Scribd Logo
Upload

Welcome to Scribd!

  • 48 views

    Landoll Doug Everything About Cissp

    Uploaded by

    fer
    About Cissp

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Landoll Doug Everything About Cissp

    Uploaded by

    fer
    48 views30 pages
    About Cissp

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    About Cissp

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    48 views30 pages

    Landoll Doug Everything About Cissp

    Uploaded by

    fer
    About Cissp

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 30

    EverythingYouNeedtoKnow

    AbouttheNewCISSPExam
    DougLandoll
    CEO
    Lantego
    April25,2015

    www.lantego.com
    (512)6338405
    dlandoll@lantego.com
    @NTXISSA

    SessionAgenda

    CBK&QuesOonDepth
    2015CBK
    NewTestQuesOonFormats
    StudyStrategies
    TestTakingStrategies

    @NTXISSA

    CommonBodyofKnowledge
    Milewideandaninchdeep
    Lotsofvocabulary

    Minimalnumbersandform
    Noport#s,NoRFC#s

    Knowyourhistory
    ClassicdeniOons
    Oldcriteria(e.g.OrangeBook)
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    PreparaAonProcess
    LearningroupsandrelaOonships
    LookforrelaOonshipbetweentermsand
    principles,acrossdomains,andinpracOce.

    Learnandbuildmnemonics
    Usememorydevicessuchasanagrams,
    drawings,andphrases.
    Manyofthesewillbepresentedinclass
    Compilingthesetogetherisreferredtoas
    creaOngyourdatadumpsheet
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    DataDumpSheetExample

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    2015CommonBodyofKnowledge
    2015CBK
    SecurityandRiskManagement

    Legal,
    RiskManagement

    AssetSecurity

    Cryptography
    PhysicalSecurity

    SecurityEngineering

    SecurityArchitecture

    CommunicaOonandNetworkSecurity

    TelecommunicaOons

    IdenOtyandAccessManagement

    AccessControl

    SecurityAssessmentandTesOng
    SecurityOperaOons

    BCP

    So`wareDevelopmentSecurity

    OperaOons

    8Domainsvs.10DomainsWhoCares!
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    2015CBK:WhatsNew:Topics
    3rdPartyRiskManagement
    BYODRisks
    IoT
    So`wareDenedNetworks
    CloudIdenOtyServices(OAuth2.0)

    Maybe+4%
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    AccessControl
    MostlyVocabulary
    Passwords:StaOc,Dynamic,CogniOve,vs.
    Passphrases,Hashes,Thresholds
    Biometrics:EecOve:RIP;Accepted:VSHK
    StrongAuth
    IdM:Ident,Authent,Auth(x.500,LDAP,XML,
    SPML,SAML,SOAP)
    Policies:DAC,MAC,RBAC
    SS:Kerberos,KryptoKnight,SESAME
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    Architecture
    ComputerArchitecture
    CPU
    OperaOngSystem

    SystemArchitecture
    Systemboundaries
    Securitypolicymodels
    ModesofoperaOon

    SystemEvaluaOon&AccreditaOon
    SystemEvaluaOon
    CerOcaOon&AccreditaOon

    EnterpriseArchitecture
    ArchitectureThreats
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    Architecture:Models
    Model

    ATributes

    Policy

    Comments

    AccessMatrix S,O,accesses

    C:DAC

    Rows:CLs
    Columns:ACLs

    BLP

    S,O,a;noreadup,no
    writedown

    C:DAC,MAC

    Biba

    S,O,a;noreaddown
    nowriteup

    I:Authchanges

    ClarkWilson

    S,O,a;noreaddown
    nowriteup

    I:Authchanges, WellformedtransacOons,
    nomistakes,data separaOonofduty
    consistency

    Non
    Interference

    Inputs(cmds),
    Outputs(views)

    I:Authchanges
    C:MAC

    UsefulinCCA
    Notlakce

    InformaOon
    Flow

    Objects,infoow

    I:Authchanges
    C:MAC

    UsefulinCCA
    Notlakce

    NTXISSACyberSecurityConferenceApril2425,2015

    FlipsBLP

    @NTXISSA

    10

    Cryptography
    SYMMETRIC
    DES,TDES,AES,IDEA
    Blowsh,RCx,CAST,
    SAFER,Serpent

    KEYEDHASH

    HYBRID

    MAC,HMAC

    HASH

    ASYMMETRIC

    MD5,RIPEMD,SHAx

    DH,RSA,ElGamal,ECC,
    LUC,Knapsack

    DIGITALSIGNATURE
    DSS,RSADS,DSA
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    11

    TelecommunicaAons

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    12

    Legal
    Type

    IPProtected

    Term

    Issues

    Patent

    InvenOon

    20years
    Patent&Trade
    Oce

    1sttolevsinvent
    <1yearof1stPublicUse

    Copyright

    Worksofauthorship

    Life+70;95yrs
    FairUse
    LibraryofCongress InternaOonal
    DMCA

    Trademark

    RighttodisOnguish
    goodsandservices

    10years(+)
    PTO
    OpOonle

    DisOncOveness
    (TM)(R)
    DiluOon

    TradeSecret

    Proprietary
    InformaOon

    None

    Requirements
    Commerciallyviable
    Notinpublicdomain
    ReasonableprotecOon

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    13

    OperaAons
    (Learning)Discovery

    EnumeraOon

    VulnerabilityMapping

    ExploitaOon
    LEVEROR
    DEnVER

    Newsgroups
    Domainnameregistries
    Pingsweep,trashINT
    PortScanning
    OSngerprinOng
    VulnerabilityScanning
    Casing
    ExploitvulnerabiliOes
    SocialEngineer
    Escalateprivileges

    Reportto
    Management
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    14

    NewTestQuesAonFormats
    Majority:MulOpleChoice,4candidate
    ansers,pickone
    NewQuesOons:
    Scenario
    DragandDrop
    HotBox

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    15

    ScenarioQuesAons
    DescripOon:
    SituaOonal:12paragraphsdescribingan
    environment,resultsofanaudit,etc.
    35quesOonsonthescenario

    TacOcs:
    ReadthequesOonrst
    ConsideroperaOonalissues(tradeos)

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    16

    DragandDrop
    Whichalgorithmsbelowareexamplesof
    symmetriccryptography?
    Advanced
    EncrypOon
    Standard
    RivestShamir
    Adlemann
    DieHellman
    ElGamal
    DataEncrypOon
    Standard
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    17

    HotSpot
    ThediagrambelowisadesignofaPublicKeyInfrastructure
    tosecureinternettransacOons.Withinthedesignisa
    CerOcateAuthority,aRegistraOonAuthority,anda
    ValidaOonAuthority.
    ClickonthelocaOonoftheregistraOonauthority.

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    18

    StudyStrategies
    RegisterNOW
    Allowsforstudyplanning
    Commitsyoutotheprocessofsuccessfullystudying

    Developastudyplan
    Availabledays
    NumberofdaysfromnowunOltheexamdateworkand
    familycommitments

    Ruleof12(NowRuleof10?)
    Divideyouavailabledaysby12togetstudyunits
    Use1unitforeachdomain
    Use2unitsforfulllengthexamsanddatadump
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    19

    StudyStrategies(2)
    UOlizeALLsources
    CISSPStudybook(s)
    QuesOonresources
    BookCD,www.cccure.org,
    StudISCope
    Courseslidesandnotes

    Takeunitandmixedunitexamso`en
    Mixitup,notsamequesOonsoverandover
    Aimfor80%85%inallunits
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    20

    StudyStrategies(3)
    Usememorydevices
    Acronyms
    Wordbased
    DEERMRSCARBIDS
    UseANAGRAMsolverstocreateyourown

    Sentencebased
    PleaseDoNotTakeSalesPeoplesAdvice
    PlainBrownPotatoesRaisePlainThinMen

    OtherMnemonics
    Phrases
    Readingissimple
    Link(in)Tunnel

    Diagrams
    Concentricsquares,ACM

    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    21

    TestTakingStrategies
    TheDayBefore
    Getagoodrest
    CheckoutthetesOngcenterlocaOon

    TheDayof
    WhattoBring
    RegistraOonpaperwork
    Snack&Drink
    Jacketorsweater

    WhatNOTtoBring
    Cellphone
    Digitalwatch

    @NTXISSA

    TestTakingStrategies(2)
    Otherpossibleissues
    NoisefromnearbyconstrucOonor
    weekendevent
    Temperature
    Dressinlayers(bringajacket)

    WhiteboardandMarker
    Ensureyouhaveagoodone

    @NTXISSA

    TestTakingStrategies(3)
    DataDumpStrategy
    PriortoansweringanyquesOons
    Recallanddocumentdiagrams,lists,charts,
    andothermnemonics

    ThreePassMethod(Considerthis)
    1. AnswerobviousquesOons,updatediagrams
    2. AnswerallbutthemostdicultquesOons
    3. CompleteallquesOons
    @NTXISSA

    TestTakingStrategies(4)
    IndividualQuesOonStrategy
    ReadquesOoncarefully
    FindkeywordsandquesOons(e.g.,not,best,rst)
    ReadALLcandidateanswersdonotjumptorst
    goodone

    Usecandidateanswersasaclue
    Lookforslightdierencebetweencandidate
    answers
    Eliminateclearlywronganswersrst
    Phases/steps:keyonobviouswronganswers(e.g.,
    reportbeforeanalysis)
    @NTXISSA

    TestTakingStrategies(5)
    IndividualQuesOonStrategy(cont.)
    UseinformaOoncontainedinquesOons
    andanswers
    Updatediagramsandlists

    Dontarguewiththetest
    DecidewhatanswerISC2islookingfor
    DumbitDown
    @NTXISSA

    TestTakingStrategies(6)
    DragandDropQuesOons
    EssenOallyamatchingexercise
    EasierthannormalquesOons
    Makesimplest/mostobviousmatchrst

    ScenarioQuesOons
    FindthequesOonrst.
    Thengobackandgetrelevantdata
    UsuallyoperaOonalquesOons
    security/usabilitytradeos,
    riskbaseddecisions,
    applicaOonofprinciples
    @NTXISSA

    PearsonVUEScreen
    TimeRemaining

    FlagforReview

    @NTXISSA

    PearsonVUEScreen

    ReviewSelecOon

    @NTXISSA

    TheCollinCollegeEngineeringDepartment

    CollinCollegeStudentChapteroftheNorthTexasISSA

    NorthTexasISSA(InformaOonSystemsSecurityAssociaOon)

    Thankyou
    NTXISSACyberSecurityConferenceApril2425,2015

    @NTXISSA

    30

    You might also like