I INF 453 Study Guide - Spring 2018, Comprehensive Midterm Notes - Malware, Virtual Private Network, Phishing
I INF 453
MIDTERM EXAM
STUDY GUIDE
Fall 2018
Information Security and Assurance
Spring 2018
Certifications
ā¢ISC2
o CISSP: Certified Information Systems Security Professional
o SSCP: Systems Security Certified Practitioner
o Other
ā¢Coī
µptia-Security +
ā¢ISACS āCISM: Certified Information Security Manager
ā¢EC-Council -CEH: Certified Ethical Hacker
ā¢SANS Iī
¶stitute -GSEC: SANS GIAC Security Essentials
ISC2āCBK (Common Body of Knowledge)
Coī
µī
µoī
¶ fraī
µework of Iī
¶forī
µatioī
¶ Securityā¦
ā¢Terms
ā¢Principles
ā¢Common understandings
ā¢Taxonomy
ā¢Lexicon
Security Domains
ā¢Access Control
o ID
o Authentication
o Authorization
o Accounting
ā¢Telecoī
µī
µuī
¶icatioī
¶s aī
¶d Netīork Security
o Confidentiality
o Integrity
o Availability
ā¢Information Security Governance and Risk Management
o Security governance and policy
o Information classification/ownership
o Contractual agreements and procurement processes
o Risk management concepts [risk analysis]
o Personnel security
o Security education, training, and awareness
o Certification and accreditation
ā¢Softīare Deīelopī
µeī
¶t Security
o System feasibility
find more resources at oneclass.com
find more resources at oneclass.com
o Software plans and requirements
o Product design
o Detailed design
o Coding
o Integration product
o Implementation
o Operations and maintenance
ā¢Cryptography
o Symmetric
o Asymmetric
ā¢Security Architecture aī
¶d Desigī
¶
o Allowable and disallowable services and protocols
o Vulnerability scanning
o Patch management
o Firmware or software upgrades
ā¢Operatioī
¶s Security
o Preventive controls
o Detective controls
o Separation of duties
o Back-ups
o Change control: tracking and approval of changes or reconfiguration
ā¢Busiī
¶ess Coī
¶tiī
¶uity/Disaster Recovery
o DR -IT/Operations/facilities
o BC āAll other functions: AR/AP, HR, Sales, Production, PR, etc.
ā¢Legal, Regulatioī
¶s, Iī
¶īestigatioī
¶s aī
¶d Coī
µpliaī
¶ce
o Federal
o State
o Industry
ā¢Physical Security
o Availability
o Authentication
o Access controls
o Safety
o Compliance
find more resources at oneclass.com
find more resources at oneclass.com
Document Summary
Certifications: cissp: certified information systems security professional, sscp: systems security certified practitioner, other, co(cid:373)ptia-security , isacs cism: certified information security manager, ec-council -ceh: certified ethical hacker, sans i(cid:374)stitute -gsec: sans giac security essentials. Id: authentication, authorization, accounting, teleco(cid:373)(cid:373)u(cid:374)icatio(cid:374)s a(cid:374)d net(cid:449)ork security, confidentiality. Integrity: availability, information security governance and risk management, security governance and policy. Information classification/ownership: contractual agreements and procurement processes, risk management concepts [risk analysis, personnel security, security education, training, and awareness, certification and accreditation, soft(cid:449)are de(cid:448)elop(cid:373)e(cid:374)t security, system feasibility, software plans and requirements, product design, detailed design, coding. Industry: physical security, availability, authentication, access controls, safety, compliance. Passwords: cha(cid:374)ge ofte(cid:374, do(cid:374)"t (cid:396)euse, hould (cid:374)ot (cid:271)e displayed, hould (cid:374)ot (cid:271)e sha(cid:396)ed (cid:449)ith othe(cid:396)s. Multi-factor authentication: hould (cid:271)e so(cid:373)ethi(cid:374)g you k(cid:374)o(cid:449) + so(cid:373)ethi(cid:374)g you ha(cid:448)e/a(cid:396)e. 1. amazon tech support gave access to partial cc number. 2. same partial cc number used by apple icouldfor verification. 4. attempt to restore iphone on laptop g(cid:373)ail asked fo(cid:396) pin ne(cid:448)e(cid:396) setup a pin.