integrity

CISSP Concepts of Confidentiality, Integrity, and Availability – Bk2D1T1

Module Objectives Explain the concepts of confidentiality, integrity, and availability. Differentiate between confidentiality, integrity, and availability. Confidentiality, Integrity, and Availability (CIA) Triad When practitioners discuss the field of security, we concentrate on three goals: ensuring the confidentiality, integrity, and availability (CIA) of assets. This is referred to as the CIA triad. In information security, the assets are data—information that requires security. This is true for data in any form, whether it is stored electronically or …

CISSP Concepts of Confidentiality, Integrity, and Availability – Bk2D1T1 Read More »

CISSP Security and Risk Management – Bk2D1

Overview Security and Risk Management in this Domain 1 of the (ISC)2®  CBK lays the foundation for the entire course, introducing  concepts and principles that will  be utilized  throughout. It is imperative that the candidate learn and understand these thoroughly, if the candidate is not already familiar with the material from professional practice. NOTE: Throughout this domain and much of the rest of the course material, the term “organization” will be used to describe operational entities; …

CISSP Security and Risk Management – Bk2D1 Read More »

CISSP Implement Site and Facility Security Controls – Bk1D3T11

Implement Site and Facility Security Controls in this all the thought and effort put into ensuring that the operation of your systems protects  the confidentiality, integrity, and availability of your data is for naught if the threat actor can simply walk into your data center and walk out with the disk drives. Designing a data center or engaging the services of a third-party data center requires careful consideration of the risks and appropriate controls to …

CISSP Implement Site and Facility Security Controls – Bk1D3T11 Read More »

CISSP Understand the Fundamental Concepts of Security Models – Bk1D3T2

A Security models is a hypothetical abstraction of a system, simplified to enable analysis of certain aspects of the system without the complexity and details of the entire system being analyzed. A security model is a model that deals with security policy. Security models can be formal, intended for mathematical analysis to assist in the verification that a system complies with a specific policy, or they can be informal, serving to illustrate and simplify the …

CISSP Understand the Fundamental Concepts of Security Models – Bk1D3T2 Read More »

CISSP Understand and Apply Concepts of Confidentiality, Integrity, and Availability -Bk1D1T1

For thousands of years, people have sought assurance that information has been captured, stored, communicated, and used securely. Depending on the context, differing levels of emphasis have been placed on the availability, integrity, and confidentiality of information, but achieving these basic objectives has always been at the heart of security practice. As we moved from the time of mud tablets and papyrus scrolls into the digital era, we watched the evolution of technology to support …

CISSP Understand and Apply Concepts of Confidentiality, Integrity, and Availability -Bk1D1T1 Read More »

ISO-27001-Annex-12-Operations-Security-infosavvy

ISO 27001 Annex : 12 Operations Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : 12 Operations Security in this article explain Operational procedures and responsibilities, Documented Operating Procedures, Change Management & Separation of Development, Testing and Operational Environments. A.12.1  Operational procedures and responsibilities Its objective is to ensure that information processing facilities operate correctly and securely. A.12.1.1  Documented Operating Procedures Control-Operating procedures should be documented and accessed by all users in need. Implementation Guidance- Documented procedures for operating information processing and communications facility activities should …

ISO 27001 Annex : 12 Operations Security Read More »

Gathering-Evidence-from-an-IDS

Gathering Evidence from an IDS

Leave a Comment / CHFI, Knowledge Base / By

Gathering Evidence from an IDS in this the monitoring network traffic is of prime importance. Organizations install IDSes to monitor intrusions. To capture network traffic, first configure the IDS. However, this is not sufficient as a source of evidence, because the 1DS is incapable of performing integrity checks on log files. In a network investigation, preserving digital evidence is difficult, as the data displayed on screen will remain only for few seconds. The Windows HyperTerminal …

Gathering Evidence from an IDS Read More »

ISO-27001-Annex-A.14.2.3-Technical-Review-of-Applications-after-Operating-Platform-Changes

ISO 27001 Annex : A.14.2.3 Technical Review of Applications after Operating Platform Changes , A.14.2.4 Restrictions on Changes to Software Packages & A.14.2.5 Secure System Engineering Principles

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explain ISO 27001 Annex : A.14.2.3 Technical Review of Applications after Operating Platform Changes , A.14.2.4 Restrictions on Changes to Software Packages & A.14.2.5 Secure System Engineering Principles this controls. A.14.2.3  Technical Review of Applications after Operating Platform Changes Control- In changing operating platforms, critical applications of business should be revised and tested to ensure no adverse impacts on business or security. Implementation Guidance – The following points should be covered in …

ISO 27001 Annex : A.14.2.3 Technical Review of Applications after Operating Platform Changes , A.14.2.4 Restrictions on Changes to Software Packages & A.14.2.5 Secure System Engineering Principles Read More »

ISO-27001-Annex-A.14.1.2-Securing-Application-Services-on-Public-Networks

ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks

Leave a Comment / ISO 27001 La, Knowledge Base / By

Control- ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks Information about application services which pass through public networks should be protected against fraudulent activities, contract disputes, unauthorized disclosure, and modification. Implementation Guidance – Information security requirements will include the following for application services that cross public networks: Each party requires a level of trust in the identity claimed by each other, for example, through authentication; Authorizations for those who may authorize the …

ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks Read More »

ISO-27001-Annex-14-System-Acquisition-Development-and-Maintenance

ISO 27001 : Annex 14 System Acquisition, Development and Maintenance

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 : Annex 14 System Acquisition , Development and Maintenance in this article is explain  A.14.1  Security Requirements of Information Systems & A.14.1.1  Information Security Requirements Analysis and Specification. A.14.1  Security Requirements of Information Systems Its objective is ensuring the information management for the entire lifecycle is an important part of information systems. This also includes the information systems requirements that provide services over a public network. A.14.1.1  Information Security Requirements Analysis and Specification …

ISO 27001 : Annex 14 System Acquisition, Development and Maintenance Read More »