDS)
Security Auditor (0010)System Certifier (CDS)Systems Administrator (CDS)User (0010)
Security Control Types (0010)Administrative Controls (0011)Change Controls (0011)Media Controls (0011)Privileged Entity Controls (0011)Resource Protection (0011)Trusted Recovery (0011)
Security Policies and Supporting Counterparts (0010)Baselines (0010)Guidelines (0010)Procedures (0010)Security Policy (0010)Standards (0010)
Threats (0010) (0011) CountermeasuresEmployee Sabotage (0011)Errors and Omissions (0011)Fraud (0011)Hackers and Crackers (0011)Industrial Espionage (0011)Loss of Physical and Infrastructure Support (0011)Malicious Code (0011)Theft (0011)
Security Models and Architecture (0010)
Architecture (0011)Open and Closed Systems (0011)Protection Rings (0011)Recovery Procedures (0011)Security Modes (0011)Trusted Security Base (0011)
Operations Systems Security Mechanisms (0010)Process Isolation (0010)Protection Rings (0010)Reference Monitor (0010)Security Kernel (0010)Trusted Computing Base (0010)Virtual Machine (0010)
Security Evaluation Criteria (0010)Certification vs Accreditation (0010) (0011)
DITSCAP (0011)NIACAP (0011)
Evaluation (0010)BS 7799 (DAN)Common Criteria (0010) (0011)European Information Technology Security Evaluation Criteria (ITSEC) (0011)Information Technology Security Evaluation Criteria (0010)ISO 17788 (DAN)Rainbow Series (OBE but..) (0010)Trusted Computer System Evaluation Criteria (0010) (0011)Trusted Network Interpretation (0011)
Security Models (0010) Some Belong in Access Control?Integrity VS Privacy Which model is which (CDS)Access Matrix (0010) (0011)Bell – LaPadula (0010)Biba (0010)Brewer and Nash Model (0010)Clark – Wilson (0010)Graham – Denning (0010)Harrison – Ruszzo – Ulman (0010)Information Flow Model (0010)Non-Interference (0010)State Machines (0010)Take Grant (0011)
System Components (0010) (See the Big Computer) Early chapter?Central Processing Unit (0010)Data Access Storage (0010)FirmwareGeneral Architecture of Systems (Von Neumann Bit) (0010)HardwareISO Model 7 layer ? (CDS)Operating States (0010)Pointers etc (CDS)
Processing Instructions (0010)SoftwareStorage and Memory Types (0010)Virtual Storage (0010)
Telecommunications and Network Security (0010)
Network Types (0011)Local Area (0011)Wide Area (0011)
Cables and Data Transmission Types (0010)802-11 (CDS)Asynchronous and Synchronous (0010)Broadband and Base band (0010)Cable Issues (0010)Coaxial Cable (0010)Fiber (0010)Fire Ratings (0010)Microwave (CDS)Signals (0010)Transmission Methods (0010)Twisted Pair Cable (0010)
Fault Tolerance Methods and Mechanisms (0010)RAID (0010)Clustering (0010)Backup (0010)
LAN Technologies (0010)Media Access Technologies (0010)
Ethernet (0010)Polling (0010))Token (0010)
Network Topologies (0010)Bus (0010)Ring (0010)Star (0010)
Protocols (0010)Address Resolution Protocol (ARP) (0010)Boot Protocol (0010)Internet Control Message Protocol (ICMP) (0010)Reverse Address Resolution Protocol (RARP) (0010)
Network Devices and Services (0010)Bridge (0010)Brouter (0010)Firewalls (0010)
Administration (0010)Architecture (0010)Packet Filter (0010)Proxy Firewall (0010)State Firewall (0010)
Gateway (0010)Network Services (0010)
DNS (0010)NAT (0010)
Remote Connection (0010)
CHAP (0010)EAP (0010)PAP (0010)PPP (0010)SLIP (0010)
Repeater (0010)Router (0010)Switches (0010)
VLAN (0010)VPN (0010)
IPSec (0010)L2TP (0010)PPTP (0010)
Remote Access Methods and Technologies (0010)Remote Access (0010)Wireless Technology (0010)
Access Points (0010)OSA and SKA (0010)Spread Spectrum (0010)SSID (0010)WAP (0010)
TelecommunicationsCell Phone Clone (0010)E-Mail Security (0011)
E-mail Monitoring (CDS)E-mail Storage (CDS)E-mail Privacy (CDS)
Facsimile Security (0011)PBX Threat (0010)
PBX Fraud (0011)PBX Abuse (0011)
TCP/IP Model (0010)Extranets (0010)Internet Protocol (0010)Intranets (0010)ISO/OSI Seven Layers (0011)
Physical LayerData LinkNetwork TransportSessionPresentationApplication
Networks (0010)Telecommunications Protocols and Devices (0010)
ATM (0010)Cable Modems (0010)CSU/DSU (0010)Dedicated Link (0010)DSL (0010)
FDDI (0010)Frame Relay (0010)HDLC (0010)ISDN (0010)Multiservice Access Technology (0010)Quality of Service (0010)S/WAN (0010)SDLC (0010)SMDS (0010)SONET (0010)WAN Switching (0010)X.25 (0010)
Items looking for home (0100)
CERT – Where does it go?Non-Computer FAX type stuff PBX?Challenge of Survivability (0100)
Compare and Contrast Security and Survivability (0100)Define Survivability (0100)Describe Layered approaches (0100)Identify and define the components of the Information Security Model – Security Model, Information security Properties and Security measures. (0100)
Asset and Risk Management (0100)Policy Formulation and Implementation (0100)TCP/IP Security (0100)Threats Vulnerabilities and Attacks (0100)Host System Hardening (0100)Secure Network Infrastructure (0100)Deploying Firewalls (0100)Secure Remote Access (0100)Writing a Security Plan (CDS/?)Reliability and Availability Calculations
MTTRMTBF
Valuing Assets (ISSA and CDS Class Notes)
