11th hour cissp 4th edition pdf free download

Most computer systems rely on least privilege and require the users to police themselves by following the set policy and therefore only attempting to obtain access to information of which they have a need to know. Need to know is more granular than least privilege: unlike least privilege, which typically groups objects together, need to know access decisions are based on each individual object.

This section discusses concepts that are an important component of a strong overall information security posture. In addition to primary storage, backup storage must also be considered. Wherever data exists, there must be processes in place to ensure that the data is not destroyed or inaccessible breach of availability , disclosed breach of confidentiality , or altered breach of integrity.

They must understand their role in the organization's information security posture. Sensitive media should have strict policies regarding its handling. Policies should require the inclusion of written logs detailing the person responsible for the media. Historically, backup media has posed a significant problem for organizations. Retention of sensitive information should not persist beyond this period or legal requirement whichever is greater , as it needlessly exposes the data to threats of disclosure when the data is no longer needed by the organization.

Keep in mind there may be regulatory or other legal reasons that may compel the organization to maintain such data far beyond its time of utility. Each role has a different set of responsibilities in securing an organization's assets.

These owners are responsible for ensuring that all organizational assets are protected. Data owners determine data sensitivity labels and the frequency of data backup. They focus on the data itself, whether in electronic or paper format.

A company with multiple lines of business may have multiple data owners. The data owner performs management duties, while custodians, which will be discussed shortly perform the hands-on protection of data. This includes the hardware and software configuration, including updates, patching, etc. The system owners ensure that the hardware is physically secure, operating systems are patched and up to date, the system is hardened, etc.

Technical hands-on responsibilities are delegated to custodians, discussed in the next section. They perform data backups and restoration, patch systems, configure antivirus software, etc. The custodians follow detailed orders and do not make critical decisions on how data is protected. For example, users must not write their passwords down or share accounts.

Users must be made aware of these risks and requirements. They must also be made aware of the penalty for failing to comply with mandatory directives and policies. Human resources employees are often data controllers, as they create and manage sensitive data, such as salary and benefit data, reports from employee sanctions, etc.

Data processors manage data on behalf of data controllers. An outsourced payroll company is an example of a data processor. Data processors manage payroll data, which is used to determine the amount to pay individual employees, on behalf of a data controller, such as an HR department.

Data remanence is data that persists beyond noninvasive means to delete it. Though data remanence is sometimes used specifically to refer to residual data that persists on magnetic storage, remanence concerns go beyond just that of magnetic storage media. Memory may be chip based, disk based, or tape based. Sequential memory, such as tape, must sequentially read memory, beginning at offset zero, to the desired portion of memory. Volatile memory, such as RAM, loses integrity after a power loss; nonvolatile memory such as read-only memory ROM , disk, or tape maintains integrity without power.

Real or primary memory, such as RAM, is directly accessible by the CPU and is used to hold instructions and data for currently executing processes. Secondary memory, such as disk-based memory, is not directly accessible. The data most frequently used by the CPU is stored in cache memory. The fastest portion of the CPU cache is the register file, which contains multiple registers. Registers are small storage locations used by the CPU to store instructions and data.

The next fastest form of cache memory is Level 1 cache, located on the CPU itself. Finally, Level 2 cache is connected to but outside of the CPU. Static randomaccess memory SRAM is used for cache memory. It loses integrity after loss of power. The capacitors used by DRAM leak charge, and so they must be continually refreshed to maintain integrity, typically every few to a few hundred milliseconds, depending on the type of DRAM.

Refreshing reads and writes the bits back to memory. SRAM does not require refreshing and maintains integrity as long as power is supplied. PROM can be written to once, typically at the factory. A programmable logic device PLD is a field-programmable device, which means it is programmed after it leaves the factory. Degaussing destroying data via a strong magnetic field, which we will discuss shortly has no effect on SSDs.

While physical disks have physical blocks eg, Block 1 is on a specific physical location on a magnetic disk , blocks on SSDs are logical and are mapped to physical blocks. Also, SSDs do not overwrite blocks that contain data; the device will instead write data to an unused block and mark the previous block unallocated.

The TRIM function improves compatibility, endurance, and performance by allowing the drive to do garbage collection in the background. This collection eliminates blocks of data, such as deleted files.

A sector-by-sector overwrite behaves very differently on an SSD versus a magnetic drive, and it does not reliably destroy all data. Destruction is the best method for SSD drives that are physically damaged. Objects may be physical, such as paper files in manila folders, or electronic, such as data on a hard drive.

Object reuse attacks range from nontechnical attacks, such as dumpster diving searching for information by rummaging through unsecured trash , to technical attacks, such as recovering information from unallocated blocks on a disk drive. In both cases, data itself usually remains and can be recovered through the use of forensic tools. Common methods include writing all zeroes or writing random characters.

Destructive measures include incineration, pulverizing, and shredding, as well as bathing metal components in acid. Destroying objects is more secure than overwriting them. It may not be possible to overwrite damaged media, though data may still be recoverable. Highly sensitive data should be degaussed or destroyed, perhaps in addition to overwriting. Though this term is sometimes used in relation to overwriting of data, here shredding refers to the process of making unrecoverable any data printed on hard copy or on smaller objects, such as floppy or optical disks.

Standards, scoping, and tailoring are used to choose and customize which controls are employed. Also, the determination of controls will be dictated by whether the data is at rest or in motion. Certification considers the system, the security measures taken to protect the system, and the residual risk represented by the system. Accreditation is the data owner's acceptance of the certification and of the residual risk, which is required before the system is put into production.

PCI-DSS seeks to protect credit cards by requiring vendors who use them to take specific security precautions. Phase 1 identifies staff knowledge, assets, and threats. Phase 2 identifies vulnerabilities and evaluates safeguards. Phase 3 conducts the risk analysis and develops the risk mitigation strategy. It presents a hierarchy of requirements for a range of classifications and systems.

ISO had 11 areas, focusing on specific information security controls: 1. Policy 2. Organization of information security 3. Asset management 4. Human resources security 5. Physical and environmental security 6. Communications and operations management 7. Access control 8. Information systems acquisition, development, and maintenance 9. Information security incident management Business continuity management There are 34 IT processes across the 4 domains.

Version 5 was released in Apr. Service Design details the infrastructure and architecture required to deliver IT services. Service Transition describes taking new projects and making them operational. Service Operation covers IT operations controls. For example, an organization that does not employ wireless equipment may declare the wireless provisions of a standard are out of scope and therefore do not apply.

Tailoring is the process of customizing a standard for an organization. It begins with controls selection, continues with scoping, and finishes with the application of compensating controls.

Data in motion is data that is being transferred across a network. Each form of data requires different controls for protection, which we will discuss next. These controls are recommended for all mobile devices and media containing sensitive information that may physically leave a site or security zone. Whole-disk encryption of mobile device hard drives is recommended. Partially encrypted solutions, such as encrypted file folders or partitions, often risk exposing sensitive data stored in temporary files, unallocated space, swap space, etc.

Sites using backup media should follow strict procedures for rotating media offsite. Always use a bonded and insured company for offsite media storage. The company should employ secure vehicles and store media at a secure site. Ensure that the storage site is unlikely to be impacted by the same disaster that may strike the primary site, such as a flood, earthquake, or fire.

This includes data sent over untrusted networks such as the Internet, but VPNs may also be used as an additional defense-in-depth measure on internal networks like a private corporate WAN or private circuits like T1s leased from a service provider.

We discussed the roles required to protect data, including business or mission owners, data owners, system owners, custodians, and users. An understanding of the remanence properties of volatile and nonvolatile memory and storage media are critical security concepts to master.

A company outsources payroll services to a third-party company. Which of the following roles most likely applies to the third-party payroll company?

Data controller B. Data owner D. Data processor 2. Which managerial role is responsible for the actual computers that house data, including the security of hardware and software configurations? Custodian B. Data owner C. Mission owner D. System owner 3. What method destroys the integrity of magnetic media, such as tapes or disk drives, and the data they contain by exposing them to a strong magnetic field? Bit-level overwrite B. Degaussing C. Destruction D. Shredding 4.

DRAM B. SRAM D. SSD 5. What type of memory stores bits in small capacitors like small batteries? A third-party payroll company is an example of a data processor. A data owner is a management employee responsible for assuring that specific data is protected. A system owner is responsible for the actual computers that house data, including the security of hardware and software configurations. A custodian is a nonmanager who provides hands-on protection of assets.

A data owner is a manager responsible for assuring that specific data is protected. Correct answer and explanation: B. Degaussing destroys the integrity of magnetic media, such as tapes or disk drives, and the data they contain by exposing them to a strong magnetic field. Incorrect answers and explanations: Answers A, C, and D are incorrect. A bitlevel overwrite removes data by overwriting every sector of a disk.

Destruction physically destroys data; for example, via incineration. DRAM is relatively inexpensive memory that uses capacitors. EPROM may be erased with ultraviolet light. DRAM stores bits in small capacitors like small batteries. Executive Order —National security information. OECD privacy principles. SSD garbage collection briefly explained. What is TRIM? Next comes cryptography, including core concepts of symmetric encryption, asymmetric encryption, and hash functions. Finally, we will discuss physical security, where we will learn that safety of personnel is paramount.

This is the rule that forbids a secretcleared subject from reading a top-secret object. While Bell-LaPadula, which is discussed shortly, is focused on protecting confidentiality, other models like Biba are focused on integrity. Reading down occurs when a subject reads an object at a lower sensitivity level, such as a top-secret subject reading a secret object.

There are instances when a subject has information and passes that information up to an object, which has higher sensitivity than the subject has permission to access. This is called writing up. It is focused on maintaining the confidentiality of objects. Protecting confidentiality means users at a lower security level are denied access to objects at a higher security level.

Subjects with a Secret clearance cannot access Top Secret objects, for example. For example: subjects who are logged into a Top Secret system cannot send emails to a Secret system.

For every relationship between a subject and an object, there are defined upper and lower access limits implemented by the system. Subjects have a least upper bound LUB and greatest lower bound GLB of access to the objects based on their lattice position. What if the Secret subject writes erroneous information to a Top Secret object? Integrity models such as Biba address this issue. Biba is the model of choice when integrity protection is vital.

This prevents subjects from accessing information at a lower integrity level. This protects integrity by preventing bad information from moving up from lower integrity levels. This prevents subjects from passing information up to a higher integrity level than they have clearance to change. This protects integrity by preventing bad information from moving up to higher integrity levels.

Biba is often used where integrity is more important than confidentiality. Examples include time and location-based information. Biba takes the Bell-LaPadula rules and reverses them, showing how confidentiality and integrity are often at odds. Because the programs have specific limitations to what they can and cannot do to objects, Clark-Wilson effectively limits the capabilities of the subject.

The concept of well-formed transactions provides integrity. The process is comprised of what is known as the access control triple: user, transformation procedure, and constrained data item.

A matrix is a data structure that acts as a lookup table for the operating system. The columns of the table show the access control list ACL for each object or application.

The complexity of an issue, such as reading a sector from a disk drive, is contained to one layer; in this case, the hardware layer. One layer, such as the application layer, is not directly affected by a change to another. Hardware 2. Kernel and device drivers 3. Operating system OS 4. That said, computers are tremendously complex machines, and abstraction provides a way to manage that complexity.

More broadly defined, domains are groups of subjects and objects with similar security requirements. The innermost ring is the most trusted, and each successive outer ring is less trusted. Processes communicate between the rings via system calls, which allow processes to communicate with the kernel and provide a window between the rings.

An open system is not the same as open source. An open system uses standard hardware and software, while open-source software makes source code publicly available. The hardware must provide confidentiality, integrity, and availability for processes, data, and users.

The motherboard contains hardware including the CPU, memory slots, firmware, and peripheral slots, such as peripheral component interconnect slots. The keyboard unit is the external keyboard. Ultimately, everything a computer does is mathematical: adding numbers, which can be extended to subtraction, multiplication, division, etc. CPUs are rated by the number of clock cycles per second.

Fetch Instruction 1 2. Decode Instruction 1 3. Execute Instruction 1 4. Write save Result 1 These four steps take one clock cycle to complete. Each part is called a pipeline stage; the pipeline depth is the number of simultaneous stages that may be completed at once. A four-stage pipeline can combine the stages of four other instructions: 1. Fetch Instruction 2, Decode Instruction 1 3.

This increases the throughput. A CPU interrupt is a form of hardware interrupt that causes the CPU to stop processing its current task, save the state, and begin processing a new request. When the new task is complete, the CPU will complete the prior task. A heavyweight process HWP is also called a task. A parent process may spawn additional child processes called threads.

A thread is a lightweight process LWP. Threads are able to share memory, resulting in lower overhead compared to heavy weight processes. Multitasking allows multiple tasks heavyweight processes to run simultaneously on one CPU. Multiprocessing has a fundamental difference from multitasking: it runs multiple processes on multiple CPUs. All domains are to be covered as concisely and complete as possible, giving the users the best possible chance so that they could ace the examination. The book is composed of 10 domains of the Common Body of Knowledge and each section, it defines each domain.

The first domain is going to provide you with information about risk analysis and mitigation, and it also discusses security governance. The second domain discusses techniques of access control, which is considered to be the basis for all security disciplines.

The only guide you need for last-minute studyingAnswers the toughest questions and highlights core topicsCan be paired with any other study guide so you are completely prepared. Main objectives of the exam are covered with key concepts highlighted. Fast Facts quickly review fundamentalsExam Warnings highlight particularly tough sections of the examCrunch Time sidebars point out key concepts to rememberDid You Know?

Scooped by nnbensj onto nnbensj. File Name: 11th hour cissp 3rd edition pdf download. My videos and podcasts. Rainbow loom instruction book free. Pride and prejudice book trailer. The blue fairy book barnes and noble. And the truth will set you free book. This comprehensive study guide covers every aspect of the exam and the latest revision of the CISSP body of knowledge. It offers advice on how to pass each section of the exam and features expanded coverage of biometrics, auditing and accountability, software security testing, and other key topics.

Included is a CD with two full-length, question sample exams to test your progress. CISSP certification identifies the ultimate IT security professional; this complete study guide is fully updated to cover all the objectives of the CISSP exam Provides in-depth knowledge of access control, application development security, business continuity and disaster recovery planning, cryptography, Information Security governance and risk management, operations security, physical environmental security, security architecture and design, and telecommunications and network security Also covers legal and regulatory investigation and compliance Includes two practice exams and challenging review questions on the CD Professionals seeking the CISSP certification will boost their chances of success with CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition.

The book's 14 chapters provide in-depth discussions of the following topics: systems security; operating system hardening; application security; virtualization technologies; network security; wireless networks; network access; network authentication; risk assessment and risk mitigation; general cryptographic concepts; public key infrastructure; redundancy planning; environmental controls and implementing disaster recovery and incident response procedures; and legislation and organizational policies.

Each chapter includes information on exam objectives, exam warnings, and the top five toughest questions along with their answers. The only book keyed to the new SY objectives that has been crafted for last minute cramming Easy to find, essential material with no fluff — this book does not talk about security in general, just how it applies to the test Includes review of five toughest questions by topic - sure to improve your score.

You'll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions. Along with the book, you also get access to Sybex's superior online interactive learning environment that includes: Over new and improved practice test questions with complete answer explanations.

This includes all of the questions from the book plus four additional online-only practice exams, each with unique questions.

You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam. More than Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam New for the 9th edition: Audio Review.

Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare. Using 25 CISSP practice questions with detailed explanations, this book will attempt to answer how to think like a member of a senior management team who has the goal of balancing risk, cost, and most of all, human life.

The questions will take you through how to resist thinking from a technical perspective to one that is more holistic of the entire organization.

Like all of Study Notes and Theory's CISSP practice questions, these questions correlate multiple high-level security concepts and require thinking like a manager.