Section/domain 1

Confidentiality, Integrity and Availablility

Memorize this CIA, Secuity triad:

Confidentiality: Encryption to avoid others accessing it
Integrity: Keeping the data from being altered
Availability: Keeping the system up and available

Confidentiality

Types:

• Symetric
• Asymetric

Strength

• Bits

PKI - Only know the Root-CAs

Integrity

Prove that data was not altered in any way

Hashing

• MD5
• SHA-1

http://www.mindcert.com/resources/MindCert_CISSP_Cryptography_MindMap.pdf

Availability

The site and the servers are always up and running

Redundancy level

• Hot
• Cold
• Warm
• Reciprocal (allow someone to use your datacenter for his desaster recovery)

RAID Levels

RAID 100

Goverance, Legal and Ethics

MEM this: http://www.mindcert.com/resources/MindCert_CISSP_Law_MindMap.pdf

MEM this: Canon 1 “Protect society, the commonwealth, and the infrastructure,”

• Protect society, the commonwealth, and the infrastructure.
• Act honorably, honestly, justly, responsibly, and legally.
• Provide diligent and competent service to principals.
• Advance and protect the profession.
• Promote and preserve public trust and confidence in information and systems.
• Promote the understanding and acceptance of prudent information security measures.
• Preserve and strengthen the integrity of the public infrastructure.
• Discourage unsafe practices.

MEM this: Canon 2 “Act honorably, justly, responsibly and legally,”

• Tell the truth; make all stakeholders aware of your actions on a timely basis.
• Observe all contracts and agreements, express or implied.
• Treat all members fairly. In resolving conflicts, consider public safety and duties to principals, individuals, and the profession in that order.
• Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort. Take care to be truthful, objective, cautious, and within your competence.
• When resolving different laws in different jurisdictions, give preference to the laws of the jurisdiction in which you render your service.

MEM this: Canon 3 “Provide diligent and competent service to principals,"

• Preserve the value of their systems, applications and information.
• Respect their trust and the privileges that they grant you.
• Avoid conflicts of interest or the appearance thereof.
• Render only those services for which you are fully competent and qualified.

MEM this: Canon 4 “Advance and protect the profession,”

• Sponsor for professional advancement those best qualified. All other things equal, prefer those who are certified and who adhere to these canons. Avoid professional association with those whose practices or reputation might diminish the profession.
• Take care not to injure the reputation of other professionals through malice, or indifference.
• Maintain your competence; keep your skills and knowledge current. Give generously of your time and knowledge in training others.

Policies etc.

Policy: management statements
Standdards: mandatory controls
Guidelines: recomendations
Procedures: instructions