Professional Documents
Culture Documents
Dest Cert Print Able Mind Maps 2023
Dest Cert Print Able Mind Maps 2023
Dest Cert Print Able Mind Maps 2023
Security
and Risk
Management
Enable Business
Security
Focus of
Increase Value
Accountability
Responsibility
Due Care
Responsibilities
Due Diligence Clearly Defined Roles &
Privacy
© Destination Certification
Security Governance
Corporate Governance
(ISC)2 Code of
Ethics
Professional Ethics
Standards
Procedures
Baselines
Policies
Security
Functional
Overarching
Security Policy
Guidelines
Corporate Laws
Risk Management
Baselines
Standards
Guidelines
Procedures
PI
PII
SPI
PHI
Direct Identifiers
Trade Secret
Indirect Identifiers
Online Identifiers
Personal Data
Creation / Update
Store
Use
Patent
Share
Archive
Data Lifecycle
Destroy
Collection Limitation
Privacy
Data Quality
© Destination Certification
Purpose
Specification
Copyright
Intellectual Property
Use Limitation
Security Safeguards
Openness
OECD Guidelines
Individual
Participation
Accountability
Supervisory
Authority (SA)
GDPR
Trademark
without Security
Quantitative
1. Asset
Qualitative
Valuation
STRIDE
PASTA Threats
Threat
Modeling
DREAD
Vuln. Assessment & Pen.
Testing
Vulnerabilities
Likelihood
Impact
2. Risk Analysis
ALE = SLE(Value x
Quantitative
Exposure) x ARO
Qualitative
Avoid
Transfer
Directive
Deterrent
Safeguards
Preventative
© Destination Certification
Detective
Risk Management
Physical
Assurance
Functional Corrective
Mitigate
3. Treatment
Administrative
Technical / Logical
Recovery
Compensating
Countermeasures
Accept
RMF
3. Select
5. Assess
1. Prepare
7. Monitor
6. Authorize
2. Categorize
NIST 800-37
4. Implement
ISO 31000
COSO
Risk Frameworks
ISACA Risk IT
Asset
Security
Asset Inventory
Assign Ownership
Data classification
policy
Baselines
Standards
Guidelines
Procedures
System Readable Security Label
Classification
Human Readable Security Marking
based on Value
Classify
Categorization
Data Owner / Controller
Data Processor
Data Custodian
Roles
Data Steward
Data Subject
Encryption
Access Control
Rest
Backups
End-to-End
Link
Motion
Onion
Use
© Destination Certification
Retention Period Archive
Asset Classification
Media Destruction
Protect
Shred / Disintegrate
based on Classification
/ Incinerate / Drill
Degauss
Destruction Purging
Crypto shredding
Overwrite / Wipe /
Erasure
Defensible Destruction
Clearing
Format
DRM
DLP
Zachman
Least Privilege
Defense in Depth
Security
Enterprise
Secure Defaults
Architecture
Sabsa TOGAF
Fail Securely
Strong Star
Privacy by Design Property
© Destination Certification
NIST
800-53
COBIT
Lipner
Security Models
Implementation
ITIL 3 goals of
integrity
HIPAA
3 Clark-Wilson
rules
Clark-Wilson
SOX
Prevent conflicts
of interest
FedRAMP
Rule Based
Security Frameworks
Brewer Graham
FISMA
B1 - Security labels
B2 - Security labels and verification of no covert
channels
B3 - Security labels, verification of no covert channels,
and must stay secure during start-up
TCSEC (Orange Book)
Functional Levels
A1 – Verified design
Confidentiality +
Integrity
Networked
devices
Same Functional
levels as TCSEC
E0
E1
ITSEC
E2
E3
E4
Levels
E5
Assurance
E6
Certification
ISO 15408
Protection
Profile
© Destination Certification
Target of
Evaluation
Evaluation Criteria
Security Targets
Functional &
Assurance
Requirements
Accreditation
Completeness Subject
Rules
Isolation Mediation
Logging & Monitoring Reference
Security Kernel
Verifiability Object
Monitor Concept
Processor
Primary
Secondary Storage
Hardware
Components
Virtual Memory
System Kernel
Firmware
Software
Middleware
Components
Memory
Segmentation
Process Isolation
Time Division
Multiplexing
© Destination Certification
Problem
Processor States
Supervisor
User Mode
Operating System
Modes
Kernel Mode
Trusted Computing Base (TCB)
Protection
Ring Protection
Model
Ring 0: System Kernel
Secure Memory
Management
Data Hiding
Defence in depth
Redundancy Single Point of Failure
Bypass Controls
Stored
Mitigating Controls
(Persistent)
Increase frequency of TOCTOU
Re-authentication (Race Conditions)
Shielding
(TEMPEST)
Reflected
White Noise
(Most common)
Emanations
Control Zones
DOM
Analysis & Design Covert Channels
Target of
Remote access security
Attack: Client
End-point security
M1: Improper
Platform Usage
(CSRF)
Target of
Cross Site
M2: Insecure Data
© Destination Certification
Attack: Server
Request Forgery Storage
M3: Insecure
Communication
M4: Insecure
SQL
Authentication
Injection
M5: Insufficient
Vulnerabilities in Systems
Web-based Vulnerabilities
Cryptography
M6: Insecure
Authorization
Mobile Devices
Quality
Client Side vs.
Engineering
Input Validation
Deny Lists
M10: Extraneous
Allow Lists vs.
Functionality
On-Demand Self Service
Broad Network Access
Resource Pooling
Rapid Elasticity
Characteristics
Measured Service
IaaS
PaaS
Service
Models
SaaS
Public
Private
Models
Community
Deployment
Hybrid
Hypervisor Virtual Machine
Container Engine
Virtualized
Containers
Compute
Serverless
Local
Identity Provider
Cloud
Cloud
Linked
Cloud
Synced
identity
Federated
© Destination Certification
Cloud Consumer
Cloud Computing
Cloud Broker
Responsible
Cloud Auditor
SPML
SAML
Protocols
OpenID
OAuth
Data Centric
Migration
SLA
Snapshot, Virtual Disk, Image Forensics
Crypto Shredding / Crypto Erase Data Destruction
Cryptographic Services Cryptographic terminology
Confidential Authentici Access
vector/Nonce
Key clustering
Key / Crypto
Integrity Non-Repudiation
Initialization
Work factor
ity ty Control
Avalanche
Confusion
Diffusion
Plaintext
Decrypt
variable
Encrypt
= Hashing Origin Delivery
Secret Writing
Hidden Scrambled (Cryptography)
Steganography Null Cipher One-way Two-way Substitution Transposition
Monoalphabetic Spartan
Discrete
MD5 Block Stream Factoring Scytale
Log
Digital Certificates
Digital Signatures
Polyalphabetic
SHA-1 Rail Fence
DES Block RC4 RSA Running (zigzag)
SHA-2 Modes: Diffie-
3DES Hellmann One-time Pads
SHA-3 ECB (key exchange)
AES
(Rijndael)
CBC
CAST-128 Elliptic
CFB
SAFER Curve
OFB
Blowfish (ECC)
CTR
Twofish El Gamal
RC5/RC6
DSA
© Destination Certification
Digital Signatures Digital Certificates
Integrity Authenticity Non-repudiation Verify the owner of a Public Key
CRL OCSP
PKI
Certificate Authority Intermediate / Issuing Certificate DB Certificate Store
Registration Authority
(Root of Trust) CA (Revocation List) (Local)
Key Management
Kerchhoff’s
Generation Distribution Storage Rotation Disposition Recovery
Principle
© Destination Certification
Cryptanalysis
Cryptanalytic Attacks
Linear &
Brute Force Ciphertext Only Known Plaintext Chosen Plaintext Chosen Ciphertext Factoring
Differential
Cryptographic Attacks
Man-in- Birthday
the- Pass the Temporary Impleme- Dictionary Rainbow
Replay Hash Files ntation Side Channel Tables Attack Social Engineering
Attack
middle
© Destination Certification
Deter
Delay
Assess
Detect
Respond
Categories
of Controls
Landscape
Perimeter
Grading
Cameras
Passive Infrared Devices
Lighting
Card Readers / Badges
Doors / Mantraps
Mechanical
Locks
Digital
Shock
Windows
Glass break
Walls
Skimming
Network
UPS
Generator
Power Outages
Power
Safety of people
Power Degradation
© Destination Certification
Layered Defense
Temperature
Infrastructure
Physical Security
Humidity
HVAC
Air Quality
Flame (Infrared)
Ionization
Photo-electric Smoke
Fire
Dual
Detection
Heat (Thermal)
Water
Dry
Wet
Pre-
action
Deluge
N
Gas
Aero-K
Fire
INERGE
Argonite
FM-200
Extinguisher
Suppression
CO2
Communication
and Network
Security
Wired: Twisted Pair, Coaxial,
Fiber Optic
Media
Wireless: Radio Frequency,
Infrared, Microwave
Bus
Tree
Star
Topologies
1.
Mesh
Physical
Ring
CSMA/CA
Collisions
CSMA/CD
Hubs, Repeaters,
Concentrators Devices
802.1x Protocols
MAC Address
2.
© Destination Certification
IP Address
Routers & Packet Filtering
3.
Firewalls Devices
Network
6. Presentation
WAN
MPLS
802.11a, b, g, n, ac, ax Protocols
WEP
Wi-Fi
TKIP Encryption
WAP / WPA2
802.16 WiMMax
Wireless
GSM / CDMA
Microwave
IPv4 vs. IPv6
Internet Protocol (IP)
IPv4 Network Classes
Addresses
Private IPv4 Addresses
VoIP
Converged Protocols
iSCSI, FCoE
PAP
CHAP Network
EAP Authentication
PEAP
Reconnaissance
Enumeration
Networking
© Destination Certification
Vulnerability Analysis
Phases
Exploitation
Eavesdropping
SYN Flooding
IP Spoofing
DoS / DDoS
Man-in-the-Middle
Network Attacks
ARP poisoning
VLAN
Virtualization
Northbound & Southbound APIs SDN
ipconfig
ping
traceroute
Common
whois
Commands
dig
Defense in Depth
Network Perimeter
DMZ
Bastion Host
Network
Proxy Partitioning
Segmentation /
NAT / PAT
Packet Filtering
Stateful Packet
Filtering Types
Circuit Proxy
Firewalls
Application
IDS IPS
Host Based
In-line
IDS/IPS
Location
Mirror, Span,
Based
Network
Promiscuous
© Destination Certification
Signature analysis Pattern
Network Defense
Stateful matching
Statistical
Anomaly
Inspection
Protocol
Traffic
Sandbox
Honeypots &
honeynets
Endpoint Security
GRE
PPTP
L2TP
Split
Tunneling
Authentication Header
Encapsulating Security
Payload
Transport mode
Tunnel Mode
IPSec
Tunneling
IKE
VPN
Security Association
Encryption
(Tunneling + Encryption)
© Destination Certification
Remote Access
SOCKS
SSH
RADIUS
TACACS+
Remote
Authentication
Diameter
SNMP
Remote
Access /
Telnet
Management
Identity
and Access
Management
Separation of Duties
Need to Know
Access
Control
Principles
Least Privilege
Centralized
Administration
Decentralized Approaches
Hybrid
Identification
Password
Passphrase
Questions
Knowledge
Hard Tokens
Soft Tokens One-time
Synchronous Passwords
Asynchronous
Ownership
Smart / Memory
Cards
Fingerprint
Hand Geometry
Vascular Pattern
Physiological
Facial
Iris
Retina
Voice
Authentication
Signature
Behavioural
Characteristic
Key Stroke
© Destination Certification
Access Control
Gait
Templates
Type 1:
False Reject
Type 2:
Access Controls Services
False Accept
Crossover Error Rate
Single / Multifactor
Authenticator
Assurance Levels
(AAL)
Just-in-time Access
Rule
Types of RBAC Role Discretionary
Attribute / Content Authorization
Non-discretionary
Mandatory
Principle of Access
Control Accountability
Session Hijacking Session Management
User / Client
Key Distribution
Center
Authentication
Service
Ticket Granting
Ticket (TGT)
Components
Ticket Granting
Service
Kerberos
Service Tickets
Single Sign-on
Service
Symmetric
encryption only
Symmetric &
Access systems within the same organization
Asymmetric Sesame
encryption
Principal / User
Identity Provider
© Destination Certification
Trust
Relying Party /
Relationship
Service Provider
Tokens
Assertions
written in XML
Single Sign-on / Federated Access
Profiles
SAML
Bindings
Protocol
Components
Assertion
Allows users to access multiple systems with a single set of credentials
WS-Federation
Access systems across multiple entities
OpenID
Federated Identity Management (FIM)
OAuth
Security
Assessment
and Testing
Validation
Verification
Rigour
Unit
Interface
Integration System
System
Testing a
Manual
Methods & Tools
Automated
Static
Dynamic
Mutation
Fuzz
Runtime
Generation
White
Access to Code
Black
Positive
Negative
Misuse
Decision table analysis
Techniques
State-based analysis
Testing Techniques
© Destination Certification
Synthetic Performance Monitoring Operational
Regression Testing
Internal
External
SOC 1
Type 1
SOC 2
Type 2
Party
Third-
SOC 3
Security Assessment and Testing
Executive Management
Audit Committee
Security Officer
Compliance Manager
Roles
Testers / Assessors
Internal Auditors
External Auditors
Focus
KPIs
Metrics
KRIs
Vulnerability
Assessment
Penetration Testing
Reconnaissance
Enumeration
Vulnerability Analysis
Process
Execution
Document Findings
Internal
Perspective
External
Blind
Approach
Double-blind
Zero (black)
© Destination Certification
Full (white)
Credentialed /
Authenticated
Identifying Vulnerabilities
Types of Scans
Uncredentialed /
Unauthenticated
Banner grabbing &
Fingerprinting
CVE
Interpreting &
understanding results
CVSS
SCAP
False positive vs. False
negative
Log Review & Analysis
Monitor Continuous
for Security Information and Event Management (SIEM) Monitoring
Normalization
Transmission
Modification
Aggregation
Collection /
Retention
Breaches
Disposal
Analysis
Errors
Generation
Clipping Levels
Protocol (NTP)
Network Time
Consistent
© Destination Certification
Security
Operations
Secure the
Scene
Locard’s
Principle
MOM
Oral / Written
statements
Documents
Live Evidence
(Volatile)
Secondary Storage
(HD)
Sources
Digital
VM Instance / Virtual
Forensics
Disk
E Discovery
Collect & Control Evidence
Chain of Custody
Real Evidence
Direct Evidence
Secondary Evidence
Types of
Evidence
Authentic
Accurate
© Destination Certification
Investigations
Complete
Convincing /
Rules of Evidence
Admissible
Media Analysis
Software Analysis
Techniques
Network Analysis
Investigative
Criminal
Civil
Regulatory
Types of
Investigations
Administrative
Sources:
SIEM, IDS/IPS
DLP, Fire Event Incident
detectors
Etc.
© Destination Certification
Virus
Worm
Companion
Macro
Multipartite
Polymorphic
Trojan
Botnets
Boot Sector
Hoaxes / Pranks
Logic Bombs
Stealth
Types of Malware
Ransomware
Rootkit
Malware
Spyware / Adware
© Destination Certification
Data Diddler / Salami
Attack
Zero Day
Training & Awareness Policy
Allow List
Prevention
Network Segmentation
Heuristic Scanners
Activity Monitors
Anti-Malware
Detection
Change Detection
Continuous Updates
Patching
Determine if Patch is available Implement through Change Management
Threat Vendor
Pro-actively checking Timing Deploy
Intelligence Notification
Change Management
Emergency CCB
Based on
Change vs. Test New Regression
impact, CAB
Standard Functionality Testing
severity, etc.
process ECAB
© Destination Certification
Archive Bit
Mirror
Full
Incremental
Backups
Types of
Differential
Offsite
Backup Storage
Data
Tape Rotation
Storage
RPO
Cold
Warm
Hot
RAID 0
Striping
RAID 1
Mirroring
RAID 5
Disks
© Destination Certification
RAID
Parity
RAID 6
of Independent
Spare Parts Redundant Array
Double Parity
Recovery Strategies
Clustering
High
System
Redundancy
Availability
Cold
Warm
Hot
Mobile
Types of Sites
Recovery Sites
Mirror / Redundant
Geographically remote
1.
Safety of people
2.
Minimize damage
BCM
Goals of
3.
Survival of business
Identify Critical
Processes & Systems
Assessment
Measurements of Time
Business Impact
© Destination Certification
(BCP)
(DRP)
Types of
Read-through / Checklist
Walkthrough
Simulation
Parallel
Focuses on critical and essential functions of business
Business Continuity Management (BCM)
Testing Plans
Full-interruption / Full-scale
Sprints
Agile
Scrum Master
Combine Dev, QA &
Ops
DevOps
Development
Cycle (SDLC)
SecDevOps
Canary
Testing
Certification
Software Development Life
Accreditation Deployment
System Life Cycle (SLC)
Operation
Disposal
Maturity Models
REST
APIs
SOAP
Lexical, Data, Control
flow Obfuscation
Assess vendors
Acquire Software
Contracts, / SLAs
© Destination Certification
Buffer Overflows
SQL Injection
XSS / CSRF
Covert Channels
Backdoors /
Trapdoors
Secure Software Development
Memory / Object
Reuse
Weaknesses &
Vulnerabilities
Software Security
TOCTOU
Citizen Developers
Input Validation
Session Secure
Management Programming
Polyinstantation
SCM Maintain
SOAR Software
Databases
SQL
Components Maintaining Integrity of Data Injection
Concurrency
Hardware
Language
A C I D
Locks
Users
(SQL)
Data
Software Atomicity Consistency Isolation Durability
Database
Tables
Rows = Tuples
Foreign Keys
Columns =
/ Records
Attributes
Primary &
Fields
© Destination Certification
Printable Blank MindMaps
Print out the following blank MindMaps and fill them in as
your watch our MindMap videos!
Print pages 41 to 70
Enable Business
Security
Focus of
Increase Value
Accountability
Responsibility
Due Care
Responsibilities
Due Diligence Clearly Defined Roles &
Privacy
© Destination Certification
Security Governance
Corporate Governance
(ISC)2 Code of
Ethics
Professional Ethics
Standards
Procedures
Baselines
Policies
Security
Functional
Overarching
Security Policy
Guidelines
Corporate Laws
Risk Management
Baselines
Standards
Guidelines
Procedures
PI
PII
SPI
PHI
Direct Identifiers
Trade Secret
Indirect Identifiers
Online Identifiers
Personal Data
Creation / Update
Store
Use
Patent
Share
Archive
Data Lifecycle
Destroy
Collection Limitation
Privacy
Data Quality
© Destination Certification
Purpose
Specification
Copyright
Intellectual Property
Use Limitation
Security Safeguards
Openness
OECD Guidelines
Individual
Participation
Accountability
Supervisory
Authority (SA)
GDPR
Trademark
without Security
Quantitative
1. Asset
Qualitative
Valuation
STRIDE
PASTA Threats
Threat
Modeling
DREAD
Vuln. Assessment & Pen.
Testing
Vulnerabilities
Likelihood
Impact
2. Risk Analysis
ALE = SLE(Value x
Quantitative
Exposure) x ARO
Qualitative
Avoid
Transfer
Directive
Deterrent
Safeguards
Preventative
© Destination Certification
Detective
Risk Management
Physical
Assurance
Functional Corrective
Mitigate
3. Treatment
Administrative
Technical / Logical
Recovery
Compensating
Countermeasures
Accept
RMF
3. Select
5. Assess
1. Prepare
7. Monitor
6. Authorize
2. Categorize
NIST 800-37
4. Implement
ISO 31000
COSO
Risk Frameworks
ISACA Risk IT
Asset Inventory
Assign Ownership
Data classification
policy
Baselines
Standards
Guidelines
Procedures
System Readable Security Label
Classification
Human Readable Security Marking
based on Value
Classify
Categorization
Data Owner / Controller
Data Processor
Data Custodian
Roles
Data Steward
Data Subject
Encryption
Access Control
Rest
Backups
End-to-End
Link
Motion
Onion
Use
© Destination Certification
Retention Period Archive
Asset Classification
Media Destruction
Protect
Shred / Disintegrate
based on Classification
/ Incinerate / Drill
Degauss
Destruction Purging
Crypto shredding
Overwrite / Wipe /
Erasure
Defensible Destruction
Clearing
Format
DRM
DLP
Zachman
Least Privilege
Defense in Depth
Security
Enterprise
Secure Defaults
Architecture
TOGAF
Fail Securely
Strong Star
Privacy by Design Property
© Destination Certification
NIST
800-53
COBIT
Lipner
Security Models
Implementation
ITIL 3 goals of
integrity
HIPAA
3 Clark-Wilson
rules
Clark-Wilson
SOX
Prevent conflicts
of interest
FedRAMP
Rule Based
Security Frameworks
Brewer Graham
FISMA
B1 - Security labels
B2 - Security labels and verification of no covert
channels
B3 - Security labels, verification of no covert channels,
and must stay secure during start-up
TCSEC (Orange Book)
Functional Levels
A1 – Verified design
Confidentiality +
Integrity
Networked
devices
Same Functional
levels as TCSEC
E0
E1
ITSEC
E2
E3
E4
Levels
E5
Assurance
E6
Certification
ISO 15408
Protection
Profile
© Destination Certification
Target of
Evaluation
Evaluation Criteria
Security Targets
Functional &
Assurance
Requirements
Accreditation
Completeness Subject
Rules
Isolation Mediation
Logging & Monitoring Reference
Security Kernel
Verifiability Object
Monitor Concept
Processor
Primary
Secondary Storage
Hardware
Components
Virtual Memory
System Kernel
Firmware
Software
Middleware
Components
Memory
Segmentation
Process Isolation
Time Division
Multiplexing
© Destination Certification
Problem
Processor States
Supervisor
User Mode
Operating System
Modes
Kernel Mode
Trusted Computing Base (TCB)
Protection
Ring Protection
Model
Ring 0: System Kernel
Secure Memory
Management
Data Hiding
Defence in depth
Redundancy Single Point of Failure
Bypass Controls
Stored
Mitigating Controls
(Persistent)
Increase frequency of TOCTOU
Re-authentication (Race Conditions)
Shielding
(TEMPEST)
Reflected
White Noise
(Most common)
Emanations
Control Zones
DOM
Analysis & Design Covert Channels
Target of
Remote access security
Attack: Client
End-point security
M1: Improper
Platform Usage
(CSRF)
Target of
Cross Site
M2: Insecure Data
© Destination Certification
Attack: Server
Request Forgery Storage
M3: Insecure
Communication
M4: Insecure
SQL
Authentication
Injection
M5: Insufficient
Vulnerabilities in Systems
Web-based Vulnerabilities
Cryptography
M6: Insecure
Authorization
Mobile Devices
Quality
Client Side vs.
Engineering
Input Validation
Deny Lists
M10: Extraneous
Allow Lists vs.
Functionality
On-Demand Self Service
Broad Network Access
Resource Pooling
Rapid Elasticity
Characteristics
Measured Service
IaaS
PaaS
Service
Models
SaaS
Public
Private
Models
Community
Deployment
Hybrid
Hypervisor Virtual Machine
Container Engine
Virtualized
Containers
Compute
Serverless
Local
Identity Provider
Cloud
Cloud
Linked
Cloud
Synced
identity
Federated
© Destination Certification
Cloud Consumer
Cloud Computing
Cloud Broker
Responsible
Cloud Auditor
SPML
SAML
Protocols
OpenID
OAuth
Data Centric
Migration
SLA
Snapshot, Virtual Disk, Image Forensics
Crypto Shredding / Crypto Erase Data Destruction
Cryptographic Services Cryptographic terminology
Confidential Authentici Access
vector/Nonce
Key clustering
Key / Crypto
Integrity Non-Repudiation
Initialization
Work factor
ity ty Control
Avalanche
Confusion
Diffusion
Plaintext
Decrypt
variable
Encrypt
= Hashing Origin Delivery
Secret Writing
Hidden Scrambled (Cryptography)
Steganography Null Cipher One-way Two-way Substitution Transposition
Monoalphabetic Spartan
Discrete
MD5 Block Stream Factoring Scytale
Log
Digital Certificates
Digital Signatures
Polyalphabetic
SHA-1 Rail Fence
DES Block RC4 RSA Running (zigzag)
SHA-2 Modes: Diffie-
3DES Hellmann One-time Pads
SHA-3 ECB (key exchange)
AES
(Rijndael)
CBC
CAST-128 Elliptic
CFB
SAFER Curve
OFB
Blowfish (ECC)
CTR
Twofish El Gamal
RC5/RC6
DSA
© Destination Certification
Digital Signatures Digital Certificates
Integrity Authenticity Non-repudiation Verify the owner of a Public Key
CRL OCSP
PKI
Certificate Authority Intermediate / Issuing Certificate DB Certificate Store
Registration Authority
(Root of Trust) CA (Revocation List) (Local)
Key Management
Kerchhoff’s
Generation Distribution Storage Rotation Disposition Recovery
Principle
© Destination Certification
Cryptanalysis
Cryptanalytic Attacks
Linear &
Brute Force Ciphertext Only Known Plaintext Chosen Plaintext Chosen Ciphertext Factoring
Differential
Cryptographic Attacks
Man-in- Birthday
the- Pass the Temporary Dictionary Rainbow
Replay Hash Files Side Channel Tables Attack Social Engineering
Attack
middle
© Destination Certification
Deter
Delay
Assess
Detect
Respond
Categories
of Controls
Landscape
Perimeter
Grading
Cameras
Passive Infrared Devices
Lighting
Card Readers / Badges
Doors / Mantraps
Mechanical
Locks
Digital
Shock
Windows
Glass break
Walls
Skimming
Network
UPS
Generator
Power Outages
Power
Safety of people
Power Degradation
© Destination Certification
Layered Defense
Temperature
Infrastructure
Physical Security
Humidity
HVAC
Air Quality
Flame (Infrared)
Ionization
Photo-electric Smoke
Fire
Dual
Detection
Heat (Thermal)
Water
Dry
Wet
Pre-
action
Deluge
Gas
Fire
Extinguisher
Suppression
CO2
Wired: Twisted Pair, Coaxial,
Fiber Optic
Media
Wireless: Radio Frequency,
Infrared, Microwave
Bus
Tree
Star
Topologies
1.
Mesh
Physical
Ring
CSMA/CA
Collisions
CSMA/CD
Hubs, Repeaters,
Concentrators Devices
802.1x Protocols
MAC Address
2.
© Destination Certification
IP Address
Routers & Packet Filtering
3.
Firewalls Devices
Network
Protocols
6. Presentation
WAN
MPLS
802.11a, b, g, n, ac, ax Protocols
WEP
Wi-Fi
TKIP Encryption
WAP / WPA2
802.16
Wireless
GSM / CDMA
Microwave
IPv4 vs. IPv6
Internet Protocol (IP)
IPv4 Network Classes
Addresses
Private IPv4 Addresses
VoIP
Converged Protocols
PAP
CHAP Network
EAP Authentication
PEAP
Reconnaissance
Enumeration
Networking
© Destination Certification
Vulnerability Analysis
Phases
Exploitation
Eavesdropping
SYN Flooding
IP Spoofing
DoS / DDoS
Man-in-the-Middle
Network Attacks
ARP poisoning
VLAN
Virtualization
Northbound & Southbound APIs SDN
ipconfig
ping
traceroute
Common
Commands
dig
Defense in Depth
Network Perimeter
DMZ
Bastion Host
Network
Proxy Partitioning
Segmentation /
NAT / PAT
Packet Filtering
Stateful Packet
Filtering Types
Circuit Proxy
Firewalls
Application
IDS IPS
Host Based
In-line
IDS/IPS
Location
Mirror, Span,
Based
Network
Promiscuous
© Destination Certification
Signature analysis Pattern
Network Defense
Stateful matching
Statistical
Anomaly
Inspection
Protocol
Traffic
IDS / IPS Detection Methods
Sandbox
Honeypots &
honeynets
Endpoint Security
GRE
PPTP
L2TP
Split
Tunneling
Authentication Header
Encapsulating Security
Payload
Transport mode
Tunnel Mode
IPSec
Tunneling
IKE
VPN
Security Association
Encryption
(Tunneling + Encryption)
© Destination Certification
Remote Access
SOCKS
SSH
RADIUS
TACACS+
Remote
Authentication
Diameter
SNMP
Remote
Access /
Telnet
Management
Separation of Duties
Need to Know
Access
Control
Principles
Least Privilege
Centralized
Administration
Decentralized Approaches
Hybrid
Identification
Password
Passphrase
Questions
Knowledge
Hard Tokens
Soft Tokens One-time
Synchronous Passwords
Asynchronous
Fingerprint Ownership
Hand Geometry
Vascular Pattern
Physiological
Facial
Iris
Retina
Voice
Authentication
Signature
Behavioural
Characteristic
Key Stroke
© Destination Certification
Access Control
Gait
Templates
Access Controls Services
Type 2:
Rule
Types of RBAC Role Discretionary
Attribute / Content Authorization
Accountability
Session Hijacking Session Management
User / Client
Key Distribution
Center
Authentication
Service
Ticket Granting
Ticket (TGT)
Components
Ticket Granting
Service
Kerberos
Service Tickets
Single Sign-on
Service
Symmetric
encryption only
Symmetric &
Access systems within the same organization
Asymmetric Sesame
encryption
Principal / User
Identity Provider
© Destination Certification
Trust
Relying Party /
Relationship
Service Provider
Tokens
Assertions
written in XML
Single Sign-on / Federated Access
Profiles
SAML
Bindings
Protocol
Components
Assertion
Allows users to access multiple systems with a single set of credentials
WS-Federation
Access systems across multiple entities
OpenID
Federated Identity Management (FIM)
OAuth
Validation
Verification
Rigour
Unit
Interface
Integration System
System
Testing a
Manual
Methods & Tools
Automated
Static
Dynamic
Mutation
Fuzz
Runtime
Generation
White
Access to Code
Black
Positive
Negative
Misuse
Decision table analysis
Techniques
State-based analysis
Testing Techniques
© Destination Certification
Synthetic Performance Monitoring Operational
Regression Testing
Internal
External
SOC 1
Type 1
SOC 2
Type 2
Party
Third-
SOC 3
Security Assessment and Testing
Executive Management
Audit Committee
Security Officer
Compliance Manager
Roles
Testers / Assessors
Internal Auditors
External Auditors
Focus
KPIs
Metrics
KRIs
Vulnerability
Assessment
Penetration Testing
Reconnaissance
Enumeration
Vulnerability Analysis
Process
Execution
Document Findings
Internal
Perspective
External
Blind
Approach
Double-blind
Zero (black)
© Destination Certification
Full (white)
Credentialed /
Authenticated
Identifying Vulnerabilities
Types of Scans
Uncredentialed /
Unauthenticated
Banner grabbing &
Fingerprinting
CVE
Interpreting &
understanding results
CVSS
SCAP
False positive vs. False
negative
Log Review & Analysis
Monitor Continuous
for Security Information and Event Management (SIEM) Monitoring
Normalization
Transmission
Modification
Aggregation
Collection /
Retention
Breaches
Disposal
Analysis
Errors
Generation
Clipping Levels
Protocol (NTP)
Network Time
Consistent
© Destination Certification
Secure the
Scene
Locard’s
Principle
MOM
Oral / Written
statements
Documents
Live Evidence
(Volatile)
Secondary Storage
(HD)
Sources
Digital
VM Instance / Virtual
Forensics
Disk
E Discovery
Collect & Control Evidence
Chain of Custody
Real Evidence
Direct Evidence
Secondary Evidence
Types of
Evidence
Authentic
Accurate
© Destination Certification
Investigations
Complete
Convincing /
Rules of Evidence
Admissible
Media Analysis
Software Analysis
Techniques
Network Analysis
Investigative
Criminal
Civil
Regulatory
Types of
Investigations
Administrative
Sources:
SIEM, IDS/IPS
DLP, Fire Event Incident
detectors
Etc.
© Destination Certification
Virus
Worm
Companion
Macro
Multipartite
Polymorphic
Trojan
Botnets
Boot Sector
Hoaxes / Pranks
Logic Bombs
Stealth
Types of Malware
Ransomware
Rootkit
Malware
Spyware / Adware
© Destination Certification
Data Diddler / Salami
Attack
Zero Day
Training & Awareness Policy
Allow List
Prevention
Network Segmentation
Heuristic Scanners
Activity Monitors
Anti-Malware
Detection
Change Detection
Continuous Updates
Patching
Determine if Patch is available Implement through Change Management
Threat Vendor
Pro-actively checking Timing Deploy
Intelligence Notification
Change Management
Emergency CCB
Based on
Change vs. Test New Regression
impact, CAB
Standard Functionality Testing
severity, etc.
process ECAB
© Destination Certification
Archive Bit
Mirror
Full
Incremental
Backups
Types of
Differential
Offsite
Backup Storage
Data
Tape Rotation
Storage
RPO
Cold
Warm
Hot
RAID 1
Mirroring
RAID 5
Disks
© Destination Certification
RAID
Parity
RAID 6
of Independent
Spare Parts Redundant Array
Double Parity
Recovery Strategies
Clustering
High
System
Redundancy
Availability
Cold
Warm
Hot
Mobile
Types of Sites
Recovery Sites
Mirror / Redundant
Geographically remote
1.
Safety of people
2.
Minimize damage
BCM
Goals of
3.
Survival of business
Identify Critical
Processes & Systems
Assessment
Measurements of Time
Business Impact
© Destination Certification
(BCP)
(DRP)
Types of
Read-through / Checklist
Walkthrough
Simulation
Parallel
Focuses on critical and essential functions of business
Business Continuity Management (BCM)
Testing Plans
Full-interruption / Full-scale
Sprints
Agile
Scrum Master
Combine Dev, QA &
Ops
DevOps
Development
Cycle (SDLC)
Canary
Testing
Certification
Software Development Life
Accreditation Deployment
System Life Cycle (SLC)
Operation
Disposal
Maturity Models
REST
APIs
SOAP
Lexical, Data, Control
flow Obfuscation
Assess vendors
Acquire Software
Contracts, / SLAs
© Destination Certification
Buffer Overflows
SQL Injection
XSS / CSRF
Covert Channels
Backdoors /
Trapdoors
Secure Software Development
Memory / Object
Reuse
Weaknesses &
Vulnerabilities
Software Security
TOCTOU
Citizen Developers
Input Validation
Session Secure
Management Programming
Polyinstantation
SCM Maintain
SOAR Software
Databases
SQL
Components Maintaining Integrity of Data Injection
Concurrency
Hardware
Language
A C I D
Locks
Users
(SQL)
Data
Software Atomicity Consistency Isolation Durability
Database
Tables
Rows = Tuples
Foreign Keys
Columns =
/ Records
Attributes
Primary &
Fields
© Destination Certification
Hi there!
I hope our CISSP MindMaps have helped identify the critical concepts you need to know
for the exam!
If you’re looking for detailed explanations of all the concepts covered in these MindMaps
+ everything else you need to confidently pass the CISSP exam, check out our CISSP
MasterClass here: destcert.com/CISSP
We have guided thousands of folks to confidently pass the CISSP exam over the last 20+
years. We provide expert instruction and an integrated intelligent system of study
resources and tools.
Rob Witcher
Co-founder & Master Instructor