ITSEC

functional requirements - F1 - F10 (1 - 5 equivalent to C1 - B3)

assurance requirements - E0 - E6 (equivalent to D - A1)
Common Criteria / ISO 15408 (FSMMSSF)
EAL 1 : functionally tested
EAL 2 : structurally tested
EAL 3 : methodically tested and checked
EAL 4 : methodically designed, tested and reviewed
EAL 5 : semi-formally designed and tested
EAL 6 : semi-formally verified design and tested
EAL 7 : formally verified design and tested.
- Target Of Evaluation (TOE) the product or system that is the subject of the evaluation.
- Protection Profile (PP) a document, typically created by a user or user community, which
identifies security requirements for a class of security devices (for example, smart cards used to
provide digital signatures, or network firewalls) relevant to that user for a particular purpose.
- Security Target (ST) the document that identifies the security properties of the target of
evaluation. It is what the vendor claim the product can do.
- Security Assurance Requirements (SARs) descriptions of the measures taken during
development and evaluation of the product to assure compliance with the claimed security
functionality.
- Evaluation Assurance Level (EAL) the numerical rating describing the depth and rigor of
an evaluation. Each EAL corresponds to a package of security assurance requirements (SARs,
see above) which covers the complete development of a product, with a given level of
strictness.
- Security Functional Requirements (SFRs) specify individual security functions which
may be provided by a product. The Common Criteria presents a standard catalogue of such
functions.
TCSEC - (MDMV mnemonic) (DC LSS)
Divisions and Classes
- D Minimal protection
- C Discretionary protection
- C1 Discretionary Security Protection
- C2 Controlled Access Protection
- object reuse, audit trails
- B Mandatory Protection
- B1 Labeled Security
- B2 Structured Protection
- covert storage channels
- B3 Security Domains
- covert timing channels, reference monitor
- A Verified Protection
- A1 Verified Design
- formal design/verification techniques, management/distribution procedures
TCSEC Assurance Mechanisms
- Operational Assurance: System Architecture, System Integrity, Covert Channel Analysis,
Trusted Facility Management and Trusted Recovery
- Life-cycle Assurance : Security Testing, Design Specification and Verification, Configuration
Management and Trusted System Distribution
- Continuous Protection Assurance - The trusted mechanisms that enforce these basic
requirements must be continuously protected against tampering and/or unauthorized changes.

TCSEC Policy
The security policy must be explicit, well-defined and enforced by the computer system. There
are three basic security policies:
Mandatory Security Policy - Enforces access control rules based directly on an individual's
clearance, authorization for the information and the confidentiality level of the information
being sought. Other indirect factors are physical and environmental. This policy must also
accurately reflect the laws, general policies and other relevant guidance from which the rules
are derived.
Marking - Systems designed to enforce a mandatory security policy must store and preserve
the integrity of access control labels and retain the labels if the object is exported.
Discretionary Security Policy - Enforces a consistent set of rules for controlling and limiting
access based on identified individuals who have been determined to have a need-to-know for
the information.
Accountability - Individual accountability regardless of policy must be enforced. A secure
means must exist to ensure the access of an authorized and competent agent which can then
evaluate the accountability information within a reasonable amount of time and without undue
difficulty. There are three requirements under the accountability objective:
TCSEC Accountability
Identification - The process used to recognize an individual user.
Authentication - The verification of an individual user's authorization to specific categories of
information.
Auditing - Audit information must be selectively kept and protected so that actions affecting
security can be traced to the authenticated individual.
Multilevel security or multiple levels of security (MLS) is the application of a computer system
to process information with different sensitivities (i.e., at different security levels), permit
simultaneous access by users with different security clearances and needs-to-know, and
prevent users from obtaining access to information for which they lack authorization.
(Mandatory Access Control)
NDA Clear ApprvNeed
Dedicated
All
All
All
All
System high
All
All
All
Some
Compartmented
All
All
Some Some
Multilevel
All
Some Some Some
Bell-Lapadula - based on the Orange Book; does not address Integrity, it addresses only
Confidentiality
- mandatory access control model
- state-machine model developed for military
- only deals with confidentiality
- does not address covert channels
- simple security rule (no read up)
- star property rule (no write down)
- strong star property rule (read and write only at same level)
Biba - addresses only the first goal of integrity
- mandatory access control model
- state-machine model developed for private sector
- information flow model
- only deals with integrity
- simple integrity axiom (no read down)
- star integrity axiom (no write up)

- invocation property / strong star (subject cannot invoke higher level subject)
Clark-Wilson - addresses the three goals of integrity; access to objects through programs
- mandatory access control model
- deals with all three goals of integrity
- users
- transformation procedures (TP)
- constrained data items (higher level of integrity) (CDI)
- unconstrained data items (lower level of integrity) (UDI)
- integrity verification procedures (make sure that what you start with is what you end with)
(IVP)
- enforces access triple (subject -> application -> object)
- separation of duties (protects against fraud, requires auditing)
3 Goals of Integrity
- Prevent unauthorized users from making modification (Only this one is addressed by the Biba
model).
- Separation of duties prevents authorized users from making improper modifications.
- Well formed transactions: maintain internal and external consistency i.e. it is a series of
operations that are carried out to transfer the data from one consistent state to the other.
The goal of a noninterference model is to strictly separate differing security levels to assure
that higher-level actions do not determine what lower-level users can see. This is in contrast to
other security models that control information flows between differing levels of users. By
maintaining strict separation of security levels, a noninterference model minimizes leakages
that might happen through a covert channel.
The goal of the Chinese Wall model is to protect against conflicts of interest by users access
attempts.
- information flow model
- access controls can change dynamically
- also known as Brewer and Nash model
Graham-Denning model addresses how access rights between subjects and objects are
defined; involved in distributed systems; shows how objects and subjects should be securely
created and deleted.
BCP - The Business Continuity Plan's goal is to reduce the risk of financial loss by improving the
ability to recover and restore operations efficiently and effectively.
1. Step one is Initiation of the project where management would be involved and a business
continuity policy would be put in place.
2. You then conduct the business impact analysis (BIA). The BIA helps identify and prioritize
information systems and components critical to supporting the organizations mission/business
processes.
3. Identify preventive controls. Measures taken to reduce the effects of system disruptions
can increase system availability and reduce contingency life cycle costs.
4. Create contingency strategies. Thorough recovery strategies ensure that the system
may be recovered quickly and effectively following a disruption.
5. Develop an information system contingency plan. The contingency plan should contain
detailed guidance and procedures for restoring a damaged system unique to the systems
security impact level and recovery requirements.
6. Ensure plan testing, training, and exercises. Testing validates recovery capabilities,
whereas training prepares recovery personnel for plan activation and exercising the plan

identifies planning gaps; combined, the activities improve plan effectiveness and overall
organization preparedness.
7. Ensure plan maintenance. The plan should be a living document that is updated regularly
to remain current with system enhancements and organizational changes.
The Business Assessment is divided into two components.
- Risk Assessment is designed to evaluate existing exposures from the organization's
environment
- BIA assesses potential loss that could be caused by a disaster.
The Business Impact Analysis (BIA) identifies time-critical aspects of the critical business
processes, and determines their maximum tolerable downtime. The BIA helps to Identify
organization functions, the capabilities of each organization unit to handle outages, and the
priority and sequence of functions and applications to be recovered, identify resources required
for recovery of those areas and interdependencies
1. Select Individuals to interview for the data gathering.
2. Create data gathering techniques (surveys, questionnaires, qualitative and quantitative
approaches).
3. Identify the company's critical business functions.
4. Identify the resources that these functions depend upon.
5. Calculate how long these functions can survive without these resources.
6. Identify vulnerabilities and the threats to these functions.
7. Calculate risk for each of the different business functions.
8. Document findings and report them to management.
Disaster Recovery Testing
A live disaster test or Full interruption test is an actual simulation of the Disaster Recovery Plan.
All operations are shut down and brought back online at the alternate site. This test poses the
biggest threat to an organization and should not be performed until a successful Parallell Test
has been conducted.
1. A Checklist test would be conducted where each of the key players will get a copy of the
plan and they read it to make sure it has been properly developed for the specific needs of their
departments.
2. A Structure Walk Through would be conducted next. This is when all key players meet
together in a room and they walk through the test together to identify shortcoming and
dependencies between department.
3. A simulation test would be next. In this case you go through a disaster scenario up to the
point where you would move to the alternate site. You do not move to the alternate site and
you learn from your mistakes and you improve the plan. It is the right time to find
shortcomings.
4. A Parallell Test would be done. You go through a disaster scenario. You move to the
alternate site and you process from both sites simultaneously.
5. A full interruption test would be conducted. You move to the alternate site and you
resume processing at the alternate site.
Code of Ethics Preamble: The safety and welfare of society and the common good, duty to
our principals, and to each other, requires that we adhere, and be seen to adhere, to the highest
ethical standards of behavior. Therefore, strict adherence to this Code is a condition of
certification.
Code of Ethics Canons:
- Protect society, the common good, necessary public trust and confidence, and the
infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principals.

- Advance and protect the profession.

More:
- Act honorably, honestly, justly, responsibly, and legally, and protect society
- Work diligently, provide competent services, and advance the security profession.
- Encourage the growth of researchteach, mentor, and value the certification
- Discourage unnecessary fear or doubt, and do not consent to bad practices
- Discourage unsafe practices, and preserve and strengthen the integrity of public
infrastructures
- Observe and abide by all contracts, expressed or implied, and give prudent advice
- Avoid any conflict of interest, respect the trust that others put in you, and take on only those
jobs you are fully qualified to perform
- Stay current on skills, and do not become involved with activities that could injure the
reputation of other security professionals
Fire Suppression (CLEM)
Class A = Combustible
Suppression Method: water, soda acid
Class B = Liquid
Suppression Method: halon, CO2, soda acid.
Class C = Electrical
Suppression Method: halon, CO2.
Class D = Metals
Suppression Method: Dry powder.
- A dry pipe system is used in areas where the water in the pipes is subject to freezing, and to
minimize the chances of accidental discharge of water if the pipes would freeze in the winter
time, and It minimizes chances of accidental discharge of water as well by not releasing the
water until the pressure in the pipe would drop due to one of the sprinkler head being opened.
- A Wet Pipe system has the pipes always charged with water, and the thermal-fusible link in
each sprinkler head is holding back the water. If any sprinkler head is exposed to enough heat,
for long enough, the link will break/melt and water will be discharged. A wet pipe system is
generally used when there is no danger of the water in the pipes freezing or when there are no
special conditions that require a special purpose sprinkler system.
- A Preaction Pipe system (most recommended for computer room) is used where accidental
activation is undesired. It is similar to a Dry Pipe system, except one or more other interlocks,
such as fire/heat sensors, are used in addition to sprinkler head opening and relieving the air
pressure, which then permits the water to charge the sprinkler pipe system and flow through
the open sprinkler head. This system has the added value of requiring a series of events before
the water is actually permitted to flow, which can enable personnel to handle a small fire or
incident without the flow of water.
- A deluge system has its sprinkler heads wide open to allow a larger volume of water to be
released in a shorter period. Because the water being released is in such large volumes, these
systems are usually not used in data processing environments.
- CO2 is colorless, odorless and can cause suffocation. It is more suitable for unattended
facilities.
- Halon- It must be noted that Halon is now banned from being produce or manufacture in most
country or cities.
Multiple countries have agreed to and signed The Montreal Protocol which disallow production of
Halon.
Data Centers that still have Halon loaded within their cylinders will replace it with a safe
replacement such as FM200 or Innergen if they ever make use of it.

Halon is a "Clean Agent." The National Fire Protection Association defines, a "Clean Agent" as
"an electrically non-conducting, volatile, or gaseous fire extinguishant that does not leave a
residue upon evaporation."
- FE-13 is an Halon replacement (Halon 1301) in total flooding and inerting applications where
its low toxicity provides for improved safety margins, the protected spaces are large, the
cylinder storage area is remote from the protected space, or where the temperatures are likely
to go below 0C (32F). Of the clean agents available, DuPont FE-13 has the lowest toxicity
and is the safest for protecting areas where people are present. DuPont FE-13 provides the
ultimate in human safety while protecting high-value assets and business continuity with a
clean agent.
- FM-200 is a colorless, liquefied compressed gas. It is stored as a liquid and dispensed into the
hazard as a colorless, electrically non-conductive vapor that is clear and does not obscure
vision. It leaves no residue and has acceptable toxicity for use in occupied spaces at design
concentration. FM-200 does not displace oxygen and, therefore, is safe for use in occupied
spaces without fear of oxygen deprivation.
- INERGEN is a blend of inert atmospheric gases that contains 52% nitrogen, 40% argon, 8%
carbon dioxide, used for fire suppression system agent. It is considered a clean agent for use in
gaseous fire suppression applications. Inergen does not contain halocarbons, and has no ozone
depletion potential. It is non-toxic. Inergen is used at design concentrations of 35-50% to lower
the concentration of oxygen to a point that cannot support combustion, but still safe for
humans.
The temperature of a data center should be maintained between 21 23 o C or 70 74 F
The relative humidity of a data center should be maintained between 40 60%
NIACAP - National Information Assurance Certification and Accreditation Process (NIACAP),
establishes the minimum national standards for certifying and accrediting national security
systems. This process provides a standard set of activities, general tasks, and a management
structure to certify and accredit systems that will maintain the Information Assurance (IA) and
security posture of a system or site.
The HIPAA legislation had four primary objectives:
(1) Assure health insurance portability by eliminating job-lock due to pre-existing medical
conditions,
(2) Reduce healthcare fraud and abuse,
(3) Enforce standards for health information and
(4) Guarantee security and privacy of health information.
Replacement cost value is the item's current price, new. What will it cost when I replace it?
Actual cash value is the item's used price, old. How much money is it worth since I used it for
five years?
An easy way to understand RCV and ACV is to think in terms of new and used.
Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines
how the proper design of a physical environment can reduce crime by directly affecting human
behavior. It provides guidance about lost and crime prevention through proper facility
construction and environmental components and procedures.
Power Excess
Spike --> Too much voltage for a short period of time.
Surge --> Too much voltage for a long period of time.
Power Loss
Fault
--> A momentary power outage.
Blackout --> A long power interruption.

Power Degradation
Sag or Dip --> A momentary low voltage.
Brownout --> A prolonged power supply that is below normal voltage.
Rate-of-rise temperature sensor is more sensitive than a fixed-temperature sensor.
Positive pressurization means that when an employee opens a door, the air goes out and
outside air does not come in.
Configuration Management
(1) accommodate change;
(2) accommodate the reuse of proven standards and best practices;
(3) ensure that all requirements remain clear, concise, and valid;
(4) ensure changes, standards, and requirements are communicated promptly and precisely;
(5) ensure that the results conform to each instance of the product.
Parity information is created using a hamming code that detects errors and establishes which
part of which drive is in error.
A risk analysis has the following goals:
1. Identify assets and their values
2. Identify vulnerabilities and threats
3. Quantify the probability and business impact of these potential threats
4. Provide an economic balance between the impact of the threat and the cost of the
countermeasure.
Certification is the process of evaluating the security stance of the software or system against
a selected set of standards or policies. Certification is the technical evaluation of a product.
This may precede accreditation but is not a required precursor.
Accreditation is the authorization by management to implement software or systems in a
production environment. This authorization may be either provisional or full.
Advisory policies are security polices that are not mandated
Regulatory policies are security policies that an organization must implement due to
compliance, regulation, or other legal requirements.
- The reference monitor is an abstract machine which must mediate all access to subjects to
objects, be protected from modification, be verifiable as correct, and is always invoked.
- The security kernel is the hardware, firmware and software elements of a trusted computing
base that implement the reference monitor concept.
- The security perimeter includes the security kernel as well as other security-related system
functions that are within the boundary of the trusted computing base. System elements that are
outside of the security perimeter need not be trusted.
- A security domain is a domain of trust that shares a single security policy and single
management.
All access requests will be intercepted by the Kernel, validated through the reference monitor,
and then access will either be denied or granted according to the request and the subject
privileges within the system.
1.
2.
3.
4.

The
The
The
The

reference monitor must be small enough to be full tested and valided

Kernel must MEDIATE all access request from subjects to objects
processes implementing the reference monitor must be protected
reference monitor must be tamperproof

The trusted computing base (TCB) is a collection of all the hardware, software, and firmware
components within a system that provide some type of security and enforce the systems
security policy.
- The incident response plan focuses on information security responses to incidents affecting
systems and/or networks. It establishes procedures to address cyber attacks against an
organization's IT systems.
- The business continuity plan addresses business processes and provides procedures for
sustaining essential business operations while recovering from a significant disruption.
- The disaster recovery plan (DRP) applies to major, usually catastrophic events that deny
access to the normal facility for an extended period.
- The Occupant Emergency Plan (OEP) provides the response procedures for occupants of a
facility in the event of a situation posing a potential threat to the health and safety of personnel,
the environment, or property.
- The continuity of operations plan (COOP) focuses on restoring an organization's essential
functions at an alternate site and performing those functions for up to 30 days before returning
to normal operations.
- Capacitance detectors monitor an electrical field surrounding the object being monitored. They
are used for spot protection within a few inches of the object, rather than for overall room
security monitoring used by wave detectors. Penetration of this field changes the electrical
capacitance of the field enough to generate and alarm.
- Wave pattern motion detectors generate a frequency wave pattern and send an alarm if the
pattern is disturbed as it is reflected back to its receiver.
- Field-powered devices are a type of personnel access control devices.
- Audio detectors simply monitor a room for any abnormal sound wave generation and trigger
an alarm.
- Circumstantial evidence can prove an intermediate fact that can then be used to deduce or
assume the existence of another fact.
- Conclusive evidence is irrefutable and cannot be contradicted. Conclusive evidence is very
strong all by itself and does not require corroboration.
- Corroborative evidence is supporting evidence used to help prove an idea or point. It cannot
stand on its own, but is used as a supplementary tool to help prove a primary piece of evidence.
- Direct evidence can prove a fact all by itself and does not need backup information to refer
to. When using direct evidence, presumptions are not required. One example of direct evidence
is the testimony of a witness who saw a crime take place. Although this oral evidence would be
secondary in nature, meaning a case could not rest on just it alone, it is also direct evidence,
meaning the lawyer does not necessarily need to provide other evidence to back it up. Direct
evidence often is based on information gathered from a witnesss five senses.
- Hearsay evidence is evidence that is not based on personal, first-hand knowledge of the
witness, but was obtained from another source. Computer-generated records normally fall under
the category of hearsay evidence.
Administrative/regulatory law deals with regulatory standards that regulate performance and
conduct. Government agencies create these standards, which are usually applied to companies
and individuals within those companies.
MOM - Motivation, Opportunity, Means
Risk management consists of two primary and one underlying activity; risk assessment and
risk mitigation are the primary activities and uncertainty analysis is the underlying one. After
having performed risk assessment and mitigation, an uncertainty analysis should be performed.

Risk management must often rely on speculation, best guesses, incomplete data, and many
unproven assumptions.
An uncertainty analysis allows the risk management results to be used knowledgeably. A
vulnerability analysis, likelihood assessment and threat identification are all parts of the
collection and analysis of data part of the risk assessment, one of the primary activities of risk
management.
- Indirect addressing is when the address location that is specified in the program instruction
contains the address of the final desired location.
- Direct addressing is when a portion of primary memory is accessed by specifying the actual
address of the memory location.
- Indexed addressing is when the contents of the address defined in the program's instruction
is added to that of an index register.
A trusted system is one that meets its intended security requirements. It involves sufficiency
and effectiveness.
A security kernel is responsible for enforcing a security policy. It is a strict implementation of a
reference monitor mechanism. The architecture of a kernel operating system is typically
layered, and the kernel should be at the lowest and most primitive level.
To be secure, the kernel must meet three basic conditions:
- completeness (all accesses to information must go through the kernel),
- isolation (the kernel itself must be protected from any type of unauthorized access),
- verifiability (the kernel must be proven to meet design specifications).
The exclusionary rule mentions that evidence must be gathered legally or it can't be used.
The best evidence rule concerns limiting potential for alteration.
The hearsay rule concerns computer-generated evidence, which is considered second-hand
evidence.
Authentic evidence is the same as relevant evidence.
- Business attacks concern information loss through competitive intelligence gathering and
computer-related attacks. These attacks can be very costly due the loss of trade secrets and
reputation.
- Intelligence attacks are aimed at sensitive military and law enforcement files containing
military data and investigation reports.
- Financial attacks are concerned with frauds to banks and large corporations.
- Grudge attacks are targeted at individuals and companies who have done something that
the attacker doesn't like.
Lighting should be used to discourage intruders and provide safety for personnel, entrances,
parking areas and critical sections. Critical areas should be illuminated 8 feet high and 2
feet out.
-

Magnetic media are affected from 100 degrees Fahrenheit or 37'7 Celsius.
Disks are damaged at 150 degrees Fahrenheit or 65,5 Celsius
Computer equipment at 175 degrees Fahrenheit or 79,4 Celsius, and
Paper products at 350 degrees Fahrenheit or 176.66 Celsius.

- Auxiliary station alarms automatically cause an alarm originating in a data center to be

transmitted over the local municipal fire or police alarm circuits for relaying to both the local
police/fire station and the appropriate headquarters. They are usually Municipal Fire Alarm
Boxes are installed at your business or building, they are wired directly into the fire station.

- Central station alarms are operated by private security organizations. It is very similar to a
proprietary alarm system (see below). However, the biggest difference is the monitoring and
receiving of alarm is done off site at a central location manned by non staff members. It is a
third party.
- Proprietary alarms are similar to central stations alarms except that monitoring is performed
directly on the protected property. This type of alarm is usually use to protect large industrials
or commercial buildings. Each of the buildings in the same vicinity has their own alarm system,
they are all wired together at a central location within one of the building acting as a common
receiving point. This point is usually far away from the other building so it is not under the
same danger. It is usually man 24 hours a day by a trained team who knows how to react under
different conditions.
- A remote station alarm is a direct connection between the signal-initiating device at the
protected property and the signal-receiving device located at a remote station, such as the fire
station or usually a monitoring service. This is the most popular type of implementation and the
owner of the premise must pay a monthly monitoring fee. This is what most people use in their
home where they get a company like ADT to receive the alarms on their behalf.
A remote system differs from an auxiliary system in that it does not use the municipal fire of
police alarm circuits.
- Complex Instruction Set Computer (CISC) uses instructions that perform many operations
per instruction. It was based on the fact that in earlier technologies, the instruction fetch was
the longest part of the cycle. Therefore, by packing more operations into an instruction, the
number of fetches could be reduced.
- Pipelining involves overlapping the steps of different instructions to increase the performance
in a computer.
- Reduced Instruction Set Computers (RISC) involve simpler instructions that require fewer
clock cycles to execute.
- Scalar processors are processors that execute one instruction at a time.
The Evidence Life Cycle starts with the discovery and collection of the evidence. It progresses
through the following series of states until it is finally returned to the victim or owner:
Acquisition collection and identification
Analysis
Storage, preservation, and transportation
Presented in court
Returned to victim (owner)
Fence is another physical access control mechanism. Fences of different heights can serve
different purposes:
- 3 4 feet deter casual trespassers.
- 6 7 feet deter general intruders.
- 8 feet with strands of barbed wire (slant at a 45o angle) deter more determined intruders.
Community Cloud - The cloud infrastructure is provisioned for exclusive use by a specific
community of consumers from organizations that have shared concerns (e.g., mission,security
requirements, policy, and compliance considerations). It may be owned, managed, and operated
by one or more of the organizations in the community, a third party, or some combination of
them, and it may exist on or off premises.
Private cloud - The cloud infrastructure is provisioned for exclusive use by a single
organization comprising multiple consumers (e.g., business units). It may be owned,managed,
and operated by the organization, a third party, or some combination of them,and it may exist
on or off premises.

Public cloud - The cloud infrastructure is provisioned for open use by the general public. It may
be owned, managed, and operated by a business, academic, or government organization, or
some combination of them. It exists on the premises of the cloud provider.
Hybrid cloud - The cloud infrastructure is a composition of two or more distinct cloud
infrastructures (private, community, or public) that remain unique entities, but are bound
together by standardized or proprietary technology that enables data and application portability
(e.g., cloud bursting for load balancing between clouds)
- A concealment cipher is a message within a message.
- A transposition cipher uses permutations.
- A substitution cipher replaces bits, characters, or blocks of characters with different bits,
characters or blocks.
- Steganography refers to hiding the very existence of the message.
US-EU Safe Harbor is a streamlined process for US companies to comply with the EU Directive
95/46/EC on the protection of personal data.
ISO 14000 - environment management
ISO 27000 - infosec management (comes from 17799 which comes from British 7799)
- ITIL is a set of practices for IT service management
- COBIT - deals with IT governance (derived from COSO); deals with what is to be achieved; four
goals to ensure IT maps seamlessly with business needs
- Plan and Organize
- Acquire and Implement
- Deliver and Support
- Monitor and Evaluate
- COSO deals with financial governance
- SOX requires strict financial tracking, managing and reporting of all publicly traded
companies. Failure = ENRON scandal
The Computer Security Act of 1987 - Requires U.S. agencies to identify systems that contain
sensitive information; Evolved into the Federal Information Security Management Act of 2002
The Economic Espionage Act of 1996 - Enables FBI to investigate corporate espionage cases;
established that theft is no longer restricted to physical constraints (now includes trade
secrets)
The Federal Privacy Act of 1974 and the European Union Principles on Privacy were created
to protect citizens from government agencies using information that they collected improperly
GLBA requires all financial institutions to tell customers on how they will disclose your
information, and they must protect your PII.
CFAA U.S. Federal anti-hacking statute.
Incident Response Procedures (TICATR)
- Triage, Investigation, Containment, Analysis, Tracking, Recovery
IAB Ethics
- Purposely seeking to gain unauthorized access to Internet resources
- Disrupting the intended use of the Internet
- Wasting resources (people, capacity and computers) through purposeful actions
- Destroying the integrity of computer-based information
- Compromising the privacy of others
- Involving negligence in the conduct of Internet-wide experiments
Capability Maturity Model integration (IRDMO)

Initial
Repeatable
Defined
Managed
Optimized
Block Cipher Modes
The simplest of the encryption modes is the electronic codebook (ECB) mode. The message
is divided into blocks, and each block is encrypted separately.
In cipher block chaining (CBC) mode, each block of plaintext is XORed with the previous
ciphertext block before being encrypted.
The output feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It
generates keystream blocks, which are then XORed with the plaintext blocks to get the
ciphertext.
Like OFB, counter mode turns a block cipher into a stream cipher. It generates the next
keystream block by encrypting successive values of a "counter".
Proximate causation prove fault or responsibility
Due care = prudent person
Major Legal Systems
Customary
Common
Religious
Civil
PCI DSS payment cards; self-regulatory
Exigent circumstances allows law enforcement to enter a structure without a warrant;
situation where people are in imminent danger, evidence faces imminent destruction, or a
suspect's imminent escape.
Ten commandments of computer ethics - created in 1992 by the Computer Ethics Institute.
Locards principle of exchange - holds that the perpetrator of a crime will bring something
into the crime scene and leave with something from it, and that both can be used as forensic
evidence.
OECD - an international group assisting governments with economic, social, and governance
challenges worldwide.
Software licensing
- freeware
- shareware
- academic
- commercial
Delphi Technique an anonymously communicated group decision.
Physical security controls categories (DDDAR)
Deterrence
Delaying
Detection

Assessment
Response
Software development models
Waterfall classical model with discrete phases and formal reviews before moving onto the next
phase
Joint analysis development (JAD) team approach in workshop-oriented environment
Spiral emphasis on risk-analysis, prototypes and simulations at each phase
Structured
Iterative
Spiral
Exploratory
Modified prototype
Data custodian maintain and protect data; verify availability
Risk assessment methodologies OCTAVE, NIST SP 800-30