CISSP – Liability, due diligence and negligence.
Liability: If the question is who is ULTIMATELY liable, the answer is Senior Leadership. This does not mean you are not liable; you may be, that depends on Due Care.…
Liability: If the question is who is ULTIMATELY liable, the answer is Senior Leadership. This does not mean you are not liable; you may be, that depends on Due Care.…
Least Privilege and Need to know. Least Privilege – (Minimum Necessary Access) Give users/systems exactly the access they need, no more, no less. Need to know – Even if you…
Identification: Your name, username, ID number, employee number, SSN etc. “I am Thor”. Authentication: “Prove you are Thor”. – Should always be done with Multifactor Authentication! Something you know -…
Confidentiality, Integrity and Availability Finding the right mix of Confidentiality, Integrity and Availability is a balancing act. This is really the corner stone of IT Security – finding the RIGHT…
We want to keep our System and Data available. We use: IPS/IDS. Patch Management. Redundancy on Hardware Power (Multiple Power Supplies/UPS’/Generators), Disks (RAID), Traffic paths (Network Design), HVAC, Staff, HA…
We want system and Data integrity We use: Cryptography (again). Check sums (This could be CRC). Message Digests also known as a hash (This could be MD5, SHA1 or SHA2).…
We want to keep our information confidential. We use: Encryption for data at rest (for instance AES256), full disk encryption. Secure transport protocols for data in motion. (SSL, TLS or…
The CIA Triad (AIC) Confidentiality This is what most people think IT Security is. We keep our data secure and our secrets secret. We ensure no one unauthorized can access…
Upcoming in-person classes at Honolulu Community College 8/22-9/21: CISSP Domains 1-3 (A): Security and Risk Management CISSP Domains 1-3 (B): Asset Security and Security Engineering CISSP Domains 1-3 (C): CISSP…