Domain 1

avatar
Created by
Blessbo

Cards (93)

  • What we will be covering in Domain 1
    • The differences between Information security, IT Security, and Cybersecurity
    • The CIA triad and IAAA
    • Privacy
    • Risk and incident management
    • Access control
    • Governance, management, laws, and regulations
    • The ISC2 ethics
    View source
  • Information Security
    All our information: Paper documents, voice information, data, the knowledge people have
    View source
  • IT Security
    All our hard/software, and data: Computers, servers, networks, hardware, software, firmware, and data being processed, stored, and communicated
    View source
  • Cybersecurity
    Everything from IT Security that is accessible from the internet
    View source
  • CIA Triad
    Confidentiality, Integrity and Availability
    View source
  • Confidentiality
    • Keeping our data and secrets secret, ensuring no one unauthorized can access the data
    View source
  • Integrity
    • Protecting against modifications of the data and the systems, ensuring the data has not been altered
    View source
  • Availability
    • Ensuring authorized people can access the data they need when they need to
    View source
  • Techniques used to ensure CIA
    • Encryption for data at rest (AES256), full disk encryption
    • Secure transport encryption protocols for data in motion (SSL, TLS or IPSEC)
    • Best practices for data in use - clean desk, no shoulder surfing, screen view angle protector, PC locking (automatic and when leaving)
    • Strong passwords, multi-factor authentication, masking, access control, need-to-know, least privilege
    View source
  • Threats to CIA
    • Attacks on your encryption (cryptanalysis)
    • Social engineering
    • Key loggers (software/hardware), cameras, steganography
    • IOT (Internet of Things) – The growing number of connected devices we have pose a new threat, they can be a backdoor to other systems
    View source
  • Techniques used to ensure Integrity
    • Cryptography
    • Check sums (CRC)
    • Message Digests also known as a hash (MD5, SHA1 or SHA2)
    • Digital Signatures – non-repudiation
    • Access control
    View source
  • Threats to Integrity
    • Alterations of our data
    • Code injections
    • Attacks on your encryption (cryptanalysis)
    View source
  • Techniques used to ensure Availability
    • IPS/IDS
    • Patch Management
    • Redundancy on hardware power (Multiple power supplies/UPS's/generators), Disks (RAID), Traffic paths (Network design), HVAC, staff, HA (high availability)
    • SLA's – How much uptime do we want (99.9%?) – (ROI)
    View source
  • Threats to Availability
    • Malicious attacks (DDOS, physical, system compromise, staff)
    • Application failures (errors in the code)
    • Component failure (Hardware)
    View source
  • Disclosure, Alteration, and Destruction (DAD)

    The opposite of the CIA Triad
    View source
  • Identification
    Your name, username, ID number, employee number, SSN etc. "I am Thor"
    View source
  • Authentication
    Proving you are who you say you are, should always be done with multi-factor authentication
    View source
  • Something you know - Type 1 Authentication
    Passwords, pass phrase, PIN etc., also called Knowledge factors
    View source
  • Passwords
    • It is always easier to guess or steal passwords than it is to break the encryption, we have password policies to ensure they are as secure as possible, they should contain minimum length, upper/lower case letters, numbers, and symbols, they should not contain full words or other easy to guess phrases, they have an expiration date, password reuse policy and minimum use before users can change it again
    View source
  • Something you have - Type 2 Authentication

    ID, passport, smart card, token, cookie on PC, these are called Possession factors
    View source
  • Single-Use Passwords
    • Having passwords which are only valid once makes many potential attacks ineffective, just like one-time pads, they are widely implemented in online banking, where they are known as TANs (Transaction Authentication Numbers)
    View source
  • Smart Cards and Tokens
    • They contain a computer circuit using an ICC (Integrated Circuit Chip), Contact Cards - Inserted into a machine to be read, Contactless Cards - can be read by proximity, Magnetic Stripe Cards - Swiped through a reader, no circuit, very easy to duplicate
    View source
  • Tokens
    • HOTP and TOTP can be either hardware or software based, cellphone software applications are more common now, HOTP (HMAC-based One-Time Password) - Shared secret and incremental counter, generate code when asked, valid till used, TOTP (Time-based One-Time Password) - Time based with shared secret, often generated every 30 or 60 seconds, synchronized clocks are critical
    View source
  • Something you are - Type 3 Authentication (Biometrics)
    Fingerprint, iris scan, facial geometry etc., these are also called realistic authentication
    View source
  • Errors for Biometric Authentication
    • FRR (False rejection rate) Type 1 error - Authorized users are rejected, FAR (False accept rate) Type 2 error - Unauthorized user is granted access, CER (Crossover Error Rate) - Where FRR and FAR meet on the graph, this is where we want to be
    View source
  • Physiological Biometric Characteristics
    • Fingerprint, palm veins, facial recognition, DNA, palm print, hand geometry, iris recognition, retina, and odor
    View source
  • Behavioral Biometric Characteristics
    • Signature, keystroke, gait, voice, and lip movement
    View source
  • False Accept
    We accept someone by mistake
    View source
  • False Reject
    We can prevent our authorized people from entering our facilities if we refuse them by mistake
    View source
  • Errors for Biometric Authentication
    • FRR (False rejection rate) Type 1 error
    • FAR (False accept rate) Type 2 error
    View source
  • FRR (False rejection rate) Type 1 error
    Authorized users are rejected
    View source
  • FAR (False accept rate) Type 2 error

    Unauthorized user is granted access
    View source
  • We want a good mix of FRR and FAR where they meet on the graph is the CER (Crossover Error Rate), this is where we want to be
    View source
  • Biometric identifiers
    • Physiological Characteristics
    • Behavioral Characteristics
    View source
  • Physiological Characteristics
    • Uses the shape of the body, these do not change unless a drastic event occurs
    • Fingerprint, palm veins, facial recognition, DNA, palm print, hand geometry, iris recognition, retina, and odor
    View source
  • Behavioral Characteristics

    • Uses the pattern of behavior of a person, these can change, but most often revert back to the baseline
    • Typing rhythm, how you walk, signature and voice
    View source
  • Issues with Biometric Authentication
    • Respect and protect employee's privacy
    • Attackers can take pictures of your face, your fingerprints, your hands, your ears and print good enough copies to get past a biometric scan
    • It is possible to copy fingerprints from your high-resolution social media posts
    • How you type, sign your name and your voice pattern can be recorded, also not too difficult to cheat biometrics if it is worth the effort
    • Lost passwords and ID cards can be replaced with new different ones, biometrics can't
    • Mass collection of biometric data should be questioned
    View source
  • Authorization

    What you are allowed to access
    View source
  • Access Control models
    • DAC (Discretionary Access Control)
    • MAC (Mandatory Access Control)
    • RBAC (Role-Based Access Control)
    • ABAC (Attribute-Based Access Control)
    • Context-Based Access Control
    • Content-Based Access Control
    View source
  • Least Privilege
    Give users/systems exactly the access they need, no more, no less
    View source