Building a Successful Security Infrastructure
- Defending a Changing Business
- Responsible Roles for Security
- The Security Domains
- Security Infrastructure
- Security Challenges
- The Evolution
- Access Control
- Cryptography
- Physical Security
- Security Architecture
- Business Continuity Planning and Risk Management
- Telecommunications and Network Security
- Application and System Development
- Operations Security
- Law, Investigation and Ethics
- Security Services
- Security Strategies
- Policy Compliance
- Security Model
- Top 10 Security Strategies
- 4APIN
- D-PAST
- SHANK
- Security Stoplight Chart
Information Security and Risk Management
- Components of the CBK
- CBK Key Concepts
- Confidentiality
- Integrity
- Availability
- A.A.D. Disclosure, Alteration and Destruction
- Authorization, Identification, authentication, Accountability and Privacy
- Due Care, Due Diligence, Separation of Duties and Rotation of Duties
- Baselines, Procedures, and Safeguards
- Relationships Between Different Security Components
- Risk Analysis and Assessment
- Risk Management, Threat, Exposure, Vulnerability and Risk Mitigation
- Information Asset, Qualitative, Quantitative, Risk Analysis and Risk Assessment
- Resistance to Risk Management
- Risk Management Steps
- Value of Information Assets
- Risk Management Tools
- Risk Analysis and Assessment
- Threats, Vulnerabilities and Risks
- Risk Management Metrics
- EF, SLE, ARO, and ALE
- Single Loss Expectance (SLE)
- Annualized Rate of Occurrence (ARO)
- Annualized Loss Expectancy (ALE)
- Safeguard Cost Analysis
- Information Classification
- Data Classification
- Objectives of Classification Scheme
- Criteria by Which Data is Classified
- Commercial Data Classification
- Government Data Classification
- Roles and Responsibilities
- Senior Management
- Security Management
- Organizational Position
- Policies, Procedures, Standards, Baselines and Guidelines
- Written Guidance
- Policies and Standards Policy Elements and Policy Creation Guidelines
- Management Responsibilities and Policy Enforcement
- Standards
- Procedures
- Guidelines
- Employment Policies
- Hiring Practices
- Background Check
- Termination Policies
- Job Descriptions
- Employee Education Programs
- Security Awareness
- Training
- Knowledge of a Threat
- Change Management
- Change Control
- Total Quality Management
- ISO-9000
- Best Management Practices
Access Control
- General Concepts
- Pillars of Information Assurance
- Controls
- Data Ownership
- Identification
- Authentication
- Access Control
- Access Control Principles
- Access Control Types
- Access Control Categories
- Access Control Techniques
- Discretionary Access Control
- Mandatory Access Control
- Role Based Access Control
- Lattice Based Access Control
- Rule Based Access Control
- Access Control Lists
- Access Control Models
- State Machine Model
- Bell-Lapadula Model
- Criticisms of the Bell-Lapadula Model
- Bida Model
- Clark and Wilson Model
- Non-Interference Model
- Access Matrix Model
- Information Flow Model
- Authentication Methods
- Password
- Password Attacks
- Problems with Passwords
- Pass Phrase
- One-Time Password
- Token Devices
- One-Time Password Attacks
- Smart Card
- Smart Card Issues
- Order of Effectiveness
- Order of Acceptance
- Issues with Characteristics Based Authentication
- Multi-Factor Authentication
- Access Control Systems
- Single Sign On
- Kerberos
- Sesame
- Access Administration
- Centralized
- Decentralized
- Hybrid
- Radius
- Object Reuse Issues
- Monitoring
- Accountability
- Intrusion Detection Systems
- Attack Signatures
- Anomaly Identification
- Intrusion Response
- Databases
- Database Monitoring
- Best Practices
Cryptography
- Defining Cryptography
- How Does it Work?
- Defining Algorithms
- What are Keys?
- Crypto Terms
- One-Time Pad
- Cryptanalysis Terms
- Services Provided by Cryptography
- Symmetric Encryption
- Block and Stream Ciphers
- Common Algorithms for Symmetric Keys
- AES Blowfish
- Symmetric Encryption Strengths and Weaknesses
- What is a Hash Function?
- Rainbow Crack
- Common Hash Algorithms
- Asymmetric Encryption
- Digital Signatures
- Asymmetric Encryption Strengths and Weaknesses
- Hybrid Encryption
- Hybrid Decryption
- PKI
- X.509 Certificate
- The TCP-IP Stack
- IPSEC Protocols
- SSL
- SSH
- PGP
- Cracking Techniques
- Hackability of Wireless
- Sniffling, snooping and Eavesdropping
Physical Security
- What Does Physical Security Include?
- Environmental Protection
- External Threats
- Liability Concerns
- Program Goals
- Risks and Countermeasures
- Physical Security Program
- Crime Prevention
- Site Design and Configuration Considerations
- Boundary Protection
- Data Center Controls
- Computing Facility Requirements Walls and Doors
- Windows/Opening and Computer and Equipment Room
- Electrical Power
- Preventative Steps
- Dedicated Circuits, Controlled Access
- Backup Power
- Air Conditioning
- Humidity Controls, Air Quality and Water Protection
- Positive Pressurization
- Fire Prevention
- Fire Suppression
- Fire Extinguishing Systems
- Fire Classes and Combustibles
- Carbon Dioxide
- Halon
- Secure Storage Areas
- Media Protection
- Protecting Wiring
- Personnel Access Control
- Locks
- Tokens
- Types of Access Cards
- Biometrics
- Distributed Processing Threats
- Office Area Controls
Security Architecture and Design
- Computer Organization
- Abstract Levels of Modern Computer Systems
- Computer Hardware
- CPU Models and Protection Rings
- Computer Hardware
- Computer Software
- Memory Management
- System Recovery
- Single Processor System
- Multi-Processor System
- Types of Data Storage
- Information Security Architecture
- Execution Domain, Least Privilege
- Protections Mechanisms, Process Isolation and Resource Access Control
- Process Isolation
- Open and Closed Systems
- Access Control Techniques
- Access Controls
- Architectural Foundation
- Modes of Operation
- Information Security Structures
- Certification and Accreditation
- ITSEC Standard
- TCSEC Standard
- Common Criteria
- Criteria Comparison
- Bell Lapadula
- Bida
- Security Models
- Clark and Wilson
- Common Flaws
- Covert Channels
|
Business Continuity and Disaster Recovery Planning
- Who is Really Ready?
- The DRBCP Basics
- Reasons for BCP
- BCP Components
- BCP Key Concepts
- BCP Definitions
- The Business Continuity Lifecycle
- NIST SP800-34
- BCP Phases
- Phase 1 Project Initiation
- BIA Steps
- BIA
- Define Threats
- Categorize Events
- Maximum Tolerable Downtime
- Recovery Cost Balancing
- Recovery Strategies
- Electronic Vaulting
- Alternate Sites
- Off-Site Storage
- Alternate Site Planning
- Data Redundancy
- Raid
- Raid Levels
- System Backups
- Plan Development
- Types of Testing
- Stages of an Incident
- Integrating Security
Telecommunications and Network Security
- OSI Standards Development
- The Seven Layers
- Model Data Flow
- OSI vs. TCP/IP Mapping
- Application Layer
- Presentation Layer
- Session Layer
- Transport Layer
- TCP and UDP
- TCP Three Way Handshake
- Network Layer Protocols
- Network Layer
- IP Packets
- ARP and ARP Poisoning
- ICMP
- Data Link Layer
- Physical Layer
- LAN Topologies
- Star Topology
- Bus Topology
- Tree Topology
- Ring Topology
- LAN Access Methods
- LAN Signaling Methods
- LAN Types
- Ethernet
- Token Ring
- Fiber Distributed Data Interface
- Wireless Networks
- WEP and TKIP
- WAP
- WTLS
- LAN Physical Media Characteristics
- VLAN
- VPN and MAN
- WAN and VAN
- Network Switching
- X.25
- Frame Relay
- PVC, SVC, and CIR
- ISDN
- High Speed Serial and ATM
- Access Technologies
- Internet Protocol
- IPV4 and IPV6
- Internet, Intranet and Extranet
- Firewall Terms
- NAT
- APIPA
- Packet Filtering
- Application Filtering
- Stateful Inspection
- Proxies
- IDS
- Web Security
- Common Attacks
- Spoofing
- DOS
- Sniffing
- Session Hijacking
- IP Fragmentation
- IDS Attacks
- SYN Floods
- DNS Poisoning
- Telecom/Remote Access Security
- Telecommunications Security
- Remote Access Security
- VPN
- IETF Security Architecture
- IPSEC Protocols
- Security Association
- Email Security
- Personal Email Encryption
Applications and Systems Development
- General Security Principles
- Problems
- Databases and Data Warehousing
- Relational Database
- Relational Database Controls
- Query Language
- Object-Oriented Database
- DAC Object-Oriented Models
- MAC Object-Oriented Models
- Object-Oriented Issues
- Programming/Data Attacks
- Applications Beyond the Database
- Definitions
- Application System Development
- Controls
- Compiled vs. Interpreted
- Vulnerabilities
- Vulnerability Definition
- The Evolving Threat
- Exploit Timeline
- Potential Vulnerabilities
- Zombie
- Botnet
- Vulnerability Assessment
- Vulnerability Identification
- National Vulnerability Database
- Nessus
Operations Security
- Controls and Protections
- Categories of Controls
- Accountability
- Separation of Duties
- Trusted Recovery
- Configuration/Change Management Control
- Administrative Controls
- Least Privilege
- Due Care and Due Diligence
- Resource Protection
- Hardware Controls
- Software Controls
- Email Security
- Fax Security
- Privileged Entity Controls
- Media Security Controls
- Physical Access Controls
- Security Auditing
- Monitoring Techniques
- Audit Trails
- Event/Log Management
- Problem Management Concepts
- Threats and Vulnerabilities
- Controls Summary
- Defense In Depth
Legal, Regulations, Compliance and Investigations
- The Building Blocks of Information Security
- Ethics
- Code of Ethics
- Computer Ethics Institute
- Guidance Organization
- Laws and Legal System
- Types of Laws
- Civil Laws
- Administrative/Regulatory Concepts
- Intellectual Property Definitions
- Proprietary Rights and Obligations
- Protection for Computer Objects
- Computer Security, Privacy and Crime Laws US
- Computer Security, Privacy and Crime Laws Canada
- EU Privacy Principles
- Privacy Regulations
- Electronic Monitoring
- Liability
- Computer Crime Investigation
- Looking for Criminals
- Hackers Profiles
- Computer Crime
- Computer Crime Laws
- Civil Law
- International Laws
- Computer Investigation
- CI Issues
- Investigation Steps
- Computer Forensics
- Computer Forensics Canada Law
- Evidence Admissibility
- Rules Evidence
- Exceptions to the Hearsay Rule
|