Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Landoll Doug Everything About Cissp PDF

    Hochgeladen von

    rajuraikar
    30 Ansichten30 Seiten

    Originaltitel

    landoll-doug-everything-about-cissp.pdf

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    30 Ansichten30 Seiten

    Landoll Doug Everything About Cissp PDF

    Hochgeladen von

    rajuraikar

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 30

    EverythingYouNeedtoKnow

    AbouttheNewCISSPExam
    DougLandoll
    CEO
    Lantego www.lantego.com
    April25,2015 (512)6338405
    dlandoll@lantego.com
    @NTXISSA
    SessionAgenda
    CBK&QuesOonDepth
    2015CBK
    NewTestQuesOonFormats
    StudyStrategies
    TestTakingStrategies

    @NTXISSA
    CommonBodyofKnowledge
    Milewideandaninchdeep
    Lotsofvocabulary
    Minimalnumbersandform
    Noport#s,NoRFC#s
    Knowyourhistory
    ClassicdeniOons
    Oldcriteria(e.g.OrangeBook)

    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 3
    PreparaAonProcess
    LearningroupsandrelaOonships
    LookforrelaOonshipbetweentermsand
    principles,acrossdomains,andinpracOce.
    Learnandbuildmnemonics
    Usememorydevicessuchasanagrams,
    drawings,andphrases.
    Manyofthesewillbepresentedinclass
    Compilingthesetogetherisreferredtoas
    creaOngyourdatadumpsheet
    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 4
    DataDumpSheetExample

    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 5
    2015CommonBodyofKnowledge
    2015CBK
    SecurityandRiskManagement Legal,
    RiskManagement
    AssetSecurity Cryptography
    PhysicalSecurity
    SecurityEngineering SecurityArchitecture
    CommunicaOonandNetworkSecurity TelecommunicaOons
    IdenOtyandAccessManagement AccessControl
    SecurityAssessmentandTesOng
    SecurityOperaOons BCP
    So`wareDevelopmentSecurity OperaOons

    8Domainsvs.10DomainsWhoCares!
    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 6
    2015CBK:WhatsNew:Topics
    3rdPartyRiskManagement
    BYODRisks
    IoT
    So`wareDenedNetworks
    CloudIdenOtyServices(OAuth2.0)

    Maybe+4%
    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 7
    AccessControl
    MostlyVocabulary
    Passwords:StaOc,Dynamic,CogniOve,vs.
    Passphrases,Hashes,Thresholds
    Biometrics:EecOve:RIP;Accepted:VSHK
    StrongAuth
    IdM:Ident,Authent,Auth(x.500,LDAP,XML,
    SPML,SAML,SOAP)
    Policies:DAC,MAC,RBAC
    SS:Kerberos,KryptoKnight,SESAME
    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 8
    Architecture
    ComputerArchitecture
    CPU
    OperaOngSystem
    SystemArchitecture
    Systemboundaries
    Securitypolicymodels
    ModesofoperaOon
    SystemEvaluaOon&AccreditaOon
    SystemEvaluaOon
    CerOcaOon&AccreditaOon
    EnterpriseArchitecture
    ArchitectureThreats
    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 9
    Architecture:Models
    Model ATributes Policy Comments
    AccessMatrix S,O,accesses C:DAC Rows:CLs
    Columns:ACLs
    BLP S,O,a;noreadup,no C:DAC,MAC
    writedown
    Biba S,O,a;noreaddown I:Authchanges FlipsBLP
    nowriteup
    ClarkWilson S,O,a;noreaddown I:Authchanges, WellformedtransacOons,
    nowriteup nomistakes,data separaOonofduty
    consistency
    Non Inputs(cmds), I:Authchanges UsefulinCCA
    Interference Outputs(views) C:MAC Notlakce
    InformaOon Objects,infoow I:Authchanges UsefulinCCA
    Flow C:MAC Notlakce

    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 10
    Cryptography
    SYMMETRIC
    DES,TDES,AES,IDEA
    Blowsh,RCx,CAST,
    SAFER,Serpent

    KEYEDHASH
    HYBRID
    MAC,HMAC

    HASH ASYMMETRIC
    MD5,RIPEMD,SHAx DH,RSA,ElGamal,ECC,
    LUC,Knapsack

    DIGITALSIGNATURE
    DSS,RSADS,DSA

    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 11
    TelecommunicaAons

    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 12
    Legal
    Type IPProtected Term Issues
    Patent InvenOon 20years 1sttolevsinvent
    Patent&Trade <1yearof1stPublicUse
    Oce
    Copyright Worksofauthorship Life+70;95yrs FairUse
    LibraryofCongress InternaOonal
    DMCA

    Trademark RighttodisOnguish 10years(+) DisOncOveness


    goodsandservices PTO (TM)(R)
    OpOonle DiluOon
    TradeSecret Proprietary None Requirements
    InformaOon Commerciallyviable
    Notinpublicdomain
    ReasonableprotecOon

    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 13
    OperaAons
    Newsgroups
    (Learning)Discovery Domainnameregistries
    Pingsweep,trashINT

    EnumeraOon PortScanning
    OSngerprinOng

    VulnerabilityMapping VulnerabilityScanning
    Casing

    ExploitvulnerabiliOes
    ExploitaOon SocialEngineer
    Escalateprivileges

    LEVEROR Reportto
    DEnVER Management
    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 14
    NewTestQuesAonFormats
    Majority:MulOpleChoice,4candidate
    ansers,pickone
    NewQuesOons:
    Scenario
    DragandDrop
    HotBox

    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 15
    ScenarioQuesAons
    DescripOon:
    SituaOonal:12paragraphsdescribingan
    environment,resultsofanaudit,etc.
    35quesOonsonthescenario
    TacOcs:
    ReadthequesOonrst
    ConsideroperaOonalissues(tradeos)

    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 16
    DragandDrop
    Whichalgorithmsbelowareexamplesof
    symmetriccryptography?
    Advanced
    EncrypOon
    Standard

    RivestShamir
    Adlemann

    DieHellman

    ElGamal

    DataEncrypOon
    Standard

    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 17
    HotSpot
    ThediagrambelowisadesignofaPublicKeyInfrastructure
    tosecureinternettransacOons.Withinthedesignisa
    CerOcateAuthority,aRegistraOonAuthority,anda
    ValidaOonAuthority.
    ClickonthelocaOonoftheregistraOonauthority.

    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 18
    StudyStrategies
    RegisterNOW
    Allowsforstudyplanning
    Commitsyoutotheprocessofsuccessfullystudying
    Developastudyplan
    Availabledays
    NumberofdaysfromnowunOltheexamdateworkand
    familycommitments
    Ruleof12(NowRuleof10?)
    Divideyouavailabledaysby12togetstudyunits
    Use1unitforeachdomain
    Use2unitsforfulllengthexamsanddatadump

    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 19
    StudyStrategies(2)
    UOlizeALLsources
    CISSPStudybook(s)
    QuesOonresources
    BookCD,www.cccure.org,
    StudISCope
    Courseslidesandnotes
    Takeunitandmixedunitexamso`en
    Mixitup,notsamequesOonsoverandover
    Aimfor80%85%inallunits
    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 20
    StudyStrategies(3)
    Usememorydevices
    Acronyms
    Wordbased
    DEERMRSCARBIDS
    UseANAGRAMsolverstocreateyourown
    Sentencebased
    PleaseDoNotTakeSalesPeoplesAdvice
    PlainBrownPotatoesRaisePlainThinMen
    OtherMnemonics
    Phrases
    Readingissimple
    Link(in)Tunnel
    Diagrams
    Concentricsquares,ACM

    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 21
    TestTakingStrategies
    TheDayBefore
    Getagoodrest
    CheckoutthetesOngcenterlocaOon
    TheDayof
    WhattoBring WhatNOTtoBring
    RegistraOonpaperwork Cellphone
    Snack&Drink Digitalwatch
    Jacketorsweater

    @NTXISSA
    TestTakingStrategies(2)
    Otherpossibleissues
    NoisefromnearbyconstrucOonor
    weekendevent
    Temperature
    Dressinlayers(bringajacket)
    WhiteboardandMarker
    Ensureyouhaveagoodone

    @NTXISSA
    TestTakingStrategies(3)
    DataDumpStrategy
    PriortoansweringanyquesOons
    Recallanddocumentdiagrams,lists,charts,
    andothermnemonics

    ThreePassMethod(Considerthis)
    1. AnswerobviousquesOons,updatediagrams
    2. AnswerallbutthemostdicultquesOons
    3. CompleteallquesOons

    @NTXISSA
    TestTakingStrategies(4)
    IndividualQuesOonStrategy
    ReadquesOoncarefully
    FindkeywordsandquesOons(e.g.,not,best,rst)
    ReadALLcandidateanswersdonotjumptorst
    goodone
    Usecandidateanswersasaclue
    Lookforslightdierencebetweencandidate
    answers
    Eliminateclearlywronganswersrst
    Phases/steps:keyonobviouswronganswers(e.g.,
    reportbeforeanalysis)

    @NTXISSA
    TestTakingStrategies(5)

    IndividualQuesOonStrategy(cont.)
    UseinformaOoncontainedinquesOons
    andanswers
    Updatediagramsandlists
    Dontarguewiththetest
    DecidewhatanswerISC2islookingfor
    DumbitDown

    @NTXISSA
    TestTakingStrategies(6)
    DragandDropQuesOons
    EssenOallyamatchingexercise
    EasierthannormalquesOons
    Makesimplest/mostobviousmatchrst

    ScenarioQuesOons
    FindthequesOonrst.
    Thengobackandgetrelevantdata
    UsuallyoperaOonalquesOons
    security/usabilitytradeos,
    riskbaseddecisions,
    applicaOonofprinciples
    @NTXISSA
    PearsonVUEScreen

    TimeRemaining

    FlagforReview

    @NTXISSA
    PearsonVUEScreen

    ReviewSelecOon

    @NTXISSA
    TheCollinCollegeEngineeringDepartment

    CollinCollegeStudentChapteroftheNorthTexasISSA

    NorthTexasISSA(InformaOonSystemsSecurityAssociaOon)


    Thankyou
    NTXISSACyberSecurityConferenceApril2425,2015 @NTXISSA 30

    Das könnte Ihnen auch gefallen