CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide. Gibson Darril
Чтение книги онлайн.

Читать онлайн книгу CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide - Gibson Darril страница 9

СКАЧАТЬ A spamming attack (sending massive amounts of unsolicited email) can be used as a type of denial-of-service attack. It doesn’t use eavesdropping methods so it isn’t sniffing. Brute force methods attempt to crack passwords. Buffer overflow attacks send strings of data to a system in an attempt to cause it to fail.

      40. D. A behavior-based IDS can be labeled an expert system or a pseudo-artificial intelligence system because it can learn and make assumptions about events. In other words, the IDS can act like a human expert by evaluating current events against known events. A knowledge-based IDS uses a database of known attack methods to detect attacks. Both host-based and network-based systems can be either knowledge-based, behavior-based, or a combination of both.

      Chapter 1

      Security Governance Through Principles and Policies

      THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:

      ✓ Domain 1: Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)

      ■ A. Understand and apply concepts of confidentiality, integrity and availability

      ■ B. Apply security governance principles through:

      ■ B.1 Alignment of security function to strategy, goals, mission, and objectives (e.g., business case, budget and resources)

      ■ B.2 Organizational processes (e.g., acquisitions, divestitures, governance committees)

      ■ B.3 Security roles and responsibilities

      ■ B.4 Control frameworks

      ■ B.5 Due care

      ■ B.6 Due diligence

      ■ F. Develop and implement documented security policy, standards, procedures, and guidelines

      ■ J. Understand and apply threat modeling

      ■ J.1 Identifying threats (e.g., adversaries, contractors, employees, trusted partners)

      ■ J.2 Determining and diagramming potential attacks (e.g., social engineering, spoofing)

      ■ J.3 Performing reduction analysis

      ■ J.4 Technologies and processes to remediate threats (e.g., software architecture and operations)

      ■ K. Integrate security risk considerations into acquisition strategy and practice

      ■ K.1 Hardware, software, and services

      ■ K.2 Third-party assessment and monitoring (e.g., on-site assessment, document exchange and review, process/policy review)

      ■ K.3 Minimum security requirements

      ■ K.4 Service-level requirements

      The Security and Risk Management domain of the Common Body of Knowledge (CBK) for the CISSP certification exam deals with many of the foundational elements of security solutions. These include elements essential to the design, implementation, and administration of security mechanisms. Additional elements of this domain are discussed in various chapters: Chapter 2, “Personal Security and Risk Management Concepts”; Chapter 3, “Business Continuity Planning”; and Chapter 4, “Laws, Regulations, and Compliance.” Please be sure to review all of these chapters to have a complete perspective on the topics of this domain.

      Understand and Apply Concepts of Confidentiality, Integrity, and Availability

      Security management concepts and principles are inherent elements in a security policy and solution deployment. They define the basic parameters needed for a secure environment. They also define the goals and objectives that both policy designers and system implementers must achieve to create a secure solution. It is important for real-world security professionals, as well as CISSP exam students, to understand these items thoroughly.

The primary goals and objectives of security are contained within the CIA Triad (see Figure 1.1), which is the name given to the three primary security principles:

      ■ Confidentiality

      ■ Integrity

      ■ Availability

Figure 1.1 The CIA Triad

      Security controls are typically evaluated on how well they address these core information security tenets. Overall, a complete security solution should adequately address each of these tenets. Vulnerabilities and risks are also evaluated based on the threat they pose against one or more of the CIA Triad principles. Thus, it is a good idea to be familiar with these principles and use them as guidelines for judging all things related to security.

      These three principles are considered the most important within the realm of security. However important each specific principle is to a specific organization depends on the organization’s security goals and requirements and on the extent to which the organization’s security might be threatened.

Confidentiality

      The first principle of the CIA Triad is confidentiality. If a security mechanism offers confidentiality, it offers a high level of assurance that data, objects, or resources are restricted from unauthorized subjects. If a threat exists against confidentiality, unauthorized disclosure could take place.

      In general, for confidentiality to be maintained on a network, data must be protected from unauthorized access, use, or disclosure while in storage, in process, and in transit. Unique and specific security controls are required for each of these states of data, resources, and objects to maintain confidentiality.

      Numerous attacks focus on the violation of confidentiality. These include capturing network traffic and stealing password files as well as social engineering, port scanning, shoulder surfing, eavesdropping, sniffing, and so on.

      Violations of confidentiality are not limited to directed intentional attacks. Many instances of unauthorized disclosure of sensitive or confidential information are the result of human error, oversight, or ineptitude. Events that lead to confidentiality breaches include failing to properly encrypt a transmission, failing to fully authenticate a remote system before transferring data, leaving open otherwise secured access points, accessing malicious code that opens a back door, misrouted faxes, documents left on printers, or even walking away from an access terminal while data is displayed on the monitor. Confidentiality violations can result from the actions of an end user or a system administrator. They can also occur because of an oversight in a security policy or a misconfigured security control.

      Numerous countermeasures can help ensure confidentiality against possible threats. These include encryption, network traffic padding, strict access control, rigorous authentication procedures, data classification, and extensive personnel training.

      Confidentiality and integrity depend on each other. Without object integrity, confidentiality cannot be maintained. Other concepts, conditions, and aspects of confidentiality include the following:

      Sensitivity Sensitivity refers to the quality of information, which could cause harm or damage if disclosed. Maintaining confidentiality of sensitive information helps to prevent harm or damage.

      Discretion Discretion is an act of decision where an operator can influence or control disclosure СКАЧАТЬ