July 8, 2019

Domain 8: Software Development Security

8.1 Understand and integrate security in the Software Development Life Cycle

Programming Concepts

  • Machine Code is binary language built into a CPU. Just above that is assembly language, which are low level commands. Humans use s...

July 8, 2019

Domain 7: Security Operations

7.1 Understand and support investigations


  • Digital Forensics – focuses on the recovery and investigation of material found in digital devices, often related to computer crime. Closely related to incident response as it is based o...

July 8, 2019

Domain 6: Security Assessment and Testing

6.1 Design and validate assessment, test and audit strategies

  • Spans many areas:

    • Policies/procedures and other admin controls

    • Change management – primary goal is to ensure changes don’t reduce security

    • ...

July 8, 2019

Domain 5: Identity and Access Management

5.1 Control physical and logical access to assets

  • IAAA Five elements:

    • Identification – claiming to be someone

    • Authentication – proving you are that person

    • Authorization – allows you to access resources


July 8, 2019

Domain 4: Communication and Network Security

4.1 Implement secure design principles in network architectures

Communications and Network Security

  • OSI Model – Please Do Not Teach Students Pointless Acronyms. Developed by ISO

  • Encapsulation is when the payload has t...

July 8, 2019

Domain 3: Security Architecture and Engineering

3.1 Implement and manage engineering processes using secure design principles

  • The Kernel is the heart of the operating system, which usually runs in Ring 0. It provides an interface between hardware and the rest of the...

July 8, 2019

Domain 2: Asset Security

2.1 Identify and classify information and assets

  • Classifying Data

    • Labels – objects have labels assigned to them. Examples include Top Secret, Secret, Unclassified etc, but are often much more granular. Sensitive data should be marked...

July 8, 2019

Domain 1: Security and Risk Management

1.1 Understand and apply concepts of confidentiality, integrity and availability

  • CIA Triad –

    • Confidentiality – Resources are restricted from unauthorized subjects. Data must be protected in storage, process and transit....

July 8, 2019

Maintained by the International Information System Security Certification Consortium (ISC2), the Certified Information Systems Security Professional certification is a highly sought after designation in the United States and beyond. The credential offers candidates the...

Please reload

Featured Posts

How To Get Your Start In Security

October 26, 2018

Please reload

Recent Posts
Please reload

Please reload

Please reload