Please enable JavaScript.

Coggle requires JavaScript to display documents.

CISSP - Coggle Diagram

- - - - Detection 01
      - Response 02
      - Mitigation 03
      - Reporting 04
      - Recovery 05
      - Remediation 06
      - Lessons Learned 07
- - - - Owner of the resource can choose whom to give access of the resource.
    - - Authority can decide whom to give access of the resource not an individual.
    - - Set of rules determine
    - - Based on roles
    - - Predefined rules determine
- - - - retention
      - mitigration
      - sharing
      - avoidance
      - acceptance
      - transfer
  - - - Preventative
        
        Security Awareness Training
        
        Firewall
        
        Security Guard
        
        IPS
        
        Anti Virus
      - Detective
        
        System Monitorig
        
        IDS
        
        Motion Detector IDS
        
        IPS
        
        Anti Virus
        
        Pen Testing
        
        Vulnerability Assessment
      - Corrective
        
        OS Upgrade Patches
        
        Backup Data Restoral
        
        Anti Virus
        
        Vulnerability Mitigation
      - Compensatory
        
        Bckup Generator
        
        Server Isolation
        
        Hot Site
      - Technical
      - Physical
      - Administrative
        
        Controls implemented through policies and procedure
        
        Segregations of duties
      - Directive
      - Deterrent
      - Recovery
  - - - Maximum Allowable Downtime or Maximum Tolerable Downtime (MAD/MTD)
      - Recovery Time Objective (RTO)
      - Recovery Point Objective (RPO)
- - - - focus on confidentiality
    - - focus on integrity
    - - conflict of interest
    - - focus on integrity and payment security
  - - - Consume it
    - - Build upon it
    - - migrate to it
    - - Private cloud
      - Public
      - community
  - - - Same key to encrypt and decrypt
      - fast
    - - Public key to encrypt and Private key to decrypt and vice versa
      - slow
      - Provides confidentiality and proof of origin
    - - Jumble words
    - - key that is used to encrypt and decrypt data
    - - means you cannot deny that you didn't read the data.
      - Types
        
        Originator key
        
        Recipient key
    - - the guy in the middle who tries to decrypt the data while the data is flowing from sender to receiver.
    - - combination of cryptography (code making) and cryptanalysis (code breaking)
    - - Hash works on integrity of the data. It does not provide any encryption
      - You calculate the hash of the data before sending the data and after receiving the data. Both hashes should be same otherwise there is some changes made by some in the middle of the flow of data.
    - - probability method to break a key
    - - substitute one letter with another letter for encryption purpose.
    - - rearranging the order of data for encryption purpose
    - - Confusion means cipher text gives no clues about the original text. Achieved using substitution.
    - - Diffusion increases the redundancy of the plain text by sending across rows and columns. Achieved using transposition and permutation.
    - - where a little change in an input like using spaces in a data can have a significant change on its key.
    - - It is done by generating multiple keys using the same cipher text
    - - Each encryption and decryption is done immediately.
    - - Each encryption and decryption is done slowly
    - - Use for website protections to secure the data
      - free open source certificate generator
        
        Openssl cert generator
        
        self signed certificate generator
    - - Trusted entity who deals with digital certificates
    - - registers the issued digital certificate.
    - - Stream cipher
        
        Bit by bit
      - Block cipher
        
        Process fixed-size blocks of data, usually 64 or 128 bits, to produce ciphertext.
    - - DES
      - TripleDES
      - Blowfish
      - AES
      - RC4
    - - It is a random starting point which starts the process of encryption making sure that it adds complexity and randomness to the encryption process.
    - - Hide data underneath something for data integrity
    - - MAC ( message authentication code)
      - HMAC (hash message authentication code
    - - Brute force
      - Cryptanalysis
    - - Key recovery
      - Dual control and split knowledge
      - Key Escrow
      - Creation of keys
        
        Automated key generation
        
        Truly random
        
        Asymmetric key length
    - - Types
        
        Brute force
        
        Chosen plain text
        
        known cipher text
        
        Birthday attack
        
        Cryptanalysis
        
        Cipher only attack
        
        Chosen cipher text
        
        Known plain text
        
        Dictionary attack
        
        Rainbow tables
        
        Replay attack
        
        Algebraic attacks
        
        Attacking the random number generator
        
        Implementation attacks
        
        Fault analysis
        
        Side channel analysis
        
        Probing attacks
        
        Man in the middle attack
        
        Temporary files
        
        Social engineering for key discovery
- - - - Data
      - Where end users interacts with the application and the application interacts with the Network process.
      - It is like selecting a gift.
    - - Data
      - Data representation and encryption. Make sure the address is correct and data is in readable form.
      - It is like the gift wrapping and checking if the address of the destination is correct and in understandable format or not.
    - - Data
      - Establish session for interhost connection.
      - Hand over your gift to postal service. This is like the interaction between different postal services, maintaining a continuous process until delivery.
      - It does not have any security in it by itself thus its a must to establish a security on it .
    - - Segments
      - Provides end-to-end communication control and ensures complete data transfer. It includes error checking and data flow control.
      - The postal service ensures that your card will be delivered reliably, tracking its path, and ensuring it doesn't get lost.
    - - Packets
      - Path determination and IP (logical address)
      - The postal service determines the best route for the card to take, perhaps sending it through various sorting centers and other countries.
      - Uses IP addresses.
    - - Frames
      - Responsible for node-to-node data transfer and error detection/correction. It ensures that data is transferred reliably over the physical link.
      - Each local post office and sorting center handles the card, ensuring it gets to the next point correctly.
      - Uses MAC (media access control) address and LLC (logical link control).
      - Protocols
        
        ARP (Address resolution protocol)
        
        Works at MAC layer.
        
        Its purpose is to provide direct communication between two devices within the same LAN.
      - Switches
        
        It is used to connect devices within LAN.
    - - Bits
      - The card travels via trucks, planes, and other physical means to reach the destination.
      - Deals with the physical connection between devices and the transmission and reception of raw bitstreams over a physical medium.
  - - - Protocols
        
        FTP
        
        SNMP
        
        Telnet
        
        SMTP
        
        DNS
        
        RIP
    - - Protocols
        
        TCP
        
        UDP
    - - Protocols
        
        IP
        
        ARP
    - - Ethernet
  - - - Are used to connect LAN with WAN. It also provides a default gateway.
  - - - TCP
      - UDP
    - - total ports
        
        0 - 65,535
      - HTTP
        
        80
      - HTTPS
        
        443
      - Well known ports
        
        0 - 1023
      - Registered ports
        
        1024 - 49,151
      - Dynamic ports
        
        49,152 - 65,535
  - - - DNS
        
        Provides a naming system for IP addresses.
      - WWW
      - HTTP
      - HTTPS
      - Email
      - SMTP
      - Telnet
      - FTP
      - DHCP
        
        Provides an IP addrress
      - SNMP
      - LDAP
  - - - Static packet filtering firewall
        
        Allows all outgoing tcp connections
        
        Only allows incoming DNS, SMTP and FTP services
        
        Denies all other servces.
      - Stateful inspection firewall
      - Next generation firewall
        
        Advanced form of firewall
      - (IDS/IPS0 Intrusion detection and prevention systems.
  - - - Devices inside a LAN has its own unique private IP address provided by router. when the device access the internet, it will use the router as a default gateway and will use a public IP provided by ISP (internet service provider) to the router while accessing internet
      - Public IP can be static or dynamic
      - Private IP remains consistent
    - - VPN
      - ports
      - SSH
- - - - rough idea or guess value of that asset
    - - Exact value of that asset
  - - - 01 Replacement value of that asset
      - 02 impact on the business at the loss of that asset
  - - - An individual who is the subject of a personal data
    - - an individual or organization responsible for the technical environment and day-to-day management of data
    - - An individual who is accountable for that data
    - - Defines what kind of data is it
    - - who is responsible for defining the rules and purpose needed to store the data.
    - - An internal or 3rd party that processes the data
  - - - Low risk
        
        Access, process, no encryption, no labelling, no monitoring
      - Medium risk
        
        Access password, Symmetric encryption(one key to encrypt and decrypt), no labeling, timely monitoring
      - High risk
  - - - Clearing
        
        erase all the data in a way that it can not be recovered by normal known recovery techniques however it can be restored using special tools
      - Purging
        
        virtually destroying the data in a way that it can not be recovered by any method making it almost impossible to restore.
      - Destruction
        
        physically destroying the data eg hard drive in a way that it can not be restored like breaking it using hammer or in boiling water or burning it down to ashes.
    - - Overwriting
        
        Formatting hard drive multiple times
      - Degaussing
        
        attaching strong magnet with hard disk which as a result erases all data in that hard disk.
      - Encryption
- - - - Security
    - - Security