Last Minute Reminder For CC ISC2 1665986335

Last Minute
Reminder
CC – Certified in
Cyber Security
Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

CISM®| CCSK | CASP+ | CySA+| CC℠ | Sec+
Network Security
Security IR/BC/DR Access Control Security Operations
Principles
Incident Access Control Computer Data Security
Security Concepts
Response Concepts Networking
Hardening
Risk Management
Business Physical Cyber Threats
Continuity Access
Controls Best Practice
Security Control
Network (Security
Disaster Security Policies)
Governance Recovery Logical Access Infrastructure
Controls
Security
Code of Ethics Awareness
Training

Security Principles
CIA
Security Cores
Confidentiality Integrity Availability

Accessible when needed
Unauthorised Access Unauthorised Alter (Authorised)

Authentication Passwords Paraphrases
Use one of Use
MFA
SFA
Pin Number
these combination
methods of these
methods (at
least two) Something
You know
Fingerprint Face
By
Key Card
Retina
Something Something
You have You are
Badge
Tokens
Method of Authentications
• Ensure that the person who does

Non-
something cannot deny what have
repudiation
done
• the right of personnel to control

Privacy
their information

Risk Management Risk
Identification
• Threat / Risk Posed to
Risk organisation
• People/Asset/Service
Identification
Risk
Assessment
• Estimate/prioritise
Risk • Likelihood x Impact
• Qualitative (H/M/L) Risk
Assessment • Quantitative ($) Treatment
•Risk Mitigation Risk

Risk •Reduce impact/Likelihood
•Risk Transfer
•Insurance
Priorities
treatment •Risk Acceptance
•Do nothing (Risk vs Opportunity)
•Risk Avoidance
Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®| •Change to other ways

Med High
Likelihood
Risk Priorities / Risk Tolerance
Low Med
Impact
• Priority based on Impact x

Risk Likelihood
Priorities
• Help in prioritising risk treatment
• Limit of level of risk, acceptable by
Risk senior management (associated
Tolerance with risk appetite)

Security Controls
Security Controls
Physical Controls Administrative Technical

Controls Controls
Fence Mantraps Policies Guideline Firewall WAF
Turnstile Bollards Procedures advisories DLP DRM

Governance Law /Regulations
Regulations/Laws
• HIPPA (Medical records)
• GDPR (PII)
Policies (Broad)
• AUP Policy
• Access Control Policy
Standard (may include technical controls)

• ISO Standard
• NIST
• PCI DSS
Procedures (Day-to-Day Operations)

• Special Tasks
Procedure
• routine activities

Code of Ethics
• The safety and welfare of society and the common
good, duty to our principals, and to each other
Preamble • Certified holders must adherence to this Code is a

condition of certification
• Protect society, the common good, necessary public

trust and confidence, and the infrastructure
Canons • Act honorably, honestly, justly, responsibly and legally

• Provide diligent and competent service to principals
• Advance and protect the profession

Chapter 2 : IR/BC/DR Goal of • To reduce impact of

IR incident
• To keep critical
operation running
Breach Incident
Goal of during the right of
BC personnel to control
their information
Intrusion Event Vulnerability disaster
•To get
Exploit Threat operation back
DR
to normal state
Zero-Day
during disaster
Incident Response Processes
Contain
Lesson
Prepare Detect Remediate
Learned
Recovery
Contain Find Root Improve

Objective Scope Verify Prioritise impact cause
Identify flaws
process
Approved by Recovery Gather Input for

Prevent
Plan senior Notify Triage systems evidence reoccurrence
Preparation
management phrase
Business Continuity
Response Communication
BCP Team
procedures (1st /2nd ) (Call tree)
External
BCP Announcement Communication
(Who/When) (emergency services,
customers, vendors)
BCP Plans
Strategy
BIA Develop Plan Testing Maintenance
Development
Critical functions RTO

Read Through Walk Through Annually
/Checklist / Table Top
Communication
Role/Responsibility
channel
RPO MTD
Alternate
Vendor
site Simulation Parallel During Testing
Reciprocal Manual Recovery plan Restoration plan

Threat/Vulnerabilities
Full
interruption Any Significant
Change
Disaster Recovery Plan
Technical-related
Develop plan Role/Responsibilities Checklist Maintenance
procedures
• Communicate with externals

Public (Authorised person)
relation • Contents will be decided by
management
• Will help prioritising step and

Checklist
procedures during crisis occurred
• Access Control list
Rules
• Allow/deny request
• Service/System
Objects requested by subject
• Passive
• Entity that request to
Subjects access
• Active
Access Control
Asset/ Objects
Defence in Depth
Multiple layers of Administrative
controls for
increasing security
Technical
Physical
Control Assessment –
to measure the
effectiveness of
control (as intended)

Privileged Access Management
Provisioning
Assign Roles
Create account for
accessing Least Privilege
Monitoring New Employee
Align with job roles Review Logging
and functions Auditing
required
(Administrative
Controls) Change/Promote
position
Segregation • Separate related tasks and

of Duties responsibilities
• Prevent Frauds and insider threat

End of employment
Two-person
• High security task/area
Access Control methods
• Entering
Badge systems Monitoring • Leaving
/ perimeters • Events
Environmental Biometric
Design Reader
Access Control methods
• Discretionary Access • Mandatory Access
Control Control
• Grant right Subject • Clearance required
• Ex. System Owner > • Specific permission
Write Administrators • Permission is up to Level 4
Owner
permission
Read Execute Level 4 Level 4
DAC MAC Clearance Objects
Subject
Subject
Analyst
permission
Analyst Object’s
RBAC ABAC
Role list
•Attribute-based Access
• Role-based Access Control
Subject Control •Require specific attributes
• Assign based on Role •Location, department, age
and job function Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|
•Zero Trust
232 IPV4
Domain 4 : Networking Network
Address
192.168.1 .1
TCP/IP OSI Network
Layers
DATA
Private IP Address
Data
L7:
Application
Data
DATA 10 172 192 Host Address
Encapsulation
Application
Picture ( JPEG L6: Picture ( 10.0.0.0 172.16.0.0 192.168.0.0
Layer
DATA
PNG) Presentation JPEG PNG)
10.255.255.254 172.31.255.254 192.168.255.254

Application
Layer
L5: Session NetBIOS
Transport
Layer
L4: Transport TCP/UDP
DATA
Internet
Layer
L3: Network Packets DATA 127.0.0.1 Loopback
Frames
Network
Interface
L2: Data Link Frames
DATA fc00:: to fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Layer
Network
Interface L1: Physical Bits Internal Address
Layer
DATA
2128 IPV6
21 • FTP 22 • SFTP
Port/Protocols 23 • Telnet 22 • SSH
Physical Ports
25 • SMTP 587 • SMTP
CAT5E Fiber optic CAT6 37 • Time 123 • NTP
1 (Mbit/s) 1 1 • DoT
53 • DNS 853
100 MHz 10 Gbps 250 MHz 80 • HTTP 443 • HTTPS
161 • SNMP • SNMP

161
Logical Ports
Well-known Registered Dynamic/Private 445 • SMB 2049 • NFS
389 • LDAP 636 • LDAPS

0 1024 49152
SYN
1023 49151 65535 SYN/ACK
ACK
3 ways Hand Shake
Wireless Network Threat
Man in The Fragment Oversized

Middle Attacks Packet Attacks
Spoofing
DOS/DDOS
Attacks
Cyber Threat
Spoofing Phishing DOS/DDOS Virus
Side-
Worm Trojan On-path
Channel
Insider
APT Ransomware
Threat
Preventing/Detecting Threats
Intrusion Detection System (IDS) Firewall
Host/Network Based Detect Host/Network Based Prevent
Intrusion Detection System (IPS) Anti Virus
Host/Network Based Detect/Prevent Host Based Prevent (Block/Quarantine)
Security Information and Event Management (SIEM) Security Information and Event Management (SIEM)
Correlate/Analyse/Alert Detect (Monitoring) Correlate/Analyse/Alert Detect (Monitoring)

Data Centre Components
Closets
HVAC
(Server/Network Power
(64-81 F, Humidity
Connection / Wiring
40-60%)
/ Network devices)
Redundancy
Fire Suppression
(UPS / Generator)

Broad Network Access
• Access from anywhere with internet connection
Cloud Computing Rapid Elasticity

• Scale up/down based on demands
Measured Service
• Pay as you go
On-Demand Self-Service
Broad
Rapid Measured
Network
Elasticity Service
On-Demand
Self-Service
• Manage without contacting vendors
Access
Resource Pooling
Infrastructure as Platform as a Software as a

a Service (IaaS) Service (PaaS) Service (SaaS)
Private
Private Public Hybrid
Hybrid Community
Private Cloud
Infrastructure as a Service (IaaS) •Solely own by one organisation using own resources
• CSC Manage the most of components Public Cloud

•Shared resources with other tenants
Platform as a Service (PaaS)
Hybrid Cloud
• CSP provide Underlying OS components
•Combination of one or more cloud deployments
Software as a Service (SaaS) Community Cloud
• CSP manage most of the components Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®| •Affinity Group on same objectives
Network Designing
DMZ
Network Segmentation Demilitarised Zone (DMZ) Virtual Local Area Virtual Private Network
Network (VLAN) (VPN)
Isolated from all Secure

Isolated internet- Isolated internal
outside communication in
facing zone network
communications transit
Data Classification
Data Life cycle • Data Owner
• Sensitivity
Create
Labelling
• Tagged Label based on
Classification level
• Should be done once data
Disposal Store created
Data Retention
• Record of data
• Retain as needed but not longer
Archive Use •(business requirement/Regulations/Laws)
Share Data Destruction

• Prevent data remanence
• Clear/Purge/Physical
destruction
Logging and Monitoring
Logs
USER Activities
SYSTEM Activities
Time must
Events
be synced
Authentication
Raw
Alerts Configuration Changes
Logs
Common Log Sources
Network
Firewall IDS/IPS
Devices
Threat
Anti Malware Proxy Intelligence
Feeds
Encryption Algorithm
• 1-way
• Integrity
Check
Plain
Hashing • Ensure
Plain Cipher that
Text Text Text
message is
not altered
Cipher
Text
• Authenticity
• Non-
repudiation
Digital • Sign with
Key Key Signature private key
of sender
Encryption Decryption
Symmetric / Asymmetric
Key formular Performance
(n(n-1))2 2(n) Fast Slow
Key Distribution Scalability

Out-of-band Diffie Hellman Not scalable scalable
Key Use
Website/TLS/Access
Same Key Private/Public Key pair Storage/IPsec/TLS
Control

Asymmetric Encryption
Plain Cipher Plain Plain

Text Tricky Text Text Text
Smiley
Cipher
Text
Tricky’s Tricky’s Smile’s

Pub Key Priv Key Pub Key
Encryption Decryption Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

System Hardening
Prevent unauthorised
Configuration Change
Management
Identification Baseline Change Control Verification/Audit
Baseline Verify/approve Validate baseline

Minimum level of
identification and changes adhered and change (work
protection
documents to Baseline as intended)

System Hardening
Prevent unauthorised
Configuration Change
Management
Identification Baseline Change Control Verification/Audit
Baseline Verify/approve Validate baseline

Minimum level of
identification and changes adhered and change (work
protection
documents to Baseline as intended)

Change Management Overview
• Must be
Apply baseline • Address
tested and
Inventory all based on vulnerabilities
Inventory Baseline classification Update accepted Patch
related asset • Work as
• Improve
level functionality
required
Common organisational policies

CM
Data Handling Password Acceptable
Policy Policy Use Policy Request Approve Request change
Verify impact/Test/
Change Approve
BYOD Privacy Policy management
Policy Rollback Roll back if it does not work as planned
or just in case of incident occurred
Security Awareness
Education Training Awareness
• Improve ability • Based on job • concern problem

and function or need
understanding • Skills needed • Based on
audience
To ensure understanding of individual expectation based on “Role and Responsibilities”


Last Minute Reminder For CC ISC2 1665986335

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Last Minute Reminder For CC ISC2 1665986335

Uploaded by

Copyright:

Available Formats

Last Minute

Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

Confidentiality Integrity Availability

Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

Use one of Use

• Ensure that the person who does

• the right of personnel to control

Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

•Risk Mitigation Risk

CISM®| CCSK | CASP+ | CySA+| CC℠ | Sec+

• Priority based on Impact x

Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

Physical Controls Administrative Technical

Fence Mantraps Policies Guideline Firewall WAF

Turnstile Bollards Procedures advisories DLP DRM

Standard (may include technical controls)

Procedures (Day-to-Day Operations)

Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

Preamble • Certified holders must adherence to this Code is a

• Protect society, the common good, necessary public

Canons • Act honorably, honestly, justly, responsibly and legally

Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

Chapter 2 : IR/BC/DR Goal of • To reduce impact of

Incident Response Processes

Contain Find Root Improve

Approved by Recovery Gather Input for

Critical functions RTO

Reciprocal Manual Recovery plan Restoration plan

• Communicate with externals

• Will help prioritising step and

Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

Segregation • Separate related tasks and

• Prevent Frauds and insider threat

DAC MAC Clearance Objects

10.255.255.254 172.31.255.254 192.168.255.254

Port/Protocols 23 • Telnet 22 • SSH

100 MHz 10 Gbps 250 MHz 80 • HTTP 443 • HTTPS

161 • SNMP • SNMP

Well-known Registered Dynamic/Private 445 • SMB 2049 • NFS

389 • LDAP 636 • LDAPS

1023 49151 65535 SYN/ACK

Man in The Fragment Oversized

Spoofing Phishing DOS/DDOS Virus

Host/Network Based Detect Host/Network Based Prevent

Intrusion Detection System (IPS) Anti Virus

Host/Network Based Detect/Prevent Host Based Prevent (Block/Quarantine)

Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

Cloud Computing Rapid Elasticity

Infrastructure as Platform as a Software as a

• CSC Manage the most of components Public Cloud

Isolated from all Secure

Share Data Destruction

Key Distribution Scalability

Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

Plain Cipher Plain Plain

Tricky’s Tricky’s Smile’s

Encryption Decryption Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

Identification Baseline Change Control Verification/Audit

Baseline Verify/approve Validate baseline

Created by Puchong Ngammoh CISSP-ISSMP®| CCSP | CRISC®|

Identification Baseline Change Control Verification/Audit