information security

CISSP Apply Security Principles to Site and Facility Design – Bk1D3T10

The general security principles outlined earlier for information security also have application to site and facility design. The CIA triad applies here and guides our application of security principles to this challenge: Confidentiality and Integrity: The primary physical threat to confidentiality and integrity is unauthorized access (e.g. intruders and theft). Availability: In addition to the threat to availability from unauthorized access, availability can also be compromised intentionally or accidentally by a range of events: Environmental …

CISSP Apply Security Principles to Site and Facility Design – Bk1D3T10 Read More »

CISSP Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements – Bk1D3T5

Assessing information security vulnerabilities can be done by inspection or testing. Inspection can be manual, reviewing the design and implementation looking for vulnerabilities, or automated, in which software analyzes the configuration or code. Testing can be white-box, in which the tester knows the details of the system’s design and implementation; black-box, in which the tester knows nothing about the internals of the system; or gray-box, in which the tester has some knowledge. Related Product : …

CISSP Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements – Bk1D3T5 Read More »

CISSP Defense in Depth – Bk1D3T1St3

Defense in depth was first used to describe Roman Empire military tactics in the third and fourth centuries, when the Empire no longer tried to stop all invaders at the border, but instead deployed defenses to defeat attackers on Roman soil. In the context of information security, the U.S. National Security Agency first used the phrase to describe the use of multiple types, locations, and layers of defense combined with the ability to detect and …

CISSP Defense in Depth – Bk1D3T1St3 Read More »

CISSP Understand and Apply Concepts of Confidentiality, Integrity, and Availability -Bk1D1T1

For thousands of years, people have sought assurance that information has been captured, stored, communicated, and used securely. Depending on the context, differing levels of emphasis have been placed on the availability, integrity, and confidentiality of information, but achieving these basic objectives has always been at the heart of security practice. As we moved from the time of mud tablets and papyrus scrolls into the digital era, we watched the evolution of technology to support …

CISSP Understand and Apply Concepts of Confidentiality, Integrity, and Availability -Bk1D1T1 Read More »

ISO-27001-Annex : A.9.1.2-Access-to-Networks-and-Network-Services

ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services

Leave a Comment / ISO 27001 La, Knowledge Base / By

Control- ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services Only network and network facilities which have expressly been approved for use will be made available to users. Implementation Guidance- A policy on the use of networks and network policy should be developed. Following points should be covered in this policy: networks and network infrastructure to which access is permitted; Authorization procedures for determining who is permitted to access which networks and Networking services; …

ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services Read More »

Annex A.8.2.2 Labeling of Information

ISO 27001 Annex : A.8.2 Information Classification

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.8.2 Information Classification Its objective is To ensure that the information is properly secured, in accordance with its significance to the organization. A.8.2.1 Classification of Information Control- Information should be classification the basis of their legal provisions, criticality, and vulnerability to unwanted release or alteration Implementation Guidance- Classifications and associated information security measures will also include regulatory standards, which take into account market demands for information sharing or restriction. Assets other …

ISO 27001 Annex : A.8.2 Information Classification Read More »

overview-of-cyber-security-frameworks

Overview of Cyber security Frameworks

Leave a Comment / CyberSecurity / By

Cyber security Framework provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks. Overview Overview of Cyber security Frameworks has been in limelight for over few years due to the continual cyber attacks that are happening. Well allow us to understand what Cyber-Security is normally and perceive what’s the most use of its implementation. Cyber security is nothing however a typical method, a bunch of technologies …

Overview of Cyber security Frameworks Read More »

Enumeration

What is Enumeration?

80 Comments / CEH / By

Enumeration is the process of extracting user names, machine names, network resources, shares, and services from a system or network. In the enumeration phase, the attacker creates active connections with system and performs directed queries to gain more information about the target. The attackers use the information collected by means of enumeration to identify the vulnerabilities or weak points in the system security, which helps them exploit the target system. It allows the attacker to …

What is Enumeration? Read More »

Information-Security-of-Threat

Information Security of Threat

Leave a Comment / CEH / By

Information Security of Threat and a vulnerability are not one and also the same. Security of Threat may be a person or event that has the potential for impacting a valuable resource in a very negative manner. A vulnerability is that quality of a resource or its environment that enables the threat to be complete. AN armed robber is AN example of a threat. A bank teller is AN example of a valuable resource which …

Information Security of Threat Read More »

Enterprise-Information-Security-Architecture

Enterprise Information Security Architecture

Leave a Comment / ECSA / By

Information Security Architecture Enterprise Information Security Architecture is a set of requirements, processes, principles, and models that determine the current And/or future structure and behaviour of an organization’s security processes, information security systems, personnel, and organizational sub-units. It ensures that the security architecture and controls are in alignment with the organization’s core goals and strategic direction. Though Enterprise Information Security Architecture deals with information security, it relates more broadly to the security practice of business. …

Enterprise Information Security Architecture Read More »