CISSP Course - Part 3 - res. · PDF filereproduction prohibited cissp course part 3 entrepreneur | ciso advisor | cyberfeminist | peerlyst brand ambassador | top 50 cyber influencer

Reproduction prohibited

CISSP COURSEPART 3

ENTREPRENEUR | CISO ADVISOR | CYBERFEMINIST | PEERLYST BRAND AMBASSADOR | TOP 50 CYBER INFLUENCER | @RESPONSIBLE CYBER

MAGDA LILIA CHELLY

1


OVERVIEW

ISC2 REQUIREMENTS ON INDIVIDUALS

THESE INCLUDE:

• BACKGROUND

• FIVE YEARS EXPERIENCE IN ANY OF THE 8 DOMAINS OR FOUR YEARS EXPERIENCE AND A COLLEGE

DEGREE

• TEST FEE

• APPROVED APPLICATION

• AGREEMENT TO THE ISC2 CODE OF ETHICS

2


DOMAINS

THE 8 DOMAINS ARE:

1. SECURITY AND RISK MANAGEMENT

2. ASSET SECURITY

3. SECURITY ENGINEERING

4. COMMUNICATION AND NETWORK SECURITY

5. IDENTITY AND ACCESS MANAGEMENT

6. SECURITY ASSESSMENT AND TESTING

7. SECURITY OPERATIONS

8. SOFTWARE DEVELOPMENT SECURITY

3

Reproduction prohibited4

SECURITY OPERATIONS


SECURITY OPERATIONS

5

The Operations Security domain used to identify the controls over hardware,

media and the operators with access privileges to any of these resources.

• Operations Department Responsibilities

• Incident response and attack prevention

• Patch and vulnerability management


SECURITY OPERATIONS

6

Need to know principle Grant users access

only to data or resources they need

Least privilege Only the privileges

necessary to perform assigned task

The need to know is mainly used in military

for individuals with clearance. Least privilege

can be considered as an extension.


SECURITY OPERATIONS

7

Aggregation Collection of

privileges over time

Job rotation Movement of

employees from one job to

another


SECURITY OPERATIONS

8

Data classifications is key for

security + Marking

Properly handling, storing, and

destroying data.


SECURITY OPERATIONS

9

Service Level Agreements

Commitment between a

service provider and a client


SECURITY OPERATIONS

10

Transitive TrustTwo-way relationship between parent

and child domains


SECURITY OPERATIONS

11

Separation of DutiesSeparation of privilege = Principle of least

privilege with applications and processes.

Two-Person Control or Split-

Password Rule


SECURITY OPERATIONS

12

SOX = Public companies


SECURITY OPERATIONS

13

Asset inventory

(e.g., hardware, software)


SECURITY OPERATIONS

14

Hardware Inventories

Software Licensing

Physical Assets

Virtual Assets

Cloud Based Assets


SECURITY OPERATIONS

15

USB flash drives = Malware infections and data theft


SECURITY OPERATIONS

16

Backups on tapes At least two

copies of backups

One copy onsite and second

copy at a secure location offsite


SECURITY OPERATIONS

17


SECURITY OPERATIONS

18

MTTF = Different time between failures (MTBF)

MTBF = Amount of time between failures


SECURITY OPERATIONS

19

A baseline is a starting point


SECURITY OPERATIONS

20

Versioning


SECURITY OPERATIONS

21

Smaller organizations often

choose not to evaluate,

test, and approve patches


SECURITY OPERATIONS

22


SECURITY OPERATIONS

23

Evidence collection and handling (e.g., chain of custody, interviewing)

Reporting and documenting

Investigative techniques (e.g., root-cause analysis, incident handling)

Digital forensics (e.g. media, network, software, and embedded devices)

Investigation types: Operational, Criminal, Civil, Regulatory, Electronic

discovery (eDiscovery)


SECURITY OPERATIONS

24

Operational Investigation

Example: Server performance issue

Operational Investigation


SECURITY OPERATIONS

25

Criminal Investigations

Example: Investigate an employee

beyond a reasonable doubt


SECURITY OPERATIONS

26

Civil Investigations

Example: Investigate an employee

preponderance of the evidence


SECURITY OPERATIONS

27

Electronic Discovery

Paper records and electronic records, as well as

eDiscovery:

• Information Governance

• Identification

• Preservation

• Collection

• Processing

• Review

• Analysis

• Production

• Presentation


SECURITY OPERATIONS

28

admissible evidence:

• Relevant

• Material

• Competent

• Real evidence (also known as object

evidence)

• Documentary evidence (Example:

logs)

• Testimonial Evidence


SECURITY OPERATIONS

29

Chain of Evidence


‘’A cybercrime is an abuse or misuse where a computer or

device containing a computer is the object, subject, tool, or

symbol, and the perpetrator intentionally made or could

have made gain.’’

SECURITY OPERATIONS


▪ People violate trust

▪ People commit crimes

▪ Cybercriminals deceive

▪ Cybercriminals think they are too smart to be caught

▪ Security professionals can be potentially dangerous

▪ Cybercriminals copy other cybercriminals

▪ Cybercriminals find computers are attractive targets; it’s from behind a screen

SECURITY OPERATIONS


▪ Hacktivism

▪ Cyber Crime

▪ Cyber Espionage

▪ Cyberterrorism

▪ Cyber Warfare

SECURITY OPERATIONS


SECURITY OPERATIONS

33

• Business Attacks

• Financial Attacks

• Terrorist Attacks

• Grudge Attacks

• Thrill Attacks


SECURITY OPERATIONS

34

• Scanning: Reconnaissance attack

• Compromise: Unauthorized access

• Malicious code: Viruses and spyware, and

More

• Denial of service: DoS


SECURITY OPERATIONS

35

Incident Response Process

• Detection and identification

• Response and reporting

• Recovery and remediation


SECURITY OPERATIONS

36

In the isolation and containment phase of incident response, it is

critical that you leave the system in a running state. Do not power

down the system.

Turning off the computer destroys

the contents of volatile memory

and may destroy evidence.


SECURITY OPERATIONS

37

■ What is the nature of the incident, how was it initiated, and by whom?

■ When?

■ Where?

■ What tools did the cyber criminal use?

■ What were the damages?


SECURITY OPERATIONS

38

“Ethics and the Internet,” Request for Comments (RFC) 1087, any below

activity is unacceptable and unethical:

■ Unauthorized access to Internet resources

■ Internet Use Disruption

■ Resources Waste

■ Integrity compromise of computer-based information

■ Privacy compromise


SOFTWARE DEVELOPMENT SECURITY



40

The Software Development Security domain refers to the controls that are

included within systems and applications software and the steps used in their

development.

• Software Development Models

• Database Models and Relational Database Components

• Application environment and security controls

• Effectiveness of application security



41

■ First-generation languages (1GL)

■ Second-generation languages (2GL)

■ Third-generation languages (3GL)

■ Fourth-generation languages (4GL)

■ Fifth-generation languages (5GL)



42

Assurance

Fail-secure and fail-open



43



44

Conceptual definition

Functional requirements determination

Control specifications development

Design review

Code review walk-through

System test review

Maintenance and change management



45

The waterfall model ++ Validation

and verification = The modified

waterfall model



46

The waterfall model ++ Validation

and verification = The modified

waterfall model



47

Individuals and interactions over processes

and tools

Working software over comprehensive

documentation

Customer collaboration over contract

negotiation

Responding to change over following a plan



48



49

I: Initiating

2: Diagnosing

3: Establishing

4: Acting

5: Learning



50



51

The DevOps approach seeks

to resolve these issues by

bringing the three functions

together in a single

operational model.



52

API keys are like passwords



53

White-box Testing

Black-box Testing

Gray-box Testing

Static Testing

Dynamic Testing



54

Expert systems and

Neural Networks

Function


THANK YOU !

PLEASE FEEL FREE TO ASK QUESTIONS

OR SHARE YOUR TIPS

55

Documents

CISSP Course - Part 3 - res. · PDF filereproduction prohibited cissp course part 3 entrepreneur | ciso advisor | cyberfeminist | peerlyst brand ambassador | top 50 cyber influencer