Sunday, January 08, 2006

[CISSP] Notes

Confidentiality deals with Disclosure

Integrity deals with Modification, Alteration

Availability deals with Destruction

Core Prinicples of Security

1. Principle of Least Privelege

2. Know thy system

3. Prevention is Ideal, Detection is must

4. Defense in depth.

Principle of Least Privelege ==> Seperation of Duty ==> Job Rotation

Trusted Computing Base

Security Kernel implements Reference Monitor rules. Security Kernel comprises of the hardware, software, and firmware. Reference Monitor check all access. Reference Monitor holds all.

TCSEC was developed by DoD

ITSEC was developed by Europe

Control Types

- Policies, standards, guidelines, personnel screening, and security awareness training are Directive Controls

- Firewall, encryptio, identification, and authentication are Preventive Controls

- Log review, auditing, and integrity checkers are Detective Controls

- Instruction Manuals and audit trails are Corrective Controls

Law and Ethics

HIPAA : Regulatory Law : Deals with Medical : aka Kennedy-Kassebaum Act

GLBA : Regulatory Law : Deals with Finance : aka Financial Modernization Act

FOIA : Freedom of Information Act makes federal information readily available to public.

DMCA : Digital Millennium Copyright Act brings US into complaince with Article 20 of Berne Convention

CFAA Computer Fraud and Abuse Act is the "root" law - criminalizes an attack on any computer connected to the internet.

U.S. National Information Infrstructure Protection Act of 1996 is an ammendment to U.S. Computer Fraud and Privacy Act of 1986 and addresses CIA.

Evidence Life Cycle comprises of the following:

1. Collection and identification.

2. Storage, preservation, and transporation

3. Presentation in the court

4. Return to victim or owner

Trade Secret is the most appropriate protection level granted to proprietary source code.

Copyright is used to protect expression of ideas.

Civil Law aka Tort Law requires preponderance of evidence.

The Foreign Corrupt Practices Act voilations are investigated by SEC

The Economic Espionage and Protection of Proprietary Economic Information Act of 1996 voilations are investigated by FBI

posted by Sagittarius @ 6:48 PM   0 comments

0 Comments:

Post a Comment

<< Home