P. 1
CISSP Cheat Sheet

CISSP Cheat Sheet

|Views: 1,484|Likes:
Published by Kaski

More info:

Published by: Kaski on Sep 20, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as XLS, PDF, TXT or read online from Scribd
See more
See less





• Division D – Minimal Protection • Division C – Discretionary Protection

− C1 – Discretionary Security Protection • Identification and authentication Separation of users and data • Discretionary protection of resources − C2 – Controlled Access Protection More finely grained DAC Individual accountability through login procedures • Object reuse • Protect audit trail Resource isolation Required System Documentation and user manuals.

• Division B – Mandatory Protection
− B1 – Labeled Protection • Labels and mandatory access control • Process isolation in system architecture • Design specifications and verification • Device labels Informal statement of the security policy model Data sensitivity labels Mandatory Access Control (MAC) over select subjects and objects Label exportation capabilities All discovered flaws must be removed or otherwise mitigated Design specifications and verification − B2 – Structured Protection -Config Mgt* • Device labels and subject sensitivity labels • Trusted path • Separation of operator and administrator functions* • Covert channel analysis Security policy model clearly defined and formally documented DAC and MAC enforcement extended to all subjects and objects Covert storage channels are analyzed for occurrence and bandwidth Carefully structured into protection-critical and non-protection-critical elements Design and implementation enable more comprehensive testing and review Authentication mechanisms are strengthened Trusted facility management is provided with administrator and operator segregation Strict configuration management controls are imposed − B3 – Security Domains • Security administrator role defined* • Trusted recovery* • Monitor events and notify security personnel Satisfies reference monitor requirements Structured to exclude code not essential to security policy enforcement Significant system engineering directed toward minimizing complexity Security administrator role defined Audit security-relevant events Automated imminent intrusion detection, notification, and response Trusted system recovery procedures Covert timing channels are analyzed for occurrence and bandwidth An example of such a system is the XTS-300, a precursor to the XTS-400

• Division A – Verified Protection (very few)
− A1 – Verified Design • Formal methods of design and testing Functionally identical to B3 Formal design and verification techniques including a formal top-level specification Formal management and distribution procedures

tested. the commonwealth. responsibly.Bell-LaPadula (MAC) Biba (Integrity) NO WRITE DOWN NO WRITE UP NO READ UP NO READ DOWN USER<=File to write USER =>File to Write Clark-Wilson Integrity Separation of Duties App Authentication 1. Least Privelege 2.list of evaluated products Threat Agents Can Exploit A Vulnerability Resulting in A Risk Virus Lack of antivirus software Virus Infection Hacker services running on a server Unauthorized access to information Fire Lack of fire extinguishers System malfunction CANONS Protect society. justly. Separation of Duty 3. and assurance level expectations Target of Evaluation (TOE) – Product proposed to provide the needed security solution Security Target – Written by vendor explaining mechanisms that meet security and assurance requirements Evaluated Products List EPL. Rotation of duties Concept Exposure Factor Singel Loss Expectancy Annualized Rate of Occurance (ARO) Annualized Loss of Expectancy (ALE) Column Atribute Degree ↑ CAD / CRT ↓ Cardinality Rows Tuple Confidentiality Integrity Availability ↑ CIA / DAD ↓ Disclosure Alteration Destruction Formula % of Loss caused by threat Asset Value x Exposure Factor (EF) Frequency of threat occurance per year Single Loss Expectancy (SLE) x Away Pizza Sausage Take Not Do Please A Priest Saw Ten Nuns Doing Pushups OSI Application Presentation Session Transport Network Datalink Physical EAL 1 Functionally tested EAL 2 Structurally tested EAL 3 Methodically tested and checked EAL 4 Methodically designed. honestly. and reviewed EAL 5 Semiformally designed and tested EAL 6 Semiformally verified design and tested EAL 7 Formally verified design and tested EAL measures how the needs are met Protection Profiles – describe objectives. and the infrastructure Act honorably. and legally Provide diligent and competent service to principals . functional. and the environmental.

Advance and protect the profession .

TCP/IP Application Transport Internet Network Interface .

:.88:7...3/.70 '7:8310...90890/ 094/.943 807..41.943 %7..90890/.3/0.- 43089 :89 7085438- .3/9003.70941..9438 %./0/039.3/57490.3549':307.07 &3.70209 !7490.:7984:943 $0.:.3/.9:70 .:.9.709 79903-.990574108843 .094573.087:33343.0.7:88419..984.3/.! 55.0710//083.0. 1:3./0830/.-9#08:933#8 '7:8 .00/ $021472.3/90890/ 472.:79%.41170093:8078 $89022.0/ 094/.0710//083..08 ./090300/0/80.3/90317.09 90.1:3.3. ..8 /.38289..90/!74/:.3/..90398.943  $ !7490.943 %   !74/:.3.:9470/.:79.39.7432039.5.90/574/:.03/4705.3.0889431472.943 .3/90890/ 20..8:708490300/8. !74.3320.7-04-0.0706:7020398 .00.897:.943!74108 /08.3/90890/ $021472.3/70.90890/ $97:./0830/ 90890/ .943.385479 3907309 094739071.95745480/94574.0050.422430...07 70 .9..42509039807.9889! 89410.9200980.0 :3.9:7..807.94347.98 %70.943.9 ..88:7.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->