CISSP – IAAA (Identification and Authentication, Authorization and Accountability)

  • Identification:
    • Your name, username, ID number, employee number, SSN etc.
    • “I am Thor”.
  • Authentication:
    • “Prove you are Thor”. – Should always be done with Multifactor Authentication!
    • Something you know – Type 1 Authentication (passwords, pass phrase, PIN etc.).
    • Something you have – Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.).
    • Something you are – Type 3 Authentication (and Biometrics) (Fingerprint, Iris Scan, Facial geometry etc.).
    • Somewhere you are – Type 4 Authentication (IP/MAC Address).
    • Something you do – Type 5 Authentication (Signature, Pattern unlock).
  • Authorization
    • What are you allowed to access – We use Access Control models, what and how we implement depends on the organization and what our security goals are.
    • More on this in Domain 5 – Identity and Access Management (DAC, MAC, RBAC, RUBAC)
  • Accountability (also often referred to as Auditing)
    • Trace an Action to a Subjects Identity:
    • Prove who/what a given action was performed by (non-repudiation).

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP – the CIA Triad and its opposites.

Confidentiality, Integrity and Availability

  • Finding the right mix of Confidentiality, Integrity and Availability is a balancing act.
  • This is really the corner stone of IT Security – finding the RIGHT mix for your organization.
    • Too much Confidentiality and the Availability can suffer.
    • Too much Integrity and the Availability can suffer.
    • Too much Availability and both the Confidentiality and Integrity can suffer.
  • The opposites of the CIA Triad is DAD (Disclosure, Alteration and Destruction).
    • Disclosure – Someone not authorized gets access to your information.
    • Alteration – Your data has been changed.
    • Destruction – Your Data or Systems has been Destroyed or rendered inaccessible.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP – the CIA Triad – Availability!

We want to keep our System and Data available.

  • We use:
    • IPS/IDS.
    • Patch Management.
    • Redundancy on Hardware Power (Multiple Power Supplies/UPS’/Generators), Disks (RAID), Traffic paths (Network Design), HVAC, Staff, HA (high availability) and much more.
    • SLA’s – How high uptime to we want (99,9%?) – (ROI)
  • Threats:
    • Malicious attacks (DDOS, Physical, System compromise, Staff).
    • Application failures (errors in the code).
    • Component failure (Hardware).

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP – the CIA Triad – Integrity!

  • We want system and Data integrity
    • We use:
      • Cryptography (again).
      • Check sums (This could be CRC).
      • Message Digests also known as a hash (This could be MD5, SHA1 or SHA2).
      • Digital Signatures – non-repudiation.
      • Access control.
    • Threats:
      • Alterations of our data.
      • Code injections.
      • Attacks on your encryption (cryptanalysis).

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP – the CIA Triad – Confidentiality!

We want to keep our information confidential. 

  • We use:
    • Encryption for data at rest (for instance AES256), full disk encryption.
    • Secure transport protocols for data in motion. (SSL, TLS or IPSEC).
    • Good best practices for data in use – clean desk, no shoulder surfing, screen view angle protector, PC locking (automatic and when leaving).
    • Strong passwords, multi factor authentication, masking, Access Control, Need-to-Know, Least Privilege.
  • Threats:
    • Attacks on your encryption (cryptanalysis).
    • Social engineering.
    • Key loggers (software/hardware), cameras, Steganography.
    • IOT (Internet Of Things) – The growing number of connected devices we have pose a new threat, they can be a backdoor to other systems.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP – the CIA Triad!

  • The CIA Triad (AIC)
    • Confidentiality
      • This is what most people think IT Security is.
      • We keep our data secure and our secrets secret.
      • We ensure no one unauthorized can access the data.
    • Integrity
      • How do we protect against modifications of the data and the systems.
      • We ensure the data has not been altered.
    • Availability
        • How do we ensure the data is available when users need to access it.
        • We ensure authorized people can access the data they need, when they need to.

       

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP – Upcoming in-person classes at Honolulu Community College.

Upcoming in-person classes at Honolulu Community College 8/22-9/21:

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Second sneak peak lecture from my upcoming course, this one on Multitasking and why you shouldn’t.

I hope you enjoy, all my lectures are pretty short.
The point of my  productivity course is to do things as efficiently as possible and cut out the time wasters.
To stay true to that my lectures are just what you need to know and no fluff.

 

 

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Multitasking … yeah no!

STOP Multitasking – it does not make you more productive, it just makes half ass 2 things at a time. Focus on one task at a time.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Reward yourself!

Celebrate hitting a milestone or complete a goal.
You have worked hard to get where you are, you deserve a reward, make milestones special and worth working towards!

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading