CISSP2D.txt

• 1. protect human life
• 2. mitigate against further threats

• BS 25999 = British Standards Institute; BS 25999-1:2006 BCM Code of Practice and BS 25999-2:2007 Specification for BCM
• ISO 27031:2011 Guidelines for information and communications technology readiness for business continuity
• ISO 22301 Business Continuity Management systems
• Business Continuity Institute's Good Practice Guidelines (GPG)

Best if every department in a company has it's own contingency plans and procedures which roll up into the enterprise BCP

• Initiate project
• Assign responsibilities
• Define continuity policy
• Perform BIA
• Identify preventive controls
• Create recovery strategies
• Develop BCP and DRP documents
• Test plans
• Maintain plans

• Identify critical business functions
• Decide on information gathering techniques: interviews, surveys etc.
• Identify resources these functions depend on
• Calculate how long these functions can be without these resources
• Identify vulnerabilities and threats to these functions
• Calculate the risk for each different business function
• Develop backup solutions for resources based on tolerable outage times
• Develop recovery solutions for the company's individual departments and for the company as a whole

• Part of MTD (maximum tolerable downtime)
• Deals with restoring data, testing processes and making everything "live" while
• RTO deals with technology, infrastructure and systems

• purposely seeking unauthorized access
• disrupting the intended use of the internet
• wasting resources
• destroying the integrity of computer-based information
• compromising the privacy of others
• conducting Internet wide experiments in a negligent manner

Intangible in that it is made up of bits and bytes and not objects that one can hold and understand

Often considered heresay as there is no first hand evidence backing it up

• Sufficient
• Reliable
• Relevant

Must involve HR (even before legal)

First international treaty seeking to address computer crimes by coordinating national laws, improving investigative techniques, and international cooperation.

provides guidelines on the protection of privacy and transborder flows of personal information

international organization with 8 principles: limited collection; notification; consent; accuracy etc.

implements export controls for conventional arms and dual-use goods (like encryption)

40 countries; 9 categories of areas covered (category 4 covers computers)

• Best evidence - primary evidence; most reliable
• Secondary evidence - oral evidence; not as reliable as primary
• Direct evidence - can prove a fact all by itself
• Conclusive evidence - irrefutable; can not be contradicted
• Circumstantial evidence - can prove an intermediate fact which can then be used to deduce another fact
• Corroborative evidence - supporting evidence to help prove a point; supplementary
• Heresay evidence - oral or written that is second-hand and has no firsthand proof of accuracy or reliability ; most computer evidence

• Triage
• Investigation
• Containment
• Analysis
• Tracking
• Recovery

• Software Protection Association (SPA)
• Federation Against Software Theft (FAST): London
• Business Software ALLIANCE (BSA): Wash DC

• Civil Law (system): rule-based law, not precedence based; most widespread in the world; common in europe
• Common Law: based on previous interpretations of laws; includes CRIMINAL law and CIVIL/TORT law and ADMINISTRATIVE/Regulatory law = used in the US, UK, Australia etc.
• Customary law: deals mainly with personal conduct and patterns of behavior; China and India
• Religious law: based on religious beliefs

Instantiation is when an object is created from a class.

Polyinstantiation is when more than one object is made and the other copy is modified to have different attributes.

This might be done to make a copy for security purposes so a lower-level subject can't access a higher-level object.

• Partitioning
• cell suppression: make specific cells hidden or not viewable
• noise and perturbation: bogus information

• for databases
• Atomocity: divides transactions into units of work; all committed or none
• Consistency: must follow integrity policy/rules
• Isolation: transactions execute in isolation, without interfering with other transactions
• Durability: once deemed accurate, transactions are committed and cannot be rolled back

• 1. project initiation
• 2. functional design analysis and planning
• 3. system design specifications
• 4. software development
• 5. testing
• 6. installation/implementation
• 7. operational/maintenenace
• 8. disposal

• System DLC:
• 1. Initation
• 2. Acquisition/development (may include requirements, formal risk assessment, security requirements and assurance, 3rd party evaluations etc.)
• 3. Implementation
• 4. Operation/maintenance
• 5. Disposal

SYSTEM acquisition, development and maintenance

• Requirements gathering
• Design
• Development
• Testing/Validation
• Release/Maintenance

TECHNICAL testing of a system

MANAGEMENT acceptance/authorization of a system

• Security requirements
• Security risk assessment
• Privacy risk assessment
• Risk-level acceptance

• P1 High privacy risk: multiple or ongoing privacy data issues
• P2 Moderate privacy risk: one (sole) issue
• P3 Low privacy risk: no behaviors or features

• Unit testing: individual components in controlled environment
• Integration testing: components work together
• Acceptance testing: code meets customer requirements
• Regression testing: after changes are made, ensure everything still works

• Break and fix: no real planning
• Waterfall: sequential; inflexible
• V-model: verification and validation at every step
• Prototyping: sample code/model
• Incremental: usable code at each step
• Spiral: iterative approach that emphasizes risk analysis at each iteration
• Rapid Application Development (RAD): combines prototyping and iterative development
• Agile: iterative and incremental; flexible
• Exploratory: testing to a set of specifications
• Joint Analysis Development (JAD): team approach
• Reuse: reusable programs are evolved by modifying pre-existing prototypes
• Cleanroom: highly structured and formal to prevent errors; used for high-quality and critical applications

• Initial =1 (ad hoc or chaotic)
• Repeatable = 2 (no formal processes but can repeat)
• Defined = 3 (formal procedures)
• Managed = 4 (formal procedures PLUS metrics to force improvement)
• Optimizing = 5 (continuous process improvement)

software testing by providing invalid, unexpected or random data to the inputs of a program

• Modularity: autonomous objects, cooperation through exchange of messages
• Deferred commitment: internal components of an object can be redefined without changing other parts of the system
• Reusability: refining classes through inheritance; other programs use the same objects
• Naturalness: object-oriented analysis, design and modeling map to business needs and solutions

OOP deals with classes and objects and communicates with messages

two objects can receive the same input and have different outputs

different objects respond to the same input in different ways

how many different types of tasks a module can carry out

ONE task = HIGH cohesion = a good thing (lower complexity)

how much interaction one module requires to carry out its tasks

Loose coupling = little interaction = a GOOD thing versus high/tight coupling

application receives invalid input which allows the instruction pointer to be overwritten and execute code in the buffer

a relational database with a software front end written in an object-oriented programming language

allows business logic procedures (processing) to be part of the object being retrieved

allows business logic procedures to be used by requesting applications and data within the database

• - high level data access programming interface to an underlying data access technology (like OLE DB)
• - set of COM objects for accessing data sources, not just database access
• - allows a developer to write programs that access data without knowing how the database is implemented
• - SQL commands are not required

• Semantic = structural and semantic rules are enforced
• Referential = all FOREIGN keys point to a primary key
• Entity = all Tuples have a unique PRIMARY key

field of study that works with metadata and attempts to put standards and conventions in place on the way data are analyzed and interpreted

used to identify patterns and relationships

also called data mining

Knowledge base PLUS inference engine

uses AI to solve problems

uses non-numeric algorithms to solve complex problems; recognizes hidden patterns

cannot be accomplished by regular programming logic; not straight-forward

identifies the attributes of software at various points in time and performs a methodical control of changes for the purpose of maintaining software integrity and traceability

formal change tracking

provides standardized access to the most needed services to many different applications at one time

allows different business applications to access the same web services

services within SOA are usually provided by WEB Services using web-based standards such as SOAP, HTTP, Web Services Description Language, Universal Description Discovery and Integration and XML

• WSDL = machine readable description of specific operations provided by the service
• UDDI = XML based registry that lists available services; allows them to be published and discovered
• SOAP = XML and HTTP communications in a web service environment; defines how objects communicate

a combination of functionality, data and presentation capabilities (commonly using open APIs and data sources) to provide some new service or functionality

dot dot slash ../

tries to get a URL to back up or traverse directories that aren't supposed to be accessible from the web

using %20 in a URL where spaces aren't allowed; attempts to represent characters differently

ensures input validation in a web form is conducted on the client

good to do but usually need additional validation at the server

puts actual database commands into input fields to bypass authentication and reveal the database records

a big issue if 2 tier architecture and the web server software can directly communicate with the back-end database

• attempts to inject malicious code into a vulnerable web application (using client side scripting such as Javascript)
• can result in the user executing the code and having cookies stolen, hijacked sessions etc.

• Nonpersistent XSS = lack of proper input validation
• Persistent XSS = stored data is accessed
• DOM (Document object model) = local XSS; uses the DOM environment to modify client side Javascript

server side scripting language

reusing content on web pages by placing the same content in multiple web documents

can be an attack vector if an attacker can substitute a file

Due diligence: going through the necessary steps to know what a company's risks are

Due care: carrying out responsible actions to reduce those risks

wraps the different services available on a system

provides a wrapper around incoming network traffic that forces the target operating system to inspect an ACL to ensure the requestor is allowed to access the SERVICE

if not allowed, the packet is dropped and the connection is refused

Requires two or more entities operating together to complete a task

example might be key recovery