CISSP Domain 1: Security and Risk Management - Cornerstone information Security Concepts

reginaldsands
Mind Map by reginaldsands, updated more than 1 year ago
reginaldsands
Created by reginaldsands about 4 years ago
56
4

Description

Certificate CISSP Mind Map on CISSP Domain 1: Security and Risk Management - Cornerstone information Security Concepts, created by reginaldsands on 02/26/2016.

Resource summary

CISSP Domain 1: Security and Risk Management - Cornerstone information Security Concepts
1 Cornerstone of information Security Concepts
1.1 CIA Triad
1.1.1 Confidentiality

Annotations:

  • - Its opposing force is Disclosure. - An example of a confidentiality attack would be the theft of Personally Identifiable Information - An example of Laws that govern confidentiality is Health Insurance Portability and Accountability Act (HIPAA) 
1.1.2 Integrity

Annotations:

  • - A system "back door" will violate system integrity.
1.1.2.1 Data Integrity

Annotations:

  • - it seeks to protect information from unauthorized modification
1.1.2.2 System Integrity

Annotations:

  • - It seeks to protect a system
1.1.3 Availibility

Annotations:

  • - A Denial of Service (DoS) Attack which seeks to deny the availibility of a system.
1.2 DAD opposing Triad
1.2.1 Disclosure

Annotations:

  • - unauthorized release of information
1.2.2 Alteration
1.2.3 Distruction
1.3 Tension Between the Concepts
1.3.1 Finding balance within CIA
1.4 AAA
1.4.1 Identity and Authentication
1.4.1.1 identity: username

Annotations:

  • - identity along is weak because it has no proof - You could claim to be someone that you are not. - Identities must be unique
1.4.1.2 Authentication: password

Annotations:

  • - authentication is the method of proving you are who you identified yourself to be. - this can be done by giving a thing that only you posses such as a password.
1.4.2 Authorization

Annotations:

  • - describes the actions you can perform on a system once . - action may include read, write and execution permissions.
1.4.2.1 Least Privilege

Annotations:

  • -the user should only be granted the minimum amount of access to do there job.
1.4.2.2 Need to know

Annotations:

  • - it is more granular than least privilege - the user must need to know that specific piece of information before accessing it.
1.4.3 Accountability

Annotations:

  • - holding a person responsible for thier actions. - this requires that auditing and logging of data.
1.4.3.1 Non-Repuditation

Annotations:

  • - this means that a user cant deny having performed a transaction. You must have both authentication and integrity to have non repudiation.
1.5 Subjects

Annotations:

  • - A subject is a active entity on a data system. such as people trying to access data files. -Active programs and scripts can be considered subjects.
1.6 Object

Annotations:

  • - is any passive data with a system. such as documents, database tables and text files.
1.7 Defense-in-Depth

Annotations:

  • - also called layered defense - a single security control can fail , but multiple controls improve the CIA of your data
1.8 Due Care and Due Diligence
1.8.1 Due Care

Annotations:

  • - is doing what a reasonable person would do. - It is also called the prudent man rule. - Expecting your staff to patch there systems is expecting them to exercise due care
1.8.1.1 Gross Negligence

Annotations:

  • - This is the opposite of due care -
1.8.2 Due Dilignece

Annotations:

  • - is the management of due care.
Show full summary Hide full summary

Similar

Mind Maps with GoConqr
croconnor
Mind Maps with GoConqr
Elysa Din
Mind Maps with GoConqr
Manikandan Achan
Creating Mind Maps with GoConqr
Andrea Leyden
Creating Mind Maps with GoConqr
Sarah Egan
GoConqr Getting Started Guide
Norman McBrien
Sounds
Isis Sookram
Final Exam 2015+
Alexandre Pinheiro
CISSP Domains
pikeje
Creating Mind Maps with GoConqr
laurie trost
THE WAYS IN WHICH ICT IS USED
antebellsayssup