Please enable JavaScript.

Coggle requires JavaScript to display documents.

Victor's Training - Coggle Diagram

- - - - Employee Monitoring and Supervising
      - Information Classification
      - Security Awareness and Training
      - Physical Security Controls
      - Technical Security Controls
        
        Authentication
        
        Authorization
        
        Auditing
        
        Security Protocols
        
        RADIUS
        Remote Access Dial-In User Service
        
        TCACS and TCACS+
        Terminal Access Controller
        
        Kerberos
        
        Security Devices
  - - - Subject
      - Object
      - Reference Monitor
      - Operation
    - - Separation of Duties (Sod)
      - Need-to-know
      - Principle of Least Privilege
      - Mandatory Access Control (MAC)
        
        e.g. User Access Control - Windows
      - Discretionary Access Control (DAC)
        
        Cloud Based Shared Storage Systems
        
        Windows File Permissions
      - Roles Based Access Control
        RBAC
        
        Just Enough Administration
        JEA (Windows)
        
        Windows Admin Center (WAC)
      - Rules Based Access Control
        RB-RBAC
    - - Identity and Access Management (IAM) Concepts
        
        User Identity Management (IDM)
        
        Identity Repositories
        
        User Access Management (AM)
        
        Authorization
        
        Centralized Authorization
        
        Decentralized Authorization
        
        Implicit Authorization
        
        Explicit Authorization
        
        Authentication
        
        Password Authentication
        
        Smart Card Authentication
        
        Biometric Authentication
        
        Two Factor Authentication
        
        Single Sign-On Authentication
        
        Accounting
      - Identity and Access Management (IAM) Systems
        
        Microsoft Active Directory
  - - - Regulatory Framework Compliance
        
        Acts
        
        Health Insurance Portability and Accountability Act (HIPAA)
        
        Sarbanes Oxley Act (SOX)
        
        Federal Information Security Management Act of 2002 (FISMA)
        
        Gramm Leach Bliley Act (GLBA)
        
        Payment Card Industry Data Security Standard (PCI-DSS)
        
        General Data Protection Regulation (GDPR)
        
        Data Protection Act of 2018 (DPA)
        
        The Digital Millenium Copyright Act (DMCA)
        
        Deciding on How to Comply with Regulatory Framework
        
        ISO Information Security Standards
      - Designing and Developing Security Policies
        
        What are Security Policies?
        
        The need for Security Policies
        
        Advantages of Security Policies
        
        Characteristics of Good Security Policy
        
        Key Elements of Security Policies
        
        Contents of Security Policies
        
        High-level security requirements
        
        Discipline Security
        
        Safeguard Security
        
        Procedural Security
        
        Assurance Security
        
        Policy Description Based on Requirements
        
        Security Concept of Operation
        
        Allocation of security enforcement to architecture elements
        
        Typical Policy Document Content
        
        Types of Information Security Policies
        
        Enterprise Information Security Policy
        
        Application Policy
        
        Backup and Restore Policy
        
        Network and Network Device Security Policy
        
        System security policy
        
        Issue Specific Security Policy
        
        Remote Access and Wireless Policies
        
        Incident Response Plan
        
        Password Policies
        
        Design Considerations
        
        Policies for Personal Devices
        
        System Specific Security Policy
        
        DMZ Policy
        
        Encryption Policy
        
        Policies for Intrusion Detection and Prevention
        
        Access Control Policy
        
        Examples of Security Policies
        
        Internet Access Policies
        
        Password Policy
      - Employee Awareness and Training
        
        Employee Awareness Training: Security Policy
        
        Employee Awareness Training: Physical Security
        
        Employee Awareness Training: Social Engineering
        
        Employee Awareness Training: Data Classification
  - - - Need for Physical Security
      - Location Considerations
      - Site Architecture
      - Fire Fighting Systems
      - Physical Barriers
      - Security Personnel
      - Physical Locks
      - Mantrap
      - Alarm Systems
      - Video Surveillance
      - Power Supply
      - Light Systems
    - - Natural Environmental Threats
      - Man-made threats
    - - Various Types of Physical Security Controls
        
        Preventive Controls
        
        Door Lock
        
        Security Guard
        
        Detective Controls
        
        Motion Detectors
        
        Alarm Systems
        
        Sensors
        
        Video Surveillance
        
        Deterrent Controls
        
        Warning Signs
        
        Recovery Controls
        
        Disaster Recovery
        
        Business Continuity Plan
        
        Backup Systems
        
        Compensating Controls
        
        Hot Sites
        
        Backup Power Systems
    - - Reception Area
      - Server/Backup Device Security
      - Critical Assets and Removable Devices
      - Securing Network Cables
      - Securing Portable Mobile Devices
      - Heat, Ventilation and Air Conditioning (HVAC)
      - Electro Magnetic Interference Shielding
      - Hot and Cold Aisles
    - - Design Considerations