CISSP All-in-One Exam Guide, Chapter 9 PDF
Document Details
Uploaded by PlentifulMonkey
Universidad Autónoma de Nuevo León
Tags
Summary
This document provides a quick review of key security principles, including threat modeling, attack trees, and STRIDE. It also covers concepts like the Lockheed Martin Cyber Kill Chain, and MITRE ATT&CK framework. The document also introduces various security models for confidentiality and integrity aspects of data.
Full Transcript
CISSP All-in-One Exam Guide 412 Exam Outline. There are other principles that you may be tracking, but these are the 11 you’ll need to know for the exam. Likewise, the security models we discussed, which bring extra rigor to the study of security, are sure t...
CISSP All-in-One Exam Guide 412 Exam Outline. There are other principles that you may be tracking, but these are the 11 you’ll need to know for the exam. Likewise, the security models we discussed, which bring extra rigor to the study of security, are sure to make an appearance in the exam. Pay particular attention to Biba and Bell-LaPadula. Together, these principles and models provide a solid foundation on which to select controls based upon systems security requirements and build a solid security architecture. Quick Review Threat modeling is the process of describing probable adverse effects on our assets caused by specific threat sources. An attack tree is a graph showing how individual actions by attackers can be chained together to achieve their goals. STRIDE is a threat modeling framework developed by Microsoft that evaluates a system’s design using flow diagrams, system entities, and events related to a system. The Lockheed Martin Cyber Kill Chain identifies seven stages of cyberattacks. The MITRE ATT&CK framework is a comprehensive matrix of tactics and techniques used to model cyberattacks. Defense in depth is the coordinated use of multiple security controls in a layered approach. Zero trust is a model in which every entity is considered hostile until proven otherwise, and even that trust is limited. Trust but verify is the principle that, even when an entity and its behaviors are trusted, we should double-check both. Shared responsibility refers to the situation in which a service provider is responsible for certain security controls, while the customer is responsible for others. Separation of duties divides important functions among multiple individuals to ensure that no one person has the ability to intentionally or accidentally cause serious losses to the organization. Least privilege states that people are granted exactly the access and authority that they require to do their jobs, and nothing more. The need-to-know principle, which is similar to the least-privilege principle, is based on the concept that individuals should be given access only to the information they absolutely require in order to perform their job duties. The “keep it simple” principle drives us to make everything as simple as possible and periodically check things to ensure we are not adding unnecessary complexity. The principle of secure defaults means that every system starts off in a state where security trumps user friendliness and functionality. Chapter 9: Security Architectures 413 The principle of failing securely states that, in the event of an error, information systems ought to be designed to behave in a predictable and noncompromising manner. The principle of privacy by design states that the best way to ensure privacy of user data is to incorporate data protection as an integral part of the design of an information system, not as an afterthought or later-stage feature. The Bell-LaPadula model enforces the confidentiality aspects of access control. The Biba model is a security model that addresses the integrity of data within a system but is not concerned with security levels and confidentiality. The Brewer and Nash model, also called the Chinese Wall model, states that a subject can write to an object if, and only if, the subject cannot read another object that is in a different dataset. PART III A Trusted Platform Module (TPM) is dedicated to carrying out security functions involving the storage of cryptographic keys and digital certificates, symmetric and asymmetric encryption, and hashing. A hardware security module (HSM) is a removable expansion card or external device that can generate, store, and manage cryptographic keys to improve encryption/decryption performance of the system into which it is installed. A self-encrypting drive (SED) provides full disk encryption (FDE) through a cryptographic module that is integrated with the storage media into one package. Data in SEDs is encrypted using symmetric key cryptography. Bus encryption systems use TPMs to encrypt data and instructions prior to being put on the internal bus, which means they are also encrypted everywhere else except when data is being processed. A trusted execution environment (TEE), or a secure enclave, is a software environment in which special applications and resources (such as files) have undergone rigorous checks to ensure that they are trustworthy and remain protected. Processor security extensions are instructions that provide additional security features in the CPU and can be used to support a TEE. Atomic execution is an approach to controlling the manner in which certain sections of a program run so that they cannot be interrupted between the start and end of the section. Questions Please remember that these questions are formatted and asked in a certain way for a reason. Keep in mind that the CISSP exam is asking questions at a conceptual level. Questions may not always have the perfect answer, and the candidate is advised against always looking for the perfect answer. Instead, the candidate should look for the best answer in the list.
