I got away from studying for the CISSP a couple months ago when I ran into some stressful life situations. Now that things are back in order, I’m hitting the books again. Last week I read Chapters 3 and 4, covering Security Models & Architecture and Physical Security respectively. Tonight I took the self examine for each of the first four chapters. Needless to say, I’m not happy with my results. This does provide a nice benchmark for me though.
0.91 (10/11) Security Management
0.50 (6/12) Access Control
0.45 (5/11) Security Models & Architecture
1.00 (13/13) Physical Security
0.72 (34/47) Total
Since I plan on using this blog mainly as a repository of my thoughts below is my list of items that require further study and some quick thoughts about them.
- Compulsory — I missed the question not because I didn’t understand the topic and answers, but because I didn’t understand what compulsory meant. I thought it meant “optional.” Nope, it actually means: “mandatory.” Oops!
- Biometric Evaluation — Here I need to know what Type I, Type II, and CER stand for.
- Kerberos — Even though I know it’s an authentication protocol, I need to better understand the specific weaknesses it has.
- Security Label — This is part of MAC (Mandatory Access Control) and is a concept where information about an object including classification level and need-to-know is maintained. A subject’s classification and need-to-know are compared against the object’s before granting access.
- Capability Tables are the rows of an Access Control Matrix that are bound to the subjects.
- Access Control Lists are the columns of an Access Control Matrix that are bound to the objects.
- RADIUS, TEMPEST, TACACS, Diameter — I must understand the what/when/why/how of each and their differences.
- Brush up on the differences between Multitasking, Multiprocessing, Multithreading, and Multiprogramming.
- Reference Monitor
- Security Kernal
- Clark Wilson Model
- Trusted Computing Base
- Biba Model
- Bell-LaPadula Model
- Common Criteria — Mainly TOE, EPL and Protection Profiles
I plan on going back through this content during this week and writing at least a paragraph on each concept I missed in order to drive the points home.
As some may have noticed I have begun to post longer more informative posts. This is the trend I want to continue and build on. I believe writing longer posts not only provides practice at communication through the written word, but are more informative and less likely to be quick emotional reactions to other blog posts or news stories. As always, I implore anyone reading this to leave comments. I may have been in the field for 5 years now, but seeing as how I’m at least 35 years away from retirement I have at a minimum, 35 years more worth of learning to do!
As Joseph Addison said, “The utmost extent of man’s knowledge, is to know that he knows nothing.”