Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Landoll Doug Everything About Cissp

    Hochgeladen von

    fer
    39 Ansichten30 Seiten
    About Cissp

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    About Cissp

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    39 Ansichten30 Seiten

    Landoll Doug Everything About Cissp

    Hochgeladen von

    fer
    About Cissp

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 30

    EverythingYouNeedtoKnow

    AbouttheNewCISSPExam
    DougLandoll
    CEO
    Lantego
    April25,2015

    www.lantego.com
    (512)6338405
    dlandoll@lantego.com
    @NTXISSA

    SessionAgenda

    CBK&QuesOonDepth
    2015CBK
    NewTestQuesOonFormats
    StudyStrategies
    TestTakingStrategies

    @NTXISSA

    CommonBodyofKnowledge
    Milewideandaninchdeep
    Lotsofvocabulary

    Minimalnumbersandform
    Noport#s,NoRFC#s

    Knowyourhistory
    ClassicdeniOons
    Oldcriteria(e.g.OrangeBook)
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    PreparaAonProcess
    LearningroupsandrelaOonships
    LookforrelaOonshipbetweentermsand
    principles,acrossdomains,andinpracOce.

    Learnandbuildmnemonics
    Usememorydevicessuchasanagrams,
    drawings,andphrases.
    Manyofthesewillbepresentedinclass
    Compilingthesetogetherisreferredtoas
    creaOngyourdatadumpsheet
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    DataDumpSheetExample

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    2015CommonBodyofKnowledge
    2015CBK
    SecurityandRiskManagement

    Legal,
    RiskManagement

    AssetSecurity

    Cryptography
    PhysicalSecurity

    SecurityEngineering

    SecurityArchitecture

    CommunicaOonandNetworkSecurity

    TelecommunicaOons

    IdenOtyandAccessManagement

    AccessControl

    SecurityAssessmentandTesOng
    SecurityOperaOons

    BCP

    So`wareDevelopmentSecurity

    OperaOons

    8Domainsvs.10DomainsWhoCares!
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    2015CBK:WhatsNew:Topics
    3rdPartyRiskManagement
    BYODRisks
    IoT
    So`wareDenedNetworks
    CloudIdenOtyServices(OAuth2.0)

    Maybe+4%
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    AccessControl
    MostlyVocabulary
    Passwords:StaOc,Dynamic,CogniOve,vs.
    Passphrases,Hashes,Thresholds
    Biometrics:EecOve:RIP;Accepted:VSHK
    StrongAuth
    IdM:Ident,Authent,Auth(x.500,LDAP,XML,
    SPML,SAML,SOAP)
    Policies:DAC,MAC,RBAC
    SS:Kerberos,KryptoKnight,SESAME
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    Architecture
    ComputerArchitecture
    CPU
    OperaOngSystem

    SystemArchitecture
    Systemboundaries
    Securitypolicymodels
    ModesofoperaOon

    SystemEvaluaOon&AccreditaOon
    SystemEvaluaOon
    CerOcaOon&AccreditaOon

    EnterpriseArchitecture
    ArchitectureThreats
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    Architecture:Models
    Model

    ATributes

    Policy

    Comments

    AccessMatrix S,O,accesses

    C:DAC

    Rows:CLs
    Columns:ACLs

    BLP

    S,O,a;noreadup,no
    writedown

    C:DAC,MAC

    Biba

    S,O,a;noreaddown
    nowriteup

    I:Authchanges

    ClarkWilson

    S,O,a;noreaddown
    nowriteup

    I:Authchanges, WellformedtransacOons,
    nomistakes,data separaOonofduty
    consistency

    Non
    Interference

    Inputs(cmds),
    Outputs(views)

    I:Authchanges
    C:MAC

    UsefulinCCA
    Notlakce

    InformaOon
    Flow

    Objects,infoow

    I:Authchanges
    C:MAC

    UsefulinCCA
    Notlakce

    NTXISSACyberSecurityConferenceApril2425,2015

    FlipsBLP

    @NTXISSA

    10

    Cryptography
    SYMMETRIC
    DES,TDES,AES,IDEA
    Blowsh,RCx,CAST,
    SAFER,Serpent

    KEYEDHASH

    HYBRID

    MAC,HMAC

    HASH

    ASYMMETRIC

    MD5,RIPEMD,SHAx

    DH,RSA,ElGamal,ECC,
    LUC,Knapsack

    DIGITALSIGNATURE
    DSS,RSADS,DSA
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    11

    TelecommunicaAons

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    12

    Legal
    Type

    IPProtected

    Term

    Issues

    Patent

    InvenOon

    20years
    Patent&Trade
    Oce

    1sttolevsinvent
    <1yearof1stPublicUse

    Copyright

    Worksofauthorship

    Life+70;95yrs
    FairUse
    LibraryofCongress InternaOonal
    DMCA

    Trademark

    RighttodisOnguish
    goodsandservices

    10years(+)
    PTO
    OpOonle

    DisOncOveness
    (TM)(R)
    DiluOon

    TradeSecret

    Proprietary
    InformaOon

    None

    Requirements
    Commerciallyviable
    Notinpublicdomain
    ReasonableprotecOon

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    13

    OperaAons
    (Learning)Discovery

    EnumeraOon

    VulnerabilityMapping

    ExploitaOon
    LEVEROR
    DEnVER

    Newsgroups
    Domainnameregistries
    Pingsweep,trashINT
    PortScanning
    OSngerprinOng
    VulnerabilityScanning
    Casing
    ExploitvulnerabiliOes
    SocialEngineer
    Escalateprivileges

    Reportto
    Management
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    14

    NewTestQuesAonFormats
    Majority:MulOpleChoice,4candidate
    ansers,pickone
    NewQuesOons:
    Scenario
    DragandDrop
    HotBox

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    15

    ScenarioQuesAons
    DescripOon:
    SituaOonal:12paragraphsdescribingan
    environment,resultsofanaudit,etc.
    35quesOonsonthescenario

    TacOcs:
    ReadthequesOonrst
    ConsideroperaOonalissues(tradeos)

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    16

    DragandDrop
    Whichalgorithmsbelowareexamplesof
    symmetriccryptography?
    Advanced
    EncrypOon
    Standard
    RivestShamir
    Adlemann
    DieHellman
    ElGamal
    DataEncrypOon
    Standard
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    17

    HotSpot
    ThediagrambelowisadesignofaPublicKeyInfrastructure
    tosecureinternettransacOons.Withinthedesignisa
    CerOcateAuthority,aRegistraOonAuthority,anda
    ValidaOonAuthority.
    ClickonthelocaOonoftheregistraOonauthority.

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    18

    StudyStrategies
    RegisterNOW
    Allowsforstudyplanning
    Commitsyoutotheprocessofsuccessfullystudying

    Developastudyplan
    Availabledays
    NumberofdaysfromnowunOltheexamdateworkand
    familycommitments

    Ruleof12(NowRuleof10?)
    Divideyouavailabledaysby12togetstudyunits
    Use1unitforeachdomain
    Use2unitsforfulllengthexamsanddatadump
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    19

    StudyStrategies(2)
    UOlizeALLsources
    CISSPStudybook(s)
    QuesOonresources
    BookCD,www.cccure.org,
    StudISCope
    Courseslidesandnotes

    Takeunitandmixedunitexamso`en
    Mixitup,notsamequesOonsoverandover
    Aimfor80%85%inallunits
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    20

    StudyStrategies(3)
    Usememorydevices
    Acronyms
    Wordbased
    DEERMRSCARBIDS
    UseANAGRAMsolverstocreateyourown

    Sentencebased
    PleaseDoNotTakeSalesPeoplesAdvice
    PlainBrownPotatoesRaisePlainThinMen

    OtherMnemonics
    Phrases
    Readingissimple
    Link(in)Tunnel

    Diagrams
    Concentricsquares,ACM

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    21

    TestTakingStrategies
    TheDayBefore
    Getagoodrest
    CheckoutthetesOngcenterlocaOon

    TheDayof
    WhattoBring
    RegistraOonpaperwork
    Snack&Drink
    Jacketorsweater

    WhatNOTtoBring
    Cellphone
    Digitalwatch

    @NTXISSA

    TestTakingStrategies(2)
    Otherpossibleissues
    NoisefromnearbyconstrucOonor
    weekendevent
    Temperature
    Dressinlayers(bringajacket)

    WhiteboardandMarker
    Ensureyouhaveagoodone

    @NTXISSA

    TestTakingStrategies(3)
    DataDumpStrategy
    PriortoansweringanyquesOons
    Recallanddocumentdiagrams,lists,charts,
    andothermnemonics

    ThreePassMethod(Considerthis)
    1. AnswerobviousquesOons,updatediagrams
    2. AnswerallbutthemostdicultquesOons
    3. CompleteallquesOons
    @NTXISSA

    TestTakingStrategies(4)
    IndividualQuesOonStrategy
    ReadquesOoncarefully
    FindkeywordsandquesOons(e.g.,not,best,rst)
    ReadALLcandidateanswersdonotjumptorst
    goodone

    Usecandidateanswersasaclue
    Lookforslightdierencebetweencandidate
    answers
    Eliminateclearlywronganswersrst
    Phases/steps:keyonobviouswronganswers(e.g.,
    reportbeforeanalysis)
    @NTXISSA

    TestTakingStrategies(5)
    IndividualQuesOonStrategy(cont.)
    UseinformaOoncontainedinquesOons
    andanswers
    Updatediagramsandlists

    Dontarguewiththetest
    DecidewhatanswerISC2islookingfor
    DumbitDown
    @NTXISSA

    TestTakingStrategies(6)
    DragandDropQuesOons
    EssenOallyamatchingexercise
    EasierthannormalquesOons
    Makesimplest/mostobviousmatchrst

    ScenarioQuesOons
    FindthequesOonrst.
    Thengobackandgetrelevantdata
    UsuallyoperaOonalquesOons
    security/usabilitytradeos,
    riskbaseddecisions,
    applicaOonofprinciples
    @NTXISSA

    PearsonVUEScreen
    TimeRemaining

    FlagforReview

    @NTXISSA

    PearsonVUEScreen

    ReviewSelecOon

    @NTXISSA

    TheCollinCollegeEngineeringDepartment

    CollinCollegeStudentChapteroftheNorthTexasISSA

    NorthTexasISSA(InformaOonSystemsSecurityAssociaOon)

    Thankyou
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    30

    Das könnte Ihnen auch gefallen