CISSP Cornell Notes by

Col Subhajeet Naha, Retd, CISSP

CISSP FOR ALL

A little About Col Subhajeet Naha, Retd, CISSP

• Did I make your CISSP ride a little easy?

• Point form is a classical Army way of training.
• I am Col Subhajeet Naha, Retd from Indian Army.
• CISSP changed the way I looked at Information and
Cybersecurity.
• The mission is to create as many CISSPs as possible and
make them easier to comprehend.
• I conduct weekend training and encourage my students
to clear the exams within 90 days.
• Otherwise, it will become a long-drawn battle.
• Revise at least thrice. That’s my advice.
• Work only on the concepts and their applications.
• I love teaching and training.
• Want to know more about me. Connect with me on
LinkedIn.
• Linkedin: https://www.linkedin.com/in/subhajeet-naha/
• For balance domains, visit my LinkedIn profile.
• Share it for the benefit of the masses.
• Thank you and Happy Learnings.

Col Subhajeet Naha, Retd, CISSP, is one of the early adopters of Information and Cybersecurity Practices in
the Indian Army. He is an alumnus of Acharya Narendra Dev College, University of Delhi, Military College of
Telecommunications, JNU and Defence Services Staff College, Wellington. He has served in various war zone
operations and has vast military instructional experience. He has an ardent interest in Space technologies,
cybersecurity and software development. With over 25 years of technological experience, Col. Subhajeet
founded Protecte Academy (https://academy.protecte.io) and Protecte Technologies (https://protecte.io).

With his unique training technique, hundreds of students passed the CISSP exam and are working in some
great companies.

Dedicated to my Mother, Wife and Family

CISSP CORNELL NOTES

• By Col Subhajeet Naha, Retd, CISSP Mentor

• How to Prepare for CISSP
• Attend an online boot camp or training session.
• Read prescribed books.
• Don’t cram but keep tab of important points – Main points covered in these
notes
• For experienced professionals, one/two reads are sufficient. The aim is to clear
the concepts.
• Practice questions from Sybex 10th edition and Sybex 4th edition practice test
• Don’t refer to any dumps; they are of no use.
• How to use these notes
• Use these notes as revision notes
• Reading the Reference books is highly recommended
• Scribble your own notes
• Reference Books
• Sybex 10th Edition
• Destination Certification
• Reach out to us if you have any questions
• Future domains being prepared
• Website : learn.protecte.io
• Mob : +91-8800642768
CISSP Cornell Notes by
Col Subhajeet Naha, Retd, CISSP
 The Evolving Role of Security

Main Concepts Detailed Explanation

• Evolving security threats
• Range of targeted assets
• Role of security in organizations
• Key security objectives
• Corporate governance focus
• Organizational value
Role of Security in Organizations:
• Security professionals must consider the broader rolerofD
Evolving Security Threats:
• Security has shifted from protecting data on servers to a broader focus,
as threats now target various assets such as mobile devices, industrial
controllers, and even IoT devices like smart fridges.
• Example: Increase in phishing and social engineering attacks aimed at
exploiting human vulnerabilities.
Range of Targeted Assets:
• Threat actors now target a broad range of devices and assets within an
ti
organization, not just IT systems. These include mobile phones, tablets,on
industrial controllers, and smart IoT devices.
i bu
s tr
i
fo
tgoals.
an organization. Protecting data alone is insufficient;
security within
security must
o
N in every organization?
protect all assets and support the organization’s

a , function
Key Question: What is the role of the security
a h
tN
Key Security Objectives:
• Reduce risk
e e
Protect information,aITj assets, and the organization's reputation
•
h
•
S ub and integrity
Preserve confidentiality
• Manage l availability of assets and services
othe
C
y compliance with laws and regulations
•
P BEnsure

S Corporate Governance Focus:

CIS • Corporate governance revolves around the concept of organizational

for value, and security must contribute to this value by protecting all assets,

tes not just data.

o • Organizational Value: Ensuring that security supports the long-term

ll N
goals and operational success of the business.

rn e Organizational Value:

C o • Security cannot simply focus on data protection; it must enable and

support the organization in achieving its overall objectives, aligning
security efforts with business needs and values.

Summary
• Security has expanded from protecting data to safeguarding a wide variety of assets, including mobile
devices and IoT.
• The role of security is to reduce risk, protect assets, and ensure compliance while supporting the
organization’s value and goals.
• Security professionals must align their efforts with corporate governance to contribute to organizational
value.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security as a Business Enabler

Security’s Evolving Role:

• Security’s evolving role
• Top-down approach to security
• Asset protection beyond IT
• CEO’s role in governance
• CISO vs. CSO
• Empowering security
• Management perspective on
security
• Security must no longer focus only on minimizing risk or fulfilling
compliance checklists. Instead, it should enable and support the
organization's goals.
• Example: Security initiatives should align with business objectives to add
value.
Top-Down Approach to Security:
• Risk analysis and controls should be implemented with input from upper
management, ensuring that security supports the organization’s overall
strategy and objectives.
Asset Protection Beyond IT:
ti on
i bu
• Security is responsible for protecting all valuable assets, including people,

str
hardware, software, intellectual property, products, services, and the
organization’s reputation.
D i
for
• Key Point: Compliance with laws and regulations is a critical part of this
protection.
t
CEO’s Role in Governance:
No
a,
• The CEO is accountable for managing the organization to increase its value,
h
Na
through governance practices. Security must be aligned with this
governance to effectively protect the organization.
CISO vs. CSO:
jeet
ha
• The CISO (Chief Information Security Officer) often leads the security
b
Su
function and is responsible for protecting information. In some cases, the
l
CSO (Chief Security Officer) may report to the CIO, but this can hinder

y Co
security’s role in protecting all organizational assets.

B • Key Point: For security to be effective, it should report directly to the CEO or

SP
Board, empowering it to protect all assets.

CI S Top-Down Empowering Security:

for • Security must be empowered to protect the entire organization, not just IT.
This requires a reporting structure where security leads report to those who
es are accountable for the organization's value, like the CEO or the Board of
ot Directors.

ell N Management Perspective on Security:

orn • To be an effective security professional and pass the CISSP exam, you must

C understand security from a management perspective, not just a technical

one.
• Key Takeaway: Security professionals should focus on enabling the
business and supporting organizational goals.

• Security has evolved into a role that supports business objectives and should not be limited to risk
minimization.
• A top-down approach to security, with direct input from upper management, is critical for aligning
security with the organization's goals.
• Security professionals must think from a management perspective to effectively support the business and
be an enabler for achieving organizational objectives.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security and Risk Management (CISSP Domain 1)

• CIA Triad
• Organizational roles in security
• Accountability vs. responsibility
• Corporate laws and policies
• Risk analysis
• Governance and compliance
• Accountability: Having the authority and answerability for ensuring
completed.
CIA Triad:
• Confidentiality: Ensuring data is accessible only to those authorized.
• Integrity: Ensuring data accuracy and consistency.
• Availability: Ensuring data and systems are accessible when needed.
• Example: Using encryption for confidentiality, hashing for integrity, and
redundancy for availability.
Organizational Roles in Security:
• Different roles within an organization relate to security responsibilities.
These roles ensure that security is maintained across different layers of the
organization, including IT, HR, legal, and executive management.
t i on
Accountability vs. Responsibility:
i b u
s r
t tasks are
i
rD

fo
• Responsibility: Being assigned to perform specific tasks.
tprogram, while IT teams are
o
• Example: A CISO is accountable for the security
,N
responsible for implementing security controls.
a
Corporate Laws and Policies:
a h
N environment
tCompliance
• Policies and laws within a corporate dictate how security is

regulations is critical forje

implemented and enforced. e with internal policies and external

h a legal and operational success.

• Risk Analysis: b
l Su evaluating, and mitigating risks to an organization.
o Risk identification, risk assessment, and selecting
• Involves identifying,
C
B y
• Key Processes:
appropriate controls to mitigate risks.

I SSP• Example: Performing a risk assessment to determine potential threats to

C data security and developing mitigation strategies like firewalls or training.

for Governance and Compliance:

tes • Governance refers to the frameworks, processes, and rules that an

o organization uses to ensure security aligns with business objectives.

ell N • Compliance ensures that the organization meets regulatory and legal

orn requirements, safeguarding its operations.

C • Example: Implementing ISO 27001 to ensure the security governance

framework aligns with business goals and complies with industry standards.

• The first CISSP domain focuses on understanding the fundamentals of security, particularly the CIA triad,
and how organizations structure roles and responsibilities to manage risk.
• A key aspect of this domain is learning the distinction between accountability and responsibility, which is
crucial for implementing security practices.
• Governance and compliance play a critical role, and security must contribute to both to ensure the
organization's objectives are met while adhering to legal and regulatory frameworks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 ISC2 Code of Professional Ethics

ISC2 Code of Ethics:

• ISC2 Code of Ethics
• Preamble
• Code of Ethics Canons
• Application of Canons
• Memorization and order of Canons
• As a CISSP candidate, you are required to understand and comply with the
ISC2 Code of Professional Ethics. These ethics apply globally to all CISSP
holders.
• Example: The CISSP exam will likely include questions testing knowledge of
these principles.
Preamble of ISC2 Code of Ethics:
• The preamble stresses the importance of adhering to the highest ethical
standards for the safety and welfare of society, the common good, and duty
to principals.
ti
• Strict adherence to this Code is a condition of certification for CISSPon
candidates.
i bu
ISC2 Code of Ethics Canons:
str
D i
• The Canons are presented in a specific order of importance, and each must
be fully understood and memorized:
t for
No
• Protect society, the common good, public trust, and infrastructure.
• Example: Ensuring public systems are secure from threats to avoid
undermining public trust.
h a,
Na
• Act honorably, honestly, justly, responsibly, and legally.

jeet
• Example: Acting with integrity when dealing with security breaches and

ha
legal compliance.
b
• Provide diligent and competent service to principals.
Su
• Example: Delivering security solutions that meet the needs of clients and
l
Co
stakeholders.

By • Advance and protect the profession.

• Example: Promoting the CISSP certification and helping improve the

I SSP security field.

r C Application of Canons:

fo • These Canons must be applied in order of importance, especially in

es scenarios where there is a conflict between them.

ot • Example: If a scenario involves choosing between protecting society and

ell N providing competent service to a client, protecting society takes

rn
precedence.

C o Memorization and Adherence:

• The wording and order of the Canons are critical and must be memorized
as presented. Adherence to these Canons is required for both gaining and
maintaining the CISSP certification.

• The ISC2 Code of Professional Ethics outlines fundamental principles for CISSP holders, stressing the
importance of protecting society and acting with integrity.
• The four Canons must be applied in a specific order, with the first canon —protecting society—taking
precedence over all others.
• Memorization of the Canons is essential for CISSP candidates, as these principles are vital for both the
certification exam and professional conduct in the security industry.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Organizational Code of Ethics

• Ethics foundation
• Codifying ethics in organizations
• Ethical challenges
• Consistent ethical behavior
• Role of management
• Corporate policies
Ethics Foundation:
• Ethics are based on the principle of doing nothing that harms others. This
foundational belief drives ethical behavior in personal and professional
settings.
• Example: Ensuring that security measures do not unfairly harm individuals'
privacy rights.
Codifying Ethics in Organizations:
• For consistent ethical behavior, ethics must be codified in corporate
policies. These policies ensure that all employees follow the same ethical

on
standards.
ti
• Key Point: Consistency in ethical behavior across the organization can only
u
be achieved through clear corporate laws or policies.
tr i b
Ethical Challenges:
D is
for
• Ethical beliefs vary widely due to individual differences, including culture,

t
upbringing, education, and religious beliefs. This diversity makes it difficult to

No
ensure that everyone follows the same ethical principles.

a,
• Example: In a diverse workplace, what one employee sees as ethical
h
Na
behavior might be different from another’s interpretation.

et
Consistent Ethical Behavior:
je
• To achieve consistent ethical behavior, an organization must prescribe

bha
specific guidelines through policies. These policies help align the diverse

Su
ethical views of employees with the organization’s standards.
l
Co
Role of Management:

By • High-level management plays a critical role in instilling ethical behavior

throughout the organization. Ethical conduct must be driven by management

I SSP support, direction, and enforcement.

r C • Example: Senior leadership promoting transparency and accountability in

fo decision-making processes.

es
ot
Corporate Policies:

ll N
• Corporate policies that promote ethical behavior make the organization a

rn e better place to work and more valuable to shareholders and communities.

These policies must be legal and promoted consistently by senior

C o management.
• Key Point: Ethical policies should be consistently communicated to all
employees to create an ethical organizational culture.

• Ethics in an organization are based on doing no harm, but consistent ethical behavior requires
codification through corporate policies.
• Ethical challenges arise from diverse individual beliefs, making it necessary for organizations to establish
clear ethical guidelines.
• Senior management must drive and enforce ethical behaviour, ensuring that policies promoting ethical
conduct are understood and followed at all levels of the organization.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Understand and Apply Security Concepts

Security's Role in Business:

• Security's role in business
• Security and organizational
value
• Integration with business
processes
• Asset protection beyond
information
• Key focus of security
• Security as a support role
• Security must support the business in achieving its goals and objectives. It
has evolved to integrate with business processes, rather than just focusing
on isolated areas like IT or data protection.
Security and Organizational Value:
• Security should focus on increasing the value of the organization by
protecting assets that represent that value, including people, physical
property, and intellectual property, not just data.
• Example: Implementing security measures that protect employees and
physical infrastructure alongside traditional data protection.

on
Integration with Business Processes:
ti
• The role of security has expanded beyond data protection. For example,
u
i b
many years ago, physical security was often seen as separate from IT
tr
D is
security, but now both are considered integral to the security function.
• Key Point: The integration of security across various aspects of the business
is essential for comprehensive protection.
t for
No
Asset Protection Beyond Information:

a,
• Security should not focus only on protecting information or data but also on

h
all assets that represent value to the organization. These can include people,

Na
facilities, hardware, intellectual property, and services.

et
• Example: Protecting physical assets such as servers and employees is as
je
important as securing digital assets like databases.
ha
Key Focus of Security:
b
Su
• The primary focus of security is two fold:
l
Co
• Allow and enable the organization to achieve its goals and
objectives.
By • Increase the organization's value by protecting its assets.

I SSP • Security ensures that business operations can continue without disruptions
from threats.
r C Security as a Support Role:
fo
es • Security plays a supportive role in the organization, helping those

ot
accountable for business success (such as executives and managers) to

ll N
achieve their goals through proper governance and risk management.

rn e • Key Takeaway: Security governance ensures alignment between security

practices and business objectives.

C o

• Security’s role is to support the business in achieving its goals and increasing the value
of the organization by protecting all assets, not just data.
• Security has evolved to integrate with broader business processes and includes
protection of physical, intellectual, and human assets.
• By ensuring proper security governance, security professionals enable the organization
to achieve its objectives while minimizing risks..

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 CIA Triad and Security Principles
Confidentiality:
• Confidentiality
• Integrity Protects assets by ensuring that information is only accessible to those
who have the proper authorization (principles: need-to-know, least
• Availability
privilege). Prevents unauthorized disclosure.
• Authenticity
• Nonrepudiation Example: Using encryption to protect sensitive data from being accessed
by unauthorized parties.
• CIA Triad
• Goals of asset security Integrity:
Ensures the accuracy, timeliness, and consistency of assets, protecting
them from unauthorized or accidental changes.
Example: Digital signatures or hashing used to verify that data has not
been altered during transmission.
ti on
Availability:
i bu
tr
Ensures that assets are available and accessible when needed by
s
i
stakeholders, protecting against disruptions like hardware failures or
D
for
attacks.

t
Example: Using backups and redundancy measures to ensure system
availability during failures or cyberattacks.
No
Authenticity:
h a,
Na
Verifies the source and origin of assets, ensuring that they are legitimate

et
and come from trusted sources.

je
Example: Using certificates to validate the authenticity of
ha
communications or documents.
b
Su
Nonrepudiation:
l
Provides assurance that someone cannot deny having performed an

y Co
action or transaction, often through logging or digital signatures.
B Example: A user cannot deny sending an email if it has been digitally

SP
signed, ensuring accountability.

CI S CIA Triad:

for The CIA Triad consists of three core security principles: Confidentiality,
Integrity, and Availability. These are foundational in designing, structuring,
es
ot
and implementing security in an organization.

ll N
Key Point: Security today must focus on the CIA principles not just for
information security, but for all organizational assets that represent value.
rn e Goals of Asset Security (not just Information Security):
C o The principles of Confidentiality, Integrity, and Availability apply to all
assets, not just information. These core pillars are used to protect and
add value to any organizational asset that holds significance.10.3

• The CIA Triad forms the core of asset security, protecting organizational assets through
confidentiality (limiting access), integrity (ensuring accuracy), and availability (ensuring
access).
• Authenticity and nonrepudiation extend beyond the CIA Triad, ensuring that assets are
legitimate and actions are accountable.
• These security principles should be applied to all assets that hold value for the
organization, not just data or information.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Five Pillars of Information Security
Five Pillars of Information Security:
• Five Pillars of Information
In addition to the traditional CIA Triad (Confidentiality, Integrity, and
Security
Availability), the security framework now includes Authenticity and
• CIA Triad Nonrepudiation, making these the five key pillars of information security.
• Authenticity
• Nonrepudiation Confidentiality, Integrity, and Availability (CIA Triad):
• Proof of origin These three pillars form the foundation of information security, protecting
• Accountability and data and assets from unauthorized access, ensuring data accuracy, and
responsibility maintaining the availability of assets when needed.
Authenticity:
Ensures that assets, such as documents or communications, are
ti on
legitimate, trusted, and verified. It proves the source or origin of valuable
assets, ensuring they are genuine.
i bu
str
i
Example: Digital certificates or cryptographic signatures verify the
D
for
authenticity of emails or documents.
Nonrepudiation:
t
No
Guarantees that an individual cannot deny the validity of an action or
a,
transaction they performed. This provides accountability and ensures
h
Na
responsibility cannot be disputed.

jeet
Example: A user cannot deny sending a contract if it has been digitally
signed with their private key, providing an auditable trail.

bha
Proof of Origin:
Su
Authenticity is sometimes referred to as "proof of origin," meaning that it
l
Co
confirms the source of the asset, ensuring its legitimacy.

By Example: Verifying the origin of software updates through checksums or

SP
signatures to ensure they haven’t been tampered with.

CI S Accountability and Responsibility:

for Nonrepudiation is key to enforcing accountability. It prevents individuals

from denying their actions, ensuring responsibility for all security-related
es
ot
actions.

ll N
Example: Logging and audit trails ensure that users are held accountable

rn e for any actions or changes made within a system.

C o

• The Five Pillars of Information Security include Confidentiality, Integrity, Availability,

Authenticity, and Nonrepudiation.
• Authenticity verifies the legitimacy and source of assets, while Nonrepudiation
ensures accountability by preventing individuals from denying their actions.
• Together, these pillars provide a comprehensive security framework for protecting all
organizational assets.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security Governance - 1
3. Security Governance:
• Proactive vs. reactive security Security governance involves all activities and programs initiated by the
• Role of leadership in security security function to support and align with corporate governance. The goal
• Governance definition is to enhance organizational value.
Key Point: Security must focus on contributing to the organization's
overall value by supporting corporate initiatives such as risk reduction,
compliance, and operational improvements.
Corporate Governance Alignment:

on
Security must align with corporate governance, ensuring that its
ti
objectives and initiatives support the organization’s goals and objectives.
u
i
This alignment ensures security contributes to organizational value.
r
t to b
Example: Aligning security controls with the organization’s s
D i strategy

o r
protect intellectual property and ensure compliance with regulations like
GDPR or HIPAA.
o tf
Top-Down Management:
N
Security governance must be driven byaa,top-down structure. Senior
management, the Board, and the a h are accountable for corporate
t Nsecurity priorities to ensure alignment
CEO
e
governance, and they must drive
je
a
with the organization's goals.
h
ub must prioritize security to ensure alignment and
Key Point: Leadership
S
oandl Tailoring:
effective governance.
ScopingC
y objectives must be scoped and tailored to align with the specific
P B
Security

I SS goals and objectives of the organization. This ensures that security efforts

r C are relevant and support the overall business strategy.

fo Example: Tailoring security controls for a healthcare organization to meet
es
ot
HIPAA compliance and protect patient data.

ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security Governance - 2
Proactive vs. Reactive Security:
• Proactive vs. reactive security Security should be a proactive enabler, supporting business goals rather
• Role of leadership in security than merely reacting to threats or technical issues. Senior management
• Governance definition must understand the value of security and promote a culture of proactive
security governance.
Example: Implementing regular security audits and employee training to
prevent breaches, rather than only responding to incidents.
Role of Leadership in Security:

on
The effectiveness of security in any organization depends on leadership.
The Board, CEO, and senior management must promote a security
uti
i b
culture, ensuring that security principles are communicated and enforced
tr
throughout the organization.
i s
D to security
r
Key Point: Leadership must demonstrate a strong commitment
o
for it to be adopted organization-wide.
otf
, orNoverseeing processes to
Governance Definition:
a
itshgoals and objectives. Corporate
Governance refers to the act of governing
ensure the organization achieves a
e t N organizational value, while security
governance focuses on increasing
jeby protecting valuable assets and enabling
business success. ha
governance supports this

Example: TheS ubis accountable for corporate governance, ensuring the

ol thrives and meets its strategic goals through effective
CEO
C
organization
y
P B
oversight.

I SS
r C
fo
es
ot
ell N
orn
C

• Security governance must align with corporate governance and be driven by a top-down
structure to effectively support the organization’s goals.
• Leadership plays a crucial role in promoting a security culture, and security should be
proactive, enabling business success rather than just reacting to threats.
• Scoping and tailoring of security initiatives ensure that security supports the specific
goals and objectives of the organization, contributing to overall organizational value.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Understanding Corporate and Security Governance - 1
• Definition of governance
• Purpose of governance
• Corporate governance vs.
government governance
• Role of the Board of
Definition of Governance:
At the heart of governance is the act of leading or directing. Governance
exists to increase the value of an entity, whether it is a country, a region,
or an organization.
Example: Government officials are elected to enhance the value of their
jurisdiction by providing services and meeting constituent needs.
Purpose of Governance:
Governance is implemented to increase the value, prosperity,

on
Directors, CEO, and senior
sustainability, and viability of whatever entity is being governed. In an
management
uti
organization, governance ensures that the organization is operating in a
• Corporate policies
Accountability in governance way that achieves its goals and objectives. tr i b
•
• Top-down approach to
D is
Example: A government is elected to improve services, just as an
security
for
organization’s governance structure ensures business success.
t
No
Corporate Governance vs. Government Governance:
a,
Just as governments are elected to provide governance for a country,
h
Na
organizations also require governance to increase their value. Corporate

jeet
governance is provided by individuals such as the Board of Directors, the

ha
CEO, and senior management.
b
Su
Key Point: Corporate governance ensures that the organization prospers,
l
Co
meets goals, and sustains its viability over time.

By Role of the Board of Directors, CEO, and Senior Management:

SP
The Board of Directors sets the tone for governance by establishing goals

CI S and objectives for the organization. However, they cannot oversee all

for elements of governance continuously, which is why they appoint a CEO to

es be accountable for corporate governance.

ot Key Point: The CEO ensures that all activities and initiatives are aligned

ell N with the organization’s goals and objectives.

orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Understanding Corporate and Security Governance - 2
• Definition of governance
• Purpose of governance
• Corporate governance vs.
government governance
• Role of the Board of
Corporate Policies:
Organizations enact corporate policies (similar to laws) that guide and
direct operations to achieve their goals. These policies help the
organization thrive and ensure that its stakeholders are aligned with its
objectives.
Example: An organization may establish an information security policy to
protect its data and ensure compliance with regulations.
Accountability in Governance:

on
Directors, CEO, and senior
The CEO is directly accountable for corporate governance, ensuring that
management
uti
all initiatives and activities are aligned with the organization’s objectives.
• Corporate policies
Accountability in governance
tr i b
Senior management is responsible for implementing and overseeing these
•
• Top-down approach to activities. D is
security
for
Key Point: Accountability in governance ensures that there is clear
t
No
oversight of all corporate activities and that leadership drives value
creation.
h a,
Top-Down Approach to Security:
Na
jeet
Security in an organization must be driven by leadership. The Board, CEO,

ha
and senior management must promote and adopt good security
b
Su
practices for security to be effective. Without leadership commitment,
l
Co
employees may not recognize the importance of security.

ByExample: Senior leadership promoting a culture of security ensures that

SP
employees follow security protocols and the organization remains

CI S protected.

for
es
ot
ell N
orn
C

• Governance is about leading and overseeing processes to increase value, whether in a

government or an organization.
• Corporate governance, provided by the Board of Directors and CEO, ensures that the
organization thrives. Corporate policies act like laws that guide the organization toward
its goals, and the CEO is accountable for implementing governance activities.
• Security must be driven by leadership in a top-down approach for it to be effective. The
Board, CEO, and senior management play key roles in promoting and ensuring good
security practices. Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Information Security Governance - 1
• Security governance
• Corporate governance
alignment
• Top-down management
• Scoping and tailoring
• Proactive vs. reactive security
3. Security Governance:
Security governance involves all activities and programs initiated by the
security function to support and align with corporate governance. The goal
is to enhance organizational value.
Key Point: Security must focus on contributing to the organization's
overall value by supporting corporate initiatives such as risk reduction,
compliance, and operational improvements.
Corporate Governance Alignment:
Security must align with corporate governance, ensuring that its
objectives and initiatives support the organization’s goals and objectives.
This alignment ensures security contributes to organizational value.
ti on
i bu
Example: Aligning security controls with the organization’s strategy to
tr
protect intellectual property and ensure compliance with regulations like
s
GDPR or HIPAA.
D i
for
Top-Down Management:
t
Security governance must be driven by a top-down structure. Senior
No
management, the Board, and the CEO are accountable for corporate
a,
governance, and they must drive security priorities to ensure alignment
h
Na
with the organization's goals.

jeet
Key Point: Leadership must prioritize security to ensure alignment and
effective governance.
ha
Scoping and Tailoring:
b
Su
Security objectives must be scoped and tailored to align with the specific
l
Co
goals and objectives of the organization. This ensures that security efforts

By are relevant and support the overall business strategy.

Example: Tailoring security controls for a healthcare organization to meet

I SSP HIPAA compliance and protect patient data.

Proactive vs. Reactive Security:
r C
fo Security should be a proactive enabler, supporting business goals rather

es than merely reacting to threats or technical issues. Senior management

ot must understand the value of security and promote a culture of proactive

ll N
security governance.

rn e Example: Implementing regular security audits and employee training to

C o prevent breaches, rather than only responding to incidents.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Information Security Governance - 2
• Role of leadership in security
• Governance definition
Role of Leadership in Security:
The effectiveness of security in any organization depends on leadership.
The Board, CEO, and senior management must promote a security
culture, ensuring that security principles are communicated and enforced
throughout the organization.
Key Point: Leadership must demonstrate a strong commitment to security
for it to be adopted organization-wide.
Governance Definition:
Governance refers to the act of governing or overseeing processes to
ensure the organization achieves its goals and objectives. Corporate
i
governance focuses on increasing organizational value, while security
t on
i bu
governance supports this by protecting valuable assets and enabling
business success.
str
D i
Example: The CEO is accountable for corporate governance, ensuring the

for
organization thrives and meets its strategic goals through effective
oversight. t
No
h a,
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Security governance must align with corporate governance and be driven by a top-down
structure to effectively support the organization’s goals.
• Leadership plays a crucial role in promoting a security culture, and security should be
proactive, enabling business success rather than just reacting to threats.
• Scoping and tailoring of security initiatives ensure that security supports the specific
goals and objectives of the organization, contributing to overall organizational value.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Aligning Security Governance with Corporate Governance
• Security governance
alignment
• Role of senior management
and key functions
• Legal and regulatory
compliance
• Organization Governance
Committee
• Top-down governance
Security Governance Alignment:
Security governance can best be aligned with corporate governance by
leveraging the knowledge and expertise of senior and upper management,
HR, Legal, IT, and key functional areas of the organization.
Key Point: Collaboration between security and these functional areas
ensures that security initiatives support the organization's broader goals.
Role of Senior Management and Key Functions:
Functional areas like Legal provide essential expertise, such as which
laws and regulations the organization must comply with. Senior
management and key functions ensure that security aligns with both
corporate governance and regulatory requirements.

structure
• Alignment of security and
organizational goals
on
Example: Legal helps security understand compliance with data privacy
laws like GDPR, guiding security controls.
uti
Legal and Regulatory Compliance:
tr i b
Drawing on the expertise of the Legal team helps ensure that security
D is
measures comply with relevant laws and regulations. This is a crucial

for
aspect of aligning security governance with corporate governance.
t
Key Point: Legal expertise ensures that security initiatives meet regulatory
compliance standards.
No
Organization Governance Committee:
h a,
Establishing an Organization Governance Committee is the best way to
Na
maintain sound governance that aligns security with organizational goals.

jeet
This committee should include key stakeholders and meet regularly to

ha
discuss security goals and how they align with corporate governance.
b
Example: A governance committee that includes Legal, IT, and HR can
Su
regularly review the effectiveness of security policies and adjust them to
l
Co
meet organizational needs.
Top-Down Governance Structure:
By A top-down governance structure ensures that security objectives are

SP
promoted and aligned with corporate goals. Senior management must set

CI S the tone for governance and ensure that security is seen as a key part of
organizational success.
for Key Point: The governance committee helps reinforce the top-down

es governance approach by regularly reviewing and promoting security

ot initiatives.

ll N
Alignment of Security and Organizational Goals:

rn e The goals and objectives of the security function must be directly

aligned with the overall goals and objectives of the organization. This
C o ensures that security supports the business, rather than operating as a
separate function.
Example: Aligning security goals, such as protecting intellectual property,
with corporate goals, such as innovation and compliance, ensures both
business success and security.
• Security governance aligns with corporate governance through collaboration with senior
management, HR, Legal, and other key functions, ensuring compliance with laws and
regulations.
• An Organization Governance Committee is essential for promoting a top-down governance
structure and ensuring security goals align with corporate objectives.
• The goals of the security function must directly support the organization’s broader goals to
ensure security contributes to business success.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Scoping and Tailoring - 1
Scoping:
• Scoping
Scoping is the process of determining which security control elements
• Tailoring
are in scope (relevant to the organization’s goals, laws, and regulations)
• In-scope vs. out-of-scope
and which are out of scope. Controls that support the organization’s
controls legal, regulatory, and business needs are considered in scope.
Example: In a financial organization, controls related to financial data
protection (e.g., compliance with SOX) would be in scope, while those
unrelated to finance might be out of scope.
Tailoring:

on
Tailoring refines the in-scope security control elements to ensure they
ti
are aligned with the organization’s goals and are cost-effective. Controls
u
i
are customized based on the needs of different functional areas,
tr b
ensuring they provide the most value.
D is
for
Example: Customizing access controls to be stricter in departments
handling sensitive data (e.g., HR or Finance) while maintaining flexibility
t
No
in less sensitive areas.

a,
In-Scope vs. Out-of-Scope Controls:
h
Na
In-scope controls are those that directly support the organization’s

et
objectives and comply with applicable laws and regulations. Out-of-
e
scope controls are not relevant to the organization’s specific goals.
j
ha
Key Point: Scoping ensures that only necessary and relevant security
b
Su
controls are implemented, reducing complexity and cost.
l
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Scoping and Tailoring - 2
• Alignment with organizational
goals
• Cost-effectiveness of
controls
• Security as a proactive
Alignment with Organizational Goals:
Both scoping and tailoring ensure that security controls align with the
organization’s goals and objectives. This alignment helps integrate
security into the broader business strategy.
Example: Aligning data protection controls with the organization’s goal
of maintaining customer trust by ensuring data privacy.
Cost-Effectiveness of Controls:
Tailored security controls should be cost-effective in relation to the
assets they protect. Controls must add value to the organization by

on
enabler being proportionate to the level of risk they address.
• Accountability in governance
ut
Key Point: Tailored security solutions balance protection with cost,i
r i b
avoiding unnecessary expenditure while ensuring adequate protection.
t
Security as a Proactive Enabler:
D is
t for
When security is aligned with business goals and fully supported by
senior management and the Board of Directors, it becomes a proactive
enabler rather than a reactive function.
No
h a,
Example: Regular security audits to prevent issues rather than only

Na
responding to incidents after they occur.

jeet
Accountability in Governance:

bha
While the CEO is accountable for guiding the organization, other roles,
such as the CFO or Data Controller, may also be accountable for
l Su
specific areas, such as financial reporting or data privacy. Security

Co
governance must integrate accountability across all relevant roles.

By Example: The CFO ensuring financial controls are in place and the Data

SP
Controller ensuring compliance with privacy regulations like GDPR.

CI S
for
es
ot
ell N
orn
C

• Scoping identifies which security controls are necessary based on legal, regulatory, and
organizational objectives, while tailoring customizes these controls to be cost-effective
and aligned with business needs.
• Security governance, when aligned with corporate governance, ensures that controls
support business goals and add value.
• Senior management’s commitment is critical to making security a proactive enabler
rather than a reactive function.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Organizational Processes and Security
• Security integration in
processes
• Risk in acquisitions and
mergers
• Risk during divestiture
• Governance committees and
security
• Maintaining security and
compliance
Security Integration in Processes:
Security needs to be an integral part of all organizational processes,
ensuring that the organization is protected across its operations. Security
should not be a separate function but embedded within every process,
from daily operations to strategic initiatives.
Example: Implementing access controls for employees, contractors, and
third parties involved in business processes.
Risk in Acquisitions and Mergers:
Organizations face increased risk during acquisitions and mergers due to
limited visibility and control over the other entity being acquired. The

ti on
security of the acquired company may not be at the same level, exposing
the acquiring organization to threats and compliance risks.
i bu
tr
Example: Conducting thorough security due diligence before finalizing an
s
i
acquisition to identify any vulnerabilities in the acquired company’s
D
for
infrastructure.
Risk During Divestiture:
t
No
Divestiture, or selling off parts of a business, can also pose security
a,
challenges. The process must ensure that sensitive information,
h
Na
compliance obligations, and security controls are maintained during and

et
after the sale of assets.
je
Key Point: Data that is being transferred to new ownership must be
ha
secured, and compliance with regulations must be ensured.
b
Su
Governance Committees and Security:
l
Co
Governance committees that focus on security play a crucial role in
protecting the organization during high-risk processes like acquisitions,
By mergers, and divestitures. They ensure that security policies and risk

I SSP management practices are followed to minimize exposure.

Example: A governance committee regularly reviewing security protocols
r C during an acquisition to ensure that both organizations’ assets are
fo protected.
es
ot
Maintaining Security and Compliance:

ll N
During organizational changes like mergers or divestitures, it is critical

rn e that security and compliance obligations are not compromised. Security

C o teams must ensure that contractual, regulatory, and operational

requirements are upheld to protect the organization.
Example: Ensuring that customer data remains protected and compliant
with regulations like GDPR or HIPAA during the transfer of ownership.

• Security must be embedded into all organizational processes, especially during high-
risk scenarios like acquisitions and divestitures, where visibility and control may be
limited.
• Governance committees with a security focus are essential to protect the organization
during such transitions, ensuring that security and compliance obligations are not
compromised.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Accountability vs. Responsibility
Difference Between Accountability and Responsibility:
• Difference between
Accountability refers to ultimate ownership and liability for an action or
accountability and
decision. Accountability cannot be delegated; the person accountable
responsibility
remains responsible for the outcome.
• Accountability cannot be
Responsibility refers to the actual task or process, and it can be
delegated
• Responsibility can be delegated to others. Multiple people can be responsible for carrying out
delegated specific tasks, but the accountable person or entity remains the same.
• Accountability in corporate Example: A project manager is accountable for the success of a project,
governance but they may delegate responsibilities for specific tasks to team
members.
Accountability Cannot Be Delegated:
ti on
bu
Accountability is held by one person or group and cannot be passed on
i
str
to others. Even if others are responsible for tasks, the accountability
remains with the original accountable person or group.
D i
for
Key Point: The CEO is accountable for the overall security of the
t
No
organization, even if various security responsibilities are delegated to IT

a,
or security teams.
Responsibility Can Be Delegated:
h
Na
Responsibility refers to the execution of tasks or processes and can be

jeet
delegated to others. For example, a security team may be responsible

ha
for implementing security controls, but the CEO remains accountable
b
for ensuring overall security.
l Su
Example: The responsibility for data backups can be delegated to the IT

y Co
department, but the CEO is accountable for ensuring data availability.

B Accountability in Corporate Governance:

SP
In terms of corporate governance, accountability typically lies with the

CI S
for
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Accountability vs. Responsibility
• Functional delegation of
responsibilities
• Major differences between
accountability and
responsibility
Board of Directors, the CEO, and other C-level executives. These
individuals are accountable for the organisation’s success, security, and
value.
Example: If a security breach occurs, the CEO remains accountable for the
outcome, even though specific responsibilities for preventing breaches were
delegated to the security team.
Functional Delegation of Responsibilities:
While accountability rests with senior leadership, delegating responsibilities
to the right teams and individuals is essential for operational efficiency.
Responsibility can be distributed across departments and teams to achieve
organizational goals.
ti on
i bu
Key Point: The effective delegation of responsibilities helps ensure that

str
tasks are completed efficiently while maintaining accountability at the top
level.
D i
for
Significant Differences Between Accountability and Responsibility:
t
Accountability:
No
•
h
Where the buck stops a,
•
t Na and liability
Ultimate ownership
•
je e or group can be accountable
Only one person
a and policies
hrules
•
b
Sets

l Su
Responsibility:

y C•o The doer

B • In charge of a task or process

I SSP • Multiple people can be responsible

r C • Develops plans and implement controls

fo
tes Example: A manager is accountable for their team's performance but can
o delegate responsibilities for specific tasks to team members.

ell N
orn
C

• Accountability refers to ultimate ownership and cannot be delegated, while responsibility

refers to task execution and can be delegated to others.
• Accountability rests with senior management, such as the CEO, for the overall performance and
security of the organization, while responsibilities are often distributed to teams.
• Knowing the difference between accountability and responsibility ensures clarity in
organisational roles and responsibilities..

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Accountability vs. Responsibility - 1

• Accountability of third-party Accountability of Third-Party Service Providers:

service providers Even when an organization outsources functions (e.g., payroll or cloud
• Accountability for data in the services) to a responsible third party, the organization remains
cloud
accountable for its assets. The third party may have contractual
• Ultimate accountability in the
responsibility for protecting data, but the owner of the assets remains
organization
accountable.
Example: A Cloud Service Provider (CSP) is responsible for implementing
security controls, but if a data breach occurs, the data owner is

on
accountable.
Accountability for Data in the Cloud:
uti
Organizations that store data in the cloud are accountable for rthe
t i b
D is
protection of that data, even if the CSP is responsible for safeguarding it.
o r
The owner of the data is liable in the event of a data breach.
f
t
Key Point: Cloud service agreements often shiftoresponsibility but not
accountability. The data owner must ensureN
a , compliance with data
protection regulations.
a h
N
t the
Ultimate Accountability in the Organization:
e
jeevery asset
h a
Upper management, including Board of Directors and the CEO, are

u b
ultimately accountable for in the organization. Senior
S
management is also accountable for the assets they manage within their
ol
respective areas.
C
B y Thewhile
Example: CEO is accountable for the overall security of the

S P
organization, the VP of Finance is accountable for the security of

CIS
financial data.

for
tes
o
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Accountability vs. Responsibility - 2

• CEO and Board CEO and Board Accountability:

accountability Although it is not practical for the CEO to be directly accountable for
• Accountability of senior every asset in a large organization, accountability resides at the top, with
management
the Board and the CEO. In large organizations, accountability for
• Security function
specific assets is distributed among senior management.
accountability
CISSP Tip: On the CISSP exam, if a question asks who is accountable for
a system (e.g., the finance system), the best answer is the VP of Finance
or the next most senior person listed.
Accountability of Senior Management:
ti on
i bu
Senior managers, such as the VP of Finance or CIO, are accountable for
tr
the assets under their control. However, the ultimate accountability still
s
lies with the Board and CEO.
D i
for
Example: While the CFO is accountable for the financial system, the
t
No
CEO retains overarching accountability for organizational assets.
Security Function Accountability:
h a,
Na
The security function is accountable for security governance activities

je et
that are initiated or driven by upper management. The security function

ha
supports the governance framework but is accountable for ensuring that
b
security controls are effectively implemented.
u team is responsible for executing security
l S
Key Point: The security
Coaccountability for security governance lies with upper
policies, but
y
B
management.
P
I SS
C
for
tes
o
ell N
orn
C

• Organizations remain accountable for their assets, even when third-party providers are responsible
for managing them. Accountability for data protection, especially in the cloud, always lies with the
data owner.
• The CEO and Board are ultimately accountable for all organizational assets, but accountability for
specific systems may lie with senior management.
• The security function is accountable for ensuring security governance is implemented but reports to
senior management, who remain accountable for the organization's overall security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Organizational Roles and Responsibilities - 1
• Security as an enabler
• Role of the asset
owner/controller
• Role of the processor
• Organizational security
structure
Security as an Enabler:
The role of security is to enable the organization to achieve its goals and
objectives. Security ensures that assets, processes, and data are
protected, facilitating smooth operations and compliance while
minimizing risks.
Key Point: Security is not just about control but about enabling the
organization to function efficiently and safely.
Role of the Asset Owner/Controller:
The owner or controller of an asset is the person who created, bought,
ti on
or is most familiar with the asset. They are responsible for making
i bu
decisions about how the asset is used and protected.
s r
t database,
i
r Dpolicies.
Example: A department head may be the owner of a customer
fo
making them accountable for its protection and usage
t
Role of the Processor:
N o
a , group
a h Theyresponsible
The processor is the person, function, or for
N The processor implements the
processing data on behalf of the controller.
not make decisions about itst use.
handle the asset but do

je e
decisions made by the controller regarding the asset.
a
h processing payroll data is responsible for
u b
Example: An IT department
ensuring thatSthe data is handled securely, as per the decisions of the
C ol
finance department (controller).

B y
Organizational Security Structure:

I SSPIn an organization, security roles are distributed across various

r C functions. The controller defines the rules for how an asset is used,

s fo while the processor implements those rules, ensuring that the asset is

o te protected according to organizational policies.

ll N
Key Point: Both the controller and processor play critical roles in

rn e ensuring the asset’s security and compliance with organizational

guidelines.
C o

• The role of security is to be an enabler, supporting the organization in achieving its goals by
protecting assets and data.
• The owner/controller of an asset is responsible for making decisions about its protection, while
the processor is responsible for implementing those decisions.
• A clear structure for roles and responsibilities ensures that security governance is maintained
throughout the organization.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Organizational Roles and Responsibilities - 2
• Owners/Controllers/Senior
Management
• Information Systems Security
Professionals/IT Security
Officer
• Information Technology (IT)
Officer
• IT Function
Owners/Controllers/Senior Management (Accountable for):
Ensuring security controls are implemented according to the
organization’s security policy to protect assets.
Determining sensitivity or classification levels of information.
Assigning and determining access privileges for various assets.
Example: The VP of Finance is accountable for determining who can
access financial records and ensuring those records are properly
classified.

on
Information Systems Security Professionals/IT Security Officer
(Responsible for):
uti
r i
Designing, implementing, managing, and reviewing the organization’s
t b
is
security policies, standards, baselines, procedures, and guidelines.

rD
Example: The IT Security Officer develops a policy for password
complexity and reviews compliance regularly. fo
o t for):
,N
Information Technology (IT) Officer (Responsible
a
h solutions that support
Developing and implementing technology
organizational security.
N a
e t professionals
security strategies. aje
Collaborating with IT security to evaluate and implement

Working with the b

h
u Business Continuity Management (BCM) team to
l S continuity during disruptions.
ensure operational
o
y C Theduring
Example: IT Officer implements backup systems to ensure data
B
availability server downtime.

I SSPIT Function (Responsible for):

r C Implementing and adhering to security policies as defined by senior
fo management and security officers.
s
ote
Example: The IT team ensures that all company devices are configured

ll N
to follow encryption policies.

rn e
C o

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Organizational Roles and Responsibilities - 3
• Operator/Administrator
• Network Administrator
• Information Systems Auditors
• Users
Operator/Administrator (Responsible for):
Managing and troubleshooting hardware and software, applying patches
as necessary.
Managing user permissions based on the owner’s specifications.
Administering specific applications and services.
Example: A system administrator applies security patches to a server
and manages access for users based on instructions from the system
owner.

on
Network Administrator (Responsible for):
Maintaining computer networks and resolving network issues. ti
uand
tr i
Installing and configuring networking equipment, such as routers b
switches. is
fo r D issues in
Example: A network administrator troubleshoots connectivity
o t systems.
the office’s wireless network and installs new firewall
Information Systems Auditors (Responsible
, N for):
a
h assurance that security
a
Providing management with independent
tN
objectives and controls are appropriate.
e
aje
Determining whether security policies, procedures, and guidelines are
effective in meetinghorganizational objectives.
b
l Suto senior
Example: An auditor reviews the organization’s security compliance and

C o
reports findings management.

B y (Responsible for):
Users

S PAdhering to security policies set by the organization.

CI S Preserving the availability, integrity, and confidentiality of assets while

for using and accessing them.

es Example: Employees follow guidelines for safe email practices, such as

ot avoiding phishing attacks, and adhere to password policies.

ell N
orn
C

• Owners/Controllers are accountable for setting access policies and ensuring the protection of
organizational assets, while Information Systems Security Professionals design and manage
security policies.
• Various IT roles (IT Officers, Administrators, Network Administrators) implement, manage, and
troubleshoot security solutions, while Information Systems Auditors provide independent
assurance of security effectiveness.
• Users are responsible for adhering to security policies and protecting the assets they use.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Custodians and Owners - 1
• Custodian vs. Owner
• Origin of custodian
• Responsibilities of
custodians
Custodian vs. Owner:
Custodians are responsible for the protection and maintenance of
assets, but they do not own the asset. Owners are accountable for the
asset, including making decisions about its protection and use.
Key Point: Custodians are caretakers who manage assets, while owners
hold ultimate accountability for the asset's security.
Origin of Custodian:
The word custodian comes from "custody," meaning that custodians
hold and protect an asset that belongs to someone else. The custodian
ti on
i bu
is entrusted with protecting the asset's value while it is in their care.
Example: A database administrator (custodian) manages and
s tr ensures
i
rD
the availability of a database, but the data owner is ultimately
accountable for the database.
t fo
Responsibilities of Custodians: o
N assets in their care are
a , that
h the availability, confidentiality, and
Custodians are responsible for ensuring
a
t N or confidential information.
protected. This includes maintaining
e
integrity of assets like databases
je that a database remains accessible to
Example: A custodianaensures
h
S ub
users and that confidential information is not leaked.

C ol
B y
S P
CI S
for
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Custodians and Owners - 2
Accountability of Owners:
• Accountability of owners
• Relationship between Although custodians are responsible for the asset’s day-to-day
custodians and owners management, the owner remains accountable for the overall security
• Role of the security function and value of the asset. If an asset is compromised, accountability lies
with the owner, even if the custodian was directly responsible for the
issue.
Example: If a database becomes corrupted under the custodian’s
watch, the custodian is responsible, but the owner is accountable for
ensuring the custodian had the right tools to protect it.
Relationship Between Custodians and Owners:
t i on
i b u
Owners must ensure that custodians have the necessary tools,
s
and resources to fulfill their responsibilities. Custodians irely
r
t on security
training,

r D for managing
functions to protect assets, while owners are accountable
the effectiveness of those security measures. fo
Key Point: Owners manage accountabilityN
ot
a,
by ensuring custodians are
h
well-equipped to handle their responsibilities.
Role of the Security Function:
t Na
je e the tools, architecture, security controls,
ha for custodians to protect the assets in their care.
The security function provides
b
and knowledge needed
Security makesuit easy for custodians to fulfill their roles and helps
o l S protect their assets.
owners efficiently

B y C The security team provides encryption tools and access

Example:

S Pcontrol systems to custodians to ensure data confidentiality and

CI S integrity.

for
es
ot
ell N
orn
C

• Custodians are responsible for protecting assets in their care, while owners remain accountable for
the overall security and management of those assets.
• The security function equips custodians with the tools and resources they need to protect assets,
ensuring that the custodians can perform their responsibilities effectively.
• Owners must ensure that custodians are well-supported in their roles, as accountability for asset
protection remains with the owner.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Accountability and Responsibility of Various Roles - 1
• Everyone's responsibility for
security
• Role of asset owners
• Role of security professionals
• Importance of
communication in security
Everyone’s Responsibility for Security:
Everyone in the organization has some degree of responsibility for
maintaining security, regardless of their role. Even non-technical roles,
like janitors, have responsibilities such as properly disposing of
confidential documents.
Example: A janitor in a locked office building ensures that sensitive
materials are properly recycled and not left unattended.
Role of Asset Owners:

ti on
Asset owners are accountable for identifying the value of the assets they

i bu
control and determining the appropriate security measures to protect

str
those assets. They are also responsible for communicating who should
protect the assets and how they should do so.
D i
for
Example: The IT manager is accountable for protecting an organization's
t
customer database and defines the security requirements for access.
No
a,
Role of Security Professionals:
h
Na
Security professionals provide advice and guidance on best practices

et
but are not directly responsible for securing assets. Their role is to equip
je
asset owners with the tools and knowledge they need to protect their
assets effectively.
b ha
u professionals enable asset owners but do not hold
Sfor
Key Point: Security
o l
accountability asset protection.
C
By
Importance of Communication in Security:

I SSPAsset owners must communicate security responsibilities clearly to

those involved in protecting assets. This ensures that all personnel
r C
fo understand what needs to be protected and how to go about doing it.

tes Example: An asset owner instructs the IT team on specific encryption

o protocols for data storage and access.

ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Accountability and Responsibility of Various Roles - 2
• Everyone's responsibility for
security
• Role of asset owners
• Role of security professionals
• Importance of
communication in security
• Introduction to security
frameworks
• Aligning security with
Introduction to Security Frameworks:
Security frameworks like NIST, ISO, COBIT, and ITIL provide structured
guidance on how to align the security function with corporate governance.
These frameworks offer comprehensive best practices for managing and
implementing security within organizations.
Key Point: Frameworks provide the blueprint for building and maintaining
security governance aligned with organizational objectives.
Aligning Security with Corporate Governance:

on
corporate governance Security frameworks help ensure that the security function is aligned

uti
with the organization’s overall governance structure. This ensures that
r
security strategies support business objectives and regulatory
t i b
compliance.
D is
for
Example: Using the NIST Cybersecurity Framework to align data
t
protection strategies with business goals and ensure compliance with
regulations like GDPR. No
h a,
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Everyone in an organization has a role in maintaining security, but asset owners hold the
accountability for determining security needs and communicating them.
• Security professionals provide guidance but are not responsible for securing assets.
• Security frameworks such as NIST, ISO, COBIT, and ITIL provide structured guidance for aligning
security practices with corporate governance, ensuring comprehensive protection and compliance.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security Control Frameworks - 1
Purpose of Security Control Frameworks:
• Purpose of security control
frameworks • Security control frameworks aid in the selection of controls for
protecting system components. These frameworks provide best
• Control selection process practices and structured guidance on how to secure organizational
• Major security frameworks assets based on risk management principles.
• COBIT
Example: A security professional may refer to ISO 27001 to determine which
• ITIL controls to implement for securing a data storage system.
• NIST SP 800-53
• PCI DSS Control Selection Process:
• Frameworks help break down systems into components and identify

on
the appropriate security controls for each part. Control selection is
driven by the value of the components and the risk associated with
them. uti
tr i b
its value to the organization and the potential risks it faces. is
Key Point: The security of each system component is determined based on

f o rD
t particularly in audits
COBIT (Control Objectives for Information Technologies):
o
, N that IT management aligns
• COBIT is useful for IT assurance and governance,
a
and gap assessments. It focuses on ensuring
h
with business objectives.
a
Example: COBIT helps auditors tNassess how well an organization’s IT
processes are supporting itsestrategic goals.
h aje Infrastructure Library):
ub for IT service management, focusing on aligning IT
ITIL (Information Technology
S
olwith business
• ITIL defines processes

y C
services
management,
goals. It includes guidelines for change
procurement, and access control, ensuring a well-run IT
Bdepartment.
I SSPExample: ITIL outlines the steps for implementing change management

r C processes to ensure minimal disruption to IT services.

fo NIST SP 800-53 (National Institute of Standards and Technology):

s
ote • NIST SP 800-53 provides a comprehensive set of best practices and

ll N
recommendations for cybersecurity controls in US federal

rn e organizations. It is widely used to improve cybersecurity posture.

C o Example: NIST SP 800-53 offers guidelines for implementing multi-factor

authentication to enhance access security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security Control Frameworks - 2
ISO 27001 & ISO 27002:
• ISO 27001 & ISO 27002
• COSO • ISO 27001 specifies the requirements for an information security
• HIPAA management system (ISMS), focusing on protecting information
• FISMA assets and continuously improving security practices. Organizations
can be certified against ISO 27001.
• ISO 27002 provides guidance for implementing the controls specified
in ISO 27001.
Example: A company looking to strengthen its information security may
implement ISO 27001’s risk management processes and follow ISO 27002

on
for detailed control implementation.
COSO (Committee of Sponsoring Organizations):
u ti
• COSO focuses on improving organizational performance, rib
is
governance, and risk management, particularly in preventing t fraud
and ensuring effective internal controls.
fo rD
Example: COSO is used by organizations to assesst risks related to
financial fraud and improve internal controls.No
HIPAA (Health Insurance Portability and
h a,Accountability Act):
• HIPAA governs the protection N a
Ittmandates that healthcare organizations
of protected health information (PHI)
in the healthcare industry.e
ajeto ensure the confidentiality and security of
implement strict controls
h
ubmust comply with HIPAA to protect patient medical
patient data.
S
l data breaches.
Example: A hospital
records andoavoid
C
y(Federal Information Security Management Act):
B
FISMA

I SS•P FISMA requires US federal agencies and contractors to implement

security programs that protect their operations and assets. It
C
for mandates the documentation and implementation of agency-wide

tes security measures.

o Example: Federal agencies must follow FISMA guidelines to ensure that all

ll N
sensitive data and systems are properly secured.

rn e
C o

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security Control Frameworks - 2
FedRAMP (Federal Risk and Authorization Management Program):
• FedRAMP
• SOX • FedRAMP provides a standardized approach to security assessment
and authorization for cloud products and services used by the US
federal government.
Example: A cloud service provider must be FedRAMP authorized to offer
services to government agencies handling sensitive data.
SOX (Sarbanes-Oxley Act):
• SOX was enacted to prevent financial fraud in public companies and
protect shareholder interests by mandating stronger internal controls
and financial reporting practices.
ti on
b
Example: Public companies must comply with SOX to ensure that their
i u
financial statements are accurate and free from fraud.
str
D i
t for
No
h a,
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Security control frameworks provide structured guidance for selecting and implementing
controls based on the value and risk of system components.
• Major frameworks such as COBIT, ITIL, NIST SP 800-53, PCI DSS, ISO 27001, and HIPAA help
organizations align their security practices with industry standards and regulations.
• Security frameworks enable organizations to ensure compliance, protect sensitive data, and
improve governance and risk management practices.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Due Care vs. Due Diligence
Definition of Due Care:
• Definition of due care • Due care refers to the responsible protection of assets. It
• Definition of due diligence involves ensuring that assets are protected in a manner aligned
• Difference between due care with the organization’s goals and objectives.
and due diligence Example: The owner of a system requests a penetration test to
• Security alignment with identify vulnerabilities in the system and authorizes the remediation
of any vulnerabilities found.
organizational goals
• Proof of due care Definition of Due Diligence:
• Due diligence is the ability to prove due care to stakeholders,
including upper management, regulators, shareholders, and
customers. It demonstrates that due care has been exercised in
protecting assets. ti on
i bu
Example: Providing documentation to management that shows
s r
tin a cost-
i
vulnerabilities from the penetration test were addressed
effective and efficient manner.
f o rD
t
Difference Between Due Care and Due Diligence:
o
•
, N proof
Due care involves taking the necessary steps to protect assets,
were taken and are effective.ha
while due diligence involves providing that those steps

t Na action, while due diligence is

e was taken properly and aligned with the
Key Point: Due care is about taking
organization's goals.aje
about proving that the action

u bh with Organizational Goals:

l S aligns the protection of assets with the organization's
Security Alignment
• Dueocare
C goals and objectives, ensuring that security practices are
yoverall
P B integrated into the broader business strategy.

I SS Key Point: Security practices should support organizational goals,

r C such as maintaining compliance or protecting sensitive data, as part

of due care.
fo
es Proof of Due Care:

N ot • Due diligence involves regularly proving that due care has been
ell
exercised by showing evidence of actions taken to protect
rn
assets. This could include reports, audits, or other

C o documentation.
Example: A security team provides a vulnerability report and
evidence of remediation to stakeholders as part of due diligence.

• Due care is the responsible protection of assets, ensuring that security measures are aligned
with the organization’s goals.
• Due diligence is the proof provided to stakeholders that due care has been exercised, showing
that security measures are in place and effective.
• An example of due care is authorizing a penetration test, while due diligence is providing proof
that the vulnerabilities found were remediated.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cybercrimes and Data Breaches - 1
• Importance of protecting
information and assets
• Fundamental security
questions for organizations
• Understanding the threat
landscape
Importance of Protecting Information and Assets:
Every organization must assess how well its information and assets are
protected. Security professionals must ensure robust measures are in
place to safeguard these critical resources.
Example: A company implements encryption and multi-factor
authentication to protect customer data.
Fundamental Security Questions for Organizations:
Organizations should ask critical questions such as:
• How are our information and assets protected?
ti on
• What are the global security issues affecting our
i bu
organization?
str
D i
for
• What does the current threat landscape look like?

t
No
Key Point: These questions guide the development of an effective
security strategy.

h a,
Na
Understanding the Threat Landscape:

je et
Organizations must stay informed about the current threat landscape

ha
and cybercrime trends to anticipate and defend against potential
attacks. Knowing the tactics used by cybercriminals helps deploy
u b
resources effectively.
l S
Example:oA company keeps track of the rise in ransomware attacks and
C
By its defenses accordingly.
prepares

I SSP
r C
fo
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cybercrimes and Data Breaches - 2
• Cybercrime trends and
effective defense
• Deterring attacks
• Collaboration with
compliance and legal
functions
• Global threat awareness
Cybercrime Trends and Effective Defense:
Effective security strategies can reduce the likelihood of attacks by
making them too costly, time-consuming, or not worthwhile for cyber
criminals. While not all attacks can be prevented, deterrence plays a key
role in minimizing risks.
Key Point: The goal is to avoid being the “low-hanging fruit” that is easy
for attackers to target.
Deterring Attacks:
By implementing robust security controls, organizations can deter
ti on
i bu
attacks by making it difficult or expensive for attackers to succeed.

str
Preventing attacks may not always be possible, but reducing the
likelihood of being targeted is achievable.
D i
for
Example: Implementing strong encryption and regular security updates
t
No
makes an organization a less attractive target for cybercriminals.

a,
Collaboration with Compliance and Legal Functions:
h
Na
Security must collaborate with the compliance and legal functions to

jeet
understand regulatory and legal requirements globally. These factors
influence how security measures are designed and implemented.
a ensures compliance with GDPR regulations
hteam
b
Su data protection policies.
Example: A security
l
while developing
o
GlobalC
y Threat Awareness:
B professionals need to be aware of global threats that can affect
S PSecurity
CI S their organization. Understanding the broader cybercrime landscape

for allows them to respond effectively to potential risks.

es Key Point: Cyber threats constantly evolve, and organizations must stay
ot informed of global risks and trends.

ell N
orn
C

• Organizations must assess how well their information and assets are protected and stay
informed about cybercrime trends and the threat landscape.
• Effective security strategies make attacks too costly, time-consuming, or not worthwhile, thus
reducing the organization’s risk of being targeted.
• Collaboration with compliance and legal functions is essential to ensure security measures
align with global regulations and legal requirements.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Licensing and Intellectual Property Requirements - 1
• Intellectual property laws and
protection
• Goals of intellectual property
laws
• Types of intellectual property
• Trade secrets
Intellectual Property Laws and Protection:
• Intellectual property (IP) refers to intangible products of human
intellect (e.g., inventions, formulas, algorithms, literary works)
protected by law from unauthorized use.
Key Point: IP laws aim to protect these creations to encourage further
innovation and creation.
Goals of Intellectual Property Laws:
• IP laws encourage the creation of intellectual goods by providing
creators with legal protection for their inventions, designs,
literary/artistic works, symbols, and names.
ti on
Example: Patents incentivize inventors to create new products by
i bu
tr
granting them exclusive rights to produce and sell their inventions for a
s
set period.
D i
Types of Intellectual Property:
t f or
o trade secrets,
• The major types of IP protected by law include
patents, copyrights, and trademarks,N
a,
each protecting different
kinds of intellectual property.
h
abut the basic principles of protection
t N
Key Point: IP laws vary by country,
remain consistent globally.e
Trade Secrets: h aje
S
• Trade secrets ubprotect business information that is not publicly
ol These secrets are protected as long as they remain
disclosed.
C
y
confidential.
• BDisclosure Required? No

I SSP• Term of Protection: Potentially infinite

r C
fo • Protects Against: Misappropriation (unauthorized use)

tes Example: Coca-Cola’s recipe is a trade secret protected indefinitely as

o long as it remains confidential.

ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Licensing and Intellectual Property Requirements – 2
Patents:
• Patents
• Copyrights • Patents protect novel ideas or inventions by granting exclusive
rights to the inventor for a set period of time, usually 20 years. This
• Trademarks
allows the inventor to make, use, or sell the invention without
competition.
• Disclosure Required? Yes
• Term of Protection: Set period (e.g., 20 years)
• Protects Against: Making, using, or selling the invention

on
Example: A pharmaceutical company holds a patent for a new drug,
preventing others from producing it for 20 years.
u ti
Copyrights:
r i b
t such
s
• Copyrights protect the expression of ideas fixed in aimedium,
as books, movies, music, or software. It grants the D
rights to reproduce, distribute, and display thefo
r creator exclusive
o t work.

,lifeNof the author plus 70 years)

• Disclosure Required? Yes

h
• Term of Protection: Set period (e.g.,a
• Protects Against: Copying N or a
et protects their novel from being copied
creating substantially similar work

je
Example: An author’s copyright
without permission.ha
Trademarks: u
b
S
C ol protect symbols, sounds, colors, or designs that
• Trademarks
B y
distinguish one product or company from another, such as logos or

S P brand names.

CI S • Disclosure Required? Yes

for • Term of Protection: Potentially infinite (as long as it is in use)

es • Protects Against: Creating confusion between brands/products

N ot Example: The Nike "swoosh" logo is trademarked to distinguish it from

rn ell other brands.

C o

• Intellectual property laws protect intangible creations (inventions, literary works, symbols)
from unauthorized use to encourage innovation and creativity.
• Different forms of IP protection include trade secrets, patents, copyrights, and trademarks,
each offering unique protections based on the type of intellectual property.
• Trade secrets have no disclosure requirement and can be protected indefinitely, while patents,
copyrights, and trademarks have varying terms of protection and disclosure requirements.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of import/export
controls
• The Wassenaar Arrangement
• International Traffic in Arms
Regulations (ITAR)
• Export Administration
Regulations (EAR)
• Cryptography and national
security
Import/Export Controls
Definition of Import/Export Controls:
• Import/export controls are country-based regulations governing
which products, technologies, and information can move across
borders. These rules are implemented to protect national security,
individual privacy, and economic well-being.
Example: A country might restrict the export of advanced technology or
encryption software to prevent it from falling into the hands of hostile
nations or terrorist groups.
The Wassenaar Arrangement:
• The Wassenaar Arrangement is an international agreement that
manages the trade of cryptographic systems and related technology. It
balances trade facilitation with the need to prevent cryptography
ti on
from reaching malicious actors like terrorists.
i bu
str
Participating countries can exchange cryptographic systems of any

D i
strength, but non-member countries are excluded from such exchanges.
Key Point: Cryptography plays a critical role in military and government
for
communications, making it a sensitive technology for international trade.
t
No
International Traffic in Arms Regulations (ITAR):
• ITAR is a US regulation that controls the export of military items listed
a,
on the United States Munitions List (USML), which includes weapons
h
Na
such as missiles, rockets, and bombs. The regulation is enforced by

et
the US Department of State, Directorate of Defense Trade Controls
(DDTC).
je
bha
Example: A US defense contractor must comply with ITAR when exporting
military-grade equipment to foreign governments.
l Su
Export Administration Regulations (EAR):

Co
• EAR regulates the export of commercial-use items like computers,

By lasers, and marine products. While the items are typically commercial,
they may have military applications, which brings them under the

I SSP scope of EAR. It is administered by the US Department of Commerce,

Bureau of Industry and Security (BIS).
r C Example: A company that exports computers capable of high-level data
fo processing for both commercial and military purposes must adhere to
es
ot
EAR regulations.
Cryptography and National Security:

ell N • Cryptography is heavily utilized in military and government

orn communications, making it a critical technology for national security.

Many countries restrict the export and import of cryptographic tools to
C prevent them from being used by malicious actors.
Key Point: Global laws manage the flow of cryptographic systems to
ensure they are not used against national interests while allowing secure
trade among participating countries.

• Import/export controls protect national security by regulating the movement of sensitive

technologies and information across borders.
• The Wassenaar Arrangement governs the trade of cryptographic systems, balancing trade with
the need to prevent unauthorized access by non-member countries.
• ITAR controls the export of military-grade items, while EAR covers commercial items with
potential military uses.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Transborder Data Flow - 1
• Definition of transborder data
flow laws
• Legal implications of cross-
border data sharing
• Data residency and
localization laws
Definition of Transborder Data Flow Laws:
Transborder data flow laws are regulations that restrict the transfer of
data across country borders. These laws aim to protect personal data
and ensure that data remains within a country’s physical borders,
particularly for privacy and security reasons.
Key Point: Many transborder data flow laws apply specifically to the
protection of personal data.
Legal Implications of Cross-Border Data Sharing:
When data is shared across international borders, organizations must
consider the applicable laws in both the source and destination
ti
countries. Legal requirements in one country may differ from those in on
another, which can complicate compliance.
i bu
str
i
Example: A company must ensure that its transfer of customer data from
D
for
Europe to a non-EU country complies with GDPR requirements.
Data Residency and Localization Laws: t
No
a,
Data residency regulations require that specific types of data, often
h
personal data, remain within the country’s physical borders. Data

Na
localization laws go further, requiring that data is stored and processed

et
locally within a country.
je
ha
Key Point: These laws are designed to protect the personal data of
b
citizens by keeping the data within regions with stronger privacy
Su
protections.
l
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Transborder Data Flow - 2
• Challenges of sharing data
across borders
• Examples of transborder data
regulations (GDPR)
• Variability of privacy laws by
country
Challenges of Sharing Data Across Borders:
One of the key challenges with transborder data flow is managing
compliance across multiple jurisdictions, particularly with the rise of
global cloud services and service providers. Organizations must track
where data is stored and ensure compliance with local laws.
Example: A multinational company using global cloud services must
ensure that data of European citizens is processed within the EU, per
GDPR requirements.
Examples of Transborder Data Regulations (GDPR):
The General Data Protection Regulation (GDPR), enacted in May 2018, is
a notable example of a data residency regulation. It mandates that ti on
i bu
personal data of EU citizens be stored and processed only within the EU
unless certain safeguards are met.
str
D i
for
Key Point: GDPR is one of the most stringent data protection regulations,
with strict penalties for non-compliance.
t
Variability of Privacy Laws by Country:
No
h a,
Privacy laws differ significantly across countries. Some countries have

Na
stringent laws that protect personal data, while others may have weaker

et
protections. This variation has led to the development of transborder data
je
flow laws to prevent data from being transferred to countries with weaker
a
bhan EU citizen may not be processed in a country with
privacy protections.
Example: Data u
S from
l protection
o
weaker data laws unless proper safeguards are in place.

B yC
S P
CI S
for
es
ot
ell N
orn
C

• Transborder data flow laws restrict the movement of personal data across borders to protect
privacy, often requiring that data remain within the country’s borders.
• Compliance with data residency and localization laws is critical when sharing data across
international borders, especially given the variability of privacy laws between countries.
• GDPR is an example of a strict data residency regulation that protects the personal data of EU
citizens by limiting cross-border data transfers.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Privacy

• Definition of privacy Definition of Privacy:

• Definition of personal data
• Importance of privacy in
asset protection
• Impact of privacy breaches
• Privacy laws and regulations
• Role of legal departments
and security function
Privacy refers to the state of being free from observation or disturbance
by others. It is a fundamental right for individuals to control access to their
personal information.
Example: Ensuring that a person’s sensitive data, such as their medical
history, is not shared without their consent.
Definition of Personal Data:
Personal data is any information that can uniquely identify an individual,
either on its own or in combination with other information. This can
include names, addresses, social security numbers, or even IP addresses.

on
Key Point: Personal data is valuable and must be protected to prevent
misuse.
uti
Importance of Privacy in Asset Protection:
tr i b
Privacy is a critical aspect of information security, especially in today's
is
digital age. Personal data collected from clients or website visitors is
D
for
considered an organizational asset and must be protected like any other
valuable asset.
t
No
Key Point: A privacy breach can lead to financial losses, legal

a,
consequences, and reputational damage for an organization.
Impact of Privacy Breaches:
h
Na
If personal information is disclosed due to a breach or negligence, it

jeet
harms the individual whose data was exposed and can also lead to
significant penalties or reputational damage for the organization. In some
ha
cases, the business may not recover from the breach.
b
Su
Example: A data breach exposing customer credit card information can
l
lead to regulatory fines and loss of customer trust.
Co
Privacy Laws and Regulations:
y
BPrivacy laws vary significantly across the globe, with different countries

SP
and regions having their own definitions of personal data and

CI S requirements for protecting it. Organizations must comply with the

relevant privacy regulations in each jurisdiction they operate in.
for Example: The GDPR in the European Union enforces strict regulations on

es how personal data is collected, processed, and stored.

ot Role of Legal Departments and Security Function:

ll N
When dealing with personal data, organizations must collaborate closely

rn e with their legal departments to identify all applicable privacy laws and
regulations. After consulting with legal experts, the security function is
C o responsible for implementing the appropriate security controls to ensure
privacy.
Key Point: Security is essential for achieving privacy—without strong
security controls, privacy cannot be guaranteed.

• Privacy is the state of being free from unwanted observation, and personal data includes any
information that uniquely identifies an individual.
• Protecting personal data is essential for compliance with privacy laws and to safeguard the
organization's reputation and value.
• Organizations must work with legal departments to understand applicable privacy regulations,
while the security function ensures proper controls are in place to protect personal data.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Definition of Privacy - 1
• Definition of privacy
• Privacy laws and regulations
• Impact of unauthorized
disclosure
Definition of Privacy:
Privacy is the state or condition of being free from observation or
disturbance by others. It is a fundamental right recognized in privacy
laws worldwide, ensuring individuals' personal information is protected
from unauthorized use.
Key Point: Privacy laws exist to prevent the misuse of personal data,
often referred to as Personally Identifiable Information (PII).
Privacy Laws and Regulations:
Privacy laws, like GDPR in Europe, are becoming increasingly common

ti on
and stringent around the world. These laws require organizations, both in
government and private sectors, to implement security controls to
i bu
protect personal data.
Example: GDPR mandates that companies must protect ithe s r
tpersonal
data of EU citizens and report data breaches within r 72D
hours.
t f o
Impact of Unauthorized Disclosure:
o
If personal data (PII) is disclosed, both theNindividual whose data was
h a, the breach are affected. The
exposed and the organization that allowed
Na and the organization may face legal
individual’s privacy is compromised,
t
je e suffering a data breach of patient
and reputational consequences.
Example: A healthcare a
hsignificant
provider
records could face
reputation. Su
b fines and lawsuits, damaging its

C ol value.
the organization’s
B y
S P
CI S
for
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Definition of Privacy - 2
Importance of Privacy Protection:
• Importance of privacy
protection Organizations must shield personal data to comply with privacy laws
and protect their value. Proper security controls help avoid unauthorized
• Consequences of privacy
disclosures, which can lead to penalties and loss of trust.
breaches
• Personal data protection and Key Point: Privacy protection is not just about avoiding legal issues—it's
compliance also about maintaining the trust and value of the organization.
Consequences of Privacy Breaches:
The consequences of a breach include fines, liability, reputational
damage, and, in some cases, operational failure. For certain industries,
like incident response companies, a privacy breach can severely harm
ti on
their ability to offer services.
i b u
Example: An incident response firm that experiences a privacy
s tr breach
i
may lose credibility and business, potentially leading to its downfall.
Personal Data Protection and Compliance:
fo rD
Organizations must implement perfect security o t controls to comply
a , N data isassessing
with stringent privacy laws. This involves regularly data

a h
protection measures to ensure that personal well protected.

e t N laws
Key Point: Compliance with privacy is crucial to protect both

aje
personal data and the organization’s value.
h
S ub
C ol
By
I SSP
r C
fo
es
ot
ell N
orn
C

• Privacy refers to the protection of personal data from unauthorized observation or disturbance,
and it is a key aspect of privacy laws like GDPR.
• Unauthorized disclosures of personal data impact both the individual and the organization,
leading to legal consequences and reputational harm.
• Protecting personal data is essential for compliance with privacy laws and maintaining the
value and trust of the organization.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of personal data
• Categories of personal data
• Variability in definitions of
personal data
• Examples of personal data
• Direct and indirect identifiers
• Impact of location on
personal data classification
SPExamples of personal data include IP addresses, email addresses,
CI S
for
s items as personal data can change depending on the context.
ote
ell N
rn
C o
Personal Data - 1
Definition of Personal Data:
Personal data is any information that can be used on its own or in
combination with other data to identify an individual. This can include
names, addresses, telephone numbers, and more.
Key Point: Personal data varies by context and legal jurisdiction, making
it difficult to have a universal definition.
Categories of Personal Data:
Personal data is categorized in several ways:
• PI (Personal Information)
ti on
• PII (Personally Identifiable Information)
i bu
str
• SPI (Sensitive Personal Information)
D i
• PHI (Protected Health Information)
fo r
Example: PHI refers to any health-related data t
o that identifies an
individual, such as medical records.
, N
h aData:
a
Variability in Definitions of Personal
Nvaries
t
e a telephone
a je
The definition of personal data
For example, in one jurisdiction,
significantly around the world.
number might be
b
considered personal h data, while in another, it may not be.
S u
uniqueC ol based privacy
Key Point: Different
ways
laws and regulations define personal data in
on cultural, legal, and regional considerations.
By of Personal Data:
Examples
telephone numbers, and more. However, the classification of these
Example: A business phone number is generally not considered
sensitive, as it is meant to be public, while a personal phone number is
private and requires protection.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Definition of personal data
• Categories of personal data
• Variability in definitions of
personal data
• Examples of personal data
• Direct and indirect identifiers
• Impact of location on
personal data classification
Personal Data
DDirect and Indirect Identifiers:
Direct identifiers can immediately identify an individual (e.g., a Social
Security number).
Indirect identifiers can be combined with other data to identify
someone (e.g., an IP address in combination with login details).
Key Point: Different types of personal data fall under direct or indirect
identifiers, impacting how they are protected by law.
Impact of Location on Personal Data Classification:

t
Depending on the location or jurisdiction, what constitutes personali on
i bu
data can vary. This variation affects how organizations protect and
str
manage data globally, leading to complexities in compliance with local
regulations.
D i
t for
Example: A company operating in the European Union must treat IP
No
addresses as personal data under GDPR, while this might not be
required in other regions.
h a,
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

•Personal data includes any information that can be used to identify an individual, but its
definition and classification can vary across regions and laws.
•Categories of personal data include PII, PHI, and SPI, with varying levels of sensitivity.
•Personal data can be direct (immediately identifying) or indirect (requiring combination
with other data), and its classification can depend on the legal context and location.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Direct and Indirect Identifiers
Direct Identifiers:
• Direct identifiers
• Indirect identifiers Direct identifiers are pieces of information that can uniquely identify an
individual on their own, such as their name, address, or government ID
(e.g., Social Security Number, driver’s license).
Examples:
• Name
• Phone number

on
• Government ID (SIN, SSN)
• Biometric data
uti
• Account numbers
tr i b
D is
Indirect Identifiers:
fo r
t
Indirect identifiers are pieces of informationothat, when combined with

a ,andNgeographic
other data, can be used to identify an individual. This includes

a h
descriptors like age, gender, ethnicity, indicators.
Examples:
etN
• Age
h aje
ub
• Gender
S
•olCity, State, Zip Code
C
By • Employment information
I SSP • Medical information

C • Financial information

for
tes
o
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Online Identifiers
Online Identifiers:
• Online identifiers
• Importance of collaboration Online identifiers include data collected during online interactions that
with legal teams can help identify an individual when combined with other information,
• Examples of each category such as IP addresses, cookies, or email addresses.
Examples:
• IP address
• Cookies

on
• Email address
• Certificate/license numbers
uti
tr i b
Importance of Collaboration with Legal Teams:
D is
for
As a security professional, it is crucial to work closely with legal teams
t
No
to clearly define what constitutes personal data and which jurisdictions
and regulations apply. This collaboration ensures that the appropriate

h a,
security controls are implemented in compliance with relevant laws.
a data differently, so clear
Nclassify
t
Key Point: Different regions may
eto align security measures with legal
communication is needed
je
requirements.
b ha
Examples ofS u Indirect, and Online Identifiers:
o l Direct,
DirectC
B y identifiers include easily recognizable personal data like names or
government IDs, while indirect identifiers include demographic data

I SSPsuch as gender and city. Online identifiers like IP addresses or cookies

r C are collected during digital interactions and can be linked to individuals

fo when combined with other data.
s
ote
ell N
orn
C

• Direct identifiers uniquely identify individuals (e.g., name, SSN), while indirect identifiers
require combination with other data (e.g., age, gender).
• Online identifiers include data collected online (e.g., IP addresses, cookies) that, when
combined with other information, can identify individuals.
• Collaborating with legal teams is essential to ensure compliance with privacy regulations and
to define personal data accurately across regions.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Privacy Requirements

• Supervisory authorities Supervisory Authorities:

• GDPR principles
Supervisory authorities are independent authorities in each EU
• OECD privacy principles
member state responsible for ensuring the enforcement of privacy
• Role of supervisory authorities
regulations, such as the GDPR. They investigate privacy complaints,
monitor compliance, and have the authority to impose fines.
Example: In France, the CNIL (Commission Nationale de l'Informatique
et des Libertés) acts as the supervisory authority to oversee GDPR
compliance and investigate data breaches.

on
GDPR Principles:

uti
The General Data Protection Regulation (GDPR) outlines key principles
tr
for data protection that must be followed by organizations handlingi b
personal data of EU citizens. These include:
D is
for
• Lawfulness, fairness, and transparency: Data must be
t
No
processed legally and transparently.

a,
• Purpose limitation: Data should only be collected for specified
purposes.
h
Na data necessary for the
• Data minimization: Only collect
t
intended purpose.
je e
h
• Accuracy: Personal a must be kept accurate and up to date.
data
u b
• Storage limitation: Data should not be kept longer than
S
ol and confidentiality: Ensure proper security measures
necessary.
C
Byare in place to protect personal data.
• Integrity

P An e-commerce company must inform customers about how

SExample:
I S
C longer needed.
their data will be used and ensure that data is deleted once it is no

for
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Privacy Requirements

• Supervisory authorities OECD Privacy Principles:

• GDPR principles
• OECD privacy principles
• Role of supervisory authorities
The Organization for Economic Cooperation and Development
(OECD) established a set of principles that guide privacy protection
globally. These principles include:
• Collection limitation: Limits on the collection of personal data.
• Data quality: Data must be accurate, relevant, and up-to-date.
• Purpose specification: Data should be collected for a clear purpose.
• Use limitation: Data should not be disclosed or used beyond the
purpose for which it was collected.
• Security safeguards: Personal data must be protected with ti on
adequate security measures.
i bu
str
i
• Accountability: Organizations are responsible for complying with
D
for
these principles.

t
Key Point: OECD principles provide the foundation for data protection
laws in many countries, including GDPR.
No
Role of Supervisory Authorities:
h a,
a organizations comply with privacy
Nthat
t
Supervisory authorities ensure
eare responsible for investigating data
je
regulations like GDPR. They
a necessary.
bhwhen
breaches, handling privacy complaints, and enforcing penalties or
u
corrective measures
Example: IflaS
C othe supervisory authority in that country can issue fines or
company violates GDPR by not protecting personal data
y
properly,
B corrective actions.
demand

I SSP
r C
fo
es
ot
ell N
orn
C

• Supervisory authorities are independent bodies in each EU state that oversee compliance with
privacy regulations, investigate complaints, and enforce penalties.
• GDPR principles include lawfulness, data minimization, accuracy, and security, ensuring that
organizations handle personal data responsibly.
• OECD principles serve as the global foundation for data protection laws, focusing on limiting
data collection, ensuring quality, and protecting privacy.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Privacy Policy Requirements - 1
Expectation of Privacy:
• Expectation of privacy
Individuals have a reasonable expectation of privacy when sharing
• Key privacy roles
personal details, such as when booking a hotel or visiting a doctor.
• GDPR Overview
Organizations are responsible for protecting this personal data.
Example: A patient’s medical records should be protected from
unauthorized access when entered into a hospital’s system.
Key Privacy Roles:
Data Owners: Accountable for defining data classification, approving
access, and determining retention and destruction policies.
Types: Data owners, process owners, system owners.
ti on
i bu
Data Custodians: Responsible for protecting data based on input from

str
the owners. They require tools, training, and resources, which are
typically provided by the data owners.
D i
for
Data Processors: Process personal data on behalf of the
t
controller/owner. They must have clearly defined responsibilities.
No
Data Subjects: The individuals to whom the personal data relates (e.g.,
customers, patients).
h a,
Na
Key Point: Each role plays a critical part in the protection and

jeet
management of personal data.

ha
GDPR Overview:
b
The General Data Protection Regulation (GDPR) applies a single set of
Su
rules across all EU member states. It establishes Supervisory
l
Co
Authorities (SAs) in each state to handle complaints and monitor

Bycompliance.

SP
Seven principles of lawful data processing:

CI S Lawfulness, fairness, and transparency

for Purpose limitation

es Data minimization

ot Accuracy

ll N
Storage limitation

rn e Integrity and confidentiality (security)

C o Accountability
Privacy breaches must be reported within 72 hours.
Key Point: GDPR is considered a global benchmark for privacy laws.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Privacy Policy Requirements - 2
• Privacy regulations in
different countries
• Security's role in privacy
compliance
• Key privacy regulations
worldwide
Privacy Regulations in Different Countries:
United States:
Gramm–Leach–Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
Sarbanes–Oxley Act (SOX)
Children’s Online Privacy Protection Act (COPPA)
California Consumer Privacy Act (CCPA)
Canada: Personal Information Protection and Electronic Documents
Act (PIPEDA)
ti on
China: Personal Information Protection Law
i bu
str
South Africa: Protection of Personal Information Act
D i
for
Argentina: Personal Data Protection Law (PDPL)
t
South Korea: Personal Information Protection Act (PIPA)
No
Australia: Privacy Act, Australian Privacy Principles (APPs)

h a,
Security's Role in Privacy Compliance:
Na
et
Security professionals must implement security controls to achieve
je
privacy compliance. Privacy cannot be attained without security, as it
ha
ensures that personal data is protected according to privacy laws.
b
Su
Key Point: Security is the foundation of effective privacy protection.
l
Co
Global Privacy Regulations:

By Privacy laws vary significantly from country to country, but many are

SP
modeled on GDPR. The GDPR is seen as the standard for privacy

CI S regulation and many other countries are shaping their privacy laws

for based on its principles.

es Key Point: Understanding GDPR provides a solid foundation for

ot understanding global privacy regulations.

ell N
orn
C

• Data owners, custodians, and processors have clearly defined roles in managing and protecting
personal data, with GDPR serving as a model for global privacy laws.
• Security professionals are essential to ensuring compliance with privacy regulations by
implementing appropriate security controls.
• GDPR is a global benchmark for privacy laws, and many other countries have or will model their
regulations on its principles.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 OECD Privacy Guidelines - 1

• Purpose of OECD guidelines Purpose of OECD Guidelines:

• Collection Limitation
Principle
• Data Quality Principle
• Purpose Specification
Principle
The Organization for Economic Cooperation and Development
(OECD) has created privacy guidelines to help harmonize national
privacy laws and prevent interruptions in the international flow of data.
These guidelines are not mandatory but represent best practices for
privacy management.
Key Point: OECD guidelines help organizations navigate global privacy
requirements but should not replace specific legal consultations for
compliance.
Collection Limitation Principle:

t
Organizations should limit the collection of personal data to what is
i on
i bu
necessary for providing services. Data should be collected lawfully,
tr
with the knowledge or consent of the data subject when appropriate.
s
D i
Example: A company should only collect customer data needed for

for
processing an order and not request unnecessary details.
t
No
Data Quality Principle:
Personal data must be relevant, accurate, complete, and up to date.
a,
This ensures that organizations maintain high-quality data and prevent
h
Na
errors or misuse.

jeet
Example: A healthcare provider must keep patient records updated to
ensure accurate diagnoses and treatments.
ha
Purpose Specification Principle:
b
Su
The purpose for collecting personal data should be clearly stated at the
l
Co
time of collection. This ensures transparency and builds trust with data
subjects.
By Example: An online retailer should inform customers that their email will

I SSP be used for shipping notifications and not for unrelated marketing.

r C management and protection of personal data.

fo
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 OECD Privacy Guidelines - 2

• Use Limitation Principle Use Limitation Principle:

• Security Safeguards Principle
• Openness Principle
• Individual Participation
Principle
• Accountability Principle
Personal data should only be used for the specific purposes it was
collected for, unless the data subject consents to additional use or it is
required by law.
Example: A company collecting personal data for job applications
should not use that data for marketing without consent.
Security Safeguards Principle:
Organizations must implement reasonable security measures to
protect personal data from loss, unauthorized access, destruction, or

on
modification. Effective security controls are essential to achieve
privacy.
uti
Key Point: Without security, privacy cannot be achieved—security
safeguards protect personal data from breaches. tr i b
Openness Principle:
D is
for
Organizations must maintain a culture of openness and transparency
t
No
regarding how personal data is used. This principle builds trust and
allows individuals to understand how their data is being handled.

h a,
Example: A company’s privacy policy should clearly explain how
Na
customer data is used and provide easy access to that information.

jeet
Individual Participation Principle:

ha
Individuals (data subjects) should have the right to access, update, or
b
request the removal of their personal data. This ensures that individuals
Su
remain in control of their personal information.
l
Co
Example: A customer should be able to request the deletion of their

By account information from an online service.

Accountability Principle:

I SSP Data controllers are accountable for ensuring compliance with the

r C other principles. Organizations collecting personal data are responsible

fo for protecting that information and adhering to privacy regulations.

es Key Point: Accountability ensures that organizations are held

ot responsible for the proper management and protection of personal data.

ell N
orn
C

• The OECD guidelines provide a set of best practices for managing privacy, including principles
for data collection, quality, use, and security.
• These guidelines are not mandatory, but they offer a helpful starting point for developing
privacy policies and aligning with global privacy standards.
• Organizations must consult legal experts to ensure compliance with specific national laws, as
the OECD guidelines alone are insufficient for compliance in all jurisdictions.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Privacy Assessments (PIA/DPIA) - 1
Definition of Privacy Impact Assessment (PIA):
• Steps to conduct a PIA/DPIA
• Regulatory guidance (GDPR, A PIA is a process used by organizations to assess whether personal
ISO/IEC 29134) data is being protected appropriately and to minimize risks to personal
• Article 35 of GDPR data. It identifies risks, evaluates them, and recommends measures to
mitigate them.
Key Point: PIAs ensure that privacy risks are addressed for systems or
processes that handle personal data.

Definition of Data Protection Impact Assessment (DPIA):

ti on
A DPIA is required under Article 35 of GDPR for data processing
i bu
str
activities that pose a high risk to the privacy rights of individuals. It
i
provides a more specific assessment focused on data protection.
D
for
Example: A company using biometric data or large-scale surveillance
t
No
may require a DPIA to assess the privacy risks involved.

h
Importance of Conducting PIAs/DPIAs:a,
a
Norganizations
e t
Conducting a PIA or DPIA helps to:

a je to privacy breaches.
Identify risks related
Implement
u bhcontrols to mitigate those risks.
o l S compliance with privacy regulations (e.g., GDPR).
Ensure
Key y C PIAs and DPIAs are ongoing processes that must be updated
B Point:
Pwhen there are significant changes in data processing operations.
I SS
r C
fo
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Privacy Assessments (PIA/DPIA) - 2
• Steps to conduct a PIA/DPIA
• Regulatory guidance (GDPR,
ISO/IEC 29134)
• Article 35 of GDPR
Steps to Conduct a PIA/DPIA:
1. Identify the Need for a DPIA: Determine if a DPIA is required based
on legislation (e.g., GDPR, industry regulations).
2. Describe Data Processing: Identify what data is being collected,
where it’s coming from, and how it's processed.
3. Assess Necessity and Proportionality: Ensure data collection and
processing align with the goals of the project and respect the rights of
data subjects.
4. Consult Interested Parties: Involve stakeholders such as the data
protection officer, project managers, and possibly data subjects.
ti on
i bu
5. Identify and Assess Risks: Identify risks associated with personal
t
data processing, such as storage security and access control.
s r
D i
6. Identify Measures to Mitigate Risks: Develop controls to address
for
identified risks, such as data retention policies and security controls.
t
No
7. Sign Off and Record Outcomes: Document findings and have them

a,
signed off by relevant stakeholders (e.g., senior management, data
protection officer).
h
Na
et
8. Monitor and Review: Continuously review the PIA/DPIA, especially

je
when changes occur in data processing activities.
ha
Regulatory Guidance (GDPR, ISO/IEC 29134):
b
Su
GDPR Article 35 provides specific requirements for conducting DPIAs,
l
Co
such as assessing the necessity and proportionality of data processing

By and the risks to data subjects.

ISO/IEC 29134:2017 provides a detailed framework for conducting PIAs,

I SSP including how to structure a PIA report.

r C Article 35 of GDPR (Minimum Requirements for a DPIA):

fo The assessment must include:
es
ot
A description of the processing operations and their purposes.

ll N
An evaluation of the necessity and proportionality of data

rn e processing.

C o An assessment of risks to the rights and freedoms of data

subjects.
Measures to address and mitigate risks, including safeguards
and security measures.

• PIAs and DPIAs assess the risks to personal data and help implement controls to mitigate those
risks, ensuring compliance with regulations like GDPR.
• PIAs should be conducted whenever there are significant changes in data processing, and the
results must be documented, monitored, and reviewed regularly.
• Article 35 of GDPR outlines the minimum requirements for DPIAs, including risk assessments
and measures to protect data subjects.privacy assessment process.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Contractual, Legal, and Industry Standards and
Regulatory Requirements - 1
• Compliance requirements
• Legal and regulatory
standards
• Industry standards
• Roles and responsibilities
• Legal, privacy, and
audit/compliance functions
Compliance Requirements:
Organizations must align their security controls with various
contractual, legal, industry, and regulatory requirements to ensure
compliance. Compliance requirements depend on the assets,
industries, jurisdictions, and countries in which they operate.
Key Point: Compliance helps ensure organizations meet legal obligations
and protect assets.
Legal and Regulatory Standards:
Laws: Specific legal obligations based on assets, industries, or
countries.
ti on
Examples:
i b u
s tr
i
HIPAA (Health Insurance Portability and Accountability
Act) for healthcare.
fo r D for data
protection in the EU. o t
GDPR (General Data Protection Regulation)

COPRA (Consumer Online

a , NPrivacy Rights Act) for privacy
rights.
a h
Regulations: Rules specific ttoN
e industries or asset management, often

h aje
for security and international trade.
Examples: b
uITAR
S
l export(International Traffic in Arms Regulations) for
C o control.
By EAR (Export Administration Regulations) for commercial

I SSP goods with military use.

C
for
tes
o
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Contractual, Legal, and Industry Standards and
Regulatory Requirements - 2
• Industry standards
• Roles and responsibilities
• Legal, privacy, and
audit/compliance functions
Industry Standards:
Industry standards provide procedural and technical guidelines
specific to certain industries to guide organizational activities.
Examples:
NIST (National Institute of Standards and Technology) provides a
framework for cybersecurity best practices.
ISO (International Organization for Standardization) offers
standards for information security management (e.g., ISO
27001).
Roles and Responsibilities:
It is essential to clearly define roles and responsibilities related to
compliance. Data owners are accountable for classifying data,
ti on
i bu
approving access, and determining retention/destruction policies, while
others may be responsible for enforcing these controls.
str
i
Key Point: Accountability vs. responsibility—owners are accountable
D
for
for ensuring compliance, while others may be responsible for executing
tasks.
t
No
Legal, Privacy, and Audit/Compliance Functions:

a,
These functions work together to ensure the organization remains
h
compliant with applicable laws and regulations.
Na
Legal function: Determines the organization’s compliance
needs.
jeet
ha
Privacy function: Oversees data protection requirements.
Audit/compliance function: Monitors and ensures compliance
b
Su
through regular audits and assessments.
l
Co
Key Point: Security professionals must collaborate with these functions
to implement the appropriate controls.
By Example of Implementation Process:

SP
Step 1: Legal and privacy teams determine the compliance

CI S requirements based on laws and regulations (e.g., GDPR for EU-based

companies).
for Step 2: The compliance team monitors adherence to these
es requirements.
ot Step 3: The security team advises on and implements the necessary

ell N security controls, such as access control, data encryption, and

rn
monitoring.

C o

• Compliance requirements vary by industry, jurisdiction, and asset type. Legal and regulatory
standards must be met through appropriate security controls.
• Industry standards provide specific guidelines that help ensure security practices are aligned
with industry best practices (e.g., ISO, NIST).
• Collaboration between legal, privacy, and compliance teams is essential for identifying
compliance needs and implementing effective controls.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Develop, Document, and Implement Security Policies,
Procedures, Standards, Baselines, and Guidelines
• Definition of security policies,
procedures, standards,
baselines, and guidelines
• Importance of top-down
approach
• Role of overarching security
policy
• Policy ownership and review
frequency
• Implementation through
standards, procedures,
baselines, and guidelines
Definition of Security Policies, Procedures, Standards, Baselines,
and Guidelines:
Policies: Corporate laws that document management’s goals and
objectives. They communicate the organization's intent regarding
security.
Procedures: Step-by-step instructions detailing how to perform
specific tasks.
Standards: Detailed technical and procedural requirements needed to
comply with policies.
Baselines: Minimum security levels required for systems,
applications, and processes.
ti on
Guidelines: Recommendations or suggestions for implementing
i bu
security best practices.
str
Importance of Top-Down Approach: D i
for
Security policies must be developed with a top-down approach, starting
t
No
from the Board of Directors and CEO. This ensures the policy aligns

a,
with organizational goals and sets the right tone from the top.
h
Key Point: Effective security governance starts with management’s
Na
commitment to the security function and is communicated throughout
the organization.
jeet
ha
Role of Overarching Security Policy:
b
Su
The overarching security policy should clearly state that the CEO and
l
upper management are accountable for protecting all organizational

y Co
assets. It emphasizes that everyone is responsible for security and
asset protection, creating a security culture within the organization.
B
SP
Key Point: This policy should be simple, communicated by the CEO, and

CI S remind employees that security is an organizational priority.

for
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Develop, Document, and Implement Security Policies,
Procedures, Standards, Baselines, and Guidelines
• Definition of security policies,
procedures, standards,
baselines, and guidelines
• Importance of top-down
approach
• Role of overarching security
policy
• Policy ownership and review
frequency
• Implementation through
standards, procedures,
baselines, and guidelines
Policy Ownership and Review Frequency:
Who writes policies? Typically, security professionals, governance
committees, and legal advisors. Policies are then owned by the CEO or
upper management to reflect the organization's goals.
How often should policies be reviewed? The overarching policy does
not need annual review, but functional policies (standards, procedures,
baselines, and guidelines) should be reviewed frequently to stay
updated with evolving risks and technologies.
Implementation Through Standards, Procedures, Baselines, and
Guidelines:
Standards: Provide specific, technical guidance for implementing
ti on
i bu
security controls in line with policies (e.g., encryption standards, access
control standards).
str
D i
Procedures: Offer detailed instructions on how to carry out tasks (e.g.,

for
how to create a secure password).
t
No
Baselines: Define minimum acceptable security measures (e.g.,
minimum patch levels or security configurations).

h a,
Guidelines: Offer suggestions for best practices in areas where

Na
flexibility is needed (e.g., guidelines for remote work security).

jeet
Example of Policy Flow:

ha
Step 1: The CEO communicates the overarching security policy,
b
emphasizing accountability and responsibility across the organization.

l Su
Step 2: Functional security policies are developed for specific areas

y Co
(e.g., access control, data protection).

B Step 3: Standards, procedures, baselines, and guidelines are

SP
implemented to support these policies and ensure they are actionable.

CI S Step 4: Functional policies and controls are regularly reviewed and

for updated to address new risks.

es
ot
ell N
orn
C

• Security policies are critical to aligning security practices with organizational goals, and they
must be communicated top-down from the CEO or Board of Directors.
• Functional policies are supported by standards, procedures, baselines, and guidelines,
which detail how policies are enacted.
• Security policies must be reviewed and updated regularly, especially the standards and
procedures that support the functional policies.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security Document Hierarchy and Creating
Security Policies - 1
• Model for creating and
maintaining security policies
• Security Document Hierarchy
• Role of Security Governance
Committee
Model for Creating and Maintaining Security Policies:
The model for creating security policies involves establishing an
overarching policy, which is supported by functional policies,
standards, procedures, baselines, and guidelines. This hierarchical
model ensures that policies are actionable and aligned with
organizational goals.
Key Point: The Security Governance Committee is typically responsible
for creating and owning the overarching policy.
Security Document Hierarchy (Figure 1-3):
Top Level – Policy:
Created and owned by the Security Governance Committee
ti on
bu
(e.g., a policy mandating the use of anti-malware software).
i
str
Functional Policies:
D i
for
Developed to support the overarching policy, detailing how to
enact the policy (e.g., specifying the version of anti-malware
t
No
software).

a,
Supporting Documents:
h
Na
Standards: Define the technical details, such as software

et
versions.

je
Procedures: Provide step-by-step instructions (e.g., how to
ha
install anti-malware software).
b
Su
Guidelines: Offer recommendations for best practices (e.g.,
l
suggesting the use of heuristics in anti-malware software).

y Co
Baselines: Define minimum acceptable levels of security
B implementation (e.g., the minimum version of software

I SSP required).
Key Point: Each document supports the other to ensure the policy is fully
r C enacted and followed.
fo
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security Document Hierarchy and Creating
Security Policies - 2
• Differences between policies,
procedures, baselines, and
guidelines
• Importance of leadership and
supporting functional policies
Differences Between Policies, Procedures, Baselines, and
Guidelines:
Policy: A high-level statement reflecting the goals and objectives of the
organization (e.g., “All systems must use anti-malware software”).
Procedure: Detailed steps that explain how to implement the policy
(e.g., instructions for installing anti-malware software).
Baseline: Minimum requirements that must be met for compliance
(e.g., the lowest acceptable version of anti-malware software).
Guideline: Recommended best practices that provide flexibility (e.g.,
using heuristic analysis in anti-malware software when possible).
Identifying Documents:
ti on
To differentiate the type of document:
i bu
str
Policy: Addresses what needs to be done.
D i
for
Procedure: Explains how it needs to be done.
t
Baseline: Sets the minimum acceptable security level.
No
Guideline: Suggests best practices that are not mandatory.

h a,
Importance of Leadership and Supporting Functional Policies:
Na
The success of the security policy model depends on strong

jeet
leadership from the Board or CEO. They must work with security to

ha
develop policies and support the necessary functional policies for
b
effective implementation.
Su
Key Point: A lack of commitment from top management can result in
l
Co
failure to implement effective security policies (e.g., if the CEO does not

By prioritize an anti-malware policy, security may fail to protect

organizational assets).

I SSP
r C
fo
es
ot
ell N
orn
C

• The Security Document Hierarchy ensures that overarching security policies are supported by
functional policies, standards, procedures, baselines, and guidelines, all of which work together
to make the policy actionable.
• Leadership from the Board or CEO is essential to the success of the security policy model, and
strong communication is necessary to ensure the entire organization understands its role in
security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Definitions of Policies, Standards, Procedures,
Baselines, and Guidelines - 1
• Definitions of policies, Policies:
standards, procedures, Definition: Documents that communicate management’s goals and
baselines, and guidelines objectives related to security, provide authority for security actions, and
• Examples of each type define the role and scope of the security team. They act as corporate
• Importance of clear definitions laws within the organization.
• Use of each document type Examples:
"All systems must implement multi-factor authentication."
"The organization must follow data encryption standards."
Key Point: Policies must be approved and communicated by

on
management.
Standards:
uti
r i b
Definition: Specific hardware, software, and security solutions that
t
is
must be used to comply with policies. Standards specify exact
D
for
technologies or processes to be implemented.
Examples:
t
No
Specific anti-virus software (e.g., McAfee).
a,
Specific access control system (e.g., Forescout).
h
Na
Specific firewall system (e.g., Cisco ASA).

jeet
Key Point: Published guidelines, like ISO 27001, can be adopted as

ha
organizational standards.
Procedures: b
l Su
Definition: Step-by-step instructions on how to perform specific tasks,

y Co
ensuring mandatory actions are followed. Procedures are essential for
operational consistency and compliance.
B
SP
Examples:

CI S User registration process for new employees.

for Incident response process for handling security breaches.

es Material destruction process for decommissioned systems.

ot Key Point: Procedures detail exactly how tasks are executed and are

ell N mandatory.

orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Definitions of Policies, Standards, Procedures,
Baselines, and Guidelines - 2
• Definitions of policies, Baselines:
standards, procedures, Definition: Minimum security requirements that must be met,
baselines, and guidelines ensuring consistency in security implementations across the
• Examples of each type organization.
• Importance of clear definitions Examples:
• Use of each document type
Configuration requirements for intrusion detection systems.
Access control configurations for network security.
Key Point: Baselines set the lowest acceptable level of security for
systems and processes.
Guidelines:
ti on
i bu
Definition: Recommended or suggested actions that provide flexibility

str
but are not mandatory. Guidelines help organizations align with best
practices without making them hard requirements.
D i
for
Examples:
t
Government recommendations on cybersecurity practices.
No
Security configuration recommendations for systems.

h a,
Organizational best practices for software development.
Na
Key Point: Guidelines allow for flexibility and are not binding, so they

jeet
don’t result in audit failures if not followed.

bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Policies communicate management’s intent and provide authority for security actions,
while standards specify the technical details.
• Procedures provide detailed instructions for completing tasks, and baselines ensure
minimum acceptable security levels.
• Guidelines offer recommendations, providing flexibility without imposing mandatory
requirements.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Identifying, Analyzing, and Prioritizing
Business Continuity (BC) Requirements -1
Business Impact Analysis (BIA):
• Business Impact Analysis (BIA)
• External dependencies Definition: A BIA analyzes the consequences of disasters on an
• Role of BIA in Business organization and determines the priorities for recovery. It gathers
Continuity Management (BCM) critical information to help develop recovery strategies and focuses on
minimizing the impact of disruptions on the business.
• Interdependencies in critical
functions and processes Key Point: BIA is a foundational step in the Business Continuity
Management (BCM) process, as it identifies the essential functions and
the resources required for their recovery.
Example: If a natural disaster impacts an organization's data center, a

on
BIA will help prioritize recovery of critical applications like customer
databases over non-essential systems.
u ti
External Dependencies:
r i b
t that
Definition: Refers to the third-party entities or externalis factors
D its direct
rpartners
are critical to an organization's operations but are beyond
t
control. These can include suppliers, vendors, and fo that
o
,N
provide necessary goods or services for the organization’s critical
functions.
h a
Key Point: Understanding external a dependencies is critical to mapping
out interdependencies between
e t Nrobust
internal functions and external
je
entities, which helps in creating
a
continuity plans.

raw materials, u bhif those company

Example: A manufacturing may rely on external suppliers for
S to continue production.
company'slability
and suppliers are disrupted, it could affect the
o
B yC
S P
CI S
for
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Identifying, Analyzing, and Prioritizing Business
Continuity (BC) Requirements - 2
Role of BIA in Business Continuity Management (BCM):
• Business Impact Analysis (BIA)
• External dependencies The BIA is an integral part of BCM as it helps organizations understand
• Role of BIA in Business the impact of disruptions, assess risks, and prioritize which functions
Continuity Management (BCM) and processes need to be recovered first. By conducting a BIA, an
• Interdependencies in critical organization can align recovery efforts with its most critical operations
and resources.
functions and processes
Key Point: BIA focuses on the consequences of business interruptions
and the timeframe within which critical functions must be restored.
Interdependencies in Critical Functions and Processes:

t
As part of the BIA, organizations must map out the interdependenciesi on
i bu
between internal systems, processes, and external parties (e.g., vendors
str
or third-party services). Understanding these interdependencies is
D i
crucial for developing effective business continuity strategies.

t for
Example: A financial services company may have critical dependencies
No
on its cloud service provider for hosting its applications. Disruptions at

a,
the provider’s end could have a cascading impact on the company’s
services.
h
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Business Impact Analysis (BIA) identifies critical functions and prioritizes recovery strategies in
the event of a disaster, forming a key part of Business Continuity Management (BCM).
• Understanding external dependencies (e.g., vendors, suppliers) and interdependencies
among internal and external processes is essential for creating a comprehensive business
continuity plan.
• Both BIA and external dependencies are covered in-depth in Domain 7, which focuses on BCM
and the role of security in ensuring continuity.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Contributing to and Enforcing Personnel
Security Policies and Procedures - 1
• Personnel security policies
and procedures
• Hiring, onboarding, and
termination processes
• Employment controls and
cost-effectiveness
• Handling security violations
• Managing employee
terminations and resignations
• Employee duress
Personnel Security Policies and Procedures:
Definition: Policies that govern the hiring, onboarding, monitoring, and
termination of employees with the aim of ensuring that personnel
adhere to security standards and minimize the risk of insider threats.
Key Point: These policies help ensure that employees handle
organizational assets responsibly and comply with security protocols.
Hiring, Onboarding, and Terminating Employees:
Hiring Process: Implement background checks and validate employee
credentials to minimize the risk of hiring individuals who may pose a
on
security threat.
uti
tr b
Onboarding: Ensure that new employees receive security training and
i
understand their responsibilities regarding organizational security (e.g.,
use of corporate assets, data handling).
D is
for
Termination Process: On termination, ensure that access to systems
t
No
is revoked immediately, and conduct an exit interview to recover all
company assets (e.g., laptops, ID badges, access cards).

h a,
Example: A terminated employee’s access to corporate networks should
Na
be revoked to prevent potential insider threats.

je et
Employment Controls and Cost-Effectiveness:
Employment controls a(e.g., background checks, security awareness
hshould
b
ucontrols mustbebeimplemented
training, monitoring) to mitigate personnel risks.
S
l risk appetite.
C o
However, these
organization’s
cost-effective and aligned with the

ByPoint: Balancing the cost of implementing employment controls with

Key
Pthe potential risks they mitigate is essential for efficient security
S
CIS
management.

for
tes
o
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Contributing to and Enforcing Personnel
Security Policies and Procedures - 2
Handling Security Violations:
• Personnel security policies
and procedures Potential Violations: When a security violation is identified through
assessments (e.g., unauthorized access, policy violations), the
• Hiring, onboarding, and
organization must respond with appropriate disciplinary actions (e.g.,
termination processes
warnings, suspension, or termination).
• Employment controls and
cost-effectiveness Investigations: Conduct a thorough investigation to understand the root
• Handling security violations cause and mitigate future risks.
• Managing employee Example: If an employee is found to be accessing unauthorized systems,
terminations and resignations their access should be immediately suspended, and an investigation

on
• Employee duress should follow.
Managing Employee Terminations and Resignations:
uti
Employee Terminations: When terminating an employee, follow r i b
t company
is
procedures to immediately revoke access to systems, retrieve
D risks.
assets, and conduct an exit interview to understand
f o r potential
Employee Resignations: Ensure that employees
o t sensitive
who resign are not left

, N
with lingering access to critical systems and that information

ha ensures that there is no

they hold is protected.
a
t N post-employment.
Key Point: Properly managing terminations
e
opportunity for malicious actions
Employee Duress: aje
u bh in which employees are coerced into performing
Definition: Situations
l S due to external pressure or threats. Organizations
shouldC o
malicious actions
have monitoring mechanisms in place to detect unusual
B y
behavior and provide employees with a safe way to report concerns.

S PExample: An employee who feels threatened by external parties to leak

CI S confidential data should have access to whistleblowing mechanisms

for without fear of retaliation.\

es
ot
ell N
orn
C

• Personnel security policies cover the lifecycle of employees from hiring to termination,
ensuring that security risks are mitigated through background checks, onboarding,
and offboarding processes.
• Handling security violations and managing terminations with effective procedures is
critical to reducing the risk of insider threats.
• Organizations should also be aware of employee duress situations and provide safe
mechanisms for reporting concerns.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Personnel Security Policies - 1
• Importance of personnel
security policies
• Candidate screening and
hiring
• Employment agreements and
policy-driven requirements
• Onboarding and offboarding
processes
• Involuntary vs. voluntary
Importance of Personnel Security Policies:
Definition: Clearly documented and communicated personnel security
policies help address the risks associated with employee actions and
ensure the protection of valuable organizational assets. These policies
are implemented through procedures and include a range of security
controls.
Key Point: Security policies define acceptable behavior, responsibilities,
and access controls, ensuring the organization and employees work
together to protect the business.

on
termination 1.8.1 Candidate Screening and Hiring:
• Employee duress
u
New Personnel Risks: Every new hire introduces security risks thatti
must be mitigated through thorough candidate screening and
tr i b
onboarding procedures.
D is
Personnel Security Controls: Examples of controlsrinclude
t o
background checks, access badges, ID cards, facceptable use
o
, Nto sensitive systems, they
policies, code of conduct, and employee handbooks.

a
Example: Before a new hire is given access
h use policies.
a
must agree to and sign off on acceptable

e
1.8.2 Employment Agreements t N and Policy-Driven Requirements:
je a new employee joins, they must review
Onboarding Process:aWhen
h
b policies
and agree to company such as security protocols and
S upolicies
ol of Duties and Job Rotation: These controls are used to
acceptable use before being granted system credentials.

C
Separation
By fraud or policy violations by limiting any one individual’s control
prevent

SPLeast Privilege and Need to Know: These access control principles

over critical functions.

CI S
or
ensure employees have only the minimum access necessary to perform

s f their roles, helping to reduce unnecessary exposure to sensitive data.

o te Key Point: Access control policies are essential to safeguarding sensitive

ll N
assets and maintaining compliance with security policies.

rn e
C o

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Personnel Security Policies - 2
• Importance of personnel
security policies
• Candidate screening and
hiring
• Employment agreements and
policy-driven requirements
• Onboarding and offboarding
processes
• Involuntary vs. voluntary
Offboarding Process:
Voluntary vs. Involuntary Termination:
Voluntary termination typically poses less of a security risk, but
access to systems must still be revoked, and company assets
must be collected.
Involuntary termination, especially if the employee is hostile,
presents a significant security risk. Precautions include revoking
access immediately and escorting the individual from the
premises if necessary.

on
termination
Example: During involuntary termination, a physical security officer
• Employee duress may be present to prevent any attempts to harm company assets.
uti
Employee Duress:
t r i b
Definition: Employee duress refers to a situation where i
ans
D a employee is
forced to perform actions under threat or coercion
fo r
(e.g., bank
manager forced to open a vault under gunpoint). t
ohave mechanisms, such as
N
a,that an employee is acting under
Duress Management: Organizations should
keywords or code phrases, to indicate
h
Na to respond to duress situations is
duress. Training employees on how
t
crucial.
je e environment, employees might use pre-
b
agreed code phrases hato alert others that they are acting under duress,
Example: In a security-sensitive
u
similar to theSchallenge-response
l checks in The Bourne Identity.

y Co
S PB
CI S
for
es
ot
ell N
orn
C

• Personnel security policies address security risks from employees through comprehensive
screening, onboarding, and offboarding processes.
• Employment agreements (such as acceptable use policies) and access control mechanisms
(e.g., least privilege, need to know) are essential in limiting exposure to risks.
• Employee duress scenarios should be managed through training and predefined code phrases
to signal distress and prevent harm to the organization.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Personnel Security Controls - 1
• Personnel security controls
• Job rotation
• Mandatory vacation
• Separation of duties
• Need-to-know and least
privilege
• Onboarding and offboarding
processes
Job Rotation:
•Definition: A control where employees, especially those in key
positions, are rotated to different roles to prevent fraud and
provide cross-training.
•Key Point: Rotating employees ensures no single individual has
continuous control over sensitive functions, making it harder to
commit and hide fraudulent activities. It also helps in building
personnel redundancy.
•Example: A loan officer responsible for approving loans can
ti on
b
be rotated to prevent fraudulent activities like approving loans
i u
for accomplices in exchange for kickbacks.
str
D i
Mandatory Vacation:
t for
•Definition: Employees are required too
N take vacations for a set
period to allow another employee ,to perform their role and
a ha activity.
check for signs of fraud or malicious
e t N ensures that fraudulent
je
•Key Point: Mandatory vacation
activities cannot goaunnoticed, as the substitute employee can
bh
S u
identify any irregularities during the vacation period.
l
Coduring
•Example:
y
vacation
An accountant is required to take a two-week
B potentiallywhich time another employee handles their

SPtransactions.
duties, identifying any hidden fraudulent

CI S
for
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Personnel Security Controls - 2
• Personnel security controls
• Job rotation
• Mandatory vacation
• Separation of duties
• Need-to-know and least
privilege
• Onboarding and offboarding
processes
Separation of Duties:
•Definition: Critical tasks are split between multiple
employees to prevent fraud. This ensures that no one person
has complete control over sensitive processes.
•Key Point: By requiring more than one person to complete a
task, the opportunity for unauthorized actions or fraud is
significantly reduced.
•Example: In the Accounts Payable department, one person
enters vendor payment information while another approves the
ti on
payment to ensure checks and balances.
i bu
str
Need-to-Know and Least Privilege:
D i
t for
•Need-to-Know: Ensures access to sensitive information is
No
restricted to individuals who require it to perform their job.

h a,
•Least Privilege: Grants employees only the minimum
Na
permissions necessary to perform their tasks, reducing
e et
unnecessary exposure to sensitive data.
j
a
hcontrols
•Key Point: These
u b limit the risk of unauthorized access
l S
to critical assets and protect sensitive data from being
Co by those who do not need it.
accessed
y
B
•Example: A financial analyst may have access to certain

I SSPfinancial reports but should not have access to payroll data

r C unless it is relevant to their role.

fo
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Personnel Security Controls - 3
• Personnel security controls
• Job rotation
• Mandatory vacation
• Separation of duties
• Need-to-know and least
privilege
• Onboarding and offboarding
processes
Onboarding and Offboarding Processes:
•Onboarding:
• Identity proofing ensures the proper verification of
new employees before granting access to systems.
• Employees must sign off on security policies and
employment agreements.
• Access provisioning is based on least privilege
and need-to-know principles.
ti on
•Offboarding:
i bu
• Access should be timely removed when an
str
i
employee leaves, especially in cases of involuntary
D
for
termination to mitigate risks of insider threats.
t
No
• Both voluntary and involuntary terminations

h a,
require systematic removal of access to prevent
unauthorized use of company systems.
Na
jeet
•Example: A terminated employee should have their access to

ha
the organization's email and systems revoked immediately
b
upon departure.
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Job rotation and mandatory vacation are personnel security controls designed to detect and
prevent fraud by requiring different employees to take over sensitive roles periodically.
• Separation of duties ensures critical tasks are split between multiple employees, reducing the
risk of fraud or unauthorized actions.
• The least privilege and need-to-know principles restrict access to sensitive information,
ensuring employees have only the access necessary to perform their job.
• Proper onboarding and offboarding processes ensure that employees are granted and removed
from access privileges in a secure and timely manner.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Enforcing Personnel Security Controls - 1
• Enforcement of personnel
security controls
• Role of contracts, NDAs, and
agreements
• Attestation and audit for
compliance
• Extending personnel security
controls to third parties
• Organizational policies for
Enforcement of Personnel Security Controls:
Definition: Personnel security controls are enforced through policies,
contracts, NDAs, and monitoring tools such as attestation and audits.
Enforcement starts at the hiring process, continues through the
employment period, and ends after the employee leaves the
organization.
Key Point: Security policies must align with organizational goals and
include acceptable use policies and other behavior guidelines to
ensure compliance.

on
employees and third parties
Role of Contracts, NDAs, and Agreements:
uti
r i
Contracts and NDAs serve as legal tools that help enforce personnel b
t parties
security controls by requiring employees, contractors, and
is third
D behavior
that could harm the organization.
f o r
to agree not to disclose sensitive information or engage in

Noncompete Agreements (NCA): PreventNemployeesot from competing

with the organization after leaving, thus,protecting sensitive business
information.
a ha
Example: Employees may e
N
betrequired to sign an NDA before being
aje company data.
granted access to sensitive
h
Attestation and b for Compliance:
uAudit
S
l Employees and third parties may be required to formally
C ohaving
Attestation:

By
attest to followed security policies, providing a formal record of
compliance.

I SSPAudit: Regular audits can be conducted to verify compliance with

r C personnel security controls and ensure that both employees and
fo vendors are adhering to established agreements.
s
ote Key Point: These tools help monitor and verify that security controls are

ell N being followed, reducing the risk of noncompliance.

orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Enforcing Personnel Security Controls -2
Extending Personnel Security Controls to Third Parties:
• Enforcement of personnel
security controls Third-Party Security Controls: Personnel security policies should not
• Role of contracts, NDAs, and only apply to employees but also extend to vendors, contractors, and
agreements consultants through contracts, SLAs, and NDAs.
• Attestation and audit for Contracts and SLAs (Service Level Agreements): These documents
compliance outline the expectations, security requirements, and consequences for
• Extending personnel security noncompliance, ensuring third parties adhere to the same security
controls to third parties standards as employees.
• Organizational policies for
Example: A vendor providing IT services may be required to sign a
on
employees and third parties
contract agreeing to comply with the company’s security policies,
ut i
including data protection and access controls.
tr i b
Organizational Policies for Employees and Third Parties:
is
fo
Organizational policies define acceptable behaviors rDand security
requirements for employees and third parties, tincluding guidelines on
acceptable use, separation of duties, andN o rotation.
job
Vendor and Consultant Agreements: h a,These agreements should align
with personnel security policiesato ensure third parties are held
N behavior while interacting with the
tand
e
accountable for their actions
organization.
h aje
u b policies to third parties, organizations ensure
Key Point: By extending
S
l partners are equally responsible for maintaining security.
that external
C o
By
I SSP
r C
fo
es
ot
ell N
orn
C

• Personnel security controls are enforced through a combination of policies,

contracts, NDAs, and auditing tools to ensure compliance across the organization.
• Contracts and SLAs extend these controls to third parties such as vendors and
consultants, ensuring they are held to the same standards as employees.
• Regular attestation and audits provide verification that employees and third parties
comply with organizational personnel security policies.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Understanding and Applying Risk Management Concepts - 1

Definition of Risk Management:

• Definition of risk
management
• Risk management process:
identification, assessment,
prioritization
• Application of resources in
risk management
• Steps: Value, risk, and
treatment
• Challenges faced by
organizations
Risk management is the process of identifying, assessing, and
prioritizing risks to protect organizational assets with limited resources.
It involves applying economical resources to reduce the probability or
impact of these risks.
Key Point: Risk management ensures that organizations protect their
assets while optimizing resource use.
Risk Management Process:
Identification: Identifying potential risks that could negatively affect an
organization's assets or operations (e.g., cyber threats, natural
on
disasters, system failures).
uti
risks to determine their severity. tr b
Assessment: Evaluating the likelihood and potential impact of these
i
D is
Prioritization: Ranking the risks in order of importance based on their
for
potential damage to the organization and determining which risks should
t
No
be addressed first.

a,
Example: An organization may prioritize securing its financial data over
h
securing low-risk, non-critical systems.

Na
Application of Resources in Risk Management:

eet
Economical Application of Resources: Resources such as budget,
j
ha
personnel, and technology must be allocated strategically to minimize
b
risks. This means applying cost-efficient controls that balance the
Su
need for security with available resources.
l
y Co
Key Point: The goal is to implement the most effective controls within
the organization's resource limits, ensuring that critical assets are
B adequately protected without overextending resources.

I SSP
r C
fo
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Understanding and Applying Risk Management Concepts - 2

Risk Management Steps: Value, Risk, and Treatment:

• Definition of risk
management
• Risk management process:
identification,
assessment, prioritization
• Application of resources in
risk management
• Steps: Value, risk, and
treatment
• Challenges faced by
organizations
Value: Understand the value of each asset to the organization. Assets
with higher value or criticality (e.g., customer data, intellectual property)
require more protection.
Risk: Analyze the risk associated with each asset, taking into account
the potential threats and vulnerabilities.
Treatment: Implement appropriate controls or risk mitigation strategies
(e.g., encryption, firewalls) based on the priority of the risk and available
resources.
Example: If customer data is highly valuable, encryption and regular
on
backups may be implemented to protect it from cyber threats.
uti
Challenges Faced by Organizations:
tr i b
is
Limited Resources: Organizations often face challenges in allocating
D
resources due to limited budgets, personnel, or time. This necessitates a
for
strategic approach to risk prioritization and control implementation.
t
No
Balancing Security and Efficiency: The challenge is to find the right

a,
balance between securing critical assets and maintaining operational
h
efficiency without unnecessary expenditure.

Na
Key Point: Risk management helps organizations determine where to

jeet
allocate resources effectively to achieve maximum protection for the

ha
most valuable assets.
b
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

•Risk management involves identifying, assessing, and prioritizing risks to protect assets
within an organization's resource limitations.
•The process includes understanding the value of assets, analyzing potential risks, and
implementing cost-effective risk treatment measures.
•The main challenge in risk management is balancing limited resources with the need to
protect critical assets.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Risk Management and Relationship with Risk and Threat Analysis -2

Relationship Between Risk Management, Risk Analysis, and Threat

• Definition of risk
Analysis:
management
• Risk management process: Risk Management: Involves identifying, assessing, prioritizing, and
identification, mitigating risks to protect an organization’s assets effectively.
assessment, prioritization Risk Analysis: A subset of risk management where specific threats,
• Application of resources in vulnerabilities, impacts, and probabilities are analyzed for each asset
risk management to determine the risks.
• Steps: Value, risk, and
treatment Threat Analysis: Part of the risk analysis process, focused on
identifying potential threats that could harm the asset.
on
• Challenges faced by
organizations Key Point: Risk management relies on risk analysis and threat
u ti
i b
analysis to evaluate potential risks and decide how to treat them.
r
Risk Management Steps: Value, Risk, and Treatment: ist
Definition: The first step in risk management iso
f r D and ranking
identifying
an organization’s assets based on their value
o t to the business.
Methods:
a ,N
Quantitative Analysis: Assigns a ahnumeric value to assets (e.g.,
monetary value).
e tN
Qualitative Analysis:je
h a Assignsimpact.
a subjective value based on factors
b
like importance or business
uorganization's
S
lthan its general employee
Example: An customer database might be more
C o
valuable communication systems.
y
S PB
CI S
for
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Risk Management and Relationship with Risk and Threat Analysis -3

• Definition of risk Risk (Risk Analysis):

management
• Risk management process:
identification,
assessment, prioritization
• Application of resources in
risk management
• Steps: Value, risk, and
treatment
Definition: Once asset value is determined, the next step is
performing risk analysis to identify the risks to those assets.
Key Components of Risk Analysis:
Threat: Any potential danger (e.g., natural disasters, cyberattacks).
Vulnerability: Weaknesses in a system (e.g., outdated software).
Impact: The negative effect on an asset if a threat is realized (e.g., loss

on
• Challenges faced by of revenue).
organizations
ti
ibu
Probability: The likelihood of a risk materializing (e.g., a data breach).
Key Point: Risks are ranked based on their potential impact tand r
likelihood using quantitative or qualitative analysis. is
Treatment: fo rD
ot must decide how to
,N
Definition: After identifying risks, the organization
treat them.
h a
Risk Treatment Methods: a
N (e.g., not moving to a cloud
e tentirely
aje
Avoid: Avoid the risky action
based system). h
S
Transfer: Shift uthebrisk to a third party (e.g., purchasing cyber
C ol
insurance).
B y Reduce the risk by implementing controls (e.g., using
Mitigate:

I SSP firewalls, encryption).

C
or
Accept: Accept the risk, understanding the possible consequences

s f (e.g., acceptingminor operational downtime risk).

o te Key Point: The organization must choose the most cost-effective and

ell N appropriate treatment based on the risk's severity.

orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Risk Management and Relationship with Risk and Threat Analysis - 4

Importance of Asset Valuation:

• Definition of risk
management Understanding the value of assets is crucial in determining which
• Risk management process: security controls to implement. Inefficient controls can erode the
identification, organization’s value.
assessment, prioritization
• Application of resources in Example: Applying a $100,000 security control to a risk that only costs
risk management $1,000 per year is not cost-efficient.
• Steps: Value, risk, and
treatment Risk Analysis Process:
Threat Analysis: Identify potential dangers to the organization.
t i on
u
Vulnerability Analysis: Understand weaknesses that threatsbcould
i
s tr
exploit.
i
o
Impact Analysis: Assess the extent of damage that
f r Dwould occur if a
risk materialized.
o t
a , N of the risk occurring.
Probability Analysis: Evaluate the likelihood
a hfirewall is outdated, the
t Nincreases, and the impact might be a
Example: If a company's network
e
vulnerability of a cyberattack
data breach.
h aje
S ub
C ol
By
I SSP
r C
fo
es
ot
ell N
orn
C

• Risk management involves understanding asset value, performing risk and threat
analysis, and treating risks based on their severity and probability.
• Risk analysis includes assessing threats, vulnerabilities, impact, and probability,
which helps organizations determine how to prioritize and manage risks.
• Risk treatment options include avoiding, transferring, mitigating, or accepting risks,
depending on the cost-effectiveness and organizational strategy.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Importance of asset valuation
• Types of assets: tangible and
intangible
• Qualitative analysis vs.
quantitative analysis
• Characteristics of qualitative
and quantitative analysis
Asset Valuation - 1
Importance of Asset Valuation:
Definition: Asset valuation is the process of identifying and ranking the
valuable assets of an organization, which is a critical first step in risk
management.
Types of Assets: Assets include tangible items (e.g., buildings,
equipment) and intangible elements (e.g., company reputation,
intellectual property).
Key Point: Before risks can be managed, an organization must first
understand which of its assets are the most valuable and prioritize their
protection accordingly.
ti on
i bu
Qualitative vs. Quantitative Analysis:
str
Qualitative Analysis:
D i
for
Characteristics: Focuses on relative ranking of assets using
t
No
subjective measures like "low," "medium," or "high." Does not assign

a,
monetary value to assets.
h
Efficiency: Qualitative analysis is generally faster and simpler to
Na
conduct, relying on professional judgment rather than detailed
calculations.
jeet
b hafor customer-facing
Example: Ranking business processes by criticality, assigning labels

S u
such as "high priority" systems and "low priority" for

ol Analysis:
internal tools.
C
By
Quantitative
Characteristics: Focuses on assigning objective monetary values to

I SSP assets, using data and calculations to quantify risks and asset worth.
r C Challenges: Fully quantitative analysis is time-consuming and difficult

s fo to achieve but provides a precise, data-driven approach to asset

o te valuation.

ll N
Example: Assigning a monetary value to company buildings and
calculating the potential financial loss from natural disasters or
rn e cyberattacks.

C o

•Asset valuation is essential for identifying and prioritizing an organization’s valuable

assets, which forms the foundation for effective risk management.
•Qualitative analysis ranks assets based on relative importance using subjective
measures, while quantitative analysis assigns objective monetary values to assets,
providing a more precise evaluation.
•A combination of both qualitative and quantitative approaches is often used to
efficiently assess an organization’s assets.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Importance of asset valuation
• Types of assets: tangible and
intangible
• Qualitative analysis vs.
quantitative analysis
• Characteristics of qualitative
and quantitative analysis
Asset Valuation - 2
Qualitative Analysis Characteristics:
Relative Ranking System: Uses subjective judgment to rank assets
from most to least valuable based on risk factors.
Descriptive Terms: Uses terms such as low, medium, high or numeric
scales (e.g., 1-5) to express the likelihood or importance of each asset.
Simple and Efficient: Can be quickly implemented without the need for
detailed financial data.
Quantitative Analysis Characteristics:
Assigning Monetary Value: Assets are ranked based on financial value, t i on
i b
helping the organization understand the exact cost of potential risks.u
s r
trequires
i
r Dobjective
Time-Consuming: Conducting a fully quantitative analysis
more time and resources but provides a more detailed,
evaluation of risks.
t f o
o
Nhigh-value assets where
, though
Key Point: Quantitative analysis is useful for
a
a h
precise risk calculations are necessary, it is often used alongside

tN
qualitative methods for efficiency.
e
h aje
Sub
C ol
B y
S P
CI S
for
es
ot
ell N
orn
C

• Asset valuation is essential for identifying and prioritizing an organization’s valuable

assets, which forms the foundation for effective risk management.
• Qualitative analysis ranks assets based on relative importance using subjective
measures, while quantitative analysis assigns objective monetary values to assets,
providing a more precise evaluation.
• A combination of both qualitative and quantitative approaches is often used to
efficiently assess an organization’s assets.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Risk Analysis - 1
• Definition of Risk Analysis:
•Definition of risk analysis
•Steps in the risk analysis Risk analysis is the process of identifying threats and vulnerabilities
process related to an asset, and understanding the probability and impact of
•Role of threats, vulnerabilities, risks occurring.
and assets Key Point: Risk analysis helps organizations evaluate potential dangers
•Importance of involving asset and weaknesses that could harm valuable assets.
owners
•Types of risks: natural, human, • Risk Analysis Steps:
operational, technical, physical
Asset Valuation: Understand the value of the asset to the organization.
on
•Calculating residual risk
ti
Identify Threats: Determine the potential threats that could cause harm
u
i
to the asset (e.g., hackers, natural disasters, insider threats).
r
t be b
i s
D of training).
Identify Vulnerabilities: Assess the weaknesses that could
exploited by these threats (e.g., unpatched systems,r lack
t fo
materializing and the impact it would haveN
o
Analyze Probability/Impact: Calculate the likelihood of the risk
, on the asset.
ha controls, calculate the
Residual Risk Calculation: Afteraapplying
t N persists even after mitigation efforts.
remaining risk (residual risk) that
e
aje
Involvement of Asset Owners:
h
u b owners must be involved in the risk analysis process
S
Importance: Asset
l have the best understanding of the asset's value to the
C o
because they
organization.
By
S PKey Point: Senior management and asset owners provide critical insights
CI S that make the risk analysis more effective and aligned with business
priorities.

for
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


•Definition of risk analysis
•Steps in the risk analysis
process
•Role of threats, vulnerabilities,
and assets
•Importance of involving asset
owners
•Types of risks: natural, human,
operational, technical, physical
•Calculating residual risk
Risk Analysis - 2
Threats and Vulnerabilities:
• Components of Risk:
Asset: Anything of value to the organization (e.g., data, systems,
buildings).
Threat: Any potential danger that could harm the asset (e.g.,
cyberattacks, natural disasters).
Vulnerability: Any weakness that can be exploited by a threat (e.g.,
unpatched software, lack of employee training).
Key Point: Risk exists where a vulnerable asset and a threat overlap,
allowing for potential exploitation.
on
• Types of Risks (Examples):
uti
Natural/Environmental Risk:
tr i b
Threat: Flooding
Vulnerability: Building located on a floodplain D is
Human Risk:
t for
No
Threat: Hacker

a,
Vulnerability: Employees not trained on social engineering attacks
h
Na
• Operational/Process Risk:

et
Threat: Fraud
je
Vulnerability: No segregation of duties in financial processes
ha
• Technical Risk:
b
Su
Threat: Malware
l
Co
Vulnerability: Unpatched software

By • Physical Risk:
Threat: Power outage

I SSP Vulnerability: Lack of backup power

r C Example: A company located in a flood-prone area with no flood defense

fo mechanisms is vulnerable to natural/environmental risks like flooding.

es • Residual Risk:
ot Definition: The remaining risk after controls have been implemented to

ell N mitigate identified threats and vulnerabilities.

orn Key Point: Even with security controls in place, there will always be some
level of residual risk that organizations must decide whether to accept
C or further mitigate.

• Risk analysis involves identifying threats and vulnerabilities, and assessing their
potential impact on assets.Asset owners and senior management must be involved to
accurately assess the value of assets and make risk management effective.
• Residual risk is the risk that remains after mitigation efforts, and it must be carefully
evaluated to determine if it is acceptable to the organization.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Understanding the Full Risk for a Given Asset
Full Understanding of Risk:
• Full understanding of risk: Definition: To fully assess the risk for a given asset, it is not enough to only identify
impact and probability threats and vulnerabilities. The organization must also consider the impact of the
risk and the probability of its occurrence.
• Definition of impact and
probability Key Point: Risk is a combination of threats, vulnerabilities, impact, and
probability, which together determine the potential danger to an asset.
• Relationship between risk,
threat, vulnerability, impact, Impact:
and probability Definition: The negative consequences or damage to the organization if a risk
• Components that fit together materializes. This could include financial loss, reputational damage, operational
disruption, or legal consequences.
to identify risks for an asset
Example: A data breach could result in financial penalties, loss of customer trust,
and legal liabilities for the organization. The impact of this breach would be high.
t i on
Probability/Likelihood:
i b u
s
Definition: The frequency or likelihood that a given risk will occur. This
tr helps in
i
determining how likely it is that a specific threat will exploit a vulnerability.
D of flooding
Example: If a company is located in a flood-prone area, the r
might be high, especially during the rainy season.
t fo probability

Relationship Between Risk, Threat, Vulnerability,o

,assetNbased on its exposure to a threat
Impact, and Probability:

h
Risk: Represents the potential for harm to an a
and its vulnerabilities.
a
N exploit a vulnerability (e.g., cyberattacks,
Threat: Any potential danger thattcould
natural disasters). e
e a threat can exploit to cause harm (e.g., unpatched
jthat
Vulnerability: A weakness
h a
u b power).
systems, lack of backup
S
Impact: The lseverity of the consequences if the risk materializes (e.g., financial loss,
C odamage).
reputational

B y The likelihood that a risk will occur (e.g., frequency of cyberattacks).

Probability:

S PKey Point: These components fit together to help organizations assess the overall
CI S risk to each asset, enabling them to prioritize risks and implement appropriate
controls.

for How They Fit Together

es
ot
Risk is present when a threat can exploit a vulnerability, leading to potential
damage to an asset. The impact of that damage and the likelihood of the event

ll N
occurring further help define the severity of the risk.

rn e Example: A company has an unpatched server (vulnerability) in a high-risk area for

C o cyberattacks (threat). If a cyberattack occurs, it could result in the loss of critical

data (impact). The likelihood of such an attack (probability) is high, which makes this
a high-priority risk.

• To fully understand risk, an organization must consider threats, vulnerabilities,

impact, and probability.
• Impact defines the severity of the consequences if a risk materializes, while
probability assesses the likelihood of the risk occurring.
• These components work together to assess the overall risk to an asset, helping
organizations prioritize and manage risks effectively.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Risk Management Terms
• Risk management core terms
• Definitions of key terms
• Relationships between terms
• Understanding residual risk
• Threat Agent:
Definition: An entity that has the potential to cause damage to an asset.
Example: External attackers (e.g., hackers), internal attackers (e.g., disgruntled employees),
natural disasters.
• Threat:
Definition: Any potential danger that could negatively impact an asset.
Example: A cyberattack, physical theft, or fire that could disrupt business operations.
• Attack:
Definition: A harmful action that exploits a vulnerability.
Example: A phishing attack that exploits untrained employees, or a DDoS attack that exploits
insufficient network defenses.
• Vulnerability:

on
Definition: A weakness in an asset that could be exploited by a threat.

• Risk:
u i
Example: An unpatched server, lack of network segmentation, or insufficient employee training.
t
r i b
Definition: The exposure to a threat or vulnerability, where a weakness in an architecture,
t
process, or asset could be exploited, leading to negative consequences.

D is
Example: The risk of a data breach if there is no encryption or security measures in place.

for
• Asset:

t
Definition: Anything that has value to the organization and needs to be protected.

No
Example: Company data, intellectual property, customer records, physical infrastructure.

a,
• Exposure/Impact:
Definition: The negative consequences that occur if a risk is realized.
h
Na
Examples:* Loss of life, financial loss, reputational damage, legal liabilities, operational

et
downtime.
• Countermeasures and Safeguards:
je
ha
Definition: Controls or actions taken to reduce threats, vulnerabilities, and negative
impacts of risks.
b
Su
Example: Implementing firewalls, encryption, and employee training to mitigate the risk of

l
cyberattacks.

Co
• Residual Risk:

By Definition: The risk that remains after countermeasures and safeguards are implemented.
Key Point: Even after applying controls, some level of residual risk will still remain, which

SP
needs to be assessed to determine if it is acceptable.

CI S Example: After installing firewalls and encryption, there may still be residual risk from zero-day
vulnerabilities or insider threats.

for • Relationships Between Terms

Threat agents (e.g., hackers) exploit vulnerabilities (e.g., unpatched systems) to carry out

es
ot
attacks that cause damage to valuable assets.
The impact or exposure of a risk materializing leads to negative consequences, such as

ll N
financial loss or reputational damage.

rn e Countermeasures are implemented to reduce risks, but residual risk remains even after
these measures are in place.

C o

• Key terms like threat agents, threats, vulnerabilities, and assets are essential in
understanding risk management.Countermeasures help mitigate risks, but residual
risk will always remain, even after implementing controls.Understanding these terms
and their relationships is crucial for effective risk management and mitigation efforts.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Annualized Loss Expectancy (ALE) Calculation
• ALE formula
• Definitions of key
components (SLE, AV, EF,
ARO)
• Example calculation
• Importance of ALE in risk
management
• When to accept risks
ALE Formula:
ALE = SLE (AV x EF) x ARO
This formula calculates the annual expected cost of a specific risk to the organization.
Key Components:
1. Asset Value (AV):
1. Definition: The monetary value of an asset.
2. Example: A CCTV system valued at $2,000.
2. Exposure Factor (EF):
1. Definition: The percentage of the asset's value lost if a risk materializes.
2. Formula:
EF = (Loss/Asset Value) * 100

on
3. Example: If a voltage spike damages 3 cameras, resulting in a $200 loss, EF =

i
10% (since $200 is 10% of $2,000).

ut
b
3. Single Loss Expectancy (SLE):
1. Definition: The cost incurred each time a risk occurs.
tr i
2. Formula:
SLE = AV * EF
D is
for
3. Example: SLE = $2,000 * 10% = $200. This means each voltage spike causes
$200 worth of damage.
t
4. Annualized Rate of Occurrence (ARO):
No
1.
a,
Definition: The number of times a risk is expected to occur per year.
h
2.
a
Example: If voltage spikes happen 3 times a year, ARO = 3.
5. Annualized Loss Expectancy (ALE):N
t
e expected annual cost of a risk.
1.
je
Definition: The total

*a
hALE
2. Formula:
b
ALE = SLE ARO
u system is= $200
S
3. Example: * 3 = $600. The annual cost of voltage spikes for the

Importanceo
l CCTV $600.

• ALEy
C of ALE in Risk Management:

P B provides a quantitative measure of how much a specific risk will cost the organization
annually.

I SS • Key Point: ALE helps organizations decide which security controls are cost-effective and

r C justified based on the potential financial impact of risks.

fo Cost-Justified Controls:

es
ot
• Controls should only be implemented if their cost is less than or equal to the calculated ALE.

N • Example: If a control costs $800 to prevent a risk that has an ALE of $600, it would not be a

ell
good investment. The company might decide to accept the risk instead.

orn When to Accept Risks:

C • Risk acceptance is a valid option if the cost of mitigating controls exceeds the potential
annual loss (ALE).
• Key Point: Asset owners are responsible for making decisions regarding risk acceptance,
ensuring that resources are not spent on controls that are not cost-justified.

•The ALE formula is used to calculate the annual cost of risks by multiplying SLE (single
loss expectancy) by ARO (annual rate of occurrence).
•Understanding the value of assets (AV), exposure factor (EF), and ARO allows
organizations to make informed decisions about risk mitigation.
•Controls should be implemented only when cost-effective, and risks may be accepted
when the control cost exceeds the ALE.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Risk Response/Treatment - 1
• Four approaches to risk
management
• Risk can never be fully
eliminated
• Risk avoidance
• Risk transfer
• Risk mitigation
• Risk acceptance
• Risk ignorance is not a
Four Approaches to Risk Management:
Definition: Risk can be managed in four primary ways:
avoidance, transfer, mitigation, and acceptance.
Each approach depends on the value of the asset and the specific risk
involved.
Risk Avoidance:
• Definition: Stopping or avoiding activities that expose the organization
to risk.
• Pros: Completely removes the risk.
• Cons: May lead to opportunity cost—lost opportunities or gains. Also,
avoidance can sometimes result in other risks arising.

on
valid option • Example: Avoid flying to eliminate air travel risks, but this may increase
driving risks, which could be higher.
uti
•
out on the fun.
tr i b
Diving Board Example: Don't jump off the diving board, but you miss

•
D is
Key Point: Risk avoidance is not usually the first option because

for
companies need to take risks to grow and innovate.
Risk Transfer:
t
•
No
Definition: Shifting the financial responsibility of the risk to another

a,
party, such as through insurance.
•
h
Pros: Can reduce the financial impact of a risk.
•
Na
Cons: Ultimate accountability for managing the risk remains with the

•
organization.
jeet
Example: Purchasing cyber insurance to cover financial losses from a
ha
cyberattack.
b
Su
• Diving Board Example: Get insurance or have someone else jump.
•
l
Key Point: Transferring responsibility does not transfer

y Co
accountability.
Risk Mitigation:
B Definition: Implementing controls to reduce risk to an acceptable
SP
•
level.

CI S • Pros: Reduces the risk to a manageable level; the focus of most risk

for management efforts.

Cons: Can never fully eliminate risk; there will always be residual risk.
es •

ot
• Example: Implementing security controls such as firewalls or

ll N
encryption to reduce the impact of cyberattacks.
• Diving Board Example: Jump from a lower diving board to reduce the

rn e risk of injury.

C o • Key Point: Risk mitigation is where organizations spend most of their

time and resources.

•Four risk management approaches: avoidance, transfer, mitigation, and acceptance.

•Risk mitigation is the most common approach, but some residual risk always remains.
•Risk acceptance should be decided carefully, only when controls are more expensive
than the risk itself.
•Risk ignorance is not an acceptable strategy and can lead to significant consequences.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Risk Response/Treatment - 1
Risk Acceptance:
• Four approaches to risk
• Definition: Accepting the risk when the cost of mitigation exceeds the
management potential impact of the risk.
• Risk can never be fully
eliminated • Pros: May be the most cost-effective option if the risk is minor or the
control is too expensive.
• Risk avoidance
• Risk transfer • Cons: The organization takes on the full responsibility for the risk.
• Risk mitigation • Example: Accepting residual risk that remains after mitigation efforts.
• Risk acceptance
• Diving Board Example: Jump and accept the risk of injury.
• Risk ignorance is not a

on
valid option • Key Point: Risk acceptance should only be decided by senior
management or the asset owner.
u ti
Risk Ignorance:
r i
t andb
• is
Definition: Ignoring a known risk, which is not a valid approach
violates due care and due diligence.
fo r Dthat multiple
•
servers lack antivirus software. This couldo
t
Example: A Chief Security Officer ignores a warning

and severe business consequences., N

lead to malware infections

• a ha and can lead to serious

Key Point: Ignoring a risk is negligent
penalties and reputational
e t Ndamage.
h aje
S ub
C ol
By
I SSP
r C
fo
es
ot
ell N
orn
C

•Four risk management approaches: avoidance, transfer, mitigation, and acceptance.

•Risk mitigation is the most common approach, but some residual risk always remains.
•Risk acceptance should be decided carefully, only when controls are more expensive
than the risk itself.
•Risk ignorance is not an acceptable strategy and can lead to significant consequences.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Applicable Types of Controls - 1
• Definition of a complete
control
• Importance of defense-in-
depth (layered security)
• Seven major types of controls
• Differences between
preventive, detective, and
corrective controls
• Examples of each control
type
Complete Control:
• Definition: A combination of preventive, detective, and corrective
controls working together to protect against risks.
• Key Point: A complete control ensures that an organization can prevent
risks, detect them when they happen, and correct them afterward.
Defense-in-Depth:
• Definition: A layered security approach where multiple controls are
implemented at different layers to protect assets.
on

uti
• Key Point: Each layer of defense should have preventive, detective,
and corrective controls for maximum security.
tr i b
Types of Controls (Table 1-21):
D is
for
1.Directive Controls:

t
1. Definition: Direct or encourage compliance with security
policies. No
h a,
2. Example: A fire exit sign directs people to safety in case of
a fire. Na
jeet
2.Deterrent Controls:
ha
1. Definition: Discourage violations of security policies.
b
Su
2. Example: A private property sign warns of potential danger
l
y Co (e.g., trespassing penalties) to deter unauthorized access.

B 3.Preventive Controls:

I SSP 1. Definition: Prevent undesired actions or events from

r C happening.

fo 2. Example: A fence that prevents people from entering

es
ot
restricted areas or no flammable materials to prevent

ll N
fires.

rn e
C o

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Applicable Types of Controls - 2
1.Detective Controls:
• Definition of a complete
control 1. Definition: Identify if a risk has occurred; they operate after an
• Importance of defense-in- event.
depth (layered security) 2. Example: A smoke alarm detects smoke and indicates a fire
• Seven major types of controls may have started.
• Differences between
2.Corrective Controls:
preventive, detective, and
corrective controls 1. Definition: Minimize the negative impact of an incident and
• Examples of each control help reduce damage.

on
type 2. Example: A fire suppression system that activates after a fire
has started to minimize its spread.
ut i
3.Recovery Controls:
r i b
t to normal
is
rD
1. Definition: Recover and restore a system or process
operations following an incident.
fo
t restoration of systems
2. Example: A data backup policy allows
o
after a failure.
a,N
4.Compensating Controls:
a h
1. Definition: Used in
t N conjunction with other controls to provide
added security e
jeHostorIntrusion
to replace another control if necessary.
h a
b
2. Example: A Prevention System (HIPS)
u on a critical server in addition to a Network
l Sdeployed
C o Intrusion Prevention System (NIPS).

B y of Controls:
Timing

S P•Before an Incident:
CI S • Directive, Deterrent, Preventive, and Compensating controls.

for • Key Point: It is always better to prevent incidents than to deal

es with them afterward.

ot •After an Incident:

ell N • Detective, Recovery, and Corrective controls.

orn • Key Point: Detection and correction ensure an organization

C can respond to incidents effectively.

• A complete control consists of preventive, detective, and corrective controls to

ensure comprehensive security.
• Defense-in-depth ensures that each layer of security has multiple types of controls in
place.
• Preventive controls are the first line of defense, but detective and corrective controls
are necessary for full risk management.
• Understanding and applying the seven types of controls helps create a more robust
security system. Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Categories of Controls
• Safeguards vs.
Countermeasures
• Categories of controls
• Administrative controls
• Logical/technical controls
• Physical controls
• Control examples by
category
Safeguards vs. Countermeasures:
Safeguards:
• Proactive controls that are implemented before a risk occurs.
• Includes: Directive, deterrent, preventive, and compensating controls.
• Example: A firewall that prevents unauthorized access.
Countermeasures:
• Reactive controls implemented after a risk occurs to detect and respond.
• Includes: Detective, corrective, and recovery controls.
• Example: A data backup that helps recover data after a breach.
Categories of Controls (Administrative, Technical, Physical):
Administrative Controls:
• Focus on policies, procedures, and guidelines that govern security practices.

on
• Examples: Background checks, acceptable use policies, and

i
onboarding/offboarding policies.
Logical/Technical Controls:
ut
•
•
Focus on software and hardware mechanisms that protect systems.

tr i
Examples: Firewalls, IPS/IDS, antivirus software, and proxy servers.b
•
is
Key Point: Logical controls are software-based, while technical controls are
D
for
hardware-based.
Physical Controls:
•
t
Protect physical infrastructure and prevent unauthorized access to physical

No
spaces.

a,
• Examples: Fences, gates, guards, CCTV, and bollards.
Detailed Examples
h
Na
Administrative Controls:
• Directive: Policies, procedures, and configuration standards.
•
•
jeet
Deterrent: Guidelines like warning banners or “Beware of Dog” signs.
Preventive: User registration procedures and enforcing login mechanisms.
•

bha
Detective: Reviewing violation reports.
Corrective: Employee termination procedures.

Su
•
• Recovery: Disaster Recovery (DR) plans.
l
Co
• Compensating: Supervision and job rotation.
Logical/Technical Controls:

By •
•
Directive: Configuration standards.
Deterrent: Warning banners on networks.

I SSP •
•
Preventive: Login mechanisms and operating system restrictions.
Detective: SIEM systems (Security Information and Event Management).

r C • Corrective: Unplugging and isolating compromised systems.

fo • Recovery: Data backups and system restores.

s
• Compensating: Keystroke logging and layered defense.

ote Physical Controls:

• Directive: Authorized personnel only signs.

ll N
• Deterrent: "Beware of Dog" signs.

rn e •
•
Preventive: Fences and RFID badges for access control.
Detective: CCTV systems for monitoring.

C o •
•
Corrective: Fire suppression systems.
Recovery: Rebuilding physical structures after damage.
• Compensating: CCTV and keystroke logging.

• Safeguards are proactive, while countermeasures are reactive.

• Controls are categorized into administrative, logical/technical, and physical controls.
• Effective defense-in-depth involves implementing all three types of controls at different
layers.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Functional and Assurance
• Functional aspect of a
control
• Assurance aspect of a
control
• Importance of combining
both functional and
assurance aspects
• Examples of functional and
assurance controls
Functional Aspect:
• Definition: The control must perform the specific function
it was designed for.
• Example: A firewall filtering traffic between different
subnets to prevent unauthorized access.
• Key Point: The control must work as intended to meet the
security need (e.g., controlling network traffic, controlling
physical access).
Assurance Aspect:
• Definition: The control must provide proof that it is ti on
functioning correctly and effectively over time.
i bu
str
• Example: Testing, logging, monitoring, and assessments
D
are used to provide assurance that the control is stilli
working properly.
t for
•
No
Key Point: Assurance provides confidence that the control
ongoing basis. h a,
continues to function properly and can be verified on an

t Na
Combined Aspects at it is designed to do.
• jee that effectively filters network
Example: A firewall
traffic. ha
• Sub
Assurance: The control can be evaluated and tested to
l
Co
ensure it works properly.
ByExample:
• Regular monitoring and audit logs are used
to confirm the firewall continues to block unauthorized
I SSP access.
r C Importance of Combining Both Aspects:
fo
es • A security control should not only perform its intended
ot function but also be tested regularly to ensure it
ll N
continues to work effectively.

rn e • This helps to prevent security gaps from controls that are

C o not functioning as expected.

• Functional controls ensure the security measure performs its intended function.
• Assurance ensures the control is working correctly and can be tested and verified.
• Both aspects are crucial for an effective security control, ensuring it is both operational
and trustworthy over time.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Criteria for selecting
security controls
• Importance of cost-
effectiveness and alignment
• How much security is
enough?
• Measuring control
effectiveness
• Metrics for control
performance
Selecting Controls
Selecting Controls Criteria:
• Cost-Effectiveness:Alignment with Organizational Goals and Objectives:
• The control should support organizational goals, not hinder
operations. Controls should help the business achieve its objectives
while enhancing security.
• Controls must be justified by the value they bring versus the cost of
implementation.
• Example: Implementing a $100,000 security solution for a $5,000
asset would be an inefficient use of resources.
• Complete Control Approach:
• A complete control includes preventive, detective, and corrective
measures. Controls should not only prevent but also detect and
on
correct any issues.
• Example: Firewalls (preventive), Intrusion Detection Systems
uti
threats.
tr i b
(detective), and backups (corrective) work together to protect against

• Functional and Assurance Effectiveness:

D is
for
• Ensure the control does what it is intended to do and can be
t
verified and monitored to ensure it’s still working properly over time.

No
• This ensures a balance between the security function and usability.
•
h a,
Determining Control Implementation:

Na
• How much security is enough?

et
• Striking a balance between security and usability is crucial.
je
Excessive security can hamper productivity, while too little can lead

ha
to vulnerabilities.
•
b
The goal is to optimize security to protect assets without negatively

Su Effectiveness:
impacting the organization's daily operations.
l
CoMetrics:
Measuring Control
•
yUsing

S P B • Metrics help to assess how well controls are performing after

implementation.

CI S • Tailoring Metrics to the Audience: Different metrics are valuable to

different stakeholders:

for • Senior management will focus on high-level, strategic metrics.

es • Operational teams might focus on detailed metrics specific to their

ot
tasks (e.g., uptime, number of incidents).

N • Metrics can originate from sources like internal monitoring,

ell
auditors, and third-party reports.

orn • Examples of Metrics:

C •

•
Incident reduction rates, system downtime, compliance levels,
and cost savings due to improved security.
Each metric should give the audience clear information on the
effectiveness of the controls in place.

• Security controls must align with organizational goals, be cost-effective, and be

implemented in a complete control approach (preventive, detective, corrective).
• Metrics should be used to assess the effectiveness of controls and should be tailored
to the target audience for the best impact.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Continuous Improvement in Risk Management
• The nature of risk
management
• PDCA/Deming Cycle steps
• Continuous risk management
triggers
• Frequency of risk analysis
P• B
S These changes should trigger an update to the organization’s
Nature of Risk Management:
• Risk management is an ongoing process because the business
landscape is constantly changing.
• New assets are introduced, old assets are retired, new threats
and vulnerabilities arise, and the impact of risks fluctuates.
• All of these factors require risk management processes to be
updated continually.
PDCA/Deming Cycle:
• A cycle used for continuous improvement in security processes,
including risk management.
ti on
•
b
Plan: Determine which controls should be implemented based
i u
on identified risks.
str
• Do: Implement the controls. D i
•
t for
Check: Monitor and ensure the controls are working effectively.
• Act: Take corrective actions based Nono monitoring findings,
,
ha
which may loop back to the planning stage for continuous
improvement.
a
t N Updates:
Triggers for Risk Management
e
•
h aje
New assets acquired.
New threatsbor vulnerabilities identified.
Suin the impact or likelihood of existing risks.
•
l
Coregulations or legal requirements apply.
• A change
• yNew

CIS
risk matrix and prompt reevaluation.

for How Often to Conduct Risk Analysis:

tes • The ideal answer is: As often as necessary.

o
ll N
• The frequency will depend on the nature of the business, the

rn e sensitivity of assets, and the risks involved.

C o • Changes in asset value, new threats, or updated laws should

prompt immediate risk reanalysis.

• Risk management is a dynamic, continuous process due to the ever-changing

business environment.
• The PDCA/Deming Cycle is a framework used to continually update and improve risk
management processes.
• A risk analysis should be performed whenever there is a significant change in assets,
threats, or regulations.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Risk Management Frameworks
• Purpose of Risk Management
Frameworks
• Examples of Frameworks
• NIST 800-37 (RMF)
• ISO 31000
• COSO
• ISACA Risk IT Framework
Purpose of Risk Management Frameworks:
• Frameworks provide comprehensive guidance for structuring and
conducting risk management.
• They offer best practices for identifying assets, risks, threats,
vulnerabilities, and developing controls.
• Frameworks help risk managers by providing step-by-step
guidance and a structured approach.
• Instead of starting from scratch, frameworks leverage the collected
wisdom of experts in the field.
ti on
Examples of Risk Management Frameworks:
i bu
str
• NIST SP 800-37 (RMF):
D i
•
t for
Provides a risk management framework for information

No
systems and organizations.
• ISO 31000:
h a,
Na
• Offers a set of standards for best practices in risk

et
management for any organization.
je
ha
• COSO:
b
Su
• Focuses on enterprise risk management (ERM), providing
l principles and guidelines to manage risks at the enterprise
Co level.
yISACA Risk IT Framework:
B •

I SSP • Aligns with COBIT and focuses on risk optimization,

r C cybersecurity, and business value.

s fo
ote
ell N
orn
C

• Risk management frameworks offer structured best practices for identifying and
addressing risks in organizations.
• Common frameworks include NIST SP 800-37, ISO 31000, COSO, and ISACA Risk IT,
each providing different approaches depending on organizational needs.
• Frameworks provide the foundation for efficient, effective, and organized risk
management.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 NIST SP 800-37 Rev. 2 - Risk Management Framework
• Overview of NIST SP 800-37
Rev. 2
• Steps in NIST RMF
• Key Details for CISSP Exam
NIST SP 800-37 Rev. 2:
• Focus of CISSP Exam: NIST RMF is a core framework for operational security
governance, crucial for understanding risk management in organizations.
• Seven Steps in RMF: The risk management process is structured into seven
steps, which guide the security lifecycle of information systems.
Steps in the RMF:
1.Prepare:
1. Plan for RMF implementation by identifying resources, key
stakeholders, and preparing the organization to execute the
framework.

on
2.Categorize Information Systems:
1.
ti
Identify and categorize information systems based on impact on
u
b
confidentiality, integrity, and availability (CIA).
2.
tr i
Questions: "What systems do we have?" "Who owns the data?" "How
sensitive is it?"
D is
for
3.Select Security Controls:
1.
t
After risk assessment, select and tailor security controls

No
(management, operational, technical).

a,
2. Controls are chosen based on system categorization and
organizational needs.
h
Na
4.Implement Security Controls:
1.
je et
Implement selected security controls, ensuring they are documented
in security and privacy plans.
2.
ha
Controls are incorporated into the organization's operational
b
framework.

SuControls:
1.ol Determine whether controls are working as intended through testing
5.Assess Security

y C2. and evaluation.

P B Approval and review of a comprehensive security assessment plan.

I SS 6.Authorize Information System:

r C 1. Senior management reviews the risks, controls, and residual risks to

decide if the system can operate.
fo 2. Authorization is typically linked to milestones in a Plan of Actions &
es Milestones (POA&M).

N ot 7.Monitor Security Controls:

ell
1. Continuous monitoring of controls to ensure they remain effective

rn
over time.

C o 2.
3.
Adapting to new threats, vulnerabilities, and business changes.
Risk management evolves towards real-time processes.

• NIST SP 800-37 RMF consists of 7 steps that provide a comprehensive approach to risk
management for information systems.
• The steps cover everything from preparing to implementing, assessing, authorizing, and
monitoring security controls.
• Continuous monitoring ensures systems adapt to new vulnerabilities and maintain
security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Threat Modeling Concepts and Methodologies
• Threat Modeling Overvie w:
• Purpose: Identifies, enumerates, and pr ioritiz es potential threats to assets (e.g., mobile
• Threat Modeling Overview pho nes, serv ers, applications).
• Purpose of Threat Modeling • Syste matic Approach: Helps manage risks mo re effectively by analyzing threats before
vulnerabilities are exploited.
• Methodologies: STRIDE, • Figure 1-12: Shows ho w threa t modeling fits within the overall risk analysis pro cess.
PASTA, DREAD
• Purpose of Threa t Modeling:
• Identify threats systematically to provide a more ac curate risk management pro cess.
• Helps focus resources o n mitigating high-priority threats.
• Critical for ensurin g risks are managed across complex assets like app lication s,
networks, and architectures.
• Without a stru ctu red approach, identify ing thr eats can be overwhelming.

• Key Threat Modeling Methodologies:

•
over looked.
ti on
These method ologies p rovide structured approac hes to ensure no major th reats are

1.STRIDE:
i bu
1.
str
Dev eloped b y Microsoft to categoriz e d iffer ent types of secu rity threats.
2. Spoo fing iden tity
D i
for
3. Tampering with data

t
4. Repud iation

No
5. Information disclosure (p rivacy breach)

a,
6. Denial of service (DoS)
7. Elevation of priv ilege
h
Na
8. Exam ple: STRIDE can be applied to a web app lication to assess differen t ar eas where
these types of threats may manifest.

eet
2.PASTA (Process f or Attack Simulation and Thre at Analysis):

j
ha
1. Risk-centric threat modeling method ology with seven stages focused on assessing th e
impa ct of thre ats and business objectives.

b
Su
2. Seve n Stages:

l
1. Definition of Obj ectives

Co
2. Definition of the Technical Scope
3. Applicati on Decomposi ti on

By 4. Threat Analys is

SP
5. Weakness and Vulnerabi lity Analysis
6. Attack Modeling & Simulati on

CI S 7. Risk Analysis & Managem ent

r
3. Exam ple: Useful in envir onments with a focus o n mitigating business impact.

fo 3.DREAD:

es 1. Helps prioritize threats based o n five factor s:

N ot 2. Damage p otential

ell
3. Repro ducibility
4. Exploitability

orn 5. Affected users

C
6. Discoverability
7. Exam ple: Can be used in threat modeling for iden tifying which vu lnerab ilities pose the
most significant risk to business oper ations.

• Threat modeling is a critical component of risk management.

• Methodologies like STRIDE, PASTA, and DREAD help systematically identify and
prioritize threats to assets.
• Using these methods ensures comprehensive risk analysis, making threat mitigation
more effective.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 STRIDE vs. PASTA Threat Modeling
• STRIDE Overview
• PASTA Overview
• Key Differences Between
STRIDE and PASTA
• Stages of PASTA
STRIDE:
• Developed by Microsoft for threat modeling applications and operating systems, but
applicable in other contexts too.
• Threat-focused: Focuses on specific types of threats and violations.
• Acronym Definition:
• Spoofing: Attacker impersonates a user/system (Authentication violation).
• Tampering: Data modification during rest or transit (Integrity violation).
• Repudiation: Actions are not attributable to the attacker (Non-repudiation
violation).
• Information Disclosure: Unauthorized access to sensitive information
(Confidentiality violation).

on
• Denial of Service: Prevents legitimate use of services (Availability violation).
•
violation).
u t i
Elevation of Privilege: Gaining unauthorized admin/root access (Authorization

•
tr i b
Use Case: Can be used for applications, networks, and various system components.

is
rD
PASTA (Process for Attack Simulation and Threat Analysis):
• Attacker-focused, risk-centric methodology.
fo
t perspective.
•
o
Focuses on business and technical viewpoints for a strategic
Narchitecture.
•
a ,
Includes input from governance, operations, and
More detailed than STRIDE: Includes ah
•
a broader range of considerations like business

tN
impact.

e
aje Scope:
• Seven Stages:
• Define Objectives: Focuses on business risks and impact early.
•
b h
Define Technical Identifies all technical components that support
u
business objectives.
•
l SApplication Decomposition: Understand data flows within the application.
• o Threat Analysis: Use internal and industry threat intelligence to assess risks.

By C• Vulnerability/Weakness
threats.
Analysis: Correlates vulnerabilities with identified

S P • Attack Modeling: Simulate attacks to identify how vulnerabilities could be

CI S •
exploited.
Risk/Impact Analysis: Assess risk and decide on mitigation or risk

for acceptance.

es Key Differences:

ot • STRIDE is threat-focused and generally more simplistic than PASTA.

ell N • PASTA is attacker-focused and risk-centric, performing analysis from both business
and technical perspectives with more detail.

orn • STRIDE is easier to apply to specific threats, while PASTA integrates the larger business
C context and technical risk modeling.

• STRIDE is a straightforward threat modeling tool that identifies specific types of security
threats.
• PASTA is more detailed and integrates business risk analysis with technical threat
modeling.
• Both methodologies help systematically assess and prioritize security risks, but PASTA
provides a broader, risk-centric approach compared to the threat-focused STRIDE.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 DREAD Threat Modeling
DREAD:
• DREAD Overview
• Purpose: Used to measure and rank the severity of threats.
• Five Key Points in DREAD
• Using DREAD with STRIDE • Used with STRIDE: STRIDE identifies the threats, and DREAD ranks
them by severity.
• Calculating DREAD Scores
• Scoring: Each key point (D, R, E, A, D) is scored from 1 to 10, where 1 is
low-risk and 10 is high-risk.
• Final Score: The sum of the five key point scores is divided by 5, giving
a score out of 10.
• Interpretation: The higher the score, the more severe the threat.
• Example: If a threat is easy to exploit and affects a large number of
users, it will have a high DREAD score.
ti on
i bu
Five Key Points of DREAD:
Damage: How much damage can the threat cause? is
tr
r D or system
•
•
compromise). t fo
Score: 1-10 (e.g., 10 for major data breaches
o
N be reproduced?
•
a ,
Reproducibility: How easily can the attack

by many attackers).ah
• Score: 1-10 (e.g., 10 if the attack can be repeated easily
N
Exploitability: How easytis it to exploit the vulnerability?
•
e
•
h aje(e.g., 10 for simple attacks requiring no
Score: 1-10

ub How many people are affected by the threat?

special tools).
AffectedSUsers:
•ol Score: 1-10 (e.g., 10 if the attack impacts all users of a
•

y C system).
B
P• Discoverability: How easily can the threat be discovered?
I SS • Score: 1-10 (e.g., 10 if the attack is highly visible or easily
r C detected).
fo
es Using DREAD with STRIDE:

ot • STRIDE helps identify threats, while DREAD measures their severity.

ell N • Combination: After identifying threats using STRIDE (e.g., Spoofing,

rn
Tampering), use DREAD to rank the severity of each identified threat.

C o • Example: If Spoofing is identified in STRIDE, use DREAD to measure

how easily the attack can be carried out, the damage it can cause, etc.

• DREAD is used to measure and rank the severity of threats, based on Damage,
Reproducibility, Exploitability, Affected Users, and Discoverability.
• STRIDE helps identify threats, and DREAD ranks them by severity.
• DREAD Score: Calculated by averaging the scores of the five key points, the higher the
score, the more severe the threat.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Social Engineering
Definition:
• Definition of Social • Social engineering is the manipulation of people to reveal sensitive
EngineeringWhy Social information or perform actions they shouldn’t, often through
Engineering deception or intimidation.
WorksTechniques Used in • Purpose: Typically used by attackers to gather information or gain
Social EngineeringBest access to systems without technical attacks.
Defense Against Social • Example: A fake phone call pretending to be from IT support asking for
Engineering login credentials.
Why Social Engineering Works:
Human nature: Attackers exploit trust, kindness, and a lack of
on
•
awareness.
u ti
•
kind-hearted or afraid of authority.
r i b
Emotional manipulation: People are often tricked because they are
t people
•
D i
Effectiveness: Social engineering remains prevalent becauses
are the weakest link in an organization's securityrchain.
fo
tlike passwords.
•
o
Example: Employees may trust someone pretending to be a colleague

,N
or authority figure, handing over information
Techniques Used in Social Engineering:
h a
Phishing: Sending fraudulenta
t Ninformation.
• emails that appear legitimate to trick
e
users into giving up personal
je to beinformation.
•
h asensitive
Pretexting: Pretending someone trustworthy, like a manager or IT

ub physical or digital “bait” (like a USB drive labeled as

admin, to ask for
Baiting: S
ol data) to tempt someone into taking action that compromises
• Leaving
sensitive
y C
security.
• B Tailgating: Following someone into a secure area by pretending to be
S P an authorized individual.
CI S Best Defense Against Social Engineering:

for • Awareness/Education: Training employees to recognize the signs of

es social engineering and how to react.
ot
ll N
• Regular Training: Ongoing awareness programs to keep employees
updated on new techniques used by attackers.

rn e • Simulations: Organizations often run phishing simulations to test

C o employees’ reactions to social engineering attempts.

• Example: Mandatory annual training on phishing email identification.

• Social engineering exploits human emotions and manipulates trust to gain

unauthorized access to information.
• The best defense against these attacks is education, awareness, and training to
reduce the effectiveness of such techniques.
• Common social engineering techniques include phishing, pretexting, baiting, and
tailgating.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Social Engineering Attacks
Social Engineering Definition:

• Definitions of Social
Engineering
• Phishing Variants
• Common Social Engineering
• Manipulation of people through intimidation, deception, or rapport-building to gain unautho rized
infor mation or access.
• Exp loits human emotio ns like fear, trust, or curio sity.
• Exam ple: Pretending to be IT su pport and conv incing someone to rev eal their password .

Techniques Comm on Phishing Varia nts:

• Mitigating Social • Phishing: Mass emails sent with malicious links/files aimed at tricking recipients.
Engineering Attacks • Exam ple: Fake email from a bank asking for login details.

• Spear Phishing: Targeted phishing attacks aimed at specific individuals or gr oups, often with
personalized content.
• Exam ple: A fraudulent invo ice sent to accounts p ayable.
•
ti on
Whaling: Targeting h igh-level executiv es (CEO, CFO) to gain access to sensitive information.
• Exam ple: A fake urgent email to a CEO asking for wire transfers.

i bu
• Smishing: Phishing via SMS/text messages sent to mobile u sers.
str
•
D i
Exam ple: A text from a "ban k" asking for login cred entials via a lin k.

for
• Vishing: Phishing through voice calls/VoIP, pretendin g to be from a trusted entity.
•
t
Exam ple: A fraudulent phon e call asking for sensitive account in fo rmation.

Other Social Engineering Techniques:

No
•
h a,
Pretexting: Creatin g a convincin g scenar io to deceive the target into giv ing in fo rmation.

Na
• Exam ple: Posing as a b ank repr esentativ e asking abou t "su spicio us activity " in the
account.

•
eet
Baiting: Using a physical objec t (e.g., a US B drive) to lure the victim into comp romising their system.
j
ha
• Exam ple: Dropp ing in fected USBs in pub lic places, h oping someon e p lugs them in.

•
b
Tailgating: Fo llowing someone with a fake badge into a restricted ar ea.

•
l Su
Piggybacking: Gain ing un authoriz ed access by following someo ne into a secure area withou t a

Co
badge.

By Mitigating Socia l Engineering Atta cks:

SP
• Training and Aw areness: Educate emplo yees on recognizing phishin g emails, suspicious requests,
and ver ification methods.

CI S • Identity Verif ication: Requ ire proof of identity before gran ting sensitive informatio n or network
access.

for • Out-of-Band Verific ation: Contact legitimate entities via ver ified methods (e.g., official websites or

es known co ntact n umbers) instead of lin ks/numbers provided in su spicio us emails or texts.

ot • Callback Authorization: Fo r any sensitive req uests via email or p hone, verify via an alternative

ll N
method , such as calling a tru sted numb er.

e
• Strong Sec urity Policies: Implement clear guidelines and p olicies that disco urage risky behav ior,

rn
such as clicking o n unverified links.

C o

• Social engineering manipulates human emotions and trust to gain unauthorized

information or access.
• Phishing, spear phishing, whaling, smishing, and vishing are common phishing
variants.
• Mitigation requires awareness, training, and verification protocols to prevent falling
victim to these techniques.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Supply Chain Risk Management (SCRM)
Definition of SCRM:

• SCRM Overview
• Risk Management for
Vendors and Suppliers
• Key SCRM Assessment
Areas
• Accountability in SCRM
• SCRM applies risk management methodologies to vend ors, su ppliers, and ser vice provid ers.
• Risk managemen t should consider external entities like suppliers, clou d provid ers, contractors, etc.
Responsibility vs Accountability in SCRM:
• Responsibility: Vendo rs and suppliers may b e r espon sible for managing certain data or services.
• Accountability: However, the data ow ner (the organization ) remain s acc ountable for any
compliance, legal, o r security failures.

• Examp le: If a cloud service provider hand les d ata, the organization using that service must ensure
compliance with data protection laws.
Key Aspects of Vendor/Supplier Risk Management:

on
• Risk managemen t p rocesses should be extended to all third p arties.

• Are as to assess:
uti
•
r i b
Governance Review: Ensu re that vendors/suppliers follow prop er gover nance protocols.

t
•
•

D is
Site Security Re view: Evalu ate th e p hysical security measures in place at vend or sites.
Formal Security Audit: Cond uct au dits to ver ify that security con trols meet expectations.

for
• Penetration Te sting: Test th e security of the vend or's systems to identify vu lnerab ilities.
•
t
Security Baselines: Ensu re supp liers adhere to the organization’s defined secu rity

No
baselin es.
Hardware/Software Evalua tion: Ensu re that third-party h ardware and software meet

a,
•
secu rity stan dards.
•
h
Security Policies: Vendo rs should adhere to your o rganization's security p olicies.

Na
• Assessm ent Plan: Develop a structur ed plan for cond ucting risk assessmen ts on

et
vend ors.

e
• Reporting Templates: Prepare standardized templates for assessment reports.

j
ha
SCRM Be st Practices:

b
Su
• Organization s must communicate specific security and comp liance requ irements to v endors.

l
Co
• Vendor Assessment Pla ns should includ e:
• Who will perform the assessments (in ternal/ external teams).

By • Assessm ent Require ments: Clearly id entify wh at mu st be assessed (policies, hardware,

etc.).

SP
• Templates for Reporting: Standard ize reports to maintain clarity and comparab ility .

CI S Importance of External Risk Managem ent:

for • Accountability can’t be outsourced: Even if serv ices are outsourced to vend ors, the hiring
organization remains accou ntable for the security and compliance of the processes/data.

es
ot
• Examp le: A company ou tsour cing HR functio ns to a third -party p rovider mu st still en sure that
personnel da ta is managed securely an d in compliance with app licable laws.

ell N
orn
C

• SCRM extends traditional risk management to include vendors and suppliers.

• Even when responsibility for services is outsourced, accountability for risk and
compliance remains with the hiring organization.
• Best practices for SCRM include audits, security assessments, and clearly
communicating security and compliance expectations to third parties.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Acquisition Risks
Product Tampering:
• Product Tampering • Definition: Unauthorized alteration or modification of a product after
• Counterfeits manufacturing but before it reaches the customer.
• Implants • Example: An attacker intercepts a keyboard delivery, adds a
keylogger, and repackages it, leading to unauthorized data collection.
• Risks:
• Introduction of malicious code.
• Health hazards if tampered with medical equipment.
• Malfunctions due to compromised integrity.
Counterfeits:
t i on
•
i bu
Definition: Unauthorized replicas or imitations of products intended
to deceive consumers.
s r
t one
Example: A counterfeit network switch is sold as an iauthentic
•
r D to attacks.
but lacks the proper security features, making it vulnerable
Risks: t f o
•
• N o
Regulatory violations for companies using non-
,
haand increased vulnerabilities.
compliant products.
• Reduced performance a
N product quality.
• Hazards due to
e t inferior
Implants:
aje
h
b unauthorized
•
S
products touperform
Definition: Hardware or software components stealthily inserted into
activities like espionage.
l
•
y Coattackers
Example:
giving
A malicious chip is inserted into a server motherboard,
remote access to sensitive information.
B
SP
• Risks:

CI S • Data theft and unauthorized access.

or
• Long-term espionage by allowing continued access to

s f critical systems.

o te • Compromise of confidentiality and integrity of

systems.

ell N
orn
C

• Risks such as product tampering, counterfeits, and implants can significantly affect
the security, performance, and integrity of products acquired from suppliers.
• These risks necessitate stringent vendor assessments, product inspections, and
supply chain security measures to mitigate the chances of unauthorized alterations or
malicious components being introduced.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Supply Chain Risk Mitigations
• Third-party Assessment and
Monitoring
• Minimum Security
Requirements
• Service-level Requirements
• Silicon Root of Trust
• Physically Unclonable
Function
• Software Bill of Materials
Third-party Assessment and Monitoring:
•Definition: Evaluating and continuously monitoring the security practices
of vendors or suppliers.
•Example: Conducting regular security audits and tracking performance
indicators to ensure the vendor complies with security standards over time.
Minimum Security Requirements:
•Definition: Baseline security standards that vendors must meet.
•Example: Requiring all vendors to implement encryption and multi-factor
authentication to secure their systems before engaging with them.

on
(SBOM) Service-level Requirements:

uti
availability, and responsiveness.
tr b
•Definition: Specifications in contracts that dictate expected performance,
i
is
rD
•Example: A contract clause ensuring 99.9% uptime for a cloud service
provider and a 2-hour response time for incident management.
Silicon Root of Trust:t f o
N oembedded in hardware that
a, in a trusted state.
•Definition: A secure cryptographic identity
h
ensures the hardware starts
•Example: A cryptographic chipa
t Nsystem
in hardware that checks the firmware is
e
genuine, ensuring the starts securely every time.

aje Unclonable Function (PUF):

Physically
h
b feature that
ucharacteristics
•Definition: A hardware generates cryptographic keys based on
S
ol A semiconductor chip that produces device-specific keys to
the unique of each device, ensuring uniqueness.

C
•Example:
y prevent counterfeit hardware from imitating authentic devices.
P B
I SS Software Bill of Materials (SBOM):

r C •Definition: A comprehensive list of components, libraries, and modules

used to build software.
fo
es •Example: An SBOM helps track software dependencies and ensures no

ot
hidden vulnerabilities like backdoors or untrusted code are introduced in

ll N
updates.

rn e
C o

• Risk mitigation strategies for supply chain management include monitoring third
parties, ensuring they meet minimum security standards, and specifying service-
level requirements.Technological measures like Silicon Root of Trust and Physically
Unclonable Functions add layers of protection to hardware, preventing counterfeiting
and ensuring secure operations.SBOM helps track software changes, ensuring
transparency in software development and mitigating risks like hidden vulnerabilities.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 SLR, SLA, and Service Level Reports
• Security in Procurement
• Service Level Requirements
(SLR)
• Service Level Agreement
(SLA)
• Service Level Reports (SLR)
Security in Procurement:
• Definition: Security must be integrated into all acquisition and
procurement processes to minimize risks from external vendors or
products.
• Example: When purchasing a new software system, security teams
should assess how data will be stored, accessed, and transmitted,
ensuring security standards like PCI or HIPAA are met.
Service Level Requirements (SLR):
• Definition: A document that outlines the detailed descriptions and
service level targets of a product or service, used during
procurement.
• ti on
Example: A healthcare provider requires a cloud service provider to be
bu
HIPAA compliant. The SLR will detail these requirements and be used
i
to evaluate suppliers.
str
Service Level Agreement (SLA):
D i
•
t for
Definition: A formal contract addendum between the customer and

No
the service provider, defining specific service levels, security, and
compliance obligations.
• Key Points:
h a,
•
Na
Performance levels required.
•
je et
Governance: Defines responsibilities.

ha
• Security controls: Customer data protection.
• b
Compliance: Adheres to laws and regulations.
l
• Su Liability for unmet service standards.
•
y Co Anand
Example: SLA for a cloud service provider includes a 99.9% uptime
B requirement clear cybersecurity standards.
P• Service Level Reports (SLR):
I SS
r C • Definition: Reports issued by service providers to track their
performance against SLA requirements, helping the customer assess
fo the vendor's effectiveness.
es
ot • Components:

ll N
• Achievement of metrics in the SLA.

rn e • Identification of issues in service delivery.

C o • SOC reports from third-party auditors.

• Example: A cloud service provider issues monthly SLRs detailing
uptime, downtime, and security incidents reported during that period.

• SLR defines the service expectations before procurement, helping to select the right
vendor.
• SLA formalizes the security, performance, and compliance requirements and is legally
binding.
• Service Level Reports (SLRs) provide a measurement tool to ensure vendors are
meeting the agreed-upon terms, offering accountability through metrics and third-party
audits.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Security Awareness, Training, and Education
Who is Re sponsible for Security?

• Who is Responsible for • EVERYONE in an or ganiz ation is r espon sible for security.
Security? • However, emp loyees need to know their r espon sibilities through prop er awaren ess, train ing, and
educatio n programs.
• Purpose of Security
Awareness • Purpose of Sec urity Awareness:

• Awareness vs. Training vs.
Education
• Methods to Provide
Awareness and Training
• Goal: To create cultural sensitivity to secu rity issues and ensu re all emp loyees understand the
impo rtance of security.
• Exam ples:
• Phishing ca mpa igns to simulate and ed ucate emp loyees about phishin g attacks.
• Posters and visual reminders arou nd the office.
• Lunch and learn sessions to d iscuss secu rity best p ractices.

Awareness vs. Training vs. Educa tion:

Awareness:
ti on
Purpose: Raising cultural awareness across the organization.
i bu
r
•

• Foc us: Bro ad, or ganiz ation-wide.

ist
D
for
• Exam ple: Posters in visible areas, gen eral sessions o n security th reats.

• Training:
t
•
No
Purpose: Providing te chnical skills needed for security-related tasks.

• Foc us: Role-specific an d skill-based.

h a,
Na
• Exam ple: A firewall administrator learning how to write firewall rules.
Educ ation:

jeet
ha
• Purpose: Helps employees understand fundamental concepts and dev elop decision-ma king skills.

b
Su
• Foc us: Conceptu al, encourages under standing and app lication .

l
Exam ple: Teaching decision-making skills for resp onding to security incidents.

Co
•

• Methods to Provide Aware ness and Training :

By • In-person se ssions (liv e p resentations and seminars).

I SSP • Live online sessions (web inars o r live-streamed trainin g).

r C • Pre-recorded sessions (on-demand tr aining videos).

fo • Gamific ation: Using rewards or game s to make learnin g engaging and fun.

es
ot
• Security Cham pions: Appo inting employ ees who actively p romote secur ity awar eness with in their
teams.

N
ell
• Regular com munica tions: On goin g em ail cam paigns or bulletins to keep security at the forefro nt.

rn
Exam ple: Developers working closely with the secur ity team and promoting secu re co ding p ractices among
their p eers.

C o

• Everyone in an organization has a role in security, and awareness, training, and

education help people fulfill those roles.
• Awareness changes culture, training builds technical skills, and education develops
decision-making abilities.
• Creative methods like gamification, security champions, and live sessions can
increase engagement and effectiveness.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Periodic Content Reviews and Program Effectiveness
• Need for Periodic Content
Reviews
• Emerging Technologies and
Threats
• Effectiveness Metrics for
Awareness Programs
• Evaluation of Program
Effectiveness
Need for Periodic Content Reviews:
• Organizations and the threat landscape evolve constantly, so
awareness, training, and education programs must be updated
regularly to remain effective.
• Purpose: Ensure that security materials reflect the latest technologies,
threats, and vulnerabilities.
Emerging Technologies and Threats:
• Technologies like blockchain, cryptocurrencies, and AI have gained
importance and must be incorporated into training programs.
Beyond technology, organizations should consider changes in the
on
•
threat environment and industry trends.
uti
•
tr i b
Example: Including social engineering updates due to rising phishing
attacks or cloud security for organizations adopting cloud solutions.
Effectiveness Metrics for Awareness Programs:
D is
•
t for
Total number of participants completing the awareness program.
Feedback metrics: Compare the numbero
•
N of participants providing

a, the number of employees

feedback against total attendees.
h
Na after training completion.
• Post-training engagement: Measure
reporting suspicious activities
e t
•
je
Performance tracking:
•
b ha ofscoring
Percentage staff scoring 75-85% in assessments.
•
• lS
u
Percentage 86-90%.

Co After a phishing simulation, tracking how many employees

Percentage scoring 91% or higher.
•
yExample:
B successfully identify phishing attempts post-training.
I SSPEvaluation of Program Effectiveness:
r C • Surveys: Participants should be surveyed periodically to gauge
fo engagement and retention of knowledge.
s
ote
• Simulated exercises: Conduct phishing simulations or interactive
multimedia with quizzes to test practical understanding of security
ll N
concepts.

rn e • Example: Running a phishing simulation before and after a training

C o session to evaluate improvement in detection rates.

• Periodic content reviews ensure that training programs stay relevant to the latest
technologies and threats.
• Metrics such as completion rates, performance scores, and engagement help track
program effectiveness.
• Simulations and feedback loops ensure continuous improvement of security
awareness programs.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
Domain 2 : Asset Security

• Definition and Importance
• Systematic Approach to Asset
Security
• Challenges in Implementation
• Overview of Asset Security Steps
ASSET SECURITY
Definition and Importance:
• Asset Security involves concepts, structures, principles, and controls
designed to protect organisational assets—anything of value to the
organisation.
• Security professionals must be vigilant because even a minor
vulnerability can expose an entire system, leading to financial loss, data
breaches, or compromising the entire organization.
Systematic Approach to Asset Security:
• The fundamental approach to asset security involves three key steps:
• Identify Assets: Know what assets the organization has,
on
including both tangible (e.g., hardware, buildings) and
intangible (e.g., intellectual property, reputation).
uti
•
tr i b
Classify Assets: Categorize assets based on their value
and sensitivity to the organization. This could be levels
is
like Public, Internal Use Only, Confidential, or Top
D
for
Secret.
•
t
Protect Assets: Implement security measures based on
No
the classification level of the asset. Higher-value assets
require more stringent security controls.
h a,
Challenges in Implementation:
N a Difficult to keep track of all assets,
t
• Complexity in Large Organizations:
e with diverse and numerous assets.
e
especially in large organizations
j
b ha monitoring
• Dynamic Asset Landscape: Assets and their values may change over

S u
time, requiring continuous and reclassification.
• Balancingl Security and Usability: Overprotecting assets can hinder
business o
risks. C
operations, while under-protecting exposes the organization to

B y
SP• Asset Inventory: Create and maintain a comprehensive list of all
Overview of Asset Security Steps:

CI S
or
organizational assets.

s f • Classification: Determine the value and sensitivity of each asset, which

o te dictates the level of protection required.

ll N
• Labeling and Handling: Implement appropriate handling measures for

rn e assets based on their classification.

C o • Data Protection: Apply encryption, access controls, and other security

measures as needed.
• Retention and Disposal: Define policies for how long assets are retained
and the secure disposal of assets that are no longer needed.

• Asset security is crucial to protect anything of value within an organization.

• A systematic approach involves identifying, classifying, and protecting assets.
• Implementation is challenging in large organizations due to the dynamic and complex nature of assets.
• The key steps include asset inventory, classification, labeling, protection, and secure disposal.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 ASSET CLASSIFICATION
• Importance of Asset
Classification
• Challenges in Asset
Classification
• Steps for Effective Asset
Classification
• Classification Based on
Asset Value
• Role of Asset Owners
Importance of Asset Classification:
• Asset classification policies, procedures, and processes help ensure assets
are protected based on their value to the organization.
• Proper classification is essential because it guides the level of security
controls applied to different assets.
Challenges in Asset Classification:
• Organizations often struggle to know what assets they have or the value of
those assets.
• Example: A department manager might sign up for a cloud service, forget
about it, or fail to assess the value of data stored in it, leaving it unprotected.

on
• Organizational • Large multinational organizations face significant challenges due to the
Accountability
ti
diversity and volume of assets, including assets that are created, purchased,
u
rented, or acquired.
Steps for Effective Asset Classification:
tr i b
D is
1. Asset Inventory: Identify and catalog all assets within the organization.

for
2. Identify Asset Owners: Determine who is responsible for each asset.
t
No
3. Classify Assets: Assign a classification level based on the asset’s value to
the organization (e.g., Top Secret, Confidential, Public).
a,
4. Apply Controls: Implement security controls based on the classification
h
Na
level to ensure appropriate protection.

et
Classification Based on Asset Value:

je
• Protecting assets should always be based on their value to the organization.

ha
• More valuable assets require more stringent security measures.
b
Su
• Example Classification Levels:
l• Top Secret/Proprietary: Highest level of protection.

y Co • Confidential: Moderate protection level.

B • Public: Lowest protection level, as the information is intended

SP
to be shared.

CI S Role of Asset Owners:

•Asset owners are responsible for understanding the value of their assets and
for ensuring they are classified and protected appropriately.

es •Security teams assist by providing support and guidance on suitable

ot controls.

ell N Organizational Accountability:

rn
•Owners may sometimes challenge their responsibility to avoid

C o accountability.
•The governance committee must enforce that asset owners are accountable
for the classification and protection of their assets.
•Security is there to support but not to take over ownership responsibilities.

• Asset classification is crucial for aligning the level of protection with the asset’s value to the
organization.
• A systematic approach involves identifying assets, determining ownership, classifying them, and
applying appropriate controls.
• Owners are accountable for ensuring their assets are protected, while security provides the
necessary support and implementation of controls.
• Proper governance and top-down enforcement are essential to the effectiveness of asset
classification.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 INFORMATION CLASSIFICATION BENEFITS
• Benefits of Information
Classification
• Identification of Critical
Information
• Identification of Sensitivity to
Modification
• Commitment to Protect Valuable
Assets
• Commitment to Confidentiality
Benefits of Information Classification:
• Information classification plays a vital role in ensuring that data is
managed and protected according to its value and sensitivity.
• It offers several advantages that help organizations safeguard their
information effectively.
Identification of Critical Information:
• Classification aids in pinpointing information that is essential for the
organization’s success.
• Examples: Intellectual property, financial data, customer data, and
proprietary research.
• Helps prioritize protection efforts and resource allocation towards
ti on
safeguarding crucial information.
i bu
Identification of Sensitivity to Modification:
str
D i
• Classification helps identify data that must be protected from

for
unauthorized changes.
t
No
• Ensures data integrity by restricting modification rights only to authorized
personnel.

h a,
• Examples: Financial records, contracts, and regulatory compliance

Na
documents.

jeet
Commitment to Protect Valuable Assets:

ha
• Classification demonstrates an organization’s dedication to protecting its
b
information assets.

Su
• Creates awareness among employees and stakeholders about the
l
Co
importance of securing sensitive data.

By • Establishes a culture of security within the organization, making it clear

that protecting information is a priority.

I SSP Commitment to Confidentiality:

r C • Ensures that classified information remains confidential and is only

fo accessible to those with the proper authorization.

es • Supports compliance with privacy laws and regulations (e.g., GDPR,

ot HIPAA).

ell N • Helps prevent data breaches and loss of sensitive information, thereby

orn protecting the organization’s reputation and trustworthiness.

• Information classification provides a structured approach to identifying and protecting critical and
sensitive data.
• It helps in the identification of critical and sensitive information, ensuring only authorized access
and modification.
• The process demonstrates an organization's commitment to safeguarding valuable assets and
maintaining confidentiality.
• Creates a security-aware culture, reinforcing the importance of data protection among employees
and stakeholders.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Classification Process
• Definition and Purpose of
Asset Classification
• Importance of
Comprehensive Asset
Classification
• Classification
Characteristics
• Challenges in the
Classification Process
• Role of Asset Owners and
Classification Committees
• Ongoing Nature of
•
Classification
Archiving and Retention
Definition and Purpose of Asset Classification:
• Asset classification is the process of assigning a level of protection to assets
based on their value to the organization.
• The goal is to ensure that each asset receives an appropriate level of security,
reflecting its importance and sensitivity.
Importance of Comprehensive Asset Classification:
• It’s essential to include all types of assets (data, physical assets, intellectual
property, etc.), not just data, in the classification system.
•Expanding classification systems beyond just data helps protect the organization
comprehensively.
Classification Characteristics:
on
• Assets should be classified based on three key characteristics:
•
uti
Confidentiality (Sensitivity): How sensitive is the asset? Who
should have access?
tr i b
•
D is
Integrity (Accuracy): How important is it to ensure the asset is not

for
altered?
Requirements Availability (Criticality): How crucial is it for the asset to be
t
•

No
available when needed?

a,
• Using all three classifications helps in providing a balanced security approach.

h
Challenges in the Classification Process:

Na
• Asset owners may tend to overprioritize or under classify their assets, creating
inconsistencies.
jeet
• Owners might claim their assets are of higher value to secure more resources
ha
for protection or might downplay the value to reduce security costs.
b
Su
Role of Asset Owners and Classification Committees:
l
Co
• Owners are responsible for the initial classification but need guidance and
oversight to ensure objectivity.

By • An asset classification committee or working group helps validate and review

SP
classification decisions to maintain consistency across the organization.

CI S Ongoing Nature of Classification:

• Asset classification is not a one-time event. It must be revisited as the value and

for importance of assets change over time.

es • Example: An asset classified as “top secret” may be downgraded to

ot “confidential” after some time, as its relevance diminishes.

ll N
Archiving and Retention Requirements:

rn e • Classification impacts how long assets should be retained and when they

o
should be destroyed.
C • Compliance with laws, regulations, and organizational policies is crucial for
determining retention periods and destruction timelines.
• Example: Financial records might need to be retained for 7 years, whereas
certain project documents can be deleted after 3 years.

• Asset classification is essential for protecting assets based on their value.

• Comprehensive systems should include all asset types and use three classification characteristics:
confidentiality, integrity, and availability.
• Challenges arise when asset owners are subjective; therefore, a classification committee helps
maintain objectivity.
• The classification process must be ongoing and adaptable to changing asset values.
• Retention and archiving requirements are driven by classification, ensuring compliance with legal and
organizational guidelines.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Asset Classification Process
• Importance of Asset Inventory
• Role of Asset Owners
• Classification Based on Value
• Protection Based on
Classification
• Periodic Review and
Reassessment
• Continuous Assessment
Requirement
Importance of Asset Inventory:
• An accurate and continually updated asset inventory is the foundation of the
classification process.
• The inventory helps the organization know what assets it holds, which is
crucial for protecting them properly.
• Example: A centralized inventory system that tracks physical devices,
databases, software licenses, and cloud services.
Role of Asset Owners:
• Every asset must have an identified owner who is accountable for its
protection.
• Asset owners are the best source for understanding the true value of the

on
asset to the organization.
ti
• Owners classify assets based on their value, determining the necessary
u
security controls.
tr i b
• Example: The head of the finance department owning financial data assets,
while the IT director owns the network infrastructure.
D is
for
Classification Based on Value:
• Asset classification assigns protection levels based on the asset’s value,
t
No
which could be due to sensitivity, criticality, or regulatory requirements.
• Example: Customer personal data might be classified as “Highly Sensitive”
a,
due to privacy laws, while public-facing website content might be classified
h
Na
as “Public.”

et
Protection Based on Classification:
e
• Once classified, each asset should have security controls aligned with its
j
ha
classification level.
b
• Higher classification levels (e.g., Top Secret) will have more stringent
Su
controls than lower levels (e.g., Public).
l
Co
• Example: A “Confidential” classification might require encryption and
access controls, while a “Top Secret” classification might also include
By physical security and monitoring.

SP
Periodic Review and Reassessment:

CI S • Asset values can change over time due to aging, new compliance
requirements, or changes in business priorities.

for • Periodic reviews ensure that classifications remain accurate and that the

es right level of protection is maintained.

ot • Example: A project document initially classified as “Confidential” might be

ll N
reclassified to “Internal Use Only” after the project concludes.

rn e Continuous Assessment Requirement:

• Organizations constantly add and remove assets, ownership changes, laws

C o evolve, and new threats emerge.

• A continuous assessment approach ensures the asset classification
process adapts to these changes.
• Example: Implementing a regular audit process to review asset
classifications and adjust them as needed.

• Asset inventory is crucial for knowing what to protect.

• Asset owners play a critical role in determining the value and classification of assets.
• Classification guides the level of protection needed based on the asset’s value.
• Periodic reviews and continuous assessment are essential to adapt to changes in
asset value, compliance, and organizational needs.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Classification versus Categorization
• Definition of Classification
• Definition of Categorization
• Difference Between
Classification and
Categorization
• Examples of Classification
• Importance of Consistency
in Classification
Definition of Classification:
• Classification refers to a system of classes that are ordered according to
value. This system is created by an organization to assign different
protection levels to assets based on their importance.
• Example: A classification system could include levels like Top Secret,
Secret, Confidential, Unclassified.
Definition of Categorization:
• Categorization is the act of sorting assets into those defined classes. It
involves the process of assigning a specific classification to each asset.
• Example: Assigning a document the classification of "Confidential" is an
act of categorization.
ti on
Difference Between Classification and Categorization:
i bu
tr
• Classification is the system itself, a predefined structure of asset values.
s
D i
• Categorization is the process of placing assets into the appropriate

for
classification levels.
t
No
• Table Example:

a,
• Classification: A system of levels (e.g., Top Secret,
Confidential).
h
•
Na
Categorization: Assigning assets to those levels (e.g., sorting

jeet
sensitive financial reports into the "Top Secret" category).

ha
Examples of Classification:
b
• Classification systems may use different labels depending on the
Su
organization's needs:
l
y Co • Top Secret, Secret, Confidential, Unclassified

B • Financially Sensitive, Trade Secret, Proprietary, Personally

SP
Identifiable Information (PII)

CI S • Each classification label represents a different value and requires

specific levels of protection.
for Importance of Consistency in Classification:
es
ot
• It’s essential that the value of each classification is understood

ll N
consistently across the organization.

rn e • Security teams should educate asset owners and other employees on

the meaning of each classification level to ensure assets are protected

C o appropriately.
• Example: The label "Top Secret" could mean something different in various
organizations. Proper training ensures everyone follows the same
understanding.

•Classification is a system that organizes assets based on value.

•Categorization is the process of assigning specific assets to a classification level.
•Understanding the difference and ensuring consistent application of classification
helps protect assets properly.
•Security teams play a crucial role in educating the organization about classification
values.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Labeling and Marking

• Definition of Labeling Definition of Labeling:

• Definition of Marking
• Key Differences
• Characteristics of Labeling
• Comparison Table
• Labeling is system-readable and involves the association of security attributes with
subjects and objects represented by internal data structures.
• It is customized based on the security needs of the organization.
• Examples include:
• Metadata attached to files or data.
• Barcodes or QR codes on assets.
• RFID tags used for tracking physical items.
• GPS tags for location tracking of assets.
Definition of Marking:
• Marking is human-readable and provides specific asset handling instructions that can

on
be easily understood and executed by people.

ti
• It extends the intent of labeling by translating system-readable information into a format

u
b
useful for human interpretation.
• Examples include:
tr i
is
• Instructions like “Do not remove from premises” on documents labeled as “top
secret”.
D
for
• Signs such as “For Internal Use Only” on confidential documents.
Key Differences:
t
No
• Labeling:

a,
• Targets system-based enforcement of security policies.

h
• Varies based on organizational security requirements.

Na
• Uses system-readable identifiers like metadata, barcodes, or RFID tags.

et
Marking:
•
e
Aims for process-based enforcement of security policies.
j
ha
• Instructs how an asset should be handled according to its classification.
•
b
Translates labeling into actionable handling instructions for humans.

Su
Characteristics of Labeling:

l
• System-readable formats for automation and enforcement of security policies.

Co
• Enables the association of security attributes with assets, helping systems manage and

B y enforce controls.
Examples of Labeling Technologies:

SP
• Metadata: Additional data attached to files for system interpretation.

CI S • Barcodes/QR codes: Visual codes scanned by systems for asset tracking.

• RFID tags: Radio-frequency tags used for asset identification and tracking.

for • GPS tags: Location-based tagging for asset movement and location tracking.

es
ot
ll N
Labeling Marking

rn e System-readable Human-readable

C o Associates security attributes with Associates security attributes with objects

subjects and objects in a human-readable form

Enables system-based enforcement Enables process-based enforcement

• Labeling is used for system-readable enforcement of security policies through

automated systems like metadata, barcodes, RFID tags, and GPS tags.
• Marking is used for human-readable handling instructions, allowing people to
understand how to manage assets based on their classification.
• Both labeling and marking are crucial for ensuring the security and proper handling of
organizational assets but serve different purposes within the security framework.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Cost-effectiveness of Different Labeling Approaches
Factors Influencing Labeling Choice:
• Factors Influencing Labeling
• The decision on which labeling approach to use should consider:
Choice • Organizational needs: What is the purpose of the labeling? Is it for
• Cost-Effectiveness Analysis inventory tracking, asset security, etc.?
• GPS Tags • Value of assets: High-value assets might justify higher-cost labeling.
• RFID TagsBarcodes • Protection approach: How critical is real-time tracking and
• QR Codes monitoring for the organization?
Cost-Effectiveness Analysis:
• Cost-effectiveness is key in selecting a labeling approach.
• A more expensive labeling method should only be used if it provides value
commensurate with its cost.
GPS Tags:
ti on
• High Cost: Expensive to implement due to hardware, software, and connectivity
costs.
i bu
tr
• Use Case: Best for high-value assets that require real-time tracking over large
s
distances.
D i
for
• Example: Tracking high-value shipments like jewelry or sensitive equipment during
transit.
t
No
• Challenge: Not suitable for low-value items due to high implementation and

a,
maintenance costs.
RFID Tags:
h
Na
• Moderate Cost: Cheaper than GPS tags but more expensive than barcodes and

et
QR codes.

je
• Use Case: Ideal for inventory management in environments like warehouses

ha
where items need to be tracked quickly and without direct line-of-sight scanning.
b
• Example: Automated inventory tracking in large retail stores or manufacturing
plants.
l Su
Co
• Benefit: Can read multiple tags simultaneously, making bulk scanning efficient.
• Drawback: Still relatively costly for low-value assets or small-scale use.
By Barcodes:

SP
• Low Cost: Very inexpensive to implement; can be printed on packaging or labels.

CI S • Use Case: Low-cost labeling for items that need to be scanned individually.
• Example: Commonly used in retail for pricing and inventory control, such as in

for supermarkets.

es • Limitation: Requires direct line-of-sight scanning and provides limited

ot
information.

ll N
QR Codes:
• Low Cost: Similar to barcodes but can store more information.

rn e • Use Case: Useful for situations where more data needs to be encoded and easily

C o scanned.
• Example: Product information links on consumer goods or visitor check -in codes.
• Benefit: Can be scanned with a smartphone app, making them versatile for a
range of uses.
• Limitation: Like barcodes, requires line-of-sight scanning.

• Choice of labeling approach should align with the value of assets and organizational needs.
• GPS tags are cost-effective only for tracking high-value, mobile assets requiring real-time monitoring.
• RFID tags are ideal for environments like warehouses where efficiency and bulk tracking are required,
despite higher costs.
• Barcodes and
• QR codes provide a low-cost, versatile solution for labeling and tracking low-value or consumer-facing
assets.Always consider the cost-to-benefit ratio when selecting a labeling method.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Establish information and asset handling requirements
• Handling Requirements
• Role of Asset Owners
• Media Handling Policy
• Proper Tools and
Technologies
Handling Requirements:
• Handling requirements are based on the classification of the asset,
not the type of media (e.g., hard drives, tapes, paper).
• The more valuable an asset, the more stringent the controls needed to
restrict access and actions performed with the asset.
• Example: Highly classified documents should not be sent to offsite
storage without proper handling protocols.
Role of Asset Owners:

on
• Asset owners are accountable for the protection of their assets and
must communicate handling requirements to those who use them.
u ti
• They determine who may access sensitive media, ensuring only
tr i b
designated individuals have access.
D is
handle the media based on its classification. or
• Authorization: Owners must define specific individuals authorized to

o tf
, N clear procedures for how
Media Handling Policy:
An effective media handling policyaincludes
•
a
to manage assets on various mediah types, aligned with asset
classification.
e tN
•
h ajeshouldforcover:
Handling procedures
•
u b
Access controls sensitive media.
•
ol SStorage requirements: Ensuring the media is stored
securely and according to its classification.

By C• Transfer protocols: Secure methods for transferring

S P media, especially if it's being moved offsite.

CI S • Destruction: Proper methods for the disposal of sensitive

information, such as shredding or secure erasure .
for Proper Tools and Technologies:
es
ot • Organizations must provide the necessary tools and technologies to

ll N
handle media securely.

rn e • Example: Use of shredders for paper disposal, secure wipe tools for

C o digital media.
• Ensure that these tools are accessible and that users are trained in
their proper use to avoid mishandling.

• Media handling requirements are based on the asset's classification and must be clearly defined.
• Asset owners are responsible for defining who can access and handle sensitive media.
• Media handling policy should include detailed procedures for access, storage, transfer, and destruction
of media.
• Provide appropriate tools and technologies for secure handling of media based on its classification level.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Media Storage, Retention, and Destruction
Media Storage:
• Media Storage
• Storage requirements for media are based on the classification of the data it contains.
• Encryption Requirements
• Physical Security • Top-secret data must be stored in an encrypted format using robust encryption
algorithms, such as AES-256.
• Media Retention
• Media Destruction • Media (e.g., tapes, hard drives) must be stored in a physically secure location that
protects against unauthorized access and environmental factors like high humidity.
• Regulatory Requirements
Encryption Requirements:

• Sensitive data must be encrypted both at rest and in transit to ensure its confidentiality
and integrity.
• AES-256 is recommended for high-security data due to its strength and reliability.
ti on
Physical Security:
i b u
Media should be stored in a secure, access-controlled environment.st
r
Di
•
• Use locked cabinets or vaults for physical storage.
o r
fonly.
•
o
Control access to storage areas to authorized personnel t
, N
haclassification and organizational policies.
Media Retention:

Retention policies are determined bya data

t N retention periods. For example:

•

•
e
je audit logs to be retained for a minimum of one year.
Regulatory requirements can dictate
•
h aavailability
PCI DSS requires
•
u b
Immediate of audit logs for the past ninety days is required for

lS
analysis.

o
C policies must comply with organizational and regulatory standards.
Media Destruction:
•
B yDestruction
S P
S
• For PCI DSS, credit and payment card information must be destroyed as soon as it's no

CI longer needed for business or legal purposes.

for • Destruction methods include shredding for physical media and secure wiping for digital

es media.

ot Regulatory Requirements:

ell N • Different regulations have specific retention and destruction requirements:

orn • PCI DSS mandates strict retention and destruction policies for financial data.

C • Ensure compliance with all applicable regulations based on the type of data.

• Storage and encryption of media are dictated by the data's classification level, with high-security
data requiring robust encryption and secure physical storage.
• Retention and destruction policies must align with organizational and regulatory requirements.
• Organizations must be aware of and comply with regulatory mandates like PCI DSS when storing,
retaining, or destroying sensitive information.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Data Classification Roles and Responsibilities -1
• Asset Owners and
Accountability
• Importance of Assigning
Ownership
• Roles and Responsibilities
of Owners
• Delegation vs.
Accountability
• Types of Owners
Asset Owners and Accountability:
• Owners are the individuals who are ultimately accountable for ensuring
that assets are properly classified and protected.
• They directly interact with the assets, making them the best people to
assess and communicate the asset's value.
• Owners are responsible for making sure that the appropriate controls are
in place to protect their assets.
Importance of Assigning Ownership:

on
• Owner’s Role Throughout • If no owner is assigned, no one is accountable, leading to potential
Asset Lifecycle security breaches.
ti
• Owners drive the data classification process and are pivotal tob itsu
tr i
success.
i s
• Organizational leadership (CEO, upper management)
fo r Dshould promote
the importance of asset ownership.
o t
Roles and Responsibilities of Owners: N
,Assigning
h
• Classifying and Categorizing Assets: a a classification level
a
tN
based on the asset’s value to the organization.

je
• Managing Access: Decidinge who can access the asset and under what
circumstances.
b haImplementing appropriate security measures based
Su level.
• Ensuring Controls:
l
Co vs. Accountability:
on the classification

y
Delegation

S P• BOwners can delegate responsibility for tasks related to asset

CI S management but cannot delegate their accountability.

for • For example, an HR director may assign IT staff to manage the HR

es database, but the director remains accountable for its security.

ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Data Classification Roles and Responsibilities -2
Types of Owners:
• Asset Owners and
Accountability • Data Owners: Responsible for specific data sets (e.g., HR director for HR
• Importance of Assigning data).
Ownership • Process Owners: Oversee specific business processes (e.g., supply
• Roles and Responsibilities chain manager).
of Owners • System Owners: Responsible for systems managing data (e.g., CRM
• Delegation vs. system owner).
Accountability
• Types of Owners • Product Owners: Accountable for products and services offered by the
organization.
on
• Owner’s Role Throughout
Asset Lifecycle •
u t
Service Owners: Oversee the delivery of services (e.g., cloud service i
owner).
r i b
tservers,
• Hardware Owners: Responsible for physical IT assets (e.g.,
is
devices).
o
• Application Owners: Manage applications and fsoftware
r D assets.
o t
• Intellectual Property Owners: Protect the
, N organization’s IP assets (e.g.,
patents, trademarks).
a ha
t isNproperly classified at the beginning of its
Owner’s Role Throughout Asset Lifecycle:
e
aje
• Initiation: Ensure the asset
lifecycle.
h
bContinuously monitor and protect the asset based on its
S
• Maintenance: u
ol Adhere to organizational and regulatory requirements for data
classification.
C
y
• Retention:
Bretention.
I SS P• Destruction: Ensure the asset is securely and completely destroyed

r C when it is no longer needed.

fo
es
ot
ell N
orn
C

• Owners are accountable for the classification and protection of assets throughout their lifecycle.
• Assigning ownership is essential to ensure proper asset management and security.
• Owners play a crucial role in managing access, implementing controls, and adhering to policies and
regulations.
• Different types of owners exist, but all share the same accountability for protecting the value of their
assets.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Roles and Responsibilities for Data Protection
Data Owner/Controller:
• Data Owner/Controller • Definition: Holds legal rights over the data and is accountable for its protection.
• Data Processor • Responsibilities:
• Data Custodian • Defines policies and controls for data protection.
• Data Steward • Determines who can access data and under what conditions.
• Data Subject • Ensures compliance with laws and regulations.
• Example: A healthcare organization that controls patient records and sets
policies for their use and protection.
Data Processor:
• Definition: Processes data on behalf of the Data Owner/Controller.
• Responsibilities:

on
• Handles data according to the instructions and policies set by the
owner.
uti
•
agreement.
tr i b
Ensures the data is processed securely and in compliance with the

is
• Example: A cloud service provider that hosts and processes data but does not
D
for
own the data itself.
Data Custodian:
t
No
• Definition: Holds technical responsibility for the data's security, availability, and
integrity.
• Responsibilities:
h a,
Na
• Manages technical aspects like data security, backup, restore, and
system administration.
•
jeet
Operates and maintains the systems that store and process data.

ha
• Protects data in their custody but does not own it.

b
• Example: An IT administrator responsible for maintaining a database server and

Su
ensuring its security.
l
Co
Data Steward:
• Definition: Responsible for the business aspects of data management and

By governance.

SP
• Responsibilities:
• Defines metadata and ensures data quality.

CI S • Oversees governance and compliance related to data usage.

for • Collaborates with both technical and business teams to maintain data

s
integrity and usability.

ote • Example: A business analyst who defines data standards and ensures data
quality across the organization.

ell N Data Subject:

rn
• Definition: The individual to whom the personal data pertains.

C o • Responsibilities:
• May not have direct responsibilities within the organization but has
rights under privacy laws.
• Can request access, correction, or deletion of their personal data.
• Example: A customer whose personal information is collected and stored by a
company.

• Data Owner/Controller: Accountable for data protection, policy creation, and compliance.
• Data Processor: Manages data processing activities as directed by the data owner.
• Data Custodian: Ensures the technical aspects of data management, such as security and system
administration.
• Data Steward: Focuses on data governance, quality, and compliance from a business perspective.
• Data Subject: Individual whose personal data is being managed; has legal rights concerning their
data.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Data Classification Policy
Purpose of Data Classification Policy:
• Purpose of Data
• Definition: A data classification policy is designed to ensure
Classification Policy
sensitive and valuable information is protected and handled
• Key Considerations for Data
appropriately.
Classification Policy
• Components of an Effective • Importance: Without proper asset classification,
Policy organizations struggle to protect assets, leading to potential
• Factors Determining Asset fines, data breaches, and reputational damage.
Value • Applicability: The policy applies to everyone in the
organization, as everyone will own or use assets.

on
Key Considerations for Data Classification Policy:
• ti
Laws and Regulations: Compliance with legal requirements is
u
fundamental.
tr i b
•
is
Privacy Requirements: Protecting personal and sensitive
D
for
information based on privacy laws.
•
t
Customer Requirements: Meeting contractual obligations

No
and customer expectations for data protection.
•
h a,
Cost of Creation: Consideration of the resources required to

Na
create the asset.

et
• Operational Impact: Understanding the impact on business
je
operations if the asset is compromised.
•
bha
Liability: Assessing potential liabilities if assets are not

l Su
adequately protected.

Co
• Reputation: Impact on the organization’s reputation in case of

By a data breach.

I SSP
r C
fo
es
ot
ell N
orn
C

•The Data Classification Policy is crucial for protecting sensitive and valuable
information.
•It must be consistent, regularly updated, and communicated across the organization.
•Senior management should lead the initiative, with security teams providing support and
asset owners taking responsibility.
•An effective policy should cover all types of assets and include guidelines for retention,
destruction, and archiving.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Data Classification Policy
Components of an Effective Policy:
• Purpose of Data
• Governance by Senior Management: Policy must be driven
Classification Policy
from the top.
• Key Considerations for Data
Classification Policy • Applies to All: The policy should apply to everyone in the
• Components of an Effective organization.
Policy • Clear Definitions:
• Factors Determining Asset • Accountability and Responsibility: Who is
Value accountable and responsible for asset protection?
• Asset Media Types: Define digital, tape, paper, etc.
•
ti on
Supporting Policies: Should include retention, destruction,
and archiving policies.
i bu
•
tr
Alignment with Organizational Goals: The policy structure
s
i
should be driven by the organization’s goals and objectives.
D
for
• Security Involvement: Security teams should consult and
t
provide expertise, while asset owners drive the process.
Factors Determining Asset Value: No
•
h a,
Laws and Regulations: Compliance requirements determine

Na
the need for protection.
•
jeet
Privacy Requirements: Ensuring personal data is protected

ha
as required by law.
•
b
Creation Cost: The cost incurred in creating the asset

l Su
influences its classification.

y Co
• Operational Impact: The impact on operations if the asset is

B lost or compromised.

SP
• Liability: Legal and financial liabilities if the asset is not

CI S properly protected.

for • Reputation: The potential damage to the organization’s

reputation if the asset is breached or mishandled.
es
ot
ell N
orn
C

•The Data Classification Policy is crucial for protecting sensitive and valuable
information.
•It must be consistent, regularly updated, and communicated across the organization.
•Senior management should lead the initiative, with security teams providing support and
asset owners taking responsibility.
•An effective policy should cover all types of assets and include guidelines for retention,
destruction, and archiving.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Information Life Cycle - 1
• Phases of the Information Life
Cycle
• Protection Requirements at
Each Phase
• Impact of Classification on
Data Handling
• Data States and Handling
Procedures
Phases of the Information Life Cycle:
• Create:
• Definition: Generation of new digital content or modification of
existing data.
• Examples: Creating a new document, updating a database
entry.
• Requirements: Data classification should be assigned
immediately by the owner.
• Store:
• Definition: Committing digital data to a storage repository.

on
• Examples: Saving files on a server or database.
• Requirements: Use encryption and secure storage methods
uti
• Use:
based on data classification.
tr i b
•
D is
Definition: Viewing, processing, or using data without

for
modification.
•
t
Examples: Accessing a customer database for reporting.
•
No
Requirements: Ensure data access is restricted to authorized
users only.
h a,
Na
• Share:
Definition: Making data accessible to others, such as
et
•

e
employees or partners.
j
ha
• Examples: Sending data via email, sharing through cloud
b
services.
•
l SuRequirements: Secure transmission methods like encryption

Co
should be employed.

By • Archive:
• Definition: Data leaves active use and enters long-term

I SSP •
storage.
Examples: Moving old project files to an archive server.
r C • Requirements: Apply long-term preservation techniques; limit
fo access.
es
ot
• Destroy:

ll N
• Definition: Permanent destruction of data using physical or
digital means.

rn e • Examples: Shredding documents, performing crypto

C o •
shredding.
Requirements: Ensure complete destruction to prevent
unauthorized recovery.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Information Life Cycle - 2
• Phases of the Information Life
Cycle
• Protection Requirements at
Each Phase
• Impact of Classification on
Data Handling
• Data States and Handling
Procedures
Protection Requirements at Each Phase:
• Different phases require specific security measures.
• Data classification assigned at the creation phase dictates the handling
at all subsequent phases.
• Example: Top-secret data may require encryption in storage and secure
destruction.
Impact of Classification on Data Handling:

on
• Classification level (e.g., Top Secret, Confidential) drives the security
controls applied.
u t i
r i
• Higher classification levels require stronger protections and more
t b
restrictive handling procedures.
is
Data States and Handling Procedures:
fo rD
o t or viewed by users.
, Ninformation on a dashboard.
• Data in Use: Data being processed by applications
•
a
Example: Displaying customer
h controls and real-time
• Requirements: Securea access
monitoring.
e tN
a je in databases or file systems.
• Data at Rest: Data stored
h
b Archived files on a backup server.
•
S u
Example:
• l Requirements: Encryption, access controls, and secure

y Co physical storage.
• BData in Transit: Data moving across networks.
S P
CI S • Example: Sending sensitive information over the internet.

or
• Requirements: Use of secure protocols like HTTPS or VPNs.

s f
o te
ell N
orn
C

• The information life cycle encompasses creation, storage, use, sharing, archiving, and
destruction.
• Each phase requires tailored security measures based on data classification.
• Proper classification at the creation stage ensures appropriate handling throughout the
life cycle.
• Awareness and training on data handling procedures for each phase are crucial for data
security.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Data Remanence
• Defensible Destruction
• Categories of Sanitization
• Secure Data Removal in the
Cloud
Data Destruction
Data Remanence:
• Definition: Residual representation of data that persists even after attempts to
delete or remove it securely.
• Importance: Data remanence can lead to unauthorized data recovery, posing
significant security risks.
• Example: Deleted files on a hard drive that can still be recovered using
specialized software.
Defensible Destruction:
• Definition: The ability to prove that data has been securely and completely
destroyed, leaving no possibility of recovery.
• Purpose: Ensures compliance with data protection regulations and prevents
data breaches.
ti on
i b u
•
securely destroyed.
s tr
Responsibility: Data owners are accountable for ensuring their data is

i
Categories of Sanitization:

fo rD
Destroy:
Description: Physical destruction ofo t
1.
N completely destroys data.
media.
, burning
2.
a
Effectiveness: Most effective method;
h
3.
a
Example: Shredding hard drives, paper documents.
Purge:
e t Nor physical techniques used to sanitize data so
a e Effective but less reliable than destruction.
it cannot bejreconstructed.
1. Description: Logical

2. h
b Overwriting data multiple times, degaussing magnetic
Effectiveness:
3.
S u
Example:

Clear: C
ol media.
By 1. Description: Logical techniques used to remove data, but it may be
SP
reconstructed.

CI S 2. Effectiveness: Least effective method; data could potentially be

recovered.

for 3. Example: Deleting files and emptying the recycle bin.

tes Secure Data Removal in the Cloud:

N o • Challenges: Data stored in cloud environments may be spread across

ell
multiple locations and devices, making secure destruction complex.

orn • Methods: Use of cloud provider tools for secure deletion, encryption before
storing data, and ensuring cloud contracts include data destruction policies.
C

• Data remanence poses a significant risk as data remnants can be recovered.

• Defensible destruction ensures that no data remnants are left, providing legal and
regulatory compliance.
• Sanitization methods vary in effectiveness, with physical destruction being the most
secure.
• Secure data removal in cloud environments requires careful planning and use of
appropriate tools and techniques to ensure data is irrecoverably deleted.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Most Effective/Secure Method of Sanitization
• Media Destruction
Alternative
• Physical Methods
• Degaussing
• Crypto Shredding/Erasure
• Overwrite Wipe/Erasure
• Formatting
Media Destruction:
• Most Secure Method: Incineration.
• Description: Physical destruction by burning, resulting in a puddle of molten
metal.
• Effectiveness: Completely destroys all data, making recovery impossible.
• Use Case: Used when absolute assurance of data destruction is needed and
incineration facilities are available.
Alternative Physical Methods:
1.Shredding:
1. Process: Cutting media into tiny pieces.
2. Limitations: Not foolproof; data recovery is possible with advanced

on
tools and techniques.
2.Disintegrating:
uti
1.
i b
Process: Reduces media to even smaller fragments than shredding.
tr
2.
3.Drilling:
D is
Effectiveness: More secure than shredding but still not infallible.

1.
for
Process: Physically drilling holes through the media.
t
No
2. Limitations: Although the drive is rendered unusable, data on
undamaged portions may still be accessible.
Degaussing:
h a,
Na
• Definition: Application of a strong magnetic field to erase data on magnetic media
(e.g., hard drives, tapes).

eet
• Effectiveness: Destroys data but may also render the media unusable.
j
ha
• Position in Sanitization Spectrum: Sits between destruction and purging.

b
Crypto Shredding/Erasure:
Su
• Definition: Encrypts data with a strong algorithm (e.g., AES-256), then destroys
l
Co
the encryption key.

By • Effectiveness: Data is irrecoverable as long as the key is never found or brute-

forced, and no flaws exist in the algorithm.

SP
• Position in Sanitization Spectrum: Between purging and clearing. If the key is

CI S compromised, data may be recoverable.

Overwrite Wipe/Erasure:

for • Definition: Writing zeroes, ones, or a combination to all sectors of the storage

es device multiple times.

ot • Effectiveness: Considered a clearing technique; some original data may still be

ll N
recoverable.

rn e • Limitations: Multiple overwrite passes may not fully eliminate data remnants.

C o • Formatting:
• Definition: Resets the file system and data structures of a storage device.
• Effectiveness: Least effective method; most data remains on the disk until
overwritten.
• Example: Windows “Quick Format” resets the file address table, but data is still
accessible using recovery tools.

• Incineration is the most secure method of data destruction, followed by other physical methods like
shredding and drilling.
• Degaussing is effective for magnetic media but can damage the media itself.
• Crypto shredding offers a strong logical method if the encryption key is never compromised.
• Overwriting and formatting are the least secure methods and should only be used when physical or
crypto methods are unavailable.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Object Reuse
• Overwriting as a Method
• Object Reuse and the Orange
Book
• Overwriting Guidance
• Evolution
• Current Perspective on
Overwriting
Object Reuse
Definition of Object Reuse:
• Meaning: Refers to the reassignment of storage media or system resources,
such as disk sectors, RAM, or temporary files, without allowing data
previously stored on them to be recovered.
• Purpose: Prevent data remanence, which is the residual representation of
data that remains even after attempts to remove or delete it.
Overwriting as a Method:
• Technique: Uses the process of overwriting data with random or
predetermined patterns (e.g., all zeros or ones) to try to securely erase it.
• Objective: To prevent the possibility of reconstructing the original data from

on
the overwritten media.
ti
• Example: Using a software tool to overwrite each sector of a hard drive
u
multiple times.
tr i b
Object Reuse and the Orange Book:
D is
for
• Origin: The concept comes from the Orange Book (Trusted Computer System
Evaluation Criteria - TCSEC).
t
No
• Requirement: Orange Book standards required certain levels of secure
reassignment of system resources, including memory and internal storage.

h a,
• Implementation: The most common method was overwriting memory

Na
spaces to eliminate data remnants.

jeet
Overwriting Guidance Evolution:

ha
• Historical Guidance: Organizations like NSA and DoD have issued
b
guidelines on how many overwrite passes are required to ensure secure data

Su
removal.
l
Co
• Change Over Time: Recommendations have evolved as data recovery
technologies have improved, making it more challenging to prevent data
By recovery.

SP
• Current Best Practice: Acknowledgement that even multiple overwrite

CI S passes may not be sufficient to prevent all data remanence.

for Current Perspective on Overwriting:

• Clearing vs. Purging:
es
ot
• Clearing: Overwriting is generally considered a "clearing"

ll N
method, meaning it reduces the risk of data recovery but does not
guarantee that data is completely irrecoverable.

rn e • Purging: More rigorous methods, such as degaussing or physical

C o destruction, are necessary for "purging" data, which ensures it

cannot be reconstructed.
• Expert Opinion: Modern experts view any number of overwriting passes as
insufficient for truly secure data destruction, especially with advances in
forensic recovery techniques.

• Object Reuse aims to prevent unauthorized access to data remnants on reassigned storage media.
• Overwriting is the primary method used but is considered "clearing" rather than "purging.
• "Secure Reassignment requires that no residual data be accessible to new users of the media.
• Evolving Standards reflect the need for more robust data destruction techniques as technology
advances.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Solid State Drive (SSD) Data Destruction
Challenges with SSD Data Destruction:
• Challenges with SSD Data
Destruction • Issue: SSDs use flash memory technology, making traditional data
• SSD Technology and Data wiping methods ineffective.
Remanence • Data Remanence: Due to the nature of SSDs, residual data can persist
• Vendor-Specific Tools for even after attempts to delete or overwrite it, posing a security risk.
SSDs
• Preferred Methods for SSD SSD Technology and Data Remanence:
Destruction • Flash Memory Technology: SSDs store data differently from traditional
magnetic hard drives, which prevents the use of conventional overwriting

on
techniques to securely erase data.

uti
•
tr i b
Unique Architecture: SSDs distribute data across multiple cells and use
techniques like wear leveling, complicating the data destruction
process.
D is
Vendor-Specific Tools for SSDs:
t for
• Manufacturer Tools: Many SSD manufacturers
N o provide specific tools or
commands (e.g., Secure Erase, sanitize
securely remove data. h a, functions) that are designed to

a cryptographic erasure, where data

Nsupport
t
jtheekey.
• Crypto Erasure: Some SSDs
is encrypted and then e encryption key is destroyed, making the data
irretrievable withoutathe
u bhfor SSD Destruction:
S
Preferred Methods
l
• Vendor o
C Solutions First: Utilize SSD manufacturer-provided tools or
B y
solutions whenever available, as they are optimized for that specific

S P•
hardware.

CI S Physical Destruction:

for • Most Effective: The only foolproof method to ensure data

tes on SSDs cannot be recovered is to physically destroy the

o device.

ell N • Methods: Shredding or incineration are recommended

orn physical destruction techniques for SSDs.

C • Reason: Physically destroying the drive eliminates the

possibility of data recovery from the flash memory chips.

• SSDs present unique challenges for data destruction due to their use of flash memory.Traditional
overwriting methods are ineffective for SSDs.
• Manufacturer-specific tools should be used first for secure erasure.
• The most secure method for SSD data destruction remains physical destruction, such as shredding
or incineration.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Encryption and Crypto Shredding
• Crypto Shredding Explained
• Use Cases for Crypto
Shredding
• Best Practices in Cloud
Environments
• Challenges with Physical
Destruction in Cloud
Crypto Shredding Explained:
• Definition: Crypto shredding, also known as crypto erasure, involves
encrypting data using a strong encryption algorithm and then securely
destroying all copies of the encryption key.
• Effectiveness: Once the encryption key is destroyed, the data
becomes irretrievable, rendering the information unrecoverable
without the key.
• Application: This method is particularly useful in scenarios where
physical destruction is not possible, such as cloud environments.
Use Cases for Crypto Shredding:
• Cloud Data Management: Ideal for securely deleting data stored in
third-party environments like cloud services. ti on
Remote Environments: In scenarios where physical accessi b
u
•
s r
t for
to media
i
is not feasible, crypto shredding provides a practical alternative

r D for secure
data destruction.
•
fo
Legal and Compliance: Meets compliance requirements
t destruction is
data destruction in scenarios where physical
o
,N
impractical.
Best Practices in Cloud Environments: a
h storing data in the cloud, encrypt it
• a
N as AES-256.
Encrypt All Sensitive Data: Before
using a strong algorithm,tsuch
e
je are Use
•
h akeys
Secure Key Management: secure key management practices to

ub
ensure encryption protected and can be securely destroyed
when necessary.
S
•
C olProvider
Cloud
shredding
Policies: Verify that cloud providers support crypto
and have secure methods for key destruction.
By with Physical Destruction in Cloud:
Challenges

I SS P• Cost and Feasibility: Physical destruction of cloud-stored data is

r C often impractical due to costs, logistical challenges, or lack of physical

access to storage media.
fo
es • Alternative Solutions: Crypto shredding provides a secure and
ot feasible alternative to physical destruction for cloud-stored data.

ell N • Data Remanence: Proper execution of crypto shredding ensures that

data remnants cannot be recovered, thus mitigating data remanence

orn risks in cloud environments.

C

• Crypto shredding is a practical and effective method for securely removing data from third-party
environments, particularly cloud services.
• Physical destruction, while the most secure, may not always be feasible in cloud scenarios.
• Proper encryption and secure key management are crucial for effective crypto shredding.
• Crypto shredding ensures data is unrecoverable by securely destroying the encryption key,
providing a viable solution for cloud data management.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Purpose of Data Archiving
• Retention Requirements
• Challenges in Long-term
Archiving
• Components of an Archiving
Policy
Data Archiving
Purpose of Data Archiving:
• Definition: Data archiving is the process of moving inactive or infrequently
accessed data to a secure and long-term storage solution.
• Importance: Ensures that data is preserved for legal, regulatory, or business
continuity reasons over a specified period.
• Role in Asset Life Cycle: Archiving is a key phase in the data life cycle,
focusing on the protection and availability of data that is no longer actively
used but must be retained.
Retention Requirements:
• Legal and Regulatory: Many regulations, like GDPR, HIPAA, and SOX, have
specific requirements for data retention periods that organizations must
adhere to.
ti on
•
bu
Industry Standards: Certain industries, such as finance and healthcare, have
i
for some health records).
s tr
stringent retention requirements (e.g., 7 years for financial records, 150 years

i
D periods based
•
on business needs or risk management strategies.
fo r
Organizational Policies: Internal policies may dictate retention

Challenges in Long-term Archiving:

o t
Media Longevity: Physical media like tapesN
a, data remains accessible as
• or hard drives may degrade over
technology evolves. h
time. The challenge is ensuring that archived
adata is stored today may not be readable in
• N
Data Format: The format intwhich
the future due to changesein technology or software obsolescence.
a je
•
h
Security Concerns: Archived data must still be protected from unauthorized
b be securely encrypted if it contains sensitive information.
u
access and must
S
Components
o l of an Archiving Policy:
•
y C Periods: Define how long data must be kept based on legal and
Retention

P• B regulatory requirements, business needs, and operational impact.

S Media Type: Specify the types of media suitable for archiving based on

CIS
longevity and cost-effectiveness (e.g., cloud storage, magnetic tape, optical
discs).

for • Data Protection: Ensure proper encryption and access controls for archived

tes data to maintain confidentiality and integrity.

o • Data Recovery: Establish procedures for regular testing of archived data

ll N
recovery processes to ensure data can be restored if needed.

rn e • Archiving Standards: Use established standards like NIST or ISO guidelines to

C o develop archiving protocols that meet industry best practices.

• Data archiving is crucial for meeting legal, regulatory, and business continuity requirements.
• Retention policies must consider long-term accessibility and protection of data.
• A robust archiving policy should address retention periods, media types, data protection, and
recovery procedures to ensure the integrity and availability of archived data over time.
• Continuous review and updates to archiving policies are necessary to adapt to changing regulations
and technological advancements.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Data Archiving Considerations and Policies -1
• Requirements for Protecting
Archived Data
• Considerations for Data
Archiving
• Data Archiving Policies
• Questions to Consider for
Policy Creation
Requirements for Protecting Archived Data:
• Media Type: Choose the appropriate media based on longevity, cost, and
accessibility (e.g., cloud storage, magnetic tape, optical media). The media type
impacts both the durability and the recoverability of archived data.
• Security Requirements: Implement encryption, access controls, and
monitoring to protect archived data, especially if it contains sensitive
information. Archived data should be as secure as active data to prevent
unauthorized access or tampering.
• Availability Requirements: Define the expected recovery time for archived data.
For example, some data may need to be retrievable within hours, while other
data can be restored within days or weeks.

on
• Retention Period: Determine how long data should be kept based on legal,

ti
regulatory, and business requirements. Different types of data may have different
u
b
retention periods (e.g., financial records vs. employee records).

tr i
• Associated Costs: Consider the cost implications of long-term storage
is
solutions, including media costs, management, and retrieval expenses.
D
for
Balancing cost with the required protection and availability is crucial.
Considerations for Data Archiving:
t
No
• Compliance Needs: Ensure that archived data meets all applicable legal,

a,
regulatory, and industry standards, such as PCI DSS, GDPR, or HIPAA.

h
• Data Format: Data should be archived in a format that remains accessible and

Na
usable over time, despite changes in technology. It’s important to consider

et
whether the format will be supported in the future.

je
• Data Integrity: Regular checks should be conducted to ensure that the data has

ha
not been corrupted or altered during the archiving process.
b
• Policy Awareness: Employees must be educated on the importance of following
Su
archiving and retention policies to ensure compliance and data integrity.
l
Co
Data Archiving Policies:

By • Archiving/Retention Policy: Policies should be developed to align with legal,

regulatory, and business requirements. They should clearly define retention

SP
periods, protection measures, and procedures for archiving and retrieval.

CI S • Classification of Records: Data should be classified according to its value,

sensitivity, and required retention period. This classification will guide the

for archiving process.

es • Employee Education: Employees should be trained on archiving procedures, the

ot importance of following policies, and the tools available to them for proper data

ll N
management.

rn e .

C o

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Data Archiving Considerations and Policies -2
• Requirements for Protecting
Archived Data
• Considerations for Data
Archiving
• Data Archiving Policies
• Questions to Consider for
Policy Creation
Questions to Consider for Policy Creation:
• Who Needs Access to the Data? Define roles and responsibilities for accessing
archived data. Not all users will need the same level of access to archived
information.
• Do Access Requirements Change Over Time? Consider if access permissions
will change as the data ages. For example, data that was once highly sensitive
may not need the same level of protection after a certain period.
• How Long Does Data Need to be Kept? Determine the appropriate retention
period based on legal, regulatory, and business requirements. Some data may
need to be kept indefinitely, while other data may have shorter retention needs.
• What are the Data Disposal Requirements? Define secure disposal methods

on
for data once it is no longer needed. This could involve physical destruction, data
wiping, or crypto shredding to ensure data is not recoverable.
uti
tr i b
D is
t for
No
h a,
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Data archiving is a critical component of data management that ensures long-term data protection,
accessibility, and compliance with regulatory requirements.
• Proper archiving policies must address media type, security, availability, retention periods, and
associated costs.
• Effective policies are based on comprehensive considerations, including legal compliance, data
integrity, and future-proofing data access.
• Employees should be educated on archiving policies and procedures to ensure adherence and
proper data handling throughout the data life cycle.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Data Security Controls and Compliance Requirements - 1
Classification and Baseline
Security Controls
Data States and Security
Requirements
Data at Rest Security Controls
Data in Transit Security Controls
Data in Use Security Controls
Classification and Baseline Security Controls:
•Definition: Security controls must be aligned with the classification level of the
asset, ensuring that data receives protection based on its value and sensitivity.
•Importance: Without proper baseline security controls, sensitive data may be
vulnerable to unauthorized access or breaches.
•Baselines for Different Classifications: Each classification level (e.g., top secret,
secret) has a predefined set of security controls that must be met to protect data
appropriately.
•Example: A top secret document might require encryption, multi-factor

on
authentication, and restricted access, whereas a less sensitive document might only
require basic access controls.
uti
Data States and Security Requirements:
tr i b
•Three States of Data:
D is
•
o r
Data at Rest: Inactive data stored on physical or digital media.
f
•
o t
Data in Transit: Data actively moving across networks.

, N
• Data in Use: Data actively being
h a processed by applications or users.

a security controls are applied based on

•Security Controls Vary by State: Different
N
et
whether the data is at rest, in transit, or in use.

je
a and not actively moving or being used. Examples
Data at Rest Security Controls:

b hstored
include files on a u
•Definition: Data that is

l S hard drive, databases, or archived documents.

Co
•Security Measures:
y
PB
• Encryption: Ensures data is unreadable without the appropriate

I SS decryption key. Common algorithms include AES-256.

r C • Access Control: Implements strict permissions to ensure only

fo authorized users can access the data.

es Backup and Restoration: Regular backups and the ability to restore

ot
•
data to prevent data loss.

ell N •Example: A financial database stored on a server should be encrypted and only

orn accessible to authorized personnel.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Data Security Controls and Compliance Requirements -2
Data in Transit Security Controls:
Classification and Baseline
• Definition: Data actively moving across networks, such as through the internet
Security Controls or internal network communications.
Data States and Security
Requirements • Security Measures:
Data at Rest Security Controls • Access Control: Controls access to data being transmitted, ensuring
Data in Transit Security Controls only authorized entities can send or receive the data.
Data in Use Security Controls • Network Encryption: Methods such as HTTPS, VPN, and TLS/SSL
encrypt data as it travels between points to prevent interception.
• End-to-End Encryption: Ensures data is encrypted at the source and
only decrypted by the intended recipient.
ti on
•
bu
Link Encryption: Encrypts data at each link between nodes, but data
i
may be decrypted at each node.
s tr
Onion Routing: Adds multiple layers of encryption ito
rD
• mask data as it
travels through multiple nodes.
f o
t should use end-to-end
• Example: Sensitive emails sent between employees
o
encryption to ensure confidentiality.
a ,N
• Data in Use Security Controls:
a h
e t asNit is typically
• Definition: Data actively being processed by applications, viewed by users, or

je
modified. It is most vulnerable unencrypted.
• Security Measures:
b ha
u
SHomomorphic
•
l Encryption: Allows computations to be carried out

Co confidentiality during processing.

on encrypted data without decrypting it, maintaining data

y
S P B • Role-Based Access Control (RBAC): Assigns permissions based on
roles within the organization, restricting access to data based on job

CI S functions.

for • Data Recovery Plan (DRP): Ensures that data can be recovered if it is

es lost or corrupted during use.

ot • Data Loss Prevention (DLP): Monitors and prevents unauthorized

ell N data transfers or leaks during use.

orn • Example: A user viewing sensitive HR data in a secure application should have

C
RBAC controls that limit what they can see or edit.

• Security controls must be adapted based on the state of the data —at rest, in transit, or in use.
• Baseline security controls aligned with the data’s classification level ensure effective protection.
• Data at rest requires encryption and access controls, data in transit needs network encryption and
secure transmission methods, and data in use requires advanced measures like homomorphic
encryption and DLP.
• Proper implementation of security controls for each data state mitigates risks and ensures
compliance with regulatory requirements.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Data Archiving Considerations and Policies - 1
• Requirements for Protecting
Archived Data
• Considerations for Data
Archiving
• Data Archiving Policies
• Questions to Consider for
Policy Creation
Requirements for Protecting Archived Data:
• Media Type: Choose the appropriate media based on longevity, cost,
and accessibility (e.g., cloud storage, magnetic tape, optical media). The
media type impacts both the durability and the recoverability of archived
data.
• Security Requirements: Implement encryption, access controls, and
monitoring to protect archived data, especially if it contains sensitive
information. Archived data should be as secure as active data to prevent
unauthorized access or tampering.

on
• Availability Requirements: Define the expected recovery time for
t
archived data. For example, some data may need to be retrievable within
u i
hours, while other data can be restored within days or weeks.
r i b
tbased on
• Retention Period: Determine how long data should be kept
is
Dvs. employee
o r
legal, regulatory, and business requirements. Different types of data may

tf
have different retention periods (e.g., financial records
records).
N o
• Associated Costs: Consider the cost ,implications
solutions, including media costs, h a of long-term storage

Balancing cost with the requiredaprotection and availability is crucial.

management, and retrieval expenses.

Considerations for Datae e tN

ajEnsure that archived data meets all applicable
Archiving:
h
ub and industry standards, such as PCI DSS, GDPR, or
• Compliance Needs:
S
legal, regulatory,
HIPAA. l
o
CFormat:
B y
• Data Data should be archived in a format that remains

S P accessible and usable over time, despite changes in technology. It’s

CI S important to consider whether the format will be supported in the future.

for • Data Integrity: Regular checks should be conducted to ensure that the
data has not been corrupted or altered during the archiving process.
es
ot • Policy Awareness: Employees must be educated on the importance of

ll N
following archiving and retention policies to ensure compliance and data

rn e integrity.

C o

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Data Archiving Considerations and Policies -2
• Requirements for Protecting
Archived Data
• Considerations for Data
Archiving
• Data Archiving Policies
• Questions to Consider for
Policy Creation
Data Archiving Policies:
• Archiving/Retention Policy: Policies should be developed to align with
legal, regulatory, and business requirements. They should clearly define
retention periods, protection measures, and procedures for archiving
and retrieval.
• Classification of Records: Data should be classified according to its
value, sensitivity, and required retention period. This classification will
guide the archiving process.
• Employee Education: Employees should be trained on archiving

ti on
procedures, the importance of following policies, and the tools available
to them for proper data management.
i bu
Questions to Consider for Policy Creation:
s tr
i
D level of access
fo
accessing archived data. Not all users will need the r
• Who Needs Access to the Data? Define roles and responsibilities
same
for

to archived information.
o t
, N
permissions will change as the data a
• Do Access Requirements Change Over Time? Consider if access

a hthe same level of protection after a

ages. For example, data that was

tN
once highly sensitive may not need
certain period.
e
e to be Kept? Determine the appropriate
jNeed
• How Long Does Data
h a
retention periodbbased on legal, regulatory, and business requirements.
Some dataS u to be kept indefinitely, while other data may have
l may need
shorteroretention needs.
C
y are the Data Disposal Requirements? Define secure disposal
B
• What

SP destruction, data wiping, or crypto shredding to ensure data is not

methods for data once it is no longer needed. This could involve physical

CI S recoverable.

for
tes
o
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Protecting Data at Rest
Definition of Data at Rest:
• Definition of Data at Rest • Definition: Data that is stored and not actively moving through networks or
• Methods for Protecting Data being processed. It remains in a stationary state on various types of storage
media.
at Rest
• Importance of Encryption for • Examples: Files stored on hard drives, databases on servers, archived
documents, and backups.
Cloud Migration
Methods for Protecting Data at Rest:
Encryption:
1. Purpose: Ensures data is unreadable without the correct decryption
key, protecting confidentiality.
2. Techniques: Strong encryption algorithms like AES-256 should be
used to secure data stored on devices or within databases.
ti on
3.
i bu
Cloud Considerations: Before migrating data to the cloud, it should
be encrypted locally to protect it from unauthorized access during
and after the transfer.
str
4.
i
Example: Encrypting financial records on a local server before
D
for
uploading them to a cloud storage provider.
Access Control:
t
1.
No
Purpose: Limits access to stored data to only those who have proper

a,
authorization.
2.
h
Techniques: Implementing role-based access control (RBAC) and

Na
least privilege principles to ensure only necessary personnel can
access sensitive information.
3.
je et
Example: Restricting access to a company's customer database to
only members of the customer service and IT departments.

b haEnsures that data can be recovered in the event of

Backup and Restoration:
1. u accidental deletion, or disaster.
Scorruption,
Purpose:
l
y C2.o Techniques: Regular backups should be scheduled and securely
stored, either on-site, off-site, or in the cloud.

PB
3. Example: Daily backups of a company’s financial transactions,

I SS stored securely off-site, to ensure continuity in case of a data loss

event.

r C Importance of Encryption for Cloud Migration:

fo
es • Challenge: Migrating sensitive data to the cloud poses risks, including

ot
unauthorized access during transit and storage.

N Solution: Data should be encrypted locally, prior to migration, to maintain

ell
•
confidentiality and integrity.

orn • Example: Encrypting sensitive HR data with AES-256 encryption before

C
transferring it to a cloud storage solution ensures that even if the data is
intercepted during transfer, it cannot be read without the decryption key.

• Protecting data at rest is crucial for maintaining its confidentiality, integrity, and availability.
• Key protection methods include encryption, access control, and backup/restoration.
• Encrypting data before migrating to the cloud is the best way to ensure its security during and
after the transfer.
• Organizations should establish a comprehensive data protection strategy tailored to their
specific needs and compliance requirements.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Protecting Data in Transit -1

• Definition of Data in Transit Definition of Data in Transit:

• Methods for Protecting Data • Definition: Refers to data that is actively moving across networks, such as the
in Transit internet or internal networks, from one location to another.
• End-to-End Encryption
• Examples: Data being sent from a user's computer to a cloud service, or files
• Link Encryption transferred between servers within an organization's network.
• Onion Network
Methods for Protecting Data in Transit:
Access Controls:
1. Purpose: Restricts who can send and receive data, ensuring only
authorized entities can access the data.
ti on
2.
bu
Techniques: Implementing firewall rules, user authentication, and
i
permission management to secure data flows.
str
Encryption:
D i
1.
t for
Purpose: Encrypts data to prevent unauthorized parties from reading

No
it during transmission.
2.
a,
Techniques: Various encryption methods such as TLS/SSL, VPN
h
encryption, and secure email encryption.

Na
et
End-to-End Encryption:

je
ha
• Definition: Encrypts the data portion of a packet from the source to the

b
destination. The data remains encrypted through every node it passes, only being

Su
decrypted at the destination.
l
C• o Ensures data confidentiality throughout transmission.
• Advantages:

By
I SSP• • Data remains protected even if intercepted by unauthorized nodes.

C Limitations:

for • Routing information, such as source and destination IP addresses, is

tes visible, which may reveal communication patterns.

N o • Example: Virtual Private Networks (VPNs) use end-to-end encryption to secure

ell
communication between a user and a remote network.

orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Protecting Data in Transit - 2
Link Encryption:
• Definition of Data in Transit
• Methods for Protecting Data • Definition: Encrypts both the packet header and data between each node on a
network path. Data is decrypted and re-encrypted at each node.
in Transit
• End-to-End Encryption • Advantages:
• Link Encryption • Hides routing information between nodes.
• Onion Network
• Protects data from being intercepted between individual nodes.
• Limitations:
• Data is exposed in plaintext at each node, making each node a
potential attack point.
t i on
• Higher processing overhead due to repeated encryption and
i b u
decryption at each node.
s tr
i
rD
• Example: Used by data communication providers to secure data on specific
network links such as satellite or leased lines.
t fo
Onion Network:
o
a , itsNlayer
• Definition: A method of encrypting data multiple times and sending it through

a h
multiple nodes, each of which decrypts only before passing it to the

tN
next.

e
aje by concealing both the sender's and receiver's
• Advantages:
•
b h
Provides anonymity

S u
identities.
• l Data is encrypted in layers, with each node only knowing the previous

y Co and next node.

• B
S P Limitations:

CI S • Slower transmission speeds due to multiple encryption and

decryption processes.

for
s
• Increased complexity in implementation.

o te • Example: The Tor network uses onion routing to enable anonymous

ll N
communication.

rn e
C o

• Protecting data in transit is crucial to ensure its confidentiality and integrity during transmission.
• End-to-end encryption is effective for secure communication, but does not conceal routing
information.
• Link encryption hides routing information between nodes but exposes data at each node.
• Onion networks provide enhanced anonymity but can be complex and slow.
• Choosing the right encryption method depends on the security requirements and potential risks
associated with the data in transit.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Onion Network Encryption - 1
• Definition of Onion Network
• How Onion Network Works
• Advantages of Onion Network
• Comparison with End-to-End
and Link Encryption
• Challenges and Limitations
Definition of Onion Network:
• Definition: An encryption method that uses multiple layers of encryption
to provide complete confidentiality and anonymity for data in transit.
• Purpose: To protect both the data and the identities of the sender and
receiver by obscuring the communication path through multiple nodes.
How Onion Network Works:
Multi-layer Encryption:
• Data is encrypted in multiple layers, similar to the layers of an
onion.
•
ti on
At the first node, multiple layers of encryption are applied, with

the network.
i bu
each layer designed to be decrypted by a subsequent node in

s t r
Node-by-Node Decryption:
i
•
f o r Dof thelayer
As data moves through each node, the outermost of

o tuntil the data reaches its

encryption is removed, revealing the address next node.
•
, Nlayer is decrypted to reveal the
This process continues at every node
a
final destination, where the last
h
plaintext data.
a
Address Hiding:
e t N the address of the previous node and
•
h ajeeffectively hiding the source and destination
Each node only
the next node,
knows

ub from all intermediary nodes.

addresses
S
C olof Onion Network:
y
Advantages
B
S P
Confidentiality and Anonymity:

CI S • Provides complete confidentiality of the data in transit.

or
• Ensures anonymity for both sender and receiver, as only

s f adjacent nodes know their respective addresses.

o te Protection Against Traffic Analysis:

ll N
• The layered encryption and address hiding prevent tracking

rn e and traffic analysis, making it difficult to trace the path of the

C o Example:
data.

• The Onion Router (TOR) is a widely known example of an onion

network that provides secure and anonymous communication
over the internet.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Onion Network Encryption - 2
Comparison with End-to-End and Link Encryption:
• Definition of Onion Network
• How Onion Network Works 1.End-to-End Encryption:
• Advantages of Onion Network 1. Encrypts data throughout the journey but does not hide routing
• Comparison with End-to-End information.
and Link Encryption
2. Onion network provides additional anonymity by hiding routing
• Challenges and Limitations
information.
2.Link Encryption:
1. Encrypts data and header information between nodes but
decrypts it at each node, exposing data at each point.
ti on
2.
bu
Onion network keeps data encrypted throughout, revealing
i
only routing information for the next node.
str
D i
for
Challenges and Limitations:
1.Performance Overhead:
ot
1. Slows down transmission speedN
encrypting and decrypting a, layers at each node.
due to the process of
h multiple
a technology for efficient decryption
t N
2. Requires high-performance
at each node. e

h aje
2.Complex Implementation:

S ubup an onion network is more complex compared to

olother encryption methods.
1. Setting

C
y 2. Maintenance and management of such a network can be
P B resource-intensive.
S
CIS
for
tes
o
ell N
orn
C

• The onion network is an advanced encryption method that provides both confidentiality and
anonymity for data in transit.
• It uses multiple layers of encryption, with each node only able to decrypt one layer, revealing the next
node's address.
• TOR is a prime example of an onion network, widely used for anonymous communication.
• Although highly effective in protecting data and identities, it comes with performance and complexity
challenges.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Information Obfuscation Methods - 1
• Definition of Obfuscation
• Purpose and Benefits of
• Information Obfuscation
• Common Obfuscation
Methods
• Real-World Examples of
Obfuscation
• Key Benefits and Limitations
Definition of Obfuscation:
• Definition: Obfuscation is the act of making something obscure, unclear, or
unintelligible to hide or mask information.
• Purpose: It is used to protect sensitive data, code, or information from
unauthorized access while maintaining the functionality of the system.
Purpose and Benefits of Information Obfuscation:
1.Security Enhancement:
• Example: Hiding sensitive data like Social Security numbers in
customer-facing applications.
•
i on
Benefit: Reduces the risk of data breaches by making it difficult for
t
attackers to understand or access valuable information.
i b u
2.Compliance with Regulations:
s r
tcustomer data
i
rD
• Example: Using encryption or data masking to protect
in line with GDPR requirements.
fo
tand regulatory standards for
•
N o
Benefit: Ensures compliance with legal
data privacy and protection.
a,
3.Safe Development and Testing:
a h
•
e t N obfuscation to hide API keys or sensitive
Example: Developers use

aje sensitive information from being exposed in non-

configurations in source code.
•
h
Benefit: Prevents

S ub environments or during software development.

production

ol
Common Obfuscation Methods:

y C• Data:
1.Concealing
B
S P Description: Completely removes access and visibility to sensitive

CI S data. Users cannot see or access the concealed data field.

for • Example: An employee database where the "Salary" field is not

visible to non-HR personnel.
es
ot
• Use Case: Prevents unauthorized users from even knowing that

ll N
certain data fields exist.

rn e
C o

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Information Obfuscation Methods - 2
• Definition of Obfuscation
• Purpose and Benefits of
• Information Obfuscation
• Common Obfuscation
Methods
• Real-World Examples of
Obfuscation
• Key Benefits and Limitations
1.Pruning Data:
• Description: Removes sensitive data from fields, but the attribute
remains visible as an empty placeholder.
• Example: In a test environment, the "Email" field is visible but does
not contain real email addresses.
• Use Case: Allows system functionality testing without exposing real
data.
2.Fabricating Data:
• Description: Generates fictitious data to replace real sensitive data,
ensuring functionality testing without exposing real information.
t i on
• Example: Using generated names and addresses instead of real
i bu
customer data in a software demo.
s r
twithout risk of
i
rD
• Use Case: Facilitates safe testing and demonstrations
exposing sensitive information.
t fo
3.Trimming Data:
o
•
a , N revealing only necessary
Description: Partially hides data values,
parts for identification.
Example: DisplayingN ahthe last four digits of credit card numbers
et
• only

je
(e.g., XXXX-XXXX-XXXX-1234).
•
whileb
haProvides sufficient information for identification purposes
Use Case:

Su
protecting the full value.
4.EncryptinglData:

y C•o Description: Converts data into ciphertext using encryption

B
SP
algorithms, and decryption is only possible with the appropriate key.

CI S • Example: Encrypting sensitive customer data like Social Security

r
numbers stored in a database.

fo • Use Case: Protects data at rest and in transit, making it unreadable

es
ot
without proper decryption keys.

ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Information Obfuscation Methods - 3
Real-World Examples of Obfuscation:
• Definition of Obfuscation
1.Healthcare Systems:
• Purpose and Benefits of
1. Concealing patient medical records from non-medical staff to ensure
• Information Obfuscation
• Common Obfuscation patient confidentiality.
Methods 2.Financial Applications:
• Real-World Examples of 1. Trimming data in customer service interfaces to show only the last
Obfuscation four digits of a credit card for verification purposes.
• Key Benefits and Limitations 3.Software Development:
1. Using obfuscation in source code to hide sensitive application
configurations and API keys.
t i on
Key Benefits and Limitations:
i bu
1.Benefits:
s r
t and data
Enhanced Security: Reduces risk of unauthorizediaccess
rD
1.
breaches.
fo
tregulatory and compliance
2. Compliance: Helps organizations meet
N o
requirements.
a,
3.
a
Safe Testing Environments: h Allows safe testing and development
e tN
without exposing real data.
2.Limitations:
je
aImplementation:
1.
b
Complex h Some obfuscation techniques can be

Su
difficult to implement and maintain.
2. l Performance Impact: Methods like encryption can slow down

y Co system performance.
S P B 3. Not Foolproof: Skilled attackers may still bypass certain obfuscation
CI S methods, so it must be used as part of a layered security approach.

for
es
ot
ell N
orn
C

• Information obfuscation methods such as concealing, pruning, fabricating, trimming,

and encrypting data are crucial for protecting sensitive information.
• They serve to enhance security, comply with data protection regulations, and support
safe testing and development environments.
• While effective, obfuscation should be part of a comprehensive security strategy to
ensure optimal data protection and privacy.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Digital Rights Management (DRM)
Definition of DRM:
Definition of DRM
•Definition: DRM is a system of IT components and services, supported by laws and
Purpose of DRM
business models, designed to control and protect intellectual property (IP) and its
Examples of Intellectual
rights.
Property Protected by DRM
DRM Techniques •Source: Defined by NIST SP 500-241, it includes concerns such as product
Legal Basis for DRM in the U.S. authenticity, user charges, terms-of-use, and expiration of rights.
Information Rights Management Purpose of DRM:
(IRM) 1.Protection of IP Assets:
1. Goal: DRM aims to protect copyrighted or proprietary content from
unauthorized use, distribution, or modification.
ti on
2.
bu
Example: Prevents illegal copying or sharing of digital media like
i
movies and music.
str
2.Control and Distribution:
D i
1.
f o r
Function: Helps IP owners control how their content is used, shared,
and distributed. t
ousers only, preventing
N
a,
2. Example: Limiting access to licensed
unlicensed sharing.
Examples of Intellectual PropertyN
h
a by DRM:
1.Movies and Video Content:e
t Protected

1.
h ajeunauthorized copying and sharing of movies on
DRM prevents

S ub like Netflix or Amazon Prime Video.

platforms

ol Services like Apple Music and Spotify use DRM to ensure only paying
2.Digital Music:
C
By
1.

SP3.eBooks:
subscribers can access their music libraries.

CI S
for 1. Platforms like Kindle or Google Books restrict copying, printing, and
sharing of eBooks to protect the rights of authors and publishers.
s
ote
4.Video Games:

ll N
1. DRM prevents the installation and use of pirated copies of games,

rn e ensuring only legitimate purchases are playable.

C o 5.Cable and Satellite Services:

1. Prevents unauthorized access to paid content, such as premium TV
channels.
.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Digital Rights Management (DRM)
DRM Techniques:
Definition of DRM
1.Licensing Agreements:
Purpose of DRM
1. Description: Agreements that specify terms and conditions under
Examples of Intellectual
Property Protected by DRM which users can access and use the content.
DRM Techniques 2. Example: Software licenses that restrict the number of installations
Legal Basis for DRM in the U.S. or devices.
Information Rights Management 2.Encryption:
(IRM) 1. Description: Securing content by converting it into a format that is
unreadable without a decryption key.
2. Example: Movies encrypted with DRM can only be played on
ti on
authorized devices.
i bu
3.Digital Tags:
s r
t that links it
i
r D sharing.
1. Description: Embedding information within the content

fo
to a specific user or license, preventing unauthorized
t that identifies the rightful
2. o
Example: A watermark or digital fingerprint
N
owner.
a ,
4.Copy Protection Technologies:
a h
1.
t N that restrict the ability to copy or transfer
Description: Technologies
e
content.
Example:a
je
2.
h Blu-ray discs that use Advanced Access Content System

S ub to prevent illegal copying.

(AACS)

ol DRM in the U.S.:

Legal Basis for
•DigitalC
B y Millennium Copyright Act (DMCA):

S P • Enacted: 1998

CI S • Purpose: Provides legal recourse for violations of DRM protections

for and infringement on the rights of IP holders.

Significance: Supports the enforcement of DRM by making
s
•

ote circumvention of DRM protections illegal.

N
ell
Information Rights Management (IRM):

rn
1.Definition: A subset of DRM focused on protecting sensitive documents within an

C o organization from unauthorized access and usage.

2.Use Case:
1. Example: Companies using IRM to restrict the sharing, copying, or
printing of confidential documents to only authorized personnel.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Digital Rights Management (DRM)
Key Benefits of DRM:
Definition of DRM
1.Protection of Revenue Streams: Ensures that content creators and owners can
Purpose of DRM
monetize their work without unauthorized distribution cutting into profits.
Examples of Intellectual
Property Protected by DRM 2.Control Over Content Usage: Allows rights holders to specify exactly how their
DRM Techniques content can be used and shared.
Legal Basis for DRM in the U.S. 3.Legal Enforcement: Provides a framework for legal action against those who
Information Rights Management attempt to bypass or violate DRM protections.
(IRM) Challenges and Limitations of DRM:
1.User Frustration: Legitimate users may find DRM restrictions inconvenient or
overly restrictive.
ti on
bu
2.Circumvention: Skilled attackers may still find ways to bypass DRM, despite legal
i
protections.
st r
i
rD
3.Performance Impact: DRM technologies can sometimes degrade the
performance of the protected content or platform.
t fo
o
a ,N
a h
e tN
h aje
S ub
C ol
B y
S P
CI S
for
es
ot
ell N
orn
C

• DRM protects intellectual property assets and the rights of their owners by controlling and restricting
access and usage.
• Techniques include licensing agreements, encryption, digital tags, and copy protection technologies.
• Legal support is provided by the DMCA in the United States, which outlaws the circumvention of DRM
protections.
• Information Rights Management (IRM) applies similar principles to protect organizational documents.
• While DRM effectively protects IP, it can also present challenges such as user frustration and potential
circumvention.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Data Loss Prevention (DLP) -1
• Definition of DLP
• DLP Data Activities
• Purpose and Importance of
DLP
• DLP in Different Data
Contexts
• DLP Tools and Techniques
• Regulations and
Compliance Requirements
Definition of DLP:
• Definition: Data Loss Prevention (DLP) refers to a system’s ability to identify,
monitor, and protect data through deep packet content inspection and
contextual security analysis.
• Source: Defined by NIST, DLP focuses on data in use, data in motion, and data
at rest.
• Scope: Unlike DRM, which is specific to intellectual property, DLP is more all-
encompassing and covers a broader range of data types.
DLP Data Activities:
1.Data in Use:
1. Description: Data actively being processed or used on endpoints

on
(e.g., copying data to external devices).
ti
2. Protection Techniques: Monitoring and controlling user actions
u
2.Data in Motion:
tr b
like copy-paste, print screen, or data transfer to USB drives.
i
D is
1. Description: Data being transmitted across networks, including

for
internal and external networks.
t
2. Protection Techniques: Network monitoring, deep packet

No
inspection, and encryption to detect and prevent unauthorized

a,
data transfer.
3.Data at Rest:
h
Na
1. Description: Data stored on devices like hard drives, databases,

jeet
or cloud storage.
2. Protection Techniques: Scanning storage devices, encryption,

bha
and monitoring of access to stored data.

Su
Purpose and Importance of DLP:
l
1.Prevent Data Breaches:

y Co1. Goal: DLP aims to detect and prevent unauthorized access, use,

B or transfer of sensitive data.

SP
2. Example: Blocking an employee from sending confidential
company data via personal email.

CI S 2.Protect Sensitive Information:

for 1. Types of Data: Includes organizational data (trade secrets,

es proprietary information) as well as customer, vendor, and

ot
employee data (PII).

ll N
2. Example: Preventing unauthorized access to customer credit
card information stored in the database.

rn e 3.Comply with Regulations:

C o 1. Laws and Standards: Compliance with data protection laws like

GDPR, HIPAA, and industry-specific regulations.
2. Example: Ensuring no unauthorized sharing of personal health
information (PHI) in healthcare settings.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Data Loss Prevention (DLP) -2
DLP in Different Data Contexts:
• Definition of DLP
1.Endpoint Protection:
• DLP Data Activities
• Purpose and Importance of 1. Focus: Monitoring data in use on devices like laptops and
desktops.
DLP
• DLP in Different Data 2. Example: Preventing copying of sensitive data to unencrypted
Contexts USB drives.
• DLP Tools and Techniques 2.Network Protection:
• Regulations and 1. Focus: Monitoring data in motion across networks.
Compliance Requirements 2. Example: Detecting and blocking unauthorized emails
containing sensitive attachments.
t i on
3.Storage Protection:
i bu
1. Focus: Protecting data at rest in databases or filerservers.
i s t stored on
rD
2. Example: Scanning and encrypting sensitive data
servers.
t fo
DLP Tools and Techniques:
N o
1.Content-Aware Tools:
a ,
a
1. Functionality: Scan and hanalyze content based on predefined
t Nand blocking transmission of social
patterns or keywords.
e
aje or credit card information.
2. Example: Detecting
h
security numbers
ub Analysis:
2.Contextual Security
S
1. l Attributes Monitored: Originator, data object, medium,

y Co timing, recipient/destination.
PB
2. Example: Blocking a file transfer based on the context, such

I SS as an unusual time or unknown recipient.

r C 3.Encryption:

fo 1. Role: Ensures data cannot be read or accessed by

es unauthorized users during transit or storage.
ot
ll N
2. Example: Using encryption to protect emails containing
confidential information.

rn e
C o

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Data Loss Prevention (DLP)-3
• Definition of DLP
• DLP Data Activities
• Purpose and Importance of
DLP
• DLP in Different Data
Contexts
• DLP Tools and Techniques
• Regulations and
Compliance Requirements
3.PCI DSS (Payment Card Industry Data Security Standard):
Regulations and Compliance Requirements:
1.GDPR (General Data Protection Regulation):
1. Requirement: Protect personal data of EU citizens and ensure
it is not processed without proper authorization.
2. DLP Role: Ensures compliance by monitoring and controlling
data transfers involving EU personal data.
2.HIPAA (Health Insurance Portability and Accountability Act):
1. Requirement: Protect personal health information (PHI) from
unauthorized access or disclosure.
ti on
2.
bu
DLP Role: Prevents unauthorized sharing or use of PHI in
i
healthcare environments.
s tr
D i
fo rcard

o t
1. Requirement: Secure handling of credit information.

, N cardholder data during

2. DLP Role: Monitoring and protecting
storage, processing, and a
a h transmission.
Key Benefits of DLP:
e t Ndata leaks and unauthorized access,
e
1.Risk Mitigation: Helpsjprevent
a breaches.
h
reducing the risk of data

S ub
reducing o l and financialSupports
2.Compliance
legal
Assurance: adherence to regulatory requirements,
penalties.

B y C Protection: Prevents potential damage to organizational

3.Reputation

S Preputation due to data breaches or leaks.

CI S Challenges of DLP:

for 1.Complex Implementation: Requires integration across multiple systems

es and endpoints.

N ot 2.Performance Impact: Can impact system performance due to intensive

rn ell monitoring and scanning activities.

C o 3.User Resistance: Employees may find DLP measures restrictive or

intrusive, leading to resistance.

• DLP is a comprehensive approach to data protection, focusing on identifying,

monitoring, and securing data in use, in motion, and at rest.
• Effective DLP ensures compliance with various regulatory requirements, protects
sensitive data, and helps prevent data breaches.
• Implementation involves multiple tools and techniques such as encryption, content-
aware tools, and contextual security analysis, and must be balanced with usability and
performance.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
CISSP 2024 Cornell Notes
by Col Subhajeet Naha, Retd, CISSP
Domain 3 : Security Architecture and Engineering
 Security Architecture and Engineering (Domain 3)
• Definition of Security
Architecture and Engineering
• Key Responsibilities of
Security Professionals
• Involvement of Security in the
Engineering Life Cycle
Definition of Security Architecture and Engineering
• Security Architecture and Engineering refer to the principles,
structures, and standards used to design, implement, monitor, and
secure various systems, applications, operating systems,
networks, and controls.
• This domain encompasses how to enforce appropriate levels of
security across architectures.
Key Responsibilities of Security Professionals
• The primary responsibility is to design, build, and implement
ti on
security architectures that align with corporate goals.
i bu
•
s tr
Security professionals focus on creating efficient and cost-effective
i
rD
security solutions that support governance initiatives and ensure
compliance with regulations.
f o
t Cycle
Involvement of Security in the Engineeringo
N Life
Security should be incorporateda at,the beginning of the engineering
•
a h
t ofNsecurity professionals is necessary
life cycle.
• Continuous involvemente
je of system development and implementation
h a
throughout all phases
ub integrity and protection of the system.
to maintain the
S
• Thiso l ensure that security measures are proactive, rather than
helps
y C
reactive, addressing potential risks early.

P B
I SS
r C
fo
es
ot
ell N
orn
C

• Security Architecture and Engineering ensure secure systems by designing and

implementing robust architectures.
• Security professionals must align their security measures with organizational goals and
be involved throughout the engineering life cycle to ensure efficient and comprehensive
security.
• The domain highlights the need for early and continuous security involvement during the
engineering process.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Security’s Involvement in Design and Build
Meaning of Security Architecture
• Meaning of Security • Architecture refers to a design or structure made up of various
Architecture components working together for a specific purpose.
• Enterprise Security
• Security architecture involves protecting each component of this
Architecture structure. For example, securing a laptop includes hardware (e.g.,
• Definition of Engineering in motherboard), software (e.g., operating system), and firmware.
Security Context Enterprise Security Architecture
• Security’s Role in the
• Enterprise Security Architecture extends the concept of security
Engineering Life Cycle architecture to the entire organization.
• Importance of Security by
It involves securing all components of an enterprise, including people,
on
Design •
technology, processes, functions, information, hardware, and
networks. t
u toi
•
t r i b
Each component needs protection based on its value and criticality
the organization.
is
Definition of Engineering in Security Context
fo rD
Engineering involves designing and building tsolutions through a series
of structured phases, often referred to as o
•
N the engineering life cycle.
• Phases include: Concept → Design
h a,→ Build → Test → Implement →
Nathroughout all these phases.
Maintain → Dispose.
t
jee Life Cycle
• Security should be integrated
Security’s Role in theaEngineering
b h
•
S u
Security must be involved from the very beginning of the design and
l
build process.
o
•
y C to vulnerabilities
Common Mistake: Security is often considered an afterthought,
B leading and inefficiencies.
P• Best Practice: Integrate security from the start for a secure, cost-
I SS effective solution. This approach is known as Security by Design.

r C Importance of Security by Design

fo
es • Security by Design means embedding security into the architecture
ot
from the beginning.

ell N • It ensures that security is not just an add-on but a core part of the
system.

orn • This approach is more efficient, cost-effective, and results in fewer

C vulnerabilities compared to retrofitting security measures.

• Security Architecture involves securing all components of a system or enterprise.

• Enterprise Security Architecture secures all organizational elements based on their value.
• Engineering Life Cycle includes multiple phases where security should be incorporated from the
beginning.
• Security by Design ensures security is embedded throughout the architecture, resulting in stronger,
more resilient systems.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Determining Appropriate Security Controls - 1
• Risk Management Process
• Secure Design Principles
• Examples of Secure Design
Principles
• Frameworks and Methodologies
Risk Management Process
• Objective: Identify the most valuable assets and the risks to those
assets.
• Outcome: Determine appropriate and cost-effective security controls.
• Application: Use the risk management process to evaluate potential
threats, vulnerabilities, and impacts on critical assets.
Secure Design Principles
• A secure system can be designed using various frameworks, models, or
methodologies.

on
• Flexibility: There is no single framework that mandates a specific design;

ti
rather, multiple principles can be applied depending on the context.
u
tr i b
Examples of Secure Design Principles
D is
1.Threat Modeling
t for
No
• Systematically identify, enumerate, and prioritize threats.

a,
• Helps in understanding potential attack vectors and mitigating
them effectively.
h
2.Least Privilege Na
•
eet
Users and systems should have the minimum level of access
j
bha
necessary to perform their functions.

Su
• Limits potential damage in case of a breach.
l
3.Defense in Depth

y Co• Use multiple layers of security controls to protect assets.

B • If one control fails, others provide additional protection.

I SSP 4.Secure Defaults

• Default configurations should be secure out of the box.
r C Reduces the risk of vulnerabilities due to misconfigurations.
fo •

es 5.Fail Securely

ot • Systems should fail in a secure manner, preserving security

ll N
integrity.

rn e • Example: If an error occurs, it should not expose sensitive

C o data.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Determining Appropriate Security Controls -2
• Risk Management Process
• Secure Design Principles
• Examples of Secure Design
Principles
• Frameworks and Methodologies
6. Separation of Duties
• No single individual should have control over all aspects of any
critical function.
• Prevents fraud and errors by distributing responsibilities.
7. Keep it Simple and Small
• Simpler designs are easier to secure and less prone to
vulnerabilities.
• Avoid unnecessary complexity.
8. Zero Trust or Trust but Verify

on
• Assume all users and devices are untrusted until proven
otherwise.
uti
• Regularly verify and monitor access controls.
tr i b
9. Privacy by Design
D is
for
• Incorporate privacy considerations into the design and
architecture of systems.
t
No
• Ensure that personal data is protected from the outset.

a,
10. Shared Responsibility
h
Na
• Security is a collective responsibility between service
providers and customers.
•
eet
Particularly relevant in cloud environments where both parties
j
bha
share security duties.

Su
11. Secure Access Service Edge (SASE)
l
• Combines network security functions with wide area

y Co networking capabilities.
B • Provides secure access to cloud services, applications, and

SP
data.

CI S Frameworks and Methodologies

for • Examples: NIST, ISO 27001, COBIT, etc.

es • The chosen framework should align with organizational goals, regulatory

ot
requirements, and risk tolerance.

ll N
• Security controls should be selected based on the value they provide

rn e relative to the cost of implementation and maintenance.

C o

• The risk management process is crucial for identifying valuable assets and determining
appropriate security controls.
• Multiple secure design principles exist, and they can be adapted based on the specific context
and requirements.
• A flexible approach using various frameworks and methodologies ensures a comprehensive and
effective security architecture.
• Principles like least privilege, defense in depth, and zero trust are fundamental to a robust
security design.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Secure Defaults, Fail Securely, and Keep It Simple and Small
Secure Defaults
• Secure Defaults
• Definition: Systems should be configured with security as the default
• Fail Securely setting to avoid easy compromises.
• Keep It Simple and Smal
• Example: An operating system that allows an administrator account to
exist with no password can easily be exploited. Default configurations
should always include strong security measures like requiring
passwords for admin accounts.
• Key Point: Secure default settings minimize the risk of system
exploitation due to overlooked configurations.

on
Fail Securely
•
u ti
Definition: When a system or its components fail, they should do so in
a way that doesn’t compromise security.
tr i b
Example: A safe with an electronic lock should remainis
r D its contents.
• locked if the
building loses power, rather than opening and exposing
fo
tmalfunctions.
•
o
Key Point: Secure failure mechanisms ensure that a system remains

,N
protected even under adverse conditions or
Keep It Simple and Small
h a
a
•
e t N andofoperational
Definition: Reducing the complexity systems helps in minimizing
je
potential security vulnerabilities issues.
• Benefits:
b ha
• u Attack Surface: Fewer components and
SSmaller
l
C•o Less Errors and Vulnerabilities: Simpler systems are
interactions reduce points of vulnerability.
y
PB
easier to understand, test, and secure.

I SS • Simpler Testing: Fewer components and interactions

r C make it easier to identify and fix issues.

fo • Efficient Troubleshooting: Problems can be resolved
es faster when there are fewer complexities.

N ot • Example: Overly complex system designs can introduce

ell
misunderstood mechanisms, making configuration and maintenance

rn
more difficult and prone to errors.

C o • Key Point: Simplicity in design reduces the likelihood of vulnerabilities

and improves security posture and system maintainability.

• Secure Defaults: Systems should start with secure configurations to avoid easy compromises from
default settings.
• Fail Securely: Systems should be designed to maintain security integrity even when they fail.
• Keep It Simple and Small: Simplifying system design minimizes vulnerabilities, facilitates testing,
and improves troubleshooting efficiency.
• These principles are fundamental in creating secure and resilient systems, helping to mitigate risks
and prevent security breaches.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Zero Trust and Trust but Verify - 1
Zero Trust Model
• Zero Trust Model
• Trust but Verify Approach • Definition: Zero trust is a security concept that operates on the premise of
"trust nothing." It suggests that organizations should not automatically trust
• Zero Trust Principles anything inside or outside their perimeter. Instead, every access attempt
• Security Measures for Zero should be verified and authorized.
Trust • Application: Commonly applied in environments like cloud computing, where
• Challenges with Zero Trust network boundaries are fluid and dispersed.
• Techniques:
• Micro-segmentation: Dividing the network into smaller segments to
enforce stricter access controls.
• Granular Enforcement: Controlling access based on user identity,
t i on
location, and device state.
• Example: A device connected to the network should not be trusted r byi b
u
and must authenticate before accessing any resource. ist default

Trust but Verify Approach

fo rD
• Definition: An approach that emphasizes the need
o t for authentication and
N
verification even when some level of trust exists.
,completely
• Contrast to Zero Trust: While zero trust
but verify" involves building trust a
but
a
hcontinually verifying
distrusts all entities, "trust
it.
N
t needs towith
•
je etrust
Importance: Essential for environments reliance on third-party services

ha agreed-upon
and cloud providers where be constantly verified.
•
u b
Example: Using ongoing monitoring and audits to validate that a trusted

l S
vendor is maintaining security controls.

oYour
Zero Trust Principles
C
•
B y Know Architecture: Understand your users, devices, and services.

S P•• Know Identities: Verify the identities of users, devices, and services.

CIS
Check Health: Assess the security health of users, devices, and services

or
before granting access.

s f • Use Policies for Authorization: Apply strict policies to determine who/what

o te can access resources.

N • Authenticate Everywhere: Require authentication for every interaction.

rn ell • Monitor Devices and Services: Focus on tracking and logging device and
service activity.
C o • Don’t Trust Any Network: Treat all networks, including your own, as
potentially hostile.
• Select Zero Trust Solutions: Use services and solutions built with zero trust in
mind.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Zero Trust and Trust but Verify - 2

• Zero Trust Model Security Measures for Zero Trust

• Trust but Verify Approach • Strong User Authentication: Use multi-factor authentication (MFA) to verify
• Zero Trust Principles identities.
• Security Measures for Zero • Device Authentication: Validate device compliance before granting access.
Trust • Service Authorization: Use policies to control service access.
• Challenges with Zero Trust • Logging and Monitoring: Monitor all activities for anomalies and potential
threats.
• Policy-Based Access: Enforce strict access control based on pre-defined
policies.
• Example: Implementing MFA and device compliance checks before granting
t i on
access to corporate applications.
i bu
Challenges with Zero Trust
s tr
•
D i
Implementation Complexity: Requires a comprehensive understanding of the

or steps can slow

environment and granular control over access.
Performance Impact: Multiple authentication and f
•
o t verification
down processes.
N
, may frustrate users.
•
h alegacy
User Experience: Stricter security measures
•
systems and applications can N
Example: Implementing zero trust a in a IT environment with outdated

et
be challenging.

je
b ha
l Su
y Co
P B
I SS
C
for
tes
o
ell N
orn
C

• Zero Trust: Trust nothing, verify everything. Requires rigorous authentication, authorization, and continuous monitoring.
• Trust but Verify: Balances trust with continual verification through mechanisms like audits and monitoring.
• Zero Trust Principles: Focus on knowing, verifying, and securing identities, devices, and services.
• Security Measures: Strong authentication, device verification, and comprehensive logging are crucial for effective zero
trust implementation.
• Challenges: Implementing zero trust can be complex and may impact performance and user experience.
• Zero trust and "trust but verify" are essential approaches for modern security architectures, emphasizing the need for
rigorous and continuous verification to safeguard organizational assets.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Privacy by Design (PbD)
Definition
• Seven Foundational
Principles of PbD
• Integration of Privacy in
Architecture
• Privacy as Proactive and
Preventive
• Privacy as Default Setting
Privacy by Design - 1
Privacy by Design (PbD) Definition
• Definition: Privacy by Design is the concept that privacy should be incorporated
into networked systems, technologies, and processes by default, and not as an
afterthought. It is embedded into the architecture of a system from its inception.
• Implementation: Achieving privacy involves integrating appropriate security
controls into the design and functionality of an architecture, making privacy an
intrinsic part of any system or process.
Seven Foundational Principles of PbD
1.Privacy as Proactive and Preventive:
• Focus: Anticipate and prevent privacy issues before they occur.
• Example: Implementing data minimization techniques during system

on
• Privacy Embedded into design to limit the collection and storage of personal data.
Design •
emerge.
uti
Key Point: PbD is not reactive; it addresses privacy risks before they
• Full Functionality of Solutions 2.Privacy as Default Setting:
tr i b
•
End-to-End Security
Visibility and Transparency
•
D is
Focus: Ensure that privacy is the default setting in all systems and

for
processes.
Respect for User Privacy • Example: Applications should be configured by default to require the
t
No
least amount of personal data from users.
• Key Point: Users should not have to take action to protect their

a,
privacy; it should be inherent in the system.
h
Na
3.Privacy Embedded into Design:
• Focus: Embed privacy into the design, development, and deployment

jeet
of systems.

ha
• Example: Incorporating encryption and access controls during the
initial development phase of an application.
b
Su
• Key Point: Privacy is a core feature of the system, not an add-on.
l
4.Full Functionality within a Given Solution:

y Co• Focus: Provide solutions that offer full functionality without requiring
a trade-off between privacy and security.
B • Example: Designing a data-sharing application that allows secure

I SSP •
data exchange without compromising user privacy.
Key Point: Achieve a balance that meets both privacy and

r C organizational needs.
fo 5.End-to-End Security:

es • Focus: Implement strong security measures throughout the data

ot lifecycle.

ll N
• Example: Using encryption for data at rest and in transit, and

rn e •
securely disposing of data when no longer needed.
Key Point: Protect data from creation to deletion, ensuring privacy is

C o maintained at every stage.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Privacy by Design - 2
• Privacy by Design (PbD)
Definition
• Seven Foundational
Principles of PbD
• Integration of Privacy in
Architecture
• Privacy as Proactive and
Preventive
• Privacy as Default Setting
6. Visibility and Transparency:
• Focus: Make processes and systems transparent to users, allowing them to
understand how their data is being handled.
• Example: Providing clear privacy policies and options for users to view, update,
or delete their personal information.
• Key Point: Build user trust through openness and accountability.
7. Respect for User Privacy:
• Focus: Treat user data with the utmost respect and care, prioritizing user-centric
privacy measures.
• Example: Offering clear consent options and allowing users to easily manage
their privacy settings.
• Key Point: The system should be designed to respect and uphold user privacy
preferences and rights.

on
• Privacy Embedded into Integration of Privacy in Architecture
Design
ti
• Integration: Privacy should be a priority in all organizational and project goals, becoming an
u
b
essential part of design activities and planning.
• Full Functionality of Solutions
tr i
• Implementation: Embed privacy into every standard, protocol, and process that involves

•
End-to-End Security
Visibility and Transparency
D is
handling personal data, ensuring compliance with privacy laws and regulations.
• Key Point: Privacy is not just a technical requirement; it must be a fundamental

for
organizational value.
Respect for User Privacy
Privacy as Proactive and Preventive
t
No
• Approach: Design systems to anticipate and prevent privacy breaches before they happen.

a,
• Example: Regularly updating security measures and privacy settings in response to
evolving threats and vulnerabilities.
h
Na
Privacy as Default Setting

et
• Application: Privacy should be the standard, not an option. Users should have their data
protected without having to adjust settings or opt-out of data collection.
je
ha
• Example: Social media platforms setting profiles to private by default and allowing users to
opt-in to sharing.
b
Su
Full Functionality of Solutions

l
• Balance: Aim to create solutions that do not compromise on usability, security, or privacy.

Co
• Example: Designing multi-factor authentication (MFA) systems that provide strong security
while maintaining ease of use.

By End-to-End Security

SP
• Lifecycle Protection: Implement controls that secure data from creation to destruction,
ensuring there are no gaps in security coverage.

CI S • Example: Using secure deletion methods for sensitive data that is no longer needed.

for Visibility and Transparency

• Transparency: Ensure that all data handling processes are visible and understandable to

es users and stakeholders.

ot
• Example: Publishing transparency reports that outline how user data is collected, used,

ll N
and protected.
Respect for User Privacy

rn e • User-Centric Design: Prioritize user needs and preferences, making it easy for them to

C o control their personal information.

• Example: Providing a dashboard for users to manage their consent and data sharing
preferences.

• Privacy by Design (PbD) ensures privacy is built into systems and processes from the start, focusing
on proactive and preventive measures.
• Seven Principles include embedding privacy, ensuring it is the default, maintaining full functionality,
and respecting user privacy throughout the data lifecycle.
• Implementation requires strong security measures, transparency, and a commitment to treating
user data with care.
• Key Focus: PbD should be integral to the organization's culture, policies, and technologies to protect
user data effectively and maintain trust.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Shared Responsibility
• Cloud and Third-Party
Reliance
• Shared Responsibility Model
• Accountability vs.
Responsibility
• Importance of Clear
Communication
• Contracts and Agreements
Cloud and Third-Party Reliance
• Context: The adoption of cloud services and third-party providers has become a critical
part of business operations worldwide. This trend has shifted some traditional
responsibilities from internal IT departments to external cloud service providers.
• Example: An organization using an IaaS model for hosting its applications on a cloud
platform relies on the cloud provider for infrastructure security, while the organization itself
manages application security.
Shared Responsibility Mod el
• Definition: In the cloud, the responsibility for security is shared between the cloud provider
and the customer, depending on the type of cloud service model being used—SaaS, PaaS,
or IaaS.
• Breakd own:

on
• IaaS (Infrastructure as a Service): The provider is responsible for the

i
infrastructure's security, while the customer handles the security of the data,
applications, and user access.
ut
•
r i b
PaaS (Platform as a S ervice): The provider manages the platform security, and

t
s
the customer is responsible for securing the applications built on the platform.
•
D i
SaaS (Software as a Service): The provider manages most of the security

for
controls, while the customer focuses on user data, access, and configuration
settings.
t
No
Accountability vs. Responsibility
• Accountability: Always remains with the cloud customer; they are ultimately accountable

a,
for ensuring their data and systems are protected, regardless of the cloud deployment
model.
h
Na
• Responsibility: Divided based on the service model. Responsibilities can be shared or

et
solely managed by the customer or the provider.
•
je
Key Point: Even when responsibility for certain aspects is transferred to the provider, the

ha
customer remains accountable for the security of their data.

b
Importance of Clear Communication
•
l Su
Expectation Setting: Both parties must have a clear understanding of who is responsible

Co
for what to avoid any gaps in security. This involves explicitly stating roles and
responsibilities in service agreements.

By • Example: Clearly defining who manages incident response for data breaches in a cloud
environment can prevent confusion and ensure timely action.

I SSP Contracts and Agreements

• Need for Clarity: Clear contracts such as Service Level Agreements (SLAs) and Service

r C Level Requirements (SLRs) should outline the security expectations, roles, and

fo responsibilities of both parties.

es • Com ponents: Contracts should include details on:

ot
• Security controls to be implemented by both parties.

ll N
• Incident response procedures.
• Data ownership and protection standards.

rn e • Compliance with regulatory requirements.

C o Policies, Procedures, and Controls

• Implementation: Once responsibilities are defined, they need to be enforced through well-
documented policies and procedures that both the customer and the provider follow.
• Example: A cloud service provider might be responsible for encryption at rest, while the
customer ensures that encryption keys are securely managed.

• Shared Responsibility Model: Defines how security responsibilities are divided between the cloud
provider and the customer based on the cloud service model (IaaS, PaaS, SaaS).
• Clear Communication: Essential for defining expectations and responsibilities to avoid security
gaps.Accountability: Always lies with the customer, even when certain responsibilities are handled by
the provider.
• Contracts and Agreements: SLAs and SLRs should clearly state the roles, responsibilities, and security
expectations for both parties.
• Policies and Procedures: Must be well-documented and implemented to enforce shared responsibilities
effectively.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 The Cyber Kill Chain -1
• Cyber Kill Chain Overview
• Reconnaissance
• Weaponization
• Delivery
• Exploitation
• Installation
• Command and Control
• Actions on Objectives
Cyber Kill Chain Overview
• Definition: The Cyber Kill Chain is a model developed by Lockheed Martin that
describes the stages of a cyber attack. It helps defenders understand and break
down the attack process into identifiable and actionable stages to prevent
successful attacks.
• Purpose: By identifying and disrupting any link in the chain, security
professionals can potentially prevent an attack from succeeding.
• Key Point: Understanding each stage allows for better detection, prevention, and
response strategies.
Reconnaissance
• Description: The attacker identifies and gathers information about the target to

on
find potential vulnerabilities. This step involves passive or active methods to

ti
collect data such as network information, email addresses, usernames, and
technology stack.
u
tr i
• Example: Scanning a company's website for open ports or using socialb
engineering to gather employee information.
D is
for
• Key Point: Early detection in this phase can prevent attackers from gathering
valuable information.
t
No
Weaponization

a,
• Description: The attacker creates a malicious payload, such as a virus or exploit,
to target the vulnerabilities identified during the reconnaissance phase.
h
Na
• Example: Creating a phishing email with a malicious attachment designed to

et
exploit a software vulnerability.

je
• Key Point: Security tools like sandboxing and malware analysis can identify and

ha
neutralize weapons at this stage.
b
Su
Delivery

l
• Description: The attacker sends the payload to the target. Common methods

Co
include phishing emails, malicious websites, or exploiting network

By vulnerabilities.
• Example: Sending a malicious email attachment or link to a target employee.

I SSP • Key Point: Effective email filtering, secure browsing, and user training can
mitigate delivery risks.

r C Exploitation
fo • Description: The malicious code is executed on the target system, exploiting the
es vulnerability to gain unauthorized access.
ot • Example: An employee opens a malicious attachment, triggering the execution

ll N
of the exploit on their system.

rn e • Key Point: Endpoint protection and intrusion detection systems can detect and

C o block exploitation attempts.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 The Cyber Kill Chain - 2
Installation
• Cyber Kill Chain Overview • Description: The attacker installs malware on the compromised system to
• Reconnaissance maintain persistence and facilitate further actions.
• Weaponization • Example: Installing a backdoor or remote access tool (RAT) on the compromised
• Delivery machine.
• Exploitation • Key Point: Regular system scans and application whitelisting can help prevent
• Installation unauthorized installations.
• Command and Control Command and Control
• Actions on Objectives • Description: The attacker establishes a remote control channel to communicate
and control the malware within the target’s environment.

on
• Example: The malware connects to a command and control (C2) server to
receive instructions from the attacker.
uti
b
• Key Point: Network monitoring and anomaly detection can help identify and
block C2 communications.
tr i
Actions on Objectives
D is
for
• Description: The attacker performs their final objective, which could include

t
data exfiltration, system destruction, or encrypting files for ransom.

No
• Example: Stealing sensitive data or deploying ransomware to encrypt the target’s

a,
files.

h
• Key Point: Implementing robust data loss prevention (DLP) and incident

Na
response procedures can help mitigate the impact of these actions.

jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Cyber Kill Chain: A structured approach to understanding the stages of a cyber attack, helping
organizations to detect and prevent attacks effectively.
• Breaking the Chain: Disrupting any stage in the kill chain can prevent the attack from progressing
and achieving its objectives.
• Proactive Defense: By focusing on reconnaissance and weaponization stages, organizations can
prevent attacks before they even begin.
• Comprehensive Security: Requires addressing all stages with appropriate controls, monitoring, and
response strategies.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Definition of a Model
• Definition of a Security Model
• Importance of Security
Models
• Examples of Security Models
• Relevance of Security Models
Today
Security Models
Definition of a Model
Model: A representation or abstraction of something real, often used to simplify
complex systems or concepts.
Purpose: Models help in visualizing, understanding, and designing complex systems
or concepts by providing a simplified framework.
Definition of a Security Model
• Security Model: A conceptual representation of what security should look like
in an architecture being built.
• Purpose: Security models provide the foundational principles and rules that
guide the implementation of security within an architecture.
Importance of Security Models
• Foundation for Security: They define how core security principles like

on
confidentiality, integrity, and availability should be integrated into systems.
• Consistency: Security models ensure a standardized approach to
implementing security across different systems and architectures.
uti
•
tr i b
Guidance: They serve as a guideline for designing security controls and
mechanisms to protect information assets.
D is
for
Security Models
• Bell–LaPadula Model:
t
No
• Focus: Confidentiality.

a,
• Key Principle: No read-up, no write-down (ensures that users do not
read data at a higher classification level than they are cleared for and
h
Na
do not write data to a lower classification level).
• Biba Model:
•
jeet
Focus: Integrity.

ha
• Key Principle: No write-up, no read-down (prevents data corruption
by ensuring that users cannot write information to a higher integrity
b
Su
level and cannot read information from a lower integrity level).
•
l
Clark–Wilson Model:

y Co•
•
Focus: Integrity.
Key Principle: Uses well-formed transactions and separation of
B duties to enforce data integrity.

I SSP • Brewer–Nash (Chinese Wall) Model:

• Focus: Conflict of Interest.

r C • Key Principle: Prevents conflict of interest by ensuring that users do

fo not access conflicting sets of information.

es Relevance of Security Models Today

ot • Timeless Principles: While technology evolves, the core security principles

ll N
outlined by these models remain relevant and applicable.

rn e • Modern Application: The fundamental rules of confidentiality, integrity, and

conflict of interest management are still essential in today's security

C o •
landscape.
Adaptability: These models can be adapted to modern security frameworks
and systems to ensure robust security design.

• Security Models: Represent conceptual frameworks for implementing core security principles like
confidentiality and integrity in systems and architectures.
• Examples: Bell–LaPadula, Biba, Clark–Wilson, and Brewer–Nash models are foundational to
understanding and implementing security.
• Relevance: Despite being developed decades ago, these models continue to provide the basis for
modern security architectures, proving their enduring value and applicability.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Importance of Security in
Architecture
• Breaking Down the
Architecture
• Securing Individual
Components
• The Weakest Link Principle
• Value-Driven Security
Concept of Security
Importance of Security in Architecture
• Protection of Architecture: Security is fundamental to ensuring the integrity,
confidentiality, and availability of an entire architecture.
• Objective: To safeguard the architecture against potential threats and
vulnerabilities that could compromise the system.
Breaking Down the Architecture
• Component Analysis: The architecture must be divided into its individual
components, such as hardware, software, networks, and data.
• Detailed Evaluation: Each component should be evaluated independently to
identify specific security requirements and potential vulnerabilities.
Securing Individual Components
t i on
• Tailored Security: Security measures should be customized for each
i bu
s tr
component based on its role, value, and criticality within the architecture.
• Examples: i
•
o rD
Hardware: Physical security, anti-tampering mechanisms.
Software: Secure coding practices, patchfmanagement.
•
o tsystems.
Data: Encryption, access control N
• Network: Firewalls, intrusion detection
•
a , mechanisms.
The Weakest Link Principle
a h
Non the
Concept: A chain is only aststrong
•
je e
the entire system is dependent
as its weakest link, meaning the security of
security of its most vulnerable
component.
a only needs to compromise the weakest link to
hattacker
• Implication: Anb
u access to the entire system.
S
potentially gain
l
•
y Colinks.
Action:
weak
Constantly monitor and strengthen all components to avoid having any

B
S P•
Value-Driven Security

CI S Value-Based Approach: The degree of security applied to each component

should correlate with its value to the organization.

for • Cost-Effectiveness: Resources should be allocated efficiently to secure high-

s value components while avoiding unnecessary expenditure on lower-value

ote
elements.

ll N
• Example:

rn e • High-Value Components: Critical databases containing sensitive

customer information may require robust encryption and strict

C o •
access control.
Lower-Value Components: Publicly available information might not
need stringent security measures.

• Security in Architecture: Effective security requires breaking down the architecture into
components and securing each one based on its unique requirements.
• Weakest Link Principle: The overall security of a system is determined by its weakest component,
highlighting the need for comprehensive security across all elements.
• Value-Driven Approach: Security efforts should focus on protecting components according to their
value, ensuring a cost-effective and strategic allocation of resources.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Enterprise Security Architecture
• Definition of Architecture and
Security Architecture
• Frameworks for Enterprise
Security Architecture
• Zachman Framework
• Sherwood Applied Business
Security Architecture (SABSA)
• The Open Group Architecture
Framework (TOGAF)
Definition of Architecture and Security Architecture
• Architecture: A structured group of components that work together to achieve a
particular function or objective.
• Security Architecture: The practice of breaking down a system into its individual
components and protecting each based on its value and associated risks. This approach
ensures the security of the overall system by addressing the security needs of each part.
Frameworks for Enterprise Security Architecture
• Purpose: Frameworks serve as guidelines for implementing a structured and consistent
approach to securing an enterprise architecture.
• Common Frameworks: Zachman, SABSA, and TOGAF are three widely used frameworks
in enterprise security architecture.
Zachman Framework
• Overview: An older model, developed in the 1970s, focusing on the classification and
ti on
organization of enterprise security.
Key Approach: Uses basic questions such as how, where, who, when, andi b
u
•
s t r why to
structure feedback from various company teams like designers, owners,
i architects,

r Dmaking it less suitable

strategists, engineers, and operators.

for dynamic, modern IT environments where more flexibilityo

Limitation: Primarily focuses on classification and organization,
f
•
required.
o t and responsiveness are

,N
Sherwood Applied Business Security Architecture (SABSA)
Overview: A newer framework adopted in a
•
a h architecture risk.
within IT functions and addressing security
1995, SABSA focuses on embedding security

• Key Features:
et NAllows organizations to focus on security risks specific
•
h aje
Risk-Based Approach:
to their business.
•
to u
b and Implementation: Open-source, scalable, and relatively easy
Scalability
S
• ol Compliance Facilitation: Helps organizations align their security architecture
implement.

y C with compliance requirements.

B • Response Prioritization: Assists in prioritizing responses to security incidents

SPThe Open Group Architecture Framework (TOGAF)

based on risk levels.

CI S
or
• Overview: Emphasizes resource efficiency and cost minimization while providing a

s f structured approach to enterprise architecture.

o te • Key Features:

N • Modular Structure: Allows organizations to adopt and implement the

ell
framework in parts, making it more adaptable.

rn
• Consistency: A content framework that ensures a consistent approach

C o •
across various architectural components.
Flexibility: A style that accommodates different architectural needs,
providing flexibility in how security is integrated.

• Security Architecture: Involves protecting each component of an architecture based on its value, ensuring
comprehensive security.
• Frameworks: Various frameworks like Zachman, SABSA, and TOGAF provide structured approaches for
implementing enterprise security architecture.
• Framework Comparison:
• Zachman: Focuses on classification and organization, suitable for static environments.
• SABSA: Risk-based, scalable, and compliance-friendly, making it versatile for modern IT needs.
• TOGAF: Emphasizes resource efficiency and flexibility, ideal for complex and modular architectures.
• Choosing the Right Framework: Organizations should choose the framework that best aligns with their security
requirements, business goals, and IT environment dynamics.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Definition and Purpose of
Security Models
• Types of Security Models
• Lattice-Based ModelsRule-
Based Models
• Key Lattice-Based Models:
Bell–LaPadula, Biba
• Key Rule-Based Models:
Clark–Wilson, Brewer–Nash
Security Models
Definition and Purpose of Security Models
• Security Models: Representations or frameworks defining the rules and principles that must be
implemented to achieve specific security objectives within an architecture.
• Purpose: To provide a structured approach to implementing security controls that address
different aspects of the CIA triad (Confidentiality, Integrity, Availability).
Types of Security Models
• Lattice-Based Models: These models use layers or levels to define security. They are structured
like a ladder, representing different layers of security that need to be navigated to meet security
requirements.
• Rule-Based Models: In these models, specific rules dictate how security is enforced, regardless
of layers. They focus on the interactions and rules that govern access control and data
management.
Lattice-Based Models
•
level or layer has specific rules and constraints.
ti on
Characteristics: Layered, hierarchical structures that use levels to define security protocols. Each

• Examples:
i bu
• Bell–LaPadula Model:
str
• Focus: Confidentiality.
D i
for
• Main Rule: “No Read Up, No Write Down” – Subjects at lower levels cannot
access information at higher levels.
t
No
• Application: Commonly used in military and government contexts to
prevent unauthorized access to classified information.
• Biba Model:
h a,
Na
• Focus: Integrity.

et
• Main Rule: “No Write Up, No Read Down” – Subjects at lower integrity
levels cannot modify information at higher levels and cannot read from

je lower integrity levels.

bha • Application: Ensures data integrity by preventing corruption from lower

levels.

Su
Rule-Based Models
l
Co
• Characteristics: Use specific rules that define how security controls are implemented, focusing
on relationships and permissions between entities.

By • Examples:

SP
• Clark–Wilson Model:

CI S •
•
Focus: Integrity.
Main Rule: Enforces well-formed transactions and separation of duties.

for • Application: Often used in commercial environments to enforce data

consistency and integrity.

es
ot
• Brewer–Nash (Chinese Wall) Model:
Focus: Conflict of interest.

ll N
•
• Main Rule: Prevents users from accessing conflicting information, ensuring

rn e there is no conflict of interest.

o
• Application: Commonly used in financial and consultancy firms to prevent

C conflicts of interest by restricting access to sensitive information.

Key Differences Between Lattice-Based and Rule-Based Models
• Lattice-Based: Focuses on hierarchical layers with strict levels of access and control. Layers
dictate security enforcement.
• Rule-Based: Relies on explicit rules and conditions to determine access control, independent of a
hierarchical structure.

• Security Models: Provide structured frameworks for implementing security principles within an organization.
• Lattice-Based Models: Focus on hierarchical layers, with Bell–LaPadula ensuring confidentiality and Biba ensuring
integrity.
• Rule-Based Models: Depend on explicit rules to enforce security, with Clark–Wilson focusing on integrity through
well-formed transactions and Brewer–Nash preventing conflicts of interest.
• Choosing a Model: Organizations should select a security model based on the specific security requirements and
the nature of the data and operations being protected.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layer-Based Models
Definition and Characteristics of Layer-Based Models
• Definition and • Layer-Based Models: Also referred to as lattice-based models, these models use a
layered structure to define and enforce security requirements. They focus on different
Characteristics of Layer- "layers" or "levels" of security that must be managed and controlled to protect
information.
Based Models • Characteristics:
• Bell–LaPadula Mode • Structured in a way that layers can intersect, creating a grid or lattice.
• lBiba Model • Each layer has specific security rules and restrictions that must be followed.
• Applicable in scenarios where multiple layers of security are necessary to
• Lipner Implementation protect data.
• Layer-Based vs. Lattice- Bell–LaPadula Model
Based Terminology • Focus: Confidentiality.
• Core Principle: “No Read Up, No Write Down.”
• No Read Up: Subjects at a lower security level cannot read data at a higher

on
security level.
•
security level.
uti
No Write Down: Subjects at a higher security level cannot write to a lower

•
r i b
Use Case: Military and government applications where preventing unauthorized access
t
s
to classified information is critical.
•
D i
Layer-Based Perspective: Each security level (e.g., Confidential, Secret, Top Secret)

for
represents a distinct layer. Access is restricted based on the subject's clearance level
relative to these layers.
Biba Model
t
• Focus: Integrity.
No
a,
• Core Principle: “No Write Up, No Read Down.”
•
h
No Write Up: Subjects at a lower integrity level cannot modify data at a higher

Na
integrity level.

et
• No Read Down: Subjects at a higher integrity level cannot read data from a
lower integrity level.
•
je
Use Case: Ensures data integrity in environments where data corruption or unauthorized

ha
modification must be prevented.
•
b
Layer-Based Perspective: Integrity levels (e.g., high integrity, low integrity) form layers

Su
that dictate how data can be accessed and modified based on the subject's integrity
level.
l
Co
Lipner Implementation
• Definition: Lipner is not a separate security model but rather an implementation that

By combines elements of both Bell–LaPadula (for confidentiality) and Biba (for integrity).
Purpose: To create a more comprehensive security framework that addresses both

SP
•
confidentiality and integrity by leveraging the strengths of both Bell–LaPadula and Biba.

CI S • Implementation Strategy:
• Combines Confidentiality and Integrity Controls: Uses the confidentiality

for controls of Bell–LaPadula and the integrity controls of Biba to create a hybrid
security solution.

es • Example: An organization that needs to protect both classified information

ot
(confidentiality) and ensure the accuracy and consistency of financial records
(integrity).

ll N
Layer-Based vs. Lattice-Based Terminology

rn e • Layer-Based: Refers to the hierarchical levels that must be navigated to apply security
controls.

C o • Lattice-Based: Emphasizes the grid-like structure formed by intersecting security levels,

representing both horizontal and vertical security constraints.
• Interchangeable Terms: While the terms are often used interchangeably, they both refer
to the same concept of implementing security controls across different levels or layers.

• Layer-Based (Lattice-Based) Models: Define security controls using hierarchical levels or layers, with specific rules
for each layer.
• Bell–LaPadula: Focuses on confidentiality, preventing unauthorized access to higher security levels.
• Biba: Focuses on integrity, ensuring data is not corrupted by lower integrity levels.
• Lipner Implementation: Combines the best aspects of Bell–LaPadula and Biba to create a more robust security
framework.
• Terminology: "Layer-based" and "lattice-based" are terms used interchangeably, both describing models that use
hierarchical layers to enforce security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Bell–LaPadula Model
• Bell–LaPadula Model
Overview
• Core Principles of Bell–
LaPadula
• Simple Security Property ("No
Read Up")
• *Star Property ("No Write
Down")
• Strong Star Property
Bell–LaPadula Model Overview
• Definition: The Bell–LaPadula Model is a layer-based or lattice-based security model
designed specifically to ensure confidentiality within an information system. It focuses
on preventing unauthorized access to sensitive information by establishing rules that
restrict how information can be read and written.
• Objective: To protect data by controlling information flow between security levels,
ensuring that higher security information is not disclosed to lower security levels.
Core Principles of Bell–LaPadula
• The model is built around three primary principles designed to enforce confidentiality.
• Each principle governs how subjects (users or processes) interact with objects (files or
data).

on
(Read/Write at Same Level) Simple Security Property ("No Read Up")
•
u t i
Definition: Also known as the "no read up" property, this principle dictates that a subject
at a lower security level cannot read an object at a higher security level.
tr i b
• Example:
s
If a user has a "Confidential" clearance, they cannot readiinformation labeled
r D that they are not
•

•
as "Secret" or "Top Secret."

t f o
This prevents users from accessing sensitive information
authorized to view.
o
•
a , N needs to be compartmentalized
Application: Used in environments where information

h
and access is restricted based on security clearance.
Star Property ("No Write Down")
N a
Definition: Also referred to as t
•
je
subject at a higher security e the "no write down" property, this principle states that a
level cannot write to an object at a lower security level.

h a
• Example:
u b
•
Slabeled as "Confidential."
A user with "Top Secret" clearance cannot write or add information to a file

• ol This prevents data from leaking to lower security levels where unauthorized
y C individuals could access it.
• B Application: Ensures that sensitive information does not get inadvertently or maliciously

SPStrong Star Property (Read/Write at Same Level)

disclosed to lower classification levels.

CI S
for • Definition: This property allows a subject to read and write only at their own security
level, but not at levels above or below.

tes Example:
o
•

ll N
• A user with "Secret" clearance can only read and write within the "Secret"
classification level and not access "Confidential" or "Top Secret" data.

rn e • Purpose: This principle is more restrictive and ensures that users cannot

o
manipulate data in a way that could bypass other security rules.

C • Application: Used in highly sensitive environments where strict adherence to security

levels is necessary for both read and write operations.

• Bell–LaPadula Model: Aims to enforce confidentiality by applying strict rules on how information can be accessed
and modified.
• Simple Security Property: Prevents lower-level subjects from accessing higher-level information ("no read up").
• Star Property: Prevents higher-level subjects from writing down to lower-level objects ("no write down").
• Strong Star Property: Restricts subjects to read and write only within their own security level, providing additional
security controls.
• Overall Purpose: Designed primarily for environments where confidentiality is the highest priority, such as military or
governmental settings.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Biba Model
Biba Model Overview
• Biba Model Overview • Definition: The Biba Model is a layer-based or lattice-based security model designed to
• Core Principles of Biba ensure data integrity within an information system. Unlike Bell–LaPadula, which focuses
on confidentiality, the Biba Model is concerned with maintaining the integrity, accuracy,
• Simple Integrity Property ("No and trustworthiness of data.
Read Down") • Objective: To prevent unauthorized modification of information by controlling how data
is read and written across different integrity levels.
• *Star Integrity Property ("No
Write Up") Core Principles of Biba
• Invocation Property • The model is structured around three core principles, each of which governs interactions
between subjects (users/processes) and objects (data/files) to ensure integrity.
• These principles are designed to prevent data corruption and unauthorized changes,
ensuring the reliability of the information.
Simple Integrity Property ("No Read Down")
t i on
• Definition: Also known as the "no read down" property, this principle dictates that
i b ua
subject at a higher level of integrity cannot read an object at a lower integrity
s tr level.

i
r Dread data from a "Low
• Example:
•
Integrity" file.
f o
A user or process with "High Integrity" clearance cannot

This prevents users from being influenced ortcorrupted by unreliable data.

•
Application: Useful in systems where it’s criticalN
o
a, environments, where lower integrity
• to maintain high levels of data

h
reliability, such as financial systems or research
a
data might contain errors or inconsistencies.
Star Integrity Property ("No Write Up")N
t
ethe "no write up" property, this principle states that a
Definition: Also referred to
je as

ha
•
subject at a lower integrity level cannot write to an object at a higher integrity level.
• Example: b
u with "Low Integrity" access cannot modify or add information to a "High
•
l SAIntegrity"
user
o document.
C contaminatingunreliable
B y • This prevents or potentially corrupted users/processes from
high-integrity data.

SP infrastructure, are not compromised by less trustworthy sources of information.

• Application: Ensures that critical systems, such as those in healthcare or critical

CI S
or
Invocation Property

s f • Definition: The invocation property states that a subject cannot request or send

o te •
information to an object or subject that is at a higher integrity level than itself.
Example:

ell N • A "Low Integrity" application cannot invoke or request services from a "High
Integrity" application.

orn • This prevents lower integrity subjects from influencing or compromising the
operations of higher integrity subjects.
C • Purpose: This property is designed to enforce strict controls over how processes
interact, preventing lower integrity levels from impacting or controlling higher integrity
operations.

• Biba Model: Focuses exclusively on ensuring data integrity by regulating how data is accessed and modified.
• Simple Integrity Property: Prevents subjects from reading down to lower integrity levels ("no read down"), ensuring
that high-integrity subjects are not influenced by low-integrity data.
• Star Integrity Property: Prevents subjects from writing up to higher integrity levels ("no write up"), safeguarding high-
integrity data from being contaminated.
• Invocation Property: Ensures that subjects at lower integrity levels cannot influence or send requests to higher
integrity subjects.
• Overall Purpose: The Biba Model is crucial in environments where the trustworthiness and accuracy of data are of
utmost importance, such as in medical, financial, or critical infrastructure systems.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Lipner Implementation
Overview of Lipner Implementation
• Overview of Lipner • Definition: The Lipner Implementation is not a distinct security model but rather an
Implementation approach to combining the principles of two established lattice-based models: Bell–
LaPadula (focusing on confidentiality) and Biba (focusing on integrity).
• Combining Bell–LaPadula
• Objective: To provide a comprehensive security framework that addresses both
and Biba Models confidentiality and integrity within the same system.
• Purpose and Benefits Combining Bell–LaPadula and Biba Models
• How Lipner Implementation
• Bell–LaPadula: Enforces confidentiality by preventing unauthorized reading or writing of
Works data based on sensitivity levels.
• Separation of Objects and • Biba: Ensures integrity by controlling how data is modified and accessed, preventing
Application data corruption.

on
• Lipner's Approach: By integrating both models, Lipner seeks to apply a unified set of
rules that govern both the confidentiality and integrity of data.
u ti
Purpose and Benefits
t r i b
•
is
Dual Protection: Achieves a balance between protecting data from unauthorized

r D by addressing
access (confidentiality) and ensuring its accuracy and trustworthiness (integrity).
•
t
multiple facets of data security within the same framework. f o
Comprehensive Security: Provides a more robust security posture

o
,N
How Lipner Implementation Works
• Separation of Data and Programs:
Data: Classified accordinga toh
a
Bell–LaPadula principles, focusing on the
N
•

etexecute
sensitivity and confidentiality of the information.

e
• Programs: Governed by Biba principles, ensuring that only trusted subjects

a j
can modify data and critical processes.
•
b h Levels: Applied to subjects
Application of Sensitivity Levels and Job Categories:

Sonu
• Sensitivity and objects to control access based

• ol Job Categories: Used to apply Biba’s integrity levels, restricting modifications

Bell–LaPadula’s “no read up” and “no write down” properties.

y C to data and ensuring only appropriate interactions between subjects and

B objects.

PSeparation of Objects and Application

I SS Objects: Data and programs are classified separately to apply the relevant security
C
•

r
controls more effectively.

fo Application: The combined principles are applied across the system to maintain a high
s
•

ote level of security by leveraging the strengths of both models.

Example:

ell N • Scenario: In a military information system, highly sensitive operational data needs to be

rn
protected from unauthorized access (confidentiality), while ensuring that only authorized

o
and trustworthy users can update or modify this information (integrity).

C • Solution: Using Lipner Implementation, Bell–LaPadula controls prevent lower-level

users from accessing high-level documents, while Biba controls prevent unauthorized
users from modifying the operational data.

• Lipner Implementation: Combines Bell–LaPadula’s confidentiality controls with Biba’s integrity controls, offering a
comprehensive security framework.
• Dual Focus: Provides security against unauthorized access (confidentiality) and unauthorized modifications
(integrity).
• Data and Programs: Treated separately, with sensitivity levels and job categories applied to ensure appropriate
controls.
• Practical Use: Effective in environments where both data confidentiality and integrity are paramount, such as
military, healthcare, and financial systems.
• Not a Standalone Model: Lipner is an implementation strategy that leverages two existing models to provide
enhanced security.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Rule-based Models
Overvi ew of Rule-based Models

Overview of Rule-based •Definition: Rule-based models e mploy a se t of pre defined rules to control interactions between subjects (users, processes)
and objects (files, data).
ModelsInformation Flow
•Purpose: These models aim to enforce se curity polic ie s by de fining how data should be acc esse d and modified based on
ModelsCovert ChannelsClark– specific rules, enhancing the integrity, confidentiality, and availability of data.

Wilson ModelBrewer–Nash •Applicati on: Used in scenarios where precise and well-defined access controls are necessary, such as financial systems or
government databases.
Model (Chinese Wall)
Inform ation Flow Models

•Definition: These models track the flow of information between different entities within a system, ensuring data moves only in
authorized ways.

•Purpose: They help to monitor and control how information is transferred between subjects and objects, preventing
unauthorized information leakage .

on
•Key Point: Information flow models are crucial for detecting and preventing covert channels.

Covert Channels

uti
violates the sec urity policy of a system.

tr i b
•Definition: Covert channels are uninte nde d communication paths that can be exploited to transfer information in a way that

•Types:

D is
for
• Storage Channels: Use shared storage areas to transfer information covertly (e.g., manipulating a file’ s
metadata).

t
• Timi ng Channels: Use the timing of operations to transmit information (e.g., varying response times).

No
•Example: An attacker using file creation timestamps to communicate with another system user without detection.

a,
Clark–Wilson Model

h
Na
•Focus: Integ rity

et
•Purpose: Ensures that data is modified only in authorized ways and by authorized subjects. This model is particularly relevant
in commercial systems where data integrity is c ritical.

je
ha
•Three Goals:

b
• Prevent Unauthori zed Users from making modifications.

Su
• Prevent Authorized Users from making improper modifications.

l
• Maintain Internal Consistency of the data.

Co
•Three Rules:

By •
•
Well-form ed Trans actions: Ensures that only legitimate processes c an modify data.
Separation of Duties: No single user has c omplete control over a transaction.

SP
• Audi t Trai l: All modifications must be logged and verified.

CI S •Example: In a banking system, a cashier can enter transactions, but only an accountant can approve them.

for Brewer–Nash Model (Chinese Wall)

es •Focus: Preventi ng Conflicts of Interest

ot
•Purpose: Prevents users from accessing conflicting information, thereby preventing conflicts of interest.

ll N
•Core Concept: A user with access to sensitive information in one area (e.g., a financial advisor to Company A) cannot access
sensitive information in a conflicting area (e.g., a financial advisor to Company B in the same sector).

rn e •How i t Works:

C o •
• User Profiles: Define what users can and cannot acce ss based on pre vious interac tions.
Dynamic Access Control: Access permissions change dynamically based on the user’s actions.

•Example: A consultant working with two competing companies cannot access the business strategies of both, thereby
avoiding potential conflicts of interest.

• Rule-based Models: Govern access using predefined rules, focusing on specific security goals like integrity or
preventing conflicts of interest.
• Information Flow Models: Track the flow of information to ensure data moves as intended, aiding in the detection of
covert channels.
• Covert Channels: Unintentional paths for unauthorized data transfer; must be mitigated to protect data integrity and
confidentiality.
• Clark–Wilson Model: Integrity-focused with rules to prevent unauthorized modifications and ensure data
consistency through well-formed transactions and separation of duties.
• Brewer–Nash Model: Prevents conflicts of interest by dynamically changing access based on user interactions,
ensuring sensitive information isCornell
not misused.
Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Information Flow Models
Definition of Information Flow Models
• Definition of Information Flow • Concept: Information flow models are designed to track and manage the
Models movement of data throughout its entire life cycle.
• Purpose of Information Flow • Function: They monitor the flow of information from its origin (creation or
Models collection), through its various states (storage, usage, dissemination), to its
final state (archiving or destruction).
• Application in Security
Models Purpose of Information Flow Models
• Importance in Vulnerability • Control Data Movement: By tracking information flow, these models help
Detection ensure that data moves only in authorized and secure ways.
• Data Life Cycle Management: Information flow models provide visibility into
how data is handled, shared, and stored throughout its life cycle.
•
ti on
Security Enforcement: They ensure that data flow adheres to security policies
and that unauthorized data flows are identified and blocked.
i b u
Application in Security Models
s tr
D i
•
lattice-based models like Bell–LaPadula and Biba.
o r
Basis for Security Models: Information flow models are foundational to

•
o t fflow of data to maintain
Bell–LaPadula: Focuses on controlling the

, Nflow maintains integrity.

confidentiality.
Biba: Concentrates on ensuring data
a
•
Layered Security: These models areh
•
requirements of each layer. t N
mechanisms, ensuring that data flowa used to create layered security
complies with the specific security

e e
Importance in VulnerabilityjDetection

b ha areChannels:
•
S u
Identification of
covert channels,
Covert
which
Information flow models can uncover
unintended communication paths that can be
exploitedl for unauthorized data transfer.
•
y Co Unauthorized Flows: By tracking data flows, these models can
Tracking

P BFlow Analysis: They help analyze data flow to ensure that information is not
identify anomalies that may indicate data leaks or breaches.

I SS being mishandled or transmitted in ways that could lead to vulnerabilities.

•

C Example:
for
tes • In an organization, an information flow model might track sensitive customer
data from when it is collected through a web form, stored in a database,
o processed for business analytics, shared with authorized users, and finally

ll N
archived or deleted according to data retention policies.

rn e
C o

• Information Flow Models: Essential for monitoring and controlling the movement of data
throughout its life cycle, ensuring adherence to security policies.
• Foundational Role: Serve as the basis for lattice-based models like Bell–LaPadula (confidentiality)
and Biba (integrity).
• Vulnerability Detection: Useful for identifying and mitigating covert channels and unauthorized data
flows, enhancing overall security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


Definition of Covert
ChannelsTypes of Covert
ChannelsExamples of Covert
ChannelsSecurity Implications
Covert Channels
Definition of Covert Channels
• Concept: Covert channels are unintentional communication paths that may lead to the
inadvertent disclosure of confidential information.
• Key Attribute: They are not designed or meant to exist but are instead accidental,
making them particularly dangerous as they can be overlooked.
Types of Covert Channels
• Storage Covert Channel:
• Occurs when storage capabilities are exploited in such a way that
confidential information is inadvertently disclosed.
• Example: Sensitive information is left in RAM after a process completes, and
other processes can access it.

on
• Timing Covert Channel:
•
ti
Involves exploiting the timing capabilities of a system to signal information.
u
•
of pizza deliveries indicated impending military action.
tr i b
Example: The "pizza index" during the Gulf War, where the timing and quantity

Examples of Covert Channels

D is
• Storage Covert Channel Example:
t for
No
• Scenario: A process writes sensitive data to RAM during its operation. After
the process ends, the sensitive data remains in memory. A new process that

a,
has access to RAM can unintentionally read this data.

h
• Implication: Other processes or users can unintentionally access and
a
possibly misuse sensitive information stored in memory.

N
• Timing Covert Channel Example:
Scenario: A web e t
•
je server’s response time varies based on whether a provided
a existing username can allow an attacker to infer valid
username exists or not. A shorter response for a non-existing username versus

b h
a longer one
usernames.
for an

•
S u Attackers can deduce valid usernames, making it easier to
Implication:

ol
launch further attacks like brute-forcing passwords.

C
• ByUnintentional Disclosure: Because covert channels are not intentionally created, they
Security Implications

S P can be overlooked, allowing sensitive information to leak unnoticed.

CI S • Compromised Confidentiality: The existence of covert channels can lead to breaches
of confidentiality, making sensitive data accessible to unauthorized entities.

for • Difficult to Detect and Mitigate: Since they are not part of the intended system design,

es covert channels are challenging to detect and often require specialized techniques for

ot
mitigation.

N
ell
Example of a Timing Covert Channel in History:

rn
• "Pizza Index" Incident:

C o • During Operation Desert Storm, journalists observed a spike in pizza deliveries

to the Pentagon, signaling an increase in personnel working late. This increase
indicated imminent military action, despite official secrecy.

• Covert Channels: Unintentional and inadvertent communication paths that can lead to the unintended
disclosure of sensitive information.
• Two Types: Storage and timing, each with its own way of exploiting system capabilities to leak
information.
• Security Implications: Covert channels can severely compromise confidentiality and are difficult to
detect and mitigate.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Clark–Wilson Model
Foc us of Clark–Wilson Model

• Focus of Clark–Wilson Model
• Goals of Integrity in Clark–
Wilson
• Rules for Achieving Integrity
• Comparison with Biba Model
• Conc ept: The Clark–Wilson model is a rule-based security model that focuses solely on integrity.
• Context: Unlike other mo dels, such as Biba, Clark–Wilson not only prevents unautho rized changes
but also ensures that authoriz ed subjects do not make incorrect or harmful modifications, an d it
maintains the consisten cy o f the system.
Goals of Inte grity in Cla rk–Wilson
1. Prevent Unauthorized Subjects f rom Making Changes :
• Expla nation: This goal ensu res that ind ividuals who are not auth orized to make
modifications canno t d o so.
• Exam ple: A user with out admin rights cann ot modify sy stem files.
• Relation to Biba: This is the on ly goal that the Biba model also addresses.
2. Prevent Authorize d Subjects from Making Bad Change s:

on
• Expla nation: Even if a user has permissio n, they should not be able to make changes that
would co rrupt or degrade system integrity.
•
perfor m u nauthorized transactions.
uti
Exam ple: An accountant can enter finan cial data but cannot alter previo us record s or

3. Maintain Consistency of the System :

tr i b
•
following specific rules for modifications.
D is
Expla nation: The system must ensur e th at d ata r emains accurate and consistent,

for
• Exam ple: Database con strain ts that enforce consistent and v alid data entr ies.

t
No
Rules for Achieving Inte grity

a,
Clark–Wilson achieves its integrity goals usin g three specific r ules:

h
1. Well-Formed Transac tions:

Na
• Definition: Transactions must be design ed so that they ensure data integrity and

et
consisten cy .

e
• Exam ple: An application on ly allows validated and ap proved entr ies to be submitted to a

j
database, p reventing inconsisten t o r invalid data.
•

bhaKey Point: This rule man dates that all operations per fo rmed on data must b e p roperly
autho rized and validated to pr event corruption.
2.
Su
Separation of Duties (SoD):

l
Co
1. Definition: No single individual shou ld be allowed to perform all critical fu nctions r elated
to a process.

By 2. Exam ple: On e emp loyee can initiate a fin ancial transaction, but another mu st appro ve it.

SP
3. Key Point: This rule r educes the risk of fraud and er ror by ensuring that tasks are div ided
among multiple peop le.

CI S 3. Access Triple (Subject–Program–Object):

r
1. Definition: Direct access to o bjects (data) is not allowed; subjects (u sers) must go

o
thro ugh an in termediary pr ogram that enfor ces access ru les.

s f 2. Exam ple: User s cannot dir ectly modify datab ase tables; instead , they must use an

ote 3.
application that enfor ces business rules and validation .
Key Point: This rule en sures that all actions taken on objects are co ntrolled and

ll N
monitored.

e
Comparison w ith Biba Model

orn • Biba Focus: Prevents unautho rized subjects from making chan ges (Goal #1).

C
• Clark–Wilson Focus: Prevents unautho rized and bad chan ges an d maintains system co nsistency
(Go als #1, #2, an d #3).
• Key Difference: Clark–Wilson offers a more compreh ensiv e ap proach to integrity by cover ing all
aspects, includ ing pr oper transactions, separation of duties, and controlled access.

• The Clark–Wilson model focuses on data integrity through three main goals: preventing
unauthorized changes, preventing harmful authorized changes, and maintaining system
consistency.
• It achieves these goals through three rules: well-formed transactions, separation of
duties, and the access triple model.
• Compared to the Biba model, Clark–Wilson provides a more complete and practical
approach to maintaining system integrity.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Brewer–Nash (The Chinese Wall) Model
• Purpose of the Brewer–Nash
Model
• Primary Goal: Conflict of
Interest Prevention
• Examples of Implementation
• Relation to Other Models
Purpose of the Brewer–Nash Model
• Concept: The Brewer–Nash model, also known as "The Chinese Wall," is an information
flow model designed to prevent conflicts of interest within an organization.
• Definition: The model restricts information flow between different subjects and objects
to ensure that access is only granted if it does not create a conflict of interest.
• Key Point: It focuses on controlling access based on the context of the information and
the user's role to avoid situations where conflicts of interest may arise.
Primary Goal: Conflict of Interest Prevention
• Goal: The Brewer–Nash model is primarily concerned with confidentiality and is
specifically designed to prevent conflicts of interest.

on
• Explanation: The model stipulates that users (subjects) can only access certain pieces

access.
u ti
of information (objects) if there is no potential for a conflict of interest to occur from such

•
r i
t in b
Example: A user who has access to sensitive financial information in one department,

another department, like Mergers and Acquisitions, if it could createis

such as Retail Investments, cannot simultaneously access related information

rD
a conflict of

o
interest.

t f
o
Examples of Implementation

,theNDevelopment team should not have

1. Development vs. Production Departments:
• Scenario: In a software company, a
h to avoid conflicts and prevent
a
access to Production environments

tN
unauthorized changes or tampering.
Implementation:e
•

Productiona
j
isolated accesse The Brewer–Nash model ensures these departments have
controls that prevent the Development team from influencing

b h vs.data.Mergers and Acquisitions:

2.
Su
Retail Investments
• l Scenario: In a bank, sensitive information regarding mergers in the M&A

y Co department could unfairly influence decisions in the Retail Investments

B department.

SP
• Implementation: Brewer–Nash enforces a “Chinese Wall” between these

CI S departments, preventing individuals from having access to both types of

sensitive information.

for Relation to Other Models

tes • Comparison with Bell–LaPadula:

o
ll N
• While both models address confidentiality, Bell–LaPadula focuses on
preventing unauthorized access based on security levels (e.g., “no read up, no

rn e write down”), whereas Brewer–Nash prevents conflicts of interest based on

the context of access.

C o • Key Difference: Brewer–Nash is unique in its focus on preventing conflicts of interest

rather than simply controlling access based on sensitivity levels. It takes into account
the potential for one department's knowledge to influence another department's actions,
thereby protecting the integrity and fairness of operations.

• The Brewer–Nash model, also known as "The Chinese Wall," is an information flow model designed to prevent
conflicts of interest within an organization by restricting information flow between subjects and objects based on
context and role.
• It is primarily concerned with confidentiality and is implemented to prevent situations where access to sensitive
information could create unfair advantages or conflicts between different departments.
• This model is particularly useful in environments such as banking or software development, where distinct teams
should not have overlapping access that could influence their actions or decisions.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Graham–Denning Model and Harrison–Ruzzo–Ullman Model
• Overview of Graham–Denning
Model
• Overview of Harrison–Ruzzo–
Ullman (HRU) Model
• Key Differences Between Graham–
Denning and HRU
• Classification of Security Models
Overview of Graham–Denning Model
• Concept: The Graham–Denning mod el is a rule-based se curity m odel that d efines a set of ru les for
how sub jects can interact with objects.
• Definition: It specifies a set of eight prim ary rules that d ictate the cond itio ns u nder which subjects
can:
• Create and d elete subjects an d objects.
• Read, gr ant, an d delete access rights.
• Transfer access rights between sub jects.
• Purpose: The mo del p rovides a framework fo r managing access rights in a secu re manner, ensuring
that op eration s on su bjects and o bjects are contr olled and predictable.
• Exam ple:
• In a file man agement system, the Graham–Denning mod el can d efine who has the right
to create, read , mod ify, or d elete a file (object), and which users (su bjects) have the
per mission to grant or r evoke these rights to others.

on
Overview of Harrison–Ruzzo–Ullm an (HRU) Model

i
• Concept: Like th e Grah am–Denning mod el, the HRU model is a rule-based se curity m odel bu t it

ut
focuses more on th e integrity of access rights and ex tends capabilities by allowing mo dification of

•
access r ights d ynamically.

tr i b
Definition: The HRU mod el u ses a finite se t of rule s to ed it and co ntrol the access rights of a subject

•
to an o bject.
Key Feature:
D is
for
• It introd uces the concep t of generic rights that can b e applied to gr oups, making it

t
easier to man age access controls for multiple su bjects at once.

No
• Purpose: The mo del p rovides a more dy namic and scalable way to manage access righ ts, allowing for
the ad justment of per missions as need ed while maintaining the integr ity of the access control system.

a,
• Exam ple:
•
h
In an enterp rise setting, the HRU mod el can b e used to assign "read " righ ts to a grou p of

Na
users called "Managers" for all documen ts in the "Repo rts" fold er. This simp lifies
access co ntrol managemen t compared to assigning r ights individ ually to each manager .

• Rule Structure:
j et
Key Diffe re nce s Be twee n Graham –Denning and HRU

e
ha
• Gra ham–Denning: Focuses on ind ividual access righ ts and operations on subjects an d

b ob jects.

Su
• HRU: Focuses on integrity and introd uces rules for m anaging generic rights for grou ps.
•
l
Scalability:

Co
• Gra ham–Denning: Best suited for environments where indiv idu al access control is

y
need ed.

B • HRU: Offer s b etter scalability throu gh th e use of gener ic rights, making it more suitab le

SP
for large-scale env iron ments.
• Focus Are a:

CI S • Gra ham–Denning: Primarily deals with the creation, de letion, and modific ation of
subjects an d objects.

for • HRU: Emph asizes o n maintaining the in tegrity of access r ights an d dy namically
managing per missions.

es Classification of Sec urity Models

ot
• Lattice-Based Models:

ll N
• Focu s on hierarch ical levels an d structur ed access con trol (e.g., Bell –LaPad ula for
confidentiality , Bib a fo r integrity ).

rn e • Rule-Based Models:

o
• Focu s on sp ecific ru les that mediate access between sub jects and ob jects.

C • Ex amples in clud e:
•
•
Gra ham–Denning: Focus on d etailed access contr ol op eration s.
HRU: Focus on managin g and modify ing access righ ts d ynamically with
supp ort for grou p rights.

• Both the Graham–Denning and Harrison–Ruzzo–Ullman models are rule-based security models used to
control access rights between subjects and objects.
• The Graham–Denning model is more basic, focusing on eight rules for managing access controls, while
the HRU model introduces the concept of generic rights for better scalability.
• Understanding these models is crucial for designing and implementing secure systems that require
precise access control and permission management.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Certification and Accreditation
Definition of Certificati on

• Definition of Certification
• Definition of Accreditation
• Purpose of Evaluation Criteria
• Concept: Certification is a comprehensi ve technical analysi s of a solution or product to confirm that it meets the
desired security requirements and needs of the organization.
• Purpose: It ensures that the solution meets specific securi ty standards before being implemented in an operational
environment.

Systems
• Key Evaluation Criteria Systems
• Differences between
Certification and Accreditation
• Example:
• An organization needs to select a firewall that meets their security requirements. Certification involves
evaluating different firewall products to see which one aligns with their needs in terms of security
features, performance, and compliance.
Definition of Accreditation
• Concept: Accreditation is the official management sig n-off on the certification for a set period of time, indicating that
the solution can be used within the organization.

• Purpose: This is a management decision to use a certified solution in the operational environment and accept the

on
associated risks.

• Example:

uti
b
• After certifying a firewall, management reviews the results and accredits it for use within the organization

r i
for 18 months. After this period, the certification and accreditation process is repeated to ensure
continued compliance and effectiveness.
t
Purpose of Evaluati on Criteria Systems

D is
for
• Objecti ve: These systems provide a way to independently and objectively evaluate the security capabilities of
vendor products. They help organizations make informed purchasing decisions based on standardized criteria rather
than vendor claims.
t
• Vendor and Consum er Benefit:
No
a,
• Vendors gain credibi lity and marketability when their products are evaluated and rated positively.
•
h
Consumers can compare products based on an independent assessment, ensuring that they choose

Na
solutions that truly meet their security needs.

et
Key Evaluati on Criteria Systems

1.
je
Trusted Computer System Evaluation Criteria (TCSEC)

ha
• Also known as the Orange Book, it is one of the earliest systems for evaluating the security of

b
computer systems.

Su
2. Inform ation Technology Security Evaluation Criteria (ITSEC)

l
Co
• The European equivalent of TCSEC, focusing on the evaluation of IT security.

3. Com mon Cri teria (ISO Standard 15408)

By • The most widely accepted and used evaluation criteria system today.

SP
• Evaluation As surance Levels (EALs ) range from EAL1 to EAL7, indicating the depth of testing and
assurance.

CI S • A firewall with an EAL4 rating would be considered more secure than one with an EAL3 rating.

r
Differences between Certification and Accreditation

fo • Certification:

es • Technical: Focuses on the detailed technical evaluation of a product or solution against predefined

ot
security requirements.
Who Performs ?: Usually performed by security professionals or independent evaluation bodies.

ll N
•
• Purpose: To confirm that a product or system meets the security needs of the organization.

rn e • Accreditation:

o
• Managerial: A formal approval by management to use the certified product or system in the ope rational

C
environment.
• Who Performs ?: Performed by management or asset owners, not by the security function.
• Purpose: To officially authorize the use of a certified solution for a defined period, accepting the
associated risks.

• Certification is a thorough technical analysis of a solution to ensure it meets security needs, while Accreditation is
the management's formal approval to use the certified solution for a specific period.
• Evaluation criteria systems like the Common Criteria provide a standardized method for assessing the security
capabilities of products, making it easier for organizations to select appropriate solutions.
• Certification and accreditation together ensure that solutions not only meet technical security requirements but are
also officially authorized for use, considering the organization's risk tolerance.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Evaluation Criteria (ITSEC and TCSEC) - 1
• Overview of Evaluation Criteria
Systems
• Orange Book/Trusted Computer
System Evaluation
• Criteria (TCSEC)Information
Technology Security Evaluation
Criteria (ITSEC)
• Key Differences between TCSEC
and ITSEC
Overview of Evaluation Criteria Systems
• Purpose: Evaluation criteria systems are measurement systems used to objectively
assess and compare the security capabilities of different products and solutions.
• Goal: To provide a standard method for evaluating and rating security solutions, helping
organizations make informed purchasing decisions based on verified criteria rather than
vendor claims.
Orange Book/Trusted Computer System Evaluation Criteria (TCSEC)
• Introduction: Known as the "Orange Book," it is the first evaluation criteria system,
published in the early 1980s by the US Department of Defense as part of the "rainbow
series."
• Focus: TCSEC measures only confidentiality and is not suitable for networked
environments. It evaluates the security of standalone systems.

• Importance of Evaluation Criteria
on
• Classification Levels:
•
•
uti
A1: Verified Design – The highest level with mathematically verified security.
B3: Security labels, verification of no covert channels, secure during start-up.
• B2: Security labels and verification of no covert channels.
tr i b
• B1: Security labels only.
D is
for
• C2: Strict login procedures.
• C1: Weak protection mechanisms.
t
No
• D1: Failed or was not tested (no security).
• Legacy: Although outdated and limited to confidentiality, TCSEC is still useful when
confidentiality is the primary concern.
h a,
Na
Information Technology Security Evaluation Criteria (ITSEC)
Introduction: Developed by Europeans as an extension and improvement of TCSEC to

et
•
address its shortcomings, especially for networked environments.
je
ha
• Focus: Measures both confidentiality and other security aspects like integrity and
availability. It works well in complex, networked environments.
b
Su
• Dual Ratings: ITSEC provides separate ratings for functionality and assurance:
•
l F Levels (Functional Levels): Similar to the Orange Book's approach to

Co
measuring functionality.

By • E Levels (Assurance Levels): Unique to ITSEC, these levels range from E0

(inadequate assurance) to E6 (formal end-to-end security tests and source

SP
code reviews).

CI S • Assurance Levels (E Levels):

• E6: Formal end-to-end security tests + source code reviews.

for • E5: Semi-formal system + unit tests and source code reviews.

es • E4: Semi-formal system + unit tests.

ot
• E3: Informal system + unit tests.

ll N
• E2: Informal system tests.
E1: System in development.
e
•

orn •
• E0: Inadequate assurance.
Advantages over TCSEC:
C •
•
Includes network environments.
Measures functional and assurance elements separately, offering a more
comprehensive evaluation.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Evaluation Criteria (ITSEC and TCSEC) - 2
• Overview of Evaluation Criteria
Systems
• Orange Book/Trusted Computer
System Evaluation
• Criteria (TCSEC)Information
Technology Security Evaluation
Criteria (ITSEC)
• Key Differences between TCSEC
and ITSEC
Differences between TCSEC and ITSEC
• Scope:
• TCSEC: Focuses solely on confidentiality and is suitable for standalone
systems.
• ITSEC: Encompasses multiple security aspects (confidentiality, integrity,
availability) and is designed for networked environments.
• Measurement:
• TCSEC: Uses a single scale from D1 to A1 for functionality.
• ITSEC: Uses separate scales for functionality (F levels) and assurance (E
levels).
Importance of Evaluation Criteria
• Vendor and Consumer Benefits:

on
• Importance of Evaluation Criteria
• Vendors can demonstrate their products' security capabilities through
standardized evaluation.
uti
•
objective evaluations.
tr i b
Consumers can make informed decisions based on independent and

•
is
Industry Standardization: Evaluation criteria systems like TCSEC and ITSEC (now
D
for
replaced by Common Criteria) provide a common language and standard for discussing
and comparing security features.
t
No
h a,
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• TCSEC (Orange Book) is the foundational evaluation criteria system focusing on confidentiality,
primarily for standalone systems, and is now considered limited and outdated.
• ITSEC improved upon TCSEC by including functional and assurance measurements, making it more
applicable to modern, networked environments.
• Understanding these systems helps organizations evaluate and choose appropriate security
solutions, fostering transparency and trust in security product capabilities.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Overview of Common Criteria
• Components of Common
Criteria
• Evaluation Assurance Levels
(EAL)
• Importance and Usage of
Common Criteria
• Implications of EAL Ratings
Common Criteria
Overview of Common Criteria
• Definition: Common Criteria (ISO 15408) is the most widely used evaluation
criteria system globally, designed to assess and certify the security
functionality and assurance of IT products.
• Purpose: Provides a trusted, independent, and standardized method for
evaluating the security properties of products.
• Global Recognition: Developed through collaboration among various
countries to create a universal measurement system applicable worldwide.
Components of Common Criteria
1. Protection Profile (PP):
• Lists the security requirements and capabilities for a specific
category of products (e.g., firewalls, IDS systems).
•
i on
Provides a standard framework for what features a product should
t
i bu
have, like 2FA, VPN capabilities, encryption standards, etc.
2. Target of Evaluation (TOE):

str
•
D i
The specific product being evaluated. For example, a firewall that a
vendor wants to certify according to Common Criteria standards.

for
3. Security Targets (ST):
•
t
A document created by the vendor describing how their product

No
meets the requirements in the Protection Profile.

a,
• Each security capability is scrutinized and evaluated against the
h
standards listed in the PP.
4. Evaluation Process:
Na
•
jeet
The process of assessing the TOE against the security targets and
protection profile.
•
bha
It produces documentation that helps potential consumers

Su
understand the security capabilities and weaknesses of the product.
5.
l
Assigning EAL Levels:

Co
• After evaluation, the product is assigned an EAL level from 1 to 7

By based on the thoroughness of the security controls.

Evaluation Assurance Levels (EAL)

I SSP •
•
EAL1: Functionally tested – Basic testing and documentation.
EAL2: Structurally tested – More structured testing, including design and

r C security documentation.

fo • EAL3: Methodically tested and checked – Testing with a focus on defined

es security functionality.

ot • EAL4: Methodically designed, tested, and reviewed – More rigorous design and

ll N
testing; most commonly used level.

rn e • EAL5: Semi-formally designed and tested – Advanced testing with some formal
analysis.

C o • EAL6: Semi-formally verified, designed, and tested – Extensive testing and

formal verification.
• EAL7: Formally verified, designed, and tested – The highest level, involving
formal mathematical and comprehensive analysis.

• Common Criteria is a globally recognized evaluation system that provides an objective,

standardized way to assess the security capabilities of IT products.It uses Protection
Profiles, Target of Evaluation, and Security Targets to evaluate and document the
security features of products.Evaluation Assurance Levels (EAL) range from 1 to 7,
with higher levels indicating more rigorous security, but also potential drawbacks in
complexity and cost.Common Criteria helps both vendors and consumers by offering a
trustworthy and transparent evaluation of security products, promoting industry trust
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
and confidence.

• Overview of Common Criteria
• Components of Common
Criteria
• Evaluation Assurance Levels
(EAL)
• Importance and Usage of
Common Criteria
• Implications of EAL Ratings
Common Criteria
Importance and Usage of Common Criteria
• Consumer Confidence: Provides a reliable standard that consumers can trust
when purchasing security products.
• Vendor Benefits: Helps vendors prove the security capabilities of their
products through an independent and standardized evaluation process.
• Documentation and Transparency: The evaluation process generates
extensive documentation that is valuable for both vendors and consumers.
Implications of EAL Ratings
• Not Always Better: Higher EAL ratings (e.g., EAL7) can indicate a more secure
but also more complex product that may be harder to manage and maintain,
potentially leading to increased risk.
• Market Acceptance: Products rated above EAL4 are often not practical for
most organizations due to complexity and cost.
ti on
• Configuration Flexibility: Vendors often produce products that can be
i bu
operated at different EAL levels to provide flexibility and reduce administrative
overhead.
str
•
D i
Static EAL Rating: Once a product is rated, the EAL level remains unless

for
significant changes are made. Minor updates and patches do not affect the
EAL rating unless re-evaluated.
t
No
h a,
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Common Criteria is a globally recognized evaluation system that provides an objective,

standardized way to assess the security capabilities of IT products.It uses Protection
Profiles, Target of Evaluation, and Security Targets to evaluate and document the
security features of products.Evaluation Assurance Levels (EAL) range from 1 to 7,
with higher levels indicating more rigorous security, but also potential drawbacks in
complexity and cost.Common Criteria helps both vendors and consumers by offering a
trustworthy and transparent evaluation of security products, promoting industry trust
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
and confidence.
 Security Control Frameworks
• Purpose and Role of Security
Control Frameworks
• Importance of Control Selection
• Major Security Control
Frameworks
• Application of Multiple
Frameworks
Purpose a nd Role of Security Control Fra meworks
• Definition: Security contr ol frameworks are str uctured sets of guid elines and best p ractices designed
to assist organ izations in selecting ap propriate security contr ols to protect their systems.
• Guidance for Control Se le ction: Fr amewor ks p rovide compr ehensive guid ance, helping
organizations deter mine the best security contro ls b ased on the value and risk associated with
different system compo nents.
• Risk Managem ent: Contr ol selection is fundamentally ro oted in risk management. The value of each
system compon ent and its associated r isk profile d rive the need for specific security contr ols.
Importance of Control Se le ction
• Value-Based Protec tion: Systems sh ould b e b roken d own into indiv idual comp onents, and contr ols
should be applied based on th e v alue and risk asso ciated with each compo nent.
• Compre hensive Security: Proper con trol selection en sures that all aspects o f a system are
adequ ately pro tected , redu cing vulnerabilities and enhancin g overall security posture.

on
• Mitigating Controls: Contr ols shou ld not on ly pro tect against identified risks but also prov ide
mitigation strategies for potential risks, ensurin g a balan ced security app roach.

uti
b
Major Security Control Frame works
1. ISO 27001/27002:
tr i
•
Information S ecu rity Management System (ISM S).
D is
ISO 27001: Fo cu ses o n establish ing, implementing, main taining, and improvin g an

for
• ISO 27002: Provides best practice recommendation s for information security

t
management, including guidelines on implementing specific security contr ols.

No
• Inte rna tional Recognition: ISO 27001/02 is globally recognized and widely adopted,

a,
making it a found ational framework for many organizatio ns.

h
2. NIST SP 800-53:

Na
• Dev eloped b y the Natio nal Institu te o f Standards and Techno logy (NIST).

et
• Pr ovides a catalo g of secur ity and priv acy con trols for federal in fo rmation systems and

e
organizations.

j
ha
• Includes comprehensive guidelines on implementing, assessing, and managing security
contro ls.
b
Su
3. COBIT:
•
l Focuses on governance and management of enterprise IT.

Co
• Helps organization s achieve their b usin ess goals by managing an d optimizing IT

y
resources an d processes.

B 4. CIS Controls:

SP
• A set of prioritized actions that provid e specific and actionable way s to sto p today's mo st

CI S •
perv asive and d angero us cyber attacks.
Focuses on iden tifying an d implemen ting effective secur ity controls.

for 5. PCI DSS:

es • A security standard designed to ensu re that all comp anies that pr ocess, store, o r transmit

ot
credit card in fo rmation maintain a secure envir onment.
Pr ovides guid elines specifically for pr otecting pay ment car d data.

ll N
•
Applica tion of Multiple Frame works

rn e • Flexible Approac h: Or ganiz ations may u se features fro m mu ltiple framewo rks to build a custom

o
secu rity str ategy tailored to their specific needs.

C •

•
Best Prac tic es: By in tegratin g elemen ts from different frameworks, organ izations can benefit from a
bro ad spectrum of best practices that addr ess a wide range of security r equirements.
Holistic Security: Combining mu ltiple framewo rks can p rovide a more compr ehensive and holistic
appr oach to security man agement, covering both technical and organization al asp ects.

• Security control frameworks provide structured guidance for selecting appropriate security controls based on best
practices and risk management principles.
• ISO 27001/02, NIST SP 800-53, COBIT, CIS Controls, and PCI DSS are some of the major frameworks used to ensure
robust security across various systems and processes.
• Multiple frameworks can be used together to create a tailored, comprehensive security approach that aligns with an
organization's specific needs and objectives.
• Proper control selection and application of frameworks enhance the overall security posture and protect the
organization from potential threats and vulnerabilities.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security Control Frameworks Overview
COBIT (Control Objectives for Information Technologies)
• COBIT
• Purpose: Useful for IT assurance, audits, and gap assessments.
• ITIL
• NIST SP 800-53 • Created by: Information Systems Audit and Control Association (ISACA).
• PCI DSSISO 27001 • Focus: IT management and governance.
• ISO 27002
• Use Case: Particularly beneficial for organizations looking to align IT processes
• COSO
• HIPAA with business strategies and perform IT audits.
• FISMA ITIL (Information Technology Infrastructure Library)
• FedRAMP • Purpose: Defines best practices for IT service management (ITSM).

on
• SOX
• Focus: Aligning IT services with business goals and objectives.
• Processes Covered: Onboarding, procurement, change management, u
t i
strib
Di delivery and
configuration management, access control, etc.

r
• Use Case: Ideal for organizations looking to optimize IT service
fo
management processes.
ot
NIST SP 800-53 N
h a,and recommendations for
• Purpose: Set of best practices, standards,
cybersecurity controls.
N a
t
e of Standards and Technology (NIST).
je
• Developed by: National Institute

b ha
• Focus: Improving cybersecurity posture of organizations.

l Sucompliance
• Use Case: Widely used by US federal agencies and private organizations to meet

C o
regulatory and requirements.

By (Payment Card Industry Data Security Standard)

PCI DSS
P•
S Purpose: Protects cardholder data and reduces credit card fraud.

CIS • Created by: Payment Card Industry Security Standards Council.

for • Focus: Data security for organizations handling credit card transactions (e.g.,

tes VISA, MasterCard).

N o
ell
• Use Case: Mandatory for businesses handling payment card data to ensure
secure processing and compliance.

orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security Control Frameworks Overview
ISO 27001
• COBIT • Purpose: Provides requirements for establishing, implementing, and maintaining an
• ITIL Information Security Management System (ISMS).
• NIST SP 800-53 • International Recognition: Applicable to all organizations regardless of type, size, or
industry.
• PCI DSSISO 27001 • Certification: Organizations can be certified against ISO 27001.
• ISO 27002 • Domains Covered: Information security policies, access control, physical security,
• COSO incident management, compliance, etc.
• HIPAA • Use Case: Suitable for organizations aiming to formalize their information security
• FISMA management and achieve international certification.
ISO 27002
• FedRAMP
• Purpose: Provides guidelines for information security standards and management

on
• SOX
i
practices.
• Supportive to ISO 27001: Helps implement and manage controls in ISO 27001.
ut
r i b
• Use Case: Used to provide detailed guidance for organizations implementing the ISO
t
27001 controls.

D is
COSO (Committee of Sponsoring Organizations of the Treadway Commission)

for
• Purpose: Improves organizational performance and governance through effective internal
control and risk management.
t
No
• Focus: Enterprise risk management (ERM) and fraud deterrence.

a,
• Use Case: Commonly adopted by organizations seeking to enhance governance and risk
management practices.
h
Na
HIPAA (Health Insurance Portability and Accountability Act)

et
• Purpose: Focuses on the protection of protected health information (PHI) of individuals.

je
• Industry: Healthcare.

ha
• Use Case: Mandatory for healthcare providers, health plans, and business associates to
b
Su
ensure the confidentiality, integrity, and availability of PHI.

l
FISMA (Federal Information Security Management Act)

Co
• Purpose: Requires US federal agencies to develop and implement comprehensive security

y
programs.
B • Scope: Applies to federal agencies and contractors handling federal data.

SP
• Use Case: Ensures that federal information systems are protected against security threats

CI S and vulnerabilities.
FedRAMP (Federal Risk and Authorization Management Program)

for • Purpose: Provides a standardized approach for security assessment and authorization of

es cloud products and services.

ot
• Requirement: Mandatory for cloud services holding US federal government data.

ll N
• Use Case: Ensures that cloud service providers meet strict security requirements to
protect federal data.

rn e SOX (Sarbanes-Oxley Act)

C o • Purpose: Prevents financial fraud by public companies.

• Origin: Enacted as a result of the Enron scandal to protect shareholders' interests.
• Focus: Internal controls over financial reporting.
• Use Case: Ensures transparency and accountability in financial practices of publicly
traded companies.

• Security control frameworks offer structured guidance for implementing and managing security
controls based on best practices and compliance requirements.
• ISO 27001/02, NIST SP 800-53, and COBIT are some of the most commonly used frameworks for
information security management and governance.
• Specialized frameworks like PCI DSS, HIPAA, and FISMA cater to industry-specific regulatory
requirements.
• Combination of frameworks may be used to address both technical security and broader business
governance needs effectively.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Security Capabilities of Information Systems
Memory Protection
Trusted Platform Module (TPM)
Encryption/Decryption
Memory Protection
• Purpose: Prevents unauthorized access and corruption of system memory.
• Techniques Used:
• Segmentation: Divides memory into different segments, each with specific
access permissions (e.g., read, write, execute).
• Paging: Breaks memory into fixed-size pages, which are mapped to physical
memory frames. This isolates processes, preventing one process from
accessing another’s memory.
• Address Space Layout Randomization (ASLR): Randomizes the memory
addresses used by system and application processes, making it difficult for
attackers to predict target addresses during an attack.
• Use Case: Essential for operating systems to maintain process isolation and system
ti on
stability, protecting against buffer overflow attacks and memory corruption.

i bu
Trusted Platform Module (TPM)

s r
t operations
•
i
Purpose: A hardware-based security module used for secure cryptographic
and storing sensitive information.

fo rD
t
• Capabilities:
o
Key Storage: Stores cryptographic keys securely.

, Nof the system’s boot process by

•
Platform Integrity: Ensures the integrity
a
•
verifying digital signatures.
a hBoot: Checks the integrity of system
theN
• Secure Boot and Measured
components duringt
e boot process to prevent tampering.
jedata. Can be used for hardware-based encryption to
•
a
Encryption/Decryption:

bhused in modern devices for hardware-level security features like full-

protect sensitive

u
l S secure boot, and remote attestation.
• Use Case: Widely
disk encryption,
o
C Converts data into a secure format that cannot be read by unauthorized
Encryption/Decryption
•
ByPurpose:
S P•
parties. Decryption reverses the process, making the data readable again.

CI S Techniques:

for • Symmetric Encryption: Uses a single key for both encryption and decryption
(e.g., AES, DES). Efficient for large data volumes but requires secure key

es management.

ot • Asymmetric Encryption: Uses a pair of keys—a public key for encryption and

ll N
a private key for decryption (e.g., RSA, ECC). Ideal for secure key exchange

rn e and digital signatures.

o
• Hybrid Encryption: Combines symmetric and asymmetric encryption, using

C •
asymmetric encryption to securely exchange a symmetric key.
Use Case: Protects data in various states (at rest, in transit, in use), ensuring
confidentiality and integrity. Used in SSL/TLS for secure communications, file encryption,
and digital signatures.

• Memory protection techniques like segmentation, paging, and ASLR are critical for safeguarding system
stability and preventing unauthorized access.
• Trusted Platform Module (TPM) provides hardware-based security for cryptographic operations,
enhancing the security of key management, secure boot, and system integrity.
• Encryption and decryption are fundamental security mechanisms used to protect data confidentiality
and integrity, with symmetric and asymmetric techniques serving different use cases.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Reference Monitor Concept, Security Kernel, and TCB
• Subjects and Objects
• Reference Monitor Concept
(RMC)
• Security Kernel
• Trusted Computing Base
(TCB)
Subjects and Objects
• Definition: Fundamental components in security systems.
• Subject: Active entity (e.g., user, process) attempting to access resources.
• Object: Passive entity (e.g., file, server) being accessed by a subject.
• Example: A user (subject) trying to read a file (object).
Reference Monitor Concept (RMC)
• Purpose: Concept for controlling how subjects access objects based on predefined
rules.
• Key Features:
• Mediate All Access: Ensures every access request is checked against the

on
security policy.
• Protected from Modification: The rules and mechanisms should not be
uti
b
alterable by unauthorized users.
• Verifiable: Must be auditable and provable as correct.
tr i
•
without exception.
D is
Always Invoked: The RMC should be in action for every access attempt,

•
t for
Example: Logging into a system involves checking user credentials before granting

No
access to files.

a,
Security Kernel
•
h
Definition: Implementation of the Reference Monitor Concept.

Na
et
• Properties:

e
• Completeness: It is impossible to bypass the kernel for accessing objects.
j
ha
• Isolation: Security rules are tamper-proof and only accessible by authorized
personnel.
•
u b
Verifiability: The kernel’s functioning can be monitored and verified through

l Soperating
logging and testing.
•
C o
Example: An system’s kernel enforcing access control rules on system

B yComputing Base (TCB)

resources.

SP• Definition:
Trusted

CI S The entirety of protection mechanisms within an architecture, including

hardware, firmware, and software.

for • Components:

tes • Processors (CPUs)

o
• Memory

ll N
• Primary and secondary storage

rn e •
•
Virtual memory
Firmware

C o •
•
Operating systems
System kernel
• Example: All security measures like authentication systems, encryption processes, and
access control policies that protect a corporate IT environment.

• RMC is a concept ensuring all access is mediated, protected, verifiable, and always enforced.
• Security Kernel is the practical implementation of RMC, focusing on completeness, isolation, and
verifiability.
• TCB refers to all security mechanisms within an architecture, covering hardware, software, and
procedural controls.
• These notes provide a structured understanding of the foundational concepts in securing information
systems, highlighting their implementation and practical implications

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Processors (CPUs) and Process Isolation
Central Processing Unit (CPU)
• Central Processing Unit • Definition: The CPU is the brain of a computer responsible for processing all instructions
(CPU) and solving problems.
• Processor States • Processing Cycle: CPU operates through a four-step process:
• Process Isolation • Fetch: Retrieve instructions and data from memory.
• Memory Segmentation • Decode: Interpret the instructions.
• Time-Division Multiplexing • Execute: Perform the operations defined by the instructions.
• Store: Save the results back to memory.
• Example: When opening a web browser, the CPU fetches the necessary instructions,
decodes them to understand the task, executes the command to open the browser, and
stores the state of the process in memory.
ti on
Processor States
i bu
• Supervisor State:
s t r
•
Full access to all CPU instructions and capabilities. r D
i
High privilege level, typically where the system kernel operates.

fo
•
• Allows execution of privileged instructions.
o t
• Problem State:
N
•
h a, andCPUuserinstructions.
Lower privilege level with limited access to
•
a
Standard operating mode for applications processes.
•
e t Nbecause the CPU is focused on solving
Known as “problem state”

je
computational problems.
Example: An operatinga
h
ubwhile user applications run in problem state with restricted access.
• system running in supervisor state can manage hardware
resources directly,
S
C ol
By
I SSP
r C
fo
es
ot
ell N
orn
C

• CPU: Central component for processing instructions; operates through fetch, decode, execute, and store cycles.
• Processor States: CPU operates in supervisor (high privilege) and problem (low privilege) states.
• Process Isolation: Crucial for preventing unauthorized access and data corruption; achieved through memory
segmentation and time-division multiplexing.
• Memory Segmentation: Allocates separate memory segments to different processes.
• Time-Division Multiplexing: CPU allocates time slices to processes, simulating simultaneous execution.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Processors (CPUs) and Process Isolation
• Central Processing Unit
(CPU)
• Processor States
• Process Isolation
• Memory Segmentation
• Time-Division Multiplexing
Process Isolation
• Definition: A method to ensure that processes running on the same system cannot
interfere with each other, preventing unauthorized access or data corruption.
• Purpose: Protect processes from interacting in a way that could have negative
consequences such as data corruption or unauthorized access.
• Methods:
• Memory Segmentation:
• Isolates memory assigned to different applications so that one
application cannot access another’s memory.
• Example: Running a web browser and a word processor concurrently
without them interfering with each other’s data.
ti on
• Time-Division Multiplexing:
i b u
•
s tr
The CPU allocates small time slots to different processes, making it

i
seem like multiple processes are running simultaneously.
Example: Multitasking on a single CPU whereD
•
f o r switching between
t
applications appears seamless to the user.
o
Memory Segmentation
, N to specific processes,
•
a
Definition: Separation of memory into segments
hloaded
assigned

a
ensuring that each process can only access its designated segment.
•
e t N segment ofintoanother
Use Case: When multiple applications are RAM, segmentation prevents one

je
application from accessing the memory application.
•
b hamemory.
Example: Running a video game and a music player concurrently without them

u
accessing each other’s
S
l
Time-Division Multiplexing
Definition: Ao
ofC
method where the CPU allocates small time slots to each process, enabling the

UseB
y
illusion concurrent execution.

S P Case: Ensures that processes are executed without interference, enhancing security and

CIS Example: A user can work on a document while listening to music; the CPU switches between
stability.

for these tasks rapidly to manage them effectively.

tes
o
ell N
orn
C

• CPU: Central component for processing instructions; operates through fetch, decode, execute, and store cycles.
• Processor States: CPU operates in supervisor (high privilege) and problem (low privilege) states.
• Process Isolation: Crucial for preventing unauthorized access and data corruption; achieved through memory
segmentation and time-division multiplexing.
• Memory Segmentation: Allocates separate memory segments to different processes.
• Time-Division Multiplexing: CPU allocates time slices to processes, simulating simultaneous execution.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Types of Storage
Types of Storage
• Types of Storage • Definition: Storage in a computer system refers to locations where data is held,
• Primary Storage processed, and retrieved.
• Secondary Storage • Categories: Storage is broadly classified into two types:
• Volatile vs. Non-Volatile • Primary Storage (Volatile Memory)
Memory • Secondary Storage (Non-Volatile Memory)
• Paging and Virtual Memory Primary Storage
• Characteristics:
• Fast access speed.
• Volatile in nature: data is lost when the device is powered off.
• Smaller in size compared to secondary storage.
t i on
• Examples:
itob
u
• Cache Memory: Temporary storage for frequently accessed data
s tr speed up
i
rD
processes.
•

t fo
CPU Registers: Small, fast storage locations within the CPU used for

o
immediate data processing.

,N
• RAM (Random Access Memory): Temporary storage for running processes
and active data.
h a
• Usage:
N a
•
e t
Stores data and instructions currently being used by the CPU.

aje
• Ensures quick access and execution of tasks.

h
ub is lost, all data stored is also lost.
• Disadvantage:

S
• If the power

C ol
By
I SSP
r C
fo
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Types of Storage
Secondary Storage
• Types of Storage • Characteristics:
• Primary Storage • Slower access speed compared to primary storage.
• Secondary Storage • Non-volatile: data remains intact even when the power is turned off.
• Volatile vs. Non-Volatile • Larger in size and capacity.
• Examples:
Memory
• Magnetic Hard Drives: Traditional storage devices using magnetic disks to store
• Paging and Virtual Memory data.
• Optical Media: CDs, DVDs, and Blu-ray discs used for storing large volumes of
data.
• Tapes: Used for archival storage and backups.

on
• SSDs (Solid State Drives): Faster and more reliable non-volatile storage compared
to hard drives.

uti
b
• Usage:
•
tr i
Used for long-term storage of files, applications, and data backups.
• Retains data even when not powered.
D is
for
Volatile vs. Non-Volatile Memory

t
• Volatile Memory (Primary Storage):

No
• Data is temporary and lost when power is cut.

a,
• Example: RAM, where active programs and data are stored temporarily.
•
h
Non-Volatile Memory (Secondary Storage):

Na
• Data remains even when power is cut.

et
• Example: Hard drives, SSDs, and other storage devices for long-term data retention.

je
Paging and Virtual Memory
•
bha
Definition: A technique used to extend primary memory by using a portion of secondary

Su
storage.

l
• Process:

Co
• When RAM is full, the operating system moves less frequently accessed data to a

By •
portion of the hard drive called the paging file or virtual memory.
This process allows for more efficient memory management and prevents system

SP
crashes.

CI S • Usage:

r
• Virtual Memory: Acts as an overflow for RAM, allowing the system to handle more

fo applications simultaneously.

es • Paging File: The area on the hard drive used to store data temporarily moved from

ot
RAM.

ll N
• Disadvantage: Can cause latency and slower performance due to the slower speed of
secondary storage compared to RAM.

rn e • Advantage: Prevents system crashes due to insufficient RAM and allows for multitasking.

C o

• Primary Storage: Fast, volatile memory used for immediate processing; includes RAM, cache, and CPU registers.
• Secondary Storage: Slower, non-volatile memory for long-term data retention; includes hard drives, SSDs, and
optical media.
• Volatile vs. Non-Volatile: Primary storage loses data on power-off (volatile), while secondary storage retains data
(non-volatile).
• Paging and Virtual Memory: Extends RAM using hard drive space to prevent system crashes but can cause latency.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of System Kernel
• System Kernel vs. Security
Kernel
• Role of Privilege Levels in
System Kernel
System Kernel
Definition of System Kernel
• Core Function: The system kernel is the central part of an operating system
that controls every component and function within a system.
• Control: It has low-level control over all operations and hardware components
of the operating system, including memory management, process scheduling,
and input/output control.
• Access: Because the system kernel has access to everything, it essentially
dictates how resources and processes function.
System Kernel vs. Security Kernel
• System Kernel:

on
• Role: Manages and controls the entire operating system, ensuring
smooth operation and functionality.
u ti
b
• Access: Directs system-level operations like memory management,
file systems, and hardware interactions.
t r i
• Security Kernel:
is
• Role: Implements the Reference Monitor Concept
fo r D (RMC),
that all accesses to objects by subjects are monitored
ensuring
and controlled
based on security rules.
o t unauthorized access
,N
• Purpose: Enforces security rules and prevents
to system resources.
Difference: The system kernelacontrols the OS, while the security
•
a
kernel focuses on securing haccess to objects within the system.
N
Role of Privilege Levels in SystemtKernel
e
je kernel relies on privilege levels to control access
Privilege Levels: Theasystem
•
h
b The system kernel operates in the highest privilege level,
to system resources and ensure safe operations.
u
SupervisorSMode:
•
o l to as supervisor mode, where it has unrestricted access to all
often referred
CMode: In contrast, processes running in user mode have limited access
system instructions and operations.
yto system
• BUser

S P system’s core resources, ensuring that they cannot interfere with or harm the
operations.
I S
C Protection of the System Kernel
for Importance: From a security perspective, protecting the system kernel is
s
•

o te crucial because it manages the entire operating system.

N • Vulnerability: If the system kernel is compromised, attackers could gain

ell
control over the entire system, leading to serious breaches.

orn • Security Measures: Implementing access control, ensuring proper privilege

separation, and maintaining kernel integrity are key steps to safeguarding the
C system kernel.

• The system kernel is the core of the operating system, responsible for managing all system resources and processes.
• It operates at the highest privilege level and ensures the smooth functioning of the system.
• The system kernel is distinct from the security kernel, which focuses on implementing security controls and access
monitoring.
• Protecting the system kernel is critical to maintaining the overall security and stability of the operating system.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


Privilege Levels in
ComputingUser Mode and
Kernel ModeRing Protection
Model
Privilege Levels
Privilege Levels in Computing:
• Definition: Privilege levels set operational boundaries for software on
a computer, restricting or allowing access to system resources.
• Purpose: Establishes a trust boundary to ensure that critical system
functions are protected from potential misuse or unauthorized access.
User Mode and Kernel Mode:
• User Mode:
• Lower Trust Level: Allows access to only a small subset
of system capabilities.
• Common Use: Regular applications like word
ti on
processors, web browsers, and other user-facing
i bu
software run in this mode.
str
D i
for
• Kernel Mode (Privileged Mode):
• Higher Trust Level: Grants more extensive access to the
t
No
system's critical functions and resources.
•
h a,
Critical System Processes: The system kernel operates
in this mode, ensuring direct control over hardware and
Na
low-level operations.
Ring Protection Model:
je et
a
•
bh provides
Concept: This model
most criticalucomponents
a CPU layering technique to protect the

l S Privileged/Kernel Mode):
of a system.
Ring 0o(Most
•
C
By • Access to Firmware & Critical Processes: This level

SP
controls essential system operations like managing the
system’s memory, processes, and executing machine-
CI S level instructions.

for • Security Importance: Ring 0 is most critical for security,

es as it protects the system kernel, firmware, and other
ot core operations.

ell N • Ring 3 (User Mode):

orn • Least Privileged: Applications and user-level processes

C run in this ring, with minimal access to system
resources.

• Privilege levels differentiate between user-level and system-level processes.

• Kernel mode (Ring 0) is the most critical, providing control over system operations and
requiring higher trust.
• User mode (Ring 3) limits access, providing a safeguard to prevent malicious processes
from affecting critical system components.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Ring Protection Model
Concept of Ring Protection Model:
• Concept of Ring Protection
Model • Definition: The ring protection model is a security architecture
• Purpose of Rings in System designed to protect different layers of a computer system by
Security segregating them into "rings," each with different trust levels.
• Communication between • Layered Security: Each ring has distinct security and access
Rings privileges, creating a hierarchy of trust from the innermost (Ring 0)
to the outermost (Ring 3).
Purpose of Rings in System Security:
• Ring 0 (Kernel Mode):
ti on
•
bu
Highest Trust Level: Critical system processes, such as
i
tr
the operating system kernel and firmware, operate here.
s
• D i
Full Access: Has complete access to the system's
hardware and all system resources.
t for
•
No
Security Focus: This ring must be highly secure, as it
a,
controls the core functionality of the system.
h
• Ring 3 (User Mode):
Na
•
jeet
Lowest Trust Level: User programs and applications

ha
operate here, with the least access to system resources.
b
Su
• Protection Mechanism: Limits direct access to
l hardware, protecting the system from potential threats,

y Co such as malware infecting the machine.

B Communication between Rings:

I SSP• System Calls: Communication between rings happens through

r C controlled system calls.
fo
es • Inner Ring Protection: Outer rings (like Ring 3) must go through
ot these trusted system calls to interact with more privileged inner

ll N
rings (like Ring 0). This prevents unauthorized access to critical

rn e system processes.

C o

• The ring protection model is a security framework that isolates system processes based
on their level of trust.
• Ring 0 is the most trusted and critical layer, protecting the system’s kernel and firmware,
while Ring 3 has the least access, primarily running user applications.
• Communication between rings is tightly controlled to prevent unauthorized access to
the inner, more secure rings.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Definition of Firmware
• Role of Firmware in Systems
• Vulnerabilities in Firmware
Firmware
Definition of Firmware:
• What is Firmware?: Firmware is a type of software that provides low-
level control for a device's hardware.
• Boot Process: It is the code responsible for initializing hardware
components and ensuring they are ready for operation when the system
boots up.
Role of Firmware in Systems:
• Hardware Control: Firmware manages essential tasks, like starting the

on
hardware and communicating between the hardware and software
layers.
ut i
t r
• Examples: Devices such as BIOS in computers or firmware in printersi b
and network routers depend on this code to function. is
Vulnerabilities in Firmware:
fo rD
• Modifiable Nature: Unlike in earlier systems,o
t
, N but also introducing
modern firmware can be

security risks. h a
updated or modified, making it more dynamic

a
e tN
• Attack Surface: Since firmware
target these updates to e
updates can be exploited, hackers may

over the hardware. aj

install malicious code, gaining low -level control

u bh A successful attack on firmware could allow

ltoScompromise entire systems, rendering security measures
• Potential Consequences:
o
attackers

B yC
ineffective.

I SSP
C
for
tes
o
ell N
orn
C

Summary Section (Key Points)

• Firmware is a crucial component that controls hardware at a low level and helps boot systems.
• While it was once unchangeable, modern firmware can now be updated, making it vulnerable to attacks.
• Protecting firmware from unauthorized modifications is essential to maintaining hardware and system
security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Middleware
• Role of Middleware
• Example of Middleware in
Banking
Middleware
Definition of Middleware:
• What is Middleware?: Middleware is software that acts as an
intermediary, enabling communication between two incompatible
applications.
• Interoperability: It facilitates communication between systems that
speak different "languages," making otherwise incompatible software
work together.
Role of Middleware:

on
• Communication Layer: Middleware operates as a "glue" between
ti
applications, translating and facilitating interaction between systems
u
with different architectures or protocols.
r i b
t (e.g.,
• is
Use Cases: It is essential in scenarios where legacy systems

applications (e.g., web or mobile apps).

fo rD
older mainframe computers) need to interface with modern

o t
, N app might need to interact
Example of Middleware in Banking:
Mobile Banking: A modern mobile h a
banking
with a bank's older mainframe a
•

tN
system. The mobile app and the

je e
mainframe use different communication methods.
•
b ha with the Middleware
Middleware as a Translator: enables the mobile banking

Suinto a format the mainframe understands and vice versa.

app to communicate mainframe, translating the mobile app's
l
API requests

y Co
P B
I SS
C
for
tes
o
ell N
orn
C

Summary Section (Key Points)

• Middleware is a vital software layer that enables communication between different
applications, allowing for interoperability.
• It plays a crucial role in integrating modern systems (like mobile applications) with older
systems (like mainframes), especially in industries like banking.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Abstraction
• Abstraction in Everyday Life
• Abstraction in Computing
Abstraction
Definition of Abstraction:
• What is Abstraction?: A process that hides the underlying
complexity of a system or process, allowing users to focus on
simpler, high-level interactions.
• Simplification: The main idea is to simplify interaction by
concealing the intricate details of how a system works.
Abstraction in Everyday Life:
• Driving a Car: Drivers only need to interact with the basic controls

ti on
(steering wheel, pedals, etc.) while the complexity of the engine,
electrical system, and other mechanics is hidden from them.
i bu
•
s
Example: A driver doesn’t need to understand the internaltr
i
rD
combustion process to drive; they just need to operate the car’s
controls.
t f o
o
, Nwith binary code (1s and 0s),
Abstraction in Computing:
Programming Languages: CPUs a
•
a hprogramming languages that
work

abstract this complexity.t N

but programmers use high-level

jee
•
ha developers
Software Development:
Python or Javaballow
High-level programming languages like

S u are then translatedto write code in human-readable

ol
formats, which into machine-readable binary.

B yC
I SSP
C
for
tes
o
ell N
orn
C

Summary Section (Key Points)

• Abstraction simplifies complex systems by hiding the intricate details, making them
more accessible for users or programmers.
• In everyday life and computing, abstraction is used to reduce complexity and allow for
more intuitive interactions.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Virtualization
• Role of a Hypervisor
• Benefits of Virtualization
Virtualization
Definition of Virtualization:
• What is Virtualization?: The process of creating a virtual version of
something, such as an operating system, server, storage device, or
network, allowing users to abstract away from the underlying
hardware or software.
• Abstraction Layer: Virtualization allows multiple virtual machines
(VMs) to run on a single physical machine, abstracting the hardware
for each VM.
Role of a Hypervisor:
ti on
•
i bu
What is a Hypervisor?: A hypervisor is the software layer that

str
manages and runs virtual machines by acting as an intermediary
i
between the physical hardware and the virtual machines.
D
• Types of Hypervisors:
t for
No
• Type 1 (Bare-metal): Runs directly on the hardware (e.g.,

a,
VMware ESXi, Microsoft Hyper-V).
h
Type 2 (Hosted): Runs on top of a host operating system
Na
•
(e.g., VMware Workstation, Oracle VirtualBox).

je et
Benefits of Virtualization:

b ha Allows multiple VMs to share the resources

•
S uphysical machine, improving resource utilization and
Resource Efficiency:
l
of a single
costoefficiency.
y C
• B Scalability and Flexibility: Easily scale and deploy virtual

I SSP environments without the need for additional physical hardware.

C
or
• Isolation: Each VM operates independently, providing isolation

s f between different environments and enhancing security.

o te
ell N
orn
C

Summary Section (Key Points)

• Virtualization abstracts hardware resources using a hypervisor, allowing multiple VMs to
run on a single machine.
• It improves resource efficiency, scalability, and security by isolating environments and
facilitating flexible infrastructure management.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layering/Defense-in-Depth
• Definition of Defense-in-Depth
• Importance of Multiple Control
Layers
• Example of Defense-in-Depth
• Types of Controls in Each Layer
By computer system, encryption of files (preventive
I SSP
Definition of Defense-in-Depth:
• What is Defense-in-Depth?: A security strategy that
involves implementing multiple layers of controls to
protect an asset, ensuring that if one control fails, others
remain in place to provide protection.
Importance of Multiple Control Layers:
• Why multiple layers?: Relying on a single control creates a
vulnerability—if that control is bypassed, the asset is
exposed. Multiple layers reduce the chance of a total
security breach.
• Complete Controls: Each layer should include a ti on
combination of preventive, detective, and corrective
i bu
controls to provide comprehensive protection.
str
D i
for
Example of Defense-in-Depth:
• Physical Security Example: t
o Fence, electric
N
• Layer 1 (Outside the building):
fence, CCTV cameras
h a,(preventive, detective,
Naperimeter): More cameras,
and corrective controls).
t
jee guards patrolling (detective and
• Layer 2 (Building
walls, security
ha controls).
preventive
b
l Su 3doors
• Layer (Inside the building): Interior walls,
C• o Layer 4 (System access): Logging into the
locked (preventive controls).
and corrective controls).

r C Types of Controls in Each Layer:

fo
es • Preventive Controls: Stop unauthorized access (e.g.,
ot encryption, locks, fences).

ell N • Detective Controls: Identify breaches as they happen

rn
(e.g., CCTV cameras, security monitoring).
C o • Corrective Controls: React to and mitigate issues after
they occur (e.g., guards, security alarms, logging and
auditing).

• Defense-in-depth involves multiple layers of security controls to protect assets.

• Each layer should have a combination of preventive, detective, and corrective controls.
• The approach ensures that if one layer fails, other layers can still provide protection.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Trusted Platform Modules (TPM)
Definition and Function of TPM:
• Definition and Function of • What is TPM?: A Trusted Platform Module is a hardware-based
TPM security chip that implements the ISO/IEC 11889 standard.
• Purpose of TPM in System
• Functions: It performs cryptographic operations such as key
Security generation and encryption.
• Binding and Sealing in TPM
• Location: Typically installed on a device’s motherboard (e.g.,
• TPM Independence and desktops, laptops, and mobile devices).
Security
Purpose of TPM in System Security:
• Integrity Checking: TPM can ensure system integrity by checking for
tampering of critical system components during boot-up. If tampering
is detected, the system will not boot.
ti on
•
bu
Cryptographic Operations: TPM can generate cryptographic keys and
i
tr
ensure that they are securely stored within the TPM, preventing
s
unauthorized access.
D i
for
Binding and Sealing in TPM:
• Binding: t
o (bound) to specific
• TPM encrypts keys so they are
, N tied
ha TPM can decrypt these
hardware and configuration.
• Ensures that only theaoriginal
t N keys are bound to the TPM and will
keys, preventing disclosure.
e
aje if the system’s configuration remains
• Example: Encryption
only be decrypted
h
ub
the same.
Sealing: S
•
l
• o Data is encrypted by the TPM but can only be decrypted
C
y under certain conditions (e.g., when specific software or
B credentials are used).

I SSP • Example: Data is sealed by the TPM and can only be

accessed if a user logs in with the correct credentials.
r C TPM Independence
s fo and Security:

ote
• Independent of OS: TPMs are independent and do not rely on the
operating system or external components.

ell N • Unique Endorsement Key: Every TPM has a unique endorsement key

orn burned into it, which is used for encryption and ensuring TPM
authentication.
C • Black Box Security: The information within the TPM is protected and
cannot be extracted, adding to its security.

• TPM is a hardware-based security chip that performs cryptographic operations and ensures system
integrity.
• Binding ties encryption keys to specific TPM configurations, while sealing only allows data to be
decrypted under specific conditions.
• TPM operates independently of the operating system, enhancing its security and reliability.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Vulnerabilities in Systems
Single Point of Failure:
• Single Point of Failure • Definition: A point in a system that, if it fails, leads to a system-wide failure or significant
• Redundancy operational impact.
• Bypass Controls • Example: A server without a backup that fails would result in downtime for the system.
• Time-of-Check Time-of-Use • Mitigation: Redundancy—implementing backups or alternative pathways to ensure that
(TOCTOU) failure of one element does not bring down the entire system.
• Emanations Redundancy:
• Purpose: Helps mitigate the risks associated with single points of failure.
• Implementation: Redundancy should be applied where cost-justifiable, such as
backup systems, mirrored servers, or multiple power supplies.
Bypass Controls:
ti on
•
bypassed.
i b u
Definition: Vulnerabilities created when controls meant to restrict access can be

s r
t critical
• Example: An admin account without proper monitoring, allowing access to
i
rD
systems.
• Mitigation:
f o
t has full control over critical
•

Logging and Monitoring: Track activitiesN

operations. o
Segregation of Duties: Ensure no single person

•
a , and detect any unauthorized
attempts.
a h access to sensitive systems.
Physical Security: Limit physical

tN
•
Time-of-Check Time-of-Use (TOCTOU):
Definition: Also known asjae
e
action is authorized anda
• race condition, it refers to the time gap between when an
h
ub changes the conditions after authorization but before execution.
when it is executed, which can be exploited by attackers.
•
S
Example: An attacker
•
C ol Frequent
Mitigation: access or authorization checks help reduce the risk by narrowing

y
the window for attack.

B
Emanations:

I SSP• Definition: Unseen elements (such as electromagnetic signals) that leak from systems,
potentially exposing sensitive information.
C
for • Example: Intercepting data through leaked signals from a computer.

tes • Mitigation:

o • Shielding: Use of physical barriers to block emanations.

ll N
• White Noise: Adding background noise to mask signals.

rn e • Control Zones: Physically separating sensitive systems to protect against

interception.

C o

• Redundancy helps mitigate single points of failure, and bypass controls need to be managed through
segregation, logging, and monitoring.
• TOCTOU or race conditions can be addressed by frequent authorization checks.
• Emanations pose a risk to sensitive data, but can be mitigated through shielding, noise masking, and
control zones.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Single Point of Failure and Risk Reduction
Definition of Single Point of Failure:
• Definition of Single Point of
Failure • Meaning: A single point of failure refers to a component (e.g., firewall,
• Impact of Device Failure router) in a system that, if it fails, disrupts the entire operation.
• Risk Reduction Methods • Example: In a network where one firewall and one router are used, if
• High Availability either fails, the connection to the internet is lost.
Configuration
• Cost-Justification of Impact of Device Failure:
Redundancy • Impact: Failure of a critical device like a firewall or router will result in
the disruption of services, leading to loss of connectivity or access.
• Architecture: A single device failure can impact the entire system
ti on
architecture by preventing access to resources.
i bu
str
Risk Reduction Methods:
D i
for
• Redundancy: Introduce backup components like additional firewalls
t
and routers to mitigate the risk of single points of failure.
o
Example: Implement two firewalls and N
a, continuous operation.
• two routers, so that if one
h
fails, the second can take over, ensuring
a
High Availability Configuration: N
t
e automatically reroutes traffic from a
je
htoaits backup, ensuring minimal downtime.
• Definition: This configuration
b
failed component
u If Firewall 1 fails, traffic is directed to Firewall
•
l S
Example:
C o 2, and similarly with routers.
y
• BPurpose: Guarantees seamless operational flow without manual
S P intervention during failures.
CIS Cost-Justification of Redundancy:
for
tes • Challenge: While redundancy improves reliability, it may be expensive.
Firewalls and routers are often costly, making redundancy a
o
ll N
significant investment.

rn e • Feasibility: Organizations should assess whether the cost of

C o downtime justifies implementing redundancy. Redundancy should be

introduced where cost-effective and necessary for critical systems.

• A single point of failure can disrupt an entire system if a critical device fails. Implementing redundancy
through multiple firewalls and routers can mitigate this risk, but it should be done only when cost-
justified.
• High availability ensures smooth operations even if a device fails.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Bypass Controls
Definition and Purpose of Bypass Controls:
• Definition and Purpose of Bypass
Controls • Bypass controls are intentional mechanisms built into
• Risks Associated with Bypass systems to provide alternative access when primary
Controls access methods fail.
• Methods to Mitigate Bypass
Control Risks • Example: Resetting a home router to factory settings when
the administrative password is forgotten allows access to
the configuration utility with default credentials.
These controls are designed for situations where critical
on
•
access is lost but needs to be restored.
uti
Risks Associated with Bypass Controls:
tr i b
is
• Bypass controls introduce a new risk vector
fo rD
since they

ot
provide a way to circumvent primary security mechanisms.
N access to a device
a, reset the device and
• If someone gains unauthorized physical
like a router or firewall, theyhcould
exploit the bypass control
t Nato gain access.
jeebypass controls must be managed
ha unauthorized use.
• Although necessary,
b
carefully to prevent
l Su Bypass Control Risks:
Methods to
C o Mitigate
y
• BSegregation of Duties: Ensure that no single person has
S P complete control over the system to prevent misuse of
CIS
bypass controls.

for • Logging and Monitoring: Track any attempts to use bypass

tes controls to identify misuse or unauthorized access.
o
ell N • Physical Security: Limit physical access to critical

orn systems and devices to prevent unauthorized use of

bypass controls, such as resetting a firewall or router.
C

Summary Section (Key Points)

• 4oBypass controls are essential mechanisms but introduce risks when used without proper security
measures.
• Compensating controls like physical security, segregation of duties, and logging can mitigate the
associated risks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 TOCTOU or Race Condition
• Definition of TOCTOU (Time-
of-Check Time-of-Use)
• Example of a Race Condition
• Methods to Reduce the Risk
of Race Conditions
•
Definition of TOCTOU (Time-of-Check Time-of-Use):
• TOCTOU, or a race condition, refers to a vulnerability that exists
when there is a time gap between checking for a condition (like
available resources) and actually using the resource.
• This gap creates an opportunity for unintended actions to occur,
allowing a process to exploit the time window to make unauthorized
changes.
Example of a Race Condition:
• Two processes (Process 1 and Process 2) both check the system's
ti on
memory availability.
Process 1 checks that 2 GB of RAM is availablerand i bu
•
requests 1 GB. ist
• Process 2 checks at nearly the sameotime
f r Dand requests
1.5 GB.
o t
• Process 1 uses 1 GB, leaving
a , toNinsufficient memory for
Process 2, which causes
a h it fail or crash.
Ncondition, where processes race to
t the
je e
This is an example of a race
allocate resources before system has had a chance to update
the availability. ha

S ub the Risk of Race Conditions:

ol Frequency of Access Checks: Regularly recheck access
Methods to Reduce
•
y C
Increase

P B permissions and resource availability to minimize the time window

S in which unauthorized actions can occur.

CIS • Frequent Re-authentication: Frequent validation ensures that the

for state is correct and helps prevent exploitation, although excessive

tes re-authentication can frustrate users.

N o • Balance Between Security and Functionality: Finding the right

rn ell balance between strong security measures (like frequent checks)

and maintaining smooth functionality (without constant re-
C o authentication) is crucial.

• TOCTOU represents a short window between checking access or authorization and using a resource,
creating potential security risks.
• Race conditions can be reduced by frequent access checks and re-authentication, but striking a
balance between usability and security is essential.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Emanations
• Examples of Emanations
• Risks from Emanations
• Methods to Protect Against
Emanations
•
Emanations
Definition of Emanations:
• Emanations refer to unseen signals or waves, such as radio waves, magnetic
waves, light, and sound, that can leak out from systems.
• These emanations can be intercepted, potentially exposing sensitive
information.
Examples of Emanations:
• Radio waves from Bluetooth, Wi-Fi.
• Magnetic waves from hard drives.
• Light from screens, which can be exploited through shoulder surfing (e.g.,
someone reading a computer screen by looking over a user's shoulder).
Risks from Emanations:
t i on
Emanations pose a significant security concern because they can bebu
s t ri
intercepted by an eavesdropper or device, potentially exposing confidential

Di information
information.
•
fo r
Even simple actions like shoulder surfing could expose sensitive
from a screen or device.
t
ocan capture emanations
from wireless signals or electronic devices. N
• More advanced interception techniques exist that

Methods to Protect Against Emanations:h

a,
t Na
1. Shielding (TEMPEST):
Using physicale e like walls, Faraday cages, or copper-lined
to jblock emanations from devices.
barriers
envelopes a
•

•
u
TEMPESTbhistoa prevent
specification that outlines techniques for shielding

l S
equipment detection of emanations.

C o Broadcasting a strong random noise signal in areas where sensitive

2. White Noise:

B y •
data is being processed to obscure weaker emanations from devices.

S P • This prevents the interception of weak signals like those emitted by

CI S computers.

or
3. Control Zones:

s f • Establishing physical security zones to limit proximity to devices

o te •
emitting sensitive information.
Most emanations are short-range, so restricting physical access to

ll N
equipment can effectively prevent interception.

rn e • Examples include setting up secure rooms or restricted areas around

sensitive equipment.

C o

• Emanations are invisible signals that can leak sensitive information from systems and devices.
• Protection methods include shielding (e.g., Faraday cages), white noise, and control zones to
prevent interception of emanated data.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Hardening
• Purpose of Hardening
• Steps in Hardening
• Importance of Hardening
Hardening
Definition of Hardening:
• Hardening refers to the process of analyzing individual components of a
system and securing them to minimize vulnerabilities.
• It involves identifying weaknesses in hardware, software, or system
configurations and applying appropriate security measures to protect those
components.
Purpose of Hardening:
• The main goal of hardening is to reduce the attack surface of a system by
securing each component, making it more difficult for attackers to exploit
potential vulnerabilities.

on
• By reducing vulnerabilities, the overall system becomes more resilient to
threats.
u ti
Steps in Hardening:
r i b
t that are
1. Remove unnecessary services: Disable services and applications
is
r D and operating
not essential to the system’s operation, reducing the chances of exploitation.
2.
fo
t to address known
Apply patches and updates: Ensure all software, firmware,
vulnerabilities.
N o
systems are up-to-date with the latest security patches

Implement strong authentication and ,access controls: Use strong

3.
a
h (MFA), and least privilege principles
to control who has access to the a
passwords, multi-factor authentication

t N intrusion
system.
Configure firewalls and e
4.
a je
host-based firewalls, and
intrusion
enable
detection systems: Set up network and
detection/prevention systems to

b hdata: Protect data both at rest and in transit by using

monitor and block suspicious activity.
5. u
Smethods.
Encrypt sensitive
l
encryption
o
6.
y C and activities
Audit monitor logs: Continuously review system logs for unusual or
B malicious

PImportance of Hardening:
to detect and respond to potential security incidents.

S
CIS • Reduces vulnerabilities: Hardening ensures that individual system

or
components are less likely to be exploited by cyber attackers.

s f • Improves overall security: A hardened system is more resilient and better

o te protected against unauthorized access, malware, and other threats.

N • Regulatory compliance: Many industries require systems to be hardened as

ell
part of compliance with data protection regulations (e.g., PCI DSS, HIPAA).

orn
C

Summary Section (Key Points)

• Hardening involves securing each component of a system to minimize vulnerabilities and reduce the
attack surface.
• Key steps include removing unnecessary services, applying patches, using strong authentication,
and encrypting data.
• Proper system hardening improves overall security and helps maintain regulatory compliance.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Vulnerabilities in Systems and Hardening
• Common components in devices
• Organizational relevance
• Risk reduction in client and
server-based systems
• Hardening examples and
methods
• Factors driving hardening
decisions
•
•
Common Components in Devices:
• Devices like mobile phones, desktops, laptops, and servers share common features
such as hardware components (CPU, RAM) and software elements (operating systems
and applications).
• To secure a device, each of its components must be secured individually, based on its
value to the organization.
Organizational Relevance:
• This term refers to the value a system or component holds for the organization. Systems
that handle critical functions or sensitive data require more robust security measures.
• Key point for the exam: Organizational relevance implies value.
Risk Reduction in Client and Server-Based Systems:
• Client and server-based systems often require hardening techniques to minimize
t i on
vulnerabilities.
i b u
s t
Hardening: The process of making systems more secure by reducing the attack
r surface
and vulnerabilities.
i
D on a user’s
o r
Example of a vulnerability: Having unnecessary services or software running

tf
endpoint, such as an SFTP server that’s not needed.
Hardening Examples:
o
•
a , N surface by ensuring only essential
Disabling unnecessary services: Reduces the attack
services are running.
a h that only required programs are installed.
t N malware and viruses.
• Uninstalling unnecessary software: Ensures
• e
je Helps detect and prevent malicious activities.
Antivirus installation: Protects against
•
h
Host-based IDS/IPS and afirewalls:
u b Protects data at rest.
S
• Full-disk encryption:
•
o l policies: Reduces the likelihood of unauthorized access.
Strong password
•
y C system backups: Ensures data recovery in case of a breach or failure.
Routine
B
P•FactorsLogging and monitoring: Tracks system activities for signs of malicious activity.
S
CIS
Driving Hardening Decisions:

or
• Business requirements: Understanding what a system is intended to do helps drive

s f hardening efforts. For instance, a web server should have limited services and open
ports.

o te • Hardening checklists: These are crucial to ensure configurations are set up correctly.

ell N • Vendors often publish hardening guides. When unavailable, organizations like the
Center for Internet Security (CIS) provide widely-used checklists.

orn • Verification process: After hardening, a system’s configuration must be verified to

C ensure it functions as expected. The verification can be manual or automated.

• Vulnerabilities in systems exist across various device types (mobile, desktop, server), and hardening
is a crucial process to reduce risks.
• Hardening steps include disabling unnecessary services, using firewalls, implementing encryption,
and enforcing strong authentication.
• The level of security applied depends on the value or organizational relevance of the system, and
vendors often provide guides to help with the hardening process.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Mobile devices and
associated risks
• Mobile Device Management
(MDM)
• Mobile Application
Management (MAM)
• Reducing risks in mobile-
based systems
• Policies and processes for
lost/stolen devices
• Remote access security and
endpoint securityApplication
whitelisting
Risk in Mobile Systems
Mobile Devices and Associated Risks:
• Mobile devices (smartphones, tablets) are highly portable and store large
amounts of data, which increases the risk of loss or theft.
• The mobility of these devices makes them particularly vulnerable to being
misplaced, lost, or stolen, leading to potential security breaches in
organizations.
Mobile Device Management (MDM) and Mobile Application Management (MAM):
• MDM helps organizations secure devices by allowing administrators to enforce
security policies, wipe devices remotely, and manage device configurations.
• MAM focuses on securing the applications on mobile devices, ensuring that
corporate apps interact with data securely.
on
• Often, MDM and MAM are combined into one solution to provide complete
u ti
b
device and application security.
t r i
Reducing Risks in Mobile-based Systems:
is
D security,
• MDM solutions can secure devices by implementing remote
endpoint security, and application whitelisting.
o r access

• t f which apps users can

install on their devices, preventing unauthorizedoor potentially harmful apps.
Application whitelisting allows administrators to restrict

a ,N
h
Policies and Processes for Lost/Stolen Devices:
Organizations can reduce risks bya
tN
• implementing policies such as Acceptable
Use, BYOD/CYOD (Bring Your
Education and Awareness e Own Device/Choose Your Own Device), and
je for lost or stolen devices, including notifying
Training.
•
h a
Establish a clear process
dependent onuthe
IT/security teamsband initiating remote wipe functions (though this is
S device being online).

C ol Security and Endpoint Security:

Remote Access
•
B yVPN and two-factor authentication (2FA) should be enabled on all mobile

S P unauthorized
devices to secure remote access to corporate networks. This prevents
access when users connect from untrusted locations (e.g.,

CIS • Endpoint security solutions (antivirus, DLP, etc.) should be installed on

public Wi-Fi at airports or cafes).

for mobile devices, just like on standard computers, to protect against malware

tes and data breaches.

o • The concept of hardening should be applied to mobile devices, minimizing the

ll N
attack surface by disabling unnecessary services and securing configurations.

rn e Application Whitelisting:

C o • Organizations can enforce which apps are allowed on employees’ mobile

devices by implementing application whitelisting. This ensures that users
only install approved apps that meet the organization's security standards.

• Mobile devices present significant security risks due to their portability and data storage capabilities.
• Organizations can mitigate these risks through Mobile Device Management (MDM) and Mobile
Application Management (MAM) solutions, which help secure devices and applications.
• Policies such as BYOD and processes for dealing with lost or stolen devices further reduce risks.
• VPN, 2FA, and application whitelisting are critical for securing remote access and controlling app
installations.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 OWASP Mobile Top 10
OWASP Foundation:

• OWASP Foundation
• OWASP Mobile Top 10
• Common Weakness
Enumeration (CWE)
• OWASP Mobile Security
Testing Guide (MASTG)
• OWASP Mobile Top 10
Categories
• Mobile Application Security
• Ope n Web Applica tion Se curity Project (OWASP) is a commu nity-led organ ization focused on
impr oving software security, par ticularly for web and mobile applications.
• They produ ce glob ally recognized lists of vulnerabilities such as the OWASP Top 10 and OWASP
Mobile Top 10, based on r eal-world data and community in put.
• The fo undation also r eleases gu idelines for mobile secur ity testin g and secu re app development.
OWASP Mobile Top 10:
• The OWASP Mobile Top 10 highlights the most critical mobile app security risks and v ulner abilities.
• It u ses d ata fro m v endors, consultancies, bug b ounties, and o ther organization s, fo cu sing on
Comm on Weakness Enumeration (CWE).
• The list is upd ated regularly based on industry feedback and glob al secur ity trends.

on
Verification Standard
(MASVS)
OWASP Mobile Top 10 Categories:

uti
1.
i b
M1 - Improper Credential Usage: Insecure storage o r handling of credentials th at attackers can
exploit.
tr
2.
is
M2 - Inadequate Supply Chain Security: Vulner abilities intr oduced throu gh thir d-party
D
for
compon ents or libraries.

t
3. M3 - Insecure Authentication/Authorization: Po or implementation of authentication or

No
autho rization mechan isms.

4. M4 - Insuf ficient Input/Output Validation: Improper han dlin g of user input, leadin g to

a,
vulnerabilities like injection attacks.

h
Na
5. M5 - Insecure Com munica tion: Lack of secure commun ication proto co ls, expo sing sensitive data
dur ing tran smissio n.

6.

jeet
M6 - Inadequate Privacy Controls: Weak or absent measures to protect users’ perso nal and
sensitive data.
7.
ha
M7 - Insuf ficient Binary Protec tions: Lack of protection s against rever se engineering or tamperin g
b
of the app.

8.
l Su
M8 - Security Misconfiguration: Po orly con figured ap ps that leave them vuln erable to exp loitation.

y
9.
Co
M9 - Insecure Data Storage: Weak data stor age mechanisms that could allow u nauthorized access
to sensitive data.

B
SP
10. M10 - Insuf ficient Cryptography: Weak or misco nfigur ed cr yptographic mechanisms leading to
data leakage.

CI S OWASP Mobile Security Testing Guide (MASTG):

for • The Mobile Application Sec urity Testing Guide (MASTG) pro vides a compr ehensive manual for
testing the security of mobile applications.

es
ot
• It includes reverse engin eering techn iques an d testing methodologies, makin g it invaluable fo r mobile
secu rity tester s.

ll N
Mobile Application Sec urity Verification Standard (MASVS):

rn e • MASVS is another OWASP pr oject that sets a standard for mob ile application security, guiding b oth

o
development and security testing to en sure mob ile apps are secure from design to deplo yment.

• The OWASP Mobile Top 10 lists critical vulnerabilities in mobile applications, such as
Improper Credential Usage and Insecure Data Storage. Security professionals can
use this list to address key weaknesses in mobile applications. Additionally, the Mobile
Application Security Testing Guide (MASTG) provides a framework for testing mobile
app security, while the Mobile Application Security Verification Standard (MASVS)
helps guide secure app development and testing. These resources are invaluable for
ensuring the security of mobile applications.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Distributed Systems
Distributed Systems:
• Distributed Systems
• These are systems that are networked together, enabling them
• Distributed File Systems to communicate and share resources across a network.
(DFS)Grid Systems
• Risks of Distributed File • The internet is a prime example of a large-scale distributed
system, connecting countless devices globally.
Systems
• Internet as a Distributed • Within a company, distributed systems enable the
System communication between various networked devices, improving
operational efficiency but also introducing risks.
Distributed File Systems (DFS):
• DFS involves files hosted across multiple systems within a
ti on
network, making them accessible as if they are stored in a single
location.
i bu
s r
t across
• DFS software helps organize and manage files spread
D i
hosts, presenting them as unified storage for easier access and
management.
fo r
Grid Systems: o t
N
•
h a,complex
Grid systems are designed to combine computing power from
a
interconnected systems to tackle problems.
•
simulations or datae e t N where multiple
Examples include high-performance computing tasks, like
together to solvea j challenges.
analysis,
specific
systems work

u bhFile Systems (DFS):

Risks of Distributed
• o l S vulnerabilities by spreading files across
DFS introduces
y C hosts, increasing the attack surface.
multiple
B
P• The risk of unauthorized access is heightened because if one
S system in the network is compromised, it could expose the
CIS entire file system.

for • Data breaches, ransomware, or denial-of-service (DoS)

tes attacks can exploit the interconnected nature of DFS to disrupt
operations across the entire network.
o
ell N Internet as a Distributed System:

orn • The internet itself is an example of a distributed system on a

global scale, providing vast connectivity but also creating
C pathways for cyberattacks.

Summary Section (Key Points)

• Distributed systems, such as company networks and the internet, enable communication between
systems across a network but also expose organizations to risks, including cyberattacks and data
breaches.
• Distributed File Systems (DFS) take this further by distributing files across multiple systems, increasing
vulnerability.
• Tools like grid systems can harness distributed computing power for complex tasks, but security
measures must be in place to prevent unauthorized access and mitigate risks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Grid Computing
• Definition of Grid Computing
• Example: SETI at Home
• Security Risks in Grid
Computing
• Misuse of Grid Computing
Resources
•
Grid Computing:
• Grid computing involves multiple interconnected systems that work
together to solve complex problems requiring more computing power
than a single system can provide.
• These systems are typically connected via high-speed connections to
work in unison for tasks that require significant processing, such as
scientific research or data analysis.
• Unlike regular distributed systems, grid computing is focused on
intensive tasks, not just occasional data transfers like email or file
sharing.
Example: SETI at Home:
• ti on
A notable example of grid computing is the Search for Extraterrestrial
Intelligence (SETI) project.
i bu
s r
t of
i
SETI used unused radio telescope time to gather large amounts

r D people around
data in their search for alien communications.
• SETI at Home was a screensaver program that allowed
fo
t on their home
o
the world to process small chunks of SETI’s data

, N largest distributed grid

computers when they were idle.
This initiative effectively created theaworld’s
•
computer, powered by millions of
a hvolunteer participants.
e
Security Risks in Grid Computing:tN
• Data Integrity anda je
Validation: In grid computing, the accuracy of
results is crucial.hIf one computer sends inaccurate data, it could
ub of the larger system, leading to incorrect
affect the results
S
olof Resources: There is also the risk of unauthorized use of
conclusions.
• C
Misuse
y systems. For example, a group of Russian nuclear physicists
B grid
misused a high-performance system intended for scientific research to
P mine cryptocurrency, leading to legal consequences.
S
CIS Security Concerns in SETI at Home Example:
for • Data integrity could be compromised if a participant’s system

tes submitted false or incorrect data, which might skew the overall
analysis.
o
ell N • Misuse of Grid Computing Resources Example:

orn • In a real-world example, Russian physicists diverted a mainframe

system designed for nuclear simulations to mine cryptocurrency,
C highlighting the risk of unauthorized or inappropriate use of grid
resources.

• Grid computing connects multiple systems to work on intensive tasks, such as

scientific research, by pooling their resources.
• Projects like SETI at Home showcase the potential of grid computing, but there are also
security risks including data integrity issues and misuse of resources.
• It’s essential to implement proper controls and validations to maintain the integrity
and appropriate use of grid systems.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Inference and Aggregation
• Definition of Inference and
Aggregation
• Use in Data Warehouses and Big
DataInference vs. Aggregation
• Reducing Risk of Unauthorized
Inference and Aggregation
•
Data Warehouses & Big Data:
• Data warehouses store large quantities of structured and unstructured data
collected from various sources.
• Big data refers to massive datasets that are too large to be processed using
traditional methods, requiring advanced analytics to extract insights.
• These massive datasets are analyzed using data mining and data analytics
techniques to find patterns, trends, and useful information.
Inference and Aggregation:
• Inference refers to deducing sensitive information by analyzing non-sensitive
data. Attackers may not directly access confidential data but can piece
together related information to infer it.
• Aggregation involves combining individual data points to derive new
ti on
b u
information, which could be sensitive when combined, even if each data point
i
alone is not.
s tr
i
Both inference and aggregation can lead to data leakage or unauthorized
exposure of sensitive information.

f o rD
Example of Inference:
An attacker may analyze access patterns, sucho
t
,it'sNpublicly
• as how often a certain
database is queried, and infer business-critical information, like a
company’s quarterly performance before
h a released.
Example of Aggregation:
N a
t
In aggregation, an attackeremay combine public data with internal company
data to uncover privateje
•

h
employee information awith
details. For instance, aggregating publicly available
internal HR data may reveal confidential salaries.
Risk Mitigation: ub
S risk of unauthorized inference and aggregation, the following
l the
•
C o
To reduce

B y
measures
•
can be implemented:
Access Controls: Implement strict access controls to limit who can

SP • Data
view or query certain datasets.

CI S Masking and Encryption: Sensitive data should be masked or

encrypted, even during analytical processes.

for • Audit and Monitoring: Regular monitoring of access patterns and

data use to detect abnormal behavior.

tes • Query Controls: Limit the types of queries that can be performed on
o sensitive data and filter results to prevent leakage through

ll N
aggregation.

rn e • Data Partitioning: Split sensitive data across different systems so

it’s harder to aggregate sensitive results without authorization.

C o

• Inference is deducing sensitive information from non-sensitive data, while aggregation is combining
individual data points to form sensitive insights.
• In environments like data warehouses and big data analytics, these risks can be mitigated using
access controls, encryption, monitoring, and query filtering, preventing unauthorized exposure of
sensitive information.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Data Warehousing, Big Data, and Inference/Aggregation
Data Warehousing:
• Data Warehousing • A data warehouse consolidates data from multiple data sets, creating a central
• Big DataInference and repository for data analysis. It enables organizations to analyze trends and gain insights
by aggregating data from different "data islands."
Aggregation
• However, because all data is centralized, it introduces significant security risks. A
• Security Risks in Data single point of failure may arise if unauthorized access is gained, exposing vast
amounts of sensitive data.
Warehouses
• Polyinstantiation • Managing access controls becomes more complex since the warehouse stores data
from multiple departments (e.g., finance, HR).
• Reducing Risk in Inference
• Availability risks exist, as a failure in the data warehouse system can disrupt business
and Aggregation operations.
Big Data:
• Similar to data warehouses, but includes variety, volume, and velocity in data.
t i on
•
i b u
Variety: Big data systems can handle different types of data (structured, unstructured,
etc.), such as text files, images, and logs.
s t r
i
r D to traditional
• Volume: These systems store massive amounts of data, spread across many servers.
•
systems.
t f o
Velocity: Data ingestion and analysis happen at faster speeds compared

o
,N
• Examples of big data tools include Hadoop and MongoDB.
Data Mining & Analytics:
h a
Both data warehouses and big data aima
using data mining and analytics. N
• to extract valuable insights from vast datasets

e t
•
not be evident initially. a
These techniques can uncover
je patterns, trends, and relationships, some of which might

u bh
Inference and Aggregation:
•
points. o
S to deducing sensitive information from unrelated or non-sensitive data
Inferencelrefers

•
B y C involves gathering different pieces of data to form a clearer picture, which
Aggregation

SP• Both
could reveal sensitive information when combined.

CI S inference and aggregation can expose organizations to risks if not handled properly.
For example, in retail, analyzing purchasing patterns could inadvertently reveal private

or
customer information, such as pregnancy.

s f Reducing Risk of Inference & Aggregation:

o te • Use polyinstantiation to allow different versions of the same data at various

ll N
classification levels.

rn e • Access controls, encryption, and segregation of duties are necessary to limit data
visibility and manipulation.

C o • Audit trails and monitoring should be used to track data access and detect anomalies
that could lead to unauthorized inference.
• Implement data masking to protect sensitive information during aggregation.

• Data warehouses and big data both consolidate vast amounts of data for analysis but pose
significant security risks related to aggregation and inference.
• Effective risk mitigation strategies include polyinstantiation, strict access controls, and data
masking to prevent unauthorized access and exposure of sensitive information.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Industrial Control Systems (ICS) and Risk Mitigation
Industrial Control Systems (ICS):

• Industrial Control Systems • ICS refers to systems used for controlling and auto mating critical infrastructure like power grids,
nuclear plants, and ma nuf acturing facilities.
(ICS)
• ICS are often bu ilt with spe cialized softwa re and can run o n outdated hard ware and software, making
• Operational Technology (OT) them vulne rable to secu rity threats.
• Air Gapping • Up grading or patching ICS systems can be risky due to high customization and the mission-critical
• SCADA, DCS, PLC na ture of their functio ns.

• Patching ICS Systems • ICS are a subset of Opera tional Technology (OT), which en co mpasses all technologies for monito ring
and contr olling industrial pr ocesses.
• Risk Reduction in ICS
Types of ICS:

1. SCADA (Supervisory Control and Data Acquisition):

on
• A comb ination of computers, networking, and proprietary de vices that monitor and
contro l remote infrastructure.
•
scale processes like energy distribution.
uti
SCADA systems have loca l and remote management capabilities and are used in large-

2. DCS (Distributed Control System ):

tr i b
•
is
Controls loca l processes within an in dustr ial facility (e.g., oil refin eries, manufacturin g
D
for
plants).
• DCS lacks remo te capab ilities like SCADA but focuses on contro lling large pr ocesses within

t
a sp ecific facility.

No
3. PLC (Programma ble Logic Controller):

a,
• A specialized industrial com puter used for controllin g sp ecific manu factur ing pr ocesses.
•
h
PLCs are often networked with o ther PLCs and SCADA systems for effective control of

Na
manufacturing environments.

et
Air Ga pping:

je
ha
• Air gapping is the practice of keeping ICS sy stems of fline and disconnected from the in ternet and
corpo rate netwo rks to prevent extern al access an d cy berattacks.

b
Su
• It is one of the best ways to protect ICS sy stems fro m p otential n etwor k-based threats.

l
Co
Patching ICS System s:

y
• Patching ICS is often avoided d ue to the risk of disruption or ma lf unc tion. However, modern

B
inter co nnected networks increase th e n eed fo r patching.

SP
• Alternatives to patching: Implement logging, m onitoring, anoma ly de tection, and vulne rability
assessments to mitigate risks. Use VLANs and zoning to isolate systems from attacks.

CI S Reducing Risk in ICS Syste ms:

for • Nonstop logging and m onitoring can help detect suspicious activity early.

es
ot
• Segmentation of ICS systems usin g VLANs to prev ent attackers fro m mo ving laterally within the
network.

N
ell
• Vulnerability asse ssm ents focused on external co nnections and weak authenticatio n mech anisms.

rn
• Privileged ac cess m anagem ent tools and r egular reviews can redu ce risks associated with legacy
systems.

C o

• Industrial Control Systems (ICS) are essential for controlling critical infrastructure, but they are vulnerable
due to outdated systems and complex customization.
• The air-gapping strategy, combined with logging, monitoring, and zoning techniques, helps protect these
systems from cyberattacks.
• Understanding different ICS types, such as SCADA, DCS, and PLC, and implementing a strong patch
management process are crucial for reducing risks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Internet of Things (IoT) Security
Internet of Things (IoT):
• Internet of Things (IoT) • IoT refers to a wide range of devices connected to the internet, such as home
• Risks of IoT Devices appliances, cars, and even toasters.
• Botnets and DDoS Attacks • Manufacturers are embedding cheap computer and network components in these
devices, but the security of these devices is often neglected.
• Security Challenges with IoT
• Reducing IoT Risk • Examples of IoT devices include smart refrigerators, washing machines, and security
cameras.
Risks of IoT Devices:
• IoT devices are often insecure because the embedded technology is mass-produced
with minimal security.
• Users rarely upgrade or patch these devices, leaving them vulnerable to attacks.
•
t
Insecure IoT devices can be exploited by attackers to gain access to home or business
i on
i b u
networks and pivot to bigger targets, like personal computers or business systems.
Botnets and DDoS Attacks:
s tr
i
rD
• Botnets consist of multiple devices harnessed to perform malicious activities, including
Distributed Denial-of-Service (DDoS) attacks.
DDoS attacks are when a large number of systems send fao
•
o
single victim, overwhelming and crashing their systems. t massive amount of traffic to a

, Nin history occurred when a bug in

a
• Example: In 2016, one of the largest DDoS attacks

a h
security cameras was exploited. The attacker
of millions of cameras, leading to the attack.
used this vulnerability to create a botnet

•
e t N devices can be weaponized for large-scale
These attacks highlight how insecure IoT

e
cyberattacks.

h
Security Challenges with IoTajDevices:
•
S uorbupgrade
IoT devices are often overlooked in terms of security, with users rarely considering the

l
need to patch them.
•
y Co refresh
The long
connected
cycles of appliances, coupled with the fact that many devices are
to networks (both home and business), make them easy targets for

P• B The lack of security in these devices means that even something as simple as a
attackers.

I SS security camera can be exploited to create massive problems.

r C Reducing IoT Risk:

fo
s
• Avoid using IoT devices if possible, especially if they are not essential.

ote • If IoT devices must be used, ensure careful installation and maintenance.

ell N • Keep IoT technology up to date by applying patches and upgrades whenever available.

orn • Segment the network to isolate IoT devices from critical systems.

C • Regularly scan the network for vulnerabilities and take necessary steps to mitigate
risks.
• Be thoughtful about the placement of security controls and firewalls around the
network that houses IoT devices.

• The Internet of Things (IoT) consists of various devices that are often insecure and vulnerable to attacks.
• The main risks stem from outdated firmware and poor security features, which allow attackers to exploit
these devices.
• DDoS attacks, such as the 2016 security camera botnet, highlight the dangers of insecure IoT systems.
• To reduce risk, users should limit IoT use, keep devices updated, and segment IoT devices from critical
parts of their networks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cloud Service and Deployment Models - 1
• Characteristics of Cloud
Computing
• Cloud Service Models
• Cloud Deployment Models
• Data Protection & Privacy in
Cloud
Characteristics of Cloud Computing:
• On-Demand Self-Service: Users can provision computing resources
automatically without human intervention. Example: A user can
instantly set up a virtual machine in a cloud provider's dashboard.
• Broad Network Access: Resources are available over the network
and accessed through standard mechanisms (e.g., mobile phones,
laptops). Example: Accessing cloud storage through multiple devices
like smartphones or laptops.
• Resource Pooling: Cloud providers serve multiple customers from a
i
shared pool of computing resources. Example: Virtual machines for
t on
different customers being hosted on the same physical server.
i bu
s r
t up or
i
• Rapid Elasticity and Scalability: Resources can be scaled
D servers
down quickly according to demand. Example: Adding
automatically during a peak in traffic.
f o r more

• Measured Service: Cloud services areN ot and users are

monitored
a, for cloud storage or
charged based on usage. Example: Paying
compute power based on actualhusage.
a
• Multitenancy: Multiplee t Nor clients share the same computing
users
e
resources securely. jExample:
a with Multiple businesses using the same
h
ub
cloud infrastructure logical data separation.
S
C ol
B y
S P
CI S
for
es
ot
ell N
orn
C

• 4

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cloud Service and Deployment Models - 2
Cloud Service Models:
• Characteristics of Cloud • Infrastructure as a Service (IaaS): Provides virtualized computing
Computing resources over the internet. Example: Amazon Web Services (AWS),
• Cloud Service Models Microsoft Azure.
• Cloud Deployment Models • Platform as a Service (PaaS): Offers hardware and software tools
• Data Protection & Privacy in over the internet. Example: Google App Engine, Microsoft Azure
Cloud PaaS.
• Software as a Service (SaaS): Delivers software applications over
the internet. Example: Gmail, Microsoft Office 365.
• Container as a Service (CaaS): Cloud services that manage and
deploy containers. Example: Kubernetes-based services. ti on
i bu
• Function as a Service (FaaS): Serverless computing where
s r
t AWS
functions are executed in response to events. Example:i
Lambda, Google Cloud Functions.
fo rD
Cloud Deployment Models:
ot
•
a, NisCloud,
Public Cloud: The cloud infrastructure provisioned for open use

a h
by the general public. Example: Google AWS.
•
e tAnNorganization's
Private Cloud: Cloud infrastructure is operated solely for a single
je services.
organization. Example:
providing privateacloud
internal data center
h Shared by several organizations with common
bCloud:
u
l S Example:
• Community
interests. A cloud infrastructure used by different
C o
government agencies.
• ByHybrid Cloud: A combination of two or more cloud types (public,
S P private, or community). Example: A business using both AWS for
CI S public cloud services and a private cloud for sensitive data.

for Protection and Privacy of Data in the Cloud:

es
ot
• Protecting data in the cloud requires encryption, access control
mechanisms, and careful monitoring.

ell N • Data privacy regulations (e.g., GDPR, HIPAA) must be adhered to

orn depending on the nature of the data and the location of cloud
C servers.
• Example: Encrypting sensitive data stored in cloud services and
ensuring compliance with privacy laws such as GDPR.

• Cloud computing provides on-demand resources with characteristics like scalability and broad
access.
• Service models include IaaS, PaaS, SaaS, CaaS, and FaaS.
• Deployment models vary between public, private, community, and hybrid clouds.
• Data protection and privacy in the cloud require strong encryption, regulatory compliance, and
access control.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Cloud
Computing
• Six Defining Characteristics
of Cloud Computing
• On-Demand Self-Service
• Broad Network Access
• Resource Pooling
• Rapid Elasticity and
Scalability
Cloud Computing
Definition of Cloud Computing:
• Cloud computing allows access to computing resources like servers, storage, a nd
data bases over the internet on a pa y-as-you-go basis.
• Users can access data and applica tions from anywhere without maintaining physical
infra structure.
• Priva te clouds can be operated by users who own all hardwa re and softwa re.
Six Defining Characteristics of Cloud Computing:
1. On-Demand Self-Service:
• Resources (e.g., stora ge, CPUs, RAM) can be provisioned immediately
and a utomatically as needed.
• Exa mple: A cloud consumer adding more stora ge spa ce instantly for a
project.

• Measured Service
• Multitenancy
• Private Cloud vs. Public
on
2. Broad Network Access:
uti
• Cloud services are accessible from a nywhere via va rious devices like
sma rtphones, ta blets, and laptops.

tr i b
• Most Sa aS applica tions a re accessed through web browsers over the
Cloud internet.
D is
for
• Exa mple: Accessing Google Drive from any device with an internet
connection.
t
No
3. Resource Pooling:
• Cloud providers pool resources like processors, disk spa ce, and networks
among multiple users.
h a,
Na
• Users share computing resources, providing significa nt economies of
scale.

jeet
• Exa mple: AW S hosts multiple clients on the same infra structure, though
each client is logically separated.

ha
4. Rapid Elasticity and Scalability:
b
Su
• Resources can be scaled up or down quickly in the cloud, often

l
automa tically or with minimal effort.

Co
• Exa mple: Auto-scaling servers during a traffic surge for an e-commerce

y
site.

B 5. Measured Service:

SP
• Cloud providers track usage closely, and users only pay for the

CI S resources they consume, typically measured in small increments like

minutes or seconds.

for • Exa mple: Paying for exa ctly how many CPU hours were used in AWS.

s
6. Multitenancy:

ote • Cloud resources can be shared by multiple users (tenants), including

potential malicious users, increasing security risks.

ll N
• Cloud providers must implement strong isolation and security controls.

rn e • Exa mple: A public cloud server hosting da ta for multiple organizations, with

o
each tenant logically separated.

C Private Cloud vs. Public Cloud:

• Private Cloud: Operated by a single organization, accessible only by that entity, and
does not reflect multitenancy.
• Public C loud: Available to the general public and reflects multitenancy, where cloud
resources are shared among multiple users.

• Cloud computing offers scalable, on-demand resources accessible over the internet.
• Key characteristics include on-demand self-service, broad access, resource pooling, elasticity,
measured services, and multitenancy.
• The distinction between public and private clouds lies in resource access and security —private
clouds are exclusive to one user, while public clouds involve shared resources among multiple
tenants.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cloud Service Models
• SaaS (Software as a Service)
• IaaS (Infrastructure as a
Service)
• PaaS (Platform as a Service)
• CaaS (Containers as a
Service)
• FaaS (Function as a Service)
• Cloud Service Provider vs.
Cloud Customer
Software as a Service (SaaS):
• Provides access to web-based applications via subscription (monthly/annual).
• Example: Microsoft Office 365/Exchange 365. Instead of hosting their own email server,
organizations pay a subscription to use Microsoft’s services.
• SaaS applications are hosted in the cloud and accessed through a web browser.
Infrastructure as a Service (IaaS):
• Virtual data centers offering services like virtual servers, networking equipment,
firewalls, and more.
• Provides virtual versions of traditional physical devices such as virtual firewalls and
database servers.
• Example: AWS offers a full virtual data center experience, allowing users to create and
manage their own virtual environments.
Platform as a Service (PaaS):

on
Responsibilities • Used by developers to build, test, and run applications without needing to manage the
underlying infrastructure.
uti
•
customer needs.
tr i b
Ideal for custom application development when existing software doesn’t meet

• Once the application is live, it functions like SaaS.

D is
for
Containers as a Service (CaaS):
• Containers are packages of software that include all necessary components to run on
any host system.
t
•
No
CaaS automates hosting and deployment of containerized software.

a,
• Enables DevOps teams to work more efficiently, with agile and faster testing/deployment
cycles.
h
Na
• Example: Docker/Kubernetes environments for quick application deployment.

et
Function as a Service (FaaS):

e
• Serverless computing where developers focus solely on their code without managing
j
ha
infrastructure.

b
• Based on microservices, FaaS uses self-contained services for specific business

Su
functionalities.
•
l
Resources are only consumed when a function is executed, making FaaS more cost-

Co
efficient.

y
• Example: AWS Lambda allows execution of functions only when called, avoiding idle

B costs.

SP
Cloud Service Provider vs. Cloud Customer Responsibilities:

S
• SaaS: Provider is responsible for almost everything (data, applications, runtime, OS,

CI etc.), while the customer manages access control, user accounts, and permissions.

for • PaaS: Provider manages the platform and infrastructure, while the customer is
responsible for their applications and data.

es • IaaS: Customer has the most control, managing their own networks, operating systems,

ot
and configurations. The provider still handles the physical infrastructure and security of

ll N
the environment.
• Shared Responsibilities: Security is often a shared responsibility between cloud

rn e provider and customer. For example, in SaaS, the provider creates the security kernel,

o
while the customer manages user access.

C Accountability of Data in the Cloud:

• Regardless of the model, the cloud customer is always accountable for their own data
and assets in the cloud environment.

• Cloud service models include SaaS (providing software access), PaaS (providing a platform for
application development), IaaS (providing virtual infrastructure), CaaS (containerized environments),
and FaaS (serverless, event-driven functions).
• Cloud provider and customer responsibilities vary, with shared responsibilities requiring clear
communication and agreement.
• Ultimately, the cloud customer remains accountable for their data and assets in any cloud
environment.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cloud Deployment Models
Public Cloud:
• Public Cloud
• Private Cloud • Accessible by anyone (the public).
• Community CloudHybrid
• Hosted in the cloud service provider’s data center.
Cloud
• Data Protection & Privacy in • Example: Gmail. Users access the service via the internet without
the Cloud managing the infrastructure.
Private Cloud:
• Accessible only by a single customer (private to that customer).
• Can be located on-premises (in the customer’s data center) or off-
t i on
bu
premises (in a cloud provider’s data center but dedicated solely to
i
the customer).
s tr
i
• Example: An organization uses its own private cloud
data. fo rD for sensitive

o t
Community Cloud:
, N
h a
a
• Shared by a group of users or organizations with common needs or
interests.
e tN
• Example: GovCloud jby
a e which is FedRAMP-compliant and used
AWS,

u bh
by US Government agencies.

lS
Hybrid Cloud:
o
y C elements of public, private, or community clouds.
• Combines
B
S P• Often used for storing low-sensitivity data in the public cloud while
CI S keeping high-sensitivity data in the private cloud.

for • Example: A business uses public cloud services for general

es applications but stores sensitive financial information in a private

ot cloud.

ell N
orn
C

• 4

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cloud Deployment Models
Infrastructure Management and Access:
• Public Cloud
• Private Cloud • Public Cloud: Managed by third-party providers, owned by third-
• Community CloudHybrid
party providers, located off-premises, accessible by everyone
(untrusted).
Cloud
• Data Protection & Privacy in • Private/Community Cloud: Managed and owned by either the
the Cloud organization or third-party providers, located on or off-premises,
accessible by trusted users.
• Hybrid Cloud: Managed, owned, and located by both the
organization and third-party providers, accessible by both trusted
and untrusted users.
ti on
i bu
Protection and Privacy of Data in the Cloud:
s r
tthe
i
rD
• A primary concern when moving to the cloud is ensuring
fo
protection of proprietary, personal, and private information.
t be implemented to
o
, N from legacy, on-premises
• Strong access controls and encryption should
secure data, especially during migration
systems to cloud environments. h a
a
•
e t N data locally before transferring it
Best practices involve encrypting
to the cloud.
h aje
Sub
C ol
B y
I SSP
C
for
tes
o
ell N
orn
C

• Cloud deployment models include public, private, community, and hybrid clouds.
• Public clouds are open to everyone, private clouds are exclusive to one user, community clouds are
shared by organizations with common needs, and hybrid clouds combine aspects of the other
models.
• Organizations must ensure strong encryption and access controls to protect data when transitioning
to the cloud.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Sever Computing in the Cloud
• Hypervisor (Virtual Machine
Manager/Monitor)
• Virtual Machine (VM)
• Cloud Compute Resources
(VMs, Containers, FaaS)
• Security in Virtual Machines
• Hypervisor Attack Surface
Hypervisor (Virtual Machine Manager/Monitor):
• A hypervisor allows multiple operating systems to share the
resources of a single physical machine.
• Also known as Virtual Machine Manager (VMM), it enables the
creation, management, and monitoring of virtual machines (VMs).
• Hypervisors can run directly on hardware (bare-metal) or on an
operating system.
• Examples: Oracle VirtualBox, VMware Workstation.
Virtual Machine (VM): ti on
i bu
• A VM behaves like a computer but is emulated using software,
str
i
rD
including virtualized CPU, RAM, and storage.
o
• Virtual machines host operating systems and fapplications.
t in different contexts.
• VMs are known as Instances, Guests, or N o
Hosts
a ,
a
• VMs help segregate specific businesshindividual
functions, reducing the attack

e tN
surface by isolating functions on VMs (e.g., web server,

aByjeisolating functions, each VM can be hardened

database server).

b h
• Security benefits:
S
based on the u sensitivity of the data it processes, making it harder for
o l
attackers to compromise multiple VMs.

B yC
S P
CI S
for
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Sever Computing in the Cloud
Cloud Compute Resources:
• Hypervisor (Virtual Machine
Manager/Monitor) • Cloud customers can access compute resources through:
• Virtual Machine (VM) • Virtual Machines (VMs): Complete virtualized
• Cloud Compute Resources environments that can run different operating systems and
(VMs, Containers, FaaS) applications.
• Security in Virtual Machines • Containers: Lightweight, isolated environments that share
• Hypervisor Attack Surface the same operating system kernel but are faster to deploy
than VMs.
• FaaS (Function as a Service): Serverless computing that
runs functions on-demand without provisioning entire
ti on
virtual machines.
i bu
Security Considerations for Virtual Machines:
str
i
• Isolation: Each VM can be isolated and locked down
fo rD based on its

o t
specific function, reducing the risk of a wide-scale attack.

, N and secured, limiting

• Hardened VMs: Each VM should be hardened
a
h
the blast radius if a VM is compromised.
a
t N Environment:
Best Point of Attack in a Virtualized
e
aje
• Compromising the hypervisor, which manages all VMs, gives
attackers accesshto multiple virtual machines it controls.
u b
S
• Securityl Measures: Hardening the hypervisor is critical to prevent an
Co from gaining control over all VMs.
attacker
y
B Machine Images:
PVirtual
I SS • VMs can be deployed from a baseline image, which is a pre-built VM
r C ready for quick deployment.
fo
es • These images allow quick creation of multiple VMs from a single
ot template.

ell N
orn
C

• A hypervisor allows multiple operating systems to share resources, creating and managing virtual
machines (VMs). VMs are isolated, emulated environments that enhance security by segregating
business functions.
• Compromising the hypervisor could expose all VMs, making it crucial to secure the hypervisor.
• Cloud compute resources include VMs, containers, and FaaS, each offering different levels of
virtualization and efficiency.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Containers, Microservices, FaaS,
Containers:
• Containers
• Microservices vs. Monolithic • Definition: Containers are self-contained applications that share
Applications an operating system’s resources through a containerization engine.
• Function as a Service (FaaS) / • Each container contains the application and its dependencies
Serverless (binaries, libraries) needed to run it.
• Cloud Forensics
• Cloud Forensics Challenges • Multiple containers can exist on the same OS, making them
portable and easy to deploy.
• Example: Docker containers allow applications to run in isolated
environments on different systems.
ti on
Microservices vs. Monolithic Applications:
i bu
s tr
i
r Duser interfaces.
• Monolithic Applications: These are single, large units with

Changes affect the entire application.

t fo
integrated back-end databases, applications, and

Microservices: Smaller, independentN

o
•
a , units of functionality that

a h
communicate via APIs. This architecture allows for better

tN
modularity and faster updates.
•
je e
Advantages: Microservices allow for quick scaling,

ha They introduce complexity due to the

independent updates, and reuse across applications.
b
Su nature of the architecture.
• Disadvantages:
ldistributed

y C• o Example: A single-function microservice might handle user

P B authentication, whereas a monolithic app would handle all

functions together.
S
CIS Function as a Service (FaaS) / Serverless:
for • Definition: Serverless architecture allows microservices to run in
tes the cloud without provisioning or managing servers.
o
ell N • Example: AWS Lambda runs code in response to events and only

rn
charges for the actual compute time used, leading to significant

C o cost savings.
• Benefits: High availability, scalability, cost savings (no charges for
idle services).

• Containers allow applications to run in isolated environments, improving portability and

ease of deployment.
• Microservices are smaller, modular services that mitigate monolithic application issues
but increase architectural complexity.
• Serverless computing, such as FaaS, offers cost savings and scalability by eliminating
the need for server management.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Cloud Forensics Concepts
• Forensic evidence in cloud
• Forensic data by cloud model
• Cloud Forensics challenges
Cloud Forensics
Cloud Forensics:
• Core Concepts: Cloud forensics deals with the complexities of investigating
digital evidence in cloud environments.
• Public cloud environments complicate physical access to storage
due to shared infrastructure and multitenancy.
• Forensic Evidence in the Cloud: Virtual disks and VM images (snapshots) are
typically requested in cloud forensics.
• Snapshots: A snapshot captures the state and data of a VM or virtual
disk at a specific point in time and can be crucial for investigations.
• Forensic best practices include creating two bit-for-bit copies: one
for analysis and one for preservation.

on
Forensic Data by Cloud Model:
• SaaS: Consumer relies entirely on the Cloud Service Provider (CSP) for
ut i
forensic data.
r i b
t evidence
but is responsible for application-level logging and code. is
• PaaS: The consumer must rely on the CSP for infrastructure-related

• IaaS: Consumers can perform forensic investigations o rD

they may require support from the CSP for networkftraffic,
on their own VMs, but
o t memory snapshots,

, N Forensic Science
or disk images.

Challenges):
h a
Cloud Forensics Challenges (NIST Cloud Computing

a
1.
forensic challenges.
e tN
Architecture: Issues like data segregation and multitenancy create unique

Data Collection: a jecollection of forensic data in a cloud environment is

2.
h The

ub evidence from virtual environments can be difficult.

more complex than in traditional settings.

S
ol
3. Analysis: Analyzing
4.
y C
Anti-Forensics:
evidence.
Malicious actors may attempt to delete or hide forensic

B
SP
5. Incident First Responders: Responders must understand cloud-specific

CI S forensics processes.

or
6. Role Management: CSPs and clients must clearly define roles and
responsibilities.

s f
o te 7. Legal: Legal frameworks for cloud forensics are still developing.

N 8. Standards: Forensic standards for cloud environments are still evolving.

ell 9. Training: Specialized training is needed to handle cloud-specific forensic

orn
challenges.

• Cloud forensics presents unique challenges due to shared infrastructure, data

collection, and multitenancy.
• Proper forensic processes and snapshots are crucial in cloud investigations, and the
NIST framework outlines various challenges in this domain.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cloud Computing Roles
• Cloud Computing
RolesCloud Consumer
• Cloud Provider
• Cloud Partner
• Cloud Broker
• Accountability vs.
Responsibility
• Data Controller vs. Data
Processor
Cloud Computing Roles:
• Cloud Consumer/Customer: The individual or organization that
purchases and accesses cloud services.
• Accountability: The cloud consumer is always
accountable for the data stored in the cloud. They cannot
outsource this accountability, only responsibility.
• Cloud Provider: The organization providing cloud services and
resources to customers.

• Service Arbitrage
on
• Cloud Partner: An organization that supports either the provider or
the customer (e.g., cloud auditors, cloud service brokers). ti
ufrom
t
• Cloud Broker: An intermediary that aggregates cloud services r i b
s
multiple providers and offers them to customers as a ipackage.
•
fo r Da cloud broker,
Example: A small business contracts with
o t with multiple cloud
which in turn manages relationships

,N
providers.
Service Arbitrage: h a
a
e t Nbetter
• Cloud brokers can negotiate prices with cloud providers by

a je
leveraging volume discounts for multiple customers.

b h services to consumers at a price lower than

u
• Brokers sell the cloud
S paid,customer
ol broker
what the individual would pay directly, but still higher than

yC
what the earning a margin.

P B
Accountability vs. Responsibility:

I SS • Accountability: Cannot be outsourced. It remains with the owner of

r C the asset (cloud consumer). They have ultimate ownership and
fo liability.
es
ot • Responsibility: Can be delegated to other parties (cloud providers,

ll N
brokers, etc.) and refers to the execution of tasks.

rn e • Example: Cloud consumer is accountable for data

C o security, but a cloud provider may be responsible for

applying security measures defined in an SLA.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cloud Computing Roles
Data Controller vs. Data Processor:
• Cloud Computing
RolesCloud Consumer • Data Controller: The cloud consumer/customer, who owns the data
• Cloud Provider and sets the policies and rules for data protection.
• Cloud Partner • Data Processor: The cloud provider, who processes the data
• Cloud Broker according to the rules set by the controller.
• Accountability vs.
Responsibility • Simplified: Controller = Consumer; Processor = Cloud
• Data Controller vs. Data Service Provider.
Processor Other Cloud Roles:
on
• Service Arbitrage
• Carrier, Architect, Administrator, Developer, Operator, Services
uti
and maintaining cloud environments . tr b
Manager, Reseller: Additional roles involved in designing, operating,
i
D is
t for
No
h a,
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Cloud computing roles include the cloud consumer, provider, partner, and broker. While
responsibility for various tasks can be delegated to different cloud providers or partners,
accountability for data remains with the cloud consumer.
• The relationship between the data controller (consumer) and data processor (provider) is key, and
roles like brokers provide service aggregation and arbitrage opportunities.
• Accountability vs. responsibility must be clearly understood to ensure proper delegation in cloud
services.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cloud Identity Management
• Identity Provider (Third-Party)
• Identity Federation
• Identity as a Service (IDaaS)
• Traditional vs. Cloud-Based
IAM
• Identity Technologies (SPML,
SAML, OAuth)
P B
Third-Party Identity Provider:
• A trusted organization that manages user identities and attributes
for authentication and authorization.
Identity Federation (Federated Identity Management - FIM):
• Involves protocols, standards, practices, and policies supporting
identity portability and trust relationships among unaffiliated
resources and organizations.
• Enables users to access multiple systems across organizations
with a single set of credentials.
ti on
SPML (Services Provisioning Markup Language):
i bu
s r
tacross
i
rD
• An XML-based OASIS standard used to provision users
multiple cloud services.
fo
t for user
• o
Although deprecated, SPML allows automation
,N
provisioning in diverse cloud environments.
a
Traditional IAM Solutions: a h
e t N include Microsoft Active Directory (AD)
aje
• On-premise IAM: Examples
and LDAP-based systems.
h
•
S ub Directory
Active (AD): Manages users, groups, and
l permissions for network resources.
•o LDAP (Lightweight Directory Access Protocol): Used for
y C
directory services authentication and querying.

I SS Cloud-Based IAM Solutions:

r C • Provided by vendors such as Amazon, Google, and others.

fo
es Identity as a Service (IDaaS): Cloud-based IAM solutions that offer
ot
•
centralized management, automation of account and password

ell N management, and require fewer resources to operate.

orn • Benefits: Centralized cloud management, expert-built

C •
systems, reduced on-premise resource requirements.
Challenges: IDaaS may be more expensive but often
results in long-term savings by reducing labor costs.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cloud Identity Management
Federated Identity (FIM):
• Identity Provider (Third-Party)
• Identity Federation • Extends the concept of IDaaS by enabling identity portability across
• Identity as a Service (IDaaS) multiple organizations and services.
• Traditional vs. Cloud-Based • Common standards and protocols include SPML, SAML, OAuth,
IAM and OpenID.
• Identity Technologies (SPML,
SAML, OAuth) Identity Technologies:
• SPML: Automates the process of provisioning users across services
but is considered deprecated.
• SAML (Security Assertion Markup Language): Uses security ti on
i bu
tokens containing assertions about a user’s identity. Facilitates
str
user requests to service providers based on identity provider
authentication.
D i
•
t for
OAuth: An open-standard authorization protocol that allows
No
secure, delegated access using tokens instead of credentials.
a,
Often used alongside OpenID for authentication.
h
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

Cloud identities are managed by third-party identity providers, with identity federation
enabling seamless access across multiple organizations and services. Traditional on-
premise IAM solutions like AD and LDAP have been extended by cloud-based IAM (IDaaS)
solutions, which offer centralized management and automation. Identity technologies
such as SPML, SAML, and OAuth facilitate secure identity management and access control
in cloud environments.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Benefits of Cloud Migration
• Risks of Cloud Migration
• CapEx vs. OpEx
• Vendor Lock-In
• Cloud Security Best Practices
• Centralization and Backup: Cloud migration o t facilitates centralized
•
Migrating to Cloud
Benefits of Cloud Migration:
• Cost Shifting: Cloud migration shifts costs from a Capital
Expenditure (CapEx) model, where an organization owns its
networking and computing equipment, to an Operational
Expenditure (OpEx) model, where the cloud provider bears the
infrastructure costs, and the organization pays as needed.
• Example: Instead of buying and maintaining servers, an
organization rents cloud resources, paying for what they
use.
• Flexibility and Accessibility: Applications, services, and data
ti on
become accessible from anywhere, using virtually any internet-
i bu
connected device.
s t r
• i
This enables better collaboration between employees,
vendors, and customers.
fo rD
, N
data storage and easier backup solutions, which improves data
safety and recovery options.
a ha
e t N providers
Reliability and Support: Cloud often offer high-quality

aje
support and reliable infrastructure, allowing organizations to focus
h
on core business activities.

S ub
Risks of Cloud Migration:
• C olLock-In: One of the biggest risks is the possibility of being
Vendor
B y"locked in" to a specific cloud provider, making it difficult to switch
S P to another provider later.

CIS
• Mitigation: Some larger organizations mitigate this by using

or
multiple cloud providers for different segments of their

s f business.

o te • Loss of Control: When migrating to the cloud, organizations

ell N typically lose control over the infrastructure, relying on the cloud
provider to manage it.
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Migrating to Cloud
CapEx vs. OpEx:
• Benefits of Cloud Migration
• Risks of Cloud Migration • CapEx (Capital Expenditure): Upfront costs for purchasing hardware
• CapEx vs. OpEx and software, maintaining them, and planning for replacements.
• Vendor Lock-In • OpEx (Operational Expenditure): Ongoing costs for services
• Cloud Security Best Practices provided by the cloud, paid based on actual usage, reducing the need
for large upfront investments.
Vendor Lock-In:
• Occurs when an organization is unable to easily move its data and
applications from one cloud provider to another.
ti on
• Due Diligence: Organizations must carefully evaluate their b
i u
needs
s tr
and the cloud provider’s offerings to avoid being locked into one
i
rD
provider.
Cloud Security Best Practices:
t fo
o
N must work closely with
, controls
• Collaboration with Provider: Organizations
a
ah
cloud providers to implement security and follow best

t Nproviders offer strong security

practices.
• Robust Security: Most e
je to ensure they are correctly configured
cloud
measures, but it’s a
h essential
ub organizational requirements.
and aligned with
S
C ol
By
I SSP
r C
fo
es
ot
ell N
orn
C

• Cloud migration offers benefits like cost shifting from CapEx to OpEx, improved flexibility, and better
collaboration.
• However, risks such as vendor lock-in and loss of control over infrastructure need careful
consideration.
• Security remains a key focus, and organizations must collaborate with cloud providers to ensure
robust protection of their data and assets.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Edge Computing
• Benefits of Edge Computing
• Key Concepts: Ingress,
Egress, Peering
Edge Computing
• Edge Computing:
A distributed computing approach where data processing occurs closer
to the data source, such as on local devices or edge servers, rather than
in a central data center.
• Benefits:
• Reduced Latency: Processing data locally reduces the
time it takes to generate insights or respond to inputs.
• Faster Response Times: Edge computing allows quicker
responses by reducing data transmission delays to distant
servers.

on
• Increased Bandwidth Availability: By offloading some
ti
data processing to the edge, less bandwidth is used for
u
sending data to central locations.
tr i b
•
D is
Cost Savings: Reduces IT and cloud service costs by
minimizing the amount of data sent to the cloud for
processing, storage, and transport.
t for
No
Key Concepts:
• Ingress Traffic:
•
h a,
Traffic entering a network.
•
Na
In edge computing, ingress traffic is generated by users

jeet
accessing services hosted at the edge.

ha
• Example: A user accessing a local application on an edge
server creates ingress traffic.
b
•
l Su
Egress Traffic:

Co
• Traffic exiting a network.

By • In edge computing, egress traffic typically refers to data

sent from edge services back to users or to other networks.

I SSP • Example: Data processed by an edge server being sent

back to the user creates egress traffic.
r C • Peering:
fo
es • The interconnection of separate networks for exchanging

ot
traffic.

ll N
• Peering agreements between ISPs allow them to exchange

rn e •
data directly, bypassing the internet.
Example: Two ISPs exchanging traffic without routing it
C o through the public internet for faster data transfer.

• Edge computing processes data closer to its source, leading to reduced latency, faster response
times, and more efficient bandwidth use.
• Key concepts such as ingress, egress, and peering play important roles in the flow of data within and
between networks.
• By minimizing reliance on centralized cloud services, edge computing helps reduce costs and
improve performance.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Secure Access Service Edge (SASE)
Definition of SASE:
• Definition of SASE
• Key Components of SASE • Secure Access Service Edge (SASE): A cloud-based service that
• Driving Trends Behind SASE combines network security and wide area networking (WAN) into one
suite of technologies.
• SASE is designed to bring data and services closer to end users while
maintaining strong security controls.
• Example: Instead of routing traffic through central data centers,
SASE uses cloud services to secure connections closer to the user’s
location.
t i on
Key Components of SASE:
i bu
• Network Security + WAN: SASE merges these two traditionally
s tr
separate functions into a unified cloud service.
D i
f o rweb
t firewalls,gateways
• Security Features: It includes features like secure
o
N
(SWG), cloud access security brokers (CASB), and zero-
trust network access (ZTNA).
h a,
N
• Efficiency: By combining security a networking in a cloud
and
e
environment, SASE improves t efficiency and speed of data access
the
je
and application delivery.
a
h
ub SASE:
Driving Trends Behind
S
C ol to theAscloud,
• Cloud Services: organizations move their infrastructure and

B y
applications SASE helps secure these environments.

S P• Edge Computing: SASE leverages edge computing to process and

CI S secure data closer to the user, reducing latency.

for • Remote Work: The rise of remote work has created a need for more

tes secure, flexible access solutions, which SASE provides by securing

o connections from any location.

ell N
orn
C

• SASE integrates network security and wide area networking into a cloud-based solution that provides
fast, secure access to data and services.
• It is driven by trends like cloud migration, edge computing, and the growth of remote work, offering
an efficient and secure way to handle modern networking challenges.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Cross-Site Scripting
(XSS)Stored/Persistent XSS
• Reflected XSS
• DOM-based XSS
• Cross-Site Request Forgery
(CSRF)
• Differences Between XSS and
CSRF
• XSS and CSRF Prevention
XSS and CSRF
Cross-Site Scripting (XSS):
•Definition: XSS attacks involve injecting malicious scripts into trusted
websites. When a visitor’s browser downloads and executes the script,
sensitive data can be stolen or malicious actions can occur.
Types of XSS:
1. Stored/Persistent XSS:
• Malicious code is stored on the server (e.g., in a comment
field), affecting all users who visit the webpage.
• Example: A user inserts malicious JavaScript into a
ti on
i bu
comment field. Every visitor who loads the page executes
the script in their browser.
str
2. Reflected XSS:
D i
•
t for
Malicious code is embedded in a URL and reflected back to

No
the victim’s browser when they click the link (commonly

a,
used in phishing attacks).
h
Example: An attacker sends a malicious link to a user, and
Na
•
when clicked, the code is reflected and executed in the

je et
user’s browser.
3. DOM-based XSS:
b ha
• u code is injected into the Document Object Model
SMalicious
l
C•o Can be either stored or reflected, but it is much rarer.
(DOM) of the browser.

B y
I SSP
r C
fo
es
ot
ell N
orn
C

• 4

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 XSS and
1 CSRF
Cross-Site Request Forgery (CSRF):
• Cross-Site Scripting
• Definition: CSRF tricks a victim into submitting a malicious
(XSS)Stored/Persistent XSS request to a trusted web server. The attack exploits the trust that
• Reflected XSS a server has in the user’s browser, typically using persistent
• DOM-based XSS cookies.
• Cross-Site Request Forgery • Attack Vector: CSRF relies on the victim’s authenticated
(CSRF) session, such as a cookie, to execute actions on the server (e.g.,
• Differences Between XSS and a funds transfer).
CSRF XSS vs. CSRF:
• XSS and CSRF Prevention
• XSS Target: The user’s browser is targeted, and malicious
scripts are executed on the client-side.
ti on
CSRF Target: The web server is targeted, and the server u
•
ib
executes unauthorized actions via the trusted user’s rsession.
t
XSS vs. CSRF Comparison (Table 3-30): Di s
r
fo browser.
•
t
XSS: Performs unwanted actions on the user's
• CSRF: Performs unwanted actionsN onothe trusted website
(server).
h a,
•
t Na
XSS: User’s browser runs malicious JavaScript code.
•
je e commands from a trusted user’s
CSRF: Server executes
browser. a
Prevention ofu bhAttacks:
XSS
• o l S Input Validation: Validates and sanitizes user
Server-Side
y C on the server to prevent the injection of malicious scripts.
inputs
• B Web Application Firewall (WAF): Monitors and filters HTTP
I SSP requests to block potential XSS attacks.
r C Prevention of CSRF Attacks:

s fo • Anti-CSRF Tokens: Include a secret token in forms or requests

ote that is verified by the server, preventing forged requests.

ell N • Frequent Cookie Expiration: Reduces the time window in which

an attacker can exploit a persistent session.
orn
C

• XSS attacks target the user’s browser by injecting malicious scripts, while CSRF attacks exploit the
trust between the web server and the user’s browser to execute unauthorized actions.
• Preventing XSS requires server-side input validation, while CSRF attacks can be mitigated with anti-
CSRF tokens and short-lived session cookies.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Structured Query Language
(SQL)
• SQL Injection Attack
• Prevention of SQL Injection
• SQL Commands
SQL Injection
Structured Query Language (SQL):
• SQL is the language used for communicating with databases,
allowing for querying, updating, and managing data stored in a
database.
SQL Injection Attack:
• Definition: SQL Injection is an attack method where malicious SQL
code is inserted into input fields to manipulate the database.
• Example: In a login form, instead of entering a username, the
i on
attacker enters SQL code like ' OR 1=1 --, which always returns true,
t
bypassing authentication.
i bu
s r
t or corrupt
i
• Impact: This allows the attacker to access, modify, delete,
database records.
fo rD
Steps in a SQL Injection Attack:
o t
, N
1. Attacker identifies a vulnerable website.
a
• The website must have ahvulnerability that allows SQL
injection attacks. Na

je et SQL code.
ha submits SQL code in an input field (e.g., login
2. Attacker injects malicious
• The battacker
u that the web server passes directly to the database
Sfield)
o l without validation.
3.By
C
Malicious code is executed.

I SSP • The database executes the SQL code, which can result in
unauthorized access, data theft, or manipulation.
r C
fo
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Structured Query Language
(SQL)
• SQL Injection Attack
• Prevention of SQL Injection
• SQL Commands
SQL Injection
Prevention of SQL Injection Attacks:
• Input Validation: User input should be validated and sanitized to
ensure it conforms to expected formats (e.g., no SQL code or special
characters like = or -- in a username field).
• Prepared Statements/Parameterized Queries: Use SQL templates
where user inputs are passed as variables, preventing manipulation
of the query.
• Example: A SQL query is prepared with placeholders, and
user inputs are inserted later, reducing the risk of injection.
•Stored Procedures: SQL code is pre-defined and stored in the ti on
i bu
database, ensuring that user input cannot change the logic of the query.
str
Common SQL Commands:
D i
• CREATE: Create new tables or databases.
t for
• SELECT: Query data from tables. No
•
h a,
Example: SELECT * FROM users; retrieves all records from
the users table.
Na
jeet
• INSERT: Add new records to a table.
•
bha
Example: INSERT INTO users (userID, password) VALUES

l Su
('rob', 'Pass123'); adds a new user with the specified

Co
credentials.

By • DROP: Delete tables or databases.

S P • Example: DROP accountsReceivable; deletes the

I S accountsReceivable table.
C SQL Code Examples :
for
es
ot
• SELECT * FROM users; Retrieves all data from the users table.

ell N • INSERT INTO users (userID, password) VALUES ('rob', 'Pass123');

rn
Adds a new user with the username "rob" and password "Pass123."

C o • DROP accountsReceivable; Deletes the table named

"accountsReceivable."

• SQL Injection is a common attack where malicious SQL code is injected into input fields, allowing
attackers to manipulate a database.
• Preventing SQL injection involves input validation, using prepared statements, and employing stored
procedures.
• Recognizing SQL commands and understanding how they work helps in securing databases from
such attacks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


Importance of Input
ValidationServer-Side Input
ValidationWhitelist vs. Blacklist
ValidationClient-Side Input
Validation RisksLack of Input
Validation RisksHardening
Systems
Input Validation
Importance of Input Validation:
• Input validation is critical for preventing web application vulnerabilities, such
as XSS and SQL injection.
• Vulnerabilities: Without proper input validation, malicious input can be
executed by the server, leading to compromised systems and data breaches.
Server-Side Input Validation:
• Definition: Validating input data on the server side ensures that only
acceptable input reaches the database or backend system.
• Prevention: Prevents execution of malicious code, such as SQL commands or
JavaScript in XSS attacks.
• Example: Ensuring that an email input field only accepts a valid email format
(e.g.,

[email protected]).
Whitelist vs. Blacklist Validation:
ti on
•
i bu
Whitelist Validation (Allow List): Only allows predefined, acceptable input

str
that meets specific criteria (e.g., length, characters, data type).

•
•
D i
Example: Only allowing numeric values in a "Phone Number" field.
Blacklist Validation (Deny List): Blocks specific malicious characters or

for
inputs considered signs of an attack (e.g., = or -- in a "First Name" field).
•
t
Example: Discarding any input with characters like = or - in fields
where they are not expected.
No
a,
Client-Side Input Validation Risks:
•
h
Client-Side Validation: Validating data on the client side (e.g., using

Na
JavaScript) can be bypassed by attackers, making it less secure.
•
jeet
Risk: Client-side validation can be easily disabled or manipulated, allowing
malicious input to reach the server.

ha
Lack of Input Validation Risks:
b
Su
• Without input validation, numerous attacks like XSS and SQL injection can

l
succeed, compromising the application and its underlying systems.

Co
• Impact: The lack of validation increases the attack surface, allowing attackers

By to inject malicious code into the system.

Hardening Systems:

I SSP • Goal: Hardening reduces the potential attack surface and minimizes security
risks.

r C • Methods: Following best practices, product guides, and industry standards to

fo secure systems and environments.

es • Example: Disabling unnecessary services, implementing strong

ot
authentication mechanisms, and applying patches regularly.

ll N
• Documentation: Organizations should document their hardening processes

rn e and update them regularly for both new and existing systems to ensure
compliance and security.

C o

• Input validation, particularly server-side, is crucial for securing web applications and preventing
vulnerabilities such as XSS and SQL injection.
• Whitelist validation allows only acceptable input, while blacklist validation blocks malicious
characters.
• Client-side validation should not be relied upon due to its susceptibility to bypass.
• Hardening systems further reduces the attack surface by applying best practices and security
configurations.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Introduction to Cryptography
• Definition and Origin of
Cryptography
• Evolution of Cryptography
• Key Management
• Cryptography Services
• Everyday Uses of
Cryptography
Definition and Origin of Cryptography:
• The word "cryptography" comes from the Greek words crypto (secret)
and graphia (writing), meaning "secret writing."
• Cryptography has been used for thousands of years, with early
examples such as Egyptian hieroglyphs and the Caesar Cipher used
by Julius Caesar.
• The Enigma machine from the 1930s is a well-known encryption tool,
demonstrating the importance of strong key management.
Evolution of Cryptography:
ti on
• Manual Era: Cryptography involved simple techniques like bu
st ri
rearranging letters to create ciphers (e.g., the Caesar Cipher).

r Di through
• Mechanical Era: Cryptography became more efficient
mechanical devices like the Spartan Scytale,fwhich
t o involved
wrapping a message around a rod.
N o
a, as the Enigma machine were
hsecure
• Electromechanical Era: Devices such
developed during World War IIa
t N for communication.

j
• Electronic Era: Moderne ecryptography uses software-based systems

b ha
(cryptosystems) with algorithms like DES, AES, and RSA.

l Sucryptographic
• Quantum Era: Though still experimental, quantum cryptography may

C o and securely distributing

revolutionize methods by breaking traditional

B y
algorithms keys.

S P
CI S
for
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Introduction to Cryptography
Key Management:
• Definition and Origin of
Cryptography • The most important aspect of cryptography is key management.
• Evolution of Cryptography
• Without proper key management, even the strongest encryption
• Key Management systems can fail.
• Cryptography Services
• Everyday Uses of Cryptography Services (Table 3-33):
Cryptography
1. Confidentiality: Ensures that only authorized individuals can view
sensitive information.

with. ti on
2. Integrity: Verifies that information has not been altered or tampered

i bu
tr
3. Authenticity: Confirms the identity of the sender, ensuring
s
the
message came from a legitimate source.
D i
4. Nonrepudiation: Prevents denial of actions: for
o t cannot deny sending
,N
• Nonrepudiation of Origin: The sender
the message.
a
h The receiver cannot deny
• a
Nonrepudiation of Delivery:
tN
receiving the message.
e
e who can access encrypted data by
ajthe
5. Access Control: Controls
b h
managing who holds decryption keys.
u
ol Sof Cryptography:
Everyday Uses

y C purchases: Cryptography secures credit card details and

B
• Online
P personal information.
S
CIS • Software updates: Cryptography ensures the integrity of security
for updates from companies like Google, Apple, and Microsoft.

tes • Digital Rights Management (DRM): Cryptography is used to protect

o movies, music, and video games from piracy.

ell N • Criminal activity: Criminals use encryption to hide communications.

orn
C • Other uses include cryptocurrencies, electronic voting, digitally
signed documents, and secure data destruction in the cloud.

• Cryptography, meaning "secret writing," has evolved from simple manual techniques to complex
electronic and quantum-based systems.
• Key management is critical to maintaining security.
• Cryptography provides five services: confidentiality, integrity, authenticity, nonrepudiation, and
access control.
• It is widely used in everyday activities such as online transactions, digital rights management, and
secure communications.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cryptographic Terminology
• Cryptography Overview
• Key Terminology: Plaintext,
Encryption, Decryption, Key
Clustering
• Key Concepts: Work Factor,
Initialization Vector
(IV)/Nonce
• Confusion, Diffusion, and
Avalanche Effect
Cryptography Overview:
• Cryptography is the study and practice of securing communications
to prevent unauthorized access or manipulation of information.
• Process: Plaintext is transformed into ciphertext using a
cryptographic algorithm and a key, and the ciphertext is
transformed back into plaintext by the recipient using the same
algorithm and key.
Key Terminology (Table 3-34):
• Plaintext (Cleartext): Data that is readable by anyone, without
ti on
encryption.
i bu
s r
t using
• Encryption: The process of converting plaintext into ciphertext
i
r Dencrypted and
a cryptographic algorithm and a key.
• Example: "CISSP is awesome" becomes
t fo
unreadable.
N o
• Decryption: The reverse process of ,turning ciphertext back into
a
h algorithm.
a
plaintext using the correct key and
• Key/Crypto Variable: Aekey t Ndetermines how the algorithm transforms
aje The same key is required for decryption.
plaintext into ciphertext.
h
•
S ub Without the correct key, the ciphertext cannot be
Example:

ol
decrypted.
• KeyC
y Clustering: When two different keys produce the same
Bciphertext for the same plaintext. This reduces security as it

I SSP effectively halves the key space, making attacks easier.

C • Risk: Key clustering increases vulnerability to brute-force

for attacks.

tes
o
ell N
orn
C

• 4

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cryptographic Terminology
• Cryptography Overview
• Key Terminology: Plaintext,
Encryption, Decryption, Key
Clustering
• Key Concepts: Work Factor,
Initialization Vector
(IV)/Nonce
• Confusion, Diffusion, and
Avalanche Effect
Key Concepts:
• Work Factor: The estimated time or effort required for an attacker to
break a cryptosystem. The higher the work factor, the more secure the
cryptosystem.
• Initialization Vector (IV)/Nonce:
• A random number used in conjunction with the key during
encryption to prevent patterns in the ciphertext.
• Importance: Prevents attackers from recognizing patterns
even if the same plaintext and key are used multiple times.
• Weakness: If the IV is too short, the encryption can beti on
i bu
compromised, as seen with WEP protocol vulnerabilities.
str
Confusion, Diffusion, and Avalanche Effect:
D i
for
• Confusion: Ensures that the relationship between the key and the
t
No
ciphertext is hidden. Changing one bit of the key should change

a,
approximately half of the ciphertext.
h
Example: A minor change in the key should drastically
Na
•
change the ciphertext to avoid predictability.

jeet
• Diffusion: Hides the relationship between the plaintext and
ha
ciphertext. Changing one bit of the plaintext should alter half of the
b
Su
ciphertext.
l
Co
• Example: A small change in plaintext should result in

B y significant changes in the ciphertext, making patterns hard

to detect.

I SSP• Avalanche Effect: Measures the effectiveness of confusion and

r C diffusion. A small change in either the key or plaintext should cause a

s fo significant change (at least 50%) in the ciphertext.

ote
• Ideal Case: A secure cryptographic algorithm should

ll N
display strong avalanche effects to ensure robustness.

rn e
C o

• Cryptographic systems transform plaintext into ciphertext using keys and algorithms.
• Key cryptographic properties include confusion (hiding key-ciphertext relationships), diffusion (hiding
plaintext-ciphertext relationships), and the avalanche effect (ensuring significant changes in
ciphertext from small changes in input).
• The effectiveness of a cryptosystem is also determined by factors like key management, IV usage,
and the work factor needed to break the system.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Key Space
• Importance of Key Length
• Examples of Key Space in
Cryptographic Algorithms
• Work Factor and Key Strength
Key Space
Key Space:
• Definition: Key space refers to the total number of unique keys
available based on the length of the cryptographic key.
• Example: A 2-bit key has 4 possible keys (2^2 = 4).
• Larger Key Space = Stronger Encryption: The more unique keys in
the key space, the harder it is to break the encryption using brute-
force attacks.
Importance of Key Length:

ti on
• Key Strength: The strength of encryption is directly related to the
length of the key.
i bu
•
str
Example: A 56-bit key (as used in DES) offers 2^56 unique
D i
keys (72 quadrillion keys), but modern computers can
for
brute-force this key length in a matter of hours or days.
t
N o
Examples of Key Space in Cryptographic Algorithms:

h
• Data Encryption Standard (DES): Usesa, a 56-bit key, which equates
N a keys). Despite the large number of
to 2^56 unique keys (72 quadrillion

brute-force attacks. jee

t secure due to its vulnerability to
keys, DES is no longer considered

b ha Standard (AES): Uses 128-bit or 256-bit keys,

u larger key spaces (2^128 and 2^256), making
• Advanced Encryption
S
l
offering significantly
Co attacks infeasible even with modern technology.
brute-force
y
• B
RSA Encryption: Common RSA key lengths are moving towards 2048
S P bits and above, providing an even larger key space to secure
CIS
communications as computational power increases.

for Work Factor and Key Strength:

tes
o • Work Factor: The amount of time and computational effort required

ll N
to break a key using brute-force methods.

rn e • Example: Increasing the key length from 56 bits (DES) to

C o 128 or 256 bits (AES) exponentially increases the work

factor, making encryption significantly more secure.

• Key space refers to the number of unique keys possible based on the length of the cryptographic key.
• Larger key spaces result in stronger encryption, as they are more resistant to brute-force attacks.
• Modern encryption standards like AES and RSA use longer keys (128-bit, 256-bit, and 2048-bit) to
increase security by significantly increasing the work factor needed to break the encryption.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Substitution and Transposition
• Substitution vs. Transposition
• Weaknesses of Simple
Ciphers
• Rail Fence (Zigzag) and
Columnar Transposition
• Synchronous vs.
Asynchronous Encryption
• Frequency Analysis in
Monoalphabetic Ciphers
• Polyalphabetic Ciphers
• Running Key Ciphers
• One-Time Pads
• Simple substitution and transposition do not hide patternstreffectively,
Rail Fence (Zigzag) and Columnar Transposition:
Substitution vs. Transposition
• Substitution: Each character in the plaintext is replaced with another
character based on a key.
• Example: GUBBINS becomes JXEELQV, where G is
substituted with J, B with E, and so on.
• Transposition: The order of characters is rearranged, but the
characters themselves remain unchanged.
• Example: GUBBINS becomes BINBUGS by rearranging the
characters.
on
ti
ibu
Weaknesses of Simple Ciphers:
s
making it easier for attackers to decipher the message iusing
D
frequency analysis.
fo r
• Example: In GUBBINS, the lettero t
B appears twice, and the
N
a,
pattern remains visible in the ciphertext.
h
Naare written in a zigzag pattern across

e t
• Rail Fence Cipher: Characters
je
haWriting "HELLO WORLD" across two rows in a
multiple rows and then read row by row to create ciphertext.
b
Su pattern.
• Example:
l zigzag

y Co
• Columnar/Diagonal Transposition: Characters are rearranged into
B
columns or diagonals, providing different transpositions based on the
P key.
S
CIS Synchronous vs. Asynchronous Encryption (Table 3-36):
for
tes • Synchronous Encryption: Bits are encrypted/decrypted in real-time
o using a timing mechanism (e.g., clock).

ell N • Asynchronous Encryption: Bits are processed in batches (queued),

orn with encryption/decryption performed based on user input or other

C triggers.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Substitution and Transposition
• Substitution vs. Transposition
• Weaknesses of Simple
Ciphers
• Rail Fence (Zigzag) and
Columnar Transposition
• Synchronous vs.
Asynchronous Encryption
• Frequency Analysis in
Monoalphabetic Ciphers
Frequency Analysis in Monoalphabetic Ciphers:
• Monoalphabetic ciphers have predictable patterns that can be
easily analyzed.
• Frequency Analysis: Cryptanalysts examine letter
frequency (e.g., the most common letter E) and common
word patterns (e.g., "the" or "that") to break the cipher.
Polyalphabetic Ciphers:
• Polyalphabetic ciphers use multiple alphabets to reduce patterns

on
• Polyalphabetic Ciphers and make frequency analysis more difficult.
• Running Key Ciphers • Example: The key 4312 transforms GUBBINS into
uti
• One-Time Pads
r i b
CRAZEKR, where B is encrypted as A and Z due to different
t
key shifts.
D is
Running Key Ciphers:
t for
N
• Running Key Cipher: The message is encryptedo using text from a
a,
book known to both the sender and receiver.
Example: Using a bookh
•
a numeric values of the message
Nthe
as the key, a message can be
t
encrypted by adding
e
je
letters to the corresponding letters from the book text.
a key ciphers create a large key space,
• Benefit:
b htheRunning
u cipher more secure as long as the key is not
making
S
l reused.
oPads:
y C
One-Time
B
P• One-Time Pad: A cipher in which the key is never reused and is the
S
CIS unique key.
same length as the message. Each message is encrypted with a

for
tes • Example: After every message is encrypted, the key is
changed and discarded, making one-time pads the only
o
ll N
unbreakable cipher when used correctly.

rn e
C o

• Encryption methods use substitution and transposition to obscure plaintext, but simple ciphers can
be vulnerable due to patterns.
• More advanced techniques like polyalphabetic ciphers, running key ciphers, and one-time pads
eliminate patterns and provide stronger encryption.
• Synchronous and asynchronous encryption manage how bits are processed, while frequency
analysis helps break weak ciphers.
• One-time pads, when implemented properly, are the only unbreakable cipher.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Stream Ciphers, Block Ciphers, and Steganography
Stream Ciphers:
• Stream Ciphers Overview
• Block Ciphers Overview • Definition: Stream ciphers encrypt data one bit at a time, often using
• Symmetric Block Modes an XOR operation with a keystream generated from a crypto variable.
• Steganography and Null • Example: XOR operation rules:
Ciphers • 0+ 0=0
• 0+ 1=1
• 1+ 0=1
• 1+ 1=0

ti
• Advantages: Stream ciphers are faster because they operate on a bit- on
by-bit basis, making them ideal for network encryption.
i bu
str
• Common Example: RC4 is the most widely used stream
i cipher.
Block Ciphers:
f o rD
o t blocks (e.g., 128-
Nis transformed into
• Definition: Block ciphers encrypt data in fixed-size
,
a
bit blocks in AES). Each block of plaintext
h
ciphertext.
a
• Example: GUBBINS
e tN encrypted with a block cipher

aje
becomes JXEELQV.
• Comparison withhStream Ciphers:
S ub Ciphers: Faster, suitable for real-time encryption
ollike networks.
• Stream
C
y • Block Ciphers: More secure due to high diffusion but
P B slightly slower since they operate on larger chunks of data.
S
CIS
for
tes
o
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Stream Ciphers, Block Ciphers, and Steganography

• Stream Ciphers Overview

• Block Ciphers Overview Symmetric Block Modes
• Symmetric Block Modes
1. Electronic Codebook (ECB):
• Steganography and Null
Ciphers • Characteristics: Fastest, but least secure since it does not
use an initialization vector (IV). Best for short random texts,
e.g., PIN codes.
2. Cipher Block Chaining (CBC):
• Characteristics: Uses an IV to chain blocks, providing
better security. Suitable for email encryption.
ti on
3. Cipher Feedback (CFB):
i bu
s t r
i
• Characteristics: Uses an IV, good for email encryption.
4. Output Feedback (OFB):
fo rD
• o t use cases as CBC and
Characteristics: Uses an IV, similar
CFB.
a,N
5. Counter (CTR): a h
N a counter instead of an IV, provides
Characteristics:t Uses
•
e
both speedjand e
h a
to its balance.
security. Most commonly used mode due

u b
l S and Null Ciphers (Table 3-39):
Steganography
o
y C• Definition: Hiding information within another file (e.g.,
• Steganography:
B
I SSP hiding a message inside an image or sound file).
C
or
• Example: Slack space on a hard drive could be used to hide

s f a message.

o te • Null Cipher:

ell N • Definition: Hides plaintext within nonciphertext. A

rn
message could be concealed by embedding it in a large text

C o or by using a specific pattern.

• Example: The first letter of each word in a sentence could
spell out a secret message.

• Stream ciphers encrypt data one bit at a time and are faster for network applications, while block
ciphers operate on chunks of data and provide higher security.
• Symmetric block cipher modes like ECB, CBC, and CTR balance speed and security for different
applications.
• Steganography and null ciphers involve hiding messages in non-cryptographic formats like images or
text, adding an extra layer of concealment.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Symmetric Cryptography
Symmetric Key Cryptography Overview:
• Symmetric Key Cryptography
Overview • Symmetric key cryptography uses the same key for both encryption
• Key Distribution and and decryption.
Scalability Issues • Strength: It is extremely fast and efficient, making it ideal for
• Advantages and encrypting large amounts of data, especially in networks.
Disadvantages of Symmetric
Cryptography • Weaknesses: Key distribution and scalability pose major challenges.
• Symmetric Algorithms
Key Distribution and Scalability Issues:
(Weakest to Strongest)

on
• Key Length and Security • Key Distribution: Securely sharing the symmetric key between
t
parties can be difficult, especially over long distances. Out-of-band
u i
i
methods (e.g., phone calls, in-person meetings) can be used to
tr b
exchange keys, but this can be impractical.
is
o rD
• Scalability: The number of keys required grows exponentially
f
as the
number of participants increases.
o tkeys, where n is the
,N
• Formula: n * (n - 1) / 2 = number of
number of participants.
a
h 499,500 keys would be
a
required, makingtitN
• Example: For 1000 people,
e difficult to manage.
je of Symmetric Cryptography (Table 3-
h a
Advantages and Disadvantages
40):
S ub
ol
• Advantages:
C
B y • Fast and efficient for large data volumes.
S P • Provides strong encryption.
CIS • Disadvantages:
for • Key distribution is challenging.

tes • Scalability is limited.

o
ll N
• Does not provide authenticity, integrity, or nonrepudiation

rn e (i.e., it only ensures confidentiality).

C o

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Symmetric Cryptography
Symmetric Algorithms (Ranked from Weakest to Strongest,)
• Symmetric Key Cryptography
Overview • Weak Algorithms:
• Key Distribution and • RC2-40: 40-bit key length, 64-bit block size.
Scalability Issues • DES: 56-bit key length, 64-bit block size, vulnerable to
• Advantages and brute-force attacks.
Disadvantages of Symmetric
Cryptography • RC5-64/16/7: 56-bit key length, 128-bit block size.
• Symmetric Algorithms • Medium Strength Algorithms:
(Weakest to Strongest)
• RC5-64/16/10: 80-bit key length, 128-bit block size.
on
• Key Length and Security
• Skipjack: 80-bit key length, 64-bit block size.
u ti
• Strong Algorithms:
r i b
t for early
is
rD
• IDEA: 128-bit key length, 64-bit block size, known
use in PGP encryption.
fo
t 64-bit block size.
•
o
3DES: 168-bit key length (112 effective),
•
a , N block size.
Blowfish: 128-bit key length, 64-bit
• Very Strong Algorithms: a h
•
e
Twofish, RC6, andtN Rijndael (AES): All support key lengths

highest h ajeof security.

up to 256 bits
level
with a block size of 128 bits, providing the

•
S ub (AES): The most widely used symmetric algorithm,
Rijndael

C olsupporting 128, 192, and 256-bit key lengths.

B y and Security:
Key Length

I SSP• Longer Key Lengths = Stronger Encryption: Longer key lengths

C create a larger key space, making it more difficult for attackers to

for perform brute-force attacks.

tes • Example: AES with a 256-bit key is highly secure and

o resistant to modern brute-force attacks.

ell N
orn
C

• Symmetric cryptography is fast and efficient, making it ideal for large-scale encryption.
However, it faces challenges with key distribution and scalability.
• The strength of symmetric algorithms increases with key length, with DES being one of
the weakest and AES being among the strongest.
• Symmetric cryptography does not provide integrity, authenticity, or nonrepudiation, but
it offers strong confidentiality.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Overview of DES, 2-DES, and
3-DES
• Key Structure and Encryption
Process
• Meet-in-the-Middle Attack
• Effective Key Length of 3-DES
• Transition from DES to AES
DES/3-DES
Overview of DES, 2-DES, and 3-DES:
• DES (Data Encryption Standard): Uses a 56-bit key, 16 rounds of
substitution and transposition, and a 64-bit block size.
• DES was widely regarded as one of the best cryptographic
algorithms due to its multiple rounds of confusion and
diffusion.
• 2-DES (Double DES): Extends DES by using two 56-bit keys,
theoretically offering 112-bit security, but vulnerable to meet-in-the-
middle attacks.
• 3-DES (Triple DES): Uses three iterations of the DES algorithm, ti on
i bu
providing stronger encryption by using either two or three 56-bit keys.
str
• 3-DES Characteristics:
D i
for
• 56-bit key length.
t
No
• 16 rounds of substitution and transposition.

a,
• 64-bit block size.
h
• Effective key length of 112 bits due to meet-in-the-
middle attack.
Na
je et
Key Structure and Encryption Process:

b ha
Su is processed through 16 rounds of substitution
• DES Encryption Process:
• l Plaintext

y Co and transposition.
P B • Example: Plaintext (e.g., "CISSP") is encrypted to ciphertext
S through this process.

r CIS • 3-DES Encryption Process:

s fo • Performs three iterations of DES, encrypting with key1,

ote
decrypting with key2, and encrypting with key3.

ll N
• If two keys are used, the same key is applied twice.

rn e
C o

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 DES/3-DES
Meet-in-the-Middle Attack:
• Overview of DES, 2-DES, and
3-DES • Definition: This attack reduces the effective key strength of both 2-
• Key Structure and Encryption DES and 3-DES.
Process • Attackers compute possible combinations of both ends of
• Meet-in-the-Middle Attack the key space (from the plaintext and from the ciphertext)
• Effective Key Length of 3-DES and "meet in the middle."
• Transition from DES to AES • Effect on Key Length:
• For 2-DES, the 112-bit key space is effectively
reduced to 56 bits.
• For 3-DES, the 168-bit key space is reduced to 112
ti on
bits.
i bu
str
Effective Key Length of 3-DES:
D i
for
• Why 112 bits? Even though 3-DES uses three keys (168-bit key
t
No
length), the meet-in-the-middle attack reduces its effective security
to 112 bits.
•
h a,
The attack can break the encryption faster than brute-
Na
forcing the entire 168-bit key space.

je et
Transition from DES to AES:

b
• Current Standard:haNIST no longer recommends 3-DES for secure
S u to the reduced effective key length.
encryption due
l
y C• o AES-256 (Advanced Encryption Standard) has replaced
DES and 3-DES as the preferred symmetric encryption
P B standard.

I SS • AES-256 offers much stronger security with a 256-bit key

r C length, which is far more resistant to modern attacks.

s fo
ote
ell N
orn
C

• DES, 2-DES, and 3-DES were significant advancements in cryptography, but they are
now considered outdated due to vulnerabilities like the meet-in-the-middle attack,
which reduces the effective key length of 2-DES to 56 bits and 3-DES to 112 bits.
• While 3-DES extended the life of DES, it has been replaced by AES-256, which provides
much stronger encryption and is now the NIST standard.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Rijndael/Advanced Encryption Standard (AES)
Overview of AES and Rijndael:
• Overview of AES and Rijndael
• AES (Advanced Encryption Standard): Chosen as the encryption
• Key Sizes and Block Sizes standard after a US government-sponsored competition.
• AES Characteristics
• Differences Between Rijndael
• AES is based on the Rijndael algorithm.
and AES • It is the most widely used encryption standard today,
particularly for securing government and financial data.
Key Sizes and Block Sizes:
• AES Key Sizes: AES is considered a variable key size algorithm,
supporting key sizes of:
• 128 bits
t i on
• 192 bits
i bu
• 256 bits
s tr
i
fo r D of key
• Block Size: AES has a fixed block size of 128 bits regardless
length.
o t Rijndael can support
•
block sizes of 128, 192, and N256 bits, the US government
Rijndael's Block Sizes: Although
,block
h
adopted only the 128-bit a size for AES.
a
AES Characteristics:
e tN
ajediffusion,
• AES uses multiple rounds
provide confusionhand
of substitution, transposition, and mixing to

u b
• Number ofSRounds:
making it highly secure.

l
y C••o 10 rounds for 128-bit keys.

P B 12 rounds for 192-bit keys.

I SS • 14 rounds for 256-bit keys.

r C Differences Between Rijndael and AES:

fo
es • Rijndael: Supports block sizes of 128, 192, and 256 bits, as well as

ot
variable key sizes.

ell N • AES: The US government adopted only the 128-bit block size for AES,
though it supports key lengths of 128, 192, and 256 bits.

orn The limitation to the 128-bit block size in AES was primarily to simplify
C
•
standardization and implementation for broad use in government and
commercial sectors.

• AES, based on the Rijndael algorithm, is the current US encryption standard and supports key sizes
of 128, 192, and 256 bits with a block size fixed at 128 bits.
• Although Rijndael can support larger block sizes, AES focuses on the 128-bit block size for simplicity
and widespread application.
• AES is highly secure due to its multiple rounds of encryption and variable key lengths.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 The ChaCha Family
• ChaCha Family: A set of stream ciphers developed by Daniel J.
• Overview of the ChaCha Bernstein, based on the Salsa family of ciphers.
Algorithm • ChaCha ciphers are designed to improve diffusion per
• ChaCha8, ChaCha12, and round and reduce the time per round compared to Salsa.
ChaCha20
• ChaCha vs. AES Performance • These algorithms enhance resistance against
• ChaCha20-Poly1305 AEAD cryptanalysis.
ChaCha8, ChaCha12, and ChaCha20:
• ChaCha8: A 256-bit stream cipher based on an 8-round version of

on
Salsa20/8.
•
u ti
ChaCha12: Uses 12 rounds of encryption, offering a balance between
security and performance.
tr i b
s
• ChaCha20: The most secure version, with 20 rounds of iencryption.
• On many systems, ChaCha20 can o
f r D AES,
outperform
o t
making it a popular choice for high-performance
cryptography.
a ,N
ChaCha vs. AES Performance:
ah
e t NAES, especially on systems that lack
• ChaCha20 is often faster than
jefor AES.
ha
hardware acceleration
• Thisbperformance advantage has led organizations like
u
Sservices, particularly in secure
Cloudflare and Google to adopt ChaCha20 in their
o l communications.
y C
P B
ChaCha20-Poly1305 AEAD:

I SS • ChaCha20-Poly1305 AEAD (Authenticated Encryption with

r C Associated Data):

fo • ChaCha20 is combined with the Poly1305 hash

es
ot
function to provide encryption with integrity and
authenticity.
ell N • This cipher suite ensures not only data encryption but
orn also verification of the data's integrity and authenticity.
C • It’s widely supported in TLS (Transport Layer Security)
by organizations such as Cloudflare and Google.

• The ChaCha family of stream ciphers, including ChaCha8, ChaCha12, and ChaCha20, are advanced
cryptographic algorithms developed from the Salsa family.
• ChaCha20, in particular, offers both strong security and performance advantages over AES in certain
systems.
• The ChaCha20-Poly1305 AEAD cipher suite is now supported in TLS, providing authenticated
encryption with data integrity and authenticity.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Out-of-Band Key Distribution
Definition of Out-of-Band Key Distribution:
• Definition of Out-of-Band Key
Distribution • Out-of-band key distribution refers to sharing cryptographic keys
• Challenges in Symmetric Key through a separate and secure communication channel that is
Cryptography different from the channel used to send the encrypted message.
• Reasons for Out-of-Band Challenges in Symmetric Key Cryptography:
Distribution
• Methods of Out-of-Band Key • One of the biggest challenges in symmetric cryptography is key
Distribution distribution because both sender and receiver must use the same
key to encrypt and decrypt messages.

on
• If the same communication channel is used to send both
t
the message and the key, an attacker could intercept the
u i
key and decrypt the message.
tr i b
Reasons for Out-of-Band Distribution:
D is
for
• Out-of-band key distribution is necessary because sending the key
t
No
along with the message makes it vulnerable to interception.
•
h a,
To maintain the confidentiality of the encrypted message,
the key must be delivered using a different, more secure
method.
Na
jeet
Methods of Out-of-Band Key Distribution:

bha key distribution methods include:

Su meetings where both parties exchange the key
• Examples of out-of-band
• l In-person

y Co physically.
B • Phone calls where the key is verbally shared.

I SSP • Letters or written documents sent separately to exchange

C keys.

for • Secure SMS or other communication means separate from

tes the main message channel.

o
ell N
orn
C

• Out-of-band key distribution is crucial in symmetric cryptography to prevent the key from being
intercepted along with the encrypted message.
• Different secure methods, such as in-person meetings, phone calls, or sending letters, can be used
to share the key in a way that ensures the confidentiality of the communication.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Asymmetric Cryptography
• Definition of Asymmetric
Cryptography
• Solving the Key Exchange
Problem
• Digital Signatures and
Certificates
• Key Pairs: Public and Private
Keys
• Mathematical Foundations:
Factoring and Discrete
Logarithms
• Popular Asymmetric
Algorithms: RSA and ECC
Definition of Asymmetric Cryptography:
• Asymmetric cryptography (also known as public-key cryptography)
uses two keys: a public key for encryption and a private key for
decryption.
• This system allows secure communication without the need
for out-of-band key exchange as in symmetric cryptography.
Solving the Key Exchange Problem:
• Unlike symmetric cryptography, where both parties must share the
same key, asymmetric cryptography solves the key exchange
problem by using key pairs.
• The public key is shared openly, and only the person with the
on
corresponding private key can decrypt the message.
Digital Signatures and Certificates:
uti
•Asymmetric cryptography enables:
tr i b
• is
Digital signatures: Verify that a message came from a specific
D
for
sender.
•
t
Digital certificates: Authenticate the identity of individuals or

No
organizations.

a,
• Authenticity and nonrepudiation: Provides nonrepudiation
h
of origin (the sender cannot deny sending the message) and

Na
nonrepudiation of delivery (the receiver cannot deny

jeet
receiving the message).
Key Pairs: Public and Private Keys:
•
bha
Public key: Can be freely shared and used to encrypt messages.
•
l Su
Private key: Must be kept secret and is used to decrypt the message.

Co
• A message encrypted with the public key can only be
decrypted by the corresponding private key.
By Mathematical Foundations: Factoring and Discrete Logarithms:

SP
• Factoring problem: The basis of RSA, where the security relies on the

CI S difficulty of factoring large numbers into prime factors.

for • Discrete logarithm problem: Used in Elliptic Curve Cryptography

(ECC), where security depends on the difficulty of solving discrete

es logarithms in finite fields.

ot Popular Asymmetric Algorithms:

ell N • RSA: One of the most widely used asymmetric algorithms, based on

rn
the factoring problem.

C o • Elliptic Curve Cryptography (ECC): An algorithm that uses discrete

logarithms, providing strong security with shorter key lengths
compared to RSA.
• ECC is often more efficient and is becoming popular for use in
modern systems like mobile devices.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Asymmetric Cryptography
• Key Exchange Problem
Solution
• Features: Digital Signatures,
Certificates, Authenticity,
Nonrepudiation
• Public Key and Private Key
Pairs
• Hard Mathematical
Problems: Factoring and
Discrete Logarithms
• Popular Asymmetric
Algorithms: RSA and ECC
Public Key and Private Key Pairs:
•
Key Exchange Problem Solution:
• Asymmetric cryptography addresses the key exchange issue
inherent in symmetric cryptography by using a public-private key
pair. This eliminates the need for both parties to share a single
key through insecure channels.
Features Enabled by Asymmetric Cryptography:
• Digital Signatures: Used to verify that a message came from the
stated sender.
• Digital Certificates: Certify the identity of individuals or
organizations online (e.g., in SSL/TLS).
on
• Authenticity and Nonrepudiation: ti
udeny
• Nonrepudiation of origin: The sender cannot
tr i b
having sent the message.
is
D cannot
•
o r
Nonrepudiation of delivery: The recipient
tf
deny receiving the message.
o
, Nkeys:
Asymmetric cryptography usesa
h and used to encrypt data.
Public Key: Freelyashared
two

t Nsecret and used to decrypt data

•
• Private Key:eKept
encryptedje
h a by the corresponding public key.
ub Problems:
Hard Mathematical
S
•
o l large
Factoring: The security of RSA is based on the difficulty of
y C
factoring numbers.
• B Discrete Logarithms: Used in Elliptic Curve Cryptography
S P (ECC), which relies on the difficulty of solving discrete
CIS
logarithms in finite fields.

for Popular Asymmetric Algorithms:

tes • RSA: A widely used algorithm that is based on the factoring

o problem.

ell N • Elliptic Curve Cryptography (ECC): An increasingly popular

orn algorithm, based on discrete logarithms, which provides strong

security with shorter key lengths compared to RSA. This makes
C it ideal for modern applications like mobile devices and smaller
computing environments.

• Asymmetric cryptography overcomes the key distribution challenges of symmetric cryptography by

using key pairs.
• It enables critical security services like digital signatures, certificates, and nonrepudiation, and relies
on solving difficult mathematical problems such as factoring and discrete logarithms.
• RSA and ECC are the most popular algorithms in this category, with ECC being more efficient for
modern use cases.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Asymmetric Cryptography
• Solves Key Distribution
Problem
• Digital Signatures and
Authenticity
• Key Pair: Public and Private
Key
• Speed vs. Security
(Compared to Symmetric
Cryptography)
Key Distribution Solution:
• Asymmetric cryptography eliminates the need to securely distribute a
single shared key as used in symmetric cryptography.
• Diffie and Hellman proposed the idea of public key cryptography in the
1970s. They suggested using two mathematically linked keys:
• Public Key: Shared with anyone and used for encrypting
messages.
• Private Key: Kept secret by the owner and used to decrypt
messages.

on
• Hybrid Cryptography
(Symmetric + Asymmetric)
Digital Signatures and Authenticity:
u ti
(proof of origin).
tr i b
• Asymmetric cryptography enables digital signatures for authenticity

is
D was sent
fo r
• A sender can encrypt a message using their private key.
public key can decrypt the message, proving the message
Anyone with the
by the
owner of the private key (authenticity).
o t
• Confidentiality is achieved when a senderN
a, private key can decrypt
encrypts the message using
h
the recipient’s public key. Only the recipient’s

Na
the message.
Speed vs. Security: e t
je
bhain key
• Slower than symmetric cryptography because of the mathematical

S u
complexity involved pair generation.
• Requires llarger key sizes (e.g., RSA) to remain secure against

y Co needinstronger
advancements computing power. As processors get faster, asymmetric
B
algorithms keys, which further slows them down.

I SSPHybrid Cryptography:
C • Hybrid mode (e.g., SSL/TLS) combines symmetric cryptography for
for speed and asymmetric cryptography for secure key exchange.

tes • Symmetric cryptography is used for data encryption due

o to its speed.

ell N • Asymmetric cryptography solves the key exchange

orn problem and ensures security services like authenticity

and nonrepudiation.
C

• Asymmetric cryptography solves the key distribution problem inherent in symmetric cryptography by
using mathematically linked public and private key pairs.
• It enables important services such as digital signatures, authenticity, and nonrepudiation. However,
it is significantly slower and requires larger key sizes compared to symmetric cryptography.
• To balance the advantages and disadvantages, hybrid cryptography is often employed, combining
the strengths of both approaches.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Factoring: Used in RSA
• Discrete Logarithms: Used
in ECC, Diffie–Hellman
• Prime Numbers: Importance
in cryptography
• Knapsack Problem:
Deprecated due to
vulnerabilities
Hard Math Problems
Factoring (RSA Key Generation):
• Factoring relies on multiplying two large prime numbers quickly to
generate a result.
• Factoring challenge: Given the result, determining the original two
prime numbers is very difficult and computationally intensive.
• Example: Multiplying two prime numbers results in a product, but it
could take years to reverse the process and find those two prime
numbers based on the product.
• RSA uses factoring for key generation, making it an effective

ti on
cryptographic method due to the difficulty of factoring large numbers.
Discrete Logarithms (ECC, Diffie–Hellman):
i bu
s r
t of
• Discrete logarithms use a prime number raised to the power
i
another prime number to generate a result.
• As with factoring, quick forward calculationtisfo
rD
easy, but working
backward from the result to determine theo
extremely difficult. , N original prime numbers is

h aand
• Elliptic Curve Cryptography (ECC)
N a Diffie–Hellman use this type

e t
of math problem to ensure cryptographic security.
Prime Numbers:
h aje
• Prime numbers
S ubare crucial because they can only be divided by 1 or

olor discrete logarithm equation.

themselves, leading to only one possible solution for a factoring

• B
C
problem
y prime numbers increase security and make it computationally
Larger
S P infeasible to determine the original values used in key generation.
CIS Knapsack Problem (Deprecated):
for • The Knapsack problem was previously used in cryptographic
tes algorithms, but it has been deprecated due to vulnerabilities.
o
ll N
• Attacks have been developed that can solve the Knapsack problem,

rn e making any cryptographic algorithm that uses it insecure.

C o • Examples of deprecated algorithms include Chor Rivest Knapsack

and Merkle Hellman Knapsack.

• Two primary hard math problems—factoring and discrete logarithms—are used in asymmetric
cryptography for key generation.
• Both methods rely on the computational difficulty of reversing the process once a result is known,
especially when using large prime numbers.
• While factoring is used in RSA, discrete logarithms power algorithms like ECC and Diffie–Hellman.
• The Knapsack problem has been deprecated due to identified vulnerabilities that make its use in
cryptography insecure.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Asymmetric Algorithms
RSA:
• RSA: Uses factoring
• Elliptic Curve Cryptography • RSA is a widely used asymmetric algorithm, first developed in the late
(ECC): Uses discrete 1970s.
logarithms • It relies on the factoring of large prime numbers for key generation.
• Diffie-Hellman: Uses
discrete logarithms, key • Despite being older, RSA has no significant vulnerabilities and
exchange continues to provide strong security.
• However, RSA requires larger key sizes to maintain the same level of
security as newer algorithms like ECC.
Elliptic Curve Cryptography (ECC): t i on
i bu
t r
• Developed in the early 2000s, ECC offers a significant improvement
s
i
rtoDachieve the same
over RSA.
• Key advantage of ECC: It uses shorter key sizes f o
t logarithms for key
o
level of security as RSA due to the use of discrete
generation.
a ,N
• ECC’s shorter key lengths make a hit faster and more efficient.
• Particularly valuable in e t N with limited bandwidth,
aje and storage (e.g., mobile devices, IoT).
scenarios
computational power,
h
bequivalent security to RSA with less computational
• ECC provides
Su
ol
overhead.
C
By
Diffie-Hellman:

I SS P• Diffie-Hellman was developed around the same time as RSA but is

primarily used today for secure key exchange.
r C
fo • It also uses discrete logarithms like ECC, making it secure for
s
ote
symmetric key exchange between parties.

ll N
• Diffie-Hellman does not provide encryption or digital signatures

rn e directly but facilitates the exchange of symmetric keys.

C o

• RSA and ECC are two of the most popular asymmetric algorithms. RSA relies on factoring large
prime numbers for key generation, while ECC uses discrete logarithms, offering an advantage in key
length efficiency.
• ECC is particularly useful in resource-constrained environments because it provides faster, more
efficient security.
• The Diffie-Hellman algorithm also uses discrete logarithms and is widely used for symmetric key
exchange.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Quantum Key Distribution (QKD)
Purpose of Quantum Key Distribution (QKD):
• Emerging technology for
key distribution • QKD aims to solve the key distribution problem without relying on
vulnerable out-of-band methods.
• Quantum computers pose
risks to current public-key • Out-of-band channels, such as physical meetings or phone calls, are
algorithms often impractical or insecure.
• NIST is working on post-
• Current public-key algorithms, like RSA and ECC, may be broken by
quantum algorithms
quantum computers in the future.
• Observation principle in
quantum systems Physics of Quantum Systems:
• The act of observing a quantum system changes the system itself. ti on
i b u
t
• In QKD, this principle is applied to key exchange: if someone
s r attempts
to eavesdrop on the key exchange, their presence would i alter the
system.
fo rD
• This means that both parties exchanging keys o twill know if the key
exchange has been compromised.
a ,N
Quantum Security: a h
• Quantum key distribution etisNsecure because interception by a third
aje
party will be detectable.
h
u b makes QKD a promising solution for secure key
• This unique property
S
l in a post-quantum computing world.
o
exchanges

y CChallenges:
Current
B
I SSP• Although promising, QKD is still experimental and faces several
practical challenges.
C
for • These challenges need to be addressed before QKD can be widely

tes adopted.
o
ll N
• Meanwhile, NIST is working on developing quantum-resistant public-

rn e key algorithms.

C o

• Quantum Key Distribution (QKD) offers a solution to the key distribution problem by leveraging the
unique properties of quantum systems.
• If someone tries to intercept the key exchange, it will be immediately detected. However, QKD is still
in the experimental phase and has challenges to overcome.
• As quantum computing advances, current public-key algorithms may be vulnerable, so NIST is
working on post-quantum cryptographic solutions.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Common Asymmetric Algorithms
• RSA: Factoring-based key
generation
• ECC: Discrete logarithms,
shorter keys
• Diffie–Hellman: Symmetric
key exchange
• ECC is well-suited for environments where bandwidth
Rivest, Shamir, and Adleman (RSA):
• Key generation is based on factoring large prime numbers.
• RSA remains widely used due to its strong security and no major
weaknesses have been discovered.
• As technology advances, key lengths have increased to maintain
security, making RSA slower compared to newer algorithms.
Elliptic Curve Cryptography (ECC):
• Key generation is based on discrete logarithms.
ti on
bu
• ECC achieves the same level of security as RSA but with shorter key
i
lengths, making it faster and more efficient.
s tr
D i
f
computational resources are limited (e.g., mobileo rdevices).
and

ot
Diffie–Hellman Key Exchange:
, N
h a
a
• Also uses discrete logarithm mathematics for key generation.

e t Nexchange of symmetric keys between

• Primarily used for the secure
two parties.
h aje
S ubhaving
• It allows two users to exchange a shared secret over an insecure

o l
channel without a prior shared key.

B yC
I SSP
C
for
tes
o
ell N
orn
C

• RSA, ECC, and Diffie–Hellman are three commonly used asymmetric cryptography algorithms.
• RSA relies on factoring for key generation but is slower due to the need for large keys.
• ECC is more efficient, using discrete logarithms to generate keys, offering the same security as RSA
with shorter keys.
• Diffie–Hellman is used mainly for the secure exchange of symmetric keys using discrete logarithms
as well.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Hybrid Key Exchange
Diffie–Hellman Key Exchange:
• Diffie–Hellman Key
Exchange: Symmetric key • Utilizes discrete logarithms for key generation.
exchange using asymmetric
• Main purpose: Securely exchange symmetric keys between two
algorithm parties over an insecure channel.
• Hybrid Cryptography:
Combines symmetric and • While Diffie–Hellman is asymmetric, it is specifically used to
asymmetric methods establish symmetric encryption keys, which are then used for
secure communication.
Hybrid Cryptography:
• ti on
Blends the strengths of symmetric and asymmetric cryptography.
i bu
•
t r
Symmetric cryptography is very fast and suitable for encrypting
s
i
r D problem,
large amounts of data.
• fo
Asymmetric cryptography solves the key distribution
t a pre-shared secret.
o
ensuring secure key exchange without needing
• Hybrid systems use asymmetric a ,N
cryptography to safely exchange
ah
a symmetric key, then use symmetric cryptography to handle the
tN
bulk data encryption for speed.
e
h aje
S ub
C ol
By
I SSP
r C
fo
es
ot
ell N
orn
C

• Hybrid cryptography offers the best of both worlds by using asymmetric cryptography (like Diffie–
Hellman) to securely exchange symmetric keys, and then leveraging symmetric encryption for fast
and efficient data encryption.
• This approach ensures both security and performance in communication systems.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Diffie–Hellman Key Exchange Protocol
Value and Use of Diffie-Hellman Key Exchange:
• Purpose: Securely generate
symmetric session keys • Symmetric key cryptography: Used for fast encryption and
• Symmetric encryption: decryption, required for large data transfers, e.g., in a VPN.
Necessary for speed and bulk
• Challenge: How to securely exchange symmetric keys over a network
data encryption without interception.
• Session keys: Unique
symmetric keys for each • Solution: Diffie–Hellman Key Exchange generates a shared secret
session (session key) without transmitting it across the network.
• Diffie–Hellman: Key
• Session keys: Each VPN session generates a new session key using
on
management protocol used
in VPNs
for the next session.
u i
the protocol. If the session is interrupted, a new key will be negotiated
t
tr i b
How Diffie–Hellman Works:
D is
for
1. Alice and Bob (remote user and corporate office) each generate a
t
random secret number (e.g., 7 for Alice, 3 for Bob).
o
Both multiply their secret numbers byN
a,
2. a common number (e.g., 2),
h
resulting in 14 for Alice and 6 for Bob.
a
Alice sends her result (14)N
3.
e t to Bob, and Bob sends his result (6) to
Alice.
je
4. b
They then performhaa final multiplication: Alice multiplies Bob's
byuher original number (7), and Bob multiplies Alice's result
result (6)S
(14) by l
o original number (3).
his
5. By
C
Both end up with the same shared key (42 in this simple example),
P which becomes the symmetric session key used for encryption and
S decryption.
I S
C Why Diffie–Hellman is Effective:
for
es
ot
• This key exchange process avoids sending the actual session key

ll N
over the network, so it's safe from interception.

rn e • It relies on the mathematical relationship between the random

C o numbers generated by Alice and Bob, which makes it difficult for an

attacker to reverse the process and discover the key.

• The Diffie–Hellman Key Exchange Protocol securely generates a symmetric session key used in
each VPN session.
• By performing mathematical operations on random numbers and never transmitting the actual
key, it ensures secure communication without the need to send sensitive keys over the network.
• This is why Diffie-Hellman is widely used for key management in encrypted communications like
VPNs.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Hybrid Cryptography
• Hybrid Cryptography:
Combination of symmetric
and asymmetric cryptography
• Symmetric Cryptography:
Fast, used for bulk data
encryption
• Asymmetric Cryptography:
Secure key distribution
• Hashing Algorithms: Provide
What is Hybrid Cryptography?
• Hybrid cryptography takes advantage of both symmetric and
asymmetric encryption.
• Symmetric cryptography is fast and ideal for encrypting large
volumes of data, but it suffers from the key distribution problem.
• Asymmetric cryptography solves the key distribution problem by
using key pairs (public/private), but it is slower for bulk encryption.
Why Use Hybrid Cryptography?
• In hybrid cryptography, symmetric algorithms are used for speed

on
integrity and support digital and bulk encryption.
signatures • Asymmetric cryptography is used to securely exchange the
uti
symmetric keys.
tr i b
• This combination ensures both efficiency (fast
D is
for
encryption/decryption) and security (safe key exchange).
Example of Hybrid Cryptography:
t
•
No
Alice wants to send a large message to Bob.
•
h a,
Alice uses a symmetric algorithm (e.g., 3-DES) to encrypt

Na
the message due to its speed for processing large data.
•
jeet
Alice knows that Bob will need the same symmetric key to
decrypt the message.
•
bha
Alice securely sends the symmetric key by encrypting it

l Su using Bob’s public key (asymmetric cryptography).

Co
• Bob uses his private key to decrypt the symmetric key.

By • Bob now has the symmetric session key and can quickly

SP
decrypt Alice's large message.

CI S • Hybrid Cryptography thus allows Alice to send a large encrypted

message securely while using a combination of asymmetric
for cryptography (for key exchange) and symmetric cryptography (for
es bulk data encryption).
ot Additional Features of Hybrid Cryptography:

ell N • Hashing algorithms are often included to ensure integrity.

orn • Digital signatures can be used to provide nonrepudiation—

C confirming that the sender can't deny sending the message.

• Hybrid cryptography combines the speed of symmetric cryptography with the secure key
exchange of asymmetric cryptography.
• Symmetric encryption is used for encrypting large data, while asymmetric encryption handles key
distribution.
• This approach optimizes security and efficiency, making hybrid cryptography a common choice for
modern encryption solutions.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Message Integrity Controls (MICs)
• Message Integrity: Ensuring
data remains intact and
unchanged
• Message Integrity Checks
(MICs): Mechanisms that
detect message alterations
• Collisions: Occur when two
different messages produce
the same representation
• Hashing: Used for message
integrity checks with fixed-
length digests
S P length• digest from a message, regardless of the message size.
CIS
for
tes
o
ll N
rn e
C o
What is Message Integrity?
• Integrity in cryptography means ensuring that the message or data
has not been altered from its original form.
• Message Integrity Controls (MICs) are designed to detect any
changes that occur between the creation of a message and when it is
read.
• These changes can be intentional (e.g., attacks) or unintentional
(e.g., transmission errors).
on
How MICs Work:
ti
u(or
• Before a message is sent, the sender creates a representation
tr i b
digest) of the message using a MIC algorithm.
is
• Both the message and the representation are sent
fo rDto the recipient.
o t to recompute the
• The recipient uses the same integrity algorithm
,N
representation from the received message.
a
a
• If the recomputed representation hmatches the one sent by the
et N confirmed.
sender, the message integrity is
Types of MICs:
h aje
u b Check (CRC) and Checksums: Use simple
S
• Cyclical Redundancy
l operations to create a representation.
o
mathematical
C Algorithms: Use complex mathematics to create a fixed-
B y
• Hashing
Examples of hashing algorithms include SHA-256 and MD5.
Collisions:
• A collision occurs when two different messages result in the same
representation or digest.
• Simple math-based MICs (like CRC or checksums) are more
susceptible to collisions.
• Hashing algorithms are much more resistant to collisions because
they use more complex calculations, making them more reliable for
message integrity checks.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Message Integrity Controls (MICs)
• Message Integrity: Ensuring
data remains intact and
unchanged
• Message Integrity Checks
(MICs): Mechanisms that
detect message alterations
• Collisions: Occur when two
different messages produce
the same representation
The Birthday Paradox:
• This mathematical concept explains the likelihood of collisions in a
system.
• The birthday paradox shows that as more data is processed through
an integrity check system, the probability of a collision increases.
This is why strong hashing algorithms are critical to prevent collisions
and maintain integrity.
Message Integrity Controls and Cryptography Services:

on
• Hashing: Used for message
• Message integrity is one of the five core services that cryptography
integrity checks with fixed- provides, along with:
uti
length digests
• Confidentiality
tr i b
• Integrity
D is
• Authenticity (proof of origin)
t for
• Nonrepudiation
No
• Access control
h a,
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Message Integrity Checks (MICs) are critical in ensuring that messages remain
unchanged from creation to reading.
• While basic integrity checks (e.g., CRC or checksums) can lead to collisions, more
robust methods like hashing algorithms (e.g., SHA-256) provide stronger integrity
verification.
• MICs are one of the key services provided by cryptography, ensuring that data remains
intact and unaltered during transmission.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Hashing Algorithms and Key Properties
• Hashing: Converts data into a
fixed-length digest
• Collision: When two different
inputs produce the same
hash value
• Key Properties of Hashing:
Fixed length, one-way,
deterministic, collision-
resistant
• Popular Hashing
Algorithms: MD5, SHA-1,
SHA-2, SHA-3
• Birthday Attack: Theoretical
probability of finding
collisions based on the
birthday paradox
y Co
B 5. Uniform Distribution:
SP
CI S
for
es
ot
ll N
rn e
C o
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
Hashing Fundamentals:
• Hashing algorithms generate a fixed-length message digest or hash
value regardless of the size of the input data.
• This is critical for verifying message integrity and preventing
tampering in communication.
Key Properties of Hashing:
1. Fixed-Length Digest:
• No matter the size of the input (e.g., a short message or
large file), the resulting digest is always the same length.
• For example:
on
• MD5 produces a 128-bit digest
uti
• SHA-1 produces a 160-bit digest
tr i b
256, 384, 512 bits). D is
• SHA-2 and SHA-3 offer variable digest lengths (224,
2. One-Way Function:
t for
No
• Hashing is a one-way process, meaning that once data is
a,
hashed, it’s impossible to reverse the process to discover
h
the original input from the hash.
3. Deterministic:
Na
•
jeet
Hashing the same input with the same algorithm will
ha
always produce the same output.
b
4. Calculated on Entire Message:
•
l SuThe hash must be calculated over the entire input,
ensuring all data is part of the integrity check.
• A good hashing algorithm distributes input values evenly
across its possible output range, ensuring random and
unique digests.
6.Collision Resistance:
• It should be very hard to find two different inputs that
generate the same hash value.
• Collisions undermine the effectiveness of hashing
algorithms, allowing potential tampering without detection.
 Hashing Algorithms and Key Properties
Popular Hashing Algorithms:
• Hashing: Converts data into a • MD5:
fixed-length digest
• 128-bit digest, but now considered insecure due to
• Collision: When two different susceptibility to collisions.
inputs produce the same
• SHA-1:
hash value
• Key Properties of Hashing: • 160-bit digest, also largely deprecated due to vulnerability
to attacks.
Fixed length, one-way,
deterministic, collision- • SHA-2 and SHA-3:
resistant • Offer various digest lengths (224, 256, 384, 512 bits) and
are more secure than MD5 and SHA-1.
on
• Popular Hashing
Algorithms: MD5, SHA-1, Collisions:
uti
SHA-2, SHA-3
tr i b
• A collision occurs when two different inputs produce the same hash
• Birthday Attack: Theoretical
probability of finding
value.
D is
• This is a critical flaw, as it can allow an attacker to tamper with the
collisions based on the message without being detected.
t for
No
birthday paradox Birthday Attack:

a,
• The birthday paradox is used to explain how collisions can occur.
h
• The probability of two people in a room sharing the same birthday
Na
rises exponentially with each new person added.
•
jeet
With 23 people, there’s a 50% chance of a shared birthday.
•
bha
With 60 people, there’s a 99% chance.

Su
• Similarly, in hashing, as more inputs are processed, the chances of
l
finding a collision increase exponentially, leading to a birthday

y Co
attack.

B
I SSP
r C
fo
es
ot
ell N
orn
C

• Hashing algorithms are crucial for ensuring message integrity, offering a fixed-length digest for any
size input.
• Collision resistance is essential, as collisions can compromise the reliability of the hash function.
• Modern algorithms like SHA-2 and SHA-3 are highly secure, while older ones like MD5 and SHA-1
have been deprecated due to vulnerabilities.
• The birthday paradox demonstrates the potential for collisions, highlighting the importance of
strong, collision-resistant hashing algorithms in cryptography.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Digital Signature Services:
Integrity, authenticity,
nonrepudiation
• Hashing for Integrity
• Digital Signature Creation
and Use
• Public Key and Private Key
Usage
• Uses of Digital Signatures:
Document signing, code
signing, software verification
• Nonrepudiation
Digital Signatures
Digital Signature Fundamentals:
• Digital signatures are cryptographic tools that provide integrity,
authenticity, and nonrepudiation.
• They ensure that messages or documents are unaltered during
transmission and confirm the identity of the sender.
• Nonrepudiation means the sender cannot deny sending the
message, and the receiver cannot deny receiving it.
Services Provided by Digital Signatures:
1. Integrity:
• The sender hashes the message, creating a message
on
digest.
uti
•
tr i b
The receiver hashes the message and compares it to the
original digest to confirm that no changes have occurred.
2. Authenticity:
D is
•
t for
The hash digest is encrypted using the sender’s private

No
key, and the receiver can decrypt it with the sender’s
public key, proving the sender’s identity.
3. Nonrepudiation:
h a,
•
Na
Since only the sender has access to the private key, they

jeet
cannot deny creating the signature, ensuring proof of
origin.

bha
Digital Signature Creation:
Su
1. Hashing the message:
l
Co
• A fixed-length message digest is generated from the

By message.
2. Encrypting the hash:

I SSP • The digest is encrypted with the sender’s private key,

r C forming the digital signature.

fo • The encrypted hash is small in size and can be attached to the
es message.
ot
ell N
orn
C

Digital signatures are essential for verifying integrity, authenticity, and nonrepudiation in
digital communication. By combining hashing and asymmetric encryption, digital
signatures ensure that messages or documents have not been altered, that the sender's
identity can be confirmed, and that the sender cannot deny having sent the message.
Applications include document signing and code signing, making digital signatures
widely used in modern cybersecurity practices.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Digital Signature Services:
Integrity, authenticity,
nonrepudiation
• Hashing for Integrity
• Digital Signature Creation
and Use
• Public Key and Private Key
Usage
• Uses of Digital Signatures:
Document signing, code
signing, software verification
• Nonrepudiation
Digital Signatures
Using Digital Signatures:
1. Sender:
• Creates a hash of the message and encrypts it with their
private key, generating the digital signature.
• The signature is attached to the message and sent.
2. Receiver:
• Decrypts the signature using the sender’s public key,
confirming authenticity.
• The receiver then hashes the message and compares it to
the decrypted hash to confirm integrity.
on
Important Notes:
uti
• Digital signatures do not provide confidentiality. The message
tr i b
remains readable unless it is separately encrypted.
D is
• Public key ensures anyone can verify authenticity, while the private
for
key ensures only the sender can create the signature.
t
No
Uses of Digital Signatures:

a,
1. Document Signing:
•
h
Digital signatures are often used for signing important
Na
documents. They provide greater security than handwritten

jeet
signatures, which can be forged.

ha
2. Code Signing:
• b
Software developers and companies like Apple use digital
l Su
signatures to ensure the authenticity and integrity of

Co
software updates.

By • For example, when downloading an iOS update, the

signature verifies it’s from Apple and hasn’t been tampered

I SSP with during transmission.

r C
fo
es
ot
ell N
orn
C

Digital signatures are essential for verifying integrity, authenticity, and nonrepudiation in
digital communication. By combining hashing and asymmetric encryption, digital
signatures ensure that messages or documents have not been altered, that the sender's
identity can be confirmed, and that the sender cannot deny having sent the message.
Applications include document signing and code signing, making digital signatures
widely used in modern cybersecurity practices.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Digital Certificate Basics:
Public key binding, issued by
Cas
• X.509 Standard: Certificate
format used by all Cas
• Root of Trust: Root CA and
Intermediate CA roles
• Certificate Replacement
and Revocation
• CRL vs OCSP: Methods of
checking revocation status
• Certificate Life Cycle:
Enrollment, Issuance,
Validation, Revocation,
Renewal
• Certificate Pinning: Securing
certificates for subsequent
visits
I SSPChecking Revocation Status:
r C 1. Certificate Revocation List (CRL):
fo
s 1. An outdated method where a client downloads a list of all
ote
ll N
rn e
C o
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
Digital Certificates
Digital Certificate Fundamentals:
• Digital certificates bind individuals to their public keys and are
issued by Certificate Authorities (CAs).
• CAs confirm the individual’s identity, ensuring the authenticity of the
public key.
• A CA signs the digital certificate with its private key, allowing anyone
with the CA’s public key to verify the certificate’s authenticity.
X.509 Standard:
on
• All digital certificates follow the X.509 standard, ensuring
interoperability.
u t i
r i
• Certificates include information such as version, serial number,
t keyb
is
encryption algorithm, issuing CA, validity period, and public
rD
value.
Root of Trust:
t fo
N
• Root CA: The foundation of the certificate ohierarchy. It is offline for
security, and Intermediate CAs sign, certificates on its behalf.
a ha key is critical for the security of
tN
• The integrity of the Root CA’s private
the entire system.
e
aje and Revocation:
Certificate Replacement
h
• Replacement:bHappens when the public/private key pair is
Suto expiration or key rotation.
replacedl due
C o Necessary if the private key is compromised. The CA
y
• Revocation:
Brevokes the certificate, and it can no longer be trusted.
revoked certificates from the CA and searches for the
certificate in question.
2. Online Certificate Status Protocol (OCSP):
1. A more efficient method where a client queries the CA and
receives a simple yes/no answer regarding the certificate’s
status.

• Digital Certificate Basics:
Public key binding, issued by
Cas
• X.509 Standard: Certificate
format used by all Cas
• Root of Trust: Root CA and
Intermediate CA roles
• Certificate Replacement
and Revocation
• CRL vs OCSP: Methods of
checking revocation status
• Certificate Life Cycle:
Enrollment, Issuance,
Validation, Revocation,
Renewal
• Certificate Pinning: Securing
certificates for subsequent
visits
Digital Certificates
Certificate Life Cycle:
1. Enrollment: The entity submits a Certificate Signing Request
(CSR) to the CA, generating a public/private key pair.
2. Issuance: The CA verifies the information, signs the certificate with
its private key, and issues the digital certificate.
3. Validation: When the certificate is used (e.g., for web browsing), its
validity is automatically checked. If expired or revoked, a warning is
issued.
4. Revocation: If a private key is compromised, the certificate is
on
revoked and added to the CA’s revocation list.
uti
t
(e.g., 12 months). Renewal involves confirming the originalr i b
5. Renewal: Certificates are typically issued with an expiration date
information in the CSR.
D is
Certificate Pinning:
t for
• Ensures that once a certificate is trusted, ono new requests for the
N
a,
certificate are needed in subsequent visits.
• Pinning methods:
a h
t NThe
•
jee
Application-level: certificate is coded into the

ha The certificate from the initial visit is pinned to

application.
• Firstbvisit:

l Stheubrowser for future visits.

y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Digital certificates are essential for binding public keys to individuals and ensuring secure,
authenticated communication over the internet.
• They are managed by Certificate Authorities (CAs) and follow the X.509 standard for consistency.
• Key management practices like replacement, revocation, and pinning enhance the security and
reliability of certificates.
• Checking revocation status can be done via CRL or the more efficient OCSP.
• The lifecycle of a certificate includes phases like enrollment, issuance, validation, and renewal,
making them vital in maintaining secure communications online.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Kerckhoffs' Principle:
Security is in the key, not the
system
• Key Management Activities:
Generation, distribution,
storage, rotation,
destruction, recovery
• Key Creation: Automated
processes to avoid patterns
Key Management
Kerckhoffs' Principle:
•Kerckhoffs' Principle states that a cryptosystem should remain secure even if all
system details (algorithm, IV, etc.) are known, except for the key.
Key Management Activities:
•Activities like key generation, distribution, storage, rotation, destruction, and
recovery are critical to maintaining the security of cryptographic systems.
Key Creation:
•Key creation should be automated to avoid human error and patterns.
•Keys must be randomly chosen from the key space (e.g., DES has a key space of 72

on
• Key Distribution: Out-of- quadrillion).
band and key wrapping (KEK)
u
•Pseudorandom number generators are used to create keys that avoid patterns.ti
• Key Storage: Trusted Key Distribution:
r i b
tsending keys
Platform Module (TPM) and
is
rD
•Out-of-band distribution (e.g., phone call, in-person meeting) avoids
Hardware Security Module over the same communication channel.
(HSM)
t f
•Key wrapping (Key Encrypting Keys, KEK) involves wrappingo many keys inside
• Key Rotation: Frequency of
o
,N
another key for secure distribution.
changing encryption keys
• Key Recovery: Split Key Storage:
a
h on the motherboard that
•TPM (Trusted Platform Module): A chipainstalled
knowledge, dual control, key
t N laptops).
securely stores keys for a single device (e.g.,
escrow
e
je A hardened physical device that stores and
manages keys for an entireaorganization.
• Key •HSM (Hardware Security Module):
Destruction/Disposition:
u bh
l S to how often encryption keys are replaced.
Crypto shredding and key Key Rotation:
destruction
o
•Key rotation refers

B y Cof the asset often determines the frequency of key rotation—valuable

•The value
data requires more frequent key changes.

I SSPKey Recovery:
C 1.Split Knowledge: The key is split among multiple parties.
for
tes 2.Dual Control: Requires two individuals to access the key (e.g., missile launch
protocols).

N o 3.Key Escrow: A trusted third party stores the keys (e.g., government-mandated

rn ell key storage).

o
Key Destruction/Disposition:
C •Crypto shredding: Encrypt sensitive data, then destroy the encryption key, making
the data unreadable.
•Key destruction: Physically destroy the media (e.g., hard drives) to ensure the data
cannot be recovered.

• Key management is essential to the security of any cryptographic system, with the key being the
most critical element, as highlighted by Kerckhoffs' Principle.
• Key management activities include key creation, distribution, storage, rotation, and destruction.
• Techniques such as out-of-band distribution, TPM and HSM for storage, and crypto shredding for
destruction ensure the security of keys.
• Key recovery and rotation methods provide added layers of protection, helping maintain data
integrity and security in cryptographic systems.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 S/MIME (Secure/Multipurpose Internet Mail Extensions)
• S/MIME: A standard for
public key encryption in
digital messaging.
• Security Services:
Authentication,
nonrepudiation, integrity,
confidentiality.
• Optional Services: Signed
receipts, security labels,
secure mailing lists.
• S/MIME vs. MIME: Adds
security to MIME's
multimedia messaging.
• PKI Dependency: Requires
Public Key Infrastructure (PKI)
for encryption.
P
S • S/MIME was developed to add security to MIME.
CI S
for
tes
o
ll N
rn e
C o
• S/MIME enhances MIME by adding public key encryption and security services like authentication,
nonrepudiation, message integrity, and confidentiality to email messaging.
• S/MIME requires PKI for key management and distribution, making it a robust solution for secure
digital communications.
• Optional services like signed receipts and security labels further extend its capabilities in secure
communication.
S/MIME Overview:
• S/MIME stands for Secure/Multipurpose Internet Mail Extensions.
• It provides public key encryption and security services for email and
digital messaging applications.
• Basic security services offered by S/MIME include:
• Authentication: Verifying the sender's identity.
• Nonrepudiation of origin: Prevents the sender from denying
they sent the message.
on
Message integrity: Ensures that the message has not been
•
altered.
u ti
Confidentiality: Encrypts the message to protect itsi b
•
s tr content.
i
rD
Optional Services:
• Signed receipts: Confirms message receipt.
t fo
o
, N purposes.
• Security labels: Classifies emails for security
a
a
• Secure mailing lists: Protects mailing h lists with encryption.
N
t identification:
e
• Extended signer certificate
j e Provides additional methods
ha
to verify the signer's certificate(s).
b
Su Internet Mail Extensions) supports email messaging
S/MIME vs. MIME:
o l
withC
• MIME (Multipurpose
y attachments (images, files, sound clips, etc.), but it does not
Bprovide security.
• S/MIME services include:
• Digital signatures for sender authentication.
• Encryption for message confidentiality.
• Hashing for integrity and nonrepudiation.
Public Key Infrastructure (PKI):
•S/MIME requires PKI to work properly.
•PKI enables the distribution of public and private keys for encryption and
digital signatures.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Five Services of Cryptography
• Cryptography Services:
Confidentiality, Integrity,
Authenticity, Nonrepudiation,
Access control.
• Asymmetric and Symmetric
Cryptography: Key exchange
and file encryption.
• Digital Certificates: Verifying
public keys.
Cryptography Services Overview:
• Cryptography aims to achieve five key services: Confidentiality, Integrity,
Authenticity (Proof of Origin), Nonrepudiation, and Access Control.
• Example: Alice and Bob communicating securely.
Step 1: Verifying Public Keys (Authenticity):
• Alice and Bob exchange digital certificates to securely obtain each other’s
public keys.
• Certificates are signed by Certificate Authorities (CAs) to ensure authenticity.
Step 2: Symmetric Key Distribution (Confidentiality, Access Control):

on
• Digital Signatures: Proof of
origin and nonrepudiation.
• Alice encrypts her large file with a symmetric key (e.g., AES) for speed.

uti
• Hashing: Ensuring integrity. •
sends it.
tr i b
To securely send the symmetric key, Alice encrypts it with Bob’s public key and

• Only Bob’s private key can decrypt this key.

D is
for
Step 3: Symmetric Encryption (Confidentiality, Access Control):
t
No
• Alice encrypts the large file with the symmetric key and sends the ciphertext to

a,
Bob.
•
Access control is established N
h
Confidentiality is achieved since only Bob can decrypt it.
a the ciphertext and symmetric key only
•
to Bob. t by sending
e and Nonrepudiation:
je
ha
Step 4: Digital Signature for Integrity
b
Su
• Alice hashes the file and encrypts the hash with her private key, creating a
l
digital signature.
•
y Co Alice’s digital signature with her public key to confirm
Bob decrypts

P BBob hashes the file and compares it to Alice’s hash to confirm integrity.
authenticity.

S • Nonrepudiation of origin is achieved because Alice cannot deny sending the

•

CI S
or
file.

s f Step 5: Bob’s Digital Signature (Nonrepudiation of Delivery):

o te • Bob sends his digital signature back to Alice by hashing the file and encrypting

ll N
the hash with his private key.

rn e • Alice decrypts Bob’s signature with his public key to confirm authenticity.

C o • Alice compares the hash values to ensure nonrepudiation of delivery.

Step 6: Five Services of Cryptography:
• By combining symmetric encryption, asymmetric key exchange, and digital
signatures, Alice and Bob achieve all five cryptographic services:
Confidentiality, Integrity, Authenticity, Nonrepudiation, and Access control.

• In this example, Alice and Bob use hybrid cryptography to achieve confidentiality and
access control with symmetric encryption and asymmetric key exchange for secure
key distribution.
• Digital signatures provide integrity, authenticity, and nonrepudiation. This approach
ensures that their communication is secure and verifiable.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Cryptanalysis: Science of
breaking codes.
• Cryptanalytic Attacks:
Ciphertext only, Known
plaintext, Chosen plaintext,
Chosen ciphertext.
• Cryptographic Attacks: Man-
in-the-middle, Replay, Side-
channel, Dictionary attacks,
etc.
• Chosen plaintext attack: The attacker can choose specific
•
Cryptanalysis
What is Cryptanalysis?:
• Cryptanalysis is the science of cracking codes, breaking encryption
protocols, and deducing cryptographic keys.
• Cryptanalysis helps find and correct weaknesses in encryption
systems.
• Goal: To figure out the key, as encryption algorithms, ciphertext, and
processes are often known.
Types of Cryptanalytic Attacks:
• Ciphertext only attack: The attacker only has access to ciphertext
and tries to deduce the key or plaintext.
on
•
ti
Known plaintext attack: The attacker has both ciphertext and some
u
patterns and deduce the key.
r b
part of the corresponding plaintext, which helps them identify
i
t plaintext
is
r Dthe key.
and observe its corresponding ciphertext to deduce
fo
Chosen ciphertext attack: The attacker can tselect ciphertext and
obtain the corresponding plaintext, aimingo
N to analyze patterns and

a, Advanced mathematical
deduce the key.
h
Na algorithms and find patterns to
• Linear and differential cryptanalysis:
techniques used to analyze encryption
t
jee
deduce the key.
Types of CryptographicaAttacks:
b h
u
•Man-in-the-middle attack: An attacker intercepts communication
S to manipulate or eavesdrop on messages.
l
between two parties
o
as C
• Replay attack: The attacker captures and retransmits valid data, such
y
BSide-channel attack: Exploits physical characteristics of encryption,
an authentication token, to gain unauthorized access.
P
S such
•

CI S key.
as power consumption or electromagnetic leaks, to deduce the

for • Dictionary attack: Uses a precomputed list of potential passwords or

tes keys and tries each until the correct one is found.

N o • Rainbow tables: Precomputed tables that map hash values to their

ell
corresponding plaintext, speeding up the cracking process.

orn • Birthday attack: Exploits the birthday paradox in hashing to find

collisions, where two inputs produce the same hash.
C • Social engineering attack: Manipulates people into revealing sensitive
information such as encryption keys or passwords.

• Cryptanalysis encompasses techniques to break cryptographic systems by deducing

the key.
• The main attack types are cryptanalytic attacks (ciphertext, plaintext, chosen
ciphertext) and cryptographic attacks (man-in-the-middle, replay, dictionary, side-
channel).
• Each attack type aims to exploit weaknesses in encryption systems to gain
unauthorized access to protected data.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Cryptanalytic Attack Goal:
To determine the key.
• Brute-force Attack: Trying
every possible key.
• Cryptanalytic Attack Types:
Ciphertext-only, Known
plaintext, Chosen plaintext,
Chosen ciphertext.
• Other Cryptanalytic
Cryptanalytic Attacks
What is the main goal of cryptanalytic attacks?
• The primary goal is to determine the encryption key to break the
security of the cryptographic system.
Brute-Force Attack:
• This method involves trying all possible keys until the correct one is
found.
• Key length is critical: shorter key lengths make brute-force attacks
feasible. For example, a 56-bit key can be broken in hours, but a 256-
bit key might take longer than the age of the universe.

on
Attacks: Linear/Differential
cryptanalysis, Factoring •
55):
u i
Attack times grow exponentially with longer key lengths (see Table 3-
t
attacks.
• 56-bit key: 20 hours
tr i b
• 80-bit key: 54,800 years
D is
• 128-bit key: 1.5 × 10^19 years
t for
No
• 256-bit key: 5.2 × 10^57 years
Cryptanalytic Attack Types:
h a,
•
t Na type ofonlyattack.
Ciphertext-only attack: The attacker has access to ciphertext,

jeeThe attacker has access to both ciphertext

which makes it the most difficult
•
b ha helping deduce the key.
Known plaintext attack:
and some plaintext,
Su attack: The attacker can input known plaintext into
Chosenlplaintext
Cothe key. process to study the output ciphertext, making it easier
•
the encryption

By
to find

S P• Chosen ciphertext attack: The attacker chooses ciphertext and

CIS
obtains the corresponding plaintext, which can reveal the key.

for Additional Cryptanalytic Attacks:

tes • Linear cryptanalysis: Uses known plaintext and complicated

o mathematical analysis to determine the key.

ell N • Differential cryptanalysis: Uses chosen plaintext and mathematical

orn analysis to deduce the key.

C • Factoring attack: This attack specifically targets the RSA algorithm by

trying to factor large prime numbers to deduce the private key. It is
based on the difficulty of reversing the multiplication of large primes.

• Cryptanalytic attacks focus on deducing the encryption key using various techniques such as
brute-force, linear, and differential cryptanalysis.
• While brute-force attacks rely on trying all possible keys, more advanced techniques like factoring
and chosen-plaintext attacks exploit mathematical weaknesses in encryption algorithms like RSA.
• The goal is to break encryption and access protected information.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Man-in-the-Middle Attack
• Replay Attack
• Pass-the-Hash Attack
• Temporary Files Attack
• Implementation Attack
• Side Channel Attack
Cryptographic Attacks
• Man-in-the-Middle Attack (MitM):
• Attacker places themselves between two parties.
• Pretends to be both the sender and receiver (e.g., Alice and Bob).
• Can monitor, intercept, or alter communications.
• Allows attacker to control the flow of information and possibly steal
sensitive data like keys or passwords.
• Replay Attack:
• Attacker captures valid data transmissions (e.g., session identifiers).
• Replays them later to gain unauthorized access to a system.
• Common in systems that use session-based authentication.
• Does not require real-time intervention, unlike MitM.
ti on
• Pass-the-Hash Attack:
i bu
•
tr
Attacker captures password hashes rather than plaintext passwords.
s
•
D i
Presents the hash directly to authenticate to a system as a legitimate

for
user.
•
t
Bypasses standard password authentication mechanisms.
• Temporary Files Attack:
No
•
h a,
Encryption/decryption processes require plaintext, ciphertext, and

Na
keys.

et
• Keys are temporarily stored in RAM or other volatile memory.
•
je
Attacker may access these stored keys by reading memory.
•
bha
Implementation Attack:

Su
• Targets weaknesses in how an algorithm is implemented.
l
Co
• Example: WEP's use of RC4 is flawed due to short, repeated IVs.
• Attack exploits flaws in the cryptographic implementation rather than
By the algorithm itself.

SP
• Side-Channel Attack:

CI S • Monitors physical operations of a system to gather information.

for • Uses timing, power consumption, or electromagnetic radiation.

es • Commonly used by sophisticated attackers (e.g., intelligence

ot
agencies).

ll N
• Types:

rn e •
•
Timing: Measures how long activities take.
Power: Measures how much power is consumed during

C o operations.
• Radiation Emissions: Monitors electromagnetic emissions.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cryptographic Attacks

• Dictionary Attack •Dictionary Attack:

• Rainbow Table Attack
• Birthday Attack
• Social Engineering Attack
• Kerberos Attack
• Ransomware attack
• Fault Injection Attack
• Tries common password combinations to find a valid one.
• Enhanced by using databases of leaked passwords.
•Rainbow Table Attack:
• Uses precomputed tables of hash values to quickly find matches for
password hashes.
• Defeated by using salt: a random value appended to passwords
before hashing.
•Birthday Attack:
•
producing the same hash).
ti on
Exploits the probability of hash collisions (two different inputs

i bu
Based on the birthday paradox, where a small group has a high
r
•
chance of shared birthdays.
ist
•Social Engineering Attack:
D
•
t for
Non-technical attack to obtain cryptographic keys.

No
• Examples:

a,
• Purchase key attack: Bribing someone for the key.
•
h
Rubber hose attack: Using force or threats to obtain the key.
•Kerberos Attacks:
Na
•
eet
Exploits weaknesses in the Kerberos authentication system.
j
ha
• Examples:
b
Su
• Pass-the-hash to generate valid Kerberos tickets.

l • Golden ticket: Gaining access to the KRBTGT service

Co
account, allowing for forging tickets.

By • Silver ticket: Forging TGS tickets for specific services.

SP
•Ransomware Attack:

CI S • Attacker encrypts victim files and demands ransom for decryption.

for •
•
Relies on the secrecy of cryptocurrency for anonymity.
Payment does not always guarantee decryption or file recovery.

es
ot
•Fault Injection Attack:

ll N
• Deliberately introduces faults into hardware or software.

rn e • Exploits altered behavior for further attacks (e.g., bypassing access

controls).

C o • Often combined with side-channel attacks (e.g., reducing

countermeasures for timing analysis).

• Cryptographic attacks vary from direct attacks on the encryption keys to exploiting
weaknesses in implementation and user behavior.
• Common attacks include MitM, replay, pass-the-hash, and social engineering, each
with unique strategies for compromising secure systems.
• Some attacks like rainbow tables and birthday attacks exploit hashing vulnerabilities,
while others, like ransomware, leverage encryption for malicious purposes.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Physical security goals
• Importance of availability in
physical security
• Relationship between
physical and logical security
• Primary goal of physical
security
• Deter/Prevent controls
• Delay controls
Physical Security
Physical Security Goals:
• Physical security aims to protect assets both inside and outside the
organization, including ensuring confidentiality, availability, and
integrity.
• Example: Maintaining a clean power supply helps ensure availability.
Importance of Availability in Physical Security:
• Physical security ensures availability by maintaining environmental
factors like temperature and power consistency, preventing downtime of
critical systems.
• Example: Keeping server rooms at optimal temperatures helps prevent

on
overheating.
• Detect controls
• Assess and respond
Relationship Between Physical and Logical Security:
uti
controls
•
tr i b
Physical and logical security share common goals—confidentiality,

D is
integrity, and availability. However, they implement controls differently.

for
• Example: Logical security uses preventive, detective, and corrective
controls, while physical security uses deter, detect, and correct controls.
t
No
Primary Goal of Physical Security:

a,
• The primary goal of physical security is the safety and protection of
h
human life. All physical security decisions are made to ensure that no one

Na
is endangered.

jeet
Deter/Prevent Controls:

ha
• These controls aim to deter or prevent intrusions before they occur.
•
b
Example: A fence around the property acts as a preventive measure.
Su
Signage like "Trespassers will be prosecuted" acts as a deterrent.
l
Co
Delay Controls:

By • Delay controls hinder an attacker’s progress.

SP
• Example: Locks delay access, but they are not foolproof and should be
used with other controls like CCTV and security personnel.

CI S Detect Controls:

for • Detective controls alert to the presence of an intruder.

es Example: A barking dog or CCTV cameras help detect unauthorized

ot
•
activities, providing the ability to respond promptly.

ell N Assess and Respond Controls:

orn • Once a threat is detected, assessment and response actions are taken to
mitigate it.
C • Example: Security guards assess the situation after an alert and respond
by intervening or contacting authorities.

• Physical security ensures the safety and protection of assets and human life by
implementing controls that deter, delay, detect, assess, and respond to threats.
• It plays a crucial role in maintaining the availability of critical resources and works in
alignment with logical security to protect confidentiality, integrity, and availability.
• Controls are designed to safeguard the organization without endangering individuals.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Threats to Physical Security
Types of Physical Security Threats:
• Types of physical security • Physical security threats can take various forms, ranging from physical
threats theft to more covert operations like espionage or social engineering.
• Theft
• These threats can compromise an organization's assets and confidential
• Espionage information.
• Dumpster diving
Theft:
• Social engineering
• Shoulder surfing • Attackers steal physical items from the target’s premises.
• HVAC compromise • Example: Computers, confidential documents, or expensive equipment
can be taken.
Espionage:
t i on
• Attackers target sensitive or proprietary information to sell to
i bu
competitors or on the dark web for monetary gain.
s r
tcompany
i
rD
• Example: Stealing new drug research from a pharmaceutical
and selling it to a rival company.

t fo
Dumpster Diving:
o
• Attackers inspect discarded trash to recover
a , Nsensitive information that
wasn’t disposed of securely.
• Example: A discarded document a
h
tN
with passwords or company data found
in a dumpster.
e
Social Engineering:
h aje
S ub actions
• Leveraging the human element, attackers persuade an employee to
l
perform unauthorized or reveal sensitive information.

y CoPretending
• Example: to be IT support to get an employee to reset their

P B
password for an attacker.

I SS • A form of social engineering where the attacker watches over

Shoulder Surfing:

C
or
someone's shoulder while they access sensitive information.

s f • Example: Watching an employee log into their system to gain their

o te credentials.

ell N HVAC Compromise:

orn • Attackers compromise the heating, ventilation, and air conditioning

system to either gain access or damage equipment.
C • Example: Disabling cooling in a server room to overheat and damage
critical infrastructure.

• Physical security threats encompass a variety of tactics, from straightforward theft to more complex
attacks like espionage and social engineering.
• These threats exploit both physical vulnerabilities (such as HVAC systems) and human weaknesses
(such as shoulder surfing or social engineering), which highlights the importance of comprehensive
security measures.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layered Defense Model
Layered or Defense-in-Depth Approach:
• Layered or defense-in-depth
approach • The best physical security strategy uses a layered defense, also
• Prioritization of human life known as defense-in-depth.
• Layered defense concept • This involves multiple security layers to protect an organization from
• Example: Optimal number of external to internal threats.
doors for security
• Balancing security and safety Prioritization of Human Life:
• In any physical security model, the safety and protection of human
life takes precedence over all other considerations.
Layered Defense Concept: ti on
i bu
• Multiple layers of defense are implemented, starting from the
str
i
r D by building
outermost perimeter to the building interior.
o
• Example: A fence could serve as the first layer,ffollowed
t
walls as the second layer.
N o
Example: Optimal Number of Doors a for, Security:
a h the optimal number of doors on
tis N
• From a purely security perspective,
e
je
a building is zero, but this not functional for safety.

emergencies.ub
ha is one, but this may impact safety in
• The next best number

o lS
y C The ideal number of doors should be “as close to zero as
B
• Key Point:
P possible” while ensuring there are enough emergency exits to
S
CIS
protect human life.

for Balancing Security and Safety:

tes • While limiting access points increases security, there must be a

o balance to ensure that people can evacuate quickly in case of an

ell N emergency.

orn
C

• The layered defense model in physical security emphasizes the use of multiple layers of protection,
starting from the outer perimeter.
• While security is essential, the safety of human life must always be prioritized, especially when
determining access points like doors.
• The optimal security solution balances access control with emergency egress needs.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Designing Site and Facility Security Controls
• Security or site survey
• Crime Prevention Through
Environmental Design
(CPTED)
• Identifying physical security
controls
• Threat definition
• Target identification
• Facility characteristics
Security or Site Survey:
• A security survey is an extension of risk management. It involves
threat definition, target identification, and identifying facility
characteristics to assess risks and apply physical security controls.
Crime Prevention Through Environmental Design (CPTED):
• CPTED is a professional practice that provides guidelines for the
design of buildings and structures with environmental and
infrastructural considerations. It aims to prevent crime by designing
safer environments.
Identifying Physical Security Controls:

on
• High-value areas and Before implementing security controls, the most valuable assets and
examples
•
t
associated risks must be identified. The process involves assessing
u i
tr i b
risks and vulnerabilities to determine the best risk treatments.
Threat Definition:
is
•
fo
Example: A threat could be theft, natural disasters, rorDsabotage.
Applicable threats that may impact the site are identified.

o t
, Nto be targeted by the
Target Identification:
Determines which assets are mosta
•
identified threats.
a h likely

tN
Example: High-value assets like server rooms or sensitive data centers.
Facility Characteristics: e
h ajevulnerabilities and considers factors like
ub potential threats.
• Identifies each asset’s
accessibility and
S
ol
High-Value Areas:
C
•
B yHigh-value areas are identified based on their importance to the
organization. Security controls should be implemented to protect
S P these areas.

CIS
Examples:

or
• Wiring Closets: Contain networking equipment on each floor.

s f Media Storage: Holds sensitive physical or digital media.

o te •

ll N
• Evidence Storage: Stores important legal or regulatory evidence.

rn e • Server Rooms: Houses the most valuable network infrastructure.

C o • Restricted Work Areas: Locations that require additional security due

to the nature of the work.

• A security survey helps identify potential threats, valuable assets, and vulnerabilities within a
facility.
• It is essential to prioritize human safety and ensure that appropriate physical security controls are
put in place to protect high-value areas such as wiring closets, server rooms, and evidence storage.
• Techniques like CPTED guide the design of environments to reduce risks, while operational
considerations like Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP) ensure
ongoing protection during crises.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Perimeter Security Controls
Perimeter Controls:
• Perimeter controls
• Landscaping as a security • Perimeter controls are crucial for physical security and include
control elements like landscaping, grading, fences, gates, and bollards.
• Grading for site protection Fewer access points in the perimeter improve overall security.
• Bollards for vehicle defense Landscaping as a Security Control:
• Landscaping can be strategically used to limit access and direct
movement around a building.
• Example: Large trees should not be placed directly near a building
to avoid providing cover for intruders or obstructing CCTV
ti on
sightlines.
i bu
•
s tr
Proper landscaping, combined with lighting, can significantly
i
rD
hinder malicious activities.
Grading for Site Protection:
t fo
o
•
a , N around the facility.
Grading refers to how the ground is sloped
• Example: Ground should slope
flooding during heavy rain, N
ahaway from a data center to prevent
et
ensuring the facility remains dry.
je
ha barriers, often stationary or pop-up, used to
Bollards for Vehicle Defense:
b
•
l Su access to restricted areas.
Bollards are physical

Co Bollards are commonly found in front of government

block vehicle
• y
Bbuildings or military base entry points to prevent vehicles from
Example:
P
S crashing into the structure or checkpoint.
CI S
for • Some organizations use concrete planters as bollards to prevent

tes vehicle-based attacks while maintaining an aesthetic appearance.

o
ell N
orn
C

• Perimeter controls such as landscaping, grading, and bollards are essential for protecting a facility.
• Proper landscaping and grading can prevent easy access to critical areas and protect against
environmental risks like flooding.
• Bollards are crucial for preventing vehicle-based attacks, especially in high-risk areas like
government buildings.
• Together, these controls help maintain a secure perimeter while balancing functionality and
aesthetics.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Closed-circuit TV (CCTV)
Primary Control Type for CCTV:
• Primary control type for CCTV
• CCTV cameras are primarily detective controls but can also
• Functions of CCTV cameras serve as a deterrent and aid in security audits.
• Camera placement
considerations Functions of CCTV Cameras:
• Image quality and its • Detective control: Monitors and records activities to detect any
importance suspicious behavior.
• Transmission media and • Deterrent: Visible cameras can discourage unwanted activities.
storage considerations
• Legal and privacy concerns • Audit tool: Recorded footage can be reviewed during security
audits to analyze incidents or prevent future issues.
Camera Placement Considerations: ti on
i bu
•
s tr
Proper placement is critical. Cameras should cover major
entrances/exits and high-priority areas.
i
•
faces and other distinguishing features. fo
r D of individuals'
They must be positioned to capture clear images

ot be positioned at
• N easy identification.
Example: Cameras at entry points should
, for
a
angles that capture facial features
h
a
tN
Image Quality and Its Importance:
Image quality shouldebe
•
je sufficient to capture clear details in all
haimage quality is too poor to recognize
conditions, including day, night, and varying weather.
Key Point: Ifb
Su the system is ineffective.
• the
l
individuals,
Co Media and Storage Considerations:
Transmission
y
S P• B Consider how the video feeds are transmitted to monitoring
stations and stored. Determine whether the footage is reviewed
CI S live (24x7 monitoring) or archived for later use.

for • Example: Images might be recorded to hard drives or tapes,

es with specific policies on how long recordings are kept before
ot
archiving.

ell N Legal and Privacy Concerns:

orn • Local laws may dictate the length of storage, who can view the
footage, and whether cameras can record public areas.
C • It's important to ensure compliance with privacy regulations
when installing CCTV systems.

• CCTV cameras primarily function as detective controls, but they also act as deterrents
and tools for security audits.
• Key considerations include proper placement, ensuring image quality, and addressing
transmission and storage needs.
• Legal requirements and privacy laws play a significant role in determining the use and
storage duration of video footage.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Passive Infrared Devices
Definition of Passive Infrared Device:
• Definition of passive infrared
device • A passive infrared device (PIR) is a motion detector that identifies
• How passive infrared devices
motion by detecting infrared light emitted by objects and humans.
detect motion How Passive Infrared Devices Detect Motion:
• Sensitivity to temperature
changes • The device functions like a low-resolution infrared camera, taking
• Calibration of passive continual snapshots of a room and comparing them.
infrared devices • Human bodies emit more heat than typical room temperatures,
• Example of operation in hot allowing PIR devices to notice changes when someone enters a room.
on
climates Example:
t i
uthe
• When a person moves, the infrared signature changes, triggering
device to send an alert. tr i b
is
Sensitivity to Temperature Changes:
fo rD
o
• PIR devices are extremely sensitive to changes t in temperature, which
can affect their accuracy.
, N
a
h differences between objects and
a
• They work by detecting temperature
the environment.
e tN
aje Devices:
Calibration of Passive Infrared
h
• Because ambient
S ub temperatures fluctuate, especially in environments

need too
l
where temperatures may rise above human body heat, PIR devices

yC
constantly recalibrate to ensure accurate detection.
• B
Example: In hot climates like Texas, where the outdoor temperature

I SSP exceeds the warmth of a human body, PIR devices detect cooler
C objects instead of warmer ones.

for Example of Operation in Hot Climates:

tes
o • In areas with extreme heat, the device must adjust its detection

ell N parameters, detecting cooler objects instead of warmer ones when

temperatures exceed body heat levels.
orn
C • This requires constant recalibration to remain effective.

• A passive infrared device is a motion detector that works by detecting infrared light and
comparing snapshots of a room to notice temperature changes.
• It is highly sensitive to ambient temperature fluctuations, especially in hot climates, and must
continually recalibrate to maintain accurate motion detection.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Lighting
Role of External Lighting:
• Role of external lighting
• Lighting as a deterrent • External lighting is used for both security and safety purposes.
• Lighting and safety
• It helps illuminate surrounding areas, making it easier to spot
• Lighting and camera systems potential threats.
Lighting as a Deterrent:
• A well-lit building is a strong deterrent to criminal activities,
especially at night.
• Example: It's difficult for intruders to sneak around a well-lit
building unnoticed. ti on
i bu
Lighting and Safety:
st r
i
Dfewer like
•
f o r
External lighting enhances safety, especially in places
lots. Statistics show that well-lit areas experience
parking
attacks.
o t
• Example: A well-lit parking lot reduces
making it safer for people to walk.a,
Nthe likelihood of crime,
a h
Lighting and Camera Systems:
e tN
•
a je Lighting helps
Proper lighting enables camera systems to capture clearer footage
bh more effectively. cameras detect activities
and improve visibility.
around theu
l SA well-lit area improves the performance of CCTV
building
• o
C enhancing their ability to monitor and detect suspicious
Example:
B ycameras,
S P activities.
CIS
for
tes
o
ell N
orn
C

• External lighting is a key deterrent that enhances both security and safety by making it
difficult for criminals to operate in the dark.
• It also improves the effectiveness of camera systems by providing better visibility and
ensuring clearer footage.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Doors and Mantraps
Door Composition and Security:
• Door composition and
security • The composition of a door significantly impacts its security. The type
• Door frame construction of material the door is made from (e.g., steel, wood) determines its
• Hinge placement and safety ability to withstand forced entry.
• Mantraps: definition and
purpose
Door Frame Construction:
• Tailgating prevention with • Even with a secure door, if the door frame is weak (e.g., a steel door
mantraps on a wooden frame), the door becomes vulnerable.
• Intruders can target the frame, rendering the strong door ineffective.
Hinge Placement and Safety: t i on
i
• Doors with external hinges are less secure because hingerpins bucan
be removed, allowing the door to be taken off easily. is
t
o r Don the outside
• Example: Exterior doors in buildings often havefhinges
ot (e.g., fire) where
for safety reasons, such as in emergency situations
, Nexit.
doors need to swing outward to allow safe
a
Mantraps: Definition and Purpose: ah
• A mantrap consists of a e t N set of doors or a turnstile, and it is
je (an unauthorized person following an
double
ainto
designed to prevent tailgating
h
ub
authorized individual a secure area).
S use two levels of authentication (e.g., badge,
• Mantrapsltypically
o
C for added security.
biometrics)
y
B Prevention with Mantraps:
PTailgating
S • Mantraps prevent tailgating by isolating individuals between the two
CI S
for sets of doors or within a turnstile.

tes • If an unauthorized person attempts to follow someone, they are

o trapped within the space and cannot proceed.

ell N
orn
C

• The security of doors depends on both their composition and the construction of the
frame. While outward-swinging doors are less secure, they are critical for safety in
emergencies.
• Mantraps are essential for preventing tailgating, using a double set of doors or
turnstiles to control access and ensure that only authorized individuals enter secure
areas.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Locks as delay controls
• Types of locks: mechanical
and electronic
• Privacy concerns with
biometric locks
• Weaknesses of different
locks
• Keypad and combination lock
precautions
Locks
Locks as Delay Controls:
• Locks, regardless of type (keyed, card reader, biometric), act as delay
controls.
• Given enough time, any lock can be defeated, meaning they delay
access rather than prevent it.
Types of Locks: Mechanical and Electronic:
• There are two primary categories of locks:
• Mechanical locks: Include keyed and combination locks.
• Electronic locks: Include magnetic, proximity/RFID, and

on
• Lock types: key, combination, biometric locks.
magnetic, proximity,
Privacy Concerns with Biometric Locks:
uti
biometric
tr i b
• Biometric locks are growing in use due to their accuracy and security,
• Security of combination locks
is
but employees may have privacy concerns related to sharing personal
D
for
data like fingerprints or retinal scans.
Weaknesses of Different Locks: t
No
• Keypad locks: Susceptible to shoulder-surfing, where someone
watches the code being entered.
h a,
Na
• Combination locks: Can be vulnerable to brute-force attacks,

jeet
depending on the complexity of the combination.

ha
• Example: Weak metal composition can make locks easier to physically
break.
b
Su
Keypad and Combination Lock Precautions:
l
y Co
• For keypad locks, it's wise to install a cover to block the view of others
when entering a code.
B
SP
• Codes should be changed regularly and access privileges reviewed

CI S frequently to prevent unauthorized access.

for Lock Types:

es • Key locks: Operated by inserting a key and moving internal tumblers.

ot • Combination locks: Use a rotating dial with a series of right/left turns

ll N
to unlock.

rn e • Magnetic (Maglocks): Employ an electromagnet and metal plate, often

C o activated by a card reader or button.

• Proximity/RFID locks: Use key cards that are read by holding the card
near the reader.
• Biometric locks: Use fingerprint, palm, iris, or retinal scans for
access control. These are highly accurate but raise privacy concerns.

• Locks serve as delay controls, and their effectiveness depends on their type and the precautions
taken to prevent weaknesses like shoulder-surfing or brute-force attacks.
• Mechanical and electronic locks come in various forms, such as key locks, magnetic locks, and
biometric locks, each with different security features.
• The complexity of combination locks is crucial to their overall security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Card Access/Biometrics
Cost of Card Access vs. Biometric Systems:
• Cost of card access vs.
biometric systems • Card access control systems are generally more inexpensive than
• Weaknesses of card access biometric access control systems.
systems
• Accuracy of biometric Weaknesses of Card Access Systems:
systems • Card access systems are prone to abuse and are not foolproof.
• Privacy concerns with
biometric systems • Example: Cards can be lost or loaned to another person,
• Safety benefits of card compromising security.
access systems
Accuracy of Biometric Systems:
i on
• Combination of card access
ut
and biometrics
tr i b
• Biometric systems are highly accurate and enforce stricter access
control by using physical characteristics such as facial recognition,
is
rD
palm scans, or retina/iris scans.
Privacy Concerns with Biometric Systems: f o
tusing biometric systems
N
• Despite their accuracy, employees may resist o
due to growing privacy concerns. a,
ah
• Example: Storing and processingN
tsecurity.
biometric data may raise worries
e
je Systems:
about personal information

h aAccess
ub
Safety Benefits of Card
• Card access
l S control systems log movements of individuals when they
enter oroexit a building, which can help ensure employee safety by
C
y who is inside the building during an emergency.
B
knowing

I SSPCombination of Card Access and Biometrics:

C • To enhance security, card access systems can be combined with
for biometric checks, which provide stricter access control. In high-
tes security areas, biometric-only systems may be preferred, though they
o are more expensive and privacy-sensitive.

ell N
orn
C

• Card access systems are inexpensive but less secure due to risks like lost or shared cards.
• Biometric systems offer stricter control and greater accuracy, but they are more costly and raise
privacy concerns.
• The combination of both methods can ensure higher security while offering some level of
convenience in monitoring movements, which enhances employee safety in emergencies.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Windows
Windows as a Security Vulnerability:
• Windows as a security
vulnerability • While windows offer natural light and beautiful views, they are also a
• Shock sensors vs. glass break significant weak point in building security. Intruders often target
sensors windows for easy entry.
• Sensors for noisy vs. quiet Shock Sensors vs. Glass Break Sensors:
environments
• Functionality of glass break • Shock sensors detect vibrations when glass breaks and are ideal for
sensors noisy environments.
• Glass break sensors function as microphones tuned to hear the
sound of glass breaking and can monitor multiple windows at once.
ti on
Sensors for Noisy vs. Quiet Environments:
i bu
s r
t sound-
• Shock sensors are effective in noisy environments where i
D or gathering.
based sensors might struggle, such as during a loud
fo r event
o t
• Glass break sensors work best in quiet environments where
, N
detecting the unique frequency of glass shattering is easier.
• Example: In an office building ora ha fewer glass break sensors may
home,
be needed as one sensor canN
et cover multiple windows.
aje Sensors:
Functionality of Glass Break
h
u b are designed to listen for the specific sound
• Glass break sensors
S
l of breaking glass.
o
frequencies
Cadvantage lies in needing fewer sensors to cover larger areas, as
y
• Their
B
S P opposed to shock sensors that must be installed on each window pane.
CIS
for
tes
o
ell N
orn
C

• Windows are a major vulnerability in physical security. Both shock sensors and glass break
sensors can mitigate this risk, with shock sensors excelling in noisy environments and glass break
sensors being more suitable for quiet areas.
• Glass break sensors, which function like microphones, offer broader coverage by detecting the
sound of shattering glass.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

CISSP Cornell Notes by
Col Subhajeet Naha, Retd
Domain 4 : Communication and
Network Security
 Secure Design Principles in Network Architectures
Importance of Secure Network Design:
• Importance of secure • Designing a secure network architecture helps protect the organization from
network design potential threats, ensuring confidentiality, integrity, and availability of data
• Defense in depth and services.
• Least privilege Defense in Depth:
• Segmentation and • Employing a layered security approach ensures multiple defensive
segregation strategies are in place, making it harder for an attacker to compromise the
• Redundancy entire system.
• Secure protocols • Example: Using firewalls, intrusion detection systems (IDS), and anti-
• Monitoring and auditing malware solutions in combination.
Least Privilege:
ti on
• This principle ensures that users, applications, and services are given
i buthe
minimum access necessary to perform their tasks.
st r
• Example: An employee should only have access to data D andi systems
f
required for their job, reducing the risk of unauthorized
t oraccess.
Segmentation and Segregation:
N o
• Network segmentation involves dividing
h aand, limit the impact
a network into smaller, isolated

breaches. a
sections to reduce the attack surface of security
N for different departments or isolating
e tVLANs
ajegeneral user networks.
• Example: Creating separate

h
sensitive systems from
b
Redundancy:
S u
o lremain available
• Building redundancy into the network ensures that critical systems and

y C Implementing redundant power supplies, multiple internet

services in case of failure.
• BExample:
S P connections, and failover systems to avoid single points of failure.
CI S Secure Protocols:

for • Using secure communication protocols like HTTPS, SSL/TLS, and IPsec

es ensures that data is encrypted in transit and secure from interception.

ot Monitoring and Auditing:

ell N • Continuous monitoring of network traffic and regular auditing of systems

orn helps detect anomalies, unauthorized access, and potential security threats
in real-time.
C • Example: Utilizing SIEM (Security Information and Event Management)
systems to log and analyze network activity.

• Implementing secure design principles in network architecture ensures the protection of systems
through defense in depth, least privilege, segmentation, and redundancy.
• Utilizing secure protocols and continuous monitoring helps maintain security and detect threats
early. These practices enhance the overall resilience of the network.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Implementing Secure Design Principles in Network
Architectures
OSI and TCP/IP Models:
• OSI and TCP/IP models • The OSI (Open Systems Interconnection) Model and TCP/IP Model are
• Function of each OSI layer frameworks that describe how data is transmitted and received over a
network. They help explain how different layers of the network interact.
• Devices and protocols at
each OSI layer Function of Each OSI Layer:
• Encapsulation and • The OSI Model has seven layers, each with a specific role in network
communication:
decapsulation
• Role of networking in 1.Physical Layer: Transmits raw data bits over physical media (cables, radio waves).
organizational objectives 2.Data Link Layer: Manages node-to-node data transfer (e.g., MAC addresses,
switches).
3.Network Layer: Handles routing of data packets between devices (e.g., IP
addresses, routers).
ti on
i bu
4.Transport Layer: Ensures reliable data transfer (e.g., TCP, UDP).
s t r
5.Session Layer: Manages sessions and connections between devices. i
f o rD
6.Presentation Layer: Translates data formats and handles encryption.

o
7.Application Layer: Interfaces with end-user applicationst (e.g., HTTP, FTP, DNS).
Devices and Protocols at Each OSI Layer:
a ,N
•
a
Physical Layer: Hubs, cables, wirelessh signals.
•
e
Data Link Layer: Switches, MACt Naddresses.
•
a
Network Layer: Routers, jeIP, ICMP.
h
bTCP, UDP.
•
S u
Transport Layer:
Session lLayer: Session management protocols.
Co Layer: Encryption and data translation.
•
•
y
Presentation
• BApplication Layer: Web browsers, HTTP, DNS, FTP.
P
S Encapsulation and Decapsulation:
CI S
for • Encapsulation refers to the process of adding headers (control information) to
data as it moves down the OSI layers, preparing it for transmission.

tes Decapsulation is the reverse process, where headers are stripped as data
moves up the OSI layers, making it readable for the application.
o
ll N
Role of Networking in Organizational Objectives:

rn e • Networks are critical for enabling communication, revenue generation, and

C o client interaction. Because networks are a valuable organizational asset, they

require comprehensive protection to maintain security, efficiency, and
reliability.

• The OSI Model provides a layered framework for understanding how data is transmitted across
networks. Each layer has specific responsibilities, with various devices and protocols functioning at
different layers.
• The processes of encapsulation and decapsulation ensure data is properly transmitted and
received. Networks are essential to organizational success, requiring robust security measures to
protect their integrity.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Network and Protocol
What Is a Network?
• Definition of a network
• Definition of a protocol • A network consists of at least two devices that are connected to
each other for communication.
• Importance of protocols in
communication • Example: A computer connected to a printer or another computer is a
• OSI Model and its relevance simple network.
to protocols
What Is a Protocol?
• A protocol is a set of standard rules that governs communication
between devices on a network. Protocols ensure that messages can
be sent, received, and understood by different devices.
ti on
i
• Example: TCP/IP is a widely used protocol that allows computers bu to
communicate over the internet.
s tr
i
Importance of Protocols in Communication:
fo rD
o
• Protocols define the common rules that allow tdevices to
, N way.
communicate in a consistent and predictable
a
• Without protocols, devices woulda hnot understand each other’s
t N impossible.
messages, making communication
e
aje to Protocols:
OSI Model and Its Relevance
h
u bprovides a framework for how data is transmitted over
S
• The OSI Model
ol
a network.
C
B y operate at various layers of the OSI model to ensure that
• Protocols

SP• Example: The HTTP protocol operates at the Application Layer of the
data is properly sent and received.

CI S
for OSI model to enable web communication.

tes
o
ell N
orn
C

• A network is a connection between two or more devices, and protocols are the standardized rules
that enable communication between these devices.
• The OSI Model helps structure these communications, with different protocols operating at various
layers to ensure successful data exchange.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 OSI (Open System Interconnection) Model- 1
Definition and Purpose of the OSI Model:
• Definition and purpose of the
OSI model • The OSI (Open Systems Interconnection) Model is a layered
• Seven layers of the OSI model architecture that standardizes how data is transmitted across
• Encapsulation and networks. It enables open systems to interconnect and
decapsulation communicate through defined protocols.
• OSI vs. TCP/IP Model Seven Layers of the OSI Model:
• Devices and protocols at
each OSI layer The OSI model consists of seven layers, each with distinct functions:
• Firewalls at multiple OSI
1. Physical Layer: Transmits raw bits (0s and 1s) across physical
on
layers
media like cables and fiber optics.
• Importance of security at
ti
uMAC
different layers 2. Data Link Layer: Manages node-to-node communication using
tr i b
addresses.
is
o rD
3. Network Layer: Routes data packets using IP addresses.
f
ot
4. Transport Layer: Ensures reliable data transmission through TCP or
N
a, sessions between
UDP.
h
Na
5. Session Layer: Manages and maintains
applications.
t
e data formats and handles
e
6. Presentation Layer: jTranslates
encryption.
b ha
l SuLayer: Interfaces with end-user applications like HTTP,
o
7. Application
CFTP.
DNS,
B y
S• PEncapsulation and Decapsulation:

CI S Encapsulation: As data moves down the OSI layers, each layer adds

for headers and trailers.

tes • Decapsulation: As data moves up the OSI layers on the receiving

o device, headers and trailers are stripped away.

ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 OSI (Open System Interconnection) Model - 2
OSI vs. TCP/IP Model:
• Definition and purpose of the
OSI model • The TCP/IP model consists of four layers:
• Seven layers of the OSI model
1. Application (OSI Layers 5-7)
• Encapsulation and
decapsulation 2. Transport (OSI Layer 4)
• OSI vs. TCP/IP Model
• Devices and protocols at 3. Internet (OSI Layer 3)
each OSI layer 4. Link (OSI Layers 1-2)
• Firewalls at multiple OSI

on
layers Devices and Protocols at Each OSI Layer:
• Importance of security at
• Physical Layer: Hubs, NICs, cables.
u ti
different layers
• Data Link Layer: Switches, MAC addresses, L2TP, PPTP. t r i b
D is
• Network Layer: Routers, IP addresses, ICMP, NAT.
t for
• Transport Layer: TCP, UDP, iSCSI.
N o
,
• Application Layer: HTTP, DNS, FTP,aSSH.
h
t Na
Firewalls at Multiple OSI Layers:
je e
h a
• Network Layer: Packet-filtering firewalls provide basic filtering with

ub Application proxy firewalls offer detailed filtering

high speed.
S
ol processing overhead.
• Application Layer:
C
but introduce
y of Security at Different Layers:
B
Importance

I SSP• Lower layers (Physical, Data Link, Network) offer high efficiency and
C
or
speed but limited security.

s f
o te • Higher layers (Session, Presentation, Application) provide advanced
security features but introduce complexity and slower processing.

ell N
orn
C

The OSI Model structures network communication into seven layers, with specific roles
for each layer. Encapsulation and decapsulation enable data to move between devices.
The TCP/IP model is a simplified four-layer version used to implement OSI concepts.
Security decisions vary across OSI layers, with a balance between speed and complexity
needed at each level.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layer 1: Physical Layer
Definition of Layer 1:
• Definition of Layer 1
• Data at the Physical layer • Layer 1, the Physical layer, focuses on the transmission of raw bits
• Transmission media: wired (0s and 1s) across physical media. It determines how devices
vs. wireless interconnect and how data is encoded for transmission.
• Types of wired media: twisted Data at the Physical Layer:
pair, coaxial, fiber optic
• Network topologies: Bus, • At this layer, data is referred to as bits. Communication happens
Tree, Star, Mesh, Ring through physical media, either wired or wireless.
• Layer 1 devicesTransmission
Transmission Media - Wired vs. Wireless:
on
methods: unicast, multicast,
broadcast • Common wired media types include:
uti
• Collision avoidance and
r
• Twisted Pair: Shielded (STP) or unshielded (UTP), used to
t i b
•
CSMA
Cut-through vs. Store-and-
create magnetic fields to protect signals.
D is
for
forward switching • Coaxial Cable: Single strand of copper wire, commonly used
for cable TV and internet.
t
No
• Fiber Optic: Uses light pulses to transmit data, offering
a,
superior speed and security over long distances.
h
• Wireless media includes radio
t Nafrequency, infrared, and microwave
transmission.
je e
ha
Types of Wired Media:
b
SuReduces interference through twists, often used for
l
• Twisted Pair:
Co networks.
local area
y
• BCoaxial Cable: Uses multiplexing to transmit multiple signals over
S P one wire.

CIS • Fiber Optic: Offers high security and speed; not as prone to
for interference or eavesdropping.

tes
o
ell N
orn
C

• The Physical layer handles the transmission of raw bits using wired or wireless media. Different
network topologies dictate how devices are connected, with hubs, repeaters, and NICs being key
devices at this layer.
• Transmission methods like unicast, multicast, and broadcast define how data flows, while
collision avoidance is crucial for network efficiency. The choice between cut-through and store-
and-forward switching balances speed and error checking.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layer 1: Physical Layer
Network Topologies:
• Definition of Layer 1
• Common topologies define how devices are connected:
• Data at the Physical layer
• Transmission media: wired • Bus Topology: All devices connected to a central wire; easy to extend but
prone to collisions and single points of failure.
vs. wireless
• Types of wired media: twisted • Tree Topology: Branches out connections, isolates transmissions to limit
data exposure.
pair, coaxial, fiber optic
• Star Topology: Devices connect to a central switch; failure of the central
• Network topologies: Bus,
hub disrupts the entire network.
Tree, Star, Mesh, Ring
• Mesh Topology: Every device connects to every other device, providing
• Layer 1 devicesTransmission redundancy.

on
methods: unicast, multicast,
broadcast
•
to avoid collisions.
u i
Ring Topology: Devices connected in a closed loop, with token passing
t
• Collision avoidance and
tr i b
•
CSMA
Cut-through vs. Store-and-
Layer 1 Devices:

D is
for
• Devices at Layer 1 include:
forward switching
• t
o distance.
Hubs: Simple devices that broadcast data to all connected devices.
N
a, between computers and
• Repeaters: Amplify signals to extend transmission
h
Na
• NICs (Network Interface Cards): Interface
networks.
e t
je
hatransmitting data:
Transmission Methods:

b
Su communication.
Three primary methods for

l
Co One-to-many communication.
• Unicast: One-to-one

B y
• Multicast:

P
S Collision Avoidance and CSMA:
• Broadcast: One-to-all communication within the network.

CI S
for
tes • In shared media, collisions occur when two devices send data at the same time.
Collision avoidance is managed using CSMA (Carrier Sense Multiple Access)
o protocols to prevent simultaneous transmissions.

ell N Cut-through vs. Store-and-Forward Switching:

orn • Cut-through: Switch starts forwarding data immediately after reading the
C destination address. Low latency, but error checking is minimal.
• Store-and-forward: Switch waits for the entire packet, checks for errors, and
then forwards it. Higher latency, but error-free transmission.

• The Physical layer handles the transmission of raw bits using wired or wireless media. Different
network topologies dictate how devices are connected, with hubs, repeaters, and NICs being key
devices at this layer.
• Transmission methods like unicast, multicast, and broadcast define how data flows, while
collision avoidance is crucial for network efficiency. The choice between cut-through and store-
and-forward switching balances speed and error checking.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Dealing with Collisions
Collision Issues in Network Topologies:
• Collision issues in network • Collisions occur when multiple devices transmit data at the same time,
topologies causing data to clash. This is a problem in most topologies except for
• Methods to handle token ring networks.
collisions Methods to Handle Collisions:
• CSMA (Carrier Sense 1. Token-based Collision Avoidance:
Multiple Access)CSMA/CA • A token is passed between devices, and only the device holding the
vs. token can transmit data.
• CSMA/CD • This method is used in token ring networks.
• Collision detection and 2. Polling:
avoidance • Devices poll each other to check if any device needs to transmit.
ti on
i bu
• However, this causes a lot of network traffic, making it inefficient
and rarely used.
str
3. CSMA (Carrier Sense Multiple Access):
D i
for
• Devices share the same carrier (wire) and sense the wire before
sending data.
t
No
• If the wire is free, data can be sent. This is the most common method

a,
in modern networks.
h
Na
CSMA/CA vs. CSMA/CD:

et
1. CSMA/CA (Collision Avoidance):
•
je
Used in wireless networks, this method prevents collisions

bha
by using two communication lanes: one for sending and one
for receiving data.
•
l SuWireless networks use CSMA/CA to communicate with

Co
access points and avoid collisions entirely.

By 2. CSMA/CD (Collision Detection):

SP
• Used in older wired networks, like Ethernet networks with

CI S hubs. Devices detect collisions after transmission and resend

data if needed.

for • Modern Ethernet networks use switches in full-duplex mode,

es which avoids collisions, making CSMA/CD mostly obsolete.

ot CSMA/CD Process:

ell N 1. The device checks if the line is idle before sending a frame. If the line is
busy, it waits until the line is free.
orn 2. After sending, the device monitors for collisions. If a collision occurs, a
C jam signal is sent.
3. The device waits for a random amount of time before attempting to
send the data again.

• Collisions occur in shared media networks, and several methods—token-based, polling, and
CSMA—are used to handle them.
• CSMA/CA is used in wireless networks to avoid collisions, while CSMA/CD was used in older wired
networks to detect and correct collisions.
• Modern Ethernet networks now use switches to avoid collisions altogether, making CSMA/CD less
relevant.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Transmission Methods
• Definition of transmission
methods
• Types of transmission
methods: unicast, multicast,
broadcast, anycast, geocast
• Security considerations for
transmission methods
• Anycast explained
• Geocast explained
3.
Definition of Transmission Methods:
• Transmission methods define how devices communicate on a network.
Different methods target specific or multiple devices depending on the need.
Types of Transmission Methods:
1. Unicast (One-to-One):
• Communication from one device to a specific target device.
• Most secure method since it limits communication to the intended
recipient.
• Example: Sending a message to a specific computer.
2. Multicast (One-to-Many):
• Communication from one device to a group of devices.
ti on
• Often used for services that need to reach multiple devices
simultaneously, like video streaming.
i b u
s tr
Broadcast (One-to-All):
i
• Communication sent to all devices on a network
subnet.
f o rD or a specific

•
o
Example: Sending an ARP request across t a local network to identify

,N
connected devices.
4. Anycast (One-to-Nearest/Best):
a
h or best-performing server.
•
a
Routes requests to the nearest
N Networks (CDNs) to direct users to
the closest or mosttoptimal server for content delivery.
• Used in Content Distribution
e
•
h aje and security by connecting to the best
Improves performance
available server.
5.
S ub
Geocast (One-to-Geographic Region):
•
olDelivers messages to devices within a specific geographical area.

y C systems.
• Often used in location-based services or emergency notification

P B
I SS • Unicast is the most secure, as it limits communication to specific devices.
Security Considerations for Transmission Methods:

C
for • Broadcast exposes data to all devices, making it less secure in comparison.

tes Anycast Explained:

o
ll N
• Anycast allows requests to be sent to the closest or best-performing server.

rn e This is ideal for CDNs, where data is delivered from the server nearest to the
user to enhance performance and security.

C o Geocast Explained:
• Geocast targets devices in a specific geographical location. It is useful for
applications like emergency alerts or localized services.

• Transmission methods define how devices communicate on a network. The most common methods
are unicast (one-to-one), multicast (one-to-many), broadcast (one-to-all), and anycast (one-to-
nearest/best).
• Unicast offers the best security, while anycast enhances performance and security by directing
users to the nearest or best server.
• Geocast is used for location-specific messaging.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of performance
metrics
• Key performance metrics:
• bandwidth, throughput,
signal-to-noise ratio, latency,
jitter
Performance Metrics
Definition of Performance Metrics:
• Performance metrics help measure the effectiveness of a network in terms of
data transmission and communication quality. These metrics are important for
optimizing network performance.
Key Performance Metrics:
1. Bandwidth:
• The maximum amount of data that can be transmitted over a
network or internet connection within a specific period.
• Example: A network with 1 Gbps bandwidth can transmit up to 1
gigabit of data per second.
2. Throughput:
•
i
The actual rate of successful data transfer, which is often lower
t on
i bu
than the maximum bandwidth due to factors like network congestion.
•
of data transfer, the throughput is 800 Mbps.
str
Example: If a network has 1 Gbps bandwidth but achieves 800 Mbps

D i
for
3. Signal-to-Noise Ratio (SNR):
• The comparison of the desired signal strength to the amount of
t
No
background noise.
• A higher SNR indicates better signal quality, leading to fewer lost

a,
packets and less corrupt data.
h
Example: In a wireless network, a high SNR means a clearer signal,

Na
•
allowing faster data transfer rates.
4. Latency:
je et
ha
• The time it takes for a signal to travel from the source to the
destination and back, measured in milliseconds (ms).
b
Su
• Example: If it takes 50 ms for a data packet to reach its destination

Jitter:o
l and return, the latency is 50 ms.
5.
y C
P B • The variation in time delay between data packets. It measures the
inconsistency of latency over time, which can lead to

I SS •
communication issues in real-time applications.
Low jitter is preferred for a smooth and consistent network

r C experience.

fo • Example: In VoIP calls, high jitter can result in poor audio quality and

es delays.

ot
ell N
orn
C

• Key performance metrics include bandwidth (maximum data capacity), throughput (actual data
transfer), signal-to-noise ratio (signal quality), latency (round-trip time for data), and jitter
(variation in packet delay).
• Understanding these metrics is crucial for optimizing network performance and ensuring efficient
communication.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Traffic Flows
Definition of Traffic Flows in Data Centers:
• Definition of traffic flows in
data centers • In data centers, traffic flow refers to the direction in which data
• North-south traffic moves. Understanding these flows is critical for optimizing network
• East-west traffic architecture, routing, and security.
• Impact of traffic patterns on
North-South Traffic:
network architecture
• North-south traffic refers to the flow of data in and out of the data
center.
• Southbound traffic: Data coming from external clients (e.g., from the
Internet) into the data center’s servers.
t i on
i
• Northbound traffic: Data being sent from the data center’s serversbu
back to clients.
s tr
i
D center
• Example: A client accessing a website hosted in the
fo r data
generates north-south traffic.
o t
East-West Traffic:
a ,N
a
• East-west traffic refers to the flowhof data between devices within
the data center.
e tN
h aje
• This is typically server-to-server communication.

u b transferred between two servers in the same

• Example: Data
S being
l is considered east-west traffic.
o
data center

B y Con Network Architecture:

Impact

I SSP• North-south traffic often requires efficient external connectivity

and security measures to protect against threats from the Internet.
C
for • East-west traffic needs optimized internal communication
tes between devices, with a focus on internal network segmentation
o and low-latency routing.

ell N • Understanding the dominant traffic pattern (north-south or east-west)

orn influences choices in topology, routing protocols, and security
C strategies.

• North-south traffic moves in and out of the data center, while east-west traffic moves within the
data center between devices.
• These traffic flows are critical in designing the data center's network architecture, routing, and
security strategies.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Physical Segmentation

Definition of Physical Segmentation:

• Definition of physical
segmentation
• Types of management: in-
band, out-of-band, air-
gapped
• Security implications of
segmentation methods
• Physical segmentation refers to creating a separate network or
network segment for isolating devices and traffic. This can improve
security by preventing unauthorized access between network segments.
Types of Management:
1. In-band Management:
• No physical segmentation: Network devices are managed over
the same network that transmits user or application data.
• Example: Managing a switch over the same network where user
traffic flows.
• Less secure: Since management and user traffic share the
ti on
i bu
same network, it increases the risk of attacks on network
devices.
str
2. Out-of-band Management:
D i
for
• Physically separate network: Network devices are managed
t
using a dedicated network separate from user traffic.
•
No
Example: Managing switches or routers via a separate
management network.
h a,
Na
• More secure: The dedicated management network reduces

et
exposure to threats, providing an added layer of security.
3.
je
Air-gapped Management:
1.
bha
Complete physical isolation: The network is entirely

Su
disconnected from other networks, making it inaccessible
l from outside networks.

y Co
2. Example: Industrial control systems that need to be physically

B managed onsite.

SP
3. Most secure: Air-gapped networks are often used for

CI S sensitive systems but come with operational limitations

since someone must be physically present to manage the

for network.

es Security Implications of Segmentation Methods:

ot • In-band management is less secure since user and management traffic

ell N share the same network, exposing it to potential risks.

orn • Out-of-band management offers a higher level of security by creating a

dedicated management network.
C • Air-gapped networks are the most secure but may limit remote
management capabilities, requiring onsite access for maintenance.

• Physical segmentation improves network security by isolating traffic and devices. In-band
management uses the same network for both management and user traffic, while out-of-band
management uses a dedicated management network.
• Air-gapped networks provide the highest level of security through complete physical isolation but
may introduce management challenges.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Logical Segmentation
Definition of Logical Segmentation:
• Definition of logical • Logical segmentation involves dividing a network into multiple virtual
segmentation segments using software rather than physical separation. It is a more cost-
effective and flexible solution compared to physical segmentation but
• VLANs (Virtual Local Area requires proper configuration to ensure effective isolation.
Networks)
VLANs (Virtual Local Area Networks):
• VPNs (Virtual Private
Networks) • VLANs allow a single physical network to be logically divided into multiple
smaller networks.
• VRF (Virtual Routing and
Forwarding) • Example: In an office, VLANs can be used to separate HR, IT, and guest traffic,
even though all traffic flows over the same physical infrastructure.
• Virtual domains
• Advantage: VLANs provide better traffic management and security through
on
• Benefits and risks of logical logical isolation.
segmentation
u ti
b
VPNs (Virtual Private Networks):
VPNs enable secure connections to a private network over publicri
•
infrastructure.
i s t
• Example: Employees working remotely use a VPN to securely
f o r D connect to the
organization's main network.
o tto sensitive resources
,N
• Advantage: VPNs allow for secure remote access
across untrusted networks (like the internet).
VRF (Virtual Routing and Forwarding): h
a
VRF enables the creation of t N a virtual networks on a single physical
network component, suche
• multiple
je as a router.
•
b ha router
Example: A single physical can handle multiple separate routing tables,
u
allowing multiple networks
Shardware.
to exist on the same infrastructure.

l
Co
• Advantage: It allows greater network scalability and segmentation without
additional
y
BVirtual domains allow for the creation of multiple separate security domains
Virtual Domains:
P
S within a single physical device.
•

CI S
or
• Example: A firewall can be partitioned into multiple virtual firewalls, each

s f serving a different department or security requirement.

o te • Advantage: Virtual domains offer granular security control within a single

device.

ell N Benefits and Risks of Logical Segmentation:

orn • Benefits: Logical segmentation is cheaper and more flexible than physical
C •
segmentation, allowing easier management and scaling.
Risks: If not properly configured, logical segmentation may not provide
effective isolation, leading to potential security vulnerabilities.

• Logical segmentation enables the division of a network into virtual segments through methods like
VLANs, VPNs, VRF, and virtual domains.
• This approach offers flexibility, cost-effectiveness, and scalability. However, proper configuration is
essential to ensure network isolation and security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Monitoring and Management
Importance of Monitoring and Management:
• Importance of monitoring and
management • Effective monitoring and management ensure the performance,
• Network observability availability, and reliability of networks, systems, and services. These
• Traffic flow and shaping processes help to detect and resolve issues promptly.
• Capacity management Network Observability:
• Fault detection and handling
• Network observability refers to the ability to gain insight into a
network’s internal workings, allowing better understanding of how
data moves and identifying any performance issues.
• Example: Network monitoring tools provide visibility into traffic
ti on
i bu
patterns, enabling IT teams to optimize the network’s performance.
Traffic Flow and Shaping:
s tr
i
o r Dpackets in the
• Traffic shaping involves controlling the flow of data
f
t
network to enforce policies and optimize performance.
o
a ,N
• Example: Corporate networks may prioritize VoIP traffic to ensure

a h
clear communication during calls, even during periods of high

tN
network usage.
Capacity Management: ee
h aj involves monitoring the current usage of
ub and planning for future needs.
• Capacity management
S
network resources

C
• Example: olIn cloud environments, rapid elasticity allows resources to
beyscaled up or down based on demand, helping reduce the
B
P complications of capacity management.
S
CIS • Goal: Ensure that the network can meet both present and future
for demands.

tes Fault Detection and Handling:

o
ell N • Fault detection identifies and diagnoses issues within the network,

rn
followed by handling those issues using appropriate methods.

C o • Example: Some networks use automatic remediation systems that

respond to incidents without human intervention, while others rely on
manual intervention or incident response processes.

• Monitoring and management are critical for ensuring network performance and reliability.
• Key concepts include network observability (understanding network behavior), traffic shaping
(controlling and prioritizing data flows), capacity management (planning resource usage), and fault
detection (identifying and resolving issues efficiently).

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Layer 1 devices
• Key devices: hubs, repeaters,
concentrators
• Characteristics of Layer 1
devices
Layer 1 Devices
Definition of Layer 1 Devices:
• Devices operating at Layer 1 (Physical layer) are responsible for the
transmission of raw bits across a network. They do not make
intelligent decisions, such as directing traffic or filtering data.
Key Layer 1 Devices:
1. Hubs:
• A hub is a simple device with multiple ports that connects
multiple devices in a network.
• It receives data at one port and broadcasts it to all other
connected devices.
• Drawback: Hubs are noisy as they do not differentiate
ti on
i bu
between the source and destination, often causing data

tr
collisions because all devices share the same collision
s
domain.
D i
for
• Example: Older Ethernet networks often used hubs to connect
t
devices, but they are now replaced by switches.
2. Repeaters:
No
•
h a,
A repeater regenerates weakened signals and amplifies them

Na
to extend the transmission distance.

et
• It is used to mitigate signal attenuation (loss of signal
je
strength) when data travels over long distances.
•
bha
Example: Repeaters are commonly used in large cabled

Su
networks to ensure signal integrity over extended distances.
l
Co
3. Concentrators:

By • Concentrators combine signals from multiple sources and

send them down a single transmission line.

I SSP • Unlike hubs, which broadcast signals to all devices,

concentrators focus on aggregating signals together for
r C efficient transmission.
fo
es • Example: Concentrators can be used in telecommunication

ot
systems where multiple data streams are merged for

ll N
transmission over a single connection.

rn e Characteristics of Layer 1 Devices:

C o •
•
Very fast due to their simple function of transmitting raw data (bits).
No decision-making capabilities, meaning they cannot direct traffic
or perform filtering.
• Typically, they operate in the same collision domain, leading to
potential performance issues in certain network environments.

• Layer 1 devices, such as hubs, repeaters, and concentrators, handle the transmission of raw data
without intelligent decision-making.
• While hubs broadcast data to all devices, leading to potential collisions, repeaters amplify signals
to extend transmission distances, and concentrators aggregate signals for efficient transmission.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layer 2: Data Link Layer
• Definition of Layer 2Data
format: frames
• Physical addressing via MAC
addresses
• Circuit-switched vs. packet-
switched networks
• Link encryption at Layer 2
• Layer 2 devices: bridges,
switches
• Layer 2 protocols: L2TP,
PPTP, ARP
Definition of Layer 2:
• The Data Link layer (Layer 2) acts as the interface between the Physical
layer (Layer 1) and the Network layer (Layer 3). It ensures that data is
properly formatted for transmission and reception between these layers.
Data Format: Frames:
• At Layer 2, data is formatted as frames, which contain the necessary
information for devices to recognize and process the data. This includes
source and destination MAC addresses.
Physical Addressing via MAC Addresses:
• Layer 2 uses MAC (Media Access Control) addresses to uniquely identify
devices on a network. Unlike IP addresses, MAC addresses are permanent
on
and tied to the network interface card (NIC) of a device.
u t i
b
Circuit-Switched vs. Packet-Switched Networks:

t r i
•
is
Circuit-switched networks: Establish a dedicated connection between
devices before transmitting data (e.g., traditional telephone systems).
D sent over a
•
shared network, with each packet potentially taking fao
Packet-switched networks: Data is broken into packets r and
internet).
o t different route (e.g., the

Link Encryption at Layer 2:

a ,N
•
a hconnected
Layer 2 is a common location to implement link encryption, which secures

t N
data as it travels between two directly devices, protecting it from
interception.
je e
hadividehelping
Layer 2 Devices: Bridges and Switches:
•
u
Bridges: Devices b that a network into segments and manage traffic
based on MAC
S addresses, to reduce collisions.
l Devices that connect multiple devices within a network and forward
•
C obased
Switches:

B y
frames
reducing
on MAC addresses. Switches improve network efficiency by
collisions and increasing data transmission speed.
P
S • L2TP (Layer 2 Tunneling Protocol): A tunneling protocol used for VPNs that
Layer 2 Protocols:

CI S
or
provides data privacy and security.

s f • PPTP (Point-to-Point Tunneling Protocol): An older VPN protocol, now

o te considered less secure.

ll N
• ARP (Address Resolution Protocol): Resolves IP addresses to MAC

rn e addresses, allowing communication between Layer 2 and Layer 3.

C o Role of Layer 2 in the OSI Model:

• Layer 2 serves as a conduit between the Physical and Network layers. It takes
packets from Layer 3 and formats them into frames for Layer 1. Conversely, it
takes bits from Layer 1 and converts them into frames for Layer 3.

• The Data Link layer (Layer 2) is responsible for framing data and ensuring it can be transmitted
between devices using MAC addresses.
• It connects the Physical layer (Layer 1) and the Network layer (Layer 3), playing a critical role in
managing data flow and security.
• Devices like bridges and switches operate at this layer, using protocols such as L2TP, PPTP, and
ARP to facilitate communication.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Physical Addressing (Layer 2)
• Definition of physical
addressing
• MAC (Media Access Control)
addresses
• Structure of MAC addresses
• ARP and RARPARP poisoning
• Circuit-switched vs. packet-
switched networks
Definition of Physical Addressing:
• Physical addressing at Layer 2 involves assigning a unique identifier to
each device on a network. This ensures that each device can be uniquely
identified for communication.
MAC (Media Access Control) Addresses:
• A MAC address is a unique identifier assigned to a device’s network card.
It consists of 48 bits (6 bytes) and is used to distinguish devices on the
same network.
• Example: A laptop or smartphone connected to a Wi-Fi network will have
its own unique MAC address.

on
Structure of MAC Addresses:
• ti
First 24 bits: Organizational Unique Identifier (OUI), which identifies the
u
device’s manufacturer (e.g., Cisco, Intel).
tr i b
•
device.
D s
Last 24 bits: Uniquely assigned by the manufacturer to identify the specific
i
•
t for
Example: A MAC address could look like 00:1A:2B:3C:4D:5E, where the

No
first three pairs identify the manufacturer and the last three pairs identify
the device.
a,
Address Resolution Protocol (ARP) and Reverse ARP (RARP):
h
Na
• ARP: Maps IP addresses (Layer 3) to MAC addresses (Layer 2), facilitating

et
communication between devices.
•
je
Example: When sending data to a device, ARP helps translate the

bha
destination's IP address into its MAC address.

Su
• RARP: Reverses this process by mapping MAC addresses to IP
l
addresses.

y Co
ARP Poisoning:
B • ARP poisoning is a form of attack where an attacker spoofs or

SP
masquerades as another device on the network by altering the ARP table.

CI S • By doing this, the attacker can intercept data intended for the legitimate

for •
device.
Example: In a man-in-the-middle attack, ARP poisoning allows the
es
ot
attacker to reroute traffic through their device without detection.

ll N
Circuit-Switched vs. Packet-Switched Networks:

rn e • Circuit-switched networks: Establish a dedicated connection before data

is transmitted (e.g., traditional telephone systems).

C o • Packet-switched networks: Data is broken into packets and sent over

shared paths, with each packet potentially taking a different route (e.g.,
internet communication).

• At Layer 2, devices are uniquely identified by MAC addresses, which consist of 48 bits. ARP and
RARP are used to map IP addresses to MAC addresses and vice versa.
• However, this layer is susceptible to attacks like ARP poisoning, where attackers can spoof devices
to intercept data.
• The distinction between circuit-switched and packet-switched networks is important for
understanding how data travels across networks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Circuit-Switched Network
• Definition of circuit-switched
network
• Example: PSTN (Public
Switched Telephone Network)
• Full-duplex communication
• Establishing a connection
• Transmission of digital data
over analog connections
• Modems
(Modulation/Demodulation)In
troduction of VoIP (Voice over
IP)
Definition of Circuit-Switched Network:
• A circuit-switched network establishes a dedicated connection
between two devices, maintaining the connection throughout the
communication. This type of network is commonly used in traditional
telephone systems.
Example: Public Switched Telephone Network (PSTN):
• The PSTN is a classic example of a circuit-switched network, where a
dedicated circuit is created between the calling and receiving parties.
• Example: When you dial a phone number, the network establishes a circuit
that allows both parties to speak and hear simultaneously (full-duplex
communication).
on
Full-Duplex Communication:
uti
•
both directions, enhancing communication efficiency.
tr i b
Full-duplex means that data can be sent and received simultaneously in

•
D is
Example: In a phone call, both parties can talk and listen at the same time

for
without waiting for the other to finish.
t
No
Establishing a Connection:
In a circuit-switched network, the connection can be established
a,
•
permanently or on demand. It is maintained between switches to ensure
h
Na
that traffic is routed to the correct destination.

et
Transmission of Digital Data over Analog Connections:
•
je
Analog communication was originally designed for voice, as the human
ha
voice is analog in nature.
b
Su
• However, with the rise of digital data, a solution was needed to transmit
l
digital information over analog telephone lines.

y Co
Modems (Modulation/Demodulation):
B • Modems were introduced to convert digital data into analog signals for

SP
transmission over analog telephone lines and back to digital data at the

CI S receiving end.

for • Example: Early internet connections used modems to allow data to travel
over phone lines, but these connections were limited to 65,000 bits per
es second.
ot Introduction of VoIP (Voice over IP):

ell N • As data networks grew, the need for faster communication led to the

rn
development of VoIP (Voice over IP), which allows voice communication

C o •
over data networks.
VoIP uses the internet protocol to transmit digital data more efficiently
than analog phone lines.
• Security risks: Though VoIP is faster, it also introduces security concerns,
such as potential eavesdropping or data breaches.

• A circuit-switched network establishes a dedicated connection for communication, as seen in the

PSTN.
• Communication is full-duplex, allowing simultaneous data transmission in both directions.
• With advancements in technology, modems were used to transmit digital data over analog
connections, eventually giving rise to VoIP, which uses data networks for faster voice
communication but presents security risks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Packet-Switched Network
• Definition of packet-switched
network
• Data packets and their
structure
• Role of switchesUnreliable
delivery
• Comparison to circuit-
switched networks
Definition of Packet-Switched Network:
• A packet-switched network breaks data into packets for
transmission. These packets travel through the network
independently, possibly via different routes, and are reassembled at
the destination.
Data Packets and Their Structure:
• Each data packet contains important information such as source
and destination addresses and sequence numbers.
• Example: When you send an email, the data is divided into packets,
ti on
i bu
each containing part of the email message along with addressing and
sequencing information.
str
Role of Switches:
D i
t for
• Switches route each packet to its final destination based on the
No
header information (like source, destination, and priority) and
network conditions.
h a,
Na
• Packets may take different routes to the destination, depending on

jeet
the availability and traffic on the network.
Unreliable Delivery: a
u bh networks, there is no guarantee of delivery.
l S may be lost during transmission, and the data must be
• In packet-switched
o
Some packets

B yC
reassembled upon arrival.

S P• Packets may also arrive out of order, but sequence numbers allow

CI S them to be properly reassembled.

for Comparison to Circuit-Switched Networks:

tes • Unlike circuit-switched networks, packet-switched networks do not

o
ll N
establish a dedicated connection for the entire communication.

rn e • Packet-switched networks are more flexible and efficient, especially

C o over long distances, but they introduce the risk of lost packets and
reassembly errors.

• In a packet-switched network, data is broken into packets, which travel independently and may
take different routes to the destination.
• Switches route the packets based on header information, but the network does not guarantee
delivery, and packets may arrive out of order.
• This type of network is more efficient than circuit-switched networks, though it introduces risks such
as packet loss.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layer 2 Protocols
Definition of Layer 2 Protocols:
• Definition of Layer 2 • Layer 2 protocols operate at the Data Link layer of the OSI model, ensuring that
protocols data is properly transmitted across a network. Some of these protocols are used
• VPN tunneling protocols: L2F, for VPN tunneling, while others map between IP and MAC addresses.
PPTP, L2TP VPN Tunneling Protocols:
• SLIP (Serial Line Internet 1. L2F (Layer 2 Forwarding Protocol):
Protocol) • A tunneling protocol used to create VPNs by forwarding data between
client and server.
• ARP (Address Resolution
Protocol) • Example: L2F can be used to create secure communication over public
networks.
• RARP (Reverse ARP)
2. PPTP (Point-to-Point Tunneling Protocol):
1.
i
Another VPN tunneling protocol, PPTP uses three authentication
t on
protocols:
i bu
•
tr
PAP (Password Authentication Protocol): Simplest but least
s
secure; uses static plaintext passwords.
D i
for
• CHAP (Challenge Handshake Authentication Protocol):
More secure; the password is encrypted before
t
No
transmission.
EAP (Extensible Authentication Protocol): Most robust and
a,
•
flexible, allowing it to combine with other protocols for
h
Na
stronger security.

et
2. Example: PPTP is commonly used for remote access VPNs, though it

e
is less secure than newer protocols.
j
ha
3. L2TP (Layer 2 Tunneling Protocol):
b
Su
1. A more advanced tunneling protocol that combines the best features
of L2F and PPTP, providing strong encryption and security for VPNs.
l
Co
2. Example: L2TP is often used for site-to-site VPNs due to its enhanced

By security features.
SLIP (Serial Line Internet Protocol):

I SSP • An older protocol used for remote access via serial connections and modems.

r C • Example: SLIP was once used for dial-up internet access, though it has been largely
replaced by more modern protocols like PPP (Point-to-Point Protocol).
fo
es ARP (Address Resolution Protocol):

ot
• ARP maps IP addresses to MAC addresses, allowing devices to communicate

ll N
over a network.

rn e • Example: When sending data to another device on a network, ARP helps to identify
the device's MAC address, ensuring proper delivery.

C o RARP (Reverse Address Resolution Protocol):

• RARP performs the opposite function of ARP, mapping MAC addresses to IP
addresses.
• Example: RARP can be used when a device only knows its MAC address and needs
to discover its assigned IP address.

• Layer 2 protocols manage data transmission at the Data Link layer. Tunneling protocols like L2F,
PPTP, and L2TP are used to create VPNs, while ARP and RARP map between IP and MAC
addresses.
• SLIP is an older protocol for remote access, replaced by more secure options today.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layer 2 Devices
Definition of Layer 2 Devices:
• Definition of Layer 2 devices
• Bridges • Layer 2 devices operate at the Data Link layer of the OSI model and
provide efficient and fast network connections. They handle data
• Switches (Layer 2 switches) transmission using MAC addresses and help manage network
• Layer 2 vs. Layer 3 switches traffic.
Bridges:
• Bridges connect different networks together without considering the
content of the data being transferred.
• Example: A bridge can connect a wired network and a wireless
network, allowing devices on both networks to communicate.
ti on
Switches (Layer 2 Switches):
i bu
• Switches connect multiple devices within a network. st r
i
• A frame sent to a Layer 2 switch is forwarded onlyrtoD
fo header.
recipient, based on the MAC address in the tframe
the intended

N o
• Example: In a LAN environment, switches
, and improving efficiency
between devices, reducing networkatraffic
forward data packets
compared to hubs. a h
t N
e
• Switches vs. Hubs: Unlike
j eto the
hubs, which broadcast data to all devices,

h a
switches send data only device that needs it.
Layer 2 vs. Layer 3bSwitches:
u
l S work at the Data Link layer and forward frames
• Layer 2oswitches
y Con MAC addresses.
based
B
S P• Layer 3 switches operate at the Network layer, performing

CIS
additional tasks like routing based on IP addresses.

or
• Example: A Layer 3 switch can forward data across different subnets,

s f combining the functionalities of both a switch and a router.

o te Note for Exams:

ell N • Be aware of the differences between Layer 2 and Layer 3 switches,

orn as exam questions may specify whether they refer to a regular switch
(Layer 2) or a Layer 3 switch with added functionalities.
C

• Layer 2 devices, such as bridges and switches, operate at the Data Link layer and manage network
traffic based on MAC addresses.
• While bridges connect different networks, Layer 2 switches forward data to the intended recipient
within the network.
• Layer 3 switches provide additional routing functionality by operating at the Network layer.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Authentication Protocols
Evolution of Remote Authentication:
• Evolution of remote • As organizations began using modems for remote access,
authentication authentication protocols evolved to secure remote connections.
• Authentication protocols: Early methods like SLIP were replaced by PPP (Point-to-Point Protocol)
to improve remote access and security.
PPP, PAP, CHAP, EAP
• Extensible Authentication Authentication Protocols:
Protocol (EAP) • PPP (Point-to-Point Protocol): A Layer 2 protocol used to establish
remote connections, typically via VPNs today.
• Protected Extensible
Authentication Protocol • PAP (Password Authentication Protocol): Prompts users for a user ID
and password. However, passwords are sent in plaintext, making it
(PEAP) insecure.
• Comparison of EAP types
• CHAP (Challenge Handshake Authentication Protocol): Encrypts ti on
(EAP-TLS, EAP-TTLS, EAP-
bu
passwords during transmission and sends challenges at intervals to
i
PEAP, LEAP, EAP-MD5) r
t and
ensure session integrity, reducing the risk of session hijacking.
s
i
rEAPDis widely
• EAP (Extensible Authentication Protocol): The most robust
flexible protocol, allowing vendors to extend its capabilities, such as
fo
integrating with smart keys or digital certificates.
t used
in wireless security (e.g., WPA2).
PEAP (Protected Extensible Authentication N
o
a,it within an encrypted TLS
Protocol):
h
Nalayer of security.
• PEAP builds on EAP by encapsulating
tunnel, providing an additional
t
e in wireless networks where secure
• Example: PEAP is often
je used
ha
authentication is required.
b
Su types that differ based on the level of authentication,
Comparison of EAP Types:
l
Co and industry support. The comparison is summarized in
• EAP has various
security,
y
• BEAP-TLS: Provides both client and server authentication using
S P certificates; offers high security and strong industry support.

CIS • EAP-TTLS: Provides server authentication with certificates but allows

for client authentication with ID and password.

tes • EAP-PEAP: Similar to EAP-TTLS but with higher security,

encapsulating communication in an encrypted TLS tunnel.
o
ell N • LEAP: Cisco’s proprietary version; uses ID and password for both
client and server authentication but has lower security.

orn • EAP-MD5: A simpler version of EAP using ID and password, with low
C security and limited industry support.

• Authentication protocols have evolved to meet the needs of remote access. PPP introduced PAP,
CHAP, and EAP for secure connections, with EAP being the most flexible and secure.
• PEAP enhances EAP by using an encrypted TLS tunnel.
• Various types of EAP offer different levels of security and authentication, with EAP-TLS providing
the highest security using certificates for both client and server authentication.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Data format at Layer 3:
packets
• Logical addressing and
mapping (ARP, RARP)Route
selection
• Layer 3 devices (routers,
packet filtering firewalls,
Layer 3 switches)
• Layer 3 protocols (ICMP,
Layer 3: Network
Data Format at Layer 3:
• At Layer 3 (the Network layer), data is formatted as packets, which are chunks
of data that can be transmitted across networks.
Logical Addressing and Mapping (ARP, RARP):
• ARP (Address Resolution Protocol): Maps IP addresses to MAC addresses,
allowing devices to communicate by converting IPs into physical addresses.
• Example: When sending data out of a network, ARP maps the
sender's MAC address to its IP address.
• RARP (Reverse ARP): Maps MAC addresses to IP addresses, allowing a device
to find its IP address using its MAC address.
• Example: RARP is used when a device knows its MAC address but

on
IGMP, IPsec, OSPF) needs to discover its IP address.
• Fragmentation and IP Route Selection:
uti
addressing
i b
• The Network layer is responsible for selecting the best route for data packets to
tr
take to reach their destination, considering factors like congestion or node
failure.
D is
for
• Example: If a primary route is congested, Layer 3 protocols may

t
choose an alternate route to ensure data reaches its destination.
Layer 3 Devices:
No
a,
• Routers: Forward data packets between different networks, ensuring that the
h
packets are routed to the correct destination.

Na
• Packet filtering firewalls: Filter network traffic based on IP addresses,

jeet
providing security by allowing or blocking specific packets.
• Layer 3 switches: Combine the functionality of both switches and routers,
ha
allowing for packet forwarding based on IP addresses.
b
Su
Layer 3 Protocols:
l
Co
• ICMP (Internet Control Message Protocol): Used for diagnostic purposes, such
as pinging to test network connectivity.

By • IGMP (Internet Group Management Protocol): Manages multicast group

SP
memberships, allowing devices to join or leave multicast groups.

CI S • IPsec (Internet Protocol Security): Provides encryption and security for data
packets transmitted over IP networks.

for • OSPF (Open Shortest Path First): A routing protocol that finds the best path for
data packets within a network.
es
ot
Fragmentation and IP Addressing:

ll N
• Fragmentation is the process of breaking large chunks of data into smaller
packets for transmission.

rn e • IP addressing ensures that each packet is assigned a unique IP address,

C o allowing it to be routed across the network.

• Example: Data is fragmented into smaller packets for faster transmission across
the internet, and each packet is given a destination IP address to guide its
delivery.

• At Layer 3, data is formatted as packets, and logical addressing is used to map IP addresses to
MAC addresses using ARP and RARP. Routing is a key responsibility, with Layer 3 devices like
routers and firewalls managing traffic.
• Layer 3 protocols such as ICMP, IGMP, and IPsec ensure smooth network operations, while
fragmentation and IP addressing allow data to be efficiently transmitted across networks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition and significance of
Layer 3 protocols
• ICMP (Internet Control
Message Protocol)
• IGMP (Internet Group
Management Protocol)
• IPsec (Internet Protocol
Security)
• OSPF (Open Shortest Path
Layer 3 Protocols
Definition and Significance of Layer 3 Protocols:
• Layer 3 protocols manage routing and logical addressing at the Network
layer of the OSI model. These protocols ensure efficient packet
transmission, routing, and security.
ICMP (Internet Control Message Protocol):
• ICMP is used for network messaging, providing feedback about network
communication issues.
• Ping: A command that uses ICMP to test if a host is reachable.
• Example: You can ping a website to check if it's online.
• Traceroute: A tool that uses ICMP to map the path of network traffic

on
First)Common routing between source and destination.
protocols: BGP, OSPF, RIP
uti
• Example: Traceroute shows the number of hops taken from one
network to another.
tr i b
is
• Security concerns: ICMP can be used for reconnaissance by attackers,
D
for
making it common to filter ICMP traffic at firewalls.
IGMP (Internet Group Management Protocol):
t
No
• IGMP is used to manage group memberships for multicast

a,
communications.
h
• It helps hosts, routers, and similar devices join or leave multicast groups.
Na
• Example: Streaming video services use IGMP to manage data distribution

jeet
to multiple users.

ha
IPsec (Internet Protocol Security):
b
• IPsec is a tunneling protocol that provides authentication and
Su
encryption at Layer 3.
l
Co
• Example: IPsec is commonly used to secure VPNs, ensuring that data is

By encrypted as it travels over public networks.

• It helps establish secure communication between Layer 3 devices (e.g.,

I SSP routers).

r C OSPF (Open Shortest Path First):

fo • OSPF is a routing protocol used by routers to determine the best path for

es network traffic.

ot • OSPF includes security features, making it more secure than other

ll N
routing protocols like RIP.

rn e • Example: OSPF is used in large enterprise networks for efficient and

C o secure routing of traffic.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition and significance of
Layer 3 protocols
• ICMP (Internet Control
Message Protocol)
• IGMP (Internet Group
Management Protocol)
• IPsec (Internet Protocol
Security)
• OSPF (Open Shortest Path
Layer 3 Protocols
Common Routing Protocols (BGP, OSPF, RIP):
•BGP (Border Gateway Protocol): Used for routing between different
networks, especially on the internet.
• Example: BGP determines the best route for data between ISPs.
•RIP (Routing Information Protocol): A distance-vector routing protocol
used for routing within smaller networks.
• Example: RIP sends routing updates every 30 seconds, but it is
slower and less secure than OSPF.
Traceroute and Ping for Network Troubleshooting:
•Traceroute and ping are often used to determine if network

on
First)Common routing communication problems exist.
protocols: BGP, OSPF, RIP
uti
•Both tools can help identify if a host is reachable and map network paths,
i b
but they can also be used in reconnaissance attacks, which is why they are
tr
often filtered.
D is
t for
No
h a,
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Layer 3 protocols like ICMP, IGMP, IPsec, and OSPF handle network routing, security, and logical
addressing.
• ICMP provides network feedback through tools like ping and traceroute, while IGMP manages
multicast groups.
• IPsec ensures secure communication through encryption, and OSPF is a secure and efficient
routing protocol.
• Routing protocols like BGP, OSPF, and RIP manage data flow between and within networks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Layer 3 devices overview
• Routers
• Layer 3 switches
• Packet filtering firewalls
• Functionality vs. speed
Layer 3 Devices
Layer 3 Devices Overview:
• Devices operating at Layer 3 of the OSI model (the Network layer) handle
routing and packet forwarding based on IP addresses. Key devices
include routers, Layer 3 switches, and packet filtering firewalls.
Routers:
• Routers are devices that route network traffic between different
networks based on the IP addresses in the data packets.
• Example: Routers connect different networks, like connecting a
home network to the internet.
• They dynamically update routing tables and use routing protocols (e.g.,

on
OSPF, BGP) to determine the best route for data.
Layer 3 Switches:
uti
•
r i b
Layer 3 switches are similar to routers in their ability to route traffic
t
is
between networks but are often used to connect devices within a VLAN
(Virtual Local Area Network).
D
•
t for
Example: A Layer 3 switch can route traffic between different

No
subnets within the same organization.

a,
• They combine switching and routing functionalities, enabling faster

h
internal communication while also providing Layer 3 routing capabilities.
Packet Filtering Firewalls:
Na
•
jeet
Packet filtering firewalls operate at Layer 3 and make decisions based

ha
on the header portion of data packets, such as source and destination

b
IP addresses and port numbers.
•
l Su Example: A packet filtering firewall can block traffic from certain

Co
IP addresses marked as malicious.

By • These firewalls are fast due to their limited decision-making

capabilities. They do not inspect the data payload, only the packet

SP
headers, and therefore provide basic protection.

CI S • Higher-layer firewalls (e.g., Application Layer Firewalls) offer more

for advanced filtering capabilities, such as deep packet inspection and

stateful inspection, but are slower due to increased complexity.
es
ot
Functionality vs. Speed:

ll N
• Devices at Layer 3 balance speed and decision-making capability.

rn e • Layer 3 firewalls are fast but only offer limited filtering based on simple
IP addresses and port numbers.

C o • Higher-layer devices (e.g., Application Layer Firewalls) provide more

advanced security features but come with a performance cost due to
increased processing requirements.

• Layer 3 devices, such as routers, Layer 3 switches, and packet filtering firewalls, manage
network traffic by making decisions based on IP addresses.
• Routers direct traffic between networks, while Layer 3 switches handle routing within VLANs.
• Packet filtering firewalls provide fast but basic security by filtering packets based on header
information, while higher-layer firewalls offer more advanced protection at the cost of speed.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of internet protocol
packets
• IPv4 vs. IPv6 addressing
• Private vs. public IP
addresses
• Network classes (subnetting)
• Role of NAT (Network Address
Translation)
Logical Addressing
Definition of Internet Protocol Packets:
• Internet protocol (IP) packets consist of data (payload) and routing information
in the header, such as source and destination IP addresses.
• Example: When data is sent over the internet, it is split into packets,
each containing routing details.
IPv4 vs. IPv6 Addressing:
• IPv4: Consists of 32 bits, divided into four octets (8-bit groups) separated by dots
(e.g., 192.168.1.254).
• The range of each octet is 0-255.
• Limitation: IPv4 allows for just under 4.3 billion addresses (2^32).

on
• IPv6: Consists of 128 bits, divided into eight 16-bit groups, significantly
increasing the number of available IP addresses.
• Example: An IPv6 address might look like
uti
2001:0db8:85a3:0000:0000:8a2e:0370:7334.
tr i b
Private vs. Public IP Addresses:
D is
for
• Private IP addresses are not routable on the public internet and are used within
local networks.
t
No
• Example: 192.168.0.0 – 192.168.255.255 is a private IP range used in

a,
many home networks.
•
h
Public IP addresses are globally unique and routable on the internet.
•
Na
Example: Websites like google.com have public IP addresses to be

et
accessible globally.

je
Network Classes (Subnetting):
•
bha
Subnetting allows for the creation of smaller networks (subnets) within a larger

Su
network, optimizing the use of available IP addresses.
l
Co
• Example: The 192.168.1.0 network can be divided into smaller subnets,
such as 192.168.1.0/24 for more efficient IP address allocation.

By • Network classes in IPv4 are divided into Class A, B, and C, allowing networks of

SP
varying sizes:

CI S •
•
Class A: Large networks
Class B: Medium networks

for • Class C: Small networks

es Role of NAT (Network Address Translation):

ot • NAT allows multiple devices on a private network to share a single public IP

ll N
address when accessing the internet.

rn e • Example: A home router assigned a public IP by the ISP assigns private

C o IP addresses to connected devices (e.g., 192.168.1.2) and translates

them for external communication.
• Security benefit: NAT hides internal IP addresses, making it harder for
attackers to gather information about devices on the internal network.
• Example: An attacker cannot directly access internal devices from the
internet without first bypassing the router's NAT.

• IPv4 addresses are made up of 32 bits and have become limited due to the increasing
number of connected devices, leading to the adoption of IPv6 (with 128 bits). Private IP
addresses are used within local networks, while public IP addresses are routable on
the internet. NAT allows internal devices to share a public IP address, improving security
and IP address efficiency.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 LAN Technologies
Institute of Electric and Electronic Engineers (IEEE) is responsible for
• IEEE Standards and their role developing standards for new technologies, ensuring uniformity across
• IEEE 802.3 (Wired Ethernet vendors.
Networks) • Example: Wi-Fi standards (IEEE 802.11) ensure different
• IEEE 802.11 (Wireless LAN Wi-Fi devices can communicate with each other
Standards) seamlessly.
• IEEE 802.1Q (Virtual LANs)
IEEE 802.3 (Wired Ethernet Networks):
• IEEE 802.3 defines standards for wired Ethernet networks, outlining
how devices should physically connect and transmit data over
Ethernet cables.
ti on
•
b
Example: Most home and office networks use Ethernet
i u
tr
cables and adhere to the IEEE 802.3 standard for wired
s
communication.
D i
IEEE 802.11 (Wireless LAN Standards):
t for
• N oLANs (WLANs),
IEEE 802.11 defines standards for Wireless
commonly referred to as Wi-Fi.
h a,have evolved, from 802.11 to
• a and now 802.11ax (also known as
Nad,
Over time, Wi-Fi standards
802.11a, b, g, n,tac,
Wi-Fi 6). jee
a
The nexthstandard,
•
b
enduof 2024.
802.11be (Wi-Fi 7), is expected by the
S
• olExample: Wi-Fi 6 (802.11ax) provides faster speeds and
C better performance in high-density environments, such as
By stadiums or offices.
I SSPIEEE 802.1Q (Virtual LANs - VLANs):
r C • IEEE 802.1Q defines the standards for Virtual Local Area Networks
fo
tes (VLANs).
o
ll N
• VLANs allow a physical network to be divided into multiple
isolated virtual networks, enhancing security and
rn e reducing broadcast traffic.

C o • Example: An organization might use VLANs to separate its

HR department from its Finance department on the same
physical network to reduce the chance of unauthorized
access.

• IEEE sets the global standards for wired, wireless, and virtual networks.
• The IEEE 802.3 standard covers Ethernet-based wired networks, while IEEE 802.11 governs
wireless LAN (Wi-Fi) technology.
• IEEE 802.1Q is the standard for VLANs, which allow network segmentation for enhanced security
and efficiency.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Internet Protocol (IP)
• Internet Protocol (IP) is the primary protocol for addressing and
Definition and purpose of IP routing packets of data, ensuring they travel across networks and
IPv4 overview reach the correct destination.
IPv6 overview • Example: When you send an email, IP ensures that the data
IPv4 vs. IPv6 comparison packets are routed to the correct email server.
IPv4 Overview:
• IPv4 (Internet Protocol Version 4) uses a 32-bit address space,
allowing for approximately 4.3 billion addresses.
• IPv4 Header: Contains multiple fields, with 32-bit source and
destination IP addresses.
•
i on
Example: An IPv4 address looks like 192.168.1.1 (four decimal
t
numbers separated by dots).
i bu
•
tr
Limitation: Due to the rapid growth of the internet, the number of
s
available IPv4 addresses became insufficient.
D i
for
• Solution: NAT (Network Address Translation) was
t
introduced to extend IPv4 by allowing multiple devices to
share a single public IP address.
No
IPv6 Overview:
h a,
Na
• IPv6 (Internet Protocol Version 6) expands the address space to 128

et
bits, providing an almost infinite number of IP addresses (2^128).
•
je
Example: An IPv6 address looks like
ha
2001:0db8:85a3:0000:0000:8a2e:0370:7334 (represented in
b
Su
hexadecimal format, separated by colons).
•
l Benefits: Backward compatibility with IPv4, larger address

y Co space, and built-in support for IPsec (security).

B • Goal: Eventually, all networks will transition to IPv6,

SP
addressing the limitations of IPv4 and ensuring enough

CI S addresses for future growth.

for • Reason for IPv6 Creation: IPv4’s address space was insufficient for the
growing number of devices connecting to the internet. IPv6 solves this

es issue by offering a vastly larger address space and enhanced features

ot such as built-in security (IPsec).

ell N Role of IPsec in IPv6:

orn • IPsec is a security protocol that provides encryption and

authentication for data transmission. It is natively supported in IPv6,
C improving security for internet communications.
• Example: IPsec ensures that data sent between two devices is
encrypted, protecting it from unauthorized access.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Internet Protocol (IP)

• Definition and purpose of IP Feature IPv4 IPv6

• IPv4 overview
• IPv6 overview Address Size 32-bit (4 bytes) 128-bit (16 bytes)
• IPv4 vs. IPv6 comparison 340 undecillion
Address Space 4.3 billion (2^32)
(2^128)
Example:
Address Format Example: 192.168.1.1 2001:0db8:85a3::8a2
e:0370:7334
IPsec Support Supported Supported
ti on
i bu
str
D i
t for
No
h a,
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• IP is the protocol responsible for addressing and routing data across networks. IPv4 uses a 32-bit
address space, limiting the number of available addresses.
• To solve this, IPv6 was developed, offering a 128-bit address space and built-in IPsec security.
While IPv6 adoption is increasing, NAT and other techniques continue to extend the life of IPv4.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Private IPv4 Addresses
• Definition and purpose of
private IPv4 addresses
• Private vs. public IP
addresses
• Non-routable nature of
private IP addresses
• Private IPv4 address ranges
(RFC 1918)
• Public IP addresses are globally unique and routable on
Definition and Purpose of Private IPv4 Addresses:
• Private IPv4 addresses are reserved for use within local area
networks (LANs), such as those in corporate or home environments.
• Example: Most home routers assign devices private IP
addresses, like 192.168.0.1.
• Private IP addresses cannot be used on public networks like the
internet.
Private vs. Public IP Addresses:
• Private IP addresses are used internally within organizations or homes
and are non-routable on the internet.
• Example: 192.168.0.1 is a private IP address used in
t i on
home networks, while 8.8.8.8 (Google DNS) is a public
IP address.
i bu
s r
t internet,
D i the
the public internet.
fo r
whereas private IPs provide a layer of security by staying hidden from

Non-Routable Nature of Private IP Addresses:ot

•
a
Private IP addresses are non-routable, , Nmeaning they cannot be
h
accessed directly over the internet.
a
•
t N from public-facing
This security benefit ensures that devices on internal

jee
networks are isolated internet traffic.
• a can usearetheonlysame
haddresses
Multiple organizations private IP range without
b
conflict, as these used internally.
•
l Su Twoprivate
Example: companies next door can both use the
C o without any issues. range for their internal networks
192.168.1.0

B y IPv4 Address Ranges (RFC 1918):

Private

I SSP• RFC 1918 defines three ranges of private IPv4 addresses:

C
or
• 10.0.0.0 – 10.255.255.255 (Large networks)

s f • 172.16.0.0 – 172.31.255.255 (Medium-sized networks)

o te • 192.168.0.0 – 192.168.255.255 (Small networks,

commonly used in homes)

ell N • These ranges should never be used on public networks

orn (such as the internet), but are ideal for internal

networking.
C

• Private IPv4 addresses are used for internal networks, providing non-routable IP
addresses that cannot be accessed from the internet, ensuring isolation and security.
They come in three main ranges: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16, as
defined by RFC 1918.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Network Classes (Subnetting)
•Definition of subnetting
•Network inefficiencies without
subnetting
•IP Address classes (A, B, C)
•Class D and Class E uses
•Maximum number of IP
addresses per class
Definition of Subnetting:
• Subnetting allows the division of an IP address space into smaller, more
manageable sub-networks. This helps optimize the network and minimize
inefficiencies.
• Example: A company may subnet their Class A IP range into multiple smaller
networks, providing just the right number of IP addresses for each department.
Network Inefficiencies Without Subnetting:
• Without subnetting, networks would have a fixed number of addresses based
on their class (A, B, or C).
• Class A would have 16+ million addresses, Class B would have 65,534, and

on
Class C would have 254 addresses.

vulnerabilities, and administrative burden.

uti
• This rigid structure could lead to inefficient use of IP addresses, security

r i b
• Subnetting solves these issues by allowing the creation of smaller, logical
t
networks that can better fit organizational needs.
D is
for
IP Address Classes (A, B, C):
• Class A: Supports 16+ million IP addresses, typically used by large
t
No
organizations or ISPs.
• Class B: Supports 65,534 IP addresses, generally used by medium-sized
organizations.
h a,
Na
• Class C: Supports 254 IP addresses, typically used in small networks like

et
home or small business networks.

je
Class D and Class E Uses:

ha
• Class D: Reserved for multicast addressing, which is used for broadcasting

b
information to multiple hosts on a network.

Su
• Class E: Reserved for experimental purposes and not used for normal
l
Co
networking.

y
Maximum Number of IP Addresses Per Class:
B • Explanation: The difference between the total and usable addresses comes

SP
from the network address and broadcast address, which are reserved.

CI S
for Class Exponent
Total Usable
s Addresses Addresses

ote Class A 2^24 16,777,216 16,777,214

ell N
rn
Class B 2^16 65,536 65,534

C o Class C 2^8 256 254

• Subnetting optimizes the allocation of IP addresses by breaking a larger network into smaller, more
manageable sub-networks.
• This addresses the inefficiencies and limitations of traditional Class A, B, and C networks, ensuring
that the right number of addresses is allocated.
• Class A networks are the largest, followed by Class B and Class C, while Class D is reserved for
multicast and Class E for experimentation.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layer 4 – Transport Layer
• TCP and UDP overview
• TCP Three-Way Handshake
• Ports and Services
• Layer 4 Protocols
TCP and UDP Overview:
• TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are
the two main protocols at Layer 4 of the OSI model, responsible for
transporting data between devices.
• TCP provides reliable, ordered data transmission. It ensures that
packets arrive in sequence, without loss or duplication.
• Example: TCP is used for applications like file transfer (FTP) or email
(SMTP), where data integrity is essential.
• UDP offers unreliable, unordered transmission. It is much faster
than TCP but does not guarantee packet delivery or order.
• Example: UDP is ideal for real-time applications like video
streaming or online gaming, where speed is more important than
guaranteed delivery.

on
• UDP is often referred to as a "send and pray" protocol due to its
unreliable nature.
u ti
TCP Three-Way Handshake:
r i b
t between
•
i s
TCP uses a three-way handshake to establish a reliable connection

r D(synchronize)
two devices.
•
packet.
t fo
SYN: The sender initiates a connection with a SYN

SYN-ACK: The receiver responds with o

•
N SYN-ACK (synchronize-
,(acknowledge),
acknowledge), acknowledging the request.
• ACK: The sender sends an ACK
h a confirming the
connection.
N a
devices are readyetotsend and receive data.
• After this exchange, communication can begin, ensuring that both

Ports and Services:

h aje
bspecific services that provide unique functionalities on a
uservice
•
l S
Ports represent
network. Each is associated with a port number.
• o Example: HTTP uses port 80, HTTPS uses port 443, and DNS uses

B y C• port 53.
Well-known ports: Ports numbered 0–1023 are reserved for
S P • commonly used services.

CIS
Ephemeral ports: Ports numbered 1024–65535 are dynamic and
often used for temporary client connections.

for Layer 4 Protocols:

tes TCP: Provides reliable, connection-oriented communication, ensuring data

o
•
integrity by using flow control, error correction, and congestion control.

ell N • UDP: Provides fast, connectionless communication, used where speed is

orn more critical than reliability.

C • SSL/TLS: Protocols used to secure TCP-based communications (like HTTPS),

providing encryption for secure data transmission.

• Layer 4 (Transport Layer) manages the reliable and efficient transportation of data using TCP and
UDP protocols.
• TCP provides reliable, ordered communication, ensuring data integrity, while UDP offers faster,
unordered transmission, ideal for real-time applications.
• The TCP three-way handshake establishes reliable connections, and ports associate specific
network services with unique numbers.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 TCP Three-Way Handshake
Overview of TCP:
Overview of TCP
TCP Three-Way Handshake • TCP (Transmission Control Protocol) is designed to provide reliable,
Steps ordered, and sequenced transmissions across networks. It ensures data
SYN Flood Attack integrity through mechanisms like error correction, flow control, and
Mitigating SYN Flood Attacks retransmission.
• This reliability comes with a performance cost, as TCP needs to
establish a connection before data transmission.
TCP Three-Way Handshake Steps:
Step 1: SYN (Synchronize)
on
•
•
ti
Device A initiates the communication by sending a SYN request to
u
session hijacking.
tr b
Device B, along with a random session ID (e.g., 1000) to prevent
i
D is
for
• Step 2: SYN-ACK (Synchronize-Acknowledge)
•
t
Device B acknowledges the request by sending back an ACK
No
packet that increments the session ID by 1 (1001).
•
h a,
Device B also sends its own SYN request, with a new session ID

Na
(e.g., 2000), so the packet contains SYN-ACK flags.
•
jeet
Step 3: ACK (Acknowledge)

ha
• Device A responds with an ACK packet that acknowledges the
b
new session ID from Device B by incrementing it to 2001.
uthree steps—SYN, SYN-ACK, ACK—complete the connection
•
l S
The

y Co process, establishing a full-duplex communication channel for

reliable two-way data transmission.
B
PSYN Flood Attack:
I SS•
r C In a SYN flood attack, the attacker sends many SYN requests to overwhelm

fo the server’s connection queue.

es The server tries to send ACK packets for each request, but if the
ot
•
requests flood in too quickly, the server’s connection queue fills

ell N up, leading to potential crashes or denial of service.

orn Mitigating SYN Flood Attacks:

C • To prevent SYN floods, organizations can offload the handling of SYN
requests to specialized hardware or SYN proxies at the Application layer.
• The SYN proxy can intelligently filter out malicious SYN requests
and drop them before they affect the system.

• The TCP three-way handshake is essential for establishing reliable connections between devices
using SYN, SYN-ACK, and ACK.
• Although TCP ensures ordered and sequenced communication, it is vulnerable to SYN flood
attacks, which can overwhelm servers by filling up connection queues.
• Implementing SYN proxies can help mitigate these attacks by handling incoming SYN requests
intelligently.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Ports and Layer 4 Protocols
• Ports and Services
• Commonly Used Ports
• Hardening and Securing Ports
• Port Classes
• Layer 4 Protocols: TCP, UDP,
SSL/TLS
Ports and Services:
• Ports equate to services, which are small applications providing specific
functionality (e.g., HTTP, SSH, etc.).
• Each service is associated with a port number, and some are frequently
used, while others are rarely accessed.
• Example: HTTP uses port 80 by default.
Commonly Used Ports:
• FTP (File Transfer Protocol):
• Port 20 (data transfer)
• Port 21 (control)

on
• SSH (Secure Shell):
• Port 22 for secure remote login.
uti
• Telnet:
tr i b
• Port 23 for remote command line access.
• SMTP (Simple Mail Transfer Protocol):
D is
for
• Port 25 for sending emails.
t
No
• HTTP:
• Port 80 for web traffic.
• HTTPS (Secure HTTP):
h a,
Na
• Port 443 for secure web traffic.

et
Hardening and Securing Ports:
je
• If a service is not needed, close the associated port to prevent potential
ha
abuse by attackers.
b
Su
• Use packet filtering to block traffic targeting these ports in the
l header.

y Co
• Hardening involves disabling unnecessary services, blocking dangerous
ports, and applying patches to fix known vulnerabilities.
B
SP
• Example: Instead of HTTP, use HTTPS to encrypt web traffic.

CI S Port Classes:
• Well-Known Ports (0-1023): Used for widely known services like HTTP,

for SMTP, and DNS.

es • Registered Ports (1024-49151): Assigned by IANA for specific services,

ot like UDP 4244 used by Viber (VoIP).

ll N
• Dynamic/Private Ports (49152-65535): Used by applications and

rn e services for temporary communication.

• Example: When initiating a connection, a source port like
C o 52,367 might be dynamically assigned.

• Ports act as gateways for various services, and securing them (via hardening techniques like closing
unnecessary ports or using encryption protocols) is crucial.
• Layer 4 protocols—TCP (reliable) and UDP (fast, unreliable)—play key roles in data transport, while
SSL/TLS ensures secure communication over the Internet.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Ports and Layer 4 Protocols
• Ports and Services
• Commonly Used Ports
• Hardening and Securing Ports
• Port Classes
• Layer 4 Protocols: TCP, UDP,
SSL/TLS
Layer 4 Protocols:
•TCP (Transmission Control Protocol):
• Provides reliable, ordered, connection-oriented
communication, ensuring data is delivered correctly.
• Example: TCP three-way handshake (SYN, SYN-ACK, ACK)
establishes a reliable connection.
•UDP (User Datagram Protocol):
• Provides unreliable, fast, connectionless transmission, often
called “send and pray” because no guarantees of delivery
exist.
Used in scenarios where speed is critical, like streaming or
on
•
DNS requests.
•SSL/TLS (Secure Socket Layer / Transport Layer Security): uti
•
tr i b
SSL/TLS protocols secure communications, such as between
a web browser and a web server.
D is
for
• TLS is the modern, more secure version of SSL and is widely

t
used for encrypted connections across the Internet.

No
h a,
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

Ports act as gateways for various services, and securing them (via hardening techniques
like closing unnecessary ports or using encryption protocols) is crucial. Layer 4
protocols—TCP (reliable) and UDP (fast, unreliable)—play key roles in data transport,
while SSL/TLS ensures secure communication over the Internet.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layer 5 - Session Layer
Role of the Session Layer:
• Role of the Session Layer • The Session layer (Layer 5) is responsible for establishing, maintaining,
• Responsibilities of Layer 5 synchronizing, and tearing down connections between applications on
different devices.
• Layer 5 Protocols: PAP,
CHAP, EAP, NetBIOS, RPC • It ensures smooth communication by creating and maintaining a logical
connection between processes on end hosts.
• Layer 5 Devices: Circuit Proxy
Firewall (Circuit Level Responsibilities of Layer 5:
Gateway) • Interhost communication: Manages dialogue between two devices in a
network.
• Identification and authentication: Ensures that appropriate security
processes (like authentication) are applied during connection establishment.
Layer 5 Protocols:
ti on
i bu
• PAP (Password Authentication Protocol):
s t r
•
i
A basic protocol that transmits passwords in plaintext for

r Dchanges or
authentication.
• Weak security as it doesn't prompt for password
encryption.
t fo
• o
N regular challenges to validate
CHAP (Challenge Handshake Authentication Protocol):
•
the authenticity of a session. a
Provides encrypted transmission , and
h
More secure than PAP butastill used in conjunction with other
t Nsecurity.
•
e
protocols for additional
•
h aandjeflexible,Protocol):
EAP (Extensible Authentication
•
u b certificates forallowing
Extensible
and digital
vendors to incorporate smart keys
authentication.
S in wireless network security protocols (e.g., WPA2) for
lUsed
•
o
y C (Network Basic Input/Output System):
connecting to secure networks and authenticating users.
•
BNetBIOS
P • Alocal legacy protocol enabling communication between devices in a

I SS network, often used to access file shares and printers.

r C • RPC• (Remote Procedure Call):

s fo Allows execution of procedures and processes across a network

between clients and servers.

ote • Facilitates communication and task execution remotely.

ell N Layer 5 Devices:

orn • Circuit Proxy Firewall (Circuit Level Gateway):

C •

•
Provides security by establishing sessions for applications and
controlling access based on session-level data.
Primarily used to monitor connections and ensure they are valid
before data transfer occurs.

• The Session layer is crucial for managing connections and communication between hosts,
providing mechanisms for authentication and ensuring secure, reliable dialogues between
processes.
• Key protocols like PAP, CHAP, EAP, NetBIOS, and RPC provide authentication and communication
services. Circuit proxy firewalls secure sessions at this layer.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layer 5 Devices - Circuit Proxy Firewall
• Role of Circuit Proxy Firewalls
• How Circuit Proxy Firewalls
Operate
• Benefits of Circuit
• Proxy Firewalls
• Comparison with Application
Layer Firewalls
Role of Circuit Proxy Firewalls:
• Circuit proxy firewalls, also known as circuit level gateways, are
Session layer (Layer 5) security devices.
• They focus on monitoring TCP sessions rather than inspecting
individual data packets like firewalls at other layers.
How Circuit Proxy Firewalls Operate:
• These firewalls inspect and track TCP handshakes to ensure a
legitimate connection is established before allowing data to flow.

ti
• Unlike Application layer firewalls, circuit proxy firewalls do not on
i bu
analyze the content of the traffic but instead manage the session
between hosts.
str
D i
Benefits of Circuit Proxy Firewalls:
fo r
• Provide anonymity and protection for internal t
o networks by hiding
N
a, appears as though it
internal IP addresses through Network Address Translation (NAT).
h
NIPaaddress, enhancing security by
• Outgoing traffic from the internal network
t
originates from the gateway's
e
je
masking internal details.

b ha by ensuring that only legitimate connections

• They enhance security
Su helping to prevent unauthorized access.
are established,
l
Co with Application Layer Firewalls:
Comparison
y
• B
S P Circuit proxy firewalls do not filter or inspect individual packets,

CI S while Application layer firewalls analyze traffic in detail, including

content inspection.

for
tes • Circuit proxy firewalls are simpler and faster due to their focus on
managing sessions rather than filtering content, making them more
o
ll N
efficient in certain scenarios.

rn e
C o

• Circuit proxy firewalls at the Session layer focus on securing TCP sessions by managing the
connection's handshake process.
• They offer anonymity and protect internal networks via NAT, ensuring that only legitimate traffic
passes through while hiding internal details from external users.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layer 6 - Presentation Layer
Purpose of the Presentation Layer:
• Purpose of the Presentation
Layer • Layer 6 is responsible for formatting and encrypting data for end
• Key Functions of Layer 6 users.
• Codecs and Malware Risks • Ensures that the data exchanged between applications has
• Importance of Content compatible syntax.
Distribution Networks (CDNs)
• Prepares data for the Application layer (Layer 7) by focusing on
how information is represented visually and in other formats.
Key Functions of Layer 6:
• Translation: Converts data from one format to another to ensure ti on
compatibility across different systems.
i bu
s r
t for
• Encryption/Decryption: Secures data through encryption
transmission and ensures it can be decrypted onrthe
i
D other end.
fo
tfile sizes for
• Compression/Decompression: Reduces o
Noriginal size on the
, speed
transmission and restores them to their
a
a h
receiving end to save bandwidth and up data exchange.
Codecs and Malware Risks: N
je et that allow users to play different types
ha video or audio files).
• Codecs are small programs
b
of multimedia (e.g.,
Suused to handle the compression and decompression
Codecsl are
•
of C o files, reducing their size for efficient transmission.
media
y
• BSecurity risks: Users often download codecs to enable video
P
S playback,
CI S but malware writers frequently disguise malicious
software as codecs, posing a threat.

for
tes Importance of Content Distribution Networks (CDNs):

o • CDNs are networks of servers located globally to deliver content

ell N (e.g., videos) efficiently to users.

orn • Role of CDNs: Helps reduce latency and improve speed by hosting
C media files closer to users.
• CDNs manage the distribution of large media files, overcoming
the limitations of individual codecs by streamlining the delivery of
content such as YouTube videos.

• The Presentation layer focuses on the formatting, encryption, and compression of data to ensure
compatibility for exchange between applications.
• Codecs are essential for handling media compression but pose malware risks.
• Content Distribution Networks (CDNs) mitigate these risks by optimizing the delivery of large
media files globally.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layer 7 - Application Layer
• Purpose and Function of the
Application Layer
• Key Functions of Layer 7
• Security Concerns at Layer 7
• Common Layer 7 Protocols
• Layer 7 Devices
•
•
Purpose and Function of the Application Layer:
• Layer 7 provides the user interface through which users gain access to communication
services and applications.
• It is the topmost layer of the OSI model, where applications interact with the network.
• Most functionality is embedded in this layer, making it the most vulnerable to attacks
and breaches.
Key Functions of Layer 7:
• Provides end-to-end encryption and access control to secure communications.
• Facilitates data exchange between applications across networks, including web
browsers, email clients, and other services.
•
t i on
Handles high-level protocols that end users interact with, such as HTTP, FTP, and DNS.
Security Concerns at Layer 7:
i b u
As the layer with the most user interaction, it is also where the majority ofrsecurity
breaches occur, including code injection attacks, DoS attacks, and data
is t breaches.
exploited by attackers.
f o r D are often
Due to the complexity and vast amounts of application code, vulnerabilities

o
Application security measures (e.g., secure coding, input t validation, and patch
,N
•
management) are critical to protect against these vulnerabilities.
Common Layer 7 Protocols: a
h Used for web traffic, with HTTPS providing
a
tforNtransferring files between systems.
• HTTP/S (Hypertext Transfer Protocol/Secure):

e
encrypted communication.
•
DNS (Domain Nameh
aje
FTP (File Transfer Protocol): Used
•
u b System): Translates domain names into IP addresses.
•
Telnet. l S
Telnet and SSH: Used for remote command-line access; SSH is the secure version of
o Mail Transfer Protocol): Used for sending emails.
C(Simple
•
y
SMTP
• BSNMP (Simple Network Management Protocol): Used for managing network devices.
P
S Layer 7 Devices:
CI S
or
• Gateways: Devices that manage communication between different networks, converting

s f data between protocols if necessary.

o te • Application firewalls: Advanced firewalls that inspect traffic at the application level,
blocking or allowing traffic based on the content of the data (e.g., web content or specific

ll N
applications).

rn e
C o

• The Application layer (Layer 7) provides the user interface for communication services and handles
most application-level protocols.
• It is the most vulnerable layer due to the significant amount of application code involved, making it
a prime target for security breaches and attacks.
• End-to-end encryption, access control, and application firewalls are crucial for securing Layer 7
interactions.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Layer 7 Protocols
HTTP/S (Hypertext Transfer Protocol)
• HTTP vs. HTTPS • HTTP (port 80): The primary protocol used for web communication between
• FTP vs. FTPS vs. TFT browsers and servers.
• PDNS and DNSSEC • HTTPS (port 443): Secure version of HTTP that uses SSL/TLS for encrypting
• Telnet vs. SSH traffic, ensuring secure communication over the internet. HTTPS protects
against interception and tampering.
• SMTP and POP3
• SNMP and its versions FTP/FTPS/TFTP (File Transfer Protocols)
• FTP (ports 20 and 21): Used for file transfers, but is insecure due to the lack of
encryption.
• FTPS/SFTP (port 22): A more secure version of FTP, using SSH to protect file
transfer processes.
•
ti on
TFTP (port 69): A simplified version of FTP, highly insecure, typically disabled
in corporate environments due to lack of security mechanisms.
i bu
DNS/DNSSEC (Domain Name System)
s tr
i
•
between devices on the internet.
f o rD
DNS (port 53): Maps domain names to IP addresses, enabling communication

•
o t and authenticity of
DNSSEC: Adds security to DNS by protecting the integrity

,N
DNS data, preventing spoofing attacks.
Telnet a
hterminal access, but insecure as it
•
transmits data in plaintext. t N
a
Telnet (port 23): A protocol for remote

e
Best practice is to usejSSH
efor secure remote connections instead of Telnet.
•
SSH (Secure Shell) bh
a
S uProvides a secure way to access remote computers, using
l
Co execution,
• SSH (port 22):
public-key cryptography to encrypt data. Commonly used for secure login,
y
command
B (Email Protocols)
and file transfers on remote servers.

PSMTP/POP3
S • SMTP (port 25): Used for sending emails from client to server.
CI S
or
• POP3 (port 110): Used for receiving emails, allowing users to download

s f messages from a server.

o te SNMP (Simple Network Management Protocol)

ll N
• SNMP (ports 161 and 162): Used for network device management, helping

rn e administrators monitor and manage devices.

C o •
•
SNMPv1 and v2: Vulnerable to security risks.
SNMPv3: The latest version, offering enhanced security features such as
encryption and authentication.

• Layer 7 protocols are critical for communication, file transfer, email, and network management.
HTTPS and SSH provide secure alternatives to their insecure counterparts (HTTP, Telnet).
• SNMPv3 and DNSSEC are important advancements in securing network management and domain
name systems, respectively.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Gateways
• Application-Proxy Firewalls
Layer 7 Devices
Gateways
• Definition: A gateway serves as a connection between two different
networks or domains.
• Function: Gateways facilitate communication and data exchange
between networks that may use different protocols or structures,
ensuring seamless connectivity.
Application-Proxy Firewalls
• Definition: A type of firewall that operates at Layer 7 of the OSI model,
providing sophisticated filtering based on application-level data.
t i on
• Capabilities: These firewalls are capable of inspecting the entire
i bu
payload of packets, making intelligent decisions based on
s tr
application-specific content.
D i
fo rblock
based on detailed parameters such as content,o t
• Security Features: Application-proxy firewalls can
headers,
or allow traffic
and even
user authentication.
, N
h athe
• Performance Consideration: Due
N a processing
to complexity of inspection and

e t at lower layers, such

filtering, these firewalls require more power and tend to be

a je
slower than firewalls operating as Layer 3 or Layer

bh
4 firewalls.
u
o lS
B yC
S P
CI S
for
es
ot
ell N
orn
C

• Layer 7 devices, such as gateways and application-proxy firewalls, provide advanced security and
connectivity solutions.
• Gateways connect different networks, while application-proxy firewalls filter traffic based on
application-level data, ensuring detailed, content-aware protection.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Network Administrator
Definition
• Definition of a Network
Administrator • A network administrator is often synonymous with a system
• Responsibilities of a Network administrator, though the roles may slightly differ depending on the
Administrator organization.
• Key Areas of Focus • Typically part of the IT department, a network administrator focuses
on technical management of a network and ensures smooth and
secure operations.
Responsibilities
• Network Configuration: Ensure that the network infrastructure, such
ti on
as servers, routers, switches, and endpoints (desktops, laptops,
i bu
mobile devices), are properly configured for security and
str
performance.
D i
for
• Patch Management: Apply necessary patches and software
t
No
updates to protect the network and systems from known
vulnerabilities.

h a,
• Vulnerability Management: Regularly scan and assess the network
Na
for vulnerabilities and mitigate or fix identified issues to enhance
network security.
jeet
CIA Triad Support ha

S ub Integrity, and Availability (CIA) triad is the

ol of security. Network administrators work to ensure that:
• The Confidentiality,
C
cornerstone
y • Confidentiality is maintained through access control and
P B encryption,
S
CIS
• Integrity is preserved by ensuring correct data

or
transmission and preventing unauthorized modifications,

s f and

o te • Availability is upheld by keeping the network running with

ll N
minimal downtime.

rn e
C o

• Network administrators are responsible for the configuration, patching, and vulnerability
management of network resources.
• They play a key role in maintaining the CIA triad and ensuring the security and smooth operation of
an organization's network.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Convergence and VoIP
• Definition of IP Convergence
• Importance of Converged
Protocols
• Common Converged
Protocols
• VoIP and Security Concerns
• Common VoIP Protocols
IP Convergence
• IP convergence refers to the capability of modern data networks to carry
multiple types of traffic, including data, voice, multimedia, and others.
• This involves supporting different types of traffic, such as SCADA systems and
IP telephony protocols (e.g., H.323 and SIP).
• Adding this functionality introduces vulnerabilities and potential security
concerns due to the lack of built-in security in data networks.
Common Converged Protocols
• Fibre Channel over Ethernet (FCoE): Allows Fibre Channel protocol traffic to be
encapsulated and carried over Ethernet networks.
• Internet Small Computer Systems Interface (iSCSI): Enables SCSI commands

ti on
to be carried over IP networks, often used in storage and backup systems.
•
i bu
Voice over Internet Protocol (VoIP): Enables voice communications over IP

r
networks instead of traditional phone lines. Protocols like H.323 and SIP are
used.
ist
VoIP Security Concerns
D
•
t for
VoIP introduces security challenges due to its transmission over IP networks,

No
which lack native security.

a,
• Common VoIP attacks include eavesdropping, denial-of-service (DoS) attacks,
and phishing via VoIP channels (vishing).
h
Na
• Encryption (e.g., using SRTP) helps protect voice communications but may add

et
latency.

je
Common VoIP Protocols
1.
ha
Secure Real-time Transport Protocol (SRTP):
b
Su
1. Provides encryption, authentication, integrity, and replay attack
l protection for streaming voice and video over IP.

y Co
2. Optimizes bandwidth and has low resource requirements. Described in

B RFC 3711.

SP
2. Session Initiation Protocol (SIP):

CI S 1. Handles the initiation, maintenance, and termination of VoIP

sessions.

for 2. Also supports direct connections between PBX systems and public

es telephony networks.

ot Other Related Terms

ell N • PBX (Private Branch Exchange): A private telephone network for internal
communications within an organization.

orn • PSTN (Public Switched Telephone Network): The traditional copper-wire

C •
telephone network.
InfiniBand: A protocol designed for fast memory access across networks, often
used in machine learning.
• Compute Express Link: A protocol for high-speed connections between CPUs
and devices.

• IP Convergence enables data networks to carry multiple types of traffic, including voice and
multimedia.
• Converged protocols like VoIP, FCoE, and iSCSI have specific uses, but they also bring security
risks.
• VoIP is especially vulnerable and requires protocols like SRTP and SIP to ensure secure
communication.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Vishing
Vishing Definition
• Definition of Vishing
• Attack Methods • Vishing (Voice Phishing) is a form of phishing where the attacker uses
• Difference Between Vishing VoIP to impersonate a known entity (e.g., bank, government agency)
and Smishing to deceive the victim into sharing sensitive information.
• Attackers often spoof familiar phone numbers, making their calls
seem legitimate.
Vishing Attack Methods
• Common tactics include pretending to be from a financial
institution, tech support, or other trusted organizations.
t i on
• The goal is to extract information (e.g., credit card details, bu
ri
passwords) or manipulate the victim into taking harmful tactions,
s
Di
such as visiting a malicious website or making a payment.
r
Difference Between Vishing and Smishing
t fo
N osocial engineering to
a, information or
• Vishing: The attacker calls the victim, using
h
manipulate them into giving away personal
a fraudulent link).
N
completing an action (e.g., clicking a
• Smishing: The attackereuses
j et SMS messages to lure the victim into
b ha
revealing sensitive information by clicking a link or responding to a

Su
message.
l
y Co
P B
I SS
C
for
tes
o
ell N
orn
C

• Vishing is a voice-based phishing attack that manipulates victims through spoofed phone calls,
while smishing uses text messages to achieve similar goals.
• Both forms of phishing rely on social engineering to deceive and steal information from
unsuspecting individuals.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Network Security Attacks
• Network Attack Phases
• Passive vs. Active Attacks
• SYN Scanning and SYN
Flooding
• Denial-of-Service (DoS) and
Distributed Denial-of-Service
(DDoS)
• Man-in-the-Middle Attacks
• Spoofing and Masquerading
Network Attack Phases
• Reconnaissance: Gathering information about the target (IP ranges,
services, OS, etc.). Limiting publicly available information can hinder this
phase.
• Enumeration: Attacker scans for open ports and services, and attempts to
find active accounts.
• Vulnerability Analysis: Attackers search for weaknesses to exploit.
Organizations should run regular vulnerability scans to mitigate this risk.
• Exploitation: The attacker uses the identified vulnerabilities to execute the
attack. Detection mechanisms can help identify this stage.

on
• ARP Poisoning
• ARP Tables
Passive vs. Active Attacks
uti
• Passive Attacks: The attacker does not alter the target’s environment (e.g.,
traffic monitoring).
tr i b
D is
• Active Attacks: The attacker engages with the target to alter systems or

for
data (e.g., SYN flooding or DoS attacks).
t
No
SYN Scanning
• A type of active attack that manipulates the TCP three-way handshake to
a,
identify open services on a target machine.
h
SYN Flooding
Na
jeet
• A Denial-of-Service (DoS) attack where multiple SYN requests are sent to

ha
the target to exhaust resources and cause a crash.

b
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)

l Su
• DoS: One machine disrupts a target’s functionality by overwhelming it with

Co
requests.

By • DDoS: Multiple machines coordinate to overwhelm a target’s resources,

making defense harder.

I SSP Man-in-the-Middle Attack (MitM)

r C • Occurs when an attacker intercepts and potentially alters communication

fo between two parties without their knowledge.

es Spoofing and Masquerading

ot
ll N
• Spoofing/Masquerading: An attacker pretends to be someone or
something else to deceive a system (e.g., IP spoofing).

rn e ARP Poisoning
C o • An attacker alters their ARP table to redirect traffic meant for another
device to their own.
• ARP Tables map IP addresses to MAC addresses, and every device on a
network maintains an ARP table.

• Network security attacks follow phases similar to network assessments but differ during the
exploitation phase. Attacks can be passive (e.g., eavesdropping) or active (e.g., SYN flooding).
• Understanding the difference between types of attacks (DoS, DDoS, MitM, ARP poisoning) is crucial
for implementing detection and preventative measures to protect against network threats.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Passively Eavesdropping
Passive Attacks
• Passive Attacks
• Eavesdropping • In passive attacks, the attacker does not alter the environment or
• Network Sniffing data. The target is unaware of the attack, as no visible impact is
observed.
Eavesdropping
• Eavesdropping involves silently intercepting and reviewing data
meant for others without altering it.
• Often the first stage of a broader attack, the information collected
can later be used in an exploitation phase.
ti on
Network Sniffing
i bu
s tr
i
r D (e.g.,
• Sniffing is another term for passively monitoring network traffic.
o
• The attacker captures data traveling across thefnetwork
t sensitive information).
o
unencrypted emails, login credentials, or other

a
• Sniffing tools can be used to intercept,thisNtraffic without leaving a
trace. a h
etN
h aje
S ub
C ol
B y
I SSP
C
for
tes
o
ell N
orn
C

• Passive eavesdropping is a form of attack where the attacker listens to or monitors traffic without
changing it.
• This is also known as network sniffing and is difficult to detect, making it highly effective for
gathering sensitive information that could be used later in an active attack.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Actively Scanning
Active Attacks
• Active Attacks
• SYN Scanning • Active attacks alter the target system or network traffic, unlike
• SYN Flooding passive attacks. The target is often alerted as it involves interaction
• Tools (e.g., Nmap) with the target system.
• Stealth Scan / Half-Open • Examples include masquerading and denial-of-service (DoS)
Scan attacks.
SYN Scanning
• SYN scanning is used to determine if a port is open or closed by
sending SYN packets.
ti on
• Tools like Nmap can perform SYN scanning, where the following
i bu
steps occur:
s tr
i
D port 80).
•
fo r
Client sends a SYN packet to a specific port (e.g.,
• Target machine responds:
o t
, N replies
• If the port is open, the target with a SYN-ACK

ha ACK, completing the

(synchronization-acknowledge) packet, and the
a
client responds with
connection.N
• If theje etis closed, the target responds with a RST
port

b ha packet, terminating the session.

(reset)

S u/ Half-Open Scan: The attacker can perform a stealth

l
• Stealth Scan
scan byonot sending the final ACK packet, using a RST packet instead.

B yC
This leaves the connection half-open and avoids detection.

S PSYN Flooding
I
C •S
for SYN flooding is a form of denial-of-service attack that abuses the
TCP three-way handshake by sending multiple SYN requests to a
s
ote
target machine.

ll N
• The target system becomes overwhelmed with SYN requests, causing

rn e it to exhaust resources, potentially leading to a crash or

unresponsiveness.
C o

• SYN scanning is an active scanning technique used to discover open or closed ports.
• It manipulates the normal three-way handshake, and attackers can use stealth scanning to avoid
detection.
• SYN flooding is a type of DoS attack that overwhelms a target by sending multiple SYN requests,
consuming its resources.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• SYN Flooding Attack
• Impact on System Resources
• Three-Way Handshake Abuse
• Preventing SYN Flood Attacks
• Role of Proxy, Firewall, IPS
• With many half-open connections, system resources such
SYN Flooding
SYN Flooding Attack
• SYN flooding exploits the TCP three-way handshake mechanism,
where multiple SYN requests are sent rapidly to overwhelm a target
machine.
• The target responds with SYN-ACK packets, assuming these are
legitimate connection requests.
• As the number of SYN requests increases, the target machine's
connection table becomes filled with incomplete connections,
unable to handle new requests.
ti on
Impact on System Resources
i bu
tr
memory and processing power become exhausted. is
as

• The machine's performance degrades, leadingfo

rD
o t to slow response

,N
times, or it may crash entirely or become unresponsive.
Three-Way Handshake Abuse
h a
a
of the target system bye e t N resources
• SYN flooding is an active attack as it disrupts the normal functioning
j exhausting and causing a denial of
service (DoS).
b ha
u the first step of the three-way TCP handshake
SSYN
• The attack leverages
l
o requests but never completing the process with an
by sending
ACK,C
B y leaving connections in a half-open state.

S PPreventing SYN Flood Attacks

CIS • Proxy servers can help prevent SYN flooding attacks by intercepting
for SYN requests and determining if they are legitimate before passing

tes them on to the target system.

N o • Firewalls and Intrusion Prevention Systems (IPS) are also effective

rn ell at detecting and blocking SYN flood traffic, preventing the attack
from overwhelming the target system.
C o

• SYN flooding attacks abuse the TCP three-way handshake by overwhelming a target with SYN
requests, consuming system resources, and potentially causing a denial of service.
• Proxies, firewalls, and IPS devices are effective at detecting and mitigating SYN flood attacks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 IP-Based Attacks
Overlapping Fragment Attacks
• Overlapping Fragment
• Attackers send overlapping fragments that attempt to bypass
Attacks
firewalls and intrusion detection/prevention systems (IDS/IPS).
• Teardrop Attack
• IP Spoofing • By sending fragments, the malicious data can slip past the firewall
• Smurf Attack in pieces.
• Fraggle Attack • Once the fragments are reassembled at the target system, the
attack sequence executes, bypassing security systems.
Teardrop Attack

on
• This TCP-based attack involves sending fragmented packets of
differing sizes and out of order, along with fake sequence
uti
numbers.
r i
The target system struggles to reassemble the packets,twhich leads
b
•
to resource exhaustion, degraded performance, orD s crash
a isystem
(denial-of-service attack).
t for
IP Spoofing
N o
•
if it is coming from a legitimate h
a,
Spoofing is when an attacker disguises their IP address to appear as

Na
source, often to bypass security
checks.
e t
je
ha
Smurf Attack
• Steps: b
Su spoofs their IP address to match the victim’s IP.
• lAttacker

y C• o Attacker sends multiple ICMP echo requests to

B intermediary devices (routers, etc.).

I SSP • Devices respond with ICMP echo replies directed to the

C victim, overwhelming it with traffic and causing a denial-of-

for service (DoS) attack.

tes Fraggle Attack

N o • Similar to a Smurf attack but uses UDP packets instead of ICMP

rn ell packets.

C o • Attacker sends UDP packets to open ports (e.g., ports 7 and 19)
that generate responses, flooding the victim’s network with traffic.
• This attack is aimed at overwhelming the target with massive
amounts of UDP traffic, causing a DoS attack.

• IP-based attacks include fragment attacks like overlapping fragments and teardrop attacks, as well
as IP spoofing attacks such as Smurf and Fraggle.
• These attacks aim to exploit network vulnerabilities, leading to denial-of-service (DoS) or bypassing
security measures by manipulating packet structures or spoofing IP addresses.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 DoS and DDoS Attacks
Denial-of-Service (DoS) Attack
• Denial-of-Service (DoS)
• A DoS attack is when a single machine attempts to deny the
Attack functionality of a system or network by overwhelming it with
• Distributed-Denial-of-Service traffic, requests, or resources.
(DDoS) Attack
• The target machine cannot keep up with the volume of incoming
• Difference between DoS and traffic, which leads to degraded performance or a complete
DDoS service outage.
• Man-in-the-Middle Attack
Distributed-Denial-of-Service (DDoS) Attack
• Spoofing Attack
• In a DDoS attack, multiple compromised machines (often part
of a botnet) work together to overwhelm the target system.
• The attacker first compromises several hosts (e.g., using ti on
malware) and then instructs all compromised hosts to send
i bu
tr
massive traffic or requests to the target, effectively amplifying
s
the attack's power.
D i
•
t for
DDoS attacks are more difficult to defend against due to the
distributed nature of the attack, as traffic appears to come from
numerous sources.
No
Differences between DoS and DDoS
h a,
•
t Na source attempting to overwhelm
DoS: Originates from a single
a target.
je e machines simultaneously attacking
•
bhait more destructive and harder to mitigate.
DDoS: Involves multiple
the target, making
l Su Attack
Man-in-the-Middle
C o
•
By
A man-in-the-middle (MITM) attack occurs when an attacker
intercepts communication between two parties, often altering or
S P stealing the information.
CIS • This attack typically happens in unencrypted communications
or
where the attacker can read or modify data without the parties
s f knowing.

o te Spoofing Attack

ell N • In a spoofing attack, an attacker disguises as a legitimate entity

by forging their identity (e.g., IP address, MAC address) to gain
orn unauthorized access or trick the victim.
C • Common examples include IP spoofing (used in DoS/DDoS
attacks) and email spoofing (used in phishing attacks).

• Denial-of-Service (DoS) attacks are aimed at overloading systems with traffic or requests to deny
functionality.
• A Distributed-Denial-of-Service (DDoS) attack leverages multiple machines to amplify the attack's
impact. Both are serious threats that can incapacitate networks and services.
• Man-in-the-middle and spoofing attacks are additional network attack vectors, with MITM
intercepting communications and spoofing faking identities to manipulate or steal data.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Man-in-the-Middle Attack & Spoofing
Man-in-the-Middle (MITM) Attack
• Man-in-the-Middle (MITM) • A MITM attack occurs when an attacker secretly inserts themselves
Attack between two parties in a communication path, intercepting and
• How MITM Works potentially altering the traffic exchanged between them.
• Spoofing • The attacker can eavesdrop on sensitive data like passwords or
confidential information and modify the communication without either
• Types of Spoofing
party realizing it.
• Limitations of IP Spoofing How MITM Works
1. The attacker places themselves between the communicating entities.
2. They intercept and relay messages between the two parties.
3. Neither party is aware of the interception, assuming they are
communicating directly.
ti on
• Common MITM attack vectors include Wi-Fi eavesdropping, session
i bu
hijacking, and SSL stripping.
str
Spoofing
D i
for
• Spoofing is when an attacker impersonates another entity by falsifying

t
data to gain access or trust. This could involve pretending to be a trusted

No
IP, email, or another entity to deceive the target.

a,
• Spoofing is often used in attacks to bypass security measures like
h
access control lists (ACLs) or deceive systems/users into granting
access.
Na
Types of Spoofing
jeet
ha
• IP Spoofing: The attacker falsifies their IP address to disguise
themselves as a trusted source to bypass filters or firewall rules.
b
Su
• Email Spoofing: Attackers send emails with forged sender addresses to
l
Co
trick users into divulging sensitive information or downloading malware
(often used in phishing attacks).
By • DNS Spoofing: The attacker alters DNS records to redirect traffic to

SP
malicious websites without the user's knowledge.

CI S • MAC Spoofing: Changing the MAC address of a device to bypass network

security or gain unauthorized access to a network.

for • Biometric Spoofing: Falsifying biometric data (e.g., fingerprints, facial

es recognition) to gain access to secured systems.

ot Limitations of IP Spoofing

ll N
• IP Spoofing allows an attacker to send traffic from a forged IP address

rn e but does not allow the attacker to receive responses. Any response is

C o directed to the legitimate IP holder.

• This means attackers can only send traffic, not complete a two-way
communication.

• Man-in-the-Middle (MITM) attacks enable attackers to intercept and modify communications

between two parties without their knowledge.
• Spoofing involves impersonating a trusted entity (IP, email, DNS, etc.) to deceive systems or users.
• While spoofing grants the attacker the ability to send malicious data, certain forms like IP spoofing
prevent them from receiving responses, limiting full two-way interaction.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Common Tools and Protocols Used by Attackers
Ping
• Ping • Utility used to check if a network host is alive and measure response times.
• Traceroute • Often used for troubleshooting but also for reconnaissance by attackers to
identify potential targets.
• ICMP (Internet Control
Traceroute
Message Protocol) • Maps network connections between hosts, showing all the hops along the
• DHCP (Dynamic Host way.
Configuration Protocol) • Can be used by attackers to map the target network, revealing details of the
network infrastructure.
• IpconfigWHOIS
ICMP (Internet Control Message Protocol)
• Dig
• Supports ping and traceroute utilities.
• Putty • ICMP messages provide information such as "Destination Unreachable" (Type

on
• Nmap 3) codes, which are valuable for attackers during network reconnaissance.
• John the Ripper (JtR) DHCP (Dynamic Host Configuration Protocol)
uti
• Netstat •
network.
tr i b
Automatically assigns IP addresses to devices when they connect to a

•
is
Attackers can create a rogue DHCP server to intercept traffic by assigning
D
for
malicious gateway information.
Ipconfig
t
No
• A Windows command used to display network configurations and refresh
DHCP and DNS settings.
WHOIS
h a,
Na
• Tool used to query information about domain ownership and IP address
blocks.
•
jeet
Useful for attackers conducting reconnaissance to gather information about
target organizations.
Dig
bha
Su
• Command-line tool to query DNS records and obtain domain or IP address
information.
l
Co
Putty

By • Terminal emulator and file transfer application supporting protocols like SSH,
Telnet, and SCP.

SP
Nmap

CI S • Popular network scanning tool used to discover hosts, services, and

vulnerabilities on a network by sending packets and analyzing responses.

for John the Ripper (JtR)

es • Password cracking tool used to test the strength of passwords by brute-

ot
forcing or cracking encrypted password files.
Netstat

ell N • Displays active TCP/UDP connections, routing tables, and protocol

rn
statistics.

C o • Useful for identifying open ports and active connections on a system.

Nslookup
• Tool for querying DNS to obtain domain name and IP address mappings,
useful for DNS recon and troubleshooting DNS issues.

• Common network tools like Ping, Traceroute, and Nmap can be used by attackers to gather
information about a target network.
• Protocols such as ICMP and DHCP can be leveraged for reconnaissance or traffic interception.
• Tools like John the Ripper are used for password cracking, while WHOIS, Dig, and Nslookup
provide DNS and domain information useful for attackers during the reconnaissance phase.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• ARP (Address Resolution
Protocol)
• CAM Table
• ARP Poisoning
• Lack of Authentication
• Prevention and Detection
ARP Poisoning
ARP (Address Resolution Protocol)
• ARP maps IP addresses to MAC addresses on a local network.
• When a device wants to communicate, the switch broadcasts a
message asking, "What MAC address belongs to this IP address?"
• The device with the matching IP sends its MAC address back, and the
switch updates its ARP table to store the mapping.
CAM Table
• A Content Addressable Memory (CAM) table is used by switches to

on
map MAC addresses to their corresponding port on the switch.
ti
• If a switch does not have an entry for a particular device, it broadcasts
u
an ARP request to all devices.
tr i b
ARP Poisoning
D is
for
• An attacker can exploit ARP by sending malicious ARP replies,
t
No
tricking the switch into thinking the attacker's device is the legitimate
destination for traffic.

h a,
• The attacker modifies their ARP table to redirect traffic meant for the
legitimate device to their own.
Na
eet
• ARP poisoning allows attackers to intercept traffic and potentially
j
ha
modify or drop it (man-in-the-middle attack).

u b
Lack of Authentication
l Sand
C o
• ARP tables the ARP protocol itself lack built-in security or

B y
authentication
attacks.
mechanisms, making them vulnerable to spoofing

I SSP• Attackers can manipulate ARP replies without needing authorization

C or authentication.

for Prevention and Detection

tes • Monitoring network traffic across segments helps detect unusual
o
ll N
activity, such as ARP poisoning.

rn e • Compensating controls, such as increased logging and

C o monitoring, should be in place to detect anomalies.

• DNSSEC has been developed to prevent similar attacks in the context
of DNS poisoning.

• ARP poisoning exploits the ARP protocol's lack of security to redirect network traffic.
• Attackers can send malicious ARP replies to manipulate MAC-IP mappings in the switch’s CAM
table, enabling them to intercept or alter data.
• Monitoring and implementing compensating controls like logging can help detect and prevent ARP
poisoning attacks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• IEEE 802.11 Standards
• Wireless Authentication
• TKIP (Temporal Key Integrity
Protocol)
• WEP (Wired Equivalent
Privacy)
• Wireless Security Needs
• Wireless Segregation
Wireless Security
IEEE 802.11 Standards
• The IEEE 802.11 family defines the standards for wireless networking
(Wi-Fi).
• Each version (e.g., 802.11a/b/g/n/ac/ax) introduces enhancements in
speed, range, and security features.
Wireless Authentication
• Wireless networks require authenticated key exchanges to ensure
that only authorized users can connect.
• Various protocols such as WPA2 and WPA3 facilitate this secure
exchange.
TKIP (Temporal Key Integrity Protocol)
ti on
•
i bu
TKIP was designed as a temporary solution to replace the insecure
WEP encryption method.
str
•
D i
TKIP improved security without needing to replace legacy hardware that

for
originally used WEP.
WEP (Wired Equivalent Privacy)
t
• No
WEP was the original security protocol for wireless networks but was
a,
found to have serious vulnerabilities.
h
Na
• WPA and WPA2 were developed to replace WEP, offering stronger

et
encryption and key management.
je
Wireless Security Needs
•
bha
Wireless communication requires the following for adequate

Su
protection:
l
Co
• Access Control: Controlling who can connect to the wireless
network.
By • Authentication: Ensuring that users are who they claim to be.

I SSP • Integrity Protection: Ensuring data has not been tampered

r C with during transmission.

fo • Encryption: Encrypting data to protect confidentiality during

es transmission (e.g., WPA2, WPA3).

ot Wireless Segregation

ell N • Segregation of different user groups (e.g., guests, employees,

rn
vendors) into separate wireless networks enhances security.

C o •
•
Each group can be isolated with different security policies.
Guest networks can have limited access, while employee
networks can offer more privileges.
• Network architecture is essential to maintaining segregation and
minimizing vulnerabilities.

• Wireless security depends on authentication, encryption, and segregation.

• The transition from WEP to more secure protocols like TKIP, WPA2, and WPA3 has greatly improved
wireless protection.
• Segregating networks by user type is an effective strategy to further enhance security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Radio Frequency Management
• Definition of Radio Frequency
Management
• Wi-Fi Signal Management
• Wireless Security
Considerations
• Unlicensed Frequencies
• Technologies Utilizing Radio
Frequencies
Definition of Radio Frequency Management
• Radio frequency management involves the careful placement and
control of devices that broadcast wireless traffic to ensure proper
signal coverage and security.
• This helps prevent unauthorized individuals from accessing wireless
networks.
Wi-Fi Signal Management
• For Wi-Fi, access points must be positioned to ensure signals are
strong enough for authorized users inside the building but weak
enough to prevent signal leakage outside.
• Example: Preventing Wi-Fi signals from reaching the
ti on
b
parking lot where potential attackers could attempt to
i u
break into the network.
str
Wireless Security Considerations D i
for
• Managing radio frequencies reduces the risk of attackers using
t
No
unsecured access points to gain unauthorized entry.

a,
• Signal leakage outside a controlled area can expose the network to
attack.
h
Na
et
Unlicensed Frequencies

je
• Certain frequencies, such as 2.4 GHz, 5 GHz, and 900 MHz, are
ha
unlicensed. This means any device or technology can operate within
b
Su
these bands.
• l These frequencies are widely used for Wi-Fi, Bluetooth,

y Co and other technologies, making their management critical

B for security.

I SSP Technologies Utilizing Radio Frequencies

• Bluetooth, cellular, RFID, and Wi-Fi are examples of technologies
r C that use radio frequencies.
fo
es • Despite differences in technology, they all function using
ot emanations of radio waves and must be managed carefully

ll N
to avoid interference and security breaches.

rn e
C o

• Radio frequency management is essential for controlling Wi-Fi signals and protecting
wireless networks.
• It involves managing signal strength to prevent unauthorized access from outside a
building, especially in unlicensed frequency bands like 2.4 GHz and 5 GHz.
• Effective management prevents signal leakage and enhances network security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Wireless Technologies
Definition of Wireless Technologies
• Definition of Wireless
Technologies • Wireless technologies refer to communication without using
physical wires.
• Wi-Fi
• Bluetooth • Data transmission occurs over radio waves in the wireless radio
• Cellular spectrum.
• RFID (Radio Frequency
Wi-Fi
Identification)
• Wi-Fi operates under IEEE 802.11 specifications.

devices. ti on
• Widely used for internet connectivity, printing, and as hotspots for

i bu
•
str
Example: Connecting a computer to a mobile phone’s Wi-
Fi hotspot.
D i
Bluetooth
t for
N o
• Designed for close-proximity wireless communication.

h a, keyboards, mice, and

• Commonly used for devices like wireless
headsets. a
Ncars
t
e for audiousestreaming.
•
je
Example: Modern Bluetooth to connect with

ha
mobile phones
b
Cellular
l Su
• Refersoto mobile communication protocols and standards like CDMA,
y C 3G, 4G, and 5G.
BGSM,
I SSP• 5G is the latest standard, offering faster data speeds and enhanced
connectivity for mobile devices.
r C
fo RFID (Radio Frequency Identification)
s
ote • Involves readers and tags (chips or labels) for wireless tracking.

ell N • Use cases: Asset management and inventory control.

orn • Example: RFID tags on products allow automatic scanning

C and tracking in supply chains.

• Wireless technologies enable communication over radio frequencies without physical cables.
• Key technologies include Wi-Fi (for network connectivity), Bluetooth (for short-range device
communication), Cellular (for mobile phone communication), and RFID (for wireless tracking).
• Each of these plays a critical role in modern wireless infrastructure.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 802.11 Wireless Protocol Family
802.11 Wireless Protocols
802.11 Wireless Protocols
Frequency Ranges • IEEE 802.11 specifications define wireless communication
standards.
Maximum Speeds
Security Concerns • Each protocol in the family offers varying speed and frequency
ranges, evolving to meet growing demand for faster wireless data
transmission.
• 802.11be (Wi-Fi 7) and 802.11bn (Wi-Fi 8) are future iterations, with
Wi-Fi 7 expected in late 2024 and Wi-Fi 8 expected in 2028.
Frequency Ranges
ti on
• Protocols operate across different frequency bands.
i bu
2.4 GHz: More interference but greater range.st r
Di range.
•
5 GHz: Less interference, faster speeds,rshorter
fo 7, offers higher
•
•
o t
6 GHz: Supported by Wi-Fi 6E and Wi-Fi
bandwidth. N
h a,
Na compared to its predecessor:
Maximum Speeds
• Each protocol offers fastert speeds
jee
ha11 Mbps
• 802.11: 2 Mbps
b
Su 54 Mbps
• 802.11b:
• l 802.11g:

y C• o 802.11n: 72 – 600 Mbps

P B • 802.11ac: Up to 1300 Mbps
I SS • 802.11ax (Wi-Fi 6/6E): Up to 10 Gbps
C
for • 802.11be (Wi-Fi 7): Up to 40 Gbps

tes Security Concerns

o
ll N
• None of the 802.11 protocols have native security.

rn e • Wireless security must be added externally via encryption

C o (e.g., WPA2, WPA3).

• The IEEE 802.11 wireless protocol family has evolved from 802.11 with speeds of 2 Mbps to 802.11be
(Wi-Fi 7) capable of reaching 40 Gbps.
• Frequencies range from 2.4 GHz to 60 GHz. However, security is not native to these protocols,
necessitating the use of external security measures like WPA2 and WPA3.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 802.11 Security Solutions
802.11 Wireless Security Standards
• 802.11 Wireless Security • Wireless communication security is essential to prevent unauthorized access,
Standards eavesdropping, and tampering.
• Access Control • The main wireless security standards in use are 802.1X, WPA, WPA2, and the most
recent, WPA3.
• Authentication Methods • WEP (W ired Equivalent Privacy) was the original standard but is
• Encryption considered very weak due to serious vulnerabilities.
• Integrity Protection • WPA (W i-Fi Protected Access) was an improvement on WEP but also
contains weaknesses, primarily due to the use of TKIP.
• WPA2 introduced stronger security with CCMP (AES) encryption and is
still widely implemented.

on
• WPA3, released in 2018, offers better encryption and authentication
mechanisms, including GCMP.
u t i
Access Control
r i b
t requiring
is
• Access control mechanisms define how wireless clients gain access to the network.

rD
• 802.1X is a common standard for dynamic access control,

•
authentication from a central server.

t
Pre-Shared Key (PSK) is another method used, f o especially for home
o
, Nusers.
networks.
Authentication Methods
a
h Protocol) methods are used in
N a
• Authentication verifies the identity of devices and

enterprise networks tfor secure authentication, providing dynamic

• EAP (Extensible Authentication
e
je in personal or small office networks for simpler
aused
encryption keys.
h
ub
• PSK is often
authentication.
S
olensures the confidentiality of wireless data.
Encryption

C
• Encryption
y • WEP
B (weak encryption protocol) was the original standard, now

SP
considered insecure.

CI S • WPA uses TKIP (RC4) for encryption, which has also been proven
vulnerable.

for • WPA2 uses AES (CCMP), which is much stronger and still widely used.

tes • WPA3 further strengthens encryption using GCMP (Galois Counter Mode

o Protocol) or CCMP-AES.

ll N
Integrity Protection

rn e • Integrity protection ensures data hasn't been tampered with.

C o •
•
WEP and WPA lacked strong integrity measures.
WPA2 uses CCMP for integrity, providing both encryption and message
integrity.
• WPA3 enhances this with GCMP, providing even stronger protection
against tampering.

• Wireless security standards have evolved from WEP (weakest) to WPA3 (strongest).
• Key security services like access control, authentication, encryption, and integrity protection are
necessary to secure wireless communications.
• WPA3, the latest standard, provides improved encryption (GCMP) and stronger protection against
tampering and unauthorized access.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Wireless Authentication
• Wireless Authentication
Methods
• Open Authentication
• Shared Key Authentication
• EAP Authentication
• One-Factor vs. Two-Factor
Authentication
• Mutual Authentication
Wireless Authentication Methods
• Wireless networks rely on different authentication methods to control access to
the network.
• Three main methods of wireless authentication include:
• Open Authentication:
• Any device can connect using the network's SSID.
• No security is enabled, making this method vulnerable to
attacks.
• Shared Key Authentication:
• A pre-shared key (PSK) is used, which is a common
password shared across all devices.
• Often used in home networks, but sharing the same key
ti on
among devices can pose security risks.
i bu
•

str
EAP (Extensible Authentication Protocol) Authentication:
•
exchange mechanism.
D i
A more secure option, requiring an authenticated key

•
t for
Provides flexibility for different authentication methods and

No
can support one- or two-factor authentication.
One-Factor vs. Two-Factor Authentication
• One-Factor Authentication:
h a,
Na
• Utilizes a single factor, like a password or network credential, to

et
authenticate users.
•
je
Common EAP-based one-factor methods include:

ha
• EAP-MD5 (less secure, uses MD5 hash).
b
Su
• LEAP (Lightweight EAP, proprietary to Cisco).

l • PEAP-MSCHAP, TTLS-MSCHAP, EAP-SIM.

Co
• Two-Factor Authentication:

By • Adds an additional layer of security by requiring a second factor, such

as a certificate or one-time password (OTP).

I SSP • More robust EAP-based two-factor methods include:

r C • EAP-TLS (Transport Layer Security with certificates).

fo • TTLS with OTP (One-Time Password).

es • PEAP-GTC (Generic Token Card).

ot
Mutual Authentication

ll N
• To achieve the highest level of security, mutual authentication is

rn e recommended.
• Client-side authentication: Ensures the client can verify the

C o •
legitimacy of the access point (AP).
Access point authentication: Verifies the validity of the client
attempting to connect.
• This helps prevent attacks like rogue APs and man-in-the-middle
attacks.

• Wireless authentication methods include open authentication (least secure), shared key
authentication, and EAP-based authentication (most secure).
• EAP allows for one- or two-factor authentication, with two-factor providing stronger security.
• Mutual authentication ensures that both the client and access point verify each other’s legitimacy,
creating a more secure wireless network environment.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Wireless Encryption
Technologies
• Temporal Key Integrity
Protocol (TKIP)
• Counter-Mode-CBC-MAC
Protocol (CCMP)
• WPA and WPA2 Encryption
Wireless Encryption
Wireless Encryption Technologies
• Encryption is crucial in wireless networks to ensure confidentiality,
integrity, and security of the transmitted data.
• Two main encryption protocols are used in Wi-Fi networks:
• Temporal Key Integrity Protocol (TKIP)
• Counter-Mode-CBC-MAC Protocol (CCMP)
Temporal Key Integrity Protocol (TKIP)
• TKIP was designed to fix vulnerabilities in the older Wired Equivalent
Privacy (WEP) encryption.
• Used in WPA (Wi-Fi Protected Access) with a combination of:
ti on
• RC4 stream cipher for encryption.
i bu
•
tr
128-bit per-packet keys, meaning each packet of data
s
i
has a different encryption key to protect against certain
D
for
attacks.
•
t
However, TKIP is vulnerable to attacks because of its backward
No
compatibility with WEP hardware, which carries inherent security

a,
weaknesses.

h
a protocol introduced with WPA2 and
Counter-Mode-CBC-MAC Protocol (CCMP)
•
t N
CCMP is a more robust encryption
WPA3.
je e
•
b ha standard.
Uses AES (Advanced Encryption Standard), which is a widely

Sukeys ensure strong encryption, making CCMP more

accepted encryption
• l
othan TKIP.
AES 128-bit
C
secure
y
• BIt provides both encryption and message integrity, making it resistant
SPWPA and WPA2 Encryption
to common attacks like replay attacks.

CI S
for • WPA (Wi-Fi Protected Access) initially used TKIP to allow for better

tes hardware compatibility with WEP, but it has since been replaced due
to vulnerabilities.
o
ll N
• WPA2 uses CCMP-AES, which significantly strengthens wireless

rn e security, and is the most commonly implemented standard.

C o • WPA3 further improves security with enhanced encryption standards

but is still not as widely adopted.

• TKIP was a short-term fix for WEP vulnerabilities but remains susceptible to certain attacks due to
hardware compatibility issues.
• CCMP-AES, used in WPA2 and WPA3, offers significantly stronger encryption, using 128-bit AES
keys for secure wireless communication.
• CCMP is currently the most secure protocol for wireless encryption.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Wireless Integrity Protection
• Wireless Integrity Protection
Methods
• TKIP (Temporal Key Integrity
Protocol)
• WPA2 (Wi-Fi Protected
Access 2) and CCMP
• Message Integrity Code
(Michael)
Wireless Integrity Protection Methods
• Wireless integrity protection ensures the data sent across a wireless
network hasn't been tampered with during transmission.
• There are two main integrity protection methods:
• TKIP uses Michael for integrity checks.
• WPA2 uses CCMP (with AES) to provide more robust security.
TKIP (Temporal Key Integrity Protocol)
• TKIP was designed to replace WEP (Wired Equivalent Privacy) without
requiring hardware upgrades.

on
• Developed as a short-term solution to address WEP's vulnerabilities,
ti
particularly the weak initialization vector (IV) in WEP, which made it
u
easy to crack.
tr i b
•
D
which improves upon WEP's flawed static key approach. s
Key Mixing: TKIP sends each new packet with a unique encryption key,
i
•
t for
Michael: TKIP uses a Message Integrity Code (MIC) called Michael to

No
check data integrity.

a,
• Michael provides a basic form of integrity control, ensuring

h
packets have not been altered during transmission.
•
Na
However, TKIP is now considered obsolete due to security

jeet
vulnerabilities and is no longer recommended for modern
networks.

bha
WPA2 (Wi-Fi Protected Access 2) and CCMP
•
l Su
WPA2 implements CCMP (Counter Mode with Cipher Block Chaining

Co
Message Authentication Code Protocol), which uses AES for

By •
encryption and integrity.
AES in CBC-MAC (Cipher Block Chaining) mode ensures that both

I SSP encryption and integrity are provided in a secure manner.

r C • CCMP offers much stronger encryption and integrity protection than

fo TKIP, making WPA2 the preferred standard for modern wireless

es networks.

ot Evolution from TKIP to AES

ell N • TKIP was a stopgap solution that allowed older hardware to operate

rn
with better security compared to WEP.

C o • As vulnerabilities in TKIP were discovered, the stronger AES encryption

with CCMP was developed and adopted, replacing TKIP in WPA2.

• TKIP was designed to replace WEP and implemented integrity protection through a Message Integrity
Code called Michael.
• However, TKIP is now considered insecure and is replaced by AES with CCMP in WPA2, which offers
robust encryption and integrity protection.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 VLAN and SDN
VLAN (Virtual Local Area Network)
• VLAN (Virtual Local Area • A VLAN is a technology that allows network administrators to create
Network) local area networks without needing new physical wiring or hardware
• SDN (Software-Defined installations.
Networks) • Layer 3 switches and other technologies help facilitate the creation of
• IEEE 802.1Q Standard VLANs, allowing for more flexible network segmentation.
• SDN Architecture • VLANs are used to isolate different segments of a network for security,
• Northbound and performance, or administrative reasons.
Southbound APIs • Key benefit: Reduces the need for rewiring and provides better network
management by allowing logical segmentation.
• IEEE 802.1Q is the standard that governs VLANs. It defines how VLAN
ti on
i bu
tagging is done to allow traffic from multiple VLANs to travel over a single
network connection.
str
SDN (Software-Defined Networks)
D i
for
• SDN stands for Software-Defined Networks, where the network
t
infrastructure is managed and controlled using software rather than
physical hardware.
No
a,
• SDN allows network configuration to be automated and centrally
h
Na
controlled, making it adaptable to changing demands.

et
• SDN architecture is split into three planes:
•
je
Application Plane: Where applications and services reside.
•
bha
Control Plane: Manages the flow of traffic and network

Su
resources.
l
Co
• Data Plane: Carries the actual data and executes the
decisions made by the control plane.
By Northbound and Southbound APIs in SDN

I SSP • Northbound APIs: Facilitate communication between the application

plane and the control plane. This enables applications to request
r C network resources or configuration changes.
fo
es • Southbound APIs: Manage communication between the control plane

ot
and the data plane. They enable the control plane to instruct the data

ll N
plane on handling traffic.

rn e Key Advantages of SDN

C o • Centralized control over network resources, allowing for easy

configuration and optimization of the network.
• Greater flexibility in adapting the network to meet organizational needs
without manually adjusting hardware.

• VLANs allow the creation of logical local area networks using Layer 3 switches and reduce physical
wiring needs, with IEEE 802.1Q providing the standard for VLAN implementation.
• SDNs manage networks using software, divided into application, control, and data planes, and
leverage northbound and southbound APIs to handle network management and traffic control.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• VLAN Definition
• Virtualization and VLANs
• Security through
Segmentation
• Layer 3 Switch and VLAN
Creation
• VLAN Ports and Isolation
VLAN
VLAN Definition
• VLAN stands for Virtual Local Area Network, a technology that
allows for the virtual segmentation of networks, isolating devices
into separate logical groups without the need for new physical
infrastructure.
Virtualization and VLANs
• Virtualization technologies have existed since the mainframe era
and are a key component of cloud computing today.
• Originally used for isolating environments on mainframes,

on
virtualization now extends to network segmentation via VLANs.
•
uti
VLANs offer a way to separate traffic between devices while using
r i
the same physical network, creating virtual tunnels that link
t b
devices into isolated logical segments.
D is
for
Security through Segmentation
t
VLANs improve security by allowing network traffic to be isolated
No
•
into different segments. For instance, different departments within
a,
a company can have their own VLANs, limiting access to their
h
Na
network resources.
•
jeet
Isolation ensures that devices within the same VLAN can
communicate freely, but devices in other VLANs cannot
ha
communicate without going through a router or firewall, adding a
b
Su
security layer.
l
Co
Layer 3 Switch and VLAN Creation

By • VLANs are typically created using a Layer 3 switch, which can

configure specific ports to be part of a particular VLAN.

I SSP • VLAN segmentation is based on the value and security needs of

r C different segments, enabling tailored network management for

fo diverse use cases.

es
ot
VLAN Ports and Isolation

ll N
• Devices connected to specific ports on a switch that are

rn e configured for the same VLAN are automatically grouped together.

C o • VLAN ports can be reconfigured without needing to rewire the

physical network, making VLANs more flexible and efficient than
traditional LAN setups.

• VLANs allow the segmentation of networks into logical, isolated segments without the need for
physical rewiring, enhancing security and flexibility.
• They are created and managed using Layer 3 switches, where ports can be assigned to different
VLANs based on security and functional needs.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Software-Defined Networks (SDN)
• SDN Definition
• Differences Between SDN
and Traditional Networks
• Centralized Control in SDN
• Planes in SDN: Control Plane
and Data Plane
• SDN enables centralized control
SDN Definition
• Software-Defined Networks (SDN) involve creating and managing
networks using software instead of traditional hardware devices like
routers and switches.
• SDN enables the virtualization of network components, making it
possible to control network behavior dynamically through software
applications.
Differences Between SDN and Traditional Networks
• In traditional networks, physical hardware like routers, switches,
and cabling is responsible for network control and data forwarding.
ti on
• SDN abstracts these hardware elements, allowing software
i bu
tr
applications to mimic the behavior of hardware devices while still
s
i
requiring some physical network components, such as cabling.
D
for
• SDN provides virtualized network functionality, which allows for
t
No
more flexibility and centralized management, compared to static,
hardware-dependent traditional networks.
Centralized Control in SDN
h a,
N a through a control plane that acts
t
emanagement
je
as the brain of the network,
a
understanding the topology and making

b h
all the routing and traffic decisions.
• The centralized
S uoncontrol allows for rapid reconfiguration of the
ol resources. enabling dynamic adjustments to traffic,
network based needs,

yC
security, and

P B
Planes in SDN: Control Plane and Data Plane

I SS • Control Plane: This is the intelligent layer of the SDN, responsible

C for making decisions about packet routing, managing routing tables,
for and deciding how data is forwarded across the network.

tes • Data Plane: The data plane is the execution layer that performs the
o actual forwarding of packets based on instructions from the control

ell N plane.

orn • SDN’s separation of the control and data planes simplifies network
C management and increases flexibility by decoupling decision-making
from physical devices.

• Software-Defined Networks (SDN) enable centralized control and virtualization of traditional

network elements.
• The control plane makes intelligent routing decisions, while the data plane handles packet
forwarding.
• SDN provides flexibility and rapid reconfiguration capabilities compared to traditional, hardware-
based networks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 SDN Architecture
SDN Architecture Overview
• SDN Architecture Overview
• Software-Defined Networks (SDN) architecture separates network
• Application Plane
control from the physical infrastructure, enabling more dynamic
• Control Plane
management.
• Data Plane
• Northbound and Southbound • SDN consists of three main planes: Application Plane, Control
APIs Plane, and Data Plane, each with specific functions.
Application Plane
• The Application Plane hosts applications and services that interact
with the network, such as security controls (firewalls), network
monitoring, traffic management, and reporting tools.
ti on
• Applications on this plane communicate with the Control Plane
i bu
tr
using Northbound APIs to make requests for network resources or to
s
enforce policies.
D i
Control Plane
t for
• The Control Plane acts as the intelligenceocenter of the SDN, where
, N and traffic management.
decisions are made regarding network flow
a
• It controls how data is forwarded h
a within the network by sending
N Southbound APIs.
e t
instructions to the Data Plane via

aje the network's routing, traffic flow, and

• The Control Plane manages
high-level networkhmanagement.
Data Plane
S ub
C
• The DataolPlane is responsible for the actual forwarding of packets
B y the network, executing the instructions provided by the
across

SP• Physical networking devices, such as routers and switches, are

Control Plane.

CI S
or
connected to the Data Plane, making it the execution layer of the

s f SDN.

o te Northbound and Southbound APIs

ell N • Northbound APIs: Facilitate communication between the

rn
Application Plane and the Control Plane. Applications send network

C o requests or commands to the control layer using these APIs.

• Southbound APIs: Facilitate communication between the Control
Plane and the Data Plane. The Control Plane uses these APIs to send
instructions to the physical devices on the Data Plane, telling them
how to route traffic.

• The SDN architecture consists of the Application, Control, and Data Planes. Communication
between these layers is handled by Northbound APIs (Application to Control) and Southbound APIs
(Control to Data).
• The Application Plane sends requests, the Control Plane makes network decisions, and the Data
Plane executes them by routing traffic.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Virtual Private Clouds (VPCs)
Definition of VPC
• Definition of VPC
• Characteristics of VPC • A Virtual Private Cloud (VPC) is a logically isolated section within a
• Isolation in VPC public cloud provider’s infrastructure.
• Benefits of VPC • It is essentially a customizable private network within a public
cloud like AWS, Google Cloud, or Azure.
Characteristics of VPC
• Customizable: Users can define and configure their own network
settings, including IP ranges, subnets, and route tables.
• Logical Isolation: Even though the VPC exists on shared ti on
i bu
infrastructure, the isolation is created using software, not separate
physical hardware.
str
D i
Isolation in VPC
f o r
• VPCs provide virtual isolation by separating t
o network environments
,
through segmentation and access controls. N
h acontrol
• Security Groups, network access a lists (ACLs), and VPN
connections are some of the
e
secure communicationewithin
t Na VPC.
features used to ensure privacy and

h aj
Benefits of VPC
u b
S
l since
C o
• Cost-effective:
infrastructures
VPCs are less expensive than dedicated private cloud
they use shared resources.
• B
y
S P Scalability: Like other public cloud services, VPCs offer easy

CI S scalability, allowing users to adjust resources according to demand.

for • Control: Users maintain fine-grained control over network

tes components, such as firewalls, IP addressing, and routing, ensuring a

balance between security and flexibility.
o
ell N
orn
C

• A Virtual Private Cloud (VPC) is a portion of a public cloud that provides logically isolated,
customizable network environments without separate physical hardware.
• It combines the cost-effectiveness and scalability of public clouds with enhanced security
controls and virtual network isolation.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 IEEE 802.1Q
Definition of IEEE 802.1Q
• Definition of IEEE 802.1Q
• VLAN Tagging • IEEE 802.1Q is a networking standard developed by the IEEE that
• How IEEE 802.1Q works supports Virtual Local Area Networks (VLANs) and Software-
• Relation to SDNs Defined Networks (SDNs).
• It specifies methods for VLAN tagging in network traffic and how this
traffic should be handled by network devices like switches and
bridges.
VLAN Tagging
• VLAN tagging is a process where a VLAN identifier (VLAN ID) is
ti on
added to network frames to indicate which VLAN the frame belongs
i b u
to.
tr
• This ensures that only the designated VLAN receives theis
r Dexplicitly
tagged
traffic, preventing cross-VLAN communication unless
t fo
allowed.
o
How IEEE 802.1Q Works
a ,N
• When a frame is sent across thea h the 802.1Q standard
defines how to add a tag totthe Nframe with its VLAN ID.
network,
e
jethat comply with IEEE 802.1Q are responsible
• Switches and bridges
h a
for ensuring thatbonly the VLAN to which the frame belongs will handle
that traffic, S u
o l maintaining isolation between VLANs.
RelationC
B y to SDNs
S P• Into Software-Defined Networks (SDNs), the 802.1Q standard is used

CI S support VLANs by ensuring that virtualized network components

or
can isolate and direct traffic based on VLAN tagging.

s f • This helps SDN controllers to manage network flows and maintain

o te logical separation of traffic without needing separate physical

ll N
networks.

rn e
C o

• IEEE 802.1Q is the standard that defines VLAN tagging and how switches and bridges handle VLAN
traffic.
• It plays a crucial role in ensuring network isolation and security for VLANs and supports
virtualization technologies like SDNs.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Wide Area Networks (WAN)
Definition of WAN
• Definition of WAN • A Wide Area Network (WAN) connects Local Area Networks (LANs)
• Technologies used in WANs over large geographical areas, often spanning cities, countries, or
• Key WAN Protocols continents.
• Features of WAN • WANs are used to connect multiple LANs, typically using leased
technologies lines, satellite links, or data packet carrier services provided by
telecom companies.
Technologies used in WANs
• WAN technologies include dedicated leased lines, dial-up phone
lines, satellite, microwave links, and data packet carrier services.
• Quality of Service (QoS) is important in WANs, especially when
ti on
bu
handling IP convergence (e.g., voice, data, and video traffic over a
i
single network).
str
Key WAN Protocols D i
for
• X.25: Early WAN protocol known for its error correction capabilities
t
No
but suffers from inefficiency and high overhead.

a,
• Frame Relay: Focuses on speed over error correction and supports
h
both permanent virtual circuits (PVCs) and switched virtual
circuits (SVCs).
Na
eet
• Asynchronous Transfer Mode (ATM): Supports high-speed
j
ha
transmission with connection-oriented virtual circuits that can be
b
permanent or on-demand.

l Su
• Multi-Protocol Label Switching (MPLS): The most advanced WAN

y Co
protocol, MPLS offers built-in security using labeling schemes and
forwarding tables. However, data can still be vulnerable to provider
B snooping, so organizations often choose to encrypt their data.

I SSP Features of WAN Technologies

r C • X.25 is reliable but inefficient due to its focus on error correction.

fo
es • Frame Relay prioritizes speed, with PVCs supporting permanent

ot
links and SVCs allowing for on-demand virtual circuits, similar to

ll N
older PSTN networks.

rn e • ATM combines the best of previous technologies and provides

reliable, high-speed connections for mission-critical traffic.
C o • MPLS offers secure connectivity over provider networks but still
requires additional encryption for highly sensitive data to protect
against potential provider access.

• WANs are essential for connecting LANs across large geographical distances using protocols like
X.25, Frame Relay, ATM, and MPLS. Each protocol has unique features, with MPLS being the most
advanced, providing built-in security and fast, efficient data transmission.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Network
Architecture
• Defense in Depth
• Partitioning & Network
Segmentation
• Bastion Hosts
• Proxies (NAT & PAT)
Network Architecture
Definition of Network Architecture
• Network architecture refers to the design and structure of a
network, encompassing components like network devices
(routers, switches), firewalls, proxies, and segmentation.
• It is responsible for ensuring security, efficiency, and scalability in
an organization's network infrastructure.
Defense in Depth
• Defense in depth is a multi-layered security approach, where
multiple security measures (like firewalls, intrusion detection
systems, and authentication mechanisms) are implemented at
various levels to protect the network.
ti on
•
bu
If one layer is compromised, additional layers still provide security.
i
str
Partitioning & Network Segmentation
D i
for
• Partitioning and network segmentation refer to dividing a network
into smaller, isolated sections or subnets.
t
•
No
This limits visibility of network traffic and restricts access to

a,
certain areas, which can prevent lateral movement of threats within
the network.
h
Na
et
• Switches, routers, and firewalls are used to implement
e
segmentation by controlling access between segments.
j
Bastion Hosts
bha
Su
• Bastion hosts are hardened devices (typically servers) designed to
l
resist attacks and are placed on the perimeter of a network or in a

y Co
DMZ.
B • These devices are exposed to external traffic and are usually

I SSP isolated from the internal network to minimize the risk of

compromise.
r C Proxies (NAT & PAT)
fo
es • Proxies act as intermediaries between clients and external
ot services, providing a layer of anonymity and protection.

ell N • Network Address Translation (NAT) and Port Address Translation

(PAT) are two types of proxies that allow internal devices to access
orn external networks (like the internet) without exposing their real IP
C addresses.
• NAT/PAT acts as a security layer, hiding the internal network
structure and making it harder for external attackers to identify
individual devices.

• Network architecture is vital for ensuring network security and performance. Elements like
defense in depth, partitioning, network segmentation, bastion hosts, and proxies contribute to a
secure network environment.
• NAT/PAT hides internal IPs, while segmentation limits the visibility of network traffic, adding
additional layers of protection.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Defense in
Depth
• Multiple Security Layers
• Layered Security Examples
Defense in Depth
Definition of Defense in Depth
• Defense in depth refers to employing multiple layers of security
controls to protect a network or system.
• It assumes that no single security control is foolproof, so adding
layers ensures that if one control fails, others are still in place to
protect against breaches.
Multiple Security Layers
• This approach includes several concentric layers of defense, each
addressing different areas of security:
ti on
• Policies and Procedures: The outermost layer, which
i bu
governs how security should be implemented and
str
maintained.
D i
•
t for
Environmental Considerations: Includes physical

No
security, building access controls, surveillance, and
securing the physical environment.
•
h a,
Physical Infrastructure: Securing servers, network
Na
devices, and workstations through hardware-based

jeet
measures.

ha
• Operating Systems: Implementing secure configurations,
b
patches, and hardening operating systems to minimize

l Su
vulnerabilities.

y Co
• Software Configurations: This inner layer focuses on
firewall settings, application security, and encryption to
B protect data from external and internal threats.

I SSPLayered Security Examples

r C • Policies and Procedures: Implementing user training programs,
fo
tes security policies, and access control policies.
o
ll N
• Architecture Controls: Firewalls, intrusion detection systems

rn e (IDS), and network segmentation.

C o • Cabling and Switching: Securing physical connections to prevent

unauthorized access to the network.
• Operating System Controls: Enforcing system patching, software
updates, and user privilege restrictions.

• Defense in depth is a security strategy that uses multiple, layered security controls to protect a
network or system.
• Each layer addresses different aspects of security, starting from policies and procedures down to
operating systems and software configurations, ensuring comprehensive protection.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Partitioning (Network Segmentation)
Definition of Partitioning (Network Segmentation)
• Definition of Partitioning
• Partitioning, also called network segmentation, refers to the
(Network Segmentation)
practice of controlling traffic flow between different areas or
• Purpose of Partitioning segments of a network.
• Tools for Partitioning
• Importance of Internet • It ensures that traffic from one part of the network is isolated and
Partitioning cannot be seen or accessed by devices in another segment.
Purpose of Partitioning
• Security and control: Network segmentation helps in enhancing
security by isolating more sensitive areas from less secure
segments.
ti on
i bu
s tr
• Traffic control: Limits the visibility of network traffic to only those
i
who need access, reducing the risk of unauthorized data access.
• Helps mitigate attacks by preventing malicious traffic
fo r D from
spreading across the entire network.
o t
Tools for Partitioning
a , N are used to create
• Devices like switches, routers, and
a h firewalls

tbeNenforced on these devices to manage

logical partitions within the network.

je
• Access control rules can e
and control the flowaof traffic between the network segments.
h
S ub Partitioning
Importance of Internet

C ol external and internal networks is crucial for preventing

• Separating
B y
unauthorized access to an organization's internal network.

S P• Firewalls can enforce rules that:

CIS • Scrutinize incoming traffic: Ensures that only legitimate
for traffic from the internet is allowed into the internal

tes network.

N o • Monitor outgoing traffic: Identifies data loss prevention

rn ell (DLP) concerns and stops malicious or unauthorized

outbound traffic.
C o • Example: An organization's main network should be separated from
the internet by firewalls and other security controls to manage both
incoming and outgoing traffic.

• Partitioning (network segmentation) enhances network security by controlling traffic flow

between different network segments.
• It uses tools like firewalls, switches, and routers to isolate sensitive parts of a network, especially
in relation to internet-facing connections, to protect against internal and external threats.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Network Perimeter
Definition of Network Perimeter
• Definition of Network
• The network perimeter refers to the boundary between an
Perimeter organization's internal network and external networks (such as the
• Security Controls for Network internet). It is the last point of control for protecting internal resources.
Perimeter
• Choke Points • It is analogous to physical security perimeters, where the goal is to
secure the boundary and control entry and exit.
• Importance of Limiting Entry
and Exit Points Security Controls for Network Perimeter
• The perimeter should have preventive, detective, and corrective
controls to stop unauthorized access, detect potential breaches, and

on
respond to attacks.
•
u t
Preventive controls: Firewalls, intrusion prevention systems (IPS),i
access control lists (ACLs), and network segmentation.
tr i b
• s
Detective controls: Intrusion detection systems (IDS), inetwork
monitoring tools, and alerting mechanisms.
fo r D logging,
• Corrective controls: Security incident response
o t protocols,

,N
and traffic filtering or blocking.
Choke Points a
h in a network where all traffic
a
t Nfor centralized control and monitoring.
• Choke points are strategic locations
must pass through, allowing
e
jeexist at the network perimeter, where firewalls
•
h
A choke point should adevices
u b
and other security can enforce rules on both incoming and

l STwo choke points in a network, one between a public and

outgoing traffic.
•
C o
Example:

B ynon-sensitive private network, and another between the non-sensitive

SP security are applied to critical network segments.

and sensitive private networks. This ensures additional layers of

I S
C Importance of Limiting Entry and Exit Points
for Limiting the ingress and egress points to one creates a controlled
tes •
entry and exit, which simplifies monitoring and securing traffic flow.
o
ll N
• A single point of entry and exit reduces potential vulnerabilities and

rn e ensures that traffic analysis and rule enforcement can be effectively

carried out.
C o • Multiple entry points can increase complexity and make monitoring
traffic difficult, just like having multiple doors in a building can make
security hard to manage.

• The network perimeter serves as the boundary of an organization’s internal network, and choke
points allow for centralized monitoring and control of network traffic.
• To strengthen security, organizations should minimize entry and exit points, applying preventive,
detective, and corrective controls at the perimeter.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Network
Segmentation
• Importance of Network
Segmentation
• Public Network vs. Internal
Network
• Risks of Hosting Public
Applications Internally
• Security Benefits of
Segmentation
Network Segmentation
Definition of Network Segmentation
• Network Segmentation refers to dividing a network into smaller,
isolated segments to enhance security and performance.
• Each segment operates independently, with controlled traffic flow
between them through devices like routers, switches, and
firewalls.
Importance of Network Segmentation
• Segmentation ensures that sensitive internal resources are not
directly exposed to public networks (like the internet).
• It reduces the attack surface, limiting exposure to external threats
on
and ensuring that critical resources remain secure.
Public Network vs. Internal Network uti
•
tr i b
The public network represents the internet, while the sensitive
D i
private network contains internal devices and sensitives
for
applications.
• t
To enable communication with external entities (e.g., customers,
No
business partners), organizations need to host specific
a,
applications such as e-commerce websites or email servers.
h
Na
Risks of Hosting Public Applications Internally

et
• Security risks arise when public-facing applications, like an e-
je
commerce platform or email server, are hosted within the
ha
internal network.
b
Su
• Hosting these applications internally would allow external users
l
from the public network to access the internal environment,

y Co
exposing critical assets to potential attacks.
BSecurity Benefits of Segmentation

I SSP • By segregating public-facing applications and internal networks,

organizations can ensure that public users can interact with
r C designated services (e.g., web servers or email systems) without
fo gaining access to internal systems.
es
ot
• Firewalls and routers are used to filter traffic between network

ll N
segments, allowing controlled access while protecting sensitive

rn e •
data from external threats.
Best practices suggest hosting public-facing services (like
C o websites or email) in a DMZ (Demilitarized Zone) to maintain
security separation between public and private networks.

• Network Segmentation is crucial for separating public-facing applications from

sensitive internal networks.
• Hosting public applications on the internal network would expose critical assets to
security risks, making segmentation vital for maintaining a secure and well-controlled
network environment.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Bastion Host
Definition of Bastion Host
• Definition of Bastion Host
• A Bastion Host is a hardened server or device that sits in a
• Location of Bastion Hosts controlled, exposed network environment, specifically the
• Demilitarized Zone (DMZ) DMZ.
• Services in the DMZ
• The term "bastion" refers to a fortified or protected
• Boundary Router environment, designed to withstand attacks.
Location of Bastion Hosts
• Bastion hosts are typically found within the DMZ, an isolated
subnetwork positioned between the internal network and the
internet.
• ti on
They serve as a layer of defense, shielding the internal network
by handling public-facing services.
i bu
str
Demilitarized Zone (DMZ)
D i
for
• The DMZ is a subnetwork used to segregate public-facing
services from the internal network.
t
• It acts as an intermediary between theNointernal network and the
internet, and the organization has,control over the DMZ.
a ha email servers, and remote
t Nplaced in the DMZ for controlled
• Web applications, DNS servers,
access systems are often
e
aje
access.
h
ub public-facing services that need to be
Services in the DMZ
The DMZShouses
ol systems.
•
accessible to the internet but should remain isolated from
y C
internal
• B Applications and hosts in the DMZ are typically hardened
I SSP (secured against attacks) and serve as fortresses to protect
against threats from the internet.
C
for Boundary Router
tes • A boundary router is positioned between the DMZ and the
o internet.
ell N • This router acts as a simple firewall, analyzing packet headers
orn and controlling traffic based on source and destination IP
addresses and ports.
C • It controls the ingress and egress of traffic between the internet
and the DMZ.

• A Bastion Host is a fortified server placed in a DMZ to handle public-facing services securely.
• The DMZ provides a buffer zone between the internal network and the internet, controlled by
boundary routers to manage traffic flow and enhance network security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of
Microsegmentation
• Traditional Network Setup
• Microsegmentation in
Virtualized Networks
• Benefits of Microsegmentation
• Technologies Supporting
Microsegmentation
Microsegmentation
Definition of Microsegmentation
• Microsegmentation refers to the practice of dividing networks into
smaller, isolated segments at a granular level using virtualization
technologies.
• It allows organizations to control traffic and enforce security policies
within each segment.
Traditional Network Setup
• In traditional networks, different servers like web, FTP, and mail servers
are typically located within the same DMZ behind a physical firewall.
• The firewall rules are loose to allow traffic for web (HTTP), FTP, and SMTP

on
services.
• ti
Disadvantage: If a server (e.g., the web server) is compromised, attackers
u
i b
can gain a foothold in the network and potentially move laterally to other
tr
servers.
Microsegmentation in Virtualized Networks
D is
•
t for
Virtual firewalls can be deployed in front of each server at low cost,

No
creating separate DMZs for each server (web, FTP, mail).

a,
• Each virtual firewall can have strict firewall rules for its respective

h
server, such as allowing only web traffic for the web server, only FTP

Na
traffic for the FTP server, etc.
•
jeet
Benefit: If one server is compromised, attackers cannot easily move to
other servers as they must still penetrate other firewalls.

bha
Benefits of Microsegmentation
•
l Su
Tighter security: Each segment has specific firewall rules, making it

Co
more difficult for attackers to bypass security.

By • Lateral movement prevention: If an attacker breaches one segment,

they cannot easily access others.

I SSP • Granular firewall rules: More precise control over traffic and security in
each segment, enhancing network protection.
r C Technologies Supporting Microsegmentation
fo
es • Network overlays/encapsulation: Virtual networks that are overlaid on

ot
top of physical networks.

ll N
• Distributed firewalls: Multiple virtual firewalls deployed across

rn e segments.

C o • Distributed routers: Routers that distribute routing rules to individual

segments.
• IDS/IPS: Can be deployed to protect individual network segments.
• Zero Trust Architecture (ZTA): Microsegmentation supports granular
trust zones within ZTA.

• Microsegmentation enables the virtualization of networks into smaller segments, each with
individual firewall rules, enhancing security and preventing lateral movement of attackers.
• Technologies such as distributed firewalls and IDS/IPS further support this approach, providing
granular protection for each network segment.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Proxy
• Function of Proxy in Networks
• Role in Security
• Layer 7 in OSI Model
• Example of Web Proxy Usage
Proxy
Definition of Proxy
• A proxy is a device or application that acts on behalf of a user or
application, typically facilitating connections between a client and
a server.
Function of Proxy in Networks
• Proxies serve as an intermediary between a client and a server,
managing and directing both outgoing and incoming traffic.
• In network communication, the client perceives a direct

ti on
connection to the server, but the server recognizes the connection
as being from the proxy.
i bu
Role in Security
s tr
i
D security
•
o rdestinations.
Proxies are often used to filter requests and enforce
f
t
rules by blocking traffic destined for malicious
o
Proxies provide enhanced security by N
•
a ,cancontrolling what content can

ah
reach the client and what the client access, thus minimizing

tN
exposure to threats.

e e
ajfound
Layer 7 in OSI Model
• h
b they handle
Proxies are usually at Layer 7 (Application layer) of the OSI
S u
model because intelligent routing and decision-
makingo l regarding application-level traffic.
C
y of Web Proxy Usage
B
Example

I SSP• Amalicious
web proxy is used to filter web traffic. It can block access to
C domains or unsafe content, ensuring that the user is

for not inadvertently exposed to harmful websites.

tes
o
ell N
orn
C

• A proxy acts as an intermediary between a client and a server, enhancing network security by
filtering and blocking malicious traffic.
• By making intelligent decisions at the Application layer (Layer 7), proxies help enforce rules that
secure the environment from potential threats.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of NAT
• Function of NAT in Networks
• Definition of PAT
• Role of PAT in Port Translation
• NAT and PAT in Security
• Port Address Translation (PAT) is an extension of NAT that
NAT and PAT
Definition of NAT
• Network Address Translation (NAT) is a mechanism that translates
private IP addresses into public IP addresses and vice versa,
allowing devices on a local network to communicate with external
networks, like the internet.
Function of NAT in Networks
• NAT masks internal IP addresses by converting non-routable,
private addresses (e.g., 10.0.0.50) to routable, public addresses (e.g.,
199.53.72.2), enabling devices to communicate externally.
ti on
Definition of PAT
i bu
tr
unique port number to each outgoing request, enablingis
assigns a

rD
multiple
f o
devices to use the same public IP address simultaneously.
t
o
, N is associated with a
Role of PAT in Port Translation
a
h to port 1058), allowing
• PAT ensures that each outgoing connection
a
t N through the same public IP while
unique port (e.g., port 1037 is translated

je e
multiple devices to communicate
maintaining unique connections.
h a
ub
NAT and PAT in Security
S
C ol networks.
•NAT and PAT add a layer of security by hiding internal IP addresses

B y reconnaissanceThisonmakes
from external
perform
it more difficult for attackers to
the internal network structure, as the
S Pinternal IP addresses are masked.
CIS
for
tes
o
ell N
orn
C

• NAT translates private IP addresses to public ones, allowing internal devices to communicate with
the internet.
• PAT ensures that multiple devices can share a single public IP address by assigning unique ports to
each connection, providing both efficiency and an additional layer of security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Firewalls and Firewall Technologies - 1
What is a Firewall?
• What is a Firewall?
• Firewall Functions • A firewall is a preventive security control used to enforce security
• Types of Firewalls rules between two or more networks.
• Pros and Cons of Different • It works by filtering network traffic based on a set of predefined rules
Firewall Technologies to either allow or block traffic.
• Firewalls are typically deployed between an internal network and the
internet but can also segment internal networks for additional security.
Firewall Functions
• Traffic filtering: Firewalls inspect and control both incoming and
outgoing network traffic. ti on
• Rule-based: Firewalls operate based on predefined rules,rib
u
determining which packets are allowed or denied basedis ont criteria like
IP addresses, ports, and protocols.
f o rD
t stopping
unauthorized access before it occurs. No
• Prevention: Firewalls serve as preventive controls,

Types of Firewalls h a,
1. Packet Filtering Firewallst N
a
je e
ha
• Simple packet filtering operates at Layer 3 of the OSI model
b
(Network Layer).

l Su packet filtering tracks the state of active

• Stateful

y Coconnections, ensuring that traffic is legitimate and tied to a

P B valid session.

I SS 2. Circuit-Level Proxy Firewalls

C • Operates at Layer 5 (Session Layer).

for • Monitors session initiation processes (like TCP
tes handshakes) to ensure the session is legitimate but does not
o inspect the data being transmitted.

ell N 3. Application-Level Proxy Firewalls

orn
C •
•
Operates at Layer 7 (Application Layer).
Inspects application data in the network traffic (e.g., HTTP,
FTP) and filters based on application behavior.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Firewalls and Firewall Technologies - 2
Pros and Cons of Different Firewall Technologies
• What is a Firewall?
• Firewall Functions • Simple Packet Filtering Firewalls
• Types of Firewalls • Pros: Fast, low processing overhead, easy to implement.
• Pros and Cons of Different
• Cons: Only checks basic information like IP addresses and
Firewall Technologies
ports, offering limited protection.
• Stateful Packet Filtering Firewalls
• Pros: Monitors the state of active connections, more secure
than simple packet filtering.
•
ti on
Cons: Increased complexity, higher resource consumption.
• Circuit-Level Proxy Firewalls
i bu
Pros: Protects the session layer, monitors foris
tr
rD
• legitimate
connections.
f o
t less granular control
•
over traffic. N o
Cons: Does not inspect data, provides

a ,
• Application-Level Proxy Firewalls
a h
• Pros: Deep packet
etN inspection, ability to filter based on

a je
specific applications, provides granular control.
•
u bhanalysis
Cons: High processing overhead, slower performance due to

l S
detailed of traffic.

y Co
P B
I SS
r C
fo
es
ot
ell N
orn
C

• A firewall is a security control that filters network traffic based on predefined rules and is essential
for protecting internal networks from external threats.
• Different firewall technologies offer varying levels of security and performance, from simple packet
filtering to application-level inspection.
• Application-level firewalls provide the most detailed traffic filtering but come with increased
processing overhead.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Context-Based Access Control (CBAC)
Context-Based Access Control (CBAC) Overview
• Context-Based Access
Control (CBAC) • CBAC is a firewall software feature that provides intelligent filtering
• Deep Traffic Inspection of TCP and UDP packets.
• Filtering TCP and UDP • It analyzes the session information at the Application Layer,
Packets allowing the firewall to make more contextual decisions on what
• Session-Based Filtering traffic should be allowed or blocked.
• DDoS Detection
• Key Feature: Instead of just using simple packet filtering, CBAC
allows for deep traffic inspection, meaning it can understand the
context of a connection, including what application protocol is being
used.
ti on
i bu
Deep Traffic Inspection and Filtering
s r
t it can
i
D headers. This
• Deep traffic inspection is a key capability of CBAC, where
filter packets based on their content and not justrtheir
t fo
provides better control and security.
N o
• This inspection also provides real-time
a, protection against threats
like Distributed Denial of Service h (DDoS) attacks.

t Na statistics on network
je
protocols and connections,e which helps with monitoring and
• Additionally, CBAC can give advanced

analysis.
b ha
u
SFiltering
l
Session-Based
o the state and context of a session (similar to stateful
y
• CBAC Ctracks
B
firewalls but with deeper protocol analysis).

I SSP• It dynamically adjusts firewall rules based on the application

C
or
session and related data, allowing it to open and close ports as

s f needed and only for the duration of the session, minimizing risk

o te exposure.

ell N
orn
C

• CBAC adds context awareness to firewall filtering, inspecting traffic at the Application Layer for
enhanced security.
• It allows for deep traffic inspection and provides additional security capabilities, such as DDoS
detection and real-time traffic analysis.
• The main advantage of CBAC is its ability to filter TCP/UDP traffic based on the session state and
content, making it a more advanced and dynamic method of access control compared to traditional
static packet filtering.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Firewall Architectures
• Packet Filtering
• Dual-Homed Host
• Screened Host
• Screened Subnet
• Three-Legged Firewall
• Security Requirements
Firewall Architectures
Overview of Firewall Architectures
• Firewall architectures vary based on organizational needs and technological advancements.
• The architecture of a firewall is crucial in how it handles security, providing different layers of
protection depending on business goals and risk tolerance.
Common Firewall Architectures
1. Packet Filtering Architecture:
• The simplest form of firewall architecture, which filters packets based on
source/destination IP addresses and ports.
• Operates at OSI Layer 3 (Network Layer) and is very fast, but lacks deep security
controls.
• Pros: High speed, low cost.
• Cons: Minimal intelligence, vulnerable to spoofing attacks, no application-level
filtering.
2. Dual-Homed Host Architecture:
ti on
•
external network (like the internet).
i bu
A system with two network interfaces that separates a private network from an

•
tr
A firewall software resides on the host, controlling all traffic between the two
s
interfaces.
D i
for
• Pros: Simple architecture, cost-effective.
• Cons: Single point of failure (host), less flexible.
t
No
3. Screened Host Architecture:
• Adds a bastion host (a hardened server) to the architecture, which serves as an

a,
intermediary between the internal and external network.

h
Na
• A router filters external traffic, forwarding allowed traffic to the bastion host, which
provides application-level security.

et
• Pros: Better security than dual-homed, single point of defense.
•
je
Cons: The bastion host can still be targeted for attacks.

ha
4. Screened Subnet Architecture:

b
Su
• Also known as a Demilitarized Zone (DMZ) architecture.
• Consists of two screening routers, one between the internal network and the DMZ,
l
Co
and the other between the DMZ and the external network.
• Pros: Provides an additional layer of defense; external services (like web or email)

By are isolated in the DMZ.

SP
• Cons: More complex, requires careful configuration of two routers.
5. Three-Legged Firewall Architecture:

CI S • A single firewall with three interfaces: one connected to the internal network, one

r
to the external network (internet), and one to the DMZ.

fo • Allows for secure separation of internal, external, and DMZ traffic with a single

es firewall device.

ot
• Pros: Simplifies network design with fewer devices, flexible rules for controlling
traffic between segments.

ell N • Cons: Potential single point of failure.

rn
Firewall Architecture Considerations

C o •

•
The architecture selected should reflect the security requirements and operational needs of
the organization.
For example, an e-commerce business may require a screened subnet or three-legged firewall
to separate web services from internal databases.
• The cost, complexity, performance, and threat model of the organization should guide the
choice of architecture.

• Firewall architectures are tailored based on an organization’s specific needs, balancing between
security and performance.
• The simplest form is packet filtering, while more sophisticated architectures like screened
subnets and three-legged firewalls offer layered security for sensitive services.
• The DMZ in screened subnet and three-legged firewall architectures helps isolate public-facing
applications, enhancing security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Packet Filtering Firewall
• Packet Filtering Firewall
• Layer 3 (Network Layer)
• Firewall Decision-Making
• Efficiency vs. Intelligence
• Limited Security
• The router filters traffic based on predefined rules set in an Access
Pros
•
Packet Filtering Firewall Overview
• Packet filtering firewalls are the simplest type of firewall, typically
implemented using a router.
• They operate at OSI Layer 3, meaning they can only examine the
header of packets to make security decisions.
• The decision-making process is based on information like source
and destination IP addresses, ports, and protocols.
Functionality
• ti on
This architecture is depicted as a router placed between the internal
network and an untrusted network (such as the internet).
i bu
s tr
i
rD
Control List (ACL), which may include:
t fo
•
o
Allow/Deny rules for specific IP addresses
•
a , N certain services like FTP
Filters based on ports (e.g., blocking
or Telnet)
a h such as TCP or UDP packets.
tN
• Protocol-based filtering,
e
h aje
S ub and speed:
High efficiency Since decisions are made based solely

olfiltering is fast.
on header information without inspecting the content of the packet,
C
packet
• By Low cost: Packet filtering firewalls are simple and cost-effective to
S P deploy.

CIS Cons
for
tes • Limited security: Since only Layer 3 information is analyzed, the
o firewall cannot examine the payload or provide deeper inspection

ll N
into application-level data.

rn e • This makes it susceptible to IP spoofing, fragmentation

C o attacks, and other advanced techniques.

• No session awareness: The firewall does not maintain information
about the state of connections, making it vulnerable to state-based
attacks, such as SYN floods.

• Packet filtering firewalls provide basic security by filtering traffic based on Layer 3 packet
headers.
• Efficiency and low cost are key benefits, but security is limited due to the lack of application-layer
filtering or session awareness.
• Best suited for simple, low-risk environments where speed is a priority and advanced threats are
less likely.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Dual-Homed HostTwo
Network Cards
• Supports All OSI Layers
• Advanced Decision-Making
• Improved Security
Dual-Homed Host
Dual-Homed Host Overview
• A dual-homed host is an improvement over simple packet filtering by
using a computer or intelligent host that has two network interface
cards (NICs).
• This host sits between two networks, typically between the internal
trusted network and an untrusted network (like the internet).
Functionality
• Unlike packet filtering routers, a dual-homed host can operate across
all layers of the OSI model.
• This means the firewall can make decisions based on

i on
application-layer data, session information, and even packet
t
content.
i bu
•
tr
The architecture allows the host to serve as a gatekeeper, managing
s
traffic between two distinct network segments.
D i
for
• Can use advanced firewall technologies like stateful inspection,
t
circuit-level proxy, and application-level filtering.
Pros
No
•
h a,
Increased Security: By having two network cards, the host can

Na
physically separate traffic between the trusted and untrusted

et
networks.
•
je
This makes direct packet forwarding between the two

bha
networks impossible without the host’s decision-making

Su
process.
•
l
Granular Control: The dual-homed host can make more complex

y Co
decisions than simple packet filtering, using techniques like stateful

B inspection or application filtering.

SP
Cons

CI S • Potential Bottlenecks: Since all traffic must go through the dual-homed

for host, it can create a performance bottleneck, especially if the host is

managing a large amount of traffic or performing complex filtering.

es
ot
• Single Point of Failure: The dual-homed host becomes a critical single
point in the network. If it goes down or is compromised, the network

ell N may lose connectivity between segments.

orn • More Expensive: This architecture requires a more intelligent device

than a simple router, potentially increasing the cost.
C Example Use Case
• Commonly used in scenarios where a DMZ (demilitarized zone) is
needed, allowing controlled access to public-facing services (like a
web server) while protecting internal systems.

• A dual-homed host has two network cards and can perform more advanced filtering than a simple
packet filtering router.
• It operates across all OSI layers, making it capable of complex decision-making for traffic between
two network segments.
• While providing enhanced security, it can also introduce bottlenecks and act as a single point of
failure.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Screened Host Firewall Architecture
• Screened Host
• Combination of Packet
Filtering and Dual-Homed
Host
• Bastion Host
• Router as Initial Filter
• Layered Security
Screened Host Overview
• A screened host firewall architecture combines the strengths of both a packet
filtering router and a dual-homed host firewall.
• This architecture is designed to provide multiple layers of security by utilizing both
technologies to control traffic flow.
Components
1. Packet Filtering Router:
• Acts as the first line of defense, performing initial filtering of incoming
packets. It makes basic decisions based on Layer 3 (Network layer)
information like IP addresses and ports.
• If traffic is allowed through, the router forwards it to the bastion host for
further inspection.
2. Bastion Host:
ti on
•
i bu
The bastion host is a more advanced firewall device that provides detailed

or application-level proxy firewall.

str
traffic inspection. It can be any type of firewall technology, such as a stateful

•
D i
The bastion host adds an additional layer of filtering by inspecting traffic at

for
higher layers of the OSI model, such as application data.
Advantages
t
• Layered Security:
No
•
h a,
The packet filtering router performs basic checks before allowing any traffic
to reach the bastion host. This creates a layered defense system, making it

Na
harder for attackers to penetrate.
•

jeet
Attackers must first bypass the router before attempting to compromise the
bastion host.
•
bha
Performance Optimization:

Su
• The router handles simpler decisions, reducing the load on the bastion host,

l
which only processes traffic that has passed the first layer of filtering.

Co
• Versatility:

By • The bastion host can be highly customized, with various firewall technologies
applied based on specific security needs (e.g., application-level filtering,

SP
stateful inspection).

CI S Disadvantages

for • Complex Configuration:

• Configuring both the packet filtering router and bastion host correctly can

es be challenging and may require more technical expertise.

ot • Potential Bottlenecks:

ll N
• If the router or bastion host becomes overloaded with traffic, it can cause a

rn e performance bottleneck, particularly with higher levels of inspection on the

bastion host.

C o Example Use Case

• Commonly used in environments where an organization wants two layers of traffic
filtering. For example, in an e-commerce environment, the router would handle
general traffic filtering, while the bastion host would inspect deeper for malicious
application data or unauthorized access attempts.

• The screened host architecture combines a packet filtering router with a bastion host, providing
multiple layers of filtering and enhanced security.
• Attackers would need to bypass the router before targeting the bastion host, offering layered
defense.
• This architecture offers versatility but can be complex to configure and may experience
bottlenecks under heavy traffic loads.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Screened Subnet Firewall Architecture
• Screened Subnet
• Two Firewalls
• DMZ (Demilitarized Zone)
• Traffic Segmentation
• Vendor Diversification
Screened Subnet Overview
• A screened subnet architecture is a more advanced firewall design where two firewalls are
deployed.
• This architecture creates an isolated subnet or DMZ (Demilitarized Zone) between the
external and internal networks.
Com ponents
1. Two Firewalls:
• The first firewall separates the external network (often the Internet) from the
DMZ. This firewall filters incoming traf fic to the public-facing servers in the D MZ.
• The second firewall separates the DMZ from the internal network, providing
another layer of security for sensitive internal resources.
2. DMZ (Demilitarized Zone):

on
• The D MZ acts as a buffer zone between the public and internal networks.
•

uti
Pub lic-facing services like web servers, mail servers, and D NS servers can
reside in the DMZ, making them accessible to external users while limiting
access to the internal network.
tr i b
Advantages
• Enhanced Security:
D is
for
• The dual-firewall setup creates two layers of defense, making it difficult for
attackers to reach the internal network.
t
No
• If an attacker compromises the D MZ, they still need to bypass the second

a,
firewall to access internal resources.

h
• Traffic Segmentation:

Na
• The architecture allows for sp ecific traffic routing—external traffic is directed

et
only to the DMZ, while the internal network remains isolated. This segmentation
limits the spread of attacks.
je
ha
• Vendor Diversification:

b
• Using two firewalls from different vendors reduces the risk that a vulnerability

Su
in one firewall will affect the entire system. If one firewall has a weakness, the

l
second firewall from a different vendor is unlikely to have the same vulnerability.

Co
Disadv antages

By • Cost:
• The deployment of two firewalls increases the cost of both hardware and

SP
software.

CI S • There is also an increase in maintenance and management costs, as both

firewalls need to be monitored and updated regularly.

for • Com plexity:

s
• Configuring and managing two firewalls requires more technical ex pertise and

ote • Latency:
careful coordination, especially if they are from different vendors.

ll N
• The extra layer of security can introduce network latency, particularly if both

rn e firewalls are performing deep packet inspection and other resource-intensive

tasks.

C o Example Use Case

• Commonly used by organizations that require public-facing services (e.g., e-commerce
websites) but also need to ensure that sensitive internal data is highly protected.
• For example, a bank might use a screened subnet architecture to host its public banking
services (e.g., online banking) in the DM Z, while ensuring its internal financial systems remain
protected behind a second firewall.

• A screened subnet architecture uses two firewalls to create a DMZ between the external and
internal networks.
• It provides enhanced security and traffic segmentation by isolating public-facing services from the
internal network.
• While costly and complex, using two firewalls from different vendors increases security by
mitigating the risk of a shared vulnerability.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Three-Legged Firewall Architecture -1
• Three-Legged Firewall
• Three Connection Points
• Multiple Zones
• Security Customization
• Versatility
Three-Legged Firewall Overview
• A three-legged firewall is a type of firewall configuration where the firewall has
three connection points (interfaces) that allow the creation of three distinct
network zones.
• These zones typically include:
• External Network (Internet)
• DMZ (Demilitarized Zone)
• Internal Network
• This architecture can also support additional connection points if needed,
depending on the organization’s security requirements.

on
Key Features
• Multiple Zones:
uti
•
tr i b
The firewall can support three or more distinct network zones:
•
(e.g., the Internet).
D is
External Network: Represents the untrusted, public network

•
t for
DMZ: A zone where public-facing servers (e.g., web servers,

No
mail servers) reside. These servers need to be accessible
from the external network.
•
h a,
Internal Network: Contains highly sensitive data and is not

Na
accessible directly from the external network.

et
• Traffic Control:
•
je
The firewall controls traffic between the three zones, allowing

ha
specific rules and policies to be applied to each connection point.
b
Su
• For example:

l • Traffic from the external network to the DMZ might allow

y Co HTTP/HTTPS traffic to reach a web server.

B • Traffic from the DMZ to the internal network may be strictly

SP
controlled, allowing only certain types of connections, such
as database queries from a web application.

CI S Security Customization

for • The three-legged firewall allows for customized security policies tailored to

es the needs of each network zone.

ot
• For instance, the firewall could apply lenient rules for the external

ll N
network, stricter rules for the DMZ, and the strictest rules for traffic
moving into the internal network.

rn e • Granular Security:

C o • This setup ensures granular security, where different services and

applications are separated by distinct zones, thus limiting the risk of
lateral movement in the event of a breach.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Three-Legged Firewall Architecture - 2
Versatility and Scalability
• Three-Legged Firewall • The three-legged firewall architecture is highly versatile.
• Three Connection Points • It can be deployed with any number of zones, making it flexible for
• Multiple Zones growing organizations that need to add new services or network
• Security Customization segments over time.
• Versatility • Firewall Technologies:
• Various firewall technologies can be employed at each connection
point, including packet filtering, stateful packet inspection, or
application-layer firewalls, depending on the organization's security
needs.
Advantages
• Cost-Effective:
ti on
•
bu
Compared to more complex architectures like screened subnets, a
i
tr
three-legged firewall is often more cost-effective, requiring fewer
s
hardware devices.
D i
for
• Simplified Management:
•
t
Since the firewall is controlling multiple zones from a single device,

No
the management and monitoring of network traffic are centralized,

a,
reducing administrative complexity.
Disadvantages
h
• Single Point of Failure:
Na
•
jeet
If the firewall fails, all three network zones become inaccessible,

ha
making this a single point of failure. Therefore, high availability
features or redundancy may be necessary.
b
Su
• Resource Intensive:
l
Co
• The firewall must handle traffic for three separate zones, which can
increase processing load, especially if deep packet inspection or

By complex rules are applied. This can slow performance if not properly

SP
sized.

CI S Example Use Case

• A three-legged firewall is ideal for small to medium-sized businesses that

for want to securely host public-facing applications (e.g., websites) in a DMZ while

es maintaining strong security for their internal networks.

ot • For example, an e-commerce company might use a three-legged firewall to

ll N
separate its public web server from its payment processing system in the
internal network, ensuring that external users never directly access sensitive

rn e data.

C o

• A three-legged firewall has three connection points that create multiple network zones: the
external network, DMZ, and internal network.
• This architecture allows for customized security policies between zones and provides cost-
effective network protection.
• While versatile, it can be a single point of failure and may require resource-intensive
management.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Data Inspection
• Intrusion Detection System
(IDS)
• Intrusion Prevention System
(IPS)
• Network-based vs. Host-
based
• Mirror/Span/Promiscuous
Port
• Detection Methods
• Ingress and Egress Monitoring
• Whitelisting and Blacklisting
IDS and IPS - 1
Data Inspection
• The process of monitoring and examining data traveling across the
network or being processed by host devices to identify suspicious or
malicious activity.
• Key Function: Ensure that all traffic is scrutinized for anomalies, policy
violations, or malicious behavior.
Intrusion Detection System (IDS)
• IDS performs data inspection to detect intrusions, log the activity, and
generate alerts.
• Detects potential security threats but does not actively block
on
traffic.
uti
Actions: Logs, alerts, and sometimes triggers other devices to
•
take action (e.g., firewalls).
tr i b
•
D is
Main Role: Acts as a monitoring tool, enabling administrators

for
to investigate and respond to incidents.
t
No
Intrusion Prevention System (IPS)
• IPS also inspects data, but unlike IDS, it prevents or mitigates intrusions
by actively blocking traffic.
h a,
•
Na
Additional Action: Automatically takes corrective measures

et
(e.g., dropping malicious packets, resetting connections).
je
ha
• Main Role: Provides real-time protection by actively stopping
threats.
b
Su
Types of IDS/IPS
l
Co
1.Network-Based IDS/IPS (NIDS/NIPS)

By • Monitors network traffic across entire segments and detects

threats targeting any device on the network.

I SSP • Best for monitoring network-level threats.

r C 2.Host-Based IDS/IPS (HIDS/HIPS)

fo • Monitors activities on a specific host (e.g., server or endpoint)
es and detects threats targeting the individual host.
ot
ll N
• Best for monitoring insider threats and host-specific attacks.

rn e Mirror/Span/Promiscuous Port

C o • Promiscuous mode: A specific port on a network device (e.g., a switch) is

set to receive all traffic for monitoring purposes.
• Used by IDS/IPS systems to inspect all network traffic without interrupting
normal traffic flow.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Data Inspection
• Intrusion Detection System
(IDS)
• Intrusion Prevention System
(IPS)
• Network-based vs. Host-
based
• Mirror/Span/Promiscuous
Port
IDS and IPS - 2
Detection Methods
1.Pattern/Signature-Based Detection
• Detects threats by comparing traffic patterns against a
database of known attack signatures.
• Effective for known threats, but cannot detect zero-day
attacks.
2.Anomaly-Based Detection
• Detects threats by identifying unusual behavior or deviations
from normal network traffic patterns.

on
• Detection Methods • Useful for detecting new or unknown threats but may lead to
• Ingress and Egress Monitoring false positives.
uti
• Whitelisting and Blacklisting Ingress and Egress Monitoring
tr i b
• Ingress: Monitoring of incoming traffic into a network.
D is
for
• Egress: Monitoring of outgoing traffic from a network.

t
• Key Role: Ensures both incoming and outgoing traffic is inspected for

No
malicious behavior, preventing data exfiltration or external threats.

a,
Whitelisting and Blacklisting
h
Na
• Whitelisting: Only allows traffic from specific trusted IP addresses; all

et
other traffic is blocked.
•
je
Pro: Highly secure but may block legitimate traffic

ha
unintentionally.
b
Su
• Blacklisting: Specifically blocks traffic from known malicious IP
l
addresses; all other traffic is allowed.

y
•
Co Pro: Easier to implement, but new or unknown threats might
B bypass the blacklist.

I SSP
r C
fo
es
ot
ell N
orn
C

• IDS and IPS systems perform data inspection, with IDS focusing on detection and IPS providing
prevention.
• IDS/IPS systems can be network-based or host-based, with different monitoring approaches for
traffic and host activities.
• Detection methods include signature-based for known threats and anomaly-based for unknown
or evolving threats.
• Ingress and egress monitoring are key for securing traffic flow, and whitelisting/blacklisting
strategies add additional layers of protection.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Definition of Data Inspection
• Virus Scanning
• Stateful Inspection
• Content Inspection
Data Inspection
Definition of Data Inspection
• Data inspection refers to the process of monitoring and examining
transmitted data to ensure compliance with security rules.
• It focuses on detecting unauthorized or malicious data and triggering
appropriate actions when a violation is detected.
Virus Scanning
• Function: Scans files for known malware or virus signatures.

on
• Mechanism: Compares files against a database of known malware
signatures to detect malicious content. t i
u the
• Example: Antivirus software scanning email attachments to
tr i b
block
delivery of infected files. is
Stateful Inspection
fo rD
• Function: Tracks and analyzes the stateN ofo
t
communications between
systems.
h a,
• Mechanism: Maintains a dynamic
t Na state/context table to follow the
je e
status of active network connections.
• Example: A firewall
b hathat inspects and tracks connection states to

S uaccess.
ensure that only valid communication flows are allowed, preventing
ol
unauthorized
C
y Inspection
Content
B
S P• Function: Inspects transmitted mobile code or content for compliance
CIS
with defined security rules.

for • Mechanism: Scans active content, like JavaScript or embedded

tes scripts, to prevent harmful code from executing.

o
ll N
• Example: Web gateways filtering web traffic to block malicious scripts

rn e or disallowed content from being delivered to users.

C o

• Data inspection ensures transmitted data adheres to security rules by identifying threats like
malware or harmful scripts.
• The key methods include virus scanning, stateful inspection, and content inspection, all of which
add layers of defense.
• Proper data inspection safeguards the network by actively monitoring and responding to potential
security threats.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Network-Based vs. Host-Based IDS/IPS
• Definition of Network-Based
IDS/IPS
• Definition of Host-Based
IDS/IPS
• Key Differences Between
Network-Based and Host-
Based
• Pros and Cons of Network-
Based IDS/IPS
Network-Based IDS/IPS (NIDS/NIPS):
• Monitors entire network traffic passing through strategically placed sensors
on network segments.
• Can detect malicious activity across the network, ensuring broader coverage.
• Pros:
• Covers multiple devices connected to the network segment.
• Can detect attacks before they reach critical systems (early
detection).
• Cons:
• May miss threats targeted at encrypted or isolated traffic.

on
• Pros and Cons of Host-Based • Requires proper sensor placement for maximum efficiency.
IDS/IPS
uti
b
• Example: A NIDS placed on a network's main router monitors traffic entering
• Example Use Cases
r i
and leaving the network, alerting administrators to any suspicious traffic
t
patterns.

D is
for
Host-Based IDS/IPS (HIDS/HIPS):
•
t
Installed directly on specific devices (like servers or mission-critical

No
systems) and monitors that device's activity.
•
itself.
h a,
Provides more detailed visibility into the activity occurring on the device

• Pros:
Na
•
je et
Granular protection at the host level, making it highly effective for
protecting critical systems.
•
b ha
Can detect internal attacks and changes made directly on the host.
• Cons:
l Su
•
o Resource-intensive (requires processing power and storage on each

yC
host).
B •
P• Example:
Does not monitor broader network traffic, limited to the host device.

S A HIPS running on a web server monitors for file changes or

CIS Key Differences:

unauthorized access attempts to that server.

for
es • Network-Based IDS/IPS: Monitors the flow of data across network segments

ot
(broader coverage).

ll N
• Host-Based IDS/IPS: Focuses on monitoring activity within a specific device

rn e (more granular control).

C o

• Network-based IDS/IPS provide broad monitoring of network traffic and can detect threats across
multiple devices, while host-based IDS/IPS offer detailed monitoring of specific systems.
• A combination of both types provides the most comprehensive protection by covering both the
network level and individual hosts.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 IDS/IPS Detection Methods and Promiscuous Ports
• Mirror/Span/Promiscuous
Port Definition
• Role of
Mirror/Span/Promiscuous
Ports in IDS/IPSIDS/IPS
Detection Methods
• Signature-Based Detection
• Anomaly-Based Detection
• Types of Anomaly-Based
Mirror/Span/Promiscuous Port:
• These ports allow copies of all network traffic passing through a
network device (like a switch) to be forwarded to a monitoring device
such as an IDS.
• When a port is in promiscuous mode, a connected device can capture
and inspect all traffic on the network segment.
• Example: A switch port is configured in promiscuous mode for
Wireshark packet analysis or IDS monitoring.
IDS/IPS Detection Methods:
• Signature-Based Detection:

on
Detection
•
hashes, suspicious IP addresses, or byte sequences).
uti
Relies on known attack signatures (such as malicious file

• Pros: Effective against known threats.

tr i b
•
D is
Cons: Unable to detect new or zero-day attacks without

for
existing signatures.
t
No
• Example: An IDS detects malware by matching the packet's
signature with a known malicious file hash.
• Anomaly-Based Detection:
h a,
•
Na
Detects deviations from normal behavior by establishing a

jeet
baseline of expected network activity.

ha
• Pros: Can detect unknown or new threats.
•
b
Cons: Resource-intensive and can result in false positives.
•
l SuExample: An IDS raises an alert when a spike in network traffic

Co
deviates from normal patterns.

By Types of Anomaly-Based Detection:

SP
• Stateful Matching:

CI S • Monitors the state of traffic streams; any unexpected state

for •
triggers an alert or blocks traffic.
Statistical Anomalies:
es
ot
• Detects statistical deviations from normal behavior patterns,

ll N
triggering alerts or blocking suspicious traffic.

rn e • Traffic Anomalies:

C o • Identifies abnormal traffic flows, such as unusually high

volumes or unexpected traffic destinations.
• Protocol Anomalies:
• Detects unusual protocols or protocol misuse in network
traffic, raising alerts if unexpected protocols appear.

• Mirror, span, and promiscuous ports are essential for IDS/IPS, enabling devices to monitor network
traffic without disrupting it.
• Signature-based detection works well against known threats, while anomaly-based detection can
catch new threats by identifying unusual network behavior, though it requires more resources and
can lead to false positives.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Ingress and Egress Monitoring
• Ingress Monitoring:
• Ingress Monitoring • Involves monitoring all incoming traffic to the network.
• Egress Monitoring
• Importance of Both Types • Helps prevent malicious traffic such as malware or
• Role of IDS/IPS in Monitoring unauthorized access attempts from entering the network.
• Use Cases for Ingress and • Example: Monitoring incoming traffic to detect potential
Egress Monitoring Distributed Denial of Service (DDoS) attacks.
• Egress Monitoring:
• Focuses on monitoring outgoing traffic from the network.

on
• Prevents data loss or the unauthorized transmission of
sensitive information outside the network.
u t i
• Can also detect compromised systems attemptingito
tr b
communicate with external attackers.
is
D and block
Example: Monitoring outbound traffic to r
•
t fo detect
unauthorized file transfers or command-and-control
o
, NMonitoring:
communications from infected machines.
• a
h requires analyzing traffic in both
Importance of Both Ingress and Egress
a
t Nattacks and detect data exfiltration.
• Comprehensive monitoring
e
directions to prevent
je Protects the network from external
•
h a
Ingress Monitoring:
u b
threats.
S
lEgress
•
C o Monitoring: Prevents insider threats, data
breaches, and outgoing malicious activity.
•
y
BRole of IDS/IPS in Monitoring:
S P
CI S • IDS/IPS should be placed in strategic positions to monitor
both incoming (ingress) and outgoing (egress) traffic.
for • An IDS/IPS system monitoring ingress can detect suspicious
tes traffic before it enters the network, while monitoring egress
o
ll N
can prevent data theft or malicious activity from being sent
outside.
rn e
C o

• Ingress monitoring focuses on detecting threats entering the network, while egress monitoring
focuses on threats exiting the network.
• Both are critical for protecting against external attacks and preventing data loss or unauthorized
communications from inside the network.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Allow List and Deny List (Whitelisting and Blacklisting)
Definitions:
• Definitions
• Allow List (Whitelist): A list of IP addresses that are permitted access;
• Allow List (Whitelist)
all other IP addresses are blocked by default.
• Deny List (Blacklist)
• Importance of Terminology • Deny List (Blacklist): A list of IP addresses that are explicitly blocked;
all other IP addresses are allowed by default.
• Use Cases
Allow List (Whitelist):
• Functionality:
• Specifies which IP addresses may be visited.
• Any IP address not on the list is not permissible.
• Example:
ti on
•
bu
A company may use an allow list to only permit access to
i
specific trusted websites or servers.
str
Deny List (Blacklist):
D i
• Functionality:
t for
No
• Specifies which IP addresses may NOT be visited.
•
h a,
Any IP address not on the list is permissible.

Na
• Example:

et
• A network may employ a deny list to block known malicious
je
IP addresses, preventing access to those sources.

bha
Importance of Terminology:
Su
• The terms "allow list" and "deny list" are gaining popularity as they
l
Co
avoid the racial connotations associated with "whitelist" and

By "blacklist."
• Awareness of these terms is essential, as both may appear on exams

I SSP and in industry discussions.

r C Use Cases:
fo • Allow Lists: Commonly used for restricting access to a limited number
es of approved services, enhancing security by minimizing exposure to
ot untrusted sources.

ell N • Deny Lists: Useful for preventing access to known harmful sites or IPs,

orn allowing organizations to protect users from phishing and malware

threats.
C

• Allow lists permit access only to specified IP addresses, blocking all others, while deny lists explicitly
block certain IPs, allowing all others.
• The shift toward using the terms "allow list" and "deny list" reflects a more inclusive language in
cybersecurity practices.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Sandbox
Definition of Sandbox:
• Definition of Sandbox
• Purpose of Sandbox • A sandbox is a controlled environment designed to isolate and execute
• Alert Scenarios untrusted code safely.
• Importance of Sandboxing in
Purpose of Sandbox:
Cybersecurity
• To allow unknown or potentially malicious software to run in a secure
setting where it cannot harm the system or network.
• It helps in analyzing the behavior of malware without risk to the host
environment.
Four Possible Alert Scenarios: ti on
i bu
t r
1. True Positive: Malicious activity correctly identified as a threat.
s
i
D as a threat.
r
2. False Positive: Non-malicious activity incorrectly flagged
o
o
3. True Negative: Non-malicious activity correctlyt f identified as safe.
, N
h a
4. False Negative: Malicious activity not detected, leading to
undetected threats.
a
e tN
• Note: False negatives are considered the worst-case scenario as they
allow potential threatsje
hbyaIDS/IPS:
to operate undetected.
b
Su Detection System (IDS) or Intrusion Prevention
Sandbox Activation
l
Co(IPS) identifies suspicious activity, it can activate a sandbox to
• When an Intrusion
y
System
Banalyze the code and determine its nature.
P
S Usage in Malware Analysis:
CI S
for • Malware analysts frequently use sandboxes to execute malicious

tes code, allowing them to identify indicators of compromise and

o understand malware functions without risking the integrity of their

ell N systems.

orn
C

A sandbox is a crucial cybersecurity tool that allows for the safe execution and analysis of
untrusted code. It aids in detecting true threats while minimizing the risk of undetected
malicious activity, making it essential for both IDS/IPS systems and malware analysts.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Alert Statuses
Definition of Alert Statuses:
• Definition of Alert Statuses
• Types of Alert Outcomes • Alert statuses refer to the outcomes produced by security tools in
• Importance of Tuning Security
response to detected activity, indicating whether an attack is
occurring or not.
Tools
Types of Alert Outcomes (Table 4-44):
1. True Positive:
• Description: An alert is raised indicating that an attack is
occurring.
• Significance: Indicates appropriate operation of security
ti on
tools.
i bu
r
ist is present.
2. True Negative:
• Description: No alert is generated, and noD attack
•
t for of security
Significance: Indicates appropriate operation
tools.
N o
3. False Positive:
h a,
Description: An alerta
•
N islogging
occurring (e.g., atuser
generated when no attack is

je e in from an unusual location but

ha Indicates that tuning is required to reduce

is legitimate).
• b
Significance:
l Su
unnecessary alerts.

CoNegative:
4. False
y
P B • Description: No alert is generated despite an ongoing
I SS attack.

C • Significance: This is the worst-case scenario as it leaves the

for security team unaware of malicious activity.

tes
o
ell N
orn
C

• Understanding alert statuses is crucial for effective security monitoring. Tuning security
tools is necessary to balance between minimizing false positives and preventing false
negatives, which can leave the organization vulnerable. Effective tuning varies
depending on the organization's specific context and threat landscape.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Honeypots and Honeynets
• Definition of Honeypots and Honeynets:
• Definition of Honeypots and • Honeypots: Individual computers or devices set up to appear
Honeynets as legitimate network resources but contain no real data or
• Purpose and Risks value.
• Enticement vs. Entrapment
• Honeynets: Two or more networked honeypots, often
utilizing routers, switches, or gateways.
• Purpose of Honeypots and Honeynets:
• Detect Sophisticated Cyberattacks: Useful for identifying
Advanced Persistent Threats (APTs) that avoid detection.
•
i on
Trace Attacker Movement: Help security teams understand
t
how attackers traverse a network.
i bu
r
ist
• Distract Attackers: Divert focus from valuable resources.
Gather Information: Collect data that canD
for
• inform the
organization's security strategy.
ot
•
N
Conduct Research: Used by cybersecurity companies for
research purposes.
h a,
Na may leverage access to honeypots to
• Risks of Honeypots and Honeynets:
• e t
Access Risk: Attackers
je
ha Risk: Improper use can lead to entrapment,
gain entry into real systems.
Legal b
Su is illegal.
• Action
lwhich
• o Responsibility: Senior management bears ultimate
y C
B responsibility for any damages.

I SSPEnticement vs. Entrapment:

r C • Enticement:
s fo • Definition: Legal activity of persuading someone to commit a

ote
crime they were already planning.

ll N
• Example: Using a honeypot to attract a known attacker.

rn e • Entrapment:

C o • Definition: Illegal activity of persuading someone to commit

a crime they would not have committed otherwise.
• Example: Actively encouraging a person to attack a honeypot
that is not part of their initial intent.

• Honeypots and honeynets serve as valuable tools in cybersecurity by detecting and analyzing
malicious activities.
• However, organizations must navigate the legal implications of their use, ensuring they do not
engage in entrapment.
• Understanding the balance between enticement and entrapment is crucial for ethical security
practices.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Remote Access and VPNs
• Definition of Remote Access
• Importance of Secure
Communication
• VPN (Virtual Private Network)
• Tunneling
• Split Tunneling
• Authentication and
Encryption
Definition of Remote Access:
• Remote access refers to the ability to connect to corporate resources
over an insecure network, such as the internet.
• This exposes sensitive data to potential threats if not properly secured.
Importance of Secure Communication:
• Since remote access typically involves insecure networks, such as
public Wi-Fi or external networks, there is a significant risk of attacks like
eavesdropping and data interception.
• Hence, ensuring secure communication is critical to protect sensitive
data.
VPN (Virtual Private Network):
ti on
• VPNs are encrypted tunnels that protect data as it moves across
i bu
untrusted networks.
str
•
D i
They create a secure path between the user and the corporate network,

for
ensuring that even if traffic is intercepted, it remains unreadable without
the proper decryption key.
t
• Types of VPNs: No
•
h a,
Client-based VPNs: Installed on the user’s device, securing

Na
remote access to the corporate network.
•
jeet
Site-to-Site VPNs: Securely connect two different networks,
often used between a company’s headquarters and branch

bha
offices.
Tunneling:
l Su
Co
• Tunneling is a process that involves encapsulating a data packet inside

By •
another packet for secure transmission.
Tunneling protocols include PPTP, L2TP (usually combined with IPsec for

I SSP encryption), and SSL/TLS for encrypted connections.

r C Split Tunneling:

fo • This feature allows users to access corporate resources via a VPN while

es simultaneously accessing external resources outside the VPN.

ot • Split tunneling can be risky as unsecured traffic bypassing the VPN

ell N might expose the device to potential threats.

rn
Authentication and Encryption:

C o • VPNs use various authentication methods, such as multi-factor

authentication (MFA), to ensure only authorized users can access the
network.
• Encryption ensures that data is protected, rendering intercepted data
useless without the decryption keys.

• VPNs are essential tools for securing remote access, especially over untrusted networks.
• They provide encryption and secure communication channels, reducing the risk of data interception.
While split tunneling offers convenience, it also introduces security risks, and organizations must
carefully weigh these factors when implementing remote access solutions.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Endpoint Security
Definition of Endpoint Security:
• Definition of Endpoint
• Endpoint security focuses on protecting individual client devices (or
Security endpoints) within a corporate network, such as laptops, mobile devices,
• Common Endpoints printers, and IoT devices.
• Importance of Minimizing • These endpoints can become entry points for cyberattacks, making their
Attack Surface protection a critical element of overall network security.
• Role of Network Access
Common Endpoints:
Control (NAC)
• Evolved Endpoint Security • Endpoints refer to any device connected to the corporate network, such
as:
Strategies
✓ Laptops
✓ Tablets
ti on
✓ Smartphones
i bu
str
✓ Printers
D i
for
✓ IoT devices
✓ Wireless devices
t
Importance of Minimizing Attack Surface:
No
•
h a,
The goal of endpoint security is to minimize the attack surface, reducing

Na
the number of vulnerable entry points into the corporate network.

et
• By securing these devices, organizations can prevent or mitigate
je
cyberattacks before they impact critical systems.

ha
Role of Network Access Control (NAC):
b
•
l Su
NAC solutions complement endpoint security by managing which

Co
devices can connect to the corporate network.

By • NAC ensures that only healthy, compliant devices with updated security
measures (e.g., antivirus or encryption) are allowed access to the

I SSP •
network.
Devices that fail to meet the security requirements may be quarantined
r C or denied access.
fo
es Evolved Endpoint Security Strategies:

ot • Endpoint security has grown from simple antivirus software to more

ll N
comprehensive strategies, including:

rn e ✓ Device management policies and enforcement

C o ✓
✓
Endpoint Data Leak Prevention (DLP) solutions
Endpoint Detection and Response (EDR) platforms
✓ Threat detection, response, and continuous monitoring

• Endpoint security protects individual devices within a corporate network, helping to reduce potential
entry points for attackers.
• Modern strategies go beyond antivirus solutions, incorporating NAC, DLP, and EDR systems to
ensure robust protection.
• NAC plays a critical role in verifying device security and preventing unauthorized access to the
network.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Tunneling
• Encapsulation and Packet
Structure
• Why Tunneling is Used
• Tunneling with or without
Encryption
• Tunneling Protocols Across
OSI Layers
Tunneling
Definition of Tunneling:
• Tunneling refers to the process of encapsulating a packet inside
another packet’s data portion.
• This allows the encapsulated packet to travel across the network in a
different structure, without altering its content.
• The original packet’s header and data are inserted into the data section
of a new packet.
Encapsulation and Packet Structure:
• Encapsulation is the key to tunneling. The entire original packet (header
and data) becomes the data portion of the new, outer packet.
ti on
•
bu
While this does not hide the original content, it allows the packet to
i
travel a path dictated by the new outer header.
str
Why Tunneling is Used:
D i
•
t for
Tunneling is primarily used to control the path a packet takes across a

No
network, independent of the original packet’s intended route.
•
h a,
The outer packet’s header dictates the network route, effectively
"forcing" the packet to travel through a predetermined path.
Na
et
• However, the encapsulated packet remains readable unless encryption
is applied.
je
ha
Tunneling with or without Encryption:
b
•
l Su
Tunneling by itself does not provide security—it only encapsulates the

Co
packet. If security is needed, the encapsulated packet must be

By encrypted, transforming a simple tunnel into a Virtual Private Network

(VPN).

I SSP • Without encryption, the encapsulated packet can still be read by any

r C device along its route.

fo Tunneling Protocols Across OSI Layers:

es
ot
• Tunneling can occur at multiple layers of the OSI Model, from Layer 2 to
Layer 7. The trade-off between functionality and performance is

ell N important:

orn • Lower layers (Layer 2): Highly efficient but with limited functionality.
C • Higher layers (Layer 7): Provide more functionality, such as application-
level capabilities, but are less efficient.

• Tunneling is a method of encapsulating packets within other packets, allowing them to

travel a defined network route. While this process by itself does not provide security,
adding encryption creates a secure tunnel—forming the basis of a VPN. Different
tunneling protocols are available at various OSI layers, offering a trade-off between
performance and functionality.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Generic Routing Encapsulation (GRE)
• Definition of GRE:
• Definition of GRE Generic Routing Encapsulation (GRE) is a tunneling protocol that encapsulates a
• How GRE Works variety of network layer protocols (such as IPv4, IPv6, and multicast) and routes
them over IP networks.
• Use Cases for GRE
• Pros of GRE • It is designed to enable data to be exchanged between two networks, often using
an external network like the internet.
• Cons of GRE
How GRE Works:
• GRE operates by taking an original packet, known as the payload, and
encapsulating it inside a new, outer packet.
• This encapsulated packet is then sent over an IP network to a remote endpoint.
•
t i on
Upon reaching the destination, the outer GRE packet is removed, and the original
payload is delivered to the target system.

i b u
• This encapsulation allows GRE to support multiple protocol types and
s tr provide
flexibility for network routing.
i
Use Cases for GRE:
f o rtoDbe routed across an IP
•
o t
GRE is useful in scenarios where multiple protocols need
network.
N
For example, it can transport IPv6 packets,over an IPv4 network, or multicast
•
a
h natively support it.
a
traffic over an IP network that does not
• GRE is often used in VPNs, where
e tN it provides routing flexibility alongside other

aje
security protocols like IPsec.
Pros of GRE:
h
b GRE can encapsulate multiple protocols, making it versatile
•
S u
Protocol Flexibility:

o l Multicast
for different network needs.
•
y C which are not
Supports Traffic: GRE allows multicast traffic to be routed over IP
B networks, always natively supported.
P bridge between different network
S • IPv6 Compatibility: GRE can tunnel IPv6 traffic over an IPv4 network, offering a

CIS
types.

for Cons of GRE:

tes • No Encryption: Unlike IPsec, GRE does not provide any encryption or security

o mechanisms. It only offers encapsulation, meaning data traveling through a GRE

ll N
tunnel is not protected from interception.

rn e • Overhead: GRE adds an additional header to each packet, which increases the

o
size of the packet and can lead to network overhead and reduced performance.
C • Not Secure by Itself: Since GRE does not provide confidentiality or integrity
protection, it is typically combined with IPsec for secure tunneling.

• Generic Routing Encapsulation (GRE) is a versatile tunneling protocol that enables the encapsulation
of multiple network protocols over IP networks.
• Its strength lies in its ability to support IPv6 and multicast traffic over IP networks.
• However, GRE does not offer security, so it is commonly used in combination with other protocols
like IPsec for secure transmission.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Split Tunneling
• How Split Tunneling Works
• Benefits of Split Tunneling
• Weaknesses and Risks
Split Tunneling
Definition of Split Tunneling:
• Split tunneling is a VPN feature that allows a user to access multiple
network resources simultaneously, such as a corporate LAN through
a VPN connection and the internet directly, without routing all traffic
through the VPN tunnel.
How Split Tunneling Works:
• When using split tunneling, some traffic, such as corporate LAN
access, goes through the encrypted VPN tunnel, while other traffic,
such as internet access, is routed directly to the local network (e.g.,
hotel Wi-Fi). T
• ti on
his process reduces the need for all traffic to pass through the VPN,
allowing for more efficient bandwidth usage.
i bu
str
Benefits of Split Tunneling:
D i
•
t for
Optimized Bandwidth Usage: By directing non-corporate traffic
(e.g., browsing Google or other public sites) outside the VPN, split
No
tunneling reduces the load on the corporate VPN and network
resources.
h a,
•
Na
Better Performance: Split tunneling allows for better internet speed

je et
and performance, as not all traffic needs to go through the corporate
VPN, which can result in faster browsing and downloads.
•
b ha Users can access corporate resources
Increased Efficiency:
securely viau
l S the VPN while simultaneously using direct connections

Co and Risks:
for less sensitive tasks.
y
BSecurity Risks: Split tunneling can bypass corporate security
Weaknesses
P
S controls, exposing the user's device to threats from unsecured
•

CI S
or
networks, such as hotel or public Wi-Fi. Malicious actors can exploit

s f this open connection and gain access to the user's device or

o te network.

N • Lack of Monitoring: When traffic bypasses the VPN, it is not subject

rn ell to corporate monitoring or protection mechanisms, which can lead

to potential data loss or compromise.
C o • Vulnerability to Attacks: An attacker may be able to compromise
the user's device on the local network (such as hotel Wi-Fi) and use
that compromised device to access corporate resources through the
active VPN connection.

• Split tunneling allows for efficient use of bandwidth and optimized performance by
routing non-corporate traffic outside the VPN.
• However, the feature poses significant security risks, as it can bypass corporate security
controls, leaving the device vulnerable to attacks and reducing the organization's ability
to monitor or protect network traffic.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Tunneling and VPN Protocols
• Definition of Layer 2
Tunneling Protocols
• Common Tunneling Protocols
• PPTP vs. L2TP
• Use of Encryption in VPNs
Definition of Layer 2 Tunneling Protocols:
• Layer 2 tunneling protocols, such as PPTP, L2F, and L2TP, operate at the Data Link
layer (Layer 2) of the OSI model. These protocols are primarily designed to establish
tunnels for sending packets across networks, but they offer minimal security features.
Common Tunneling Protocols:
• Several tunneling protocols are used in network communications, with varying levels
of encryption and security. Common tunneling protocols include:
• SSH (Secure Shell): Operates at Layer 7 (Application Layer). Provides secure
command-line utilities and tunnels for protocols like Telnet and FTP, which otherwise
lack security.
• SOCKS (Socket Secure): Operates at Layer 5 (Session Layer) to route network traffic

on
through a proxy server.
• SSL/TLS (Secure Sockets Layer/Transport Layer Security): Layer 4 protocol
u ti
(Transport Layer), providing encryption for web traffic, commonly used in HTTPS.

r i b
ist
• IPsec (Internet Protocol Security): Works at Layer 3 (Network Layer), offering
encryption and authentication to secure IP packets.
GRE (Generic Routing Encapsulation): Encapsulates packetsD
for
• at multiple OSI layers,
but lacks encryption by default.
L2TP (Layer 2 Tunneling Protocol): Operates at Layert2 (Data Link Layer). Often paired
•
with IPsec to add encryption.
N o
L2F (Layer 2 Forwarding Protocol): Another ,Layer 2 protocol, but less commonly used
ha
•
today.
a
•
e t N A basic Layer 2 tunneling protocol for
PPTP (Point-to-Point Tunneling Protocol):

aje
VPNs, which includes encryption.
PPTP vs. L2TP:
h
ubat Layer 2 and includes built-in encryption.
• PPTP (Point-to-Point Tunneling Protocol):
•
S
• olSimple and efficient, but vulnerable to attacks due to weaker encryption
Operates

C
y • mechanisms.
P B Commonly used in older VPNs, but has been largely replaced due to security

S concerns.

CIS
• L2TP (Layer 2 Tunneling Protocol):

or
• Also a Layer 2 protocol, but lacks encryption on its own.

s f • Typically paired with IPsec to create a secure VPN, where IPsec provides the

o te necessary encryption and authentication.

ll N
• More secure than PPTP, but can be slightly slower due to the added
encryption overhead.

rn e Use of Encryption in VPNs:

C o • A VPN (Virtual Private Network) is not just a tunnel—it requires encryption for security.
Protocols like IPsec, SSH, and SSL/TLS add encryption to tunnels, ensuring secure
transmission of data across untrusted networks like the internet.
• L2TP is paired with IPsec to form a secure VPN, while PPTP offers its own encryption
but is less secure.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• What is IPsec?
• IPsec Subprotocols: AH and
ESP
• IPsec Modes: Transport and
Tunnel
• Internet Key Exchange (IKE)
• Security Associations (SAs)
IPsec
What is IPsec?
• IPsec (Internet Protocol Security) is a protocol suite designed to secure IP
communications by authenticating and encrypting each IP packet in a communication
session.
• It is the preferred method for establishing VPNs and is embedded as a default feature
in IPv6, making it a standard component of modern networking.
IPsec Subprotocols: AH and ESP
IPsec provides two key subprotocols:
• Authentication Header (AH):
• Adds device authentication and ensures the integrity and authenticity of

on
packets.
•
t i
Provides data-origin authentication and replay protection, but it does not
u
•
encrypt the payload.
Encapsulating Security Payload (ESP):
t r i b
is
rD
• Provides encryption of the payload, ensuring confidentiality in addition to the

o
integrity, data-origin authentication, and replay protection offered by AH.

t f
o
• ESP is commonly used for its encryption capabilities, making it essential for
secure VPN communications.

, N
IPsec Modes: Transport and Tunnel
h a
• Transport Mode:
a
•
Commonly used ine
t N of the IP packet is encrypted or authenticated.
In this mode, only the payload
•
a je end-to-end communications (e.g., client to server) within

h
a trusted network.
Tunnel Mode: b
•
S u
•
l
o offering maximum security.
The entire IP packet (header and payload) is encapsulated and encrypted,

y C
P B • Typically used in site-to-site VPNs where two networks are securely
connected over an untrusted network like the internet.

I SS • IKE is the protocol(IKE):

Internet Key Exchange

C used within IPsec to establish secure connections.

for • It generates the session keys that are shared between the two endpoints of the VPN,

tes ensuring that communication is encrypted with a dynamically created key that is valid

o
only for the duration of the session.

ll N
Security Associations (SAs):

rn e • Security Associations are used to define the security attributes of a communication

C o •
session in IPsec.
Each SA contains parameters such as the encryption algorithm, session keys, and
authentication methods.
• An SA is needed for each direction (inbound and outbound) of the communication and
for each component (AH or ESP) being used.

• IPsec is a robust protocol suite used for VPNs, offering both authentication through AH and
encryption through ESP.
• It can operate in transport or tunnel mode, depending on the level of security required. IPsec is
integrated into IPv6, making it a standard for modern secure communications.
• Additionally, Internet Key Exchange (IKE) and Security Associations (SAs) are essential for the secure
exchange of session keys and for defining the security parameters of the VPN connection.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 IPsec Elements and Modes
• Modes of IPsec: Transport
and Tunnel
• Authentication Header (AH)
vs. Encapsulating Security
Payload (ESP)
• Internet Key Exchange (IKE)
• Security Associations (SA)
Modes of IPsec: Transport and Tunnel
IPsec operates in two modes:
• Transport Mode:
• In this mode, IPsec encrypts only the payload of the original packet. The original
IP header remains intact and is used to route the packet. This mode is typically
used in end-to-end communications where encryption is needed only for the
payload.
• Example: Device-to-device communication within a trusted network.
• Tunnel Mode:
• In this mode, the entire IP packet, including the original IP header and payload, is
encapsulated inside a new packet with a new IP header. This offers complete
protection for both the header and the payload. Tunnel mode is used for site-to-
site VPNs and is the most secure mode.
ti on
•
internet).
i bu
Example: Connecting two networks over an untrusted network (e.g., the

Authentication Header (AH) vs. Encapsulating Security Payload (ESP)

str
• Authentication Header (AH):
D i
•
t for
AH provides integrity, data-origin authentication, and replay protection for IP
packets, but it does not provide confidentiality (no encryption).
•
No
Commonly used in environments where encryption is not necessary but integrity

a,
and authenticity are critical.

h
Na
• Encapsulating Security Payload (ESP):
• ESP offers more robust security by providing encryption in addition to integrity,

jeet
data-origin authentication, and replay protection. It ensures confidentiality by
encrypting the payload, making it the preferred choice for VPNs.

ha
Internet Key Exchange (IKE)
b
Su
• IKE is the protocol used to exchange keys securely between the two endpoints of an IPsec
VPN.
l
Co
• Since VPNs require symmetric encryption (using the same key at both ends), IKE ensures

By that both endpoints generate and use the same session key. It’s essentially a version of the
Diffie–Hellman key exchange protocol and helps establish secure communication between

SP
the endpoints.

CI S Security Associations (SA)

• A Security Association (SA) is established to define the security attributes of the

for communication session in IPsec. Since communication is one-way, two SAs are

s
needed for bi-directional communication—one for each direction.

ote • If both AH and ESP are used in the connection, four SAs are required: two for AH and
two for ESP, each for inbound and outbound communication.

ll N
Key attributes in an SA include:

rn e • Authentication algorithm

C o •
•
Encryption algorithm
Encryption keys
• Mode (transport or tunnel)
• Sequence number
• Expiry of the SA

• IPsec provides a robust solution for securing communications, offering both integrity and encryption
through its AH and ESP subprotocols.
• It operates in two modes: transport, which encrypts only the payload, and tunnel, which encrypts
the entire IP packet.
• IKE is essential for establishing secure key exchange, while Security Associations ensure the secure
management of each communication session.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of SSL/TLS
• Purpose of SSL/TLS
• SSL/TLS Handshake
Process
• Asymmetric and Symmetric
Cryptography in SSL/TLS
• DROWN Attack
SSL/TLS Handshake Process:
• The SSL/TLS handshake is a multi-step process that establishes
1.
2.
SSL/TLS
Definition of SSL/TLS:
• SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are protocols
used to provide secure client-to-server connections.
• TLS is the modern standard, as SSL is considered obsolete. Most secure online
communications, such as accessing bank accounts or performing e-commerce
transactions, use TLS.
Purpose of SSL/TLS:
• The primary purpose of SSL/TLS is to secure communications between a client
(e.g., a browser) and a server (e.g., a web server). It ensures that sensitive data,
like passwords and credit card numbers, are encrypted during transmission,
preventing unauthorized access or eavesdropping.
• For instance, accessing a secure website like Amazon involves SSL/TLS to
ti on
protect user transactions.
i bu
s t r
i
rD
a secure
connection:
f o
t to the server to initiate
Client Hello: The client (browser) sends a hello message
the handshake.
N o
Server Hello and Certificate: The server,responds with a hello message and
sends its public key within a certificatea

a h the server's certificate using the

to the client.
3.
t N (CA) that issued the server's certificate
Authentication: The client authenticates
e
public key of the certificate authority
(e.g., VeriSign).
h ajeThe client creates a symmetric session key, encrypts it
ubpublic key, and sends it to the server. Both the client and the
4. Session Key Creation:

l
server now S
with the server’s
share the same session key for secure communication.
Asymmetrico
y C and Symmetric Cryptography in SSL/TLS:
• BAsymmetric Cryptography: The server's public key is used to encrypt the

S P session key during the handshake process.

CIS
• Symmetric Cryptography: After the session key is shared, symmetric

or
encryption is used for fast, secure communication between the client and the

s f server during the session.

o te DROWN Attack:

N • The DROWN attack is a vulnerability in SSLv2, which can allow attackers to

ell
decrypt communications between a client and server.

orn • It’s crucial to disable backward compatibility with SSLv2 to protect against this
attack. Server owners should ensure private keys are not used with servers that
C allow SSLv2 connections.

• SSL/TLS is vital for securing online communications, with TLS being the modern standard.
• The handshake process ensures that a session key is securely created, using both asymmetric and
symmetric encryption to protect data during transmission.
• Proper implementation is necessary to avoid vulnerabilities such as the DROWN attack, which can
exploit older SSL protocols.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 TLS VPN versus IPsec VPN
• Differences between TLS VPN
and IPsec VPN
• Operating Layers
• Encryption and
Authentication
• Complexity and Management
• Security Impact of Attacks
Differences between TLS VPN and IPsec VPN:
• TLS (Transport Layer Security) VPNs and IPsec (Internet Protocol
Security) VPNs are both used to secure communication channels,
but they operate differently.
• TLS operates at the Transport layer (Layer 4) and above, while IPsec
operates at the Network layer (Layer 3). Each VPN type has its own
advantages and disadvantages based on its design and the needs of
an organization.
Operating Layers:
• TLS VPN: Operates at the Transport layer and encrypts traffic based
on port numbers. It is typically used for application-specific
ti on
communications like web browsing or secure remote access.
i bu
•
tr
IPsec VPN: Operates at the Network layer and encrypts all IP-based
s
i
traffic, regardless of the application or port, making it suitable for
D
for
securing entire networks or site-to-site communication.
Encryption and Authentication: t
• No
TLS VPN: Encrypts connections by default, providing end-to-end
a,
encryption for web services or remote access. It’s known for being
h
Na
easier to manage and configure with more granular control over

et
specific applications or services.
je
IPsec VPN: Does not encrypt connections by default but uses IKE
ha
•
(Internet Key Exchange) for key management and data
b
Su
authentication. It is more versatile for encrypting traffic across entire
l
Co
networks, but the setup can be more complex.

By Complexity and Management:

• TLS VPN: Easier to establish, configure, and manage due to its more

I SSP straightforward design focused on securing individual processes or

services.
r C
fo • IPsec VPN: More complicated to configure and manage, as it

es secures traffic between systems identified by IP addresses and

ot requires additional protocols like IKE for key exchange and

ll N
authentication.

rn e Security Impact of Attacks:

C o • TLS VPN: A successful attack could compromise specific systems or

applications since the encryption is tied to individual processes.
• IPsec VPN: A successful attack could lead to the compromise of an
entire network since IPsec operates at the network layer and secures
all IP-based traffic.

• TLS VPNs provide easier setup, application-specific encryption, and more granular control at the
Transport layer, while IPsec VPNs offer broader network-level encryption at the Network layer but
with added complexity.
• The choice between TLS and IPsec VPNs depends on organizational needs such as performance,
security, and ease of management.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Remote Authentication
Importance of Remote Authentication:
• Importance of Remote • While VPNs secure the communication channel, they do not authenticate the
Authentication person using the connection.
• RADIUS • To ensure only authorized individuals gain access, organizations use remote
• TACACS+Diameter authentication protocols.
• Differences and Similarities • These protocols not only verify user identity but also provide authorization and
of Remote Authentication accounting (AAA).
Protocols • Two-factor authentication is commonly used alongside these protocols to add
an extra layer of security.
RADIUS:
•
support dial-in networking.
ti on
Remote Authentication Dial-In User Service (RADIUS) was originally developed to

i bu
•
and allows users to connect to network resources securely.
s tr
It provides AAA functionality—authentication, authorization, and accounting—

i
•

fo rD
RADIUS operates at the application layer and uses UDP for transmission.
However, it has limitations in security as it only obfuscates user passwords.
TACACS+:
o t
• Terminal Access Controller Access Control System
developed by Cisco as an improvementa
N Plus (TACACS+) was
, RADIUS.
a h over

t N It isand
• It uses TCP for reliable transmission and encrypts all packets, not just
e
passwords, making it more secure. often used for device administration

j e
tasks, providing robust authentication access control.
Diameter:
b ha to RADIUS and offers enhanced security. It addresses
• Diameter is theu
SEAPsuccessor

o l
RADIUS’s shortcomings by providing stronger encryption and improved security

C and secure user authentication.

features like (Extensible Authentication Protocol), which allows for
y
flexible
• BDiameter is more scalable and reliable than its predecessor, making it a better
S P option for modern networks.

CIS Differences and Similarities of Remote Authentication Protocols:

for • RADIUS: Focuses on dial-in networking with limited security, only encrypts

tes passwords, and uses UDP.

o • TACACS+: More secure with full packet encryption and uses TCP, making it

ll N
reliable for administrative tasks.

rn e • Diameter: Successor to RADIUS with advanced security features like EAP and is
o
more scalable.
C

• Remote authentication protocols like RADIUS, TACACS+, and Diameter are essential for ensuring the
security of remote access.
• RADIUS provides basic AAA services but has limitations in security, while TACACS+ improves upon it
with full encryption.
• Diameter is the modern successor, offering enhanced security and scalability, making it suitable for
today’s complex networks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

CISSP Cornell Notes
by Col Subhajeet Naha, Retd, CISSP
Domain 5 Identity and Access Management
 Control Physical and Logical Access to Assets
• Access Control Definition
• Fundamental Access Control
Principles
• Applicability of Access Control
Access Control Definition:
• Access control refers to a collection of mechanisms designed to protect
organizational assets while permitting controlled access to authorized
subjects.
• The goal is to safeguard information, data, systems, and physical locations,
ensuring only those with permission can access these assets.
• Example: Access control for a company database ensures that only employees
with the appropriate clearance can view or modify sensitive financial data.
Fundamental Access Control Principles:

on
1. Need to Know:
1.
ti
Subjects (users or processes) should only have access to data if they
u
absolutely need it to perform their tasks.
t r i b
2.
i
Example: A HR executive may have access to employee
s salaries but

rD
not detailed technical documentation.
2. Least Privilege:
fo
Users or systems should be granted o thetminimum level of access
, N the risk of abuse or
1.
necessary to perform their jobs, reducing
compromise. a
h on content management may only have
a
t Ndocuments without the ability to modify them.
2. Example: An intern working
e
access to read certain
Separation of Duties:je
ha are broken down into discrete parts, and no single
3.

b
Su process.
• Critical tasks

l
individual has the necessary permissions to perform all aspects of a

C• o Example: In a financial process, one employee might prepare

sensitive

B y payments, while another authorizes them.

I SSPApplicability of Access Control:

C • Access control applies to all levels of an organization and covers both
for physical and logical assets:

tes • Physical Assets: Buildings, server rooms, and sensitive physical

o documents.

ell N • Logical Assets: Databases, networks, applications, and intellectual

rn
property.

C o • Example: Physical access control could be using ID card swipes to enter a

server room, while logical access control involves user authentication (e.g.,
passwords, biometrics) for logging into systems.

• Access control is a set of mechanisms used to protect an organization’s assets,

ensuring that only authorized individuals have access based on need to know, least
privilege, and separation of duties.
• Access control principles apply universally across all organizational levels, covering
both physical and logical assets.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Access Control
• Management Functions of
Access Control
• Access Control Principles
Access Control
Definition of Access Control:
• Access control is a collection of mechanisms designed to protect
the assets of an organization while enabling controlled access for
authorized subjects (users or systems).
• It allows management to determine who can access certain
resources and how those resources can be used.
Management Functions of Access Control: Access control enables
management to:
• Specify users who can access the system: Defines which
individuals or groups can enter and use a particular system or
resource.
ti on
• Specify what resources they can access: Assigns permissions to
i bu
tr
allow or restrict access to specific files, databases, or physical
s
locations.
D i
•
t for
Specify what operations they can perform: Clarifies what actions

No
(read, write, delete, execute) users are allowed to perform.

a,
• Provide individual accountability: Tracks and logs user actions to
h
ensure that management knows who is doing what. This supports

Na
auditing and investigation of suspicious activity.

jeet
Access Control Principles:

ha
• Need to Know:
b
Su
• Definition: Only personnel who require access to an asset to
l perform their job should be granted access.

y Co
• Example: A marketing employee shouldn’t have access to
B sensitive financial records unless it's necessary for their role.

I SSP • Least Privilege:

• Definition: Grant users or systems only the minimum
r C permissions required to do their job or function.
fo
es • Example: An IT helpdesk employee may have access to reset

ot user passwords but not change network configuration

ll N
settings.

rn e • Separation of Duties:

C o • Definition: Critical tasks should be split so that no single

person can complete a sensitive process alone, reducing risk
of error or fraud.
• Example: One person can authorize a financial transaction,
while another must approve it.

• Access control mechanisms protect an organization’s assets by limiting and controlling who can
access specific resources and what they can do with them.
• The key principles—need to know, least privilege, and separation of duties—are applied throughout
access control strategies to prevent unauthorized access and ensure individual accountability.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Access Control Principles
Need to Know:
• Need to Know
• Least Privilege • Definition: Access is restricted to individuals who have a legitimate
• Separation of Duties and
need to know the information or asset in question, based on their job
role or function.
Responsibilities
• Example: In law enforcement, an undercover agent's true identity is
only known by their supervisor and relevant agents working on the
case. This ensures operational security.
• Application: This principle ensures that individuals are only granted
access to information necessary for their tasks, minimizing exposure to
sensitive data and reducing security risks.
ti on
Least Privilege:
i bu
s r
t required to
i
rD
• Definition: Users are granted the minimum level of access
perform their job functions, and nothing more.
f o
tmight have local
• Example: In many organizations, employees o
, N when they only need
administrator privileges on their computers
standard user access. Applying the a
a hfor their role, such as basic user
least privilege principle would limit

t Nof administrators would have elevated

their access to what is necessary
e
functions, while only a handful
permissions.
h aje
ub access
• Purpose: Limiting
reduces theSpotential
helps prevent misuse of privileges and

threats o
l attack surface, mitigating risks from insider
C or accidental misconfigurations.
y of Duties and Responsibilities:
B
Separation

I SSP• Definition: Responsibilities for critical tasks are divided among

C multiple people to prevent fraud and errors.

for • Example 1: In finance, one employee might enter vendor information

tes into the accounts payable system, while another confirms its accuracy,
o reducing the risk of creating fake vendors.

ell N • Example 2: In software development, developers shouldn’t be

orn responsible for deploying applications to production. A different team

should handle testing, validation, and approval to ensure proper
C oversight.
• Purpose: Separation of duties ensures that no single individual can
control all aspects of a critical process, which helps prevent fraud,
mistakes, and intentional harm.

• The principles of access control—need to know, least privilege, and separation of duties—play
critical roles in protecting organizational assets.
• These principles ensure that access is limited to only those who require it, permissions are kept to
the minimum necessary, and critical tasks are divided to prevent fraud and errors.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Access Control Applicability and Access Control System
Access Control Applicability:
• Access Control Applicability
• Definition: Access control applies to all aspects and levels of an
• Access Control System organization. It is essential for managing access to different types of
• Reference Monitor Concept assets.
(RMC)
• Assets Covered:
• Security Kernel
• Facilities: Physical access to buildings or areas within an
organization.
• Systems/Devices: Access to hardware such as computers,
servers, and other network devices.

on
• Information: Access to sensitive data, whether digital or
physical (e.g., files, databases).
uti
•
r i b
Personnel: Ensuring the right personnel access appropriate
t
resources based on their roles.
D is
for
• Applications: Controlling access to software applications,
t
tools, and platforms used within the organization.
Access Control System:
No
a,
• Definition: The mechanism responsible for controlling a subject's
h
Na
access to an object. A subject refers to a user, while an object is the

et
resource or data the user attempts to access.
je
• Mediation: Access is mediated based on a set of predefined rules. This
ha
can include role-based access control, mandatory access control, or
b
Su
discretionary access control.
l
Co
• Logging and Monitoring: All access attempts and activities are logged
to ensure accountability and assurance that the access control
By system is functioning as expected. Monitoring helps detect

SP
unauthorized access and abnormal behavior.

CI S Reference Monitor Concept (RMC):

for • Definition: The RMC is a theoretical concept in which a decision-

es making tool mediates between subjects and objects. It enforces the

ot
rules of access control and ensures accountability.

ll N
• Functionality: It works by verifying whether a subject has permission to

rn e access an object based on predefined access control rules.

C o • Security Kernel: Any real-world implementation of the Reference

Monitor Concept is called a security kernel. The security kernel
enforces these access control decisions and ensures all access
activities are logged for monitoring.

• Access control applies to all organizational assets—facilities, systems, information, and

applications—and ensures that subjects (users) can only access resources (objects) based on
predefined rules.
• The Reference Monitor Concept (RMC) is central to this system, providing mediation and logging all
activity for accountability.
• The security kernel enforces the RMC in real-world systems, maintaining secure access control and
providing assurance through monitoring.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Logical Access Modes
Granularity of Access Control:
• Granularity of Access
• Definition: Access control is more than just allowing or denying access. It
Control
involves setting specific rules to control exactly how a subject interacts
• Logical Access Modes with an object.
• Need to Know and Least
• Granular Control: Access rules offer precise control over what subjects
Privilege
(users) can access and what actions they are allowed to perform on those
objects. For example, users might be allowed to only read a file but not
edit or delete it.
Logical Access Modes:
•
ti on
Definition: Logical access modes define specific types of interactions that

i bu
a subject can have with an object. These modes enable more precise

str
control based on what actions are required for the subject to perform their
job.
D i
for
• Common Access Modes:
t
No
• Create: The ability to create new objects, such as files,
databases, or records. Example: A user can create a new
a,
document in a shared folder.
h
•
Na
Update: Permission to modify or update existing objects.

je et
Example: A user can edit customer details in a CRM system.

ha
• Read: The ability to view or read objects without making
b
changes. Example: A user can view a financial report but cannot

l Su
edit it.

y C• o Read/Write: Combined permission to both read and modify

B objects. Example: A user can both view and edit a database

SP •
entry.

CI S Execute: Permission to run executable files or programs.

for Example: A user can run a software application installed on a

computer.
es
ot • Delete: The ability to remove or delete objects from the system.

ll N
Example: A user can delete outdated documents from a shared

rn e drive.

C o Need to Know and Least Privilege:

• Application: Access should be granted based on the principles of need to
know and least privilege, meaning users should only have the minimum
level of access required to perform their tasks and no more. This
minimizes potential security risks.

• Logical Access Modes provide granular control over what actions a user can perform on an object,
such as creating, reading, updating, executing, or deleting objects.
• These permissions are defined based on the user's role and responsibilities, following the principles
of need to know and least privilege to ensure that users have the appropriate level of access
without compromising security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Groups
• Definition of Roles
• Key Differences Between
Groups and Roles
• Flexibility: Groups offer flexibility in managing users whosshare
access needs but may not have the same job role. Di
Groups versus Roles
Definition of Groups:
• Concept: A group is a collection of users who are generally not
associated with a specific job function but may share a common
purpose or project.
• Example: A group could include members of a business continuity
management team or a specific leadership group.
• Management: Administrators can assign permissions to the entire
group, simplifying the process of managing access for multiple users.
For example, if a group of users needs access to certain documents,
the admin can give the whole group access rather than assigning it
ti on
individually.
i bu
r
t similar

t for
Noto a specific job function
Definition of Roles:
• Concept: A role is a set of permissions, tied
a
within an organization, often linked htoa what tasks the job requires.
N to call center agents, giving them
tneed
e
access to the systemsjthey e
• Example: A role might be assigned
to perform their job, such as CRM
h
systems for customer a interaction.
u b
• Management:
o l Srequired
When users are assigned a role, they inherit all the

y
based Con job requirements.
permissions for that role, streamlining access management

P B
I SS permissions required to fulfill those functions, making them less
• Job-Oriented: Roles are tightly focused around job functions and the

C
or
flexible but more structured than groups.

s f
o te Key Differences Between Groups and Roles:

ll N
• Groups: Provide flexibility for organizing users who share common

rn e access needs but aren’t necessarily tied to the same job function.

C o • Roles: Focus specifically on the permissions needed for a particular

job, aligning access rights closely with the actions required by the job.

• Groups and Roles are two different approaches to managing user permissions.
• Groups are more flexible and allow for the organization of users who share access needs but might
not have the same job functions.
• Roles are job-specific, assigning permissions based on the responsibilities of a particular position.
Both approaches are useful in different contexts for efficiently managing access control.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Access Control Administration Approaches
• Definition of Access Control
Administration Approaches
• Centralized Administration
• Decentralized
Administration
• Hybrid Approach
Definition of Access Control Administration Approaches:
• Access control administration refers to the method an organization uses to
manage and control access to resources.
• Two primary approaches: centralized and decentralized.
• Many organizations now use a hybrid approach, combining elements of both
methods.
Centralized Administration:
• Concept: A single central system controls access to all remote systems.
• Advantages:
• Easier administration and lower overhead.
• Cost reduction through a streamlined process.

on
• Greater flexibility by having one unified control point.
•
ti
Single username and password grant access to multiple systems.
u
b
• Disadvantages:
•
tr i
Single point of failure—if the central system is compromised, it can
affect the entire organization.
D is
for
• Becomes a potential target for attacks due to its importance.
• Example: An Active Directory managing all user access across multiple systems
t
No
in a network.
Decentralized Administration:
a,
• Concept: Control is distributed to multiple systems, allowing management by
h
Na
those closer to the resources.

et
• Advantages:

e
• Granular control over access, tailored to individual departments or
j
ha
systems.
•
bMinimizes risk of complete failure—if one system fails, others remain

Su
functional.
•
l Local teams can manage access specific to their needs.

y Co
• Disadvantages:

B • Increased administrative overhead—managing multiple systems

SP
requires more effort.
• Lack of standardization and possible security holes due to

CI S fragmented control.

for • Potential for overlapping rights.

• Example: Each department in a company having its own access control system.
es
ot
Hybrid Approach:
• Concept: Combination of centralized and decentralized methods.

ell N • Advantages:

rn
• Balances the efficiency of centralized control with the granularity of

C o •
decentralized systems.
Often necessary due to legacy systems that can’t be integrated into
modern centralized control systems.
• Provides flexibility while maintaining some level of central oversight.
• Example: A company using centralized control for core systems but allowing
departments to manage their own access controls for specialized resources.

• Access control administration can follow a centralized approach, which offers simplicity and cost
reduction but introduces risks related to a single point of failure.
• In contrast, decentralized approaches provide granular control but come with administrative
overhead.
• The hybrid approach combines the strengths of both, offering flexibility to manage legacy and
modern systems together effectively.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Design Identification and Authentication Strategy
• Seven Laws of Identity
Overview
• User Control and Consent
• Minimal Disclosure and
Constrained Use
• Justifiable Parties
• Directed Identity
• Pluralism of Operators and
Technologies
Seven Laws of Identity Overview:
• Developed by Kim Cameron and other security experts.
• The laws address how identity systems should be designed to ensure user privacy
and security while enabling seamless authentication and identification.
User Control and Consent:
• Principle: Users must control when and how their identifying information is
shared.
• Example: A social media platform should require explicit consent from users
before sharing their personal information with third-party apps.
Minimal Disclosure and Constrained Use:

• Human Integration
• Consistent Experience Across
Contexts
on
• Principle: The best identity systems are those that disclose the least amount of
identifying information.
uti
additional personal details.
tr i b
• Example: Using only a username to log into a website instead of revealing

Justifiable Parties:
D is
for
• Principle: Identifying information should only be shared with parties that have a
legitimate reason to be involved.
t
No
• Example: A payment processor receiving credit card details only for the purpose of

a,
processing a transaction, without sharing it with unrelated third parties.
h
Na
Directed Identity:

et
• Principle: Identity systems should support omni-directional identifiers for public

e
entities and uni-directional identifiers for private entities.
j
bha
• Example: A public website having a universal identifier (URL), while a user’s
identifier for logging in remains private and secure from other entities.

l Su
Pluralism of Operators and Technologies:

y Co
• Principle: Identity systems must be interoperable with various identity providers
and technology platforms.
B
SP
• Example: A user should be able to log into different websites using credentials
from Google, Facebook, or another identity provider seamlessly.

CI S Human Integration:

for • Principle: Identity systems must account for the fact that human users are an

es integral part of the system.

ot
• Example: Ensuring user-friendly interfaces and reliable security features such as

ll N
two-factor authentication that protects the communication between the user and
the system.

rn e Consistent Experience Across Contexts:

C o • Principle: Users should have a consistent and intuitive experience across

different platforms and identity providers.
• Example: A user logging into various online services should have a similar
authentication experience (e.g., through Single Sign-On) even if the back-end
systems vary.

• The Seven Laws of Identity outline the fundamental principles for designing identity systems that
protect user privacy, provide security, and ensure seamless user experiences.
• They emphasize the importance of user control, minimal data disclosure, trust in legitimate
parties, and interoperability across different technologies while providing a consistent and
human-centered approach to identity management.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Access Control Services
Definition of Access Control Services:
• Definition of Access Control • Access control services encompass several components to ensure that
Services users and processes interact securely with organizational assets.
• Identification • Core components include identification, authentication, authorization,
• Authentication and accountability.
• Authorization • These are critical in protecting systems, assets, and users while providing
• Accountability a framework for tracking user actions.
• AAA (Authentication, Identification:
Authorization, • Refers to the process of asserting a user’s identity or a process to a
Accountability) system.
• Example: When a user enters their username into a system, they are
ti on
identifying themselves to that system.
i bu
Authentication:
str
i
• Refers to the process of verifying an identity that has been asserted.
D
for
• Authentication methods can be based on something you know
(password), something you have (smart card), or something you are
t
No
(fingerprint).

a,
• Example: After entering a username, the system asks for a password to
h
confirm that the user is who they claim to be.
Authorization:
Na
jeet
• Defines what level of access is granted once the user or process has been

ha
identified and authenticated.
b
• Example: An employee might have access to the company's email system,
Su
but not to financial records unless they are authorized.
l
Co
• Role-Based Access Control (RBAC) or Attribute-Based Access Control

By (ABAC) are examples of how authorization is implemented.

Accountability:

I SSP • Refers to the logging and monitoring of all actions taken by identified and

r C authenticated users.

fo • This ensures users are held responsible for their actions and any misuse

es can be tracked.

ot • Example: If a user accesses sensitive data, the system records the time,

ll N
date, and action to ensure accountability.

rn e AAA (Authentication, Authorization, Accountability):

C o • AAA represents the core of access control, ensuring users are properly
authenticated, authorized, and that their actions are tracked for
accountability.
• These components work together to ensure comprehensive security
within systems.

• Access Control Services are fundamental to ensuring that users and processes interact securely
with organizational assets.
• The core elements—identification, authentication, authorization, and accountability—are
essential in controlling access, verifying identities, and maintaining logs for accountability.
• Proper implementation of these services ensures the security and integrity of organizational
resources.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Identification in Access Control Services
Definition of Identification:
• Definition of Identification
• Importance of Unique • Identification is the first step in Access Control Services. It refers to
the process of asserting an identity—either of a user or process—to
Identifiers
the system.
• Identification Guidelines
• Examples of Identification • Identification allows systems to track user activity back to an
Methods individual, ensuring accountability.
Importance of Unique Identifiers:
• Each user or process needs a unique identifier to ensure their
actions can be traced back to them alone.
t i on
• Shared user accounts should be avoided as they make
i bu
s
accountability difficult and potentially circumvent securitytr principles.
i
Identification Guidelines:
fo rD
• Identification mechanisms should be: ot
• Unique: Each identity relates
a , toNonly one individual or
process.
Nondescriptive ofN
ah
et role. For example, an admin account
• job or role: The user account should not
je
give away the user’s
should notainclude “admin” in its name, and a finance
u
accountbhshouldn’t reveal the job function.
• S securely: Accounts should be created and
lIssued
o
y C manager to generate and store passwords).
distributed using secure processes (e.g., a password
B
I SSPExamples of Identification Methods:
C • User ID: A combination of first and last names or employee numbers.
for
tes • Account ID: Unique numbers or alphanumeric strings assigned to
o each user.

ell N • Access Cards: Physical identification tokens.

orn
C • Biometrics: Use of fingerprints, retina scans, or other biological
markers to identify users.

• Identification is the first component of Access Control Services, ensuring that each user or process
interacting with a system can be uniquely identified.
• The identification must be unique, nondescriptive of roles, and issued through secure methods to
protect organizational security.
• Proper identification ensures that actions can be tracked back to the responsible individual, which
is essential for accountability.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Authentication by Knowledge
Definition of Authentication by Knowledge:
• Definition of Authentication
by Knowledge • Authentication by knowledge is one of the three factors of
• Forms of Authentication by authentication that verifies a user’s identity based on something they
know, like a password, passphrase, or the answers to security
Knowledge
questions.
• Best Practices for
Authentication by • It's often referred to as "something you know".
Knowledge
Forms of Authentication by Knowledge:
• Password: A string of characters that a user provides to gain access to
i
a system. Can range from simple (e.g., "password") to complex (e.g.,
t on
"m{BLB9FF#6h`J#U$"). The more complex, the more secure, but
i bu
complex passwords are often hard to remember.
s r
tor phrase,
i
r Dto remember and
• Passphrase: A longer string of words, typically a sentence
fo
used to authenticate. Passphrases are usually easier

“The quick brown fox jumps over the lazyN ot123!” For example:
can be more secure due to their length and complexity.
dog

h a, that a user answers to verify

Ntoathem.
• Security Questions: Cognitive questions
their identity. These questions are chosen by the user and should have
answers that are known only t
e but theAnuser example could be “What’s
e
your mother’s maidenjname?”,
a “3487487glkjgokjo!(*&”)could answer with a
nonsensical stringh(e.g.,
u b for added security.

l Sfor Authentication by Knowledge:

Best Practices
o
B y C Should be complex, with a mix of upper and lower case
• Passwords:
letters, numbers, and symbols.

I SSP• Passphrases: Can be memorable, but should be long and unique.

C
for • Security Questions: The answers don’t have to be true; they should be

tes unpredictable and difficult for others to guess.

o
ll N
• Avoid writing down passwords or storing them in insecure places (e.g.,

rn e sticky notes on a monitor).

C o

• Authentication by knowledge is a method of verifying a user’s identity based on something they

know, such as a password, passphrase, or response to security questions.
• It's crucial to ensure that passwords and passphrases are complex and unique, and that security
questions are difficult to guess.
• These methods should be securely implemented to prevent unauthorized access.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Authentication by Ownership
Definition of Authentication by Ownership:
• Definition of Authentication • Authentication by ownership refers to verifying a user’s identity
by Ownership based on something they possess, such as a token or a smart card.
• One-Time Passwords (OTP)
• This is often referred to as "something you have" in authentication
• Soft Tokens vs. Hard Tokens mechanisms.
• Smart Cards and Memory
One-Time Passwords (OTP):
Cards
• Synchronous vs. • OTP: A dynamically generated password that can be used only once
and expires after use or after a specified period.
Asynchronous OTP
Generation • Examples include Google Authenticator or RSA SecureID. OTPs

on
provide an extra layer of security as they constantly change.
Soft Tokens vs. Hard Tokens:
uti
• Soft Tokens: Software-based applications (e.g., Google
tr i b
is
Authenticator, Authy) that generate OTPs on smartphones or
D
for
computers.
•
t
Hard Tokens: Physical devices (e.g., RSA SecureID) that generate
No
OTPs, typically used for authentication in high-security
environments.
h a,
Na
Smart Cards and Memory Cards:
•
jeet
Smart Cards: Credit-card-sized cards with an embedded chip. They
are inserted into a smart card reader to authenticate users. Used
ha
often in government or military settings.
b
•
l Su
Memory Cards: Cards with magnetic strips (like ATM cards) that

Co
store basic information, such as account numbers, and are used for
limited access authentication. Less secure compared to smart
By cards.

I SSP Synchronous vs. Asynchronous OTP Generation:

• Synchronous OTP: The more common method, in which the OTP
r C
fo generation is time-based or event-based, synchronized with the

es authentication server.

ot • Asynchronous OTP: Less common and more complex; it uses a

ll N
challenge-response mechanism where the token and server

rn e exchange information to verify identity. More secure but also more

expensive due to the complexity of synchronization.
C o

• Authentication by ownership verifies a user’s identity based on something they possess, such as
soft or hard tokens, smart cards, or memory cards.
• One-time passwords (OTPs) are a key component of this authentication method, providing dynamic
and expiring credentials.
• OTPs can be generated through synchronous (time-based or event-based) or asynchronous
(challenge-response) methods, each offering different levels of security and complexity.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Smart and Memory Cards
• Definition of Smart Cards
• Definition of Memory Cards
• Differences Between Smart
and Memory Cards
• Contact Smart Cards
• Contactless Smart Cards
Definition of Smart Cards:
• Smart Cards contain an integrated circuit (IC) chip that performs
calculations and generates unique authentication data for each
transaction.
• These cards are capable of securely processing information and
communicating with readers, making them more secure than
memory cards.
• Commonly used in modern credit/debit cards, government ID
cards, and corporate security badges.
Definition of Memory Cards:
• Memory Cards store information on a magnetic stripe located on
ti on
the back of the card.
i bu
•
st
The data on the magnetic stripe remains the same for eachr
D i
transaction, making these cards more vulnerable to fraud (e.g.,
skimming).
t for
No
• Older credit cards and access cards primarily relied on memory

a,
cards.
h
Differences Between Smart and Memory Cards:
Na
Smart Cards have the ability to process and store information
et
•
e
securely, while memory cards can only store static information that
j
ha
is read during transactions.
b
Su
• Smart cards generate unique data with each transaction, while
l
memory cards present the same data each time.

y Co
Contact Smart Cards:
B • Require physical contact with the card reader for the embedded

I SSP •
chip to be powered and to process transactions.
Often seen in older chip-and-pin credit cards or government ID
r C systems.
fo
es Contactless Smart Cards:

ot • Utilize a reader that communicates wirelessly with the card,

ll N
powering the chip remotely and enabling transactions without

rn e physical contact.

C o • Used in tap-and-go payment systems, public transportation, and

access control systems.

• Smart cards offer enhanced security by using a chip to process and generate authentication data for
each transaction, while memory cards rely on static data stored on a magnetic stripe.
• Contact smart cards require physical interaction with a reader, whereas contactless smart cards
allow for wireless communication, providing greater convenience and flexibility in secure
transactions.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Authentication by Characteristics
• Definition of Authentication by
Characteristics
• Types of Biometric
Authentication (Physiological
and Behavioral)
• Biometric Device
Considerations
• Crossover Error Rate (CER)
Definition of Authentication by Characteristics:
• Refers to biometric authentication, which uses physiological or
behavioral characteristics to verify an individual’s identity.
• Examples include fingerprints, facial recognition, or voice patterns.
Types of Biometric Authentication:
1. Physiological Characteristics:
• Fingerprints: Used in most modern smartphones and secure
facilities.
• Hand Geometry: Measures the shape and size of a hand.

on
• Facial Features: Used in facial recognition technology, such as
Apple's Face ID.
uti
•
tr i b
Eyes: Includes retina and iris scans for high-security access.
2. Behavioral Characteristics:
D is
for
• Handwriting: The unique way someone writes can be analyzed.

t
• Gait: The way someone walks, often used in surveillance.

No
• Voice Recognition: Identifies a person based on their voice
pattern.
h a,
Na
• Typing Patterns: Measures keystroke dynamics, which are

et
unique to each user.

je
Biometric Device Considerations:
ha
• Processing Speed: Biometric systems can be slower than other
b
Su
authentication methods due to the time required for analysis.
l
Co
• User Acceptance: Some users may resist biometric systems due to
privacy concerns or inconvenience.
By • Protection of Biometric Data: Storing biometric data securely is essential

I SSP since this data is uniquely tied to individuals and cannot be changed like
passwords.
r C • Accuracy: The effectiveness of biometric systems is measured by how
fo accurately they can identify users without errors.
es
ot
Crossover Error Rate (CER):

ll N
• CER is the point at which the rate of false rejections (Type 1 errors) and

rn e false acceptances (Type 2 errors) is equal.

C o • A lower CER indicates a more accurate biometric system. It’s used to

gauge the overall reliability of a biometric system.

• Authentication by characteristics involves using biometric data, such as fingerprints or voice

patterns, to verify a user's identity.
• While physiological attributes like facial features are widely used, behavioral factors such as typing
patterns also provide unique identification methods.
• \When implementing biometric authentication, factors like processing speed, user acceptance,
and data protection must be carefully considered to ensure accuracy and security.
• The Crossover Error Rate (CER) is a key metric to assess the performance and reliability of these
systems.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Biometric Device Accuracy/Types of Errors
• Biometric System Accuracy
• Type 1 and Type 2 Errors
• Crossover Error Rate (CER)
• Biometric Templates
Biometric System Accuracy:
• Biometric systems are not 100% binary, meaning they are not always
completely accurate.
• Unlike traditional password systems, biometric systems may falsely
reject valid users or falsely accept invalid users, depending on how they
are tuned.
Type 1 and Type 2 Errors:
• Type 1 Error (False Rejection): This occurs when a valid user is
incorrectly rejected by the system. The False Rejection Rate (FRR)
measures how often this happens. Example: A legitimate user

on
attempting to access a system but being denied.
•
t
Type 2 Error (False Acceptance): This occurs when an unauthorized
u i
tr b
user is wrongly accepted by the system. The False Acceptance Rate
i
(FAR) measures how frequently this occurs. Type 2 errors are far more

D is
dangerous because they allow unauthorized individuals to gain access

for
to secure systems. Example: An attacker gaining access due to system
misidentification.
t
Crossover Error Rate (CER):
No
•
h a,
CER is the point where the FRR and FAR intersect. It indicates the overall

Na
accuracy of a biometric system.

et
• A lower CER suggests a more accurate system, while a higher CER
e
indicates less reliability.
j
•
bha
Biometric systems can be tuned, but reducing one error type increases
the other, creating an inverse relationship.

l Su
Biometric Templates:

y
•
Co
Biometric Templates are digital representations of a user’s biometric

B features, created through one-way mathematical functions.

SP
• Raw biometric data (like fingerprints or facial scans) should never be

CI S stored due to privacy risks. Templates are used instead to protect the
individual's biometric information.

for 1 : N Identification:

es • In this method, biometric data from a new scan is compared to a

ot database of many templates to identify the individual. Example: A

ll N
fingerprint scanner at a door tries to match the fingerprint to a known

rn e template in a database.

C o 1 : 1 Authentication:
• In this method, the system already knows the user's identity, and it
compares the newly generated biometric template to a stored template
for authentication. Example: A laptop scans a user’s fingerprint and
compares it to their stored fingerprint data.

• Biometric systems use physiological or behavioral attributes for authentication. While not 100%
accurate, they introduce the risk of Type 1 (false rejection) and Type 2 (false acceptance) errors, with
Type 2 errors being the most serious.
• The Crossover Error Rate (CER) is a key metric for measuring a system's overall accuracy. To
protect privacy, biometric data is stored as templates rather than raw data, and these templates
can be used for identification (1 : N) or authentication (1 : 1) purposes.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Biometric Devices
Physiological Biometric Devices:
•Physiological Biometric
Devices •Fingerprint Scanners: Analyze the unique patterns of a
person’s fingerprint. Common on devices like smartphones and
•Behavioral Biometric Devices computers. Used in border security (e.g., US-Canada).
•Hand Geometry Scanners: Rarely used but seen in movies.
Scan the geometry of the hand. Some scanners examine ridges
while others focus on hand geometry. Utilized in specialized
environments.
•Vascular Pattern Scanners: Analyze vein patterns in a
person’s hand. Often used in high-security environments like
testing centers (e.g., CISSP exams) to verify identity during an
ti on
exam.
i bu
tr
•Facial Recognition Scanners: Examine an individual’s facial
s
features and patterns. Becoming more common in mobile
D i
for
devices and security systems.
t
No
•Iris Scanners: Examine the colored ring (iris) of the eye for
unique patterns. Non-invasive and widely accepted in security
a,
settings.
h
Na
•Retina Scanners: Examine the vein patterns at the back of the

jeet
eye. Extremely accurate but controversial. Retina scans are
invasive (bright light flashed into the eye) and can reveal
ha
personal health issues, causing privacy concerns. Rarely used
b
Su
due to discomfort and potential privacy risks.
l
Co
Behavioral Biometric Devices:

B y •Voice Recognition: Analyzes how a person speaks, focusing

on vocal tone, pitch, and cadence.
I SSP •Signature Recognition: Identifies unique aspects of how a
r C person signs their name, such as pressure, speed, and style.
fo
es •Keystroke Dynamics: Monitors how a person types on a
ot keyboard, identifying patterns like typing speed and key-press
ll N
timing.

rn e •Gait Analysis: Analyzes how a person walks, focusing on their

C o stride, posture, and movement.

• Biometric devices can be categorized into physiological (e.g., fingerprint, iris, retina
scanners) and behavioral (e.g., voice, signature, keystroke dynamics). While
physiological biometrics focus on a person's physical attributes, behavioral
biometrics analyze how individuals perform actions. Each type of biometric device has
its own use cases and accuracy, with some systems like retina scanners being highly
accurate but invasive and controversial due to privacy concerns.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Factors of Authentication
Factors of Authentication:
• Factors of Authentication
• Single-Factor • Authentication by Knowledge: Something you know, like a password,
Authentication passphrase, or security questions.
• Multifactor Authentication • Authentication by Ownership: Something you have, such as a smart
(MFA) card, RSA token, or one-time password (OTP).
• Authentication by Characteristic: Something you are, involving
physiological (fingerprint, retina scan) or behavioral (keystroke
dynamics, voice) biometrics.
Single-Factor Authentication:
ti on
u
• Utilizes only one factor of authentication from any of the threebtypes.
i
st r
i
rD
• Example: Logging in with a password alone or using a fingerprint
scanner by itself.
fo
tit's based on a single
• Drawback: More vulnerable to attacks since o
security measure.
a ,N
Multifactor Authentication (MFA):ah

e t Nfrom different categories (knowledge,

aje
• Involves two or more factors
ownership, characteristic).
h
b in with a password (something you know) and a
S u
• Example: Logging
fingerprintl scan (something you are) or using a password and an RSA
o
tokenC(something you know + something you have).
• B
y
S P Provides stronger security as it combines different authentication

CI S types, making it harder for attackers to compromise.

for Important Distinction:

tes • If both authentication methods belong to the same factor (e.g.,

o password and security question), it's still single-factor

ell N authentication.

orn • Example: A username/password combo and a security question are

C both forms of knowledge-based authentication, so this would still be
considered single-factor.

• Authentication can be categorized into three factors: knowledge, ownership, and characteristic.
Single-factor authentication involves using only one type, whereas multifactor authentication
(MFA) requires using two or more types from different categories.
• MFA is much more secure, as it requires attackers to compromise multiple factors to gain access.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Password-less Authentication
• Password-less
Authentication Overview
• Common Password-less
Options
• Advantages of Password-
less Authentication
• Challenges and Downsides
Password-less Authentication Overview:
• Refers to authentication methods that don't rely on traditional
passwords.
• Aims to reduce friction, prevent weak password creation, and mitigate
phishing risks.
• Example: Instead of entering a password, a user could authenticate
via biometrics, a mobile device, or a security token.
Common Password-less Options:
• Biometrics: Facial recognition, fingerprint scans, or iris scans used for
authentication.
ti on
bu
• Mobile Devices: The user’s personal device (e.g., smartphone) used
i
for authentication through a PIN or biometrics.
str
D i
• Security Tokens: Physical hardware tokens like FIDO2 keys or USB
for
devices used to authenticate without needing a password.
t
No
• Passkeys: A newer option where users authenticate through

a,
biometrics or a PIN directly on their device, rather than remembering a
password.
h
Na
Advantages of Password-less Authentication:

jeet
• Reduced Friction: Easier and quicker for users to authenticate without
ha
needing to remember complex passwords.
b
Su
• Increased Security: Limits weak passwords and helps to prevent
l
Co
password-based attacks such as phishing.

By • User Convenience: Eliminates the need to reset forgotten passwords

or deal with account lockouts caused by incorrect passwords.

I SSP Challenges and Downsides:

r C • Biometric Vulnerabilities: While more secure, biometric data is not

fo perfect and can sometimes produce false positives or negatives.
es
ot
• Loss of Device or Token: If a user loses their mobile device or

ll N
hardware token, they may be locked out of their account.

rn e • Implementation Costs: Password-less methods like hardware tokens

can be expensive to implement, especially across large organizations.
C o

• Password-less authentication methods, such as biometrics, mobile devices, and security tokens,
provide a secure alternative to passwords, reducing risks like phishing and weak passwords.
• While convenient, challenges such as device loss, biometric limitations, and higher costs must be
carefully considered.
• Passkeys are one of the more recent innovations in password-less security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Credential Management Systems and Password Vaults
• Credential Management
Systems
• Password Vaults
(Password Managers)
• Advantages of Password
Vaults
• Potential Risks of
Password Vaults
Credential Management Systems:
• Credential management systems are tools used to manage, grant, and
revoke credentials at scale.
• Typically involve strong two-factor authentication and public key
infrastructure (PKI) to ensure secure credential handling.
• Manage credentials for people, devices, and processes, ensuring that
each has unique identifiers and preventing unauthorized access.
• Credentials can be tied to trusted digital identities, and these systems
help bind those identities securely to their respective credentials.

on
Password Vaults (Password Managers):
• Password vaults, also known as password managers, are applications
uti
designed to generate, store, and manage passwords securely.
tr i b
is
• Passwords are stored in an encrypted database that is protected by a
D
for
master password.

t
• The idea is that users can generate strong, unique passwords for all

No
their accounts without having to remember each one—only the master

a,
password.
h
Na
• Example: A user with 20 accounts can store passwords for each
account in the vault and only needs to remember their vault's master
password.
jeet
ha
Advantages of Password Vaults:
b
Su
• Increased Security: Makes it easier for users to have unique and
l
strong passwords for each account, which helps protect against

y Co
attacks like credential stuffing.
B • Convenience: Simplifies the user experience by requiring users to

I SSP remember only one password (the master password).

• Cross-device Syncing: Many password managers allow for passwords
r C to be synced across multiple devices, offering easy access to stored
fo credentials.
es
ot Potential Risks of Password Vaults:

ll N
• Single Point of Failure: If an attacker gains access to the password

rn e vault (e.g., by guessing or stealing the master password), they can

C o access all stored passwords.

• Mitigation: It’s crucial to enable multifactor authentication (MFA) for
accounts, so even if the password vault is compromised, additional
security layers remain in place.

• Credential management systems, especially those using strong authentication methods, help
organizations manage access at scale.
• Password vaults enable users to securely store and manage unique passwords, but they introduce a
single point of failure that can be mitigated through multifactor authentication.
• These systems are essential for securing modern digital identities and assets.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Single Sign-On
(SSO)
• Advantages of SSO
• Disadvantages of SSO
• Kerberos as an SSO
Protocol
• SESAME Protocol
Single Sign-On (SSO)
Definition of Single Sign-On (SSO):
• Single sign-on (SSO) refers to a system where users authenticate once
and are then granted access to multiple systems without needing to re-
enter credentials.
• It simplifies the user experience, as they only need to log in once to
access various services or applications.
Advantages of SSO:
• Convenience: Users only need to remember one set of credentials,
reducing the chance of forgetting passwords.
Streamlined Access: After authentication, users can access multiple
on
•
systems or applications seamlessly without repeated logins.
uti
Disadvantages of SSO:
tr i b
•
D is
Single Point of Failure: If the central authentication service fails or is
compromised, users could lose access to all systems, or worse,

for
attackers could gain access to all systems with just one breach.
t
No
• Centralized Administration: SSO relies on centralized management of
user access, which can become a target for attackers.
Kerberos as an SSO Protocol:
h a,
•
Na
Kerberos is one of the primary protocols used for single sign-on. It
provides:
jeet
ha
• Authentication: Verifies user identities.
•
bAuthorization: Determines what resources users can access.
•
l Su Auditing: Tracks user activity for accountability.

y
•
Co
How Kerberos Works:

B • It uses tickets to authenticate users to different services within

SP
a network.

CI S • Once a user logs in, they receive a Ticket-Granting Ticket

for (TGT), which they can use to obtain service tickets for
accessing resources without needing to re-enter credentials.
es
ot
SESAME Protocol:

ll N
• SESAME is an enhanced version of Kerberos that offers additional

rn e functionality like public key cryptography and better scalability.

However, SESAME has not been widely adopted, primarily because
o
•
C Kerberos is built into Microsoft Windows by default, making it the more
dominant protocol.

• Single sign-on (SSO) simplifies user authentication by allowing access to multiple systems with a
single login, offering convenience and ease of use.
• However, the centralization of access introduces potential risks, as a failure or compromise of the
authentication system could lead to widespread access issues.
• Kerberos is the most widely used SSO protocol, and while SESAME offers improvements, its
adoption has been limited due to Kerberos’ integration into major operating systems.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Premise of Single Sign-On
(SSO)
• SSO User Experience
• Advantages of SSO
• Disadvantages of SSO
• SSO Process Steps
Single Sign-On (SSO)
Premise of Single Sign-On (SSO):
• SSO allows users to authenticate once and gain access to multiple systems
without needing to log in repeatedly.
• For example, a user might log in with a username and password or through a two-
factor method like Microsoft Authenticator and then access all systems they're
authorized to use.
SSO User Experience:
• Users typically favor SSO because it simplifies their login experience. Instead of
juggling multiple passwords for different systems, they can use one secure
method for all.
• This ease of use can encourage users to create stronger, more secure

on
passwords since they only need to remember one.
Advantages of SSO:
uti
i b
• Convenience: Users need to log in only once to access multiple systems.
tr
have one login to worry about.
D is
• Stronger Security: Users are more likely to use a strong password if they only

for
• Improved User Experience: Simplifies access and reduces login-related friction.
t
• Centralized Control: SSO systems make it easier for IT administrators to manage
access across an organization.
No
Disadvantages of SSO:
h a,
Na
• Single Point of Failure: If the SSO system is compromised, attackers may gain
access to all systems. If it goes down, users lose access to everything.

jeet
• Security Risks: Centralizing authentication makes it a more attractive target for

ha
attackers.

b
• Legacy Systems: Some older systems may not integrate well with modern SSO

Su
setups, leading to security gaps or exclusions.
l
Co
SSO Process Steps:
1. Login Request: A user requests to log in to an application.

By 2. Authentication Redirection: If not already authenticated, the user is redirected

SP
to the authentication server.

CI S 3. Authentication: The user authenticates with knowledge, ownership, or

characteristic (or a combination). Upon successful authentication, the user is

for issued a ticket or token.

es 4. Ticket/Token Presentation: The user returns to the application and presents the

ot
ticket/token.

ll N
5. Authorization: If the token is valid, the application authorizes access, and the

e
user can now access the system.

orn Summary of Pros and Cons:

C • Pros: Better user experience, stronger passwords, centralized management,

easier enforcement of security policies.
• Cons: Vulnerable to single point of failure, potential compatibility issues with
legacy systems, increased risk if compromised.

• Single sign-on (SSO) enhances the user experience by reducing the number of logins, promoting
stronger password usage, and streamlining administrative control.
• However, the system's centralization introduces risks, making it a single point of failure both in terms
of availability and security.
• Proper management and security protocols are essential to mitigate these risks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Kerberos - 1
What is Kerberos?
• What is Kerberos? • Kerberos is one of the major Single Sign-On (SSO) authentication
• Main Components of protocols, originally developed at MIT.
Kerberos
• The name comes from Greek Mythology: Kerberos (or Cerberus) was a
• How Kerberos Works three-headed dog that guarded the gates of Hell. Similarly, the
• Strengths and Kerberos protocol guards access to resources.
Disadvantages of Kerberos
• Kerberos provides three primary functionalities:
• Authentication
• Accounting
• Auditing
ti on
Main Components of Kerberos:
i bu
s r
t a
i
• Authentication Service (AS): Authenticates users and provides
Ticket Granting Ticket (TGT).
o r D to access
• Ticket Granting Service (TGS): Issues ServicefTickets
specific resources. o t
a, Ncomponent that houses
• Key Distribution Center (KDC): A central
both the AS and TGS and manages
a hticket distribution.
t Nused to prove identity without sending a
• Tickets: Encrypted messages
e
aje
password over the network.
h
ub Alice (the client) sends an authentication request to
How Kerberos Works:
S
ol
1. Initial Request:
the Authentication Service (AS).
C
y Granting Ticket (TGT): The AS verifies Alice's identity and
B
2. Ticket

SP
returns two messages:

CI S 1. One encrypted with Alice's password (verifying she knows it).

for 2. A Ticket Granting Ticket (TGT) encrypted with the TGS’s key,

tes which Alice can’t decrypt.

o 3. Decrypting with Password: Alice decrypts her message using her

ll N
password, confirming her identity. She then sends the TGT to the

rn e Ticket Granting Service (TGS).

C o 4. Service Ticket: The TGS verifies Alice and provides her with a Service
Ticket, which she uses to request access to the service.
5. Service Access: Alice presents the Service Ticket to the target
service. The service verifies the ticket and grants access.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• What is Kerberos?
• Main Components of
Kerberos
• How Kerberos Works
• Strengths and
Disadvantages of Kerberos
Kerberos - 2
Strengths and Disadvantages of Kerberos:
• Strengths:
• Provides Single Sign-On (SSO), meaning users authenticate
once and gain access to multiple services.
• Prevents passwords from being sent across the network in
plaintext.
• Disadvantages:
• Symmetric Encryption Only: Kerberos only supports
symmetric encryption (e.g., AES, DES), which can present key
distribution challenges.
• TOCTOU Attacks: Kerberos is vulnerable to Time Of Check
ti on
i bu
Time Of Use (TOCTOU) attacks since only one ticket is used for

tr
a session. Frequent re-authentication can mitigate this, but it
s
adds user burden.
D i
for
• Ticket Expiration: For high-value systems, frequent ticket

t
expiration is necessary to ensure security, but this can frustrate

No
users who need to log in repeatedly.

h a,
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Kerberos is a widely used Single Sign-On (SSO) authentication protocol that ensures secure access
to multiple systems using tickets instead of repeatedly transmitting passwords.
• Its major components—the Authentication Service (AS) and Ticket Granting Service (TGS)—allow for
efficient credential verification.
• However, challenges like key distribution and the potential for TOCTOU attacks highlight the need for
careful management of ticket lifespans and re-authentication for critical systems.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 SESAME
What is SESAME?
• What is SESAME?
• Advantages of SESAME over • SESAME stands for Secure European System for Applications in a
Kerberos Multi-Vendor Environment.
• Why Kerberos is more • It is an improved version of Kerberos and enables Single Sign-On
prevalent (SSO) like Kerberos, but with additional features.
Advantages of SESAME over Kerberos:
• Supports Symmetric and Asymmetric Cryptography: Unlike
Kerberos, which only uses symmetric encryption, SESAME supports
both symmetric and asymmetric encryption, which enhances
ti on
security and solves the problem of key distribution.
i bu
s r
tTime Of Use
• Multiple Tickets: SESAME issues multiple tickets for authentication.
i
rD
This mitigates vulnerability to attacks like Time Of Check
fo
(TOCTOU), where a single ticket session could be compromised.
t
o
, N is more widely used
Why Kerberos is more prevalent:
• Despite the advantages of SESAME,aKerberos
h like Windows, macOS,
because it is built into prevalentasystems
N
Linux, and Unix operating tsystems.
e
je with Active Directory in Windows
h a
• Kerberos is also integrated
b makes it easier for organizations using Microsoft
uadopt.
environments, which
ecosystemsSto
l
ohas
C
y secure not
• SESAME been widely adopted, even though it is technically
B
more and robust compared to Kerberos.

I SSP
C
for
tes
o
ell N
orn
C

• SESAME improves upon Kerberos by supporting both symmetric and asymmetric cryptography,
addressing key distribution challenges, and issuing multiple tickets for better security.
• However, Kerberos remains the dominant Single Sign-On (SSO) protocol due to its integration with
widely used operating systems like Windows, macOS, and Linux, particularly through Active
Directory in Windows environments.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 CAPTCHA
What is CAPTCHA?
• What is CAPTCHA?
• Why CAPTCHA is used • CAPTCHA stands for Completely Automated Public Turing test to
tell Computers and Humans Apart.
• It is a security measure typically used on websites to distinguish
between humans and automated programs (bots).
• The test usually involves tasks like reading and entering distorted
characters, selecting images with specific objects, or even solving
simple logic puzzles.
Why CAPTCHA is used:
ti on
• CAPTCHA is primarily used to prevent automated account creation,
i bu
where bots create multiple accounts on websites, often for
s trmalicious
purposes.
D i
fo rmight
o t sections.
• It is also used to protect against spam, where bots send

, N password decryption
unsolicited messages or post content in comment
a
hto guess a user's password by
• CAPTCHA helps defend against brute-force
N a
attacks, which involve bots trying
automatically testing manytcombinations.
e
je humans can proceed through specific
• By ensuring that onlyareal
h
b or forms, CAPTCHA enhances security and user
protection. Su
sections of websites

C ol
B y
I SSP
r C
fo
es
ot
ell N
orn
C

• CAPTCHA is a widely used security mechanism that protects websites from automated programs or
bots by requiring users to complete a simple test, proving they're human.
• This technique helps prevent spam, automated account creation, and brute -force password attacks.
It is a simple yet effective way to enhance website security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Session Management
Definition of Session Management:
• Definition of Session
• Session management refers to overseeing and managing user
Management sessions that are created after successful identification,
• What is session hijacking? authentication, and authorization processes.
• How to prevent session
hijacking • A session represents the interaction between a user and a system, and
it remains active until the user manually logs out or the session
• Session termination automatically terminates.
methods
What is session hijacking?:
• Session hijacking occurs when a malicious actor takes control of a
legitimate user's session without their permission.
t i on
• Without proper session management, attackers can exploit sessions
i burisks.to
tr
gain unauthorized access to systems, posing significant security
s
i
How to prevent session hijacking:
fo r D measure
• Re-authentication during the session is the best
o tVPNs, implement
preventive

, Nthat the user remains

for session hijacking. Many systems, such as
continuous re-authentication to ensure
authorized throughout the session. h a
a
et Nduring
• Additionally, session encryption plays a role, as encryption keys can
communication. aje
be periodically re-established the session to further secure the

u bhMethods:
S
Session Termination
l Limitations:
that C
• Schedule o Administrators can set schedule limitations
y log users out of a system at a set time (e.g., every evening at 5
Bp.m.).
P
S • Login Limitation: Prevents simultaneous logins using the same user
CI S ID, ensuring that one account cannot be used by multiple individuals
for concurrently.

tes • Time-Outs: If a user is inactive for a specific amount of time, the

o session will automatically expire (time out).

ell N • Screensavers: A screensaver can be triggered after a period of

orn inactivity, requiring the user to re-authenticate to resume the session.
C

• Session management is critical for ensuring secure, active user sessions. Without it, attackers may
hijack sessions, leading to unauthorized access.
• Effective session management involves frequent re-authentication and session termination methods
like schedule limitations, login restrictions, time-outs, and screensavers to prevent session hijacking
and enhance overall system security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Registration and Proofing of Identity
Definition of Identity Proofing (Registration):
• Definition of Identity
Proofing (Registration) • Identity proofing, also known as registration, is the process of
• When does identity proofing verifying that someone is who they claim to be before granting access
take place? to resources or systems.
• Examples of identity • It is a crucial part of the identity lifecycle and is typically a step in
proofing provisioning, ensuring that individuals have the necessary credentials
to access systems securely.
When does identity proofing take place?:
• Before access to resources: Identity proofing occurs before
t i on
individuals are granted access to sensitive resources such as
i bu
r
ist prior to
employee accounts, systems, or digital certificates.
• It is often part of onboarding for new employees andD
forbadges or
happens
granting access to organizational assets or issuing
t
No
credentials.
• Digital certificate issuance: When a ,user applies for a digital
h a (RA) verifies the applicant’s
a
certificate, the Registration Authority
t NAuthority (CA) issues the certificate.
identity before the Certificate
e
aje
Examples of Identity Proofing:
h
b
Su for government-issued identification such as a
• Employee Onboarding: An organization verifies a new employee’s
identity byl asking

y Co driver’s
passport, license, or national ID card before issuing them an

P B
employee badge or access credentials.

I SS Digital
• Certificate Issuance: A person applying for a digital certificate
C may be asked to provide documentation to prove their identity, which

for the RA will verify before the certificate is issued by the CA.

tes
o
ell N
orn
C

• Identity proofing (registration) is verifying someone's identity before granting access to important
resources or systems.
• It is a critical step in the identity lifecycle, ensuring that credentials and access are only granted to
individuals whose identities have been properly confirmed.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Authenticator Assurance Levels (AAL)
• Definition of AAL
• AAL Levels Overview
• AAL1: Some Assurance
• AAL2: High Confidence
• AAL3: Very High Confidence
Definition of AAL:
• Authenticator Assurance Levels (AAL) refer to the strength and
robustness of an authentication process.
• AALs are defined by the National Institute of Standards and
Technology (NIST) in their SP 800-63B document, which outlines
different levels based on the assurance provided by the
authentication system.
AAL Levels Overview:
• The levels range from AAL1 (the least secure) to AAL3 (the most
secure).
•
ti
Higher AAL levels indicate stronger authentication mechanisms and on
higher confidence in the security of the authentication.
i bu
str
AAL1: Some Assurance:
D i
for
• Single-factor authentication is used at this level.
•
t
A secure authentication protocol is employed but does not require
multifactor authentication.
No
•
h a,
This level provides minimal assurance of the authenticity of the

Na
identity, suitable for low-risk transactions.

jeet
AAL2: High Confidence:

ha
• Multifactor authentication is required at this level, which
significantly increases security.
b
•
l Su
AAL2 uses approved cryptographic techniques to ensure stronger

Co
authentication.

By • It provides high confidence in the authentication process, suitable

for moderate-risk environments.

I SSP AAL3: Very High Confidence:

r C • This is the most robust level, where multifactor authentication is

fo used, and a "hard" cryptographic authenticator is employed to
es provide proof of possession of the key.
ot • Impersonation resistance is required at this level, ensuring that

ell N even sophisticated attackers cannot easily take over accounts.

orn • AAL3 offers very high confidence and is suitable for high-risk
C transactions.

• Authenticator Assurance Levels (AAL) measure the robustness of authentication processes.

• AAL1 offers basic assurance with single-factor authentication, AAL2 adds multifactor authentication
with high confidence.
• AAL3 provides the highest level of confidence with cryptographic methods that resist impersonation,
making it ideal for the most sensitive systems.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Federated Identity Management (FIM)
• Definition of FIM
• Single Sign-On vs. FIM
• Trust Relationships in FIM
• Key Components of FIM
Definition of FIM:
• Federated Identity Management (FIM) allows a user to authenticate
once and gain access to systems across multiple organizations.
• It extends the concept of Single Sign-On (SSO) beyond one
organization by allowing cross-organizational authentication.
• FIM enables the secure sharing of identity data between trusted
entities.
Single Sign-On vs. FIM:
• Single Sign-On (SSO) allows users to authenticate once to access
multiple systems within a single organization.
• FIM goes a step further, enabling authentication across systems
ti on
i bu
belonging to multiple organizations. For example, if you log into a
s
service provided by your bank and can also access a paymenttr
D i
provider's system without re-authentication, FIM is at work.
Trust Relationships in FIM:
t for
No
• FIM relies heavily on trust relationships between entities. These

a,
relationships allow identities to be shared and recognized across
h
different systems without needing multiple authentication events.
Key Components of FIM: Na
1. Principal/User:
jeet
•
bha
This is the person who wants to access a system. The user

Su
only needs to authenticate once, after which they can access
l multiple systems without re-authenticating.

y Co
2. Identity Provider (IdP):
B • The identity provider is the entity that verifies the user's

I SSP identity. It owns the identity data and performs the

authentication. For example, your workplace's
r C authentication server acts as the IdP when you access
fo internal systems.
es
ot
3. Relying Party (RP):

ll N
• Also known as the service provider, the relying party trusts

rn e the identity provider's authentication of the user. After the IdP

authenticates the user, the relying party allows access to its
C o system without requiring a separate authentication event.

• Federated Identity Management (FIM) enables cross-organizational access through a single

authentication event, extending the functionality of SSO across multiple organizations.
• FIM relies on a trust relationship between the user (principal), the identity provider (IdP), and the
service provider (relying party).

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Federated Identity Management (FIM)
Definition of FIM:
• Definition of FIM
• FIM vs. SSO • Federated Identity Management (FIM) allows users to authenticate
• Trust Relationships in FIM once and access multiple systems across various organizations, unlike
• Components of Federated Single Sign-On (SSO), which is restricted to systems within a single
organization.
Access
FIM vs. SSO:
• SSO provides access to multiple systems within one organization using
one-time authentication.
•
i on
FIM extends SSO capabilities across multiple organizations, allowing
t
i bu
access to external systems, such as logging into Pinterest using a
Google account.
str
Trust Relationships in FIM: D i
•
t for
FIM depends on trust relationships between different entities.
N o check performed at one
ain, a different location, even though
• For example, when travelling by air, a security
h
airport is trusted by another airport
Na
both are run by separate organizations.
t
Components of Federated
jeeAccess:
1. Principal/User:bha
•
l Suuser or principal who wants to access a system (e.g., a
The

y Co user logging into Pinterest using their Google account).

2. B Identity Provider (IdP):
S P
CI S • The identity provider authenticates the user’s identity (e.g.,
Google authenticating the user).
for
tes 3. Relying Party (RP):

o • The relying party, also called the service provider, trusts the

ll N
authentication performed by the IdP (e.g., Pinterest trusting

rn e Google’s authentication of the user).

C o

• Federated Identity Management (FIM) allows for one-time authentication across multiple
organizations by leveraging trust relationships between the user (principal), identity provider (IdP),
and relying party (RP).
• This system provides convenience by reducing the need for multiple logins and passwords while
maintaining a secure flow of information across disparate systems.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

SAML and its Importance in Federated Identity Management (FIM)
-1
• SAML Overview
• Authentication and
Authorization Process
• SAML Assertion Ticket
• Key Components of SAML
• Important Characteristics of
SAML
SAML Overview:
• Security Assertion Markup Language (SAML) is a critical protocol in
Federated Identity Management (FIM), providing authentication and
authorization services. It allows a user to authenticate once via an
identity provider and gain access to multiple services.
Authentication and Authorization Process:
1. User Requests Access:
• A user (principal) who is not logged in requests access to a

on
service from a service provider. The request is redirected to
the identity provider for authentication.
uti
2. Identity Provider Authenticates User:
tr i b
is
•
f
standard identification and authenticationo r Dprocedures. Once
The identity provider verifies the user’s identity through

authenticated, the user is issued a tSAML assertion ticket.

N o
3. SAML Assertion Ticket: ,
The assertion ticket isa hato the user, but it does not contain
t Nstatements
• sent

je e
sensitive information
contains assertion
like the user’s password. Instead, it
about the user (e.g.,
a
bhAuthorization:
username, role).

S u
l
4. Service Provider
o
y C• The user passes the assertion ticket to the service provider

P B (relying party). The service provider evaluates the assertions

and makes an authorization decision based on the provided
I SS information, determining the level of access the user will
r C have.
fo
es
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

SAML and its Importance in Federated Identity Management (FIM)-
2
• SAML Overview
• Authentication and
Authorization Process
• SAML Assertion Ticket
• Key Components of SAML
• Important Characteristics of
SAML
SAML Assertion Ticket:
•A SAML assertion ticket is a token containing assertions or statements
about the user. It is used by the service provider to make decisions
regarding authorization.
Key Components of SAML:
1.Assertion:
1. Provides details on authentication, authorization, and other
user attributes.
2.Protocol:

on
1. Defines how requests and responses are structured
between entities.
uti
3.Bindings:
tr i b
1. Maps SAML messages onto standard communication
D is
for
protocols (e.g., HTTP).
4.Profiles:
t
No
1. Specifies how SAML is used for various business use cases
like Web SSO or LDAP.
h a,
Important Characteristics of SAML:
Na
jeet
•SAML Assertion Tickets:

ha
• SAML relies on tokens, called assertion tickets, to
b
communicate the user’s authentication and authorization

l Su
details.

y Co
•Written in XML:

B • SAML assertions are written in Extensible Markup Language

SP
(XML), a machine and human-readable format that ensures

CI S interoperability across different systems.

for
es
ot
ell N
orn
C

• SAML is a crucial protocol in Federated Identity Management, enabling secure authentication and
authorization across multiple service providers.
• It uses SAML assertion tickets to communicate user information without revealing sensitive details
like passwords.
• SAML’s components (assertions, protocols, bindings, profiles) make it versatile for different
business use cases, and its use of XML ensures both human and machine readability.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Accountability and the Principle of Access Control
Accountability in Access Control:
• Accountability in Access • Accountability is fundamental to access control and refers to ensuring
Control that actions within a system can be traced back to a responsible
• Principle of Access Control individual or entity.
• Steps to Achieve Principle of Access Control:
Accountability • The Principle of Access Control is synonymous with accountability.
• It ensures that individuals who access or modify system resources can
be held responsible for their actions.
• Without accountability, there is no reliable way to trace misuse or errors
within a system.
Steps to Achieve Accountability:
ti on
1. Unique Identification of Users:
i bu
•
str
Every user accessing the system must have a unique identity
that differentiates them from others.
D i
•
t for
This is critical for tracking actions back to the correct user.

No
• Example: Assigning a unique username to each employee.

a,
2. Proper Authentication:
h
Na
• Users must be authenticated before gaining access to any
system resources.
•
eet
This ensures that the person using the identity is actually who
j
ha
they claim to be.
b
Example: Requiring a password, smart card, or biometric scan
Su
•

l for login.

y
3.
Co
Authorization:

B • Once authenticated, users must be granted appropriate

SP
permissions based on their role or need-to-know.

CI S • This ensures users only access what they are allowed to,

for •
preventing misuse.
Example: Restricting access to financial data to only authorized
es personnel.
ot
ll N
4. Logging and Monitoring:

rn e • All actions performed by users should be logged and

monitored for later review.
C o • This ensures that a history of user actions exists for audit
purposes, enabling investigations into any suspicious behavior.
• Example: Recording system login times, file modifications, and
data access in audit logs.

• The Principle of Access Control is achieved through accountability, which requires identifying,
authenticating, authorizing, and monitoring users.
• These measures ensure that all actions within a system can be traced back to the responsible
individual, which is crucial for security, audits, and compliance.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Just-in-time (JIT) Access
• Definition of Just-in-time
Access
• Purpose of Just-in-time
Access
• Benefits and Risks
Definition of Just-in-time Access:
• Just-in-time (JIT) access is a security approach where a user is temporarily
granted elevated privileges for a specific period of time to complete tasks
that require higher access levels.
• These tasks are usually infrequent and limited in scope.
Purpose of Just-in-time Access:
• JIT access aims to reduce security risks by limiting the amount of time a user
has elevated privileges.
• This ensures that elevated permissions are not held long-term, thus reducing
the potential for misuse or accidental actions.

on
Example:
•
ti
A finance manager needs to access a sensitive database once a month to
u
tr i b
generate financial reports. Instead of having constant access to the
database, the manager's privileges are elevated for the specific time window
during which they need to complete the task.
D is
for
Benefits of Just-in-time Access:
t
No
1. Minimizes Long-term Privilege Risks:
• By granting elevated access only when needed, JIT access prevents
a,
users from having continuous administrative or privileged access,
h
Na
which could be exploited in the case of an insider threat or account
compromise.
2.
eet
Automated and Efficient:
j
•
bha
Many JIT systems are automated, allowing for automatic elevation
of privileges based on predefined criteria (e.g., a scheduled report

l Su or request). This removes the need for manual intervention while still

Co
maintaining tight security controls.

By 3.Reduces Attack Surface:

SP
• By limiting access time, the window of opportunity for an attacker
to exploit privileged accounts is significantly reduced.

CI S 4. Compliance and Auditing:

for • JIT access supports compliance efforts by ensuring that access

es control principles (like least privilege and need-to-know) are

ot
enforced. Logs of when privileges were elevated are kept for auditing

ll N
purposes.

rn e Risks of Long-term Privilege Elevation:

C o • Without JIT access, a user who holds continuous elevated privileges

increases the risk of misuse, data breaches, or administrative errors that
could expose sensitive data.

• Just-in-time (JIT) access enhances security by granting temporary elevated privileges to users only
when they are needed.
• This reduces the risks associated with long-term elevated access, minimizes the attack surface, and
supports compliance through proper logging and auditing.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Identity as a Service (IDaaS)
• Definition of Identity as a
Service (IDaaS)
• Capabilities of IDaaS
• Types of Identities in IDaaS
• Risks of IDaaS
Definition of Identity as a Service (IDaaS):
• IDaaS refers to identity management services hosted in a cloud-based
environment, where critical functions like identification, authentication,
authorization, and access control are managed. The core premise is to
handle these identity functions centrally but accessible via the cloud.
Why IDaaS is used:
• Organizations use IDaaS to simplify identity management, particularly for
cloud-based and hybrid environments. IDaaS ensures consistent and
secure management of user identities, regardless of whether resources are
on-premises or in the cloud.
Capabilities of IDaaS:
1.
t
Provisioning: Automated setup and management of user accounts across
i on
cloud and on-premises environments.
i bu
2.
tr
Administration: Management of identity lifecycle and access controls.
s
3.
D i
Single Sign-On (SSO): Allowing users to authenticate once and gain

for
access to multiple systems.
4. t
Multifactor Authentication (MFA): Adding a layer of security by requiring
two or more factors to verify identity.
No
5.
a,
Directory Services: Managing user identities, credentials, and other
h
Na
information in both on-premises and cloud environments.

et
Types of Identities in IDaaS:
•
je
Cloud Identity: Identity created and managed in the cloud, authenticated
ha
by a cloud service.
b
Su
• Synced Identity: Identity created locally (e.g., via Active Directory) and
l
synced to the cloud.

y
•
Co
Linked Identity: Two separate accounts, one local and one cloud-based,
that are linked together for access.
B
SP
• Federated Identity: Managed by a third-party Identity Provider (IdP) and

CI S allows for federated access.

Risks of IDaaS:

for 1. Availability Risks: If the IDaaS provider suffers an outage, users may be

es unable to authenticate or access services.

ot 2. Data Protection Risks: Sensitive identity information must be securely

ell N managed by the third-party IDaaS provider, requiring strong encryption

and compliance with data protection regulations.

orn 3. Trust Risks: Trusting a third party to handle the organization’s sensitive or
C proprietary identity data introduces potential risks related to control,
security, and regulatory compliance.

• IDaaS offers cloud-based identity management services that centralize and simplify user
authentication, provisioning, and administration across cloud and on-premises environments.
• While it enhances security and operational efficiency, organizations must assess availability, data
protection, and trust risks when relying on third-party providers for critical identity functions.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Identity and Access Management (IAM) Solutions
On-Premises IAM Solutions:
• On-Premises IAM • These systems are managed and controlled entirely by the
Solutions organization within its private infrastructure.
• Cloud-Based IAM • Not dependent on internet connectivity, making them a more
Solutions reliable option in environments where internet outages are common.
• Hybrid IAM Solutions • Security is typically stronger due to control over all aspects of the
system, including hardware, software, and network protections.
• Example: A large corporation that houses its own data centers and
manages its own Active Directory for all employees.

on
Cloud-Based IAM Solutions:
• IAM services are provided through a cloud service provider.
uti
•
r i
Leverages Federated Identity protocols like SAML to integrate
t b
is
cloud-based services with the organization’s existing identity
D
for
credentials, allowing seamless authentication.
•
t
Availability risk exists since access to identity services depends on

No
the availability of the cloud provider.
•
h a,
Security concerns arise due to the multitenant nature of cloud

Na
infrastructure, where multiple organizations share the same
underlying resources.
•
jeet
Example: A startup using AWS IAM for cloud-based applications and
storage.
bha
Su
Hybrid IAM Solutions:
l
Co
• Combines the best features of both on-premises and cloud-based
IAM.
By • Allows greater flexibility and scalability, making it ideal for

I SSP organizations that are dynamic or growing rapidly.

r C • A hybrid approach ensures that mission-critical applications and

fo sensitive information remain on-premises, while other less sensitive

es services can be managed in the cloud.

ot • Example: An organization that uses on-premises IAM for internal

ll N
applications and cloud-based IAM for external services like Microsoft

rn e Azure Active Directory.

C o

• IAM solutions can be implemented using on-premises, cloud-based, or hybrid models. On-
premises systems offer more control and security but lack the flexibility of cloud-based solutions.
• Cloud IAM offers scalability and remote access but comes with risks of availability and multitenancy.
• Hybrid IAM solutions blend the strengths of both models to provide flexibility and control, making
them ideal for organizations with evolving needs.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Identity and Access Management Solutions (IAM) and IDaaS Risks

On-Premises IAM Solutions:

• On-Premises IAM Solutions
• Cloud-Based IAM Solutions
• Hybrid IAM Solutions
• IDaaS Risks
• Managed by the organization within its own infrastructure.
• Not reliant on the internet, ensuring continued functionality during internet
outages.
• Provides higher security control since the organization manages all IAM
components directly.
• Example: A bank running its identity management from its internal data
centers.
Cloud-Based IAM Solutions:
• Hosted by a cloud service provider, leveraging protocols like SAML for

on
federated access.
• Facilitates remote access and scalability, which is advantageous for
uti
b
organizations with geographically dispersed users.
•
tr i
Subject to availability risks—if the cloud service goes down, users may lose
access to critical systems.
D is
for
• Example: A company using Microsoft Azure Active Directory for external cloud
apps.
t
Hybrid IAM Solutions:
No
•
h a,
Combines on-premises and cloud-based IAM features.

Na
• Provides flexibility and scalability, ideal for growing organizations with diverse
needs.
•
eet
Sensitive systems are managed on-premises, while cloud services handle less
j
ha
sensitive operations.
•
b
Example: An enterprise running internal HR systems on-premises while
Su
integrating cloud-based apps like Office 365.
l
Co
IDaaS Risks:

By • Availability of Service: If the cloud provider suffers an outage, users may not
be able to access their systems.

I SSP • Example: If an IDaaS provider experiences downtime, employees might not be

able to log into key platforms.
r C Protection of Critical Identity Data: The cloud provider is responsible for
o
•

s f safeguarding sensitive data like Personally Identifiable Information (PII).

ote • Example: A data breach at the cloud provider could expose users' personal
and authentication data.

ell N • Trusting a Third Party with Sensitive Information: Entrusting proprietary

rn
information to a third-party provider can pose risks if data protection controls

C o •
are inadequate.
Example: Intellectual property might be vulnerable if the cloud provider’s
security practices are not robust enough.

• IAM solutions can be deployed through on-premises, cloud, or hybrid models, each with varying
degrees of control, security, and flexibility.
• On-premises solutions provide more direct control, while cloud IAM solutions offer scalability but
come with availability risks.
• Hybrid IAM solutions offer the best of both worlds.
• In the context of IDaaS, organizations should be aware of risks related to service availability, data
protection, and third-party trust, ensuring that safeguards are in place to mitigate these
vulnerabilities.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Authorization Mechanisms - 1
• Discretionary Access
Control (DAC)
• Rule-based Access Control
• Role-based Access Control
• Attribute-based Access
Control (ABAC)
• Context-based and Risk-
based Access Controle
• Xtensible Access Control
Markup Language (XACML)
Discretionary Access Control (DAC):
• The asset owner determines access and grants permissions based on
their discretion.
• Flexibility is key, but it can lead to security risks as owners might
accidentally give broad access.
• Example: A file owner allowing a colleague to read or modify a file based
on their judgment.
Rule-based Access Control:
• Access is controlled by rules set by administrators.
on
• Can be highly granular, providing specific access based on conditions,
such as time of day or network location.
uti
updates.
tr b
• Administrative overhead is high due to the need for constant rule
i
D is
• Example: Firewall rules that only allow access to certain servers during

for
business hours.
t
No
Role-based Access Control (RBAC):

a,
• Access is granted based on roles or job functions within an
organization.
h
Na
• Simplifies administration by assigning users to roles with predefined
permissions.
jeet
ha
• Scalability is a major advantage, especially in large organizations.
b
• Example: An IT administrator role that automatically grants access to
Su
system management tools.
l
y Co
Attribute-based Access Control (ABAC):

B • Access decisions are made based on multiple attributes, such as job

SP
function, device type, working hours, and security clearance.

CI S • Provides fine-grained control over access, ensuring only users with

specific attributes can access certain resources.
for • Example: A user accessing sensitive data only during work hours from a
es corporate device with proper security patches.
ot
ell N
orn
C

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Authorization Mechanisms - 2
Context-based Access Control:
• Discretionary Access • Contextual factors like location or network type determine access.
Control (DAC)
• Rule-based Access Control • Often implemented in firewall rules to allow or block connections based
on whether they originate from within or outside the organization.
• Role-based Access Control
• Attribute-based Access • Example: Allowing VPN access only to employees connecting from
Control (ABAC) specific geographic regions.
• Context-based and Risk- Risk-based Access Control:
based Access Controle • Dynamic access control based on the risk profile of a connection.
• Xtensible Access Control
on
• Looks at factors such as IP address, time of access, and location to
Markup Language (XACML)
ti
assess risk, and additional authentication may be required for high-risk
u
connections.
tr i b
s
• Example: A user trying to access sensitive systems from an unusual
location may be prompted for multi-factor authenticationi(MFA).
eXtensible Access Control Markup Language (XACML):
f o rD
o t attribute-based
,N
• A standard language used to define and enforce
access control (ABAC).
h a
a
• XACML enables flexible policy enforcement based on the attributes

e t N using XACML to define access policies

defined in an organization’s access control policy.

h ajeand devices.
• Example: A cloud service
for different user groups
provider

S ub
C ol
B y
I SSP
C
for
tes
o
ell N
orn
C

• Authorization mechanisms vary from Discretionary Access Control (DAC), where asset owners
grant permissions, to more structured approaches like Rule-based, Role-based, and Attribute-
based Access Control (ABAC).
• Context-based and Risk-based access controls provide dynamic and adaptive security measures,
adjusting based on the connection's environment or perceived risk.
• Tools like XACML enable organizations to enforce sophisticated access policies, particularly in
complex environments requiring fine-grained controls.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Discretionary Access
Control (DAC)
• Role-Based Access Control
(RBAC)
• Rule-Based Access Control
• Attribute-Based Access
Control (ABAC)
• Mandatory Access Control
(MAC)Risk-Based Access
Control
Access Control Types
Discretionary Access Control (DAC):
• Owner-driven: The owner of an asset decides who can access it and what
permissions they have.
• Flexible but risky: While flexible, DAC can lead to security vulnerabilities if
owners give broad access rights inadvertently.
• Example: A project manager granting team members access to a specific
folder.
Role-Based Access Control (RBAC):
• Role-centric: Access is determined by the user’s role within the organization.
• Simplifies management: Users assigned to specific roles (e.g., admin,
on
finance, HR) gain predefined permissions.
• Example: A systems administrator automatically has access to network
uti
b
configuration tools due to their role.
Rule-Based Access Control:
tr i
•
D is
Rule-driven: Access is based on predefined rules such as Access Control

for
Lists (ACLs) or firewall rules.
•
t
Highly granular: This approach can be very specific, but it requires regular
updating to stay relevant.
No
•
and 6 PM.
h a,
Example: A firewall rule that only allows access to a network between 9 AM

Na
Attribute-Based Access Control (ABAC):
•
eet
Attribute-centric: Decisions are based on multiple user attributes like job
j
ha
role, location, time, and device security.
•
b
Highly flexible and suitable for dynamic environments, providing very fine-
Su
grained access control.
l
Co
• Example: A user can only access sensitive files if they are using a company-

By approved device and are physically located within the office.

Mandatory Access Control (MAC):

I SSP • System-enforced: Access is determined by the system using security labels

or classifications, such as Top Secret or Confidential.
r C High security, less flexibility: Typically used in government or military
o
•

s f settings where classification levels dictate access.

ote • Example: An employee can only view classified documents if they hold a
security clearance that matches the classification of the document.

ell N Risk-Based Access Control:

orn • Dynamic control: Factors like the IP address, time of access, and location
are evaluated to assess the risk of a user’s request.
C • Adaptive security: Based on the perceived risk, additional security measures
(such as multi-factor authentication) may be required.
• Example: A remote access request from a previously unseen location might
trigger an extra authentication step.

• The different types of access control provide varying levels of security, flexibility, and management
complexity.
• Discretionary Access Control (DAC) offers flexibility but can be risky, while Role-Based Access Control
(RBAC) simplifies management by aligning permissions with roles.
• Rule-based and Attribute-based access controls (ABAC) provide greater granularity and adaptability.
• Mandatory Access Control (MAC) offers strong security in highly classified environments.
• Risk-Based Access Control provides dynamic responses based on user behavior and context. Each
method should be chosen based on the specific security needs and risk profile of the organization.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Discretionary Access Control (DAC)
• Discretionary Access Control
(DAC) Definition
• Rule-Based Access Control
(DAC Type 1)
• Role-Based Access Control
(RBAC) (DAC Type 2)
• Attribute-Based Access
Control (ABAC) (DAC Type 3)
Discretionary Access Control (DAC):
• Owner-driven access control: The asset owner determines who can
access an asset and the level of access, based on their discretion.
• Flexibility and accountability: Since the owner is responsible for the
asset, they are in the best position to determine access, which fosters
accountability.
• Best practice: Encouraged in environments where asset owners are
knowledgeable and directly responsible for the data or system.
• Example: A document owner granting specific team members "read"

on
access while granting others "edit" access.
Rule-Based Access Control (DAC Type 1): ti
urules
tr
• Rule-centric: Access to an object is determined based on specific i b
set by the asset owner. is
Dgranting or
• Highly structured: Owners can create detailed rulesrfor
denying access based on various criteria. t fo
o
Nof this timeframe.
,
• Example: An owner might create a rule that allows access only during

ha
business hours, restricting access outside
Role-Based Access Control (RBAC)a(DAC Type 2):
e t N by the user's job role or function
aje
• Role-centric: Access is determined

h
within the organization.

roles ratherS
ub
• Simplified management: The owner grants access based on predefined

olA database administrator automatically gets permission to

than individual user permissions.
C
y database configurations, while a finance analyst only gets access
• Example:
Bmodify
P to financial reports.
S
CIS Attribute-Based Access Control (ABAC) (DAC Type 3):
for • Attribute-driven: Access is controlled based on multiple attributes,

tes such as the user’s job function, device used, time of day, and more.
o • Granular control: Allows very specific and fine-grained access controls,

ell N enhancing security by considering various contextual factors.

orn • Example: A user accessing sensitive financial data may need to be using
C a company-issued laptop, be on the corporate network, and be working
within business hours to gain access.

• Discretionary Access Control (DAC) allows the owner of an asset to determine who can access it
and under what conditions.
• DAC provides flexibility, enabling owners to use rules, roles, or attributes to control access, making
it adaptable to different environments.
• Rule-Based, Role-Based, and Attribute-Based access controls provide different levels of
granularity and flexibility, with ABAC offering the most detailed control by factoring in multiple user
and asset attributes.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Types of Discretionary Access Control (DAC)
• Rule-Based Access Control
(DAC Type 1)
• Role-Based Access Control
(RBAC) (DAC Type 2)
• Attribute-Based Access
Control (ABAC) (DAC Type 3)
•
Rule-Based Access Control:
• How it works: Access is determined by specific rules created by the asset
owner. Each rule dictates who can perform certain actions on specific
resources.
• Granularity: Allows precise control over what users can do with various
resources, making it very granular but administratively intensive.
• Example: Alice can only read Bob’s directory, but she has both read and write
access to her home directory.
• Pro: Provides detailed and customizable access control.
• Con: High administrative overhead due to the need for creating and managing
multiple rules for every user/resource combination.
Role-Based Access Control (RBAC):
ti on
How it works: Access is based on user roles or job functions withinb
i u
r the

ist to roles
organization. Users assigned to a role inherit that role's permissions.
Simplifies management: Reduces overhead by assigningD
instead of managing each user individually. This makes itreasier to administer
• permissions
permissions for large groups of users.
t fo
•
N
Example: Call center agents all receive the same opermissions based on their
a,
shared role in the organization.
•
a
Pro: Great for organizations with clearh roles, such as call centers or
N
departments with uniform responsibilities.
t
• Con: Can become complex
je ein organizations with many roles or overlapping job
a (ABAC):
functions, potentially creating
hControl
more roles than employees.

b
SuAccess
Attribute-Based Access
•
o l
How it works: is determined by a set of attributes such as the user’s
C and context-based: ABAC allows access decisions based on a wide
job role,
yGranular
device type, location, time of access, and asset classification.
•
B
P are accessible from different locations and devices.
range of factors, making it ideal for cloud environments where applications
S
CIS • Example: A user may need to be using a company-issued device, be on the

or
corporate network, and working during business hours to gain access to

s f sensitive data.

o te • Pro: Offers the most detailed control, especially useful in dynamic cloud
environments where access decisions require more contextual factors.

ell N • Con: Can be complex to implement and manage, as it requires defining and

rn
maintaining many different attributes and policies.

C o

• Each type of Discretionary Access Control (DAC) has its own strengths and weaknesses. Rule-
Based Access Control is highly granular but can be cumbersome to manage.
• Role-Based Access Control (RBAC) simplifies management through roles but may become
complex in organizations with many roles.
• Attribute-Based Access Control (ABAC) offers the most detailed and context-sensitive control,
making it highly useful for cloud environments, but it can be complex to administer due to the need
for defining multiple attributes and policies.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 eXtensible Access Control Markup Language (XACML)
• Purpose of XACML
• Components of XACML
• Use of XACML in ABAC
Purpose of XACML:
• Definition: XACML stands for eXtensible Access Control Markup
Language. It is a standard designed to define and enable attribute-
based access control (ABAC).
• Primary Role: XACML provides a way to create and manage access
control policies based on attributes. It helps implement ABAC in a
standardized and interoperable manner.
• Functionality: XACML defines a policy language, architecture, and
processing model for ABAC. This allows systems to enforce access
control based on attributes like user roles, device types, time of

on
access, and more.
• Example: In a corporate network, XACML could be used to enforce
uti
i b
policies that only allow access to a specific database if a user is in a
tr
certain hours.
D is
particular location, using a secure device, and performing tasks within

Components of XACML:
t for
No
• Policy Language: Defines access control policies using attributes. This

a,
language is flexible and allows for complex rule sets to govern access.

h
• Architecture: Provides a framework for attribute-based decisions. It

Na
includes various components such as a Policy Decision Point (PDP) and

jeet
Policy Enforcement Point (PEP).

ha
• Processing Model: Specifies how requests are processed, how policies

b
are evaluated, and how access decisions are made based on those
policies.
l Su
Co
Use of XACML in ABAC:

By • Standardization: XACML allows organizations to implement ABAC in a

consistent and interoperable manner across different systems and

I SSP environments.

r C • Scalability: It is designed to scale with large, dynamic environments,

such as cloud-based systems, where access rules need to be more
fo
es dynamic and context-aware.

ot • Example: An organization might use XACML to grant access to certain

ll N
financial records based on a user’s department, job function, and

rn e clearance level. The access control policy would be defined and

enforced using XACML’s framework.

C o

• XACML plays a critical role in implementing attribute-based access control (ABAC).

• It provides a standardized policy language, architecture, and processing model, enabling complex
access rules based on attributes such as user roles, device types, and environmental conditions.
• XACML ensures that ABAC can be implemented in a scalable and consistent way across different
systems, making it particularly useful in cloud and dynamic environments.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Risk-Based Access Control
• Definition of Risk-Based
Access Control (RBAC)
• Factors Considered in Risk-
Based Access Control
• Operation of Risk-Based
Access Control
• Advantages of Risk-Based
Access Control
Definition of Risk-Based Access Control:
• Risk-Based Access Control (RBAC) is a method that assesses the risk level
associated with a user’s request for access. It evaluates various factors
related to the connection request and then decides whether additional
authentication measures are required before access is granted.
• Example: If a user tries to access a corporate system from an unfamiliar IP
address or at an unusual time (e.g., late at night), the system may flag this as
risky and require the user to complete additional authentication such as
entering a one-time password or responding to a challenge question.
Factors Considered in Risk-Based Access Control:
• IP Address: The geographical location or origin of the connection request.
• Time of Access Request: The time of day or the day of the week that the
access request is made, compared to the user’s normal activity.
ti on
i bu
•
trusted.
str
Device Type: Whether the device used for access is recognized or previously

D i
User Behavior: Behavioral patterns such as typing speed, typical access

for
•
patterns, etc.
t
No
• Location: Physical location of the user, determined by GPS or network
information.
•
h a,
Example: A user working from home on a known device during regular hours

Na
would face less scrutiny than a user logging in from a foreign country on a new

et
device.

je
Operation of Risk-Based Access Control:
•
bha
Risk Profiling: When a user requests access, the system generates a risk
profile based on the elements mentioned above.
•
l Su
Dynamic Authentication: Based on the risk profile, the system may request

Co
further authentication challenges for higher-risk requests (such as MFA or

By challenge questions), or it may grant access with minimal friction for low-risk
requests.

I SSP • Real-Time Decision Making: The system makes dynamic, real-time

decisions about access control, enhancing both security and user

r C convenience.

fo Advantages of Risk-Based Access Control:

es
ot
• Enhanced Security: RBAC allows for more granular control, increasing
security by adapting authentication requirements based on perceived risk.

ell N • Improved User Experience: Low-risk users do not need to go through extra

rn
layers of authentication, making the system more user-friendly while

C o •
maintaining security.
Example: A sales executive logging into the CRM from their office may
experience smooth access, while the same user attempting access from a
different country might be required to go through additional verification steps.

• Risk-Based Access Control enhances security by evaluating risk factors such as IP address, time,
location, and device type, creating a risk profile for each access request.
• Based on the risk level, further authentication may be required before granting access.
• This method improves security while maintaining a user-friendly experience, dynamically adjusting
authentication challenges based on real-time risk assessments.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Mandatory Access Control (MAC)
• Definition of Mandatory
Access Control (MAC)
• Clearance Levels and
Classifications
• Operation of Mandatory
Access Control
• Use Cases for MAC
Definition of Mandatory Access Control (MAC):
• Mandatory Access Control (MAC) is a highly structured and rigid
access control model used to ensure the highest level of security,
especially where confidentiality is paramount.
• Unlike discretionary models, users cannot modify or grant access
to resources they own. Instead, access is dictated by system-
enforced policies based on strict rules.
Clearance Levels and Classifications:
• Clearance Level: Each user or subject is assigned a security
clearance, representing the level of trust or access they are granted
within the organization.
ti on
bu
• Classification: Every asset (file, document, database) is assigned a
i
tr
classification based on its sensitivity, such as Top Secret,
s
Confidential, or Unclassified.
D i
for
• Example: A user with a "Secret" clearance cannot access assets
t
No
classified as "Top Secret," even if they are a high-ranking member of
the organization.

h a,
Operation of Mandatory Access Control:

Na
• Access Decision: MAC systems automatically enforce access

jeet
control decisions based on the relationship between a user's

ha
clearance and the asset's classification.
b
• If the user's clearance level matches or exceeds the classification
Su
of the asset, access may be granted; otherwise, it will be denied.
l
y Co
• Example: A user with a "Confidential" clearance cannot access
"Secret" documents, regardless of their need to perform a job
B function, because the system enforces access rules automatically.

I SSP Use Cases for MAC:

r C • Government Agencies: MAC is most often found in government

fo organizations and defense sectors where confidentiality and
es control over classified information are of critical importance.
ot
ll N
• Strict Control Environments: It is useful in environments where
absolute control over access to information is required, such as in
rn e military operations or intelligence agencies.
C o • Example: The Department of Defense might use MAC to control
access to highly classified military intelligence, ensuring only
authorized personnel with the right clearance can view or edit
sensitive information.

• Mandatory Access Control (MAC) is a stringent access control model where users have no
discretionary power over the access to resources.
• Access is determined solely based on a user’s security clearance and the asset’s classification
level.
• MAC is commonly used in government and military settings where confidentiality is the highest
priority, ensuring only those with appropriate clearance can access sensitive information.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Defining Characteristics of Mandatory Access Control (MAC)
• Characteristics of
Mandatory Access Control
(MAC)
• Classification of Objects
• Clearance Levels of Users
• Decision-Making by the
System
• Why MAC is Rarely Used in
Private Organizations
• Use Cases for MAC in
Government
Characteristics of Mandatory Access Control (MAC):
• MAC is a system-enforced access control model where access decisions are
not at the discretion of individual users.
• The system determines access based on predefined policies that relate to the
classification of objects and the clearance of subjects.
• This model is designed to protect confidentiality and enforce strict control over
sensitive information.
Classification of Objects:
• Every object (file, database, document, etc.) in a MAC environment is assigned a
classification label that defines its sensitivity.
on
• Examples of classifications: Public, Confidential, Secret, Top Secret.
•
ti
The classification of objects dictates who can access them, based on the
u
b
clearance level of the users requesting access.
Clearance Levels of Users:
tr i
•
D is
Every user is assigned a security clearance level, which is aligned with the

for
classification system.
•
t
Example: A user with “Confidential” clearance can only access assets labeled at
or below the “Confidential” level.
No
Decision-Making by the System:
h a,
Na
• The system automatically enforces access decisions, ensuring that only users
with the appropriate clearance can access classified information.
•
eet
Example: If a user with “Public” clearance attempts to access an object
j
ha
classified as “Secret,” the system denies access.

b
Why MAC is Rarely Used in Private Organizations:
•
l Su
MAC is administratively complex and difficult to implement in organizations

Co
where employees do not have clearly defined clearance levels and assets are not

By •
routinely classified.
In most private sector organizations, access control is more flexible, and less

I SSP rigid models like DAC or RBAC are preferred.

Use Cases for MAC in Government:
r C
o
• MAC is typically used in government settings, particularly in military or

s f intelligence operations, where protecting the confidentiality of information is

ote •
critical.
Example: A military organization might use MAC to ensure that only individuals

ell N with “Top Secret” clearance can access highly classified intelligence.

orn
C

• Mandatory Access Control (MAC) is a system-enforced access model that focuses on protecting
confidentiality.
• Access decisions are based on the classification of objects and the clearance level of users.
• MAC is rare in the private sector due to its complexity and is typically used in government and
military environments where the protection of sensitive information is paramount.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Non-discretionary Access Control
• Definition of Non-
discretionary Access
Control
• Differences from
Discretionary Access
Control (DAC)
• Why Non-discretionary
Access Control Should Be
Avoided
Definition of Non-discretionary Access Control:
• In Non-discretionary Access Control, someone other than the asset
owner determines who gets access to the resource.
• This form of access control contrasts with DAC, where the asset owner
has control over access.
Differences from Discretionary Access Control (DAC):
• In DAC, the owner of the asset decides who can access or modify the
resource. However, in Non-discretionary Access Control, another party,

on
often from IT or a similar department, grants access on behalf of the
• Examples of Non-
discretionary Access
owner.
ti
u the
The key difference is that Non-discretionary Access Controlitakes
r b
it tin the hands
Control in Practice •
decision-making power away from the owner and placesis
of someone else, like a system administrator.
f o rD
Why Non-discretionary Access Control Should Be
o t Avoided:
N
•
practice, because it removes theh a, considered
Non-discretionary Access Control is not a security best

Na
accountability of access control from
the asset owner.
t
e access being granted, as decisions about
•
who should accessaan jeasset
It can lead to unnecessary

bh or sensitivity.
may be made without full knowledge of the

Su
asset's importance

o
Examples of l
Non-discretionary Access Control in Practice:
C
y Department-Assigned Access: In many organizations, when new
•
B IT

SP to various systems, often without direct input from the asset owners.
employees are hired, IT departments create accounts and assign access

CI S This can lead to over-permissioning, where users have access to more

for resources than needed.

tes • Delegated Responsibility: In some cases, the asset owner may

o
ll N
delegate access control responsibility to IT staff but may not follow up
on who should or shouldn't have access, leaving IT to make these

rn e decisions without context.

C o • No Clear Owner Identified: In systems where no clear owner of the

asset exists, IT or administrative departments may handle access
control by default, leading to Non-discretionary Access Control
practices.

• Non-discretionary Access Control involves access decisions being made by someone

other than the asset owner, typically an IT or administrative department.
• While it exists in many organizations, it’s not considered a security best practice, as it
can lead to over-permissioning and lack of accountability.
• The asset owner should always retain control over access decisions to ensure security
and proper resource management.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Access Policy Enforcement
• Definition of Policy
Enforcement Point (PEP)
• Definition of Policy Decision
Point (PDP)
• How PEP and PDP Work
Together
• Importance of Access Policy
Enforcement in Applications
y C
P B
I SS
r C
Definition of Policy Enforcement Point (PEP):
• A Policy Enforcement Point (PEP) is a component of an
application that acts as a gatekeeper.
• It receives authorization requests for access to protected
systems or data.
• The PEP sends these requests to the Policy Decision Point
(PDP) for evaluation.
• After receiving the decision from the PDP, the PEP
enforces the decision, either granting or denying access.
• PEPs are strategically placed throughout an application’s
access points to ensure controlled access.
Definition of Policy Decision Point (PDP):
ti on
• A Policy Decision Point (PDP) is responsible for making
i bu
decisions on authorization requests received from the
str
PEP.
D i
for
• It evaluates requests based on pre-defined rules (e.g.,
access control policies, user roles).
t
• No
PDPs are typically centralized within the system, ensuring
application. h a,
consistent application of rules across the entire
How PEP and PDP Work Together: Na
•
e et
The PEP and PDP work in tandem to enforce access
j
ha as the gatekeeper, controlling which
control policies within an application.
• PEPbacts
l Su
requests for access are sent for evaluation.
• o PDP makes the final decision regarding access
based on established rules and policies.
• Once the PDP makes a decision, the PEP
enforces it by allowing or denying access to the
resource.

s fo Importance of Access Policy Enforcement in Applications:

o te • Access
users
Policy
only have
Enforcement is critical for ensuring that
access to the resources they are

ell N authorized to use.

rn
• By having a PEP and PDP structure, organizations can
C o •
ensure centralized and consistent decision-making.
This approach minimizes risks associated with
unauthorized access and ensures that the system is
compliant with security policies and regulations.

• Access policy enforcement involves two critical components: the Policy Enforcement
Point (PEP), which acts as the gatekeeper for access requests, and the Policy Decision
Point (PDP), which evaluates and makes decisions on those requests based on pre-
defined rules.
• Together, they ensure that only authorized users are granted access to resources,
enhancing security and compliance in applications.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Importance of Vendor
Identity and Access
Provisioning
• Third-Party Vendor
Relationships and
Associated Risks
• Security Review for Vendor
Access
• Comparison to Employee
Access Provisioning
Vendor Access
Importance of Vendor Identity and Access Provisioning:
• Vendor identity and access provisioning must be handled with
equal or greater care than employee provisioning.
• Vendors often have access to critical systems and data, such as IT
services, finance, marketing, or supply chain systems.
Third-Party Vendor Relationships and Associated Risks:
• Third-party vendor relationships can introduce significant risks to
an organization, including potential breaches or unauthorized
access.
ti on
• As vendors may have access to sensitive information, strict
i buaccess
s tr
control measures must be applied to ensure proper security.
i
Security Review for Vendor Access:
fo rD
• Vendor access provisioning should includeo t a security review
process, which might entail:
, N
a
hvendor's own security practices.
•
a
A deeper review of the
•
et N of the vendor’s facilities, systems,
An onsite inspection

aje of the vendor's relationships with other

and procedures.
• h
Assessment
b to ensure no additional security risks are
u
entities
S
ol introduced.
C to Employee Access Provisioning:
By
Comparison
P•
S Vendor access provisioning often requires more thorough scrutiny

CIS
than employee provisioning, as the scope of access and potential

or
impact on the organization can be far greater.

s f
o te • Vendor provisioning must also include regular reviews and timely
revocation when access is no longer required.

ell N
orn
C

• Vendor identity and access provisioning should be managed with greater care than
employee access, given the potential risks posed by third-party relationships.
• It involves stringent processes, including security reviews and onsite inspections to
ensure that vendors maintain secure practices and that their access is properly
controlled and monitored.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Identity Life Cycle
Identity Life Cycle Overview:
• Identity Life Cycle Overview • The identity life cycle consists of three main parts:
• Provisioning
• Provisioning
• Review (User Access
Review) • Review
• Revocation • Revocation
• Managing the identity life cycle is crucial for ensuring security and
access control within an organization.
Provisioning:
• Provisioning refers to the process of assigning access when a new
employee is hired or when an employee changes roles.
ti on
• New hires are provisioned with access to necessary
i bu
systems and resources required for their role.
str
•
D i
When an employee changes roles, their access should be

for
updated or modified to match the new role's
requirements. t
• No
Proper role-based access control (RBAC) often guides
a,
provisioning to ensure least privilege is applied.
h
Review (User Access Review):
Na
•
jeet
User access review involves periodically checking that users have

ha
the appropriate access based on their current roles.
• bHigh-privilege accounts should be reviewed more
l Su frequently due to the potential risks they pose.

y Co
• Regular reviews help ensure access is not abused,
unnecessary permissions are removed, and that users
B
SP
maintain the right level of access.

CI S Revocation:

for • Revocation occurs when access is removed from a user, typically

in the case of termination (either voluntary or involuntary).
es
ot
• It is important that revocation happens immediately upon

ll N
termination to prevent any unauthorized access to

rn e systems or data.
Revocation can also occur when an employee changes
C o •
roles and no longer requires access to specific systems.

• The Identity Life Cycle involves provisioning, review, and revocation of user access.
Provisioning ensures new employees or those changing roles have the access they
need.
• Regular user access reviews ensure that permissions remain appropriate, particularly
for high-privilege accounts.
• Finally, revocation guarantees timely removal of access when no longer needed, such
as in cases of termination or role changes, minimizing security risks.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Definition of Identity Life
Cycle
• Stages of the Identity Life
Cycle
• Importance of Review
Process
• Revocation Process
Identity Life Cycle
Definition of Identity Life Cycle:
• The Identity Life Cycle refers to the process of managing user access
from the beginning to the end of their involvement with an organization.
• It consists of three main stages: Provisioning, Review, and Revocation.
Stages of the Identity Life Cycle:
1. Provisioning:
1. Creation of user access when a new employee is hired or
when an existing employee changes roles.
2. Activities during provisioning include background checks,

on
identity proofing, and ensuring the user has the skills and
clearance to access the system.
uti
3. Ensures users have access only to the necessary systems
tr i b
and resources according to their roles, applying the principle
of least privilege.
D is
for
2. Review:
t
No
• A periodic check of the user’s access to ensure they have
appropriate permissions based on their role.
•
h a,
Asset or system owners should review the user's access and

Na
determine if it is still necessary or needs modification.
•
jeet
The timing of access reviews is driven by the value of the
assets or systems involved. For example, high-risk accounts

bha
(e.g., admin or root) should be reviewed more frequently than

Su
standard user accounts.
l
Co
Importance of Review Process:

By
• High-value systems or accounts, such as administrator or root
accounts, pose greater risks and therefore require more frequent

I SSP reviews to ensure access is still necessary.

• Infrequent reviews for lower-value systems may be appropriate but can
r C lead to unauthorized access if users retain permissions they no longer
fo need.
es
ot
Revocation Process: 3. Revocation (Deprovisioning):

ll N
• Revocation is the removal of access, typically during termination (either

rn e voluntary or involuntary) or when an employee changes roles.

C o • It is critical to revoke access promptly upon termination to ensure

unauthorized access does not occur.
• In some cases, when an employee changes roles, it may be necessary to
revoke previous access and re-provision access to prevent over-
privileged access.

• The Identity Life Cycle consists of Provisioning, Review, and Revocation of user
access. Provisioning assigns access when employees are hired or change roles.
• Periodic reviews ensure that access remains appropriate, especially for high-risk
accounts.
• Finally, revocation promptly removes access upon termination or role changes,
reducing the risk of over-privileged users and preventing security breaches.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Access Reviews and Privilege Escalation
• Timing of Access Reviews
• Considerations for Role
Changes
• Privileged Accounts and
Administrative Roles
• Privilege Escalation (e.g., use
of sudo)
Timing of Access Reviews:
• Annual reviews: User access should be reviewed at least annually.
• More frequent reviews: Some accounts, such as admin or superuser
roles, should be reviewed more frequently, potentially as often as
weekly, due to the high-risk nature of these accounts.
Role Changes:
• When a user changes roles, their access should be reviewed
immediately.
• New access should be granted as needed.
• Old access that is no longer relevant should be removed.
• Reviews must always be approved by the owner to ensure access is
ti on
appropriate.
i bu
Terminations:
str
•
D i
In the case of voluntary or involuntary termination, the user’s access

for
should be reviewed, and all access should typically be removed to
prevent unauthorized access.
t
No
High-Risk Accounts:

a,
• Admin and superuser accounts: Because these accounts have
h
broader and more powerful access, their access should be reviewed
Na
more frequently, with some reviews potentially taking place weekly or
monthly.
jeet
ha
Privilege Escalation:
•
b
Best Practice: Administrators should have two accounts:

l
•
Su A standard user account for regular tasks (e.g., checking

Co
emails, browsing).

By • A privileged account for administrative tasks that require

higher levels of access.

I SSP • Privilege Escalation Tools:

r C • On Unix/Linux systems, administrators should use commands

fo like sudo ("superuser do") to execute tasks requiring elevated

es privileges only when necessary.

ot • On Windows systems, the RunAs command serves a similar

ll N
purpose, allowing the administrator to run programs as a

rn e •
different user with higher privileges.
This separation of duties helps reduce the risk of privileged accounts
C o being compromised during routine activities like checking emails or
browsing the web, which are often vulnerable points for attacks.

• Access reviews should be conducted at least annually, but high-risk accounts like
admin accounts may need more frequent reviews (weekly or monthly).
• When a user changes roles or leaves the company, their access should be reviewed
immediately to ensure appropriate privileges.
• Privilege escalation strategies, such as using sudo or RunAs, minimize the risk of
compromising privileged accounts during routine tasks.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Service Account Management
• Definition of Service
Accounts
• Importance of Managing
Service Accounts
• Best Practices for Service
Account Management
Definition of Service Accounts:
• Service accounts are accounts used by services, applications, or
workloads rather than by humans. These accounts facilitate the
operation of automated tasks within an IT infrastructure.
Importance of Managing Service Accounts:
• Even though service accounts are not used by humans, they require
human oversight to ensure they are secure.
• Without proper management, these accounts can become
targets for attacks like privilege escalation and spoofing.

on
• Misconfigured or over-privileged service accounts could be
ti
exploited by attackers to gain unauthorized access or cause
u
other security breaches.
tr i b
Best Practices for Service Account Management:
D is
for
• Limit service accounts to single purposes: Service accounts
should be set up to only perform a specific function. This reduces
t
No
the risk of them being used for malicious purposes.

a,
• Reduce privileges: Grant only the necessary permissions for
h
service accounts to function. This concept is aligned with the
principle of least privilege.
Na
•
eet
For example, if a service account only needs read access to
j
ha
a database, it should not be granted write or delete
b
permissions.
•
l Su
Monitor and audit service accounts regularly: Continuous

y Co
monitoring and auditing of service accounts help detect suspicious
behavior early on.
B
SP
• Ensure logging is enabled for service accounts, capturing

CI S events like access attempts and modifications.

for
es
ot
ell N
orn
C

• Service accounts are not used by humans but require oversight to ensure security.
Best practices include limiting each account to a single purpose, reducing privileges to
the minimum necessary, and regularly monitoring these accounts to prevent security
risks like privilege escalation.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Authentication Systems
Definition of Authentication Systems:
• Definition of Authentication • Authentication systems are tools used to verify an identity or a system
Systems assertion. They play a key role in protecting organizations by ensuring only
• Popular Authentication authorized users or systems can access resources.
Systems • Popular Authentication Systems:
• Overview of OAuth and 1. OpenID Connect (OIDC):
OIDC • Built on top of OAuth 2.0, OIDC is used to verify the identity of an
end user and obtain basic profile information.
• OIDC focuses on user authentication, not just resource access.

on
• Example: When you log in to a new website using your Google
account, OIDC is verifying your identity via Google.
u ti
2. OAuth (Open Authorization):
r i
t andb
resources without needing to share credentials. is
• OAuth 2.0 allows secure, delegated access to applications

It uses access tokens instead of passwords

f o rD
or other sensitive data to
t
•
authorize access.
N o access to your Google Drive
a,credentials, OAuth is in play.
• Example: When an application requests
h
without asking for your Google
aLanguage):
3. SAML (Security Assertion Markup
SAML provides e t N
•
a je single sign-on (SSO) by facilitating authentication
and authorization across different organizations.
Usedb h
•
S u widely in federated identity management to allow users to

ol
access multiple services with one login.

C
4. Kerberos:

By • A ticket-based system used for single sign-on within an

SP
organization. It uses symmetric encryption to verify users' identities.

CI S • Commonly used in Windows environments with Active Directory.

for 5. RADIUS (Remote Authentication Dial-In User Service):

tes • Used for remote access authentication, RADIUS provides

o authentication, authorization, and accounting (AAA) services.

ell N • Example: When users connect to a VPN, RADIUS may be used to

authenticate them.

orn 6. TACACS+ (Terminal Access Controller Access Control System Plus):

C 1. A Cisco-proprietary protocol used for network device
authentication, providing granular control over access to devices.

• Authentication systems help verify identities and ensure that only authorized users
gain access to resources.
• OAuth provides access delegation via tokens, while OIDC adds user authentication.
SAML and Kerberos are popular in single sign-on (SSO) environments, and RADIUS
and TACACS+ are commonly used for network authentication.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

CISSP Cornell Notes
by Col Subhajeet Naha, Retd, CISSP
Domain 6: Security Assessment and Testing
 Design and Validate Assessment, Test, and Audit Strategies
• Purpose of Security
Assessment and Testing
• Complexity of Systems and
Security Testing
• Importance of Continuous
Testing
• Real-World Example:
Systems Complexity
• Example: A modern operating system can contain around
Purpose of Security Assessment and Testing:
• Security assessment and testing focuses on ensuring that security
requirements and controls are defined, tested, and operating
effectively.
• It provides assurance to stakeholders that the necessary security
controls are in place, aligned with goals and objectives, and
functioning properly.
• Applies to both the development of new systems and the ongoing
operations of existing assets, including end-of-life considerations.
Complexity of Systems and Security Testing:
ti on
• Modern systems are increasingly complex, often comprising
i bu
millions of lines of code.
s r
t 50
i
r D for errors,

bugs, exploits, and vulnerabilities. t fo

million lines of code, presenting numerous opportunities
o
•
a, N of errors and security
As systems grow in complexity, the likelihood
gaps also increases.
a h
e t N are essential, not just during
Importance of Continuous Testing:
Ongoing testing andeassessment
aj but also throughout the system’s lifecycle.
•

Continuousu
h
initial development
b helps ensure that systems are meeting
•
S testing
ol requirements and that new updates or modifications do
regulatory
notC
y introduce new vulnerabilities or break existing functionality.
• BEnd-of-life testing is crucial to confirm data migration to new

I SSP systems and ensure the defensible destruction of data in retired

C systems.

for Real-World Example: Systems Complexity:

tes • Consider critical infrastructures such as air traffic control or

o
ll N
avionics systems. These systems run on millions of lines of code,

rn e and though planes can largely fly themselves, fatal errors can still
occur due to vulnerabilities or system failures.
C o • Regular and rigorous testing is necessary to ensure that complex
systems operate reliably and safely, especially when human lives or
critical business operations are at stake.

• Security assessment and testing are vital to ensure that security controls are defined, tested, and
functioning properly.
• Given the complexity of modern systems, continuous testing throughout the lifecycle of an asset is
essential to mitigate vulnerabilities, ensure regulatory compliance, and minimize risks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Validation and Verification
Definition of Validation:
• Definition of Validation
• Validation is the process of ensuring that the right product is being
• Definition of Verification
built, i.e., the product or system meets the needs and expectations of
• Relationship between the end user.
Validation and Verification
• It focuses on high-level goals and asks: Are we building the product
that the customer needs?
• Example: Validating a banking system means confirming that the
system provides the features users need, such as secure transactions,
account management, and regulatory compliance.

ti on
Definition of Verification:
u
• Verification is the process of confirming that the producttroribsystem is
D is and
being built correctly according to the design, standards,
requirements.
t for
• It involves technical checks to ensure the
N osystem functions as
,
expected and that the design is implemented accurately.
• Example: Verifying a banking a ha involves ensuring that the
system
N
encryption mechanisms,ttransaction logic, and data integrity are
functioning properly.ee
j
aValidation
b
Relationship between h and Verification:
u
•
o l Soccurs first, ensuring the correct problem is being solved.
Validation
•
B yC
Verification follows, ensuring that the solution is implemented

SP• Both processes are critical in security and system design, ensuring
correctly.

CI S
for that systems meet user needs and function properly within defined

tes security requirements.

o
ell N
orn
C

• Validation ensures that the right product is being built to meet user needs, while
verification ensures that the product is being built correctly according to design
specifications. Both are essential for delivering a functional and secure system that
meets user and business requirements.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 How Much Testing is Enough?
Proportionality of Testing:
• Proportionality of Testing
• Testing efforts should align with the value the system or application
• Assessment, Testing, and represents to the organization.
Auditing Strategies
• Internal • Critical systems that handle sensitive information require more
Assessment/Testing/Auditing extensive testing.
• External • Example: A financial transaction platform will need more rigorous
Assessment/Testing/Auditing testing than a simple informational website.
• Third-Party Assessment, Testing, and Auditing Strategies:
Assessment/Testing/Auditing
• Testing is done to provide assurance about the security and
functionality of a system.
ti on
•
i bu
Strategies include internal, external, and third-party assessments,
s tr
which can be combined based on the desired level of assurance.
i
Internal Assessment/Testing/Auditing:
fo rD
•
o t
Conducted by employees within the organization.
•
,
Example: A company's in-house team tests N its internal systems for
vulnerabilities.
a ha
tN
External Assessment/Testing/Auditing:
Can mean two things:ee
ajexternal service provider: Internal teams review
•
Auditinghan
•
u b of external services they use, such as cloud
S
the security
lservices (e.g., Microsoft Azure).
o
B y •C Hiring external auditors: A company may bring in an outside
consulting firm to audit their own internal application,

I SSP providing an objective review.

C Third-Party Assessment/Testing/Auditing:
for • Involves three parties: the customer, the vendor, and a third-party
tes auditor.
o
ll N
• Example: A company using Amazon Web Services (AWS) might rely

rn e on an independent auditor to assess the security of AWS, providing

C o assurance to the company that AWS is secure.

• Testing efforts should align with the value of the system to the organization. There are multiple
strategies for conducting assessments and audits, including internal, external, and third-party
options.
• Each method provides varying levels of assurance depending on the complexity and sensitivity of the
system or application being tested.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Assessment/Testing/Auditing Strategies and Implications
Internal Audit:
• Internal Audit
• External Audit • Conducted by employees within the organization.
• Third-Party Audit • Focuses on systems that are under internal control.
• Implications: Provides a cost-effective and efficient means of testing
security controls, but might lack objectivity and could overlook
internal biases or blind spots.
• Example: A company’s internal IT team assesses network
vulnerabilities.
External Audit:
ti on
i bu
• Two scenarios:
tr
Internal employees audit an external serviceis
r Dor Azure).
• provider's
fo
systems (e.g., cloud environments like AWS
The organization hires an external tauditor to review internal
•
N oobjective examination.
,
systems, providing an unbiased,
ainternal
•
a
Implications: More objective than h audits, provides

e tN
validation of internal security by external experts. However, it may be

ajea cybersecurity consulting company to

more costly and time-consuming.
Example: A firmhhiring
ub
•

l S
perform a penetration test on its internal applications.

CoAudit:
Third-Party
y
• BInvolves three parties: the customer, the vendor, and an
P
S independent auditing firm.
I S
C • Common in cloud computing where service providers use third-
for party audits to verify their security and provide assurance to
tes customers.
o
ell N • Implications: Ensures high objectivity and provides trusted

rn
assurance. However, it can be costly and requires trust in the audit

C o firm's credentials.
• Example: Amazon Web Services commissioning an independent firm
to audit its cloud services and using the report to reassure potential
customers about security compliance.

• Each assessment, testing, and auditing strategy—internal, external, or third-party—has its specific
strengths and implications.
• Internal audits offer cost-efficiency but can lack objectivity, while external and third-party audits
provide greater assurance through independent, unbiased reviews, often at a higher cost.
• Combining these strategies can enhance overall security assurance and address various levels of
risk across different systems.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Audit Locations
On-Premise Audit:
• On-Premise Audit
• Cloud Audit • Focuses on evaluating security within the organization’s physical
• Hybrid Audit facilities and data centers.
• Implications: The audit covers all systems and data residing
physically within the organization, providing direct control over the
assets and environments.
• Example: Auditing the security of a company's in-house servers,
network devices, and data storage housed in its own building.
Cloud Audit:
ti on
i
• Evaluates the security of systems, data, and applications hostedbu by a
s tr
cloud provider.
i
D such as
for control over
• Implications: The audit focuses on cloud environments,
public or private cloud services, with limitedt direct
N o of the underlying
infrastructure since the provider manages much
hardware and security.
h a,
Na environments
• Example: Auditing the security and
Services (AWS) or Microsoftt Azure
compliance of Amazon Web

je e used by the

ha
organization.
b
Su on-premise and cloud evaluations, assessing hybrid
Hybrid Audit:
l
Co
• Combines both

B
andy
infrastructures where an organization uses both physical data centers
cloud services.

I SSP• Implications: Requires comprehensive auditing across multiple

C
or
environments, ensuring that data security policies are consistent

s f across both on-premise and cloud.

o te • Example: Auditing an organization that runs applications on its in-

ll N
house data center but also utilizes cloud storage for backups and

rn e scalability.

C o

• Audits can be conducted in three major locations—on-premise, in the cloud, or a hybrid combination
of both.
• On-premise audits focus on physical infrastructure within an organization, while cloud audits assess
security managed by cloud providers.
• Hybrid audits evaluate both environments, requiring coordination to ensure consistent security
across all infrastructures.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Role of a Security Professional
Identify Risk:
• Identify Risk
• The primary role of a security professional is to identify risks that
• Advise on Testing Processes
could affect the security posture of the organization.
• Provide Support to
Stakeholders • Example: Identifying potential vulnerabilities in a new application or
• Role of Security Team in architecture that could lead to data breaches.
Testing
Advise on Testing Processes:
• Security professionals must advise and guide testing processes to
ensure that risks are being properly evaluated and mitigated.
• Example: Recommending specific security assessments like
ti on
penetration testing to check the resilience of an application.
i bu
str
Provide Support to Stakeholders:
D i
for
• Security professionals offer advice and support to various
t
No
stakeholders, ensuring that all parties understand the security

a,
implications and actions necessary to address vulnerabilities.
h
Na
• Example: Explaining to development teams the importance of secure

et
coding practices and helping them integrate it into the development
lifecycle.
je
b hain Testing:
Role of Security Team
u role is to advise, provide assurance, monitor,
Steam’s
l
• The security

y Coin collaboration
and evaluate security testing. They do not perform the testing alone
B
but work with others in the organization.

I SSP• Example: The security team monitors security tests carried out by
C external consultants or internal IT staff and ensures the results are

for aligned with security goals.

tes
o
ell N
orn
C

• The security professional's role revolves around identifying risks, advising on testing processes, and
supporting stakeholders to ensure that security measures are effective.
• While they don't carry out tests independently, they ensure that the testing process is thorough and
addresses relevant security concerns.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Conduct Security Control Testing
• Security Control Testing
Overview
• Types of Software Testing
• Unit Testing
• Interface Testing
• Integration Testing
• System Testing
Security Control Testing Overview:
• Security control testing is an essential part of the software development
lifecycle (SDLC).
• It involves testing the effectiveness and accuracy of security controls
implemented in systems and applications.
• Testing follows the stages of system or software development, ensuring that
security is incorporated at every level.
Types of Software Testing:
• Software testing includes different layers that build upon one another to
ensure security and functionality.

on
• Each type focuses on specific parts of the application or system to ensure
security controls are working as intended.
uti
Unit Testing:
tr i b
is
• Definition: Testing of individual components or modules of the application in
isolation.
D
for
• Purpose: To ensure that each part of the system works independently without
t
No
errors.

a,
• Example: Testing a login function to ensure password input and validation
work correctly.
h
Interface Testing:
Na
jeet
• Definition: Testing the interaction between different modules or systems.

ha
• Purpose: To verify that modules can communicate with each other correctly.
b
• Example: Ensuring that the front-end of a web application properly
Su
communicates with the back-end database when retrieving or sending user
l
Co
data.

By Integration Testing:
• Definition: Testing where modules that work together are combined and tested

I SSP as a group.

r C • Purpose: To identify issues in the interaction between integrated

fo components.

es • Example: Checking that after login, the user is directed to the appropriate

ot
dashboard with correct access rights.

ll N
System Testing:

rn e • Definition: End-to-end testing of the entire application or system in a realistic

C o environment.
• Purpose: To ensure that the entire system, including all subsystems,
functions as expected.
• Example: Testing an online banking system from user authentication to
transaction completion.

• Security control testing aligns with the application development phases and includes several types
of testing.
• Each testing type—unit, interface, integration, and system—focuses on specific aspects of the
application to ensure security controls are effectively implemented and function as required.
• Testing should be thorough and cover every component from the smallest unit to the entire system in
its operational environment.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Examples of Testing Performed
Planning Phase:
• Planning Phase • Purpose: Capture and validate system requirements before any design begins.
• Design Phase • Testing Focus: Ensuring that requirements are accurately gathered and reflect
• Develop Phase the needs of stakeholders.
• Deploy Phase • Example: Validating security requirements for data encryption and access control
• Operate Phase are accurately captured during system planning.
• Retire Phase Design Phase:
• Purpose: Integrate fundamental security controls like confidentiality, integrity,
and availability into the system design.
• Testing Focus: Confirm that required security controls are designed into the

on
system architecture.

ti
• Example: Testing that encryption protocols and access controls are included in
u
the design of an online payment system.
Develop Phase:
tr i b
D is
• Purpose: Implement and verify all security controls are working as designed

for
during system development.
t
• Testing Focus: Multiple testing approaches, including unit testing, integration

No
testing, system testing, vulnerability assessments.

a,
• Example: During unit testing, the login module is tested independently to ensure
h
Na
that password validation is functioning correctly.

et
Deploy Phase:

je
• Purpose: Ensure the system functions as intended in the production

ha
environment.
b
Su
• Testing Focus: Perform usability, performance, and vulnerability testing before
moving into production.
l
Co
• Example: Performance testing ensures the system can handle expected user load

By without crashing, and log reviews check for errors or vulnerabilities.

Operate Phase:

I SSP • Purpose: Continue monitoring the system to ensure it works as intended, with no
security compromises.
r C
fo • Testing Focus: Ongoing configuration management reviews, vulnerability
management, and log analysis.
es
ot
• Example: Continuously reviewing system logs to detect anomalies or

ll N
unauthorized access attempts.

e
Retire Phase:

orn • Purpose: Securely migrate data from the old system to a new one and ensure

C proper disposal of data.

• Testing Focus: Verify data migration and secure disposal of sensitive data from
legacy systems.
• Example: After migrating to a new CRM system, ensuring that all customer data
from the old system is securely erased.

• Testing is essential throughout the entire system life cycle.

• Each phase, from planning to retirement, requires targeted testing to ensure that security controls
are appropriately designed, implemented, and functioning as required.
• Different testing methodologies are employed at each phase to ensure system integrity,
performance, and security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Software Testing Overview
Unit Testing:
• Unit Testing
• Interface Testing • Purpose: Examines and tests individual components (units) of an
application to ensure they work as expected.
• Integration Testing
• System Testing • Focus: Testing the smallest parts of the application, such as
functions, procedures, or classes.
• Example: In a banking application, testing the module that calculates
interest on savings independently from other modules.
Interface Testing:
• Purpose: Verifies that individual components (units) connect and ti on
i bu
communicate properly with each other via standardized interfaces.
• Focus: Testing the points where components interact.ist
r
• Example: Testing how the login page communicates fo r Dwith the user
authentication system to ensure smooth login o t functionality.
Integration Testing:
a ,N
• Purpose: Focuses on testingN ah of components together to ensure
groups
t
they work as a combinedeunit.
je
• Focus: Testing how
integrated. ub
halarger groups of modules or units interact when
o l InSa payroll system, testing the integration between the
y C database, payroll calculations, and tax deduction modules.
• Example:
employee
B
I SSPSystem Testing:
C • Purpose: Tests the entire integrated system to ensure that all
for components work together as expected.

tes
o • Focus: Testing the complete application in its operating environment

ll N
to verify end-to-end functionality.

rn e • Example: Testing an e-commerce application from product selection

C o to payment processing, verifying the entire shopping process works as
a whole.

• Software testing must be comprehensive, starting from testing individual components (unit testing)
to ensuring that all components interact properly (interface and integration testing) and ultimately
verifying that the entire system functions as expected (system testing).
• Each stage ensures the functionality and security of the application are thoroughly evaluated.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Testing Techniques
Code Review:
• Manual Testing
• Definition: The process of reviewing code for vulnerabilities or errors,
• Automated Testing classified into:
• Static Application Security
Testing (SAST) • Black Box: Tester has no knowledge of the internal workings of
the application (zero-knowledge testing).
• Dynamic Application
Security Testing (DAST) • White Box: Tester has full visibility of the source code (full-
• Fuzz Testing knowledge testing).
• Code ReviewTest Types • Example: Conducting a peer review of new code to check for potential
• Equivalence Partitioning bugs or vulnerabilities before deployment.
• Boundary Value Analysis Test Types:
t i on
i buvalid
•
st r
Positive Testing: Testing the system’s response to expected,
inputs.
i
•
fo r Dsuccessfully log in
Example: Checking if valid user credentials
a user.
o t
•
, N
Negative Testing: Testing how the system handles invalid or

hasystem blocks invalid credentials or

unexpected inputs.
Example: Checking ifathe
t N attempts.
•
e
prevents SQL injection
•
perspective. bh
aje the system from a malicious user or attacker’s
Misuse Testing: Testing

Su Attempting to bypass security mechanisms to gain

• lExample:
C o unauthorized access to data.
B y
Equivalence Partitioning:

I SSP• Definition: Testing where input data is divided into partitions or

C groups, and representative values from each group are tested.

for • Example: For a range of inputs (0-100), choosing test cases from each
tes partition, such as 0-50 and 51-100, to verify behavior across partitions.

N o Boundary Value Analysis:

rn ell • Definition: Testing around the upper and lower boundaries of input

C o •
groups or partitions.
Example: Testing the values at the edges of a range, such as 0 and
100, to ensure the system properly handles boundary cases.

• Testing techniques are categorized into manual and automated methods, with further classification
into white-box (SAST) and black-box (DAST) testing.
• Each type of testing, whether it involves positive, negative, or misuse cases, is critical for ensuring
application security.
• Testing strategies such as equivalence partitioning and boundary value analysis help ensure
comprehensive coverage across inputs and edge cases.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Testing Techniques
Code Review:
• Manual Testing
• Definition: The process of reviewing code for vulnerabilities or errors,
• Automated Testing classified into:
• Static Application Security
Testing (SAST) • Black Box: Tester has no knowledge of the internal workings of
the application (zero-knowledge testing).
• Dynamic Application
Security Testing (DAST) • White Box: Tester has full visibility of the source code (full-
• Fuzz Testing knowledge testing).
• Code ReviewTest Types • Example: Conducting a peer review of new code to check for potential
• Equivalence Partitioning bugs or vulnerabilities before deployment.
• Boundary Value Analysis Test Types:
t i on
i buvalid
•
st r
Positive Testing: Testing the system’s response to expected,
inputs.
i
•
fo r Dsuccessfully log in
Example: Checking if valid user credentials
a user.
o t
•
, N
Negative Testing: Testing how the system handles invalid or

hasystem blocks invalid credentials or

unexpected inputs.
Example: Checking ifathe
t N attempts.
•
e
prevents SQL injection
•
perspective. bh
aje the system from a malicious user or attacker’s
Misuse Testing: Testing

Su Attempting to bypass security mechanisms to gain

• lExample:
C o unauthorized access to data.
B y
Equivalence Partitioning:

I SSP• Definition: Testing where input data is divided into partitions or

C groups, and representative values from each group are tested.

for • Example: For a range of inputs (0-100), choosing test cases from each
tes partition, such as 0-50 and 51-100, to verify behavior across partitions.

N o Boundary Value Analysis:

rn ell • Definition: Testing around the upper and lower boundaries of input

C o •
groups or partitions.
Example: Testing the values at the edges of a range, such as 0 and
100, to ensure the system properly handles boundary cases.

• Testing techniques are categorized into manual and automated methods, with further
classification into white-box (SAST) and black-box (DAST) testing. Each type of testing,
whether it involves positive, negative, or misuse cases, is critical for ensuring
application security. Testing strategies such as equivalence partitioning and boundary
value analysis help ensure comprehensive coverage across inputs and edge cases.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Methods/Tools for Testing
Manual Testing:
• Manual TestingAutomated • Definition: Testing performed by a person manually interacting with the
Testing application or system.
• Process: Testers follow specific test cases or procedures, such as
manually entering data into forms, reviewing outputs, and checking for
errors or vulnerabilities.
• Example: A QA engineer manually tests a login form by inputting various
credentials and reviewing how the application handles both valid and
invalid inputs.
• Advantages:
• Allows human intuition and exploration.
ti on
• Can identify visual or usability issues.
i bu
str
• Disadvantages:
D i
for
• Time-consuming and prone to human error.
•
t
Not ideal for repetitive or large-scale testing.
Automated Testing:
No
a,
• Definition: Testing performed by automated tools or scripts designed to
h
Na
simulate interactions with the system without human intervention.

jeet
• Process: Test scripts or batch files are written and executed by

ha
automated testing tools. These scripts can repeatedly run test cases and
check for known issues.
b
Su
• Example: Tools like Selenium can automate web application testing,
l
Co
automatically simulating user interactions such as form submissions or

By page navigation.
• Advantages:

I SSP • Efficient for large-scale, repetitive tasks.

r C • Fast execution and consistent results.

fo • Ideal for regression testing to ensure new changes don’t break
es
ot
existing functionality.

ll N
• Disadvantages:

rn e • Requires initial setup of test scripts and ongoing maintenance.

C o • Cannot identify certain user-experience issues or nuanced

problems.

• Manual testing relies on human intuition and is useful for exploratory or visual testing but is time -
consuming and prone to error.
• Automated testing is more efficient for repetitive tasks and regression testing but may miss user
experience issues.
• A balanced approach using both methods is ideal for thorough and effective software testing.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Key Differences between SAST, DAST, and Fuzz Testing
Static Application Security Testing (SAST):
• Static Application Security • Definition: SAST examines an application’s underlying source code without the
Testing (SAST) application being executed.
• Dynamic Application • White Box Testing: Since the source code is visible during SAST, it’s considered
white box testing.
Security Testing (DAST)
• Fuzz Testing • Purpose: Identify vulnerabilities in the code, such as logic flaws, insecure
coding practices, or potential injection points, before the application is run.
• Example: Reviewing source code for SQL injection vulnerabilities.
• Advantages: Finds security issues early in the development phase, and can be
integrated into CI/CD pipelines.
• Disadvantages: Does not capture runtime issues and may produce false
positives.
ti on
i bu
r
Dynamic Application Security Testing (DAST):
• Definition: DAST examines an application while it is running tos
i t how the
test
application behaves and responds to various inputs.
D
rbecause
•
t
Black Box Testing: DAST is considered black box testing fo the underlying

N o exceptions, insecure data

code is not visible, and testing focuses on the application’s interaction.

a,environment.
• Purpose: Identify runtime issues, such as unhandled
h
transmission, and behavior flaws in a live
• Example: Testing a web application
t Naitforis live.
SQL injection attacks or cross-site

e behavior of the application, catching issues

scripting (XSS) vulnerabilities while
• e
Advantages: Tests the jreal-world
a code alone.
b h
that may not be visible in the
•
S
Disadvantages:u Limited visibility into where issues reside in the code, and

ol
slower to execute compared to SAST.

y C
Fuzz Testing:
• BDefinition: Fuzz testing sends random or malformed inputs to an application to
S P uncover how it handles unexpected data and stress conditions.
CIS • Dynamic Testing: Fuzz testing is a type of dynamic testing that stresses the

or
application in unusual or illogical ways.

s f • Purpose: Uncover vulnerabilities like crashes, memory leaks, or buffer

o te overflows by throwing chaotic inputs at the system.

N
ell
• Example: Feeding an application randomly generated input strings to see if it
crashes.

orn • Advantages: Effective in discovering edge cases and rare issues that developers
C •
may not anticipate.
Disadvantages: May not identify logical flaws, and lacks precision unless
combined with other testing methods.

• SAST focuses on examining source code for vulnerabilities before the application is run and is best
for early detection of issues.
• DAST tests the application while it is running and catches runtime errors and security flaws that may
only surface during execution.
• Fuzz Testing introduces randomness into inputs to identify how well an application handles
unexpected scenarios, useful for stress testing and finding edge-case bugs.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Black Box vs. White Box Testing
Definition of Black Box Testing:
• Definition of Black Box • Definition: Black box testing refers to testing a system or application without
Testing access to its internal source code or architecture. The tester evaluates the
functionality based on inputs and outputs, without knowing how the system
• Definition of White Box processes the data internally.
Testing • Purpose: Focuses on assessing external behavior and ensuring that the
• Difference between Black application functions as expected without regard to how it works internally.
Box and White Box Testing • Example: A security tester performs black box testing by entering various inputs
into a login form, checking if the application is vulnerable to attacks like SQL
• Use Cases for Black Box and injection or cross-site scripting (XSS) without knowing the actual code.
White Box Testing
• Advantage: Mimics the perspective of an external attacker or end-user, making
it ideal for real-world functional and security testing.
•
ti on
Disadvantage: Lacks visibility into the system’s inner workings, which may limit
the ability to identify internal vulnerabilities.
i b u
Definition of White Box Testing:
s r
t with full
i
rD
• Definition: White box testing refers to testing a system or application
complete knowledge of how the system works.
t f o
access to its internal source code, architecture, and logic. The tester has

Purpose: Focuses on ensuring that the internal o

•
,
structure are secure and functioning properly. N logic, algorithms, and code

a
hbox testing by reviewing the source code
• Example: A developer performs white
a
t N into the internal workings of the system,
for potential vulnerabilities, such as buffer overflows or improper error handling.
Advantage: Provides deepe
•
a je identification and debugging.
insight
enabling thorough vulnerability
Disadvantage: b h
•
S
which would be uMay miss issues that only surface in real-world conditions,
more apparent during black box testing.

C ol Black Box and White Box Testing:

Difference between
•
B y
Perspective: Black box testing views the system externally (with no knowledge
P (with full knowledge of its code and structure).
of its internal workings), while white box testing examines the system internally
S
CIS • Testing Focus: Black box testing evaluates functionality and behavior, whereas

or
white box testing assesses code integrity, logic, and security from within the

s f system.

o te Use Cases for Black Box and White Box Testing:

N
ell
• Black Box Testing: Used by testers simulating real-world attacks or functional
users to identify external vulnerabilities and behavior flaws (e.g., penetration

rn
testing, user acceptance testing).

C o • White Box Testing: Used by developers and internal security teams to verify the
security and correctness of code, logic, and architecture (e.g., code reviews,
static analysis).

• Black Box Testing evaluates a system’s external behavior without knowledge of the underlying code,
ideal for simulating real-world conditions and attacks.
• White Box Testing allows detailed scrutiny of the system’s internal structure and code, ensuring
internal security and functionality.
• Both approaches provide complementary insights and should be used together for comprehensive
testing.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Positive Testing
• Definition of Negative
Testing
• Definition of Misuse Testing
• Differences between
Positive, Negative, and
Misuse Testing
Types of Testing
Definition of Positive Testing:
• Definition: Positive testing checks if the system behaves as expected
under normal conditions, ensuring the system works correctly for valid
input.
• Purpose: To verify that the system functions as designed when the
correct data and inputs are provided.
• Example: A user provides the correct username and password in a login
form, and the system successfully logs them in. The system behaves as
expected.
• Advantage: Confirms that the system’s standard functionality works as

on
intended under normal circumstances.
Definition of Negative Testing:
uti
•
tr i b
Definition: Negative testing focuses on how the system responds when

errors gracefully.
D is
incorrect or unexpected inputs are provided, ensuring that it handles

•
t for
Purpose: To confirm that the system does not crash or behave

No
unpredictably when invalid data is entered.
• Example: A user enters an incorrect username or password, and the
a,
system responds with an error message like "Invalid username or
h
Na
password" instead of crashing.

et
• Advantage: Ensures that the system can handle unexpected or invalid
je
inputs without failing.

ha
Definition of Misuse Testing:
b
Su
• Definition: Misuse testing evaluates how the system behaves when
l
subjected to malicious or abnormal usage, simulating the actions of a

y Co
potential attacker.

B • Purpose: To test the system's resilience against intentional misuse or

SP
exploitation.

CI S • Example: An attacker attempts to inject SQL code into a login form to

bypass authentication. Misuse testing ensures the system prevents such
for malicious activity.

es • Advantage: Identifies vulnerabilities that could be exploited by

ot attackers, ensuring the system is secure against abuse.

ell N Differences between Positive, Negative, and Misuse Testing:

rn
• Positive Testing: Focuses on verifying normal functionality with valid

C o •
inputs.
Negative Testing: Checks how the system responds to incorrect or
unexpected inputs.
• Misuse Testing: Simulates attacks or malicious actions to test the
system’s security and resilience.

• Positive Testing ensures the system functions correctly under normal conditions.
• Negative Testing verifies the system can handle errors and invalid inputs without failure.
• Misuse Testing assesses how well the system withstands malicious attempts to exploit or abuse it.
Each type of testing is essential for ensuring both the functionality and security of a system.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Equivalence Partitioning and Boundary Value Analysis
Definition of Equivalence Partitioning:
• Definition of Equivalence
• Definition: Equivalence partitioning is a testing technique where
Partitioning inputs are divided into partitions or groups, with each group expected
• Definition of Boundary Value to exhibit the same behavior.
Analysis
• Differences between • Purpose: To reduce the number of test cases by identifying groups of
inputs that behave similarly.
Equivalence Partitioning and
Boundary Value Analysis • Example: In a password input field, where passwords must be
between 8 and 16 characters, three partitions can be identified:
• Partition I: 0-7 characters (all should be rejected)
• Partition II: 8-16 characters (all should be accepted)
t i on
Partition III: 17+ characters (all should be rejected)b
i u
•
s t r Testing
i
can then be focused on each partition to verify expected
behavior.
fo rD
Definition of Boundary Value Analysis:
o t on testing the
• N
Definition: Boundary value analysis focuses
boundaries or edges of input ranges,where behavior changes are
h a
expected. a
•
e t Nat boundary
Purpose: To test the boundaries between different partitions since
bugs are more likelyjto
a e occur conditions.
• Example: For b hsame password input field example, testing should
the
S u
focus on boundary values such as:
l
• o 7 characters (rejected)
y C
B • 8 characters (accepted)

I SSP • 16 characters (accepted)

C
or
• 17 characters (rejected) This focuses testing on values just

s f inside and outside of the boundaries.

o te Differences between Equivalence Partitioning and Boundary Value

ll N
Analysis:

rn e • Equivalence Partitioning: Focuses on dividing inputs into partitions

C o that exhibit the same behavior, testing within each partition.

• Boundary Value Analysis: Focuses on testing at the boundaries
between partitions where behavior changes.

• Equivalence Partitioning groups inputs into partitions with similar behavior, reducing the number of
test cases needed to validate the system.
• Boundary Value Analysis focuses on testing at the extreme edges or boundaries of input ranges
where bugs are more likely to occur.
• Both techniques improve testing efficiency by targeting key areas for testing while reducing
redundant test cases.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Test Coverage Analysis
Definition of Test Coverage Analysis:
• Definition of Test Coverage
Analysis • Definition: Test coverage analysis is the process of measuring the
extent to which the source code of an application has been covered by
• Purpose of Test Coverage
testing. It provides a metric that shows the proportion of the codebase
Analysis that has been tested.
• Example of Test Coverage
Calculation Purpose of Test Coverage Analysis:
• Purpose: The goal of test coverage is to assess how thoroughly the
code has been tested, identify untested areas, and ensure that critical
sections of code have been tested.
ti on
i bu
• High test coverage increases confidence that the software has been
sufficiently tested for defects or bugs.
str
Example of Test Coverage Calculation:
D i
t for
• Formula: Test coverage is calculated using the formula:
No
(Amount of code covered / Total amount of code in the application)
= Test coverage percent.
h a,
Na
• Example: If an application contains 100 lines of code, and 50 lines of

je et
that code have been tested, then the test coverage would be:

ha of code = 100
• Amount of code covered = 50
Total b
Sucoverage = 50/100 = 50%
• amount
lTest
Co
•

By
I SSP
r C
fo
es
ot
ell N
orn
C

• Test Coverage Analysis measures how much of an application's code has been tested.It is
calculated by dividing the amount of code tested by the total code in the application, expressed as a
percentage.
• Higher test coverage generally suggests more comprehensive testing, though achieving 100%
coverage doesn’t necessarily guarantee the software is bug-free.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Vulnerability Assessment and Penetration Testing
• Difference between
Vulnerability Testing and
Penetration Testing
• Stages of Testing
• Testing PerspectivesTesting
Approaches
• Testing Knowledge Types
Difference between Vulnerability Testing and Penetration Testing:
• Vulnerability Testing: Usually automated, vulnerability testing is a faster
process, often completed within minutes to a few days. It focuses on
identifying known weaknesses and vulnerabilities in systems.
• Penetration Testing: More manual and takes longer, often several days or
weeks, depending on complexity. Penetration testing attempts to exploit
vulnerabilities to see how deep an attacker can go within a system.
Stages of Testing:
1. Reconnaissance: Gathering initial information about the target (network,
systems, etc.) from publicly available resources or through scanning tools.
2. Enumeration: Digging deeper into the details of the target to identify
resources, services, and vulnerabilities. ti on
i bu
3.
r
Vulnerability Analysis: Identifying potential weaknesses in the system that
st
could be exploited.
D i
for
4. Exploitation: Actively attempting to exploit identified vulnerabilities to test
how far a breach could go.
t
No
5. Reporting: Documenting all findings, vulnerabilities, and potential exploits,

a,
along with mitigation recommendations.
h
Na
Testing Perspectives:

et
• Internal Testing: Testing from inside the corporate network, simulating an
e
attack by an insider or a compromised internal system.
j
•
bha
External Testing: Testing from outside the corporate network, simulating an

Su
attack by an outsider.

l
Testing Approaches:

y
•
Co
Blind Testing: The tester has little to no prior knowledge about the target,
B simulating a real-world attack by an outsider with limited information.

I SSP • Double-Blind Testing: Neither the tester nor the internal security team knows
the test is happening, simulating a more realistic attack scenario to gauge

r C incident response effectiveness.

fo Testing Knowledge Types:
es
ot
1. Zero Knowledge (Black Box): The tester knows nothing about the target,
similar to the blind approach.

ell N 2. Partial Knowledge (Gray Box): The tester has some knowledge of the target

orn (e.g., IP addresses, software versions), allowing for a more focused attack.

C 3. Full Knowledge (White Box): The tester has complete knowledge of the
target, including its architecture, source code, and network configurations,
making it a thorough examination.

• Vulnerability Testing is usually automated and quicker, identifying known vulnerabilities, while
Penetration Testing is more manual and deeper, simulating actual attacks.
• Testing follows stages of reconnaissance, enumeration, vulnerability analysis, exploitation, and
reporting.
• Perspectives include internal (inside the corporate network) and external (from outside).
• Testing approaches range from blind to double-blind, with varying levels of prior knowledge: black
box, gray box, and white box.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Vulnerability Assessment and Penetration Testing
• Purpose of Vulnerability
Assessment
• Vulnerability Assessment
vs. Penetration Testing
• Threat Modeling Methods
• Vulnerability Assessment
Tools
• Steps in Vulnerability
Assessment and
Penetration Testing
Purpose of Vulnerability Assessment:
• Vulnerability assessments aim to identify weaknesses in a system, which
are known as vulnerabilities. The goal is to find these potential
weaknesses before they can be exploited by malicious actors.
• It is a critical part of risk analysis, ensuring organizations are aware of
risks and potential entry points for attacks.
Vulnerability Assessment vs. Penetration Testing:
• Vulnerability Assessment: Focuses on identifying vulnerabilities in a
system. Once vulnerabilities are noted, the process stops, and a report is
generated. It is typically more automated and can be completed relatively
on
quickly.
uti
• Penetration Testing: Goes beyond identification. After finding
tr i b
vulnerabilities, it attempts to exploit them to determine the potential
is
impact of an actual attack. Pen testing involves more manual effort and
D
for
can take several days, depending on complexity.
•
t
Key Difference: Pen testing includes exploitation of vulnerabilities, while
vulnerability assessment does not.
No
Threat Modeling Methods:
h a,
•
Na
STRIDE: Stands for Spoofing, Tampering, Repudiation, Information

je et
Disclosure, Denial of Service, and Elevation of Privilege. It’s a
framework used to identify and categorize threats.
• PASTA: Stands for h a for Attack Simulation and Threat Analysis.
b Process

Su
It’s a methodology
assess thel risk.
that simulates attacks to identify vulnerabilities and

y Co Assessment Tools:
Vulnerability

P B
• Automated tools like Nessus, Qualys, InsightVM are used for vulnerability

I SS scanning.

C • These tools can quickly identify vulnerabilities in a system without human

for intervention, making them efficient for large-scale assessments.

tes Steps in Vulnerability Assessment and Penetration Testing:

o
ll N
1. Reconnaissance: Gathering information about the target system.

rn e 2. Enumeration: Identifying system resources and potential vulnerabilities.

C o 3.
4.
Vulnerability Analysis: Analyzing vulnerabilities in the system.
Exploitation (Pen Testing only): Attempting to exploit the identified
vulnerabilities.
5. Reporting: Documenting the findings, including vulnerabilities and any
successful exploits.

• Vulnerability assessments identify system weaknesses but do not attempt to exploit them.
• Penetration tests go further by actively trying to breach the system using identified vulnerabilities.
• Both are essential in a comprehensive security strategy, but they differ in depth, with pen testing
being more hands-on and in-depth.
• Tools like Nessus and Qualys can assist with automated vulnerability assessments, while pen
testing relies more on the expertise of the tester.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Vulnerability Assessment and Penetration Testing Process
Reconnaissance:
• Reconnaissance
• Passive phase of gathering publicly available data about a target. Techniques
• Enumeration include DNS queries, WHOIS lookups, checking social media, and other open
• Vulnerability Analysis sources of information.
• Execution/Exploitation/Doc
• Example: A tester browses LinkedIn profiles of company employees to find
ument information about company systems and software tools. The target is unaware of
• Findings/Reporting this activity as there is no direct interaction.
Enumeration:

• Active phase where the tester interacts with the target network to identify IP

on
addresses, open ports, hostnames, and active user accounts.

uti
•

tr i b
Example: Running port scans to identify services like a web server on port 80 or a
database server on port 3306. Enumeration narrows down the types of systems
and potential vulnerabilities.
D is
Vulnerability Analysis:
fo r
t
o in the system. Vulnerability
• Focuses on identifying and analyzing the vulnerabilities
testing ends here with no attempts to exploit. N

h ato, the next phase of exploitation, while

Na vulnerabilities.
• Key Difference: Penetration testing moves
vulnerability testing stops after identifying
t
e to scan for known vulnerabilities in software
je
• Example: Using tools like Nessus
versions.
b ha
S u
Execution/Exploitation:
l
y Coif they
• Penetration
determine
testing specific phase where identified vulnerabilities are exploited to
can be breached.
B
P• Example:
S Attempting to exploit a vulnerability in an outdated web server to gain

CIS
unauthorized access.

for Document Findings/Reporting:

tes • Compilation of all results, including detailed records of techniques used,

o vulnerabilities found, tools used, and suggested mitigation strategies.

ell N • Key considerations include prioritizing critical vulnerabilities and eliminating false

orn positives for clear and concise reporting.

C • Example: A report detailing the vulnerabilities found in a web application, such as

SQL injection vulnerabilities, and the steps needed to mitigate them.

• The vulnerability assessment process identifies potential weaknesses in a system but does not
involve exploitation.
• Penetration testing goes further by attempting to exploit the vulnerabilities. The key step that
differentiates the two is the execution/exploitation phase.
• The final step, documenting findings, is crucial for providing actionable insights to improve system
security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Red Teams, Blue Teams, and Purple Teams
Red Teams:
• Red Teams
• Blue Teams • Simulate real-world threats by acting as attackers. Their main goal is to
• Purple Teams identify vulnerabilities in an organization’s systems, policies, and
procedures.
• They conduct penetration tests, social engineering attacks, and other
offensive tactics to test an organization’s defenses.
• Example: A red team may simulate a phishing attack to assess whether
employees would click on malicious links or provide credentials.
Blue Teams:
ti on
i b
• Responsible for defending the organization’s systems and respondingu
r
to incidents. They manage security operations, monitor fortthreats, and
implement defensive measures. D is
r
fomitigating
t
• Blue teams focus on identifying, preventing, and
ensuring the organization's security postureois strong.
attacks and
N
, (Security
h
• Example: A blue team might use a SIEM a Information and Event
Management) system to monitorafor anomalies and respond to
suspicious activity.
e tN
Purple Teams:
h aje
ubboth red and blue teams to foster communication and
• CollaborateSwith
learning. l goal is to bridge the gap between attack (red) and
o(blue)
Their
y C
defense to improve overall security.
B
P• They
S ensure that lessons learned from red team exercises are

CIS
effectively integrated into blue team defenses.

for • Example: A purple team would facilitate debriefs where red teams

tes share their findings, and blue teams adjust their security strategies
o accordingly.

ell N
orn
C

• Red teams simulate attackers, blue teams are the defenders, and purple teams foster collaboration
between both to enhance security.
• Purple teams aim to ensure that red team findings lead to actionable improvements by the blue
team, creating a continuous feedback loop to strengthen defenses.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Testing Techniques - Perspective, Approach, and Knowledge

Perspective in Testing (Internal vs. External):

• Perspective in Testing
(Internal vs. External)
• Approach in Testing (Blind vs.
Double-Blind)
• Knowledge in Testing (Zero,
Partial, Full)
• Internal Testing:
• The test is performed from inside the corporate network.
• Focuses on identifying what internal threats or insider attackers (e.g.,
disgruntled employees or compromised internal accounts) can access.
• Example: Simulating an insider threat attack to determine which
sensitive data a malicious insider could exploit.
• External Testing:
• The test is conducted from outside the corporate network (e.g., from
the internet).
• Aims to understand how external threats can penetrate the network

on
through defenses.
•
ti
Example: Testing a web server’s exposure to external hackers trying to
u
gain unauthorized access.
tr i b
s
Approach in Testing (Blind vs. Double-Blind):
• Blind Testing:
D i
for
• The tester has little to no information about the target.
t
No
• The target company’s IT/security team knows about the test and can
prepare.
•
h a,
Example: A penetration test is conducted with minimal information

Na
about the company, requiring reconnaissance by the tester.
• Double-Blind Testing:
•
eet
Neither the tester nor the target’s IT/security team is aware of the test’s
j
ha
specifics.
•
b
Tests both the external threat response of the company and the

Su
incident response capabilities of the internal teams.
l
Co
• Example: An unannounced test is conducted where only senior
management knows, testing real-world incident detection and

By response.

SP
Knowledge in Testing (Zero, Partial, Full):

CI S • Zero Knowledge (Black Box):

• The tester has no prior knowledge of the system or network.

for • Similar to blind testing, it simulates an external hacker with no inside

es information.

ot • Example: A hacker outside the network attempting to break in without

ll N
any network details.

rn e • Partial Knowledge (Gray Box):

• The tester has some information, such as network topology, but not full

C o access.
• Balances internal and external knowledge to uncover vulnerabilities.
• Example: The tester knows certain IP ranges or firewall settings but
must discover specific weaknesses.
• Full Knowledge (White Box):
• The tester has full access to system details (e.g., IP addresses, network
diagrams, and security policies).
• Testing techniques can be performed
• from internal
Focuses on in-depth ortesting
external perspectives,
with maximum using
information blindideal
available,
for simulating insider threats or comprehensive system audits.
or double-blind approaches, and with varying levels of knowledge (zero, partial, or full).
• Example: Testing for vulnerabilities with access to system architecture,
Each method provides unique insights into anhow
simulating organization’s
a knowledgeablesecurity posture,
insider would helping
exploit the system.to
identify vulnerabilities from different angles.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Testing Techniques - Perspective, Approach, and Knowledge

Knowledge in Testing (Zero, Partial, Full):

• Perspective in Testing
(Internal vs. External)
• Approach in Testing (Blind vs.
Double-Blind)
• Knowledge in Testing (Zero,
Partial, Full)
• Zero Knowledge (Black Box):
• The tester has no prior knowledge of the system or network.
• Similar to blind testing, it simulates an external hacker with no inside
information.
• Example: A hacker outside the network attempting to break in without
any network details.
• Partial Knowledge (Gray Box):
• The tester has some information, such as network topology, but not full

on
access.
•
ti
Balances internal and external knowledge to uncover vulnerabilities.
ubut
•
r i
Example: The tester knows certain IP ranges or firewall settings
t b
must discover specific weaknesses.
is
• Full Knowledge (White Box):
o r IPDaddresses, network
The tester has full access to system details f(e.g.,
•
diagrams, and security policies). o t
N information available, ideal
Focuses on in-depth testing with,maximum
•
a
h with access to system architecture,
for simulating insider threats or comprehensive system audits.
a
•
simulating how a e tN
Example: Testing for vulnerabilities

j e knowledgeable insider would exploit the system.

b ha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Testing techniques can be performed from internal or external perspectives, using blind
or double-blind approaches, and with varying levels of knowledge (zero, partial, or full).
Each method provides unique insights into an organization’s security posture, helping to
identify vulnerabilities from different angles.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Vulnerability Management
Definition of Vulnerability Management:
• Definition of Vulnerability • Vulnerability management is a cyclical and continuous process that focuses on
identifying, classifying, prioritizing, and mitigating vulnerabilities in an organization's
Management assets.
• Key Steps in Vulnerability • It plays a critical role in risk management by ensuring that vulnerabilities are
Management systematically managed to reduce security risks.
• Importance of an Accurate Key Steps in Vulnerability Management:
Asset Inventory 1. Asset Identification:
• Remediation and Ongoing 1. Start with a complete and up-to-date inventory of all assets within the
organization.
Process
2. Example: Servers, applications, databases, network devices, and even
employee endpoints.
2. Asset Classification:
ti on
1. Classify assets by their value and criticality to the organization.
i bu
2.
tr
Example: High-value assets such as financial systems or customer databases
s
should be prioritized for protection.
D i
for
3. Vulnerability Identification:

t
1. Regularly scan for vulnerabilities across all assets.

No
2. Example: Using automated tools like Nessus, Qualys, or InsightVM to find
vulnerabilities such as missing patches, outdated software, or

a,
misconfigurations.

h
Na
4. Vulnerability Remediation:

et
1. Prioritize vulnerabilities based on their risk and impact on the organization.

e
2. Example: A vulnerability on a critical financial system should be patched
j
immediately, while a lower-priority system might be scheduled for patching

ha
later.
3.
b
Remediation can include patching, updating systems, applying configurations,

Su
or even isolating the system.
OngoinglReview:
C1. o Ensure
5.

y
that the asset inventory is continually updated and new vulnerabilities

P B 2. Example:
are identified as part of regular scans.
If new devices or systems are added, they should be incorporated into

I SS Importance of an Accurate Asset Inventory:

the vulnerability management process.

C
for • Without a precise asset inventory, vulnerability management becomes ineffective because

tes some systems might be missed.

o • Ensures all assets, especially critical ones, are included in the vulnerability assessment

ll N
and management process.

rn e Remediation and Ongoing Process:

C o • Vulnerability management is not a one-time activity; it requires regular review and

continuous updates.
• Organizations must constantly adapt to new vulnerabilities and threats.
• Change management processes ensure that patches and updates do not disrupt services.

• Vulnerability management is a continuous cycle that includes identifying, classifying, and mitigating
vulnerabilities while ensuring all assets are monitored.
• Effective vulnerability management relies on accurate asset inventory, classification of assets by
value, ongoing vulnerability identification, and remediation through patching and updating.
• Regular review and adaptation to new vulnerabilities are essential for maintaining security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Types of Vulnerability Scans
• Credentialed
(Authenticated) vs. Non-
• Credentialed
(Unauthenticated) Scans
• Role of Automated
Vulnerability Scanners
• Limitations of Vulnerability
Scanners
Vulnerability Scanning
Types of Vulnerability Scans:
• Vulnerability scans can be performed using various tools such as
Nessus, Qualys, OpenVAS, and InsightVM. These tools can scan
networks, systems, or applications to identify potential weaknesses.
Credentialed (Authenticated) vs. Non-Credentialed (Unauthenticated)
Scans:
• Credentialed/Authenticated Scans:
• The scanner is given login credentials (username and
password) to access the target system.
on
• Benefits: Enables deeper scanning, more accurate reporting,
ti
fewer false positives, and checks against system baselines to
u
detect misconfigurations.
tr i b
•
D s
Example: A Nessus scan can log into a server to verify its
i
patch levels, configuration settings, and file integrity.
• Non-Credentialed/Unauthenticated Scans:
t for
•
No
The scanner does not have credentials, scanning from an

a,
external perspective.
h
Na
• Benefits: Identifies basic vulnerabilities as seen from an

et
attacker’s point of view but lacks depth.
•
je
Challenges: Higher likelihood of false positives since the
ha
scanner cannot verify detailed configuration settings.
b
Su
• Example: Scanning from an external IP address to identify
l open ports and potentially exploitable services without

y Co logging into the system.

B Role of Automated Vulnerability Scanners:

I SSP • These tools automate the process of identifying known vulnerabilities

by comparing the system's state with a continuously updated
r C database of known issues.
fo
es • They are essential for ensuring that an organization’s systems are up-
ot to-date with patches and security configurations.

ell N Limitations of Vulnerability Scanners:

rn
• They can only detect known vulnerabilities, so they depend on

C o •
frequently updated databases.
Any new or emerging vulnerabilities that aren’t cataloged in the
scanner’s database will not be detected.

• Automated vulnerability scans can be performed using credentialed or non-credentialed

approaches.
• Credentialed scans offer more accuracy and depth, while non-credentialed scans simulate an
attacker's perspective.
• However, scanners are limited to detecting known vulnerabilities, so keeping their databases
updated is critical to the effectiveness of the scans.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Banner Grabbing and OS Fingerprinting
• Purpose of Banner Grabbing
• Purpose of OS
Fingerprinting
• Techniques of Banner
Grabbing and Fingerprinting
• Importance of Identifying OS
and Software Versions
Purpose of Banner Grabbing:
• Banner grabbing is an active or passive technique used to gather
information about the software and version a system is running.
• Example: A web server may respond with an HTTP header that
reveals it's running Apache version 2.4.7. This information helps in
identifying specific vulnerabilities linked to that version of Apache.
Purpose of OS Fingerprinting:
• OS fingerprinting is a method of identifying the specific operating
system and version based on unique characteristics of the system's
communication.
• Example: By analyzing the structure of network packets (TCP/IP
ti on
bu
stack details), OS fingerprinting can reveal whether the target system
i
is running Windows 10, Ubuntu 18.04, or another OS.
str
Techniques of Banner Grabbing and Fingerprinting: D i
•
t for
Banner Grabbing: Often involves sending requests to network

No
services (e.g., HTTP, FTP) and analyzing the responses for details

a,
about the software and its version.
• h
Active Banner Grabbing: Involves direct interaction with the
Na
target, requesting banners from services like web servers or

jeet
email servers.

ha
• Passive Banner Grabbing: Involves sniffing network traffic
b
without directly interacting with the system, allowing for

l Su
stealthier identification.

y
•
Co
OS Fingerprinting: Uses methods such as packet inspection to
determine the operating system based on how packets are
B
SP
constructed and transmitted.

CI S • Active Fingerprinting: Sending crafted packets and

analyzing the response (e.g., using tools like Nmap).
for • Passive Fingerprinting: Observing packet data without
es
ot
direct interaction with the target system (e.g., analyzing
TCP/IP stack details).

ell N Importance of Identifying OS and Software Versions:

orn • Knowing the exact operating system and version is critical for
C •
identifying vulnerabilities specific to that system.
Example: Windows 7 has different security vulnerabilities compared
to Windows 10, so knowing the OS version helps in targeting the
appropriate patches or exploits.

• Banner grabbing and OS fingerprinting are crucial techniques for identifying a system's software,
operating system, and version, which helps in determining specific vulnerabilities.
• These methods allow for more accurate vulnerability assessments and better-targeted security
measures or, alternatively, provide attackers with valuable information to exploit system
weaknesses.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 CVE and CVSS for Evaluating Vulnerabilities
• Definition of CVE (Common
Vulnerability & Exposures)
• Definition of CVSS (Common
Vulnerability Scoring System)
• How CVE and CVSS Work
Together
• Use of CVE and CVSS in
Vulnerability Reports
•
Definition of CVE (Common Vulnerability & Exposures):
• CVE is a publicly available directory of known security vulnerabilities and
exposures, ensuring that vulnerabilities are recorded uniquely and
shared globally.
• Each CVE entry is assigned a unique identifier (e.g., CVE-2024-0010),
ensuring that the same vulnerability isn't listed under multiple names.
• Example: A vulnerability in Microsoft Windows might be assigned a CVE
identifier, allowing all organizations to refer to the same issue
consistently.
Definition of CVSS (Common Vulnerability Scoring System):
• CVSS is a scoring framework used to determine the severity of a
ti on
vulnerability, assigning it a score between 0 and 10, where higher
numbers indicate higher severity.
i bu
s r
t impact
i
CVSS uses a set of standardized metrics to evaluate the potential

rD
of a vulnerability, such as the ease of exploitation and the potential
damage it can cause.
f o
t codemight
•
N o
Example: A critical vulnerability that allows remote
might be scored as a 9.8, whereas a minor vulnerability
execution
only score
3.2.
How CVE and CVSS Work Together:ah
a,
Nand provides a unique reference for it,
t the
•
ensuring everyone refers
je e
CVE identifies the vulnerability
to same issue.
a
•
u bh efforts
CVSS assigns a severity score to the vulnerability, helping organizations
S
prioritize remediation based on risk.
•
C ol the
Example: When a vulnerability scan identifies a new issue, it will
y
reference CVE (e.g., CVE-2024-0010) and provide the CVSS score
Bvulnerability is and how severe it is.
(e.g., 7.5), giving security teams clear information about what the
P
S Use of CVE and CVSS in Vulnerability Reports:
CI S
for • Vulnerability scanners (e.g., Nessus, Qualys) will typically include CVE
and CVSS data in their reports to help security teams understand the
tes vulnerabilities identified.

N o • CVE provides a standard reference to look up more detailed information

ell
about the vulnerability, while the CVSS score helps to prioritize which

rn
vulnerabilities should be fixed first.

C o • Example: A vulnerability scan report may show multiple CVEs with their
respective CVSS scores, guiding the security team to address the most
critical vulnerabilities first.

• CVE is a standardized system for identifying and cataloging vulnerabilities, ensuring that
everyone refers to the same issues consistently.
• CVSS, on the other hand, provides a score to quantify the severity of each vulnerability.
Together, CVE and CVSS are critical tools in vulnerability

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 False-Positives and False-Negatives in Vulnerability Scanning
• Definition of False-Positives
• Definition of False-Negatives
• Why False-Negatives Are
Worse Than False-Positives
Definition of False-Positives:
• False-positives occur when a system identifies a vulnerability that does
not actually exist.
• While they don't represent actual security risks, they create
unnecessary alerts, leading to administrative overhead and wasted
resources.
• Example: A vulnerability scan might report a vulnerability in an
outdated service, but upon inspection, the service has already been
patched.

ti on
Definition of False-Negatives:
i bu
tr
• False-negatives happen when a system fails to detect a vulnerability,
s
i
rD
indicating that everything is secure when there is, in fact, a security
flaw.
fo
t they prevent security
o
• False-negatives are far more dangerous because
,N
teams from identifying real risks in a system.
a
• Example: A scanner might missaan hunpatched vulnerability in a web
t Nto attacks without the team knowing.
application, leaving it exposed
e
Why False-Negatives Are
h ajeWorse Than False-Positives:
u b create unnecessary work, they do not represent
S
• While false-positives
l risks.
o
actual security

B yC
• False-negatives, on the other hand, create a false sense of security,

SP security breaches.
allowing vulnerabilities to go unaddressed, potentially leading to

CI S
for • Example: A false-negative in a financial system could lead to a major

tes data breach, while a false-positive just results in a time-consuming

investigation.
o
ell N
orn
C

• False-positives occur when a system reports non-existent vulnerabilities, while false-negatives

occur when actual vulnerabilities go undetected.
• While false-positives create administrative overhead, false-negatives pose a much more serious risk,
as they allow vulnerabilities to remain undetected, potentially leading to security incidents.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Log Review and Analysis
Definition of Log Review and Analysis:
• Definition of Log Review and
Analysis • Log review and analysis involve monitoring and assessing logs from
• Importance of Proactive Log
systems, applications, and devices to identify issues such as errors,
anomalies, or unauthorized access.
Review
• Significance of Synchronized • Regular log reviews ensure that potential problems, breaches, or
Log Event Times system modifications can be identified and addressed early.
• Role of NTP in Log
Synchronization Importance of Proactive Log Review:
• Proactive review helps organizations catch issues before they
escalate into larger security incidents or operational failures.
t i on
• Logs should be reviewed regularly to ensure security teams are
i b u
alerted to unusual patterns or signs of compromise.
str
i
•
f o r D could be an
Example: A log showing repeated failed login attempts
early indicator of a brute-force attack.
ot
,
Significance of Synchronized Log Event Times: N
a
hto accurately
•
a
Having synchronized log event times is crucial when investigating

e tN
incidents, especially breaches, correlate activities

aje
across different systems.
• h
b leading to aitsecurity
Without time synchronization,
sequence ofuevents
becomes difficult to trace the
S incident.

C
Role of NTPolin Log Synchronization:
y
• BThe Network Time Protocol (NTP) is commonly used to ensure all

I SSP systems are synchronized to the same time source.

C • This allows for consistent logging and makes it easier to correlate
for events across different systems during security investigations.
tes
o • Example: During an incident response, analyzing logs from various

ell N servers is easier when all systems share the same timestamp format.

orn
C

• Log review and analysis are essential for identifying potential security incidents and
operational issues within an organization.
• Proactive log monitoring helps catch issues early, while synchronized log times, often
achieved through NTP, are critical for correlating events across systems, especially in
the case of breaches or incidents.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Timely Log Review and Analysis
Importance of Log Review and Analysis:
• Importance of Log Review • Timely review of logs is a best practice in ensuring that systems deployed
and Analysis in production are functioning as intended. It helps detect errors, system
• Log What is Relevant modifications, and breaches early before they cause serious damage.
• Reviewing Logs • Logs provide crucial data for monitoring system health, detecting security
• Identifying Errors and incidents, and maintaining operational stability.
Anomalies Log What is Relevant:
• Systems generate large amounts of data, but not all of it is useful for
security monitoring or operational analysis.
• Focus on logging what’s relevant based on risk management. Relevant
t i on
logs typically reflect events that could indicate risks to critical assets or
systems.
i bu
r
st or
on ihigh-risk
• Example: Log only critical system changes, failed login attempts,
specific errors to reduce unnecessary noise and focus D
activities.
t for
Reviewing Logs:
N o
• Log reviews can be performed manually,or using automated tools like
h a Management) systems.
SIEM (Security Information and Event
Automation helps manage theN a
e t ofsheer volume of logs, especially in large

ajethat any significant errors or suspicious activity are

environments where millions events may be generated.
• Regular reviews ensure
b h
not missed.
S u
o l and Anomalies:
Identifying Errors

B y Cthe review process, attention should be paid to unexpected errors,

• During
system modifications, or breaches that may point to system issues or

I SSP attacks.
C • Errors: Unusual or unexpected errors could signal system

for malfunctions.

tes • Modifications: Unauthorized system changes are a major red

o flag and could indicate an ongoing breach.

ell N • Breaches: Logs can reveal patterns that indicate an attack or

orn compromise, enabling faster incident response.

C • Example: If logs show unauthorized modifications to a critical

configuration file, this could indicate a malicious attack.

• Timely log review and analysis are essential for monitoring system health and identifying potential
security breaches.
• Only log relevant data to reduce noise, automate log reviews where possible, and focus on
identifying errors, unauthorized modifications, and breaches.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Importance of Timely Log Review and Analysis
Importance of Log Review and Analysis:
• Importance of Log Review
and Analysis • Timely log review and analysis is crucial for organizations to ensure
• Log What is RelevantReview that production systems are functioning correctly.
the LogsIdentify • Logs help detect system errors, anomalies, and potential security
Errors/Anomalies breaches early before they cause significant damage.
Log What is Relevant:
• Systems generate vast amounts of logged data, but not all logs are
essential for security or operational analysis.
• Focus on logging events relevant to risk management, especiallyti on
i bu
those that help detect critical risks to organizational assets.
str
•
D i
Example: Log system access attempts, failed login attempts,

for
system configuration changes, or network anomalies.

t
No
Review the Logs:
•
h a,
Logs need to be regularly reviewed, either manually or through

Na
automated systems like SIEM (Security Information and Event
Management) to manage large amounts of data efficiently.

jeet
ha
• Regular log reviews help ensure no critical errors or suspicious
activity is missed.
b
l Su
Identify Errors/Anomalies:
•
y Coon detecting key issues such as errors, unauthorized system
Focus

P Bmodifications, or breaches.
I SS • Errors: Unexpected system errors may indicate problems
C that need addressing.
for • Modifications: Unauthorized changes to systems may

tes indicate a security breach or malicious activity.

N o • Breaches: Actual system or network breaches that could

rn ell lead to data loss or other serious incidents.

C o

• Timely log review and analysis are crucial for monitoring system health and detecting potential
security breaches.
• Organizations should focus on logging relevant data based on risk management principles, use
automated tools for efficient log review, and prioritize identifying errors, unauthorized modifications,
and breaches for proactive response.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Log Event Time Synchronization
• Importance of Consistent
Log Event Time
• Challenges with
Inconsistent Log Times
• Role of Network Time
Protocol (NTP)
Importance of Consistent Log Event Time:
• Consistent time stamps in logs are crucial for correlating events
across different systems and network devices.
• In case of a breach or incident, accurate time stamps allow security
teams to track the movement of an attacker through the network.
• Without synchronized times, incident response and forensic
investigations become much more difficult.
Challenges with Inconsistent Log Times:

ti on
In large organizations with multiple servers, switches, and firewalls,
•
if each device has a slightly different time, tracking and
i bu
str
understanding how an event unfolded is highly challenging.
D i
for
• Example: A firewall may log a suspicious packet at 10:00 AM, but if
t
the server logs the same event as occurring at 10:03 AM, correlating
those two events becomes problematic.
No
Role of Network Time Protocol (NTP):
h a,
•
t Ninaa network are synchronized with the
NTP ensures that all devices
same time source. ee
h ajdevice is synced with a publicly available
ubsuch as one from NIST (National Institute of Standards
• Typically, a network
S
nuclear clock,

C ol
and Technology), to provide an accurate time reference.
• y other network devices then synchronize with this main device,
BAll
I SSP ensuring consistent event log time stamps across the entire network.

C
for
tes
o
ell N
orn
C

• Ensuring consistent time stamps for log events is critical for correlating activities across systems,
especially during security incidents.
• Using Network Time Protocol (NTP) to synchronize devices within a network ensures accurate and
unified time logging, which is vital for effective monitoring, incident response, and forensic
investigations.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Log Data Generation
Overview of Log Data Generation:
• Overview of Log Data • Every system in an organization generates log data, which is vital for security, performance
monitoring, and compliance purposes.
Generation
• Key Components of Log • Logs capture events like user activities, system errors, network access, and application
behavior, providing critical information for security teams.
Data Processes
Key Components of Log Data Processes:
• Details to be Covered in
1. Generation:
Domain 7
1. Logs are produced by systems, applications, network devices, and security
tools.
2. Examples include server logs, firewall logs, database logs, and application logs.
2. Transmission:
1.
i on
Once generated, logs must be transmitted to a central location for analysis.
t
2.
used to transport log data securely.
i bu
Tools like Syslog and SIEM (Security Information and Event Management) are

s t r
Collected from multiple sources and stored in a centralizedi system for easier
3. Collection:
1.
D
r loss
2.
access and analysis.

t fo
Proper collection ensures completeness and prevents of valuable log data.
4. Normalization: o
N formats; normalization converts
1.
a
Logs from different systems may have , different
h of logs across diverse systems.
logs into a uniform format for analysis.
a
tN
2. This step simplifies the correlation
5. Analysis:
e
jefor insights such as system health, potential security
1.
h a
Analyzing log data
incidents, and performance anomalies.
2.
S ub ortools
Automated
breaches,
(like SIEM) or manual reviews can be used to identify errors,
suspicious activity.
6.
C olLog data must be stored for an appropriate duration to meet legal, regulatory,
Retention:

By and operational requirements.

1.

S P 2. Retention policies should balance security needs with storage costs.

CIS
7. Disposal:

or
1. Logs must be securely disposed of after their retention period to prevent

s f unauthorized access or data breaches.

o te 2. Secure deletion techniques are required to ensure compliance with data

protection regulations.

ll N
Details to be Covered in Domain 7:

rn e • Each of these steps will be elaborated in Domain 7, focusing on best practices,

o
challenges, and how to manage logs effectively to support organizational security.

• Log data generation is a critical process involving the production, transmission,

collection, and analysis of logs from various systems.
• Effective log management ensures that security events are captured, normalized, and
analyzed for insights.
• Retention and secure disposal of logs ensure compliance and protect against
unauthorized access. Further details will be explored in Domain 7.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

• Circular Overwrite
• Clipping Levels
• Comparison: Circular
Overwrite vs. Clipping Levels
Limiting Log Sizes
Circular Overwrite:
• A method used to manage log file sizes by overwriting the oldest log
entries when the maximum file size or number of log entries is
reached.
• Example: If a log file is limited to 100 MB, once that limit is reached,
the system starts overwriting the oldest entries to make room for new
ones.
• Useful when storage space is limited, preventing systems from

on
crashing due to full log files.
• uti
While efficient, it may result in the loss of valuable older log data,
especially during a long-term investigation.
tr i b
Clipping Levels: D is
• t for
A more selective approach where only events that exceed a defined
threshold are logged.
No
• h a,
Example: Instead of logging every failed login attempt, the system
Na
might log after 15 failed attempts to indicate a potential password-
cracking attempt.
je et
•
bhanoise.
Helps reduce log size by focusing on significant events, filtering out
u
normal operational
• Does o l Soverwrite previous log data, making it more suitable for
not
C security breaches or patterns of unusual activity.
By
identifying

S PComparison: Circular Overwrite vs. Clipping Levels:

CIS • Circular Overwrite is better for environments where space is limited
for and log files need to be constantly refreshed, but it risks losing

tes critical data if older entries are overwritten.

N o • Clipping Levels provides more valuable, targeted information by

rn ell logging events based on significance, making it a more strategic

choice for security monitoring without the risk of losing important log
C o data.

• Circular overwrite and clipping levels are two log file management techniques aimed at controlling
log file sizes.
• Circular overwrite is efficient for saving space but may result in the loss of older data.
• Clipping levels allow for logging only significant events, reducing log size while preserving critical
information, making it a more valuable approach for security monitoring.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Operational Testing—Synthetic Transactions and RUM
• Operational Testing
Overview
• Real User Monitoring (RUM)
• Synthetic Performance
Monitoring (SPM)
• Comparison of RUM and
SPM
Operational Testing Overview:
• Conducted while a system is actively running to assess its
functionality, performance, and availability in real-time.
• Two main techniques: Real User Monitoring (RUM) and Synthetic
Performance Monitoring (SPM).
Real User Monitoring (RUM):
• A passive monitoring technique that tracks user interactions with a
website or application in real-time.
• Helps analyze performance, user behavior, and any errors occurring
during live usage.
ti on
•
i bu
Example: A bank monitoring how customers interact with its online
tr
banking system to see what actions they perform and how the
s
system responds.
D i
•
t for
Log files and performance measures are used for detailed analysis.

No
Synthetic Performance Monitoring (SPM):

a,
• A proactive monitoring method where pre-scripted transactions are
h
generated to simulate real-world activities in the system, without
actual users.
Na
•
jeet
Functional tests ensure different functionalities (like logging in,
ha
transferring funds, etc.) work as expected.
b
Su
• Performance tests under load simulate multiple users
l
simultaneously performing transactions to check how the system

y Co
handles high traffic.
B • Example: A retail e-commerce platform running test scripts before

I SSPComparison of RUM and SPM:

Cyber Monday to ensure their site can handle a significant load.

r C • RUM: Monitors real-time user interactions, helps understand live

fo
es behavior, and identifies errors as they happen.
ot • SPM: Simulates user actions, allowing testing of functionality and

ell N system performance under different conditions, often used before

orn peak usage periods.

• Operational testing ensures that systems are functioning properly when in use. Real
User Monitoring (RUM) passively observes live interactions, while Synthetic
Performance Monitoring (SPM) proactively tests system functionality and load
performance using simulated transactions. Both techniques are critical for maintaining
system performance and availability.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Regression Testing
• Purpose of Regression Testing
• Importance of Regression
Testing
• Metrics That Matter in
Regression Testing
•
Regression Testing
Definition of Regression Testing:
• Regression testing verifies that previously functional software still
operates correctly after updates, such as enhancements or patches.
• Ensures that no new bugs or issues are introduced when changes are
made to the system.
Purpose of Regression Testing:
• After any updates (e.g., bug fixes, vulnerability patches, or feature
enhancements), regression testing ensures that the rest of the
software remains functional.
•
ti
Example: After patching a security vulnerability in an e-commerce on
bu
platform, regression tests ensure the shopping cart, checkout, and
i
payment processes continue to work as expected.
str
Importance of Regression Testing: D i
•
t for
Critical for maintaining software stability after updates.
• No
Helps prevent new issues from arising due to changes in the
codebase.
h a,
t Na
Saves time and resources by identifying problems early after

jeebe time-consuming but essential in complex

changes.
• Regression testingacan
bhmany dependencies.
applications with
u
S in Regression Testing:
Metrics Thatl Matter
o
•
B y C• reports
Tailor to the audience:

S P High-level summary for senior management focusing on

CI S pass/fail results and overall system stability.

or
• Detailed report for development teams, providing in-depth

s f results, specific failures, and areas needing attention.

o te • Use relevant metrics that help stakeholders make informed

ll N
decisions based on their roles.

rn e • Objective pass/fail results.

C o • Detailed technical metrics for developers.

• Business impact metrics for executives.

• Regression testing is crucial for ensuring that software updates don’t introduce new problems.
• It verifies that the rest of the system functions correctly after changes are made.
• Reporting results should be tailored to the audience using "metrics that matter"—offering high-level
summaries for executives and detailed reports for technical teams.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Compliance Checks
Definition of Compliance Checks:
• Definition of Compliance
Checks • Compliance checks involve reviewing and analyzing security controls
• Purpose of Compliance
to ensure they align with documented security requirements and
organizational policies.
Checks
• Compliance and Security Purpose of Compliance Checks:
Control Testing
• Role of Compliance in • The goal is to ensure that implemented security controls meet the
Security Policies required standards and that the organization complies with both
internal policies and external regulatory requirements.
Compliance and Security Control Testing:
ti on
• Compliance checks are part of ongoing security control testing.u
r ib They
help verify that the security measures in place continue totoperate
correctly over time.
D is
f r aligned with
oare
t
• They confirm that security tests and assessments
o and industry
organizational requirements, policies, procedures,
N
a,
standards.

a h
Role of Compliance in Security Policies:
t N
• Compliance checks ensure
je e alignment with organizational policies,
ha
procedures, and baselines.
b
S
• Example: After u can confirm
implementing new controls for data protection,
o
compliancel and regulatory requirements
checks that they meet both company
y C
standards like GDPR or HIPAA.

P B
I SS
C
for
tes
o
ell N
orn
C

• Compliance checks are essential for ensuring that security controls not only function as intended
but also meet organizational and regulatory standards.
• By aligning security control testing with policies and standards, organizations can maintain a robust
and compliant security posture.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Key Risk and Performance Indicators
• Definition of Key Performance
Indicators (KPI)Definition of
Key Risk Indicators (KRI)
• SMART Metrics
• Importance of Metrics in
Security
• Examples of Key Metrics
Definition of Key Performance Indicators (KPI):
• KPIs are backward-looking metrics, focusing on historical data to
evaluate whether performance targets were achieved.
• Example: Measuring system uptime over the last quarter to assess
whether availability goals were met.
Definition of Key Risk Indicators (KRI):
• KRIs are forward-looking metrics, helping with risk-related decision-
making by providing insight into potential future risks.
• Example: Monitoring the frequency of phishing attacks as a KRI to

on
assess the likelihood of a future breach.
SMART Metrics:
uti
•
tr i b
SMART stands for Specific, Measurable, Achievable, Relevant, and
Timely.
D is
for
• Specific: Are the results clearly stated and easy to
understand?
t
• No
Measurable: Can the results be quantified with data?
•
h a,
Achievable: Can the results drive the desired outcomes?
•
Na
Relevant: Are the results aligned with business strategies?
•
eet
Timely: Are the results available when needed?
j
ha
Importance of Metrics in Security:
b
Su
• Metrics like KPIs and KRIs help inform goal setting, action planning,
l
and risk management.

y • Co
SMART metrics ensure that security processes are aligned with
B business objectives and can be effectively monitored.

I SSP Examples of Key Metrics:

r C • Account Management: Tracking the number of inactive accounts

fo over time.

es • Management Review and Approval: Monitoring how often security

ot policies are reviewed.

ell N • Backup Verification: Ensuring regular testing of backups for disaster

rn
recovery.

C o • Training and Awareness: Measuring employee participation in

cybersecurity training.
• Disaster Recovery and Business Continuity: Tracking how quickly
systems are recovered after an outage.

• KPIs are used to evaluate past performance, while KRIs focus on anticipating future risks.
• Both are essential for informed decision-making in security management.
• SMART metrics ensure that goals and outcomes are aligned with the organization’s business strategy
and security objectives, driving measurable, relevant, and timely results.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Key Performance Indicators (KPIs) vs. Key Risk Indicators (KRIs)
• Definition of Key Performance
Indicators (KPI)
• Definition of Key Risk
Indicators (KRI)
• Metrics for KPIsMetrics for
KRIs
• Comparison Between KPIs
and KRIs
Definition of Key Performance Indicators (KPI):
• KPIs are backward-looking metrics that help evaluate past performance and
whether performance targets were met.
• They provide insights into operational efficiency, service delivery, and goal
achievement.
• Example: Mean time to resolve support tickets or the number of support emails
processed.
Definition of Key Risk Indicators (KRI):
• KRIs are forward-looking metrics that assess potential risk exposures and help
anticipate future threats.
•
proactive decision-making.
t i on
They are used to monitor emerging risks or shifts in risk conditions, enabling

i bu based
•
s tr
Example: Monitoring phishing attempts or the likelihood of system failures
i
on usage patterns.
Metrics for KPIs: D
r response
• Account Management: Mean time to resolution, average
t fo time,
number of support tickets. o
• Management Review and Approval: Time
a , toNresolve defects, number of
h verified, time between backup
identified defects, process effectiveness.
a
• Backup Verification: Number of N
verifications, amount of data trestored.
backups
e
Metrics for KRIs:
h aje
• b
phishing emailureport rates.
Training and Awareness: Number of employees completing security training,
S
•
C olRecovery
Disaster (DR) and Business Continuity (BC): Recovery Time

B y
Objective
processes.
(RTO), Recovery Point Objective (RPO), time taken to restore critical

I SSP• Account Monitoring: Frequency of password changes, last login times, and
abnormal login activities.
C
for Comparison Between KPIs and KRIs:

tes • KPIs: Backward-looking; focused on measuring past performance and achieving

organizational goals.
o
ll N
• Example: System uptime or user satisfaction metrics.

rn e • KRIs: Forward-looking; focused on identifying and monitoring potential future

risks to prevent incidents.

C o • Example: Risk of phishing attacks based on user behavior or detection

of insider threats.

• KPIs measure past performance, helping organizations assess whether they met goals, while KRIs
are forward-looking metrics that assess potential future risks.
• Both are critical in risk management, with KPIs focused on operational performance and KRIs on
identifying threats to prevent incidents.
• Effective security management incorporates both types of metrics to ensure comprehensive
monitoring and decision-making.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Test Output and Reporting
• Definition of Test Output
• Importance of Remediation
in Test Output
• Exception Handling in Test
Output
• Ethical Disclosure in Test
Output
Definition of Test Output:
• Test output refers to the results generated from security assessments
and testing. It includes steps related to addressing identified
vulnerabilities, handling exceptions, and sharing new vulnerabilities
with relevant parties.
• The purpose is to ensure that the findings from security tests are acted
upon responsibly.
Importance of Remediation in Test Output:

i
• Remediation is the process of documenting and implementing fixes for
t on
vulnerabilities found during the security assessments.
i bu
s r
t of
i
• Example: After a vulnerability scan identifies an outdated version
software, a patch is applied to resolve the issue.
fo r Dto ensure proper
t
• The remediation process should be well-documented
o
,N
tracking and resolution of issues.
Exception Handling in Test Output:ha
Na during testing may not be
• Sometimes, vulnerabilitiestidentified
je e like budget or the low probability of
addressed due to constraints
exploitation.
bha
• Example: AS u vulnerability in an internal system might be accepted
o
due to lowl minor
risk.
• B y C
Documenting exceptions ensures accountability and helps in risk
S P management by providing justification for why certain issues are not

CIS
fixed.

for Ethical Disclosure in Test Output:

tes • Ethical disclosure involves sharing newly discovered vulnerabilities

o
ll N
that might impact a wider user base with relevant parties or the public.

rn e • This helps in the timely mitigation of security risks across industries.

C o • Example: A researcher discovers a zero-day vulnerability in widely-

used software and shares it with the vendor to protect other users.

• Test output involves documenting the results of security assessments, including remediation steps
for vulnerabilities, the reasons for any exceptions, and disclosing new vulnerabilities ethically.
• This process is crucial in addressing risks, managing exceptions transparently, and sharing critical
security information for broader protection.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Audit Process
Audit Approaches:
•Audit ApproachesInternal • There are three main types of audit approaches: internal, external,
AuditsExternal AuditsThird- and third-party.
Party AuditsAudit Plans
• Each approach serves a different purpose depending on who is
conducting the audit and what is being audited.
Internal Audits:
• Conducted by employees within the organization.
• Focuses on the internal processes of the organization.
• The goal is to ensure that internal controls and procedures are
functioning as intended and to identify areas for improvement.
ti on
External Audits:
i bu
•
tr
Conducted by employees from the organization but focusing on
s
vendor or partner processes.
D i
for
• It assesses the compliance and effectiveness of vendors or external
partners. t
• No
Common in companies that rely on third-party services for critical
operations.
h a,
Third-Party Audits:
Na
•
jeet
Performed by an independent organization or external auditors.
•
bha
They provide an unbiased, independent evaluation of an
organization’s processes or those of its vendors.
•
l Su
Frequently used to build trust and credibility with external

y Co
stakeholders, such as regulators or customers.
B Audit Plans:

I SSP •
•
An audit plan outlines the steps and objectives of the audit process.
Typically includes the following phases:
r C
fo • Define the audit objective: Identify the purpose of the audit

es and what it aims to achieve.

ot • Define the audit scope: Set boundaries for what will be

ell N covered in the audit, such as departments, processes, or

rn
time periods.

C o • Conduct the audit: Perform the audit based on the

predefined objectives and scope.
• Refine the audit process: Review the findings, make
recommendations, and adjust the process for future audits.

• There are three types of audits: internal, external, and third-party, each serving different functions
based on who conducts the audit and the area of focus.
• An effective audit process includes clearly defining objectives and scope, conducting the audit, and
refining processes based on findings.
• Internal audits focus on organizational processes, external audits focus on vendors, and third -party
audits are independent evaluations often used to build credibility.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Components of an Audit Plan
Define the Audit Objective:
• Define the Audit Objective • Clarify what the audit seeks to achieve. For example, the objective
• Define the Audit Scope may be to evaluate compliance with specific regulations or assess
• Conduct the Audit the effectiveness of internal controls.
• Refine the Audit Process
Define the Audit Scope:
• Establish the boundaries of the audit. This includes specifying what
systems, processes, and departments will be audited and what areas
will be excluded.
Conduct the Audit:
• The execution phase where the audit team assesses the identified
ti on
i bu
areas within the audit scope, collecting data and verifying controls.
r
ist
Refine the Audit Process:
After the audit, improvements to the audit approachDare identified.
or future audits.
•
Feedback from stakeholders and findings canfenhance
o t
Detailed Steps of an Audit Process:
N
1.
h a, the overall aim and desired
Determine audit goals: Clearly state
outcomes of the audit. a
Nunit
2. t
efor support
Involve the right business leader(s): Include leaders from
aje
relevant business areas and guidance.
h
b audit scope: Define the boundaries of the audit,
onuthe specific areas that require evaluation.
3. Determine the
focusing S
4. C ol the audit team: Select individuals with the necessary
Choose
B yexpertise and independence to perform the audit.
I SSP5. Plan the audit: Develop a timeline and methodology for conducting
C the audit.

for 6. Conduct the audit: Carry out the assessment, gather evidence, and

tes evaluate systems or processes.

N o 7. Document the audit results: Record findings, identify areas of

rn ell improvement, and propose recommendations.

C o 8. Communicate the results: Share audit outcomes with

stakeholders, focusing on corrective actions and compliance gaps.

• An audit plan involves setting clear objectives and a well-defined scope, conducting the audit
systematically, and refining the process afterward.
• Ensuring thorough communication of audit results and involving relevant leaders is essential for
improving organizational processes.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Different Audit Approaches
Internal Audits:
• Internal Audits
• External Audits • Conducted by employees within the organization.
• Third-Party Audits • Focuses on reviewing the company’s internal systems and processes to
• Security Function Support ensure compliance with policies, regulations, and best practices.
• Example: A company's internal audit team examines the effectiveness
of its own cybersecurity policies.
External Audits:
• Performed either by the company’s employees or external auditors, but
focused on external systems such as vendors or service providers. ti on
i b u
• In one scenario, company employees might assess a vendor’s
s r
tthe security
i
practices. In another, an independent audit firm assesses
company’s systems to provide an unbiased report.r D
t fo its data security
• Example: A company hires an external firm to
N o assess

a,
compliance.
Third-Party Audits: a h
t Nhired
e e
• Involves independent auditors
j
by a service provider to assess

hacommissions the audit to provide customers with

their operations and governance.
b
Su their controls.
• The service provider
assurancel about

y CoA cloud service provider engages an independent auditor to

• Example:
P B a SOC 2 report, which is then shared with customers to prove
produce

I SS adherence to security standards.

C
for Security Function Support:

tes • The security team plays a critical role in the audit process by providing
o necessary data, evidence, and insights into security controls.

ell N • Security professionals should support audits by identifying risks,

orn providing access to logs, and ensuring that security controls are well-
C documented and auditable.
• Example: The security team works with auditors to verify encryption
practices, access controls, and incident response procedures.

• Audit approaches differ based on who is conducting the audit and what systems are being assessed.
• Internal audits review an organization’s own processes, external audits can evaluate third-party
systems, and third-party audits involve independent assessments of service providers.
• The security function must support the audit process by providing data, ensuring controls are
effective, and offering insights into risk management strategies.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 SOC Reports and Types
SOC 1 Reports:
• SOC 1 Reports
• SOC 2 Reports • Focus on financial reporting risks.
• SOC 3 Reports
• These reports are relatively basic and are typically requested by
• Type 1 vs. Type 2 Reports financial auditors to ensure that controls related to financial data are in
place.
SOC 2 Reports:
• Focus on five trust principles: security, availability, confidentiality,
processing integrity, and privacy.

t
• These reports are comprehensive and used by security professionals i on
i b
to assess an organization’s controls beyond just financial data.u
s r
twith care.
i
rD
• Can contain sensitive information and should be handled
SOC 3 Reports:
t fo
• Stripped-down versions of SOC 2 reports. N o
a ,
a hsecurity
• Primarily used for marketing purposes to give prospective customers

e tN
confidence in a service provider’s without revealing sensitive

aje
operational details.
Type 1 Reports:
b h
Sureports
o l
• Point-in-time that focus on the design of controls.

B y Creports examine if controls exist and are properly documented

• These
but do not confirm whether the controls are operating effectively over

I SSP time.
C Type 2 Reports:
for
tes • More comprehensive reports that focus on both the design and
o operating effectiveness of controls over a period of time, usually one

ll N
year.

rn e • These reports examine how controls function in real-world operations

C o and are highly desirable for assessing long-term security effectiveness.

• SOC reports help organizations build trust with their customers by assessing security
and operational controls. SOC 2, Type 2 reports are the most valuable for security
professionals as they verify both the design and effectiveness of security controls over
time.
• SOC 3 reports, on the other hand, are mainly used for public disclosure and marketing
purposes. Type 1 reports focus on controls at a specific point in time, whereas Type 2
reports provide a more thorough analysis over an extended period.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Audit Roles and Responsibilities
Executive (Senior) Management:
• Executive (Senior) Management
• Responsible for setting the tone from the top.
• Audit Committee
• Security Officer • Ensures that the audit process is promoted and that there is clear
support for audits within the organization.
• Compliance Manager
• Internal Auditors • Articulates the importance of assurance across the company.
• External Auditors Audit Committee:
• Consists of key board members and senior stakeholders.
• Provides oversight and strategic direction to the audit program.
• Ensures that the audit process aligns with organizational goals and
regulatory requirements. ti on
i bu
Security Officer (CSO/CISO):
s r
tduring audits.
i
rD
• Advises on security-related risks that should be addressed
•
t fo
Provides input on critical security controls and areas of focus based on
emerging threats and vulnerabilities.
N o
Compliance Manager:
, laws, regulations, and
arelevant
h
Na
• Ensures corporate compliance with
internal policies.
t
•
required audits area jee auditor
Oversees audit scheduling,
conducted
training, and ensures that all
on time.
h
Plays a key rolebin ensuring the organization meets industry standards
•
S u
InternalC o l
and legal obligations.
Auditors:
y
• BEmployees of the company who conduct internal audits.
P
S • Their
CI S role is to provide assurance that internal controls are functioning as
intended and corporate governance is being maintained.

for External Auditors:

tes • Independent auditors from an outside organization.

o
ell N • Conduct unbiased audits to provide independent verification that
controls are operating effectively.

orn • Their reports are used to build credibility and trust with stakeholders,
C such as regulators or customers.

• Audit roles are distributed among senior management, security officers, compliance managers, and
auditors (both internal and external).
• Senior management sets the tone for audits, while the audit committee oversees the process.
• Security officers advise on security risks, and compliance managers ensure adherence to
regulations. Internal auditors verify internal controls, and external auditors provide an independent,
unbiased audit of the organization’s controls.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

CISSP Cornell Notes by
Col Subhajeet Naha, Retd, CISSP
Domain 7 : Security Operations
 Security Operations
Definition and Importance of Security Operations:
• Definition and Importance of
Security Operations • Security Operations involve the continuous, day-to-day activities
performed by the security team to ensure the ongoing protection of an
• Integration of Security into
organization's systems, assets, and data.
Organizational Processes
• Role of Security Operations in • These operations are integral to maintaining a secure environment
Supporting Organizational Goals where systems remain resilient to threats and attacks.
Integration of Security into Organizational Processes:
• Security operations are not standalone but are integrated within
broader organizational processes to ensure systems are secured
ti on
throughout their lifecycle.
i b u
• Examples include implementing security controls, monitoring
s tr
network traffic, managing security incidents, patching ivulnerabilities,
and conducting audits.
f o rD
o t ensuring a balance
,N
• Security must align with the business processes,
between security and operational efficiency.
a
h Organizational Goals:
a
t N is to protect the organization while
Role of Security Operations in Supporting

e e
ajobjectives
• The goal of security operations

b h
enabling it to meet its without disruption.
• This includesu
l S and data, providing incident response capabilities,
ensuring confidentiality, integrity, and availability (CIA
triad) ofosystems
and C
B y enforcing compliance with regulations.
S P• By mitigating risks and handling security incidents effectively,

CI S security operations allow the organization to operate smoothly and

or
securely.

s f
o te
ell N
orn
C

• Security operations are essential for maintaining the security and resilience of an organization’s
systems.
• They integrate security practices with organizational processes and support the business in
achieving its goals without compromising on security.
• Effective security operations help manage risks, respond to incidents, and ensure compliance with
policies and regulations.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Securing the Scene (Investigations)
• Importance of Securing the
Scene
• Key Steps to Secure the Scene
• Contamination of Evidence in
Investigations
Importance of Securing the Scene:
• Securing the scene is critical to ensuring the integrity of any
investigation.
• Investigators must ensure that evidence is preserved in its original state
to maintain its validity for later examination and potential legal scrutiny.
• If the scene is not properly secured, the investigation's credibility can
be compromised, rendering evidence inadmissible in court.
Key Steps to Secure the Scene:

ti on
• Seal off access: Prevent unauthorized individuals from entering the area
where the incident or crime took place.
i bu
• Take photographs: Capture detailed images of the sceneis
tr
before
anything is moved or disturbed.
fo rD
• Document evidence: Record the exact location o t of all evidence,
including digital devices, to create a clearN
a , and reliable record of the
scene.
a h
N mobile devices, and storage
tUSBs)
• Avoid touching anything: Computers,
je
media (like hard drives ande must not be physically tampered

b ha
with, as this could alter or destroy vital evidence.

l Suthetechniques
• Employ forensic for imaging or snapshotting data without

Co of Evidence in Investigations:
compromising system's integrity.

B y
Contamination
P
S state. evidence is contaminated, it cannot be restored to its original
CI S • Once

for • Example: Typing on a criminal's computer or moving files could alter

tes timestamps and data integrity, potentially invalidating it as evidence.
o
ell N • Following established forensic procedures is vital to avoid accidental

rn
tampering.

C o

• Securing the scene is essential in any investigation to preserve evidence. Investigators must follow
proper procedures like sealing off the area, documenting the scene, and avoiding any interaction
with digital devices.
• Ensuring that evidence is not contaminated allows investigators to maintain the integrity of the
investigation, leading to reliable conclusions and upholding the legal admissibility of evidence.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Forensic Investigation Process
Need for Forensic Investigation:
• Need for Forensic • Organizations using computer systems and networks may need digital
Investigation forensics for crime investigation, policy breaches, system troubleshooting,
• Methodologies in Digital etc.
Forensics • Digital forensic methodologies help find answers, solve problems, and can
aid in prosecuting crimes.
• Steps of Forensic Methodologies in Digital Forensics:
Investigation Process • Standard practices include securing the scene, collecting evidence, and
• Chain of CustodyCollection maintaining the integrity of data for admissibility in court.
of Evidence • The process ensures that evidence is preserved correctly to avoid
• Examination and Analysis of contamination.
Evidence Steps of Forensic Investigation Process:
ti on
• Final Reporting 1. Identification and Securing the Scene:
i bu
•
tr
The first step is securing the crime scene, ensuring evidence isn't
s
tampered with.
D i
for
• Protecting potential evidence from being touched or removed.
•
t
Begin the chain of custody, documenting who handled the

No
evidence.

a,
2. Collection of Evidence:
•
h
Proper collection methods are used for both physical and digital
evidence.
Na
•
jeet
Policies and standards guide the collection process to preserve
evidence integrity.

bha
3. Examination and Analysis:
•
l Su Evidence is examined through manual and automated processes

Co
to determine its relevance to the investigation.
• The analysis helps to build a case or identify the responsible party.
By 4. Final Reporting:

I SSP •
•
Results of the investigation are compiled into a detailed report.
The report outlines the entire investigation process, findings,
r C recommendations, and actions required.
fo • Reports may vary depending on the audience and level of detail
es required.
ot Chain of Custody:

ell N • Key in maintaining the integrity of evidence, it records who handled the

rn
evidence, when, and where.

C o • Ensures control and integrity, particularly for trial admissibility.

Final Reporting Considerations:
• The report should be clear, detailed, and relevant to its audience, possibly
requiring different formats for different stakeholders.

• Forensic investigation involves identifying and securing the scene, collecting evidence while
maintaining the chain of custody, and examining and analyzing the data.
• The final report is critical for summarizing findings and may need to be tailored for different
audiences.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Sources of Information and Evidence
• Sources of Information
• Evidence TypesReal
Evidence
• Direct Evidence
• Circumstantial Evidence
• Corroborative Evidence
• Hearsay Evidence
• Best Evidence Rule
• Secondary Evidence
• Oral/Written Statements:
• Statements given to police or investigators by witnesses or
individuals with pertinent information.
• Written Documents:
• Physical documents like checks, letters, contracts, and
receipts relevant to investigations.
• Computer Systems:
• The hardware storing data such as SSDs, HDDs, USB drives,
and other peripherals connected to a system during the crime.
• Visual/Audio Records:

on
• Photographs, video/audio recordings, and security footage
related to the investigation.
uti
Evidence Types:
tr i b
1. Real Evidence:
D is
for
• Tangible physical objects, such as hard drives and USBs. They
are physical evidence that can be inspected and used to prove
t
No
or disprove factual issues in trials.

a,
2. Direct Evidence:
•
h
Evidence that speaks for itself, requiring no inference (e.g.,
Na
video footage of the crime happening).
3.
et
Circumstantial Evidence:
je
ha
• Indirect evidence that suggests a fact by implication. It can
b
prove an intermediate fact, such as a witness stating the

l Su
defendant was near the crime scene.

Co
4. Corroborative Evidence:

By • Supports facts or other elements of a case by confirming

testimony or other forms of evidence, making it very powerful in

I SSP 5.
trials.
Hearsay Evidence:
r C
fo • Testimony from witnesses who were not present at the event. It

es is usually inadmissible unless exceptions apply.

ot 6. Best Evidence Rule:

ll N
• Stipulates that original evidence should be presented in court

rn e rather than copies, whenever possible.

C o 7. Secondary Evidence:
• Substitutes for original evidence, such as a printout of log files,
used when the original no longer exists.

• In an investigation, sources of information include statements, documents, systems, and

visual/audio evidence.
• Various types of evidence, such as real, direct, and corroborative evidence, play critical roles in
proving facts in court, while hearsay and secondary evidence have more limitations.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 MOM and Locard's Exchange Principle
MOM (Motive, Opportunity, Means):
• MOM (Motive, Opportunity,
• Motive:
Means)
• Locard’s Exchange Principle • Investigators assess what might have driven the suspect to
• Importance of Evidence in commit the crime. It refers to the potential reasons or
Investigations incentives behind the suspect’s actions.
• Opportunity:
• Investigates whether the suspect had the chance to commit
the crime. For example, was the suspect present at the scene
of the crime or did they have access to the necessary
systems or locations?
ti on
i bu
• Means:
s tr
• Determines if the suspect had the resources or
D i abilities
carry out the crime, such as the technicalr know-how,
to

t fo
physical tools, or access to needed information.
Locard’s Exchange Principle: N o
Definition: h a,
•
a whenever two objects interact, a
Nthat
• t
This principle posits
e occurs. Something is always taken and
je
transfer of material
somethingais always left behind.
bh
Applicationuin Forensics:
lS
•
• o In every investigation, detectives search for traces left behind
By C (e.g., fingerprints, DNA, fibers) and evidence of what might

SP • Crime scenes are examined meticulously, with photographs,

have been taken.

CI S
or
vacuuming for fibers, and fingerprint analysis, following this

s f principle to find links to the crime.

o te • Example:

ll N
A hacker breaks into a system, leaving behind IP addresses, login

rn e records, or malware traces while taking sensitive data. Both actions

C o can leave digital or physical evidence behind.

• MOM is a key investigative guide to determine a suspect's motivation, opportunity, and

means for committing a crime. Locard’s Exchange Principle reinforces that evidence is
always left behind or taken during the commission of a crime, guiding forensic
investigators on where to look for critical information.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Digital/Computer Forensics
Digital Forensics:
• Digital Forensics • Definition:
• Live Evidence • Digital forensics is the scientific process of examining, analyzing, and
• Forensic Copies preserving digital data for the purpose of investigations. It is a critical
• Digital Forensics Tools, component in understanding how a system was compromised or
breached.
Tactics, and Procedures • Purpose:
• Artifacts in Digital Forensics • Used in investigations to collect evidence, analyze it, and reconstruct
digital activities.
Live Evidence:

on
• Definition:
•
ti
Live evidence refers to data stored temporarily in a running system,
u
b
such as in RAM, cache, or system buffers.
• Example:
tr i
•
D is
Information in active memory that will be lost if the system is turned

for
off or rebooted. It’s crucial to extract this data during a live forensic
analysis.
t
Forensic Copies:
No
• Definition:
h a,
Na
• Forensic copies are bit-for-bit replicas of digital media (e.g., hard
drives, SSDs). They ensure that the integrity of the original data is

jeet
preserved for forensic analysis.

ha
• Importance:
•
bForensic copies allow investigators to analyze data without altering

l Su the original source, preserving the evidence for court or further

Co
investigation.

By Digital Forensics Tools, Tactics, and Procedures:

• Definition:

I SSP • These are specialized tools and methodologies used to properly

handle and analyze digital evidence, especially from live systems.
r C
o
•Example:

s f • Tools like FTK (Forensic Toolkit) and EnCase are often used to extract

ote and analyze forensic data while maintaining data integrity.

ll N
Artifacts in Digital Forensics:

rn e • Definition:

o
• Artifacts are traces left behind after a breach or attempted breach.
C These act as clues, often pointing to the actions or path of an
attacker.
• Example:
• Artifacts can include log files, registry changes, malware traces, or
deleted files that show tampering or unauthorized access attempts.

• Digital forensics involves the systematic collection and analysis of digital data, often crucial in legal
investigations.
• Live evidence, forensic copies, and artifacts all play key roles in this process.
• Digital forensics tools and procedures ensure the proper handling of data, maintaining the integrity of
evidence for investigation or court presentation.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Live Evidence in Digital Forensics
• Definition of Live Evidence
• Challenges with Live
Evidence
• Specialized Tools for Live
Evidence
• Impact of Disrupting a
System with Live Evidence
Definition of Live Evidence:
• Definition:
• Live evidence refers to data that resides in a running system,
stored in volatile locations such as RAM, cache, and CPU
registers. This type of evidence is temporary and can disappear
when the system is turned off or rebooted.
• Example:
• Open files, active processes, and network connections in RAM
or cache that are crucial to understanding a security breach.
Challenges with Live Evidence:
• Volatility:
ti on
•
bu
Live evidence is highly volatile and can be easily altered or lost,
i
tr
making it difficult to collect without contamination. Simply
s
D i
interacting with the system (e.g., moving the mouse or typing on

for
the keyboard) can change or overwrite crucial evidence.
t
No
• Immediacy:
• The need for immediate action to collect data without disrupting
a,
the system, as powering off the system leads to the loss of live
h
Na
evidence.

et
Specialized Tools for Live Evidence:
je
ha
• Tools and Expertise:
•
b
Extracting live evidence requires expert knowledge and

l Suspecialized forensic tools that can capture volatile data without

Co
changing the system state. Tools like Volatility and FTK Imager
can be used to capture RAM content and other live system data.
By • Minimizing Contamination:

I SSP • Forensic experts must ensure minimal contamination during

evidence collection. This often involves using automated scripts
r C that extract data without further user interaction.
fo
es Impact of Disrupting a System with Live Evidence:

ot • Data Loss:

ell N • If a system is powered down or rebooted, all data in volatile

rn
storage such as RAM or CPU registers is lost. This can severely

C o • Example:
hinder an investigation as crucial evidence may be irretrievable.

• If a server is forcibly shut down during an investigation, data

related to open network connections or encrypted
communications in RAM is lost forever.

• Live evidence is volatile and requires careful handling during digital forensic investigations.
• Special tools and expertise are necessary to extract this data while minimizing the risk of
contamination.
• Disrupting the system can result in permanent loss of critical evidence, which makes live evidence
collection both challenging and urgent.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Forensic Copies in Digital Forensics
• Definition of Forensic Copies
• Process of Creating Forensic
Copies
• Handling the Original Hard Drive
• Importance of Working Copies
Definition of Forensic Copies:
• Definition:
• Forensic copies are exact, bit-for-bit replicas of a digital storage
device (e.g., hard drive) created to preserve evidence. These
copies ensure that the original data remains untouched and
unchanged during an investigation.
• Example:
• When investigating a crime, investigators create two identical
copies of the suspect’s hard drive for analysis, while the original
is stored securely.
Process of Creating Forensic Copies:
ti on
• Steps:
i bu
• Remove the hard drive from the system.
str
•
D i
Create two identical bit-for-bit copies using specialized forensic
tools (e.g., FTK Imager, EnCase).
t for
No
• Verify that the copies are identical using hash functions (e.g.,

a,
MD5, SHA-1) to ensure data integrity.
Handling the Original Hard Drive:
h
• Preservation:
Na
•
eet
Once the forensic copies are made, the original hard drive
j
ha
should be placed in an evidence bag, sealed, and never touched
b
again unless absolutely necessary. This ensures the chain of

l Su
custody is maintained, preserving the integrity of the evidence.

Co
• Example:

By • After removing the hard drive from a suspect's laptop,

SP
investigators immediately store the original in an evidence bag
and focus on analyzing the forensic copies.

CI S Importance of Working Copies:

for • Purpose of Copies:

es
ot
• The first forensic copy is archived, similar to the original, and is
never used. The second copy, known as the working copy, is

ell N used for analysis to avoid contaminating the original data. This

rn
working copy allows investigators to perform various tests

C o • Example:
without risking the integrity of the original evidence.

• Investigators perform data recovery or malware analysis on the

working copy, ensuring the original hard drive remains
untouched for future legal proceedings.

• Forensic copies are exact duplicates of a digital storage device, created to preserve the integrity of
evidence while allowing investigators to perform analysis.
• The original hard drive and the first copy are sealed as evidence, while the second copy, known as
the working copy, is used for forensic examination.
• This process ensures the evidence remains untainted throughout the investigation.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Live Evidence and Forensic Copies
• Definition of Live Evidence
• Challenges with Live
Evidence
• Forensic Copies and
Handling
• Importance of Bit-for-Bit
Copies
Definition of Live Evidence:
• Definition:
• Live evidence refers to data stored in volatile memory locations (e.g.,
RAM, CPU, cache, buffers) on a running system.
• Challenges:
• This type of evidence is fleeting and easily lost if the system state
changes. Actions like powering off or restarting a system cause live
evidence to disappear.
Challenges with Live Evidence:
• Contamination Risks:
• Simply interacting with the system, such as moving the mouse or

ti on
pressing keys, alters the state of the system and can contaminate the

u
evidence.
• Specialized Tools Required:
tr i b
•
D is
Expert knowledge and forensic tools (e.g., Volatility, FTK Imager) are
essential to extract live evidence without affecting its integrity.
• Example:
t for
No
• In the case of an ongoing cyberattack, capturing data from RAM can
reveal information about active processes, encryption keys, or

a,
malware residing in volatile memory.
h
Na
Forensic Copies and Handling:

et
• Definition:
•
je
Forensic copies are exact, bit-for-bit replicas of digital storage media

ha
(e.g., hard drives). These copies preserve evidence for analysis while

bensuring the original data remains intact.

Su
• Handling Procedures:
l
Co
• After creating two bit-for-bit copies, the original hard drive is sealed in
an evidence bag and stored. One of the copies is also sealed, while the

By second copy is used for analysis.

SP
Importance of Bit-for-Bit Copies:

CI S • Definition:
• A bit-for-bit copy means the entire content of the original drive,

for including unused space, deleted files, and metadata, is duplicated

es exactly.

ot • Verification via Hashing:

ll N
• To verify the integrity of the forensic copies, hashing (e.g., using MD5 or

rn e SHA-256 algorithms) is performed on the original drive and the copies.

If the hash values match, the copies are exact.

C o • Example:
• During an investigation, the hard drive from a suspect's laptop is
copied bit-for-bit, and the hash values of the original and copies are
compared to ensure no data alteration.

• Live evidence is volatile and can be easily lost if a system’s state changes. Specialized tools are
required to extract it without contamination.
• Forensic copies, on the other hand, provide exact, bit-for-bit replicas of storage media.
• Creating these copies ensures that the original data remains untouched, allowing detailed analysis
of the duplicate.
• Verifying the integrity of the copies using hash values ensures the copies are accurate and can be
used as valid evidence in legal proceedings.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Forensic Analysis of Mobile Devices -1
• Challenges in Mobile Device
Forensic Analysis
• Reporting and Documentation in
Forensics
• Importance of Forensic Artifacts
• Frequent Changes in Operating Systems:
• Mobile device manufacturers frequently update the operating
system structure, file systems, and services, making it
difficult to keep forensic tools up to date.
• Lack of Universal Forensic Tools:
• No single tool can extract all the relevant data from every
mobile device, meaning investigators must often use multiple
tools.
• Application Hibernation/Suspension:
• Apps on mobile devices may enter a hibernation or
ti on
bu
suspension state, making it difficult to retrieve certain types
i
of live data during forensic analysis.
str
D i
for
• Extensive Training Required:
•
t
Forensic examiners need continual, updated training to
No
handle the evolving landscape of mobile device technology
and security mechanisms.
h a,
Na
Reporting and Documentation in Forensics:
• Ongoing Documentation:
je et
•
b hathe forensic
Throughout
documentation
investigation process,
is critical. This ensures that all evidence and
l Su stakeholders.
investigative steps are traceable and can be referenced by
o relevant

ByC • Stakeholders for Reports:

S P • Reports are essential for various audiences, including:

r CIS • Prosecution/Defense teams

s fo • Judges and Juries

ote • Regulators and Legal authorities

ell N • Investors and Insurers

orn • Content of Reports:

C • Reports must summarize the relevant evidence collected,
methods used, and provide conclusions that are clear and
comprehensible for each audience.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Forensic Analysis of Mobile Devices -2
• Challenges in Mobile Device
Forensic Analysis
• Reporting and Documentation in
Forensics
• Importance of Forensic Artifacts
Importance of Forensic Artifacts:
• Definition:
• Forensic artifacts are remnants of activities that occurred
during a breach or an attempted breach. These can act like
breadcrumbs, tracing the intruder's actions and path through
the system or network.
• Why Artifacts Matter:
• Artifacts can confirm or refute hypotheses regarding how a
breach occurred and who may have been responsible.
i on
Identifying these artifacts can help investigators build a case
t
by providing concrete evidence of malicious activity.
i bu
Examples of Forensic Artifacts:
str
D i
for
• Sources:

t
Computer systems, web browsers, mobile devices, hard
•
No
drives, and flash drives all generate artifacts.
• Common Artifacts:
h a,
• a
Nand
IP addresses, file names/types, registry keys, operating
t
echanges.
system information, logged information like account
e
updates andjfile
a
Example of Use:bh
•
u
AnSIP address found in the browser history could help identify
l
Cothe
•
location of an attacker. Similarly, registry keys might show
B y when malware was installed.

I SSP
r C
fo
es
ot
ell N
orn
C

• Mobile device forensic analysis is challenging due to rapid changes in operating systems, lack of
universal tools, and the complexity of suspended applications.
• Investigators require specialized training and tools to handle this complexity. Forensic artifacts are
crucial pieces of evidence in any investigation, acting as clues that can reveal the actions and
identity of an attacker.
• Proper reporting and documentation throughout the investigation process are necessary to ensure
the evidence is clear, accurate, and legally valid for stakeholders.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Chain of
Custody
• Importance of Chain of
Custody in Evidence
Collection
• Steps in Establishing and
Maintaining the Chain of
Custody
Chain of Custody
Definition of Chain of Custody:
• Focus on Control:
• The chain of custody refers to the documentation and control
over evidence from the moment it is collected until it is
presented in court. This ensures that the evidence has not been
tampered with, altered, or contaminated.
Importance of Chain of Custody in Evidence Collection:
• Maintaining Integrity for Legal Proceedings:
• The primary goal of the chain of custody is to maintain the
integrity of evidence, ensuring it is admissible in court. Proper

ti on
documentation and handling minimize the risk of the evidence
being dismissed.
i bu
• Preventing Contamination:
str
•
D i
Evidence must be handled and stored carefully to prevent any

for
form of contamination, tampering, or deterioration, especially

t
when it may need to be presented in court years later.
• Documentation:
No
•
h a,
The chain of custody involves documenting every transfer or

Na
handling of evidence, noting the time, date, and individuals
involved in each step.

jeet
Steps in Establishing and Maintaining the Chain of Custody:
•
bha
Tag the Evidence:

Su
• Evidence should be clearly tagged to document where it was
l collected, by whom, and on what date.

y
• Co
Bag the Evidence:
B • After tagging, the evidence should be stored securely in a sealed

I SSP container to prevent contamination. This step often involves

placing the evidence in tamper-proof evidence bags.
r C • Carry the Evidence:
fo
es • The evidence should be transported securely to an evidence

ot
storage location (e.g., an evidence locker) where it will remain

ll N
until it is needed for analysis or court proceedings.

rn e • Example:

C o • A hard drive collected from a crime scene is tagged with the

date, time, location, and name of the person who collected it. It
is sealed in a tamper-proof bag and stored in a secure evidence
locker until it is analyzed by forensic experts.

• The chain of custody ensures that evidence is collected, documented, and stored in a way that
maintains its integrity for use in legal proceedings.
• Key steps include tagging, bagging, and securely storing the evidence.
• Maintaining a clear chain of custody is critical to ensuring that evidence is admissible in court and
free from contamination.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition and Importance
of the Five Rules of Evidence
• Rule 1: Authentic
• Rule 2: Accurate
• Rule 3: Complete
• Rule 4: Convincing or
Reliable
• Rule 5: Admissible
Five Rules of Evidence
Definition and Importance of the Five Rules of Evidence:
• The five rules of evidence ensure that evidence is reliable and can withstand scrutiny in
legal proceedings. These rules help guarantee that evidence is presented in a manner
that is credible and can be used effectively in court.
• These rules are critical for both criminal and civil investigations to ensure that justice is
upheld and that evidence can be trusted.
Rule 1: Authentic:
• Meaning:
• Evidence must be proven to be genuine and not fabricated or tampered with.
This can be demonstrated through photos of the crime scene or through
forensic methods like bit-for-bit copies of digital media.
• Example:
•
i on
A photograph of a crime scene that was not altered or manipulated in any
t
way can be presented as authentic evidence.

i bu
Rule 2: Accurate:

str
• Meaning:
D i
for
• The evidence must retain its integrity and not be altered from the time it was
collected. This helps ensure that the data or physical objects are reliable.
t
No
• Example:
• A hard drive image that is shown to have the same hash value as the original

a,
drive, confirming it has not been modified.
h
Na
Rule 3: Complete:
• Meaning:
•
jeet
All relevant parts of the evidence must be presented, including those that

ha
may support or contradict the case. Presenting only part of the evidence can
undermine the investigation.
b
Su
• Example:
•
l Logs from a computer system must be presented in their entirety, not just

Co
selectively chosen entries.

By Rule 4: Convincing or Reliable:

• Meaning:

I SSP • Evidence must be strong enough to convince judges, juries, or other

decision-makers. It must be presented clearly and be understandable by

r C non-technical individuals.

fo • Example:

es • Presenting forensic findings in simple terms, making it easy for a jury to

ot grasp the importance of the evidence.

ll N
Rule 5: Admissible:

rn e • Meaning:

o
• Evidence must be permissible in court. Proper handling and maintaining the

C chain of custody can help ensure the evidence is admissible, but it doesn't
guarantee it.
• Example:
• Ensuring that digital evidence, like emails, is collected in a way that follows
legal standards so it can be presented in court.

• The five rules of evidence—authentic, accurate, complete, convincing/reliable, and admissible—

ensure that evidence is reliable, credible, and acceptable in legal proceedings.
• These rules help maintain the integrity of evidence throughout the investigation and trial process.
• Maintaining the chain of custody is critical to meeting these standards.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Investigative Techniques
Definition of Investigative Techniques:
• Definition of Investigative •Investigative techniques refer to specialized methods used to analyze data and
Techniques identify evidence during an investigation. These methods focus on uncovering
• Media Analysis information from various digital sources, such as media devices, software, and
networks, to understand how a security breach or incident occurred.
• Software Analysis
Media Analysis:
• Network Analysis
• Meaning:
• Media analysis involves examining physical storage devices such as
hard drives, flash drives, USBs, CDs, and other forms of digital storage.
• Key Focus:

on
• Searching for both existing and deleted files. Even when files are

erased.
uti
deleted, they often remain on the drive, with only the file pointers being

• Example:
tr i b
• is
A hard drive analysis reveals remnants of deleted files, allowing
D
for
recovery of critical evidence that could provide insight into the
incident.
t
No
Software Analysis:

a,
• Meaning:
h
Na
• This technique involves analyzing software, especially malware, to
understand its functionality, purpose, and origin.
• Key Focus:
jeet
ha
• Uncovering how malware operates and identifying clues that could

blead to the source of its creation. Attribution analysis is crucial here to

Su
determine who may be responsible for the malicious software.
l
Co
• Example:

By • Through software analysis, investigators find traces in the code

indicating the malware was created in a specific region, leading to

SP
potential attribution.

CI S Network Analysis:

for • Meaning:
• Network analysis examines how a network was accessed, how it was
es traversed, and which systems were compromised during an incident.
ot • Key Focus:

ell N • Logs from systems and network devices are typically examined to track

rn
the movement of attackers through the network and uncover potential

C o • Example:
vulnerabilities.

• Network analysis reveals that an unauthorized user accessed the

network through an open port and was able to move laterally to other
systems, eventually breaching sensitive data.

• Investigative techniques such as media analysis, software analysis, and network analysis are
essential tools in digital forensics.
• Each method focuses on different aspects of the investigation: media analysis recovers deleted
data, software analysis decodes malicious software, and network analysis traces the attacker’s
movements through a compromised network.
• All techniques together help to form a comprehensive understanding of the incident and are critical
to securing evidence.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Overview of Investigation
Types
• Criminal Investigations
• Civil Investigations
• Regulatory Investigations
• Administrative Investigations
Types of Investigations
Overview of Investigation Types:
• Different types of investigations are conducted based on the nature of the incident, such
as criminal activities, civil disputes, regulatory violations, or administrative policy
breaches.
• These investigations can be initiated by different authorities, including law enforcement,
regulatory bodies, organizations, or individuals.
Criminal Investigations:
• Definition:
• Investigations that deal with crimes, often leading to legal punishment such
as jail time or criminal records.
• Driven by:
• Primarily law enforcement, with potential support from the organization

on
where the crime occurred.
• Example:
uti
•

tr i b
A hacker breaches a company’s systems and steals sensitive customer
data. Law enforcement takes over the investigation to pursue charges of
cybercrime.
D is
for
Civil Investigations:
• Definition:
t
No
• These involve disputes between individuals or organizations, and the
outcome typically results in fines or monetary penalties rather than criminal

a,
sentences.
• Driven by:
h
•
Na
The involved organizations, individuals, or their legal representatives.
• Example:
•
jeet
Two companies are involved in a legal dispute over intellectual property,

bha
and the court assigns financial damages to the losing party.

Su
Regulatory Investigations:

l
• Definition:

Co
• These investigations focus on violations of regulatory requirements

y
governing specific industries.

B • Driven by:

SP
• The relevant regulatory body overseeing the compliance of organizations.

CI S • Example:
• A company is investigated by a financial regulatory body for failing to

for comply with anti-money laundering regulations.

s
Administrative Investigations:

ote • Definition:
• These deal with internal violations of an organization’s policies or

ll N
procedures. The focus is on resolving organizational issues without

rn e involving law enforcement, unless criminal activity is suspected.

o
• Driven by:

C • Example:
• The organization itself.

• An employee is found to have violated internal data security policies by

sharing confidential company information with an unauthorized third party.

• Different types of investigations—criminal, civil, regulatory, and administrative—are used to handle

incidents depending on the severity and nature of the violation.
• Criminal investigations are driven by law enforcement and can lead to legal penalties, civil
investigations focus on monetary damages, regulatory investigations involve oversight bodies, and
administrative investigations deal with internal policy violations.
• Understanding the type of investigation helps determine the appropriate authorities to involve and
the course of action.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Conduct Logging and Monitoring Activities - SIEM
• Definition of SIEM
• Functionality of SIEM
Systems
• Benefits of SIEM
Definition of SIEM (Security Information and Event Management):
• SIEM systems aggregate, analyze, and manage logs and events from
various sources across an organization's network. The goal is to
provide centralized log management and alerting capabilities to
support security operations.
Functionality of SIEM Systems:
• Ingesting Logs:
• SIEM tools collect logs from diverse sources, such as firewalls,
routers, switches, IDS/IPS, endpoint security tools, servers,
and applications.
• Analyzing Logs:
ti on
•
i bu
SIEM analyzes these logs for patterns or anomalies that may

str
indicate suspicious activities or potential threats.
• Reporting and Alerts:
D i
for
• The system generates reports and real-time alerts on
t
important security events, facilitating quick detection and
response to incidents.
No
• Correlation and Centralization:
h a,
Na
• SIEM systems correlate data from different systems to identify

et
potential security incidents that may not be apparent when
je
viewed in isolation.
ha
Benefits of SIEM:
b
Su
• Centralized Monitoring:
l
Co
• Provides a single pane of glass for monitoring security events
across an organization.
By • Real-Time Threat Detection:

I SSP • Helps in the real-time detection of potential security incidents

by correlating data and providing actionable intelligence.
r C
fo • Compliance Support:

es • SIEM systems can assist in regulatory compliance by

ot generating reports that demonstrate adherence to security

ll N
standards and requirements.

rn e • Improved Incident Response:

C o • SIEMs allow security teams to investigate and respond to

incidents more effectively by consolidating relevant data in one
place.

• SIEM systems play a critical role in security operations by aggregating and analyzing log data from
multiple sources to detect, monitor, and respond to security threats.
• They enable centralized visibility, enhance incident response capabilities, and support compliance
efforts, making them essential for robust security operations.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Understanding SIEM Systems in Security Operations - 1
• Overview of SIEM
• Purpose and Functionality
of SIEM
• Key Capabilities of SIEM
• Example Sources of Event
Data for SIEM
Overview of SIEM (Security Information and Event Management):
• SIEM systems are used to aggregate, correlate, and analyze logs from various
devices across an organization to detect potential security incidents. They
provide centralized management for log data and support incident response
efforts.
Purpose and Functionality of SIEM:
• Log Aggregation and Correlation:
• SIEMs collect logs from disparate devices, standardize the data
(normalization), and correlate events to find meaningful patterns.
• Alerting and Reporting:

on
• SIEM systems alert security analysts when suspicious activity is
ti
detected, allowing them to respond to potential incidents in real-
u
time.
tr i b
•
D is
Example: Analyzing login activity from different users to detect if
they share the same IP address, which could indicate a

for
compromised account.
Human and Process Integration: t
No
•
• Beyond technology, SIEM requires trained personnel to analyze
a,
alerts effectively and escalation procedures to handle incidents
h
Na
appropriately.

et
Key Capabilities of SIEM:
1.
j
Aggregation:
e
•
bha
Brings together logs from multiple sources across an organization

Su
under a unified platform.
2.
l
Normalization:

y Co
• Converts logs from different formats (e.g., time/date formats) into a
B standardized format.

SP
3. Deduplication:

CI S • Eliminates duplicate events, streamlining analysis and reducing

for 4.
redundant data.
Correlation:
es
ot
• Identifies relationships between events that may indicate a security

ll N
issue (e.g., multiple failed login attempts followed by a successful
login).

rn e 5. Secure Storage:

C o • Ensures logs are securely stored and read-only to prevent tampering

or accidental deletion.
6. Analysis and Reporting:
• Analyzes events based on programmed rules and reports significant
incidents for further investigation.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Understanding SIEM Systems in Security Operations - 2
Example Sources of Event Data for SIEM:
• Overview of SIEM
• Security Appliances:
• Purpose and Functionality
• Firewalls, antivirus, and data loss prevention (DLP) tools.
of SIEM
• Key Capabilities of SIEM • Network Devices:
• Example Sources of Event • Routers, switches, and load balancers.
Data for SIEM
• Applications and Servers:
• Logs from critical applications and servers.

• Operating Systems:
• Logs from Windows, Linux, and other OS.
t i on
Intrusion Prevention and Detection Systems (IPS/IDS):
i b u
r
•
Logs related to intrusion attempts and suspicious traffict patterns.
•
D is
t for
N o
h a,
t Na
je e
b ha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• SIEM systems are integral to security operations, allowing organizations to collect, normalize, and
correlate logs from multiple sources to detect security incidents.
• Key functionalities like aggregation, secure storage, and correlation enable faster threat detection,
real-time alerts, and support for compliance requirements.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Understanding Threat Intelligence in Security Operations
• Definition of Threat Intelligence
• Purpose of Threat Intelligence in
Security
• Threat Intelligence Sources
• Threat Intelligence in SIEM
Systems
Definition of Threat Intelligence:
• Threat intelligence involves the research, analysis, and tracking of threat
trends to help organizations proactively identify and respond to security
risks.
• It provides insights into potential threats that an organization might face,
allowing security teams to anticipate and prepare.
Purpose of Threat Intelligence in Security:
• Enhances the ability of security teams to recognize and respond to
emerging threats by providing relevant, timely information on potential

on
vulnerabilities and threat actors.
• Helps organizations move from reactive to proactive defense,
uti
strengthening their digital security posture.
tr i b
Threat Intelligence Sources:
D is
1. Vendor Trend Reports:
t f or
•
N omethods,
Reports published by security vendors detailing recent and

a ,
significant threats, common attack and known

ah
vulnerabilities.
2. Public Sector Reports (e.g., N
t and detailed guidance for handling and
US-CERT):
ealerts
•
je
Provides critical
mitigatinga
h current threats, particularly for infrastructure and
publicbsectors.
l SuSharing and Analysis Centers (ISACs):
C• o ISACs are sector-specific hubs where organizations can share
3. Information

B y threat data and insights (e.g., Financial Services ISAC,

P
S 4. Other Sources:Healthcare ISAC).

CI S
for • Includes open-source threat intelligence platforms, government

tes advisories, and commercial threat feeds.

o
ll N
Threat Intelligence in SIEM Systems:

rn e • Many SIEM solutions offer threat intelligence subscriptions to integrate

C o •
external threat data, adding enhanced detection and alerting capabilities.
Allows SIEMs to correlate internal events with known threat data, helping
to identify suspicious activity more accurately.

• Threat intelligence is a critical component of an organization’s cybersecurity strategy, enabling

proactive identification and response to threats.
• It provides actionable insights that can be integrated into SIEM systems, enhancing real-time
detection and allowing for a more proactive approach to security by leveraging insights from both
commercial and public sources.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Understanding User and Entity Behavior Analytics (UEBA)
Definition of UEBA:
• Definition of UEBA
• UEBA, short for User and Entity Behavior Analytics, focuses on
• Core Functionality of UEBA
analyzing the behavior patterns of users and system entities (devices,
• Application and Use Cases of
networks, etc.).
UEBA
• Benefits of UEBA in Cybersecurity • It uses machine learning to establish baseline behaviors for each user
and entity, allowing for the detection of deviations from normal
activity.
Core Functionality of UEBA:
• Behavior Monitoring: Tracks patterns and trends in user and system
entity actions.
• Data Correlation and Analysis: Logs data, correlates relevant
ti on
patterns, and analyzes deviations.
i bu
•
str
Alert Triggering: Sends alerts when behavior deviates significantly
D
from established baselines, indicating potential risks.i
Application and Use Cases of UEBA:
t for
No
1. Insider Threats:
•
h a,
UEBA helps detect unusual activities from internal users,

Na
such as unauthorized data access or privilege misuse.

et
2. Hacked Privileged Accounts:
•
je
Monitors for abnormal actions performed by privileged

bha
accounts, indicating a potential compromise.
3.
Su
Brute-Force Attacks:
l
Co
• Identifies patterns of repeated access attempts and login

By 4.
failures as indicators of brute-force attacks.
General Anomaly Detection:

I SSP • UEBA’s machine learning models allow it to identify patterns

r C that may signal a security breach before it escalates.

fo Benefits of UEBA in Cybersecurity:
es
ot
• Proactive Detection: Identifies suspicious behavior proactively,

ll N
providing security teams with alerts before a breach progresses.

rn e • Machine Learning Advantage: ML-based analysis allows for dynamic

and precise detection of anomalies without requiring predefined
C o rules.
• Enhanced Response to Advanced Threats: UEBA is particularly
effective against sophisticated attacks, as it adapts to the unique
baseline of each user/entity.

• UEBA enhances an organization’s cybersecurity defenses by using machine learning to establish

behavioral baselines for users and entities.
• Deviations from these baselines trigger alerts, enabling timely detection of insider threats,
compromised accounts, and other advanced attacks.
• This predictive and adaptive capability provides a proactive layer of security in identifying and
mitigating potential risks.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Continuous Monitoring in Security Operations
• Definition of Continuous
Monitoring
• Importance of Continuous
Monitoring
• Key Components of Effective
Continuous Monitoring
• Role of SIEM in Continuous
Monitoring
Definition of Continuous Monitoring:
• Continuous Monitoring refers to the ongoing, proactive monitoring of
systems, networks, and environments to detect, analyze, and respond
to potential security threats in real time.
Importance of Continuous Monitoring:
• Threat Detection: Enables organizations to identify potential threats
quickly, reducing response time.
• Compliance Maintenance: Ensures compliance with regulatory
standards by maintaining visibility into security controls.

on
• Adaptation to Changes: Allows rapid detection and adaptation to
threats.
uti
changes in the environment, such as new vulnerabilities or emerging

Key Components of Effective Continuous Monitoring:

tr i b
is
r D for
1. Technology:
•
t
aggregating, and analyzing log data fo
Technology like a SIEM system is essential
across
gathering,
systems.
N o
a,
2. Processes:
•
a
necessary to keep the h
Regular updates, configurations,
monitoring
and tuning are
system aligned with
N
et
evolving security needs.
3. People:
a je
Skilledh
•
u
true b personnel
threats,
are required to interpret data, recognize
and determine escalation procedures for
S
l response.
Role ofC
o
By SIEM in Continuous Monitoring:

S P• Amonitoring
SIEM, once set up and tuned, plays a pivotal role in the continuous
process by:

CI S • Aggregating Logs: Collecting logs from various sources

for for unified analysis.

tes • Correlating Events: Detecting patterns across events

that may indicate a potential attack.
N o • Generating Alerts: Promptly alerting security personnel

rn ell •
when suspicious activities are detected.
Supporting Compliance: Enabling continuous
C o monitoring for compliance requirements, including
record-keeping and audit readiness.

• Continuous Monitoring is essential for maintaining a strong security posture. It integrates

technology, processes, and people to detect, assess, and respond to potential security risks.
• SIEM systems form the backbone of continuous monitoring, centralizing data for real -time threat
detection and helping organizations adapt to evolving cyber threats.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Continuous Monitoring Concept and Value in Organizations
Purpose of Continuous Monitoring:
• Definition and Purpose of
• Continuous Monitoring is a security approach involving the ongoing,
Continuous Monitoring
real-time review of an organization's IT environment to identify and
• Key Components of Continuous respond to security threats before they can impact the organization
Monitoring significantly. It’s not a one-time setup; it requires ongoing attention
• Importance of Continuous and updates.
Monitoring for a SIEM System
Key Components of Continuous Monitoring:
• Value of Continuous Monitoring to
an Organization 1. Threat Adaptation:
• Constantly adjusts to a dynamic threat environment, with
new threats and vulnerabilities emerging regularly.
2. Asset Management:
ti on
i bu
•
str
Tracks and updates changes in the organization’s assets,
i
ensuring new assets are covered and monitored.
D
for
3. Rule Configuration:
•
t
Establishes new monitoring rules in response to identified
No
threats, requiring continuous configuration.
4. Balancing Alerts:
h a,
Na
• Manages false-positives and false-negatives, refining

jeet
monitoring to focus on actionable alerts.

ha
Importance of Continuous Monitoring for a SIEM System:
•
b
Initial Setup: While the SIEM setup process can take months to
Su
complete due to complexities, the work doesn’t stop once it’s
l
Co
operational. Regular updates and monitoring are essential for

By •
optimal functioning.
Ongoing Adjustments: To maintain effectiveness, the SIEM must

I SSP evolve with the organization’s needs, adapting to updated rules,

tuning to prevent alert fatigue, and refining to ensure alerts are
r C
fo meaningful and timely.

es Value of Continuous Monitoring to an Organization:

ot • Proactive Threat Mitigation: Identifies and responds to threats

ell N quickly, minimizing damage before a breach escalates.

orn • Regulatory Compliance: Helps in meeting and maintaining

compliance standards through continuous visibility into security
C posture.
• Operational Efficiency: Maintains a balance between necessary
alerts and operational efficiency, reducing unnecessary distractions
and focusing on real threats.

• Continuous Monitoring provides significant value to organizations by offering real-time threat

detection and response.
• It ensures that a SIEM system is continuously updated to address new vulnerabilities, adapt to
changes in assets, and refine alerting mechanisms.
• This proactive approach not only safeguards the organization but also supports regulatory
compliance and operational resilience.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security Orchestration, Automation, and Response (SOAR)
• Definition and Purpose of SOAR
• Key Focus Areas of SOAR
• SOAR Integration and
Automation Capabilities
• Benefits of SOAR for SOC
Operations
Definition and Purpose of SOAR:
• SOAR (Security Orchestration, Automation, and Response) is a suite of
tools and technologies that collect and analyze data from various
sources, such as SIEM systems, devices, emails, and manual inputs.
Its primary role is to apply predefined rules and workflows based on an
organization’s security procedures to manage threats effectively.
Key Focus Areas of SOAR:
1. Threat and Vulnerability Management:
• Manages and prioritizes vulnerabilities within the
organization's assets, ensuring quick response to emerging

on
threats.
2. Incident Response:
uti
•
tr i
Automates and streamlines the response process for
b
of security events.
D is
incidents, ensuring quick detection, response, and resolution

3. Security Operations Automation:

t for
No
• Automates repetitive security tasks and processes, reducing
the workload for SOC analysts and allowing them to focus on
higher-priority tasks.
h a,
Na
SOAR Integration and Automation Capabilities:

et
• SOAR tools are designed to integrate with other security technologies,
je
providing a unified approach to security management.
•
bha
Automation: SOAR uses automated workflows and responses based

Su
on established policies, which enable quicker and more consistent
l
incident handling.

y
•
Co
Machine Learning: Employs machine learning to assist with threat
B detection and to improve SOC efficiency, helping security teams

SP
continuously enhance their response tactics.

CI S Benefits of SOAR for SOC Operations:

for • Enhanced Visibility: Consolidates data from different security

systems, giving SOC teams a clearer picture of the security landscape.

es Streamlined Incident Response: By automating response workflows,

ot
•
SOAR reduces response time for incidents, improving organizational

ell N resilience.

rn
• Consistent Threat Management: Automated workflows ensure

C o threats are managed in a standardized and effective manner across

the organization.
• Data Analytics and Reporting: Offers built-in analytics for data-driven
decision-making and creates detailed reports for compliance and
security posture improvement.

• SOAR combines compatible technologies to streamline threat management, incident response, and
operational automation.
• By consolidating data from diverse sources, automating workflows, and leveraging machine learning,
SOAR enhances SOC capabilities, improves incident response times, and enables more efficient and
consistent security operations.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Configuration Management (CM)
• Definition and Importance of
Configuration Management (CM)
• Key Elements of CM: Provisioning,
Baselining, and Automation
• CM Lifecycle and Processes
• Benefits of Effective CM
Definition and Importance of Configuration Management (CM):
• Configuration Management is the systematic approach to handling changes in an
organization's systems and software. CM ensures that assets are provisioned,
configured, tracked, and maintained in a consistent and secure state to support security
and operational goals.
• Importance: CM helps prevent configuration drift, minimizes vulnerabilities, and ensures
that all systems comply with organizational standards and baselines.
Key Elements of CM:
1. Provisioning:
• Definition: Provisioning involves setting up and configuring resources (like
servers, applications, and network devices) based on specific requirements.
• Example: When a new server is added, provisioning includes installing

on
software, applying security patches, and ensuring it meets baseline
standards.
uti
2. Baselining:

tr i b
s
• Definition: Baselining is creating a standard configuration for systems and
i
applications, defining the security and performance parameters each asset
D
for
must meet.

t
• Example: Establishing a baseline for a server OS that includes approved

No
software, specific configurations, and security settings. Baselines act as
reference points for compliance and change management.
3. Automation:
h a,
Na
• Definition: Automation within CM involves using tools and scripts to apply

et
configurations, manage updates, and track changes consistently and with
minimal human intervention.
je
ha
• Example: Automated patch management tools update systems as per the
baseline requirements, reducing the chances of human error and ensuring
b
Su
consistency.

l
CM Lifecycle and Processes:

Co
• Establish Baselines: Identify and set configurations and standards for systems and

By •
assets.
Provision Assets: Deploy systems and apply baseline configurations.

I SSP •
•
Monitor Changes: Continuously monitor systems to detect deviations from the baseline.
Update and Maintain: Apply updates and make necessary configuration adjustments to

r C maintain compliance with security policies.

fo • Audit and Document: Regularly audit systems against the baseline and maintain

es documentation to track changes over time.

ot Benefits of Effective CM:

ll N
• Improved Security: Consistent configurations reduce vulnerabilities and make it easier

rn e •
to detect unauthorized changes.
Operational Efficiency: Automation and standard baselines streamline the deployment,

C o •
maintenance, and troubleshooting of systems.
Compliance: Maintains alignment with industry regulations and organizational policies,
ensuring all systems meet required security and operational standards.
• Reduced Downtime: Standardized configurations help prevent compatibility issues and
configuration drift that could cause system failures.

• Configuration Management is a structured approach that includes provisioning, baselining, and

automation to ensure systems are deployed, configured, and maintained consistently.
• Effective CM improves security, operational efficiency, and compliance, with baseline standards and
automation playing key roles in minimizing human error and enhancing system reliability.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Asset Inventory in Configuration Management
• Definition and Role of Asset
Inventory
• Provisioning and Secure
Deployment
• Asset Inventory Database
• Asset Management Life Cycle
Definition and Role of Asset Inventory:
• An asset inventory is a comprehensive list of all hardware, software,
and devices within an organization. It serves as a foundational
component of Configuration Management (CM) to maintain oversight
of the organization’s assets.
• Purpose: Helps in tracking, maintaining, and securing assets,
forming a critical part of managing the organization’s attack surface
by identifying all points that could potentially be targeted by
attackers.
Provisioning and Secure Deployment:
• Provisioning: Refers to the deployment and setup of assets within
ti on
the organization, including configuring them for secure use.
i bu
•
tr
Secure Deployment: When provisioning assets (like firewalls,
s
i
routers, or software), security best practices such as changing
D
for
default settings and applying system hardening measures are
essential to prevent vulnerabilities.
t
•
No
Example: Deploying a new firewall without the vendor’s

a,
default credentials and applying strict access control
h
configurations aligned with the organization’s baseline.
Asset Inventory Database: Na
•
eet
The database should be updated each time an asset is added or
j
ha
removed to ensure the inventory remains current.
b
Su
• Importance: A current asset inventory helps track asset ownership,
l
status, and condition, facilitating timely patching, scanning, and

y Co
configuration compliance.

B • Example: When new software is installed, the asset

SP
database should reflect its version, deployment date, and

CI S responsible owner for oversight.

Asset Management Life Cycle:
for • Planning and Procurement: Identifying and planning what assets
es are needed, followed by procurement.
ot
ll N
• Secure Provisioning: Deploying the assets while ensuring they are
configured according to security policies.
rn e • Management and Maintenance: Regular updates, patches, and
C o audits to maintain compliance with security standards.
• Disposal or Decommissioning: Removing assets securely when
they are no longer needed, with updates to the asset inventory to
reflect changes.

• An asset inventory is essential for tracking organizational assets and reducing vulnerabilities by
maintaining control over all hardware and software.
• Secure provisioning during asset deployment, coupled with an up-to-date inventory database,
supports asset management, providing visibility, accountability, and regular maintenance
throughout the asset life cycle.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Configuration Management
• Definition and Role of
Configuration Management
• Importance of Baselines,
Policies, and Standards
• Role of Hardening in
Configuration Management
• Automation in Provisioning
• Key Steps in Configuration
Management
• Configuration management ensures devices and software are
configured correctly from the moment of deployment to maintain
security and functionality standards.
• Purpose: Helps achieve a secure, stable environment by enforcing
standard configurations across all devices, reducing potential
vulnerabilities from misconfigurations.
Importance of Baselines, Policies, and Standards:
• Baselines, policies, and standards guide configuration
management by establishing the expected settings for each type of
asset.
• These guidelines ensure that configurations align with the
ti on
organization’s security goals and regulatory requirements.
i bu
•
tr
Example: A baseline configuration for a server might specify
s
i
firewall settings, active protocols, and password policies.
D
for
Role of Hardening in Configuration Management:
•
t
Hardening removes unnecessary services and features from
devices, minimizing the attack surface.
No
•
h a,
Objective: Reduces the risk of exploitation by limiting functions to

Na
only what is required for operational purposes.

et
• Example: Disabling unused ports and services on network
je
devices as part of the deployment process.
ha
Automation in Provisioning:
b
•
l Su
Automated provisioning tools support consistency in configurations,

Co
especially in larger environments, reducing human error and saving
time.
By • Benefits: Automation ensures uniformity in device settings across

I SSP the network and enables quick, reliable deployment.

• Example: Automated scripts for setting up new devices with
r C baseline security configurations and updates.
fo
es Key Steps in Configuration Management:

ot 1. Identify assets to control: Track each hardware and software

ll N
asset under management.

rn e 2. Configure assets: Apply baseline configurations and hardening

C o 3.
measures.
Document configuration: Record settings for reference, audits,
and troubleshooting.
4. Verify configuration: Use tools like credentialed vulnerability
scans to confirm compliance with configurations.

• Configuration management enforces standardized, secure settings across devices, supported by

baselines, policies, and hardening practices.
• Automation enhances consistency and efficiency, especially in large environments.
• Documentation and periodic reviews of configurations ensure ongoing alignment with security
policies, reducing the risk of misconfigurations.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Foundational Security Operations Concepts
• Need to Know / Least
Privilege
• Separation of Duties (SoD)
• Privileged Account
Management (PAM)
• Job Rotation
• Service Level Agreements
(SLA)
Need to Know / Least Privilege:
• Definition: Users are given the minimum level of access necessary to
perform their tasks.
• Objective: Limits data exposure and reduces security risks by ensuring
users cannot access information beyond their scope of work.
• Example: An employee in HR might have access to payroll data
but not sensitive IT infrastructure details.
Separation of Duties (SoD):
• Definition: Critical tasks are divided among multiple individuals to
prevent fraud, errors, and conflicts of interest.
• Objective: Reduces the risk of abuse of power or authority by
ti on
distributing roles and responsibilities.
i bu
•
str
Example: In financial transactions, one employee initiates the
payment, while another approves it.
D i
Privileged Account Management (PAM):
t for
No
• Definition: Controls access to highly privileged accounts with special

a,
rights or access within systems.
•
h
Objective: Ensures sensitive accounts are monitored and accessed
Na
securely, reducing the risk of misuse.
•
jeet
Example: Administrative accounts with access to core servers

ha
are only accessible to authorized personnel with multi-factor
bauthentication.

Su
Job Rotation:
l
Co
• Definition: Regularly rotating employees through different roles to

By expose them to various functions and responsibilities.

SP
• Objective: Reduces fraud by preventing employees from having
prolonged control over sensitive areas, encouraging cross-training.

CI S • Example: IT staff may rotate between support, operations, and

for cybersecurity teams periodically.

es Service Level Agreements (SLA):

ot • Definition: Formal agreements outlining expected service levels

ell N between service providers and clients.

orn • Objective: Establishes measurable performance standards,

responsibilities, and penalties for non-compliance.
C • Example: An SLA with a cloud provider might stipulate a 99.9%
uptime guarantee and response times for critical issues.

• Foundational security operations concepts enforce secure, structured, and monitored access within
organizations.
• Principles like need to know, least privilege, and separation of duties prevent unauthorized data
access and misuse.
• PAM focuses on protecting privileged accounts, while job rotation helps deter fraud.
• SLAs formalize expectations between parties, enhancing accountability and service standards.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Foundational Security Operations Concepts
Privileged Account Management (PAM):
• Privileged Account • Definition: PAM involves securing and monitoring accounts that have extensive
Management (PAM) system access, like "root" or "admin" accounts.
• Need to Know vs. Least • Key Measures:
Privilege • Restricted Access: Limited only to users who need high-level system
control for specific tasks.
• Job Rotation
• Dual Accounts: Personnel have regular user accounts and separate
• Service Level Agreements privileged accounts.
(SLAs) • Multifactor Authentication (MFA): Privileged accounts must require
MFA for added security.
• Increased Monitoring: Activities performed with privileged accounts

on
should be logged and monitored in detail.
•
ti
Example: An IT admin has a regular user account for daily tasks and a
u
Need to Know vs. Least Privilege:
tr b
separate privileged account used strictly for system maintenance.
i
•
D is
Need to Know: Restricts a user’s knowledge or access to only the data

for
necessary for their role.
•
t
Example: An HR employee can access employee records but cannot

No
view financial data.

a,
• Least Privilege: Limits a user’s actions and privileges to those required for their
specific duties.
h
•
Na
Example: A network technician can view network configurations but

Job Rotation:
jeet
cannot make system-wide changes.

•
bha
Definition: Periodically rotating employees through different roles to prevent

Su
prolonged control over sensitive functions.
•
l
Benefits:

y Co
• Fraud Deterrence: Reduces opportunity for fraudulent behavior.

B • Process Verification: Ensures transparency and process checks.

SP
• Cross-Training: Prepares employees to cover multiple roles,

CI S •
preventing single points of failure.
Example: Employees in finance rotate through different audit

for functions every six months.

es Service Level Agreements (SLAs):

ot
• Definition: Legal contracts between a customer and vendor detailing

ll N
performance standards, response times, and other agreed-upon operational
specifics.

rn e • Key Elements:

C o •
•
Response Times: Define time frames for specific incident responses.
Performance Standards: Set benchmarks for acceptable service
quality and availability.
• Example: A cloud service provider agrees in an SLA to address critical
incidents within one hour.

• Foundational security concepts—PAM, need to know, least privilege, job rotation, and SLAs—
enhance security within an organization.
• PAM restricts and monitors high-access accounts to prevent misuse.
• Need to know and least privilege principles ensure access and actions are limited to job -specific
requirements, reducing exposure risk.
• Job rotation minimizes fraud potential and encourages skill development.
• SLAs provide structured agreements, establishing expectations for service quality and response.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Resource Protection Techniques
Media Management:
• Media Management • Importance of Data Protection: Critical to ensure data remains
• Mean Time Between Failure accessible and secure over time, given its role as a valuable asset for
(MTBF)Media Types organizations.
• Key Media Management • Long-term Data Storage: Different media types are chosen based on
Considerations storage needs, portability, and data retention requirements. Media
• Media Protection Techniques must often be refreshed or transferred to new formats over time.
• Hardware and Software Asset Mean Time Between Failure (MTBF):
Management • Definition: MTBF is a criterion for evaluating the durability and lifespan
of storage media.
• Consideration: When storing valuable data, organizations should
ti on
i bu
assess the reliability of storage media, keeping MTBF in mind for data
requiring long-term retention.
str
Media Types:
D i
for
• Variety of Media: Includes paper, microforms (microfilm, microfiche),
t
magnetic (HD, disks, tapes), flash memory (SSD, memory cards), and
optical (CD, DVD).
No
•
h a,
Periodic Data Migration: Regular data migration to new media ensures

Na
compatibility and data preservation.

et
Key Media Management Considerations:
•
je
Factors to Consider: Confidentiality, access speeds, portability,
ha
durability, media format, and data format.
b
Su
• Example - Confidentiality: Encryption algorithms should be
l evaluated for long-term use; strong cryptography today may be

y Co outdated in the future.

B Media Protection Techniques:

I SSP • Associated Measures: Policies, access control, labeling, storage,

transport, sanitization, and end-of-life disposal.
r C • Purpose: The degree of protection aligns with the data’s value and
fo organizational risk management strategies.
es
ot
Hardware and Software Asset Management:

ll N
• Inventory Management: Complete asset inventory is essential to track

rn e hardware and software.

C o • Asset Lifecycle Management: Assign ownership, ensure patching,

secure configurations, and maintain proper licensing for each asset.
• Examples: Routine patching, secure configuration before
deployment, and monitoring for ongoing security.

• Media management is crucial for protecting and retaining data over time.
• With diverse storage media and durability requirements, managing assets effectively requires regular
inventory, careful consideration of MTBF, and data migration to maintain accessibility and security.
• Asset management practices are essential, covering hardware/software lifecycle, secure
configurations, and regulatory compliance, to minimize risks and optimize asset value.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Incident Response Process
• Incident Response
• Event vs. Incident
• Incident Response Phases
Incident Response:
• Definition: A structured approach for identifying, managing, and mitigating
incidents in an organization.
• Goal: Minimize damage, restore normal operations, and prevent future incidents.
Event vs. Incident:
• Event: An observable occurrence (e.g., a login attempt, file access).
• Incident: An adverse event that negatively affects confidentiality, integrity, or
availability of data or systems.
• Key Distinction: Not all events are incidents; an incident requires a response due
to its potential harm to the organization.
Incident Response Phases:
1. Preparation:
• Developing incident response policies, procedures, and
ti on
communication plans.
i bu
r
• Training team members and ensuring tools are available (e.g., SIEM
systems, threat intelligence).
ist
2. Detection:
D
for
• Identifying unusual or malicious activity through monitoring tools and
threat intelligence.
t
•
No
Determine if the activity qualifies as an incident requiring action.

a,
3. Response:
•
h
Confirm the incident, assemble the incident response team, and

Na
activate response protocols.
•
4. Mitigation:
jeet
Take initial steps to contain the incident and prevent further damage.

•
bha
Implement containment actions (e.g., isolating affected systems,

Su
blocking malicious IPs).

l
• Stop the incident from spreading and limit its impact on other systems.

Co
5. Reporting:

By • Document findings, activities, and communications throughout the

incident lifecycle.

I SSP • Notify relevant stakeholders (e.g., management, legal teams) as

necessary.

r C 6. Recovery:

fo • Restore systems to operational status with backups or secure

es replacements.

ot • Test affected systems to ensure no residual threats remain.

ll N
7. Remediation:

rn e •
•
Identify and eliminate the root cause to prevent recurrence.
Update security controls, policies, or procedures as needed.

C o 8. Lessons Learned:
• Conduct a post-incident review to analyze the incident and response
effectiveness.
• Document improvements to refine future incident response and
resilience.

• The incident response process involves preparing for potential incidents, detecting threats, and
responding quickly to contain and mitigate impact.
• Post-incident, a thorough analysis and lessons learned help strengthen future response capabilities
and improve organizational resilience.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Events vs. Incidents in Incident Management
• Definition of Event
• Definition of Incident
• Examples of Detection Tools
• Examples of Incidents
Definition of Event:
• Event: Any observable occurrence within an environment, like a user
logging in, accessing a file, or a system updating software.
• Characteristics: Continuous, mostly routine activities that don't
negatively impact security or system function.
Definition of Incident:
• Incident: An event or series of events that disrupt normal operations,
posing potential harm to data, systems, or organization assets.
• Trigger for Incident Response: Incidents are adverse events that
should initiate the incident response process to mitigate risk.
Difference Between Events and Incidents:
ti on
•
i bu
Key Distinction: Events happen constantly and are mostly benign,
tr
while incidents represent a deviation from expected behavior that
s
may indicate a threat.
D i
for
• Response Needs: While events are typically logged, incidents
t
require immediate assessment, containment, and remediation.
Examples of Detection Tools:
No
1.
a,
IPS/IDS (Intrusion Prevention/Detection Systems): Monitors
h
Na
network traffic to identify suspicious behavior.
2.
jeet
DLP (Data Loss Prevention): Tracks sensitive data to prevent
unauthorized access or leaks.
3. ha
Anti-malware Software: Detects and removes malicious code.
b
4.
Su
SIEM (Security Information and Event Management): Aggregates
l
Co
and correlates logs from multiple sources for in-depth monitoring.

By 5. Physical Security: Motion sensors, cameras, and security guards

monitor physical premises.

I SSP Examples of Incidents:

r C • Malware Attack: Detection of malware that could harm systems or

fo data.

es • Hacker Attack: External attacker gains unauthorized access.

ot • Insider Attack: A legitimate user with malicious intent misuses their

ell N access.

rn
• Employee Error: Unintentional mistakes that compromise security.

C o • System Error: Software or hardware malfunction causing potential

vulnerabilities.
• Data Corruption: Loss or alteration of essential data.
• Workplace Injury: Physical incidents that may indicate security or
safety protocol failures.

• An event is a routine occurrence with no immediate threat, while an incident is an adverse event
requiring a structured response.
• Distinguishing between the two ensures resources are used efficiently, with incident response
reserved for cases that demand urgent security action and containment.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Incident Response Process
Preparation:
• Preparation
• Objective: Establish readiness for incidents.
• Detection
• Response (IR Team) • Actions: Develop the Incident Response (IR) process, assign IR team
members, and outline protocols for when an incident occurs.
• Mitigation (Containment)
• Reporting Detection:
• Recovery (Return to Normal) • Objective: Identify when an event becomes an incident.
• Remediation (Prevention)
• Lessons Learned (Process • Actions: Distinguish adverse incidents from regular events to initiate the
response process.
Improvement)

on
Response (IR Team):
• Objective: Activate the Incident Response team after detection.
u ti
•
tr b
Actions: Conduct an impact assessment to gauge the scale,iimpact,
and required resources or departments.
is
Mitigation (Containment):
fo rD
Objective: Limit the impact of the incident. t
•
N o
•
,
Actions: Focus on containing the issue to prevent further damage
aisolating
h
without necessarily resolving it (e.g., affected systems).
Reporting:
t Na
•
j
Objective: Communicate
ee incident status to stakeholders.
a updates during containment and designate a
Actions: Providehongoing
•
spokespersonu bto ensure message consistency.
S
ol to Normal):
Recovery (Return
C
•
B yObjective: Restore normal operations.
S P• Actions: Clean up, repair affected areas, and ensure systems return to

CIS
functional status.

or
Remediation (Prevention):

s f Objective: Address root causes to prevent recurrence.

o te •

ll N
• Actions: Implement system improvements and fixes to mitigate similar
incidents in the future.

rn e Lessons Learned (Process Improvement):

C o • Objective: Reflect on the incident to enhance future response.

• Actions: Review the incident holistically to identify areas for
improvement in processes, training, and system protection.

• The Incident Response Process involves structured steps starting with preparation, detecting
incidents, responding, containing the impact, and then moving to recovery and preventative
measures.
• Effective incident response relies on organized communication, clear roles, and continuous
improvement based on lessons learned to strengthen the organization’s security posture.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Malware Types and Concepts
Malware Definition:
• Malware DefinitionTypes of • Definition: Malicious software that disrupts, damages, or gains
Malware:Virus unauthorized access to systems.
• Worm Types of Malware:
• Logic Bomb Virus:
• Trojan Horse • Characteristics: Requires user action to activate.
• Polymorphic Malware • Example: A virus that infects a file, and only spreads when the file is
• Ransomware opened by the user.
• Rootkit Worm:
• Zero-Day • Characteristics: Self-propagates and spreads through networks

on
without user action.
•
t
Example: A worm infecting one device in a network, spreading to
u i
others autonomously.
Logic Bomb:
tr i b
•
D is
Characteristics: Executes malicious actions based on a specific

for
trigger condition in the code.
•
t
Example: Deletes files if a certain date or condition is met.
Trojan Horse:
No
•
h a,
Characteristics: Appears harmless but contains hidden malicious

Na
code.
• Example: An application disguised as a utility but steals data once
installed.
jeet
ha
Polymorphic Malware:
•
b
Characteristics: Changes its code or appearance to evade detection.
•
l Su
Example: Malware that alters its binary pattern to bypass antivirus

Co
scans.

By Ransomware:
• Characteristics: Encrypts files or systems and demands ransom for

I SSP •
the decryption key.
Example: Locks users out of critical systems until a ransom payment
r C is made.
fo Rootkit:
es
ot
• Characteristics: Conceals malicious tools or processes, often giving

ll N
attackers hidden access.
• Example: A rootkit that embeds itself in a system kernel, hiding its

rn e activities.

C o Zero-Day:
• Characteristics: Newly discovered malware without known detection
signatures.
• Example: Malware exploiting an undisclosed vulnerability, making it
undetectable by current security measures.

• Malware encompasses a range of harmful software types, each with unique behaviors and impacts.
• Understanding specific types, like viruses, worms, and ransomware, helps in identifying preventive
and remedial actions.
• Emerging malware like polymorphic and zero-day variants require adaptive and proactive security
measures to counter evolving threats effectively.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Types of Malware
Malware Definition:
• Definition of Malware • Description: Malicious software designed to harm, exploit, or damage a system.
• Types of Malware Types of Malware and Characteristics:
• Virus • Virus:
• Worm • Needs user action to activate (e.g., opening an infected file).
• Companion Malware • Worm:
• Self-propagates and spreads autonomously, often more damaging than a virus.
• Macro
• Companion Malware:
• Multipartite • Attaches to legitimate files, running alongside them by creating similar
• Polymorphic filenames.
• Trojan • Macro:

on
• Botnet • Found in documents like Excel, uses simple code that can automate malicious
• Boot Sector Infector actions.
Multipartite:
uti
b
•
• Hoaxes/Pranks •
tr i
Spreads through multiple vectors (e.g., Stuxnet spreading via USB then targeting
•
•
Logic Bomb
Stealth
systems).

D is
for
• Polymorphic:
• Ransomware • Changes form (file name, size, structure) each time it replicates to avoid
detection.
t
No
• Rootkit
• Trojan Horse:

a,
• Data Diddler • Disguised as legitimate software but contains hidden malicious code.
• Zero-Day
h
Na
• Botnet:
• Network of infected devices under an attacker's control, often used in DDoS

•
j et
attacks or spamming.
e
Boot Sector Infector:
•
bha
Installs in the boot sector of a hard drive, making it hard to detect and remove.

Su
• Hoaxes/Pranks:
•
l Not actual software, typically social engineering attempts causing harm or

Co
amusement.

By • Logic Bomb:
• Code that activates when certain conditions are met (e.g., deletion of files if a

SP
user is no longer employed).

CI S • Stealth Malware:
• Actively hides its presence, disabling security measures on the infected system.

for • Ransomware:

es • Encrypts files/systems, demands ransom for decryption key; often involves

ot
data exfiltration.

ll N
• Rootkit:
Collection of tools to hide malware presence, typically provides ongoing control
e
•

rn
to attacker.

C o • Data Diddler:
• Makes subtle changes to data over time, often used in financial fraud (e.g.,
salami attacks).
• Zero-Day:
• Newly discovered, no existing detection signatures; dangerous due to lack of
awareness.

• Malware encompasses a variety of types, each with specific characteristics and potential impacts on
system security.
• Understanding the distinctions among viruses, worms, Trojans, ransomware, rootkits, and zero-day
attacks allows for better detection, prevention, and response strategies, supporting comprehensive
defense in an evolving threat landscape.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Third-Party Provided Security Services
• Definition of Third-Party
Provided Security Services
• Types of Security Services
Available from Third-Party
Providers
• Role and Importance in
Modern Security Strategies
Third-Party Provided Security Services:
• Definition: Refers to security services that an organization can
outsource to external providers.
• Trend: With the growth of cloud technology, contracting third-party
security services has become increasingly common.
Types of Services Provided by Third-Party Vendors:
• SIEM (Security Information and Event Management):

on
• Continuous monitoring and log analysis across the
organization’s infrastructure.
uti
• Auditing Services:
tr i b
is
rD
• Regular or ad-hoc audits to ensure compliance with

t fo
regulatory standards and internal policies.
• Penetration Testing: o
Nvulnerabilities through
•
a ,
External testers attempt to find
simulated attacks, oftenhperformed annually or biannually.
t Na
•
je e and response to evolving malware
Antivirus and Malware Management:
• a through continuously updated protection.
Managed detection
hoften
b
threats,
u
l SServices:
•
C o Specialized in analyzing incidents post-breach, recovering
Forensic

B y •
data, and assessing the impact of an attack.
P
S Importance of Third-Party Security Services:
I S
C • Cost-Effectiveness: Reduces the need for in-house infrastructure
for
es and specialized staff for every security task.
ot
ll N
• Expertise: Access to specialized skills and the latest technology

rn e without direct investment in personnel and systems.

C o • Scalability: Services can scale with the organization’s needs, from

small businesses to large enterprises.

• Third-party provided security services allow organizations to enhance their security posture by
leveraging external expertise and infrastructure.
• Services like SIEM, penetration testing, and forensic analysis offer flexibility, scalability, and access
to advanced skills, supporting robust security without extensive internal resource allocation.
• This approach is integral in cloud environments where specialized, ongoing security support is often
required.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Purpose of Anti-Malware
Software
• Key Approaches in Anti-
Malware Protection
• Importance of Policy and
User Training
Role of Policy andb haTraining in Anti-Malware:
• Policies: lOrganizations
Anti-Malware
Anti-Malware Software Purpose:
• Primary Goal: To prevent malware from being activated or spreading
within an organization’s systems and networks.
Key Approaches in Anti-Malware Protection:
1. Signature-Based Detection:
1. Mechanism: Compares files against a database of known
malware signatures.
2. Strengths: Effective for detecting previously identified
malware.
ti on
3. Limitations: Unable to detect new or modified malware
i bu
without existing signatures.
str
2. Heuristic-Based Detection: D i
1.
t for
Mechanism: Analyzes behavior of code and files to identify
potentially malicious activity.
No
2.
a,
Strengths: Can detect new and unknown malware by
h
Na in false positives due to its predictive
identifying suspicious patterns.
3. Limitations: Mayt result
nature.
je e
User
Su
o should implement clear anti-malware policies

B yC
to guide behavior and protocol.

S P• User•Training and Awareness:

CIS
Objective: Educate users on recognizing suspicious files,

or
avoiding risky websites, and following safe email practices.

s f • Effectiveness: Reduces the risk of malware activation due to

o te human error or lack of awareness.

ell N
orn
C

• Anti-malware software is essential in safeguarding systems from malicious software, utilizing both
signature-based and heuristic detection to identify and neutralize threats.
• While technology is critical, robust policies and regular user training are equally important in
creating an effective defense against malware outbreaks.
• Heuristic detection offers a broader protection spectrum, while user awareness minimizes human-
initiated infections, making anti-malware efforts more comprehensive and resilient.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Anti-malware and Preventing Malware Outbreaks
Anti-malware Practices:
• Effective anti-malware
• Anti-malware tools aim to prevent malware from being activated.
practices
• Effective policies and user training are among the best defenses
• User training and policy against malware outbreaks.
• Types of detection: signature-
• Training helps users recognize suspicious links and attachments,
based vs. heuristic-based reducing the risk of unintentional activation.
• Activity monitoring
User Training and Policy Awareness:
• Change detection
• Training covers basic security practices and safe internet behaviors,
targeting common triggers for malware like email phishing.
• Awareness programs reduce reliance on automated systems by
equipping staff with threat recognition skills.
ti on
Detection Types:
i bu
1. Signature-based Detection:
str
i
1. Uses definition files with known malware signatures.
D
for
2. Only effective against known threats and needs frequent
updates.
t
3. Limited against zero-day malware.
No
2. Heuristic Detection:
h a,
Na
1. Analyzes code behavior to detect unusual activities.

et
2. Two Methods:
je
1. Static scanning: examines code structure.

bha 2. Dynamic/sandboxing: runs code in an isolated

Su
environment.
l
Co
3. Pros: Can detect new, unknown malware.

By 4. Cons: Higher false-positive rate; some malware can evade

detection in sandboxed environments.

I SSP Activity Monitoring:

• Monitors ongoing processes for suspicious activity.
r C
fo • Raises alerts if malware-like behavior is detected, catching malware that

es might try to hide in background processes.

ot
Change Detection (File Integrity Monitoring):

ll N
• Common in Linux systems; checks for modifications in key system files.

rn e • Works by hashing files and comparing new hashes over time.

C o • Alerts generated if hashes do not match, indicating potential tampering or

malware activity.
• Requires continual updating to be effective.

• Effective malware prevention combines user training, policies, and multiple technical detection
approaches.
• Signature-based and heuristic-based methods target known and unknown threats, respectively,
while activity monitoring and change detection add layers of defense.
• Regular updates to both detection tools and user training are critical to maintaining protection
against evolving threats.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 ML and AI-Based Tools in Security
Understanding AI and ML:
• Definitions and relationship
between AI and ML • Artificial Intelligence (AI):
• Applications in security • AI focuses on using human-like intelligence models to solve
• Benefits and capabilities problems, not necessarily replicating human thought.
• AI encompasses a broader spectrum of technology-driven
intelligence to enhance decision-making.
• Machine Learning (ML):
• A subset of AI, focused on pattern recognition and
predictions.
• ML systems learn from historical data (input) to make
ti on
predictions for future events.
i bu
•
tr
Requires networked computers and powerful processors
s
to handle large data and complex algorithms.
D i
Capabilities of ML/AI Tools:
t for
No
1. Data-Driven Learning: AI/ML enables systems to analyze data
patterns and improve continuously without explicit reprogramming.
2.
h a,
Predictive Modeling: Uses mathematical models to analyze
Na
historical data, uncover trends, and make informed future
predictions.
jeet
ha
Security Applications of ML/AI:
b
Threat Detection and Classification: ML/AI can identify and
Su
•
l
categorize security threats by analyzing anomalies in data patterns.

y
•
Co
Network Risk Scoring: Assigns risk scores to network activities,
B helping prioritize security responses based on detected risk levels.

SP
• Automation of Security Tasks: Automates repetitive security tasks,

CI S enabling human analysts to focus on more complex issues.

for • Cybercrime Response: Detects and responds to incidents like:

es • Unauthorized Access: Identifies and blocks unauthorized

ot
attempts.

ll N
• Evasive Malware: Detects malware that uses advanced

rn e techniques to avoid traditional security measures.

C o • Spear Phishing: Uses pattern recognition to identify targeted

phishing attempts.

• ML and AI-based tools offer enhanced security capabilities through predictive modeling and
automation.
• In security, they support threat detection, risk scoring, and cybercrime response by learning from
past data, analyzing patterns, and enabling quicker response to threats.
• This application of ML/AI transforms security processes, enhancing both system protection and
efficiency in managing complex security challenges.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Patch Management in Security Operations - 1
• Importance of Patch
Management
• Determining Patch Levels
• Methods for Deploying
Patches
Patch Management Overview:
•Patch Management Purpose:
• Proactive process to fix security flaws, vulnerabilities, improve
performance, and sometimes add functionality.
• Objective: Maintain a secure and consistently configured
environment.
• Key Step: Patching secures systems only against known
vulnerabilities.
•Benefits of Timely Patch Application:
• Reduces risk by protecting against known vulnerabilities.
ti on
• Creates a consistent environment across systems.
i bu
str
• Many systems alert users to available patches, while others may
rely on system owners for updates.
D i
Integration with Change Management:
t for
No
• Change Management Process: Vital to ensure patches don’t disrupt

a,
critical operations.
h
Na
• Threat Intelligence: Important to stay updated on new vulnerabilities,

et
often sourced from internal intelligence, vendor updates, and news feeds.

je
Determining Patch Levels:

ha
• Agent-Based Monitoring:
b
Su
• Agent installed on host: Checks software versions against a
l
Co
master database and initiates updates if needed.

By
• Agentless Monitoring:
• External monitoring tool connects to each device and assesses

I SSP patch needs without a host-based agent.

r C • Passive Detection:

fo • Uses fingerprinting techniques to infer system versions and

es
ot
patch levels from network traffic.

N
ell
Method Description

rn
Software on each host, auto-
Agent

C o updates

Remote monitoring, no installation

Agentless
on host

Passive Uses traffic to infer patch levels

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Patch Management in Security Operations - 2

• Importance of Patch Patch Deployment Methods:

Management
• Determining Patch Levels
• Methods for Deploying
Patches
• Manual Deployment:
• Advantages: Best for high-value systems to reduce risk of
unexpected issues.
• Process: Requires someone to log in and install patches
individually.
• Automated Deployment:
• Advantages: Efficient for standard systems.

on
• Process: Uses tools like Windows Server Update Services
(WSUS) for consistent updates.
uti
tr i b
D is
t for
Deployment
N o
Description
, ideal for critical systems
aDirect,
h
Na
Manual

jeet Software-based, best for wide-scale

ha
Automated
updates
b
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Patch Management is essential for a secure IT environment, addressing vulnerabilities,

improving performance, and adding features.
• Patch levels are determined by agent-based, agentless, or passive methods.
• Deployment is done manually for high-priority systems or automated for general
updates, balancing security with operational efficiency.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Change Management in Security Operations - 1
• Importance of Change
Management
• Steps in the Change
Management Process
Change Management Overview:
• Purpose: Ensures changes are made deliberately and risks are minimized.
• Benefits: Analyzes costs/benefits and implements changes in a controlled manner
to reduce risks.
Steps in Change Management:
1.Change Request:
• Definition: Initiated from any department for any topic (e.g., new
functionality, misconfiguration fix, patch for a vulnerable system).
• Process: Usually submitted through a change management software
tool.
2. Assess Impact:
• Purpose: Evaluates the impact and size of the proposed change.
ti on
•
the process through emergency change management.
i bu
Considerations: Critical changes (e.g., security patch) might expedite

str
3. Approval:
•
D i
Multiple Stages: Based on the importance of the change.
•
t for
Key Personnel: System owner, stakeholders, and possibly a Change

No
Advisory Board (CAB) for major changes.
• Flexible Levels: Less review for minor changes; high review for costly or
high-impact changes.
h a,
Na
4. Build and Test:

et
• Testing Environment: Conduct development and testing in a controlled

e
test environment.
j
ha
• Types of Testing: Includes regression and validation testing to ensure

b
functionality and stability.

Su
5. Notification:
l
Co
• Prior to Implementation: Inform key stakeholders of the impending
change to allow for input or readiness.
By
6. Implement:

SP
• Execution: Apply the tested and approved change in the live

CI S 7. Validation:
environment.

for • Post-Implementation Check: Notify management and stakeholders to

es confirm the change was successful.

ot 8. Version and Baseline Documentation:

ll N
• Documentation: Critical to keep detailed records at each step.

rn e • Purpose: Maintains operational discipline, ensures consistency, and

helps future change tracking.

C o Balancing Change Management:

• Too Little Management: Leads to a chaotic, reactive environment.
• Too Much Management: Can slow progress, resulting in people bypassing the
process.
• Optimal Approach: Strikes a balance for controlled, efficient changes.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Change Management in Security Operations -2
• Importance of Change Step Description
Management
Change Request Initiated request from any department
• Steps in the Change
Management Process Assess Impact Evaluate impact and size of change

Multiple stages and stakeholders

Approval
involved

Develop and test in a controlled

Build and Test
environment

on
Inform key stakeholders before
Notification
implementation

Apply the approved change to the live u

ti
Implement
environment
s trib
r Di
Confirm successful implementation

fo for version
Validation
with management and stakeholders
t
otracking
N
Complete documentation
Documentation

a,
and baseline

h
Na
jeet
bha
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Change Management provides a structured approach for implementing changes in a secure,

controlled way to mitigate risks.
• Following each step—from request through validation—ensures that changes benefit the
organization without introducing unnecessary risks.
• Proper documentation and adherence to the process create a balanced environment, supporting
effective change while maintaining stability.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Failure Modes in Recovery Strategies
Failure Modes Overview:
• Understanding failure modes in
systems • Definition: Failure modes determine what occurs when a system
• Types of failure modes: fail-soft, component, the entire system, or a facility experiences failure.
fail-secure, fail-safe • Purpose: Each mode addresses system continuity, security, and
safety needs during failures.
Types of Failure Modes:
1. Fail-Soft (Fail-Open):

on
• Description: Allows systems to remain operational, often at
reduced capacity, despite component or system failure.
u ti
Usage Example: In network switches or firewalls, abfail-open
•
tr i
is
mode allows traffic to continue flowing in case of a failure.
•
o r D less secure.
Goal: Ensures availability over security, minimizing
downtime but potentially leaving the fsystem
o t
, N or restricts access in
2. Fail-Secure (Fail-Closed):
Description: Shuts downasystems
•
response to a failure,a h
t Ndoor with a fail-closed
prioritizing security over availability.
• Usage Example:
jeeof a power failure.
A lock will remain

ha access or operations to protect sensitive

locked in case
Goal:bLimits
Su prioritizing security even if it disrupts operations.
•
lassets,
3.
y Co
Fail-Safe:

P B • Description: Focuses on ensuring the safety of people

I SS during a failure, which may involve disabling or shutting
C down certain functions.

for • Usage Example: In industrial systems, fail-safe

tes mechanisms shut down machinery to prevent accidents or

o injuries.

ell N • Goal: Protects human life and safety above all else.

orn
C

• Failure Modes are critical components of recovery strategies in environments where system
resilience, security, and human safety need to be preserved during failures.
• Understanding the appropriate failure mode for each system—fail-soft, fail-secure, or fail-safe—
ensures that systems are designed to handle failures effectively based on the organization’s
priorities, whether that’s maintaining operational continuity, securing assets, or safeguarding
people.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Backup Storage Strategies
• Importance of backup
strategies for meeting
organizational goals
• Types of backup methods
• Backup rotations and retention
• Role of checksums in data
integrity
Overview of Backup Strategies:
• Purpose: Backup strategies align with organizational needs, focusing on backup
frequency, restoration time, and storage efficiency.
• Archive Bit: Metadata marker showing if a file requires backup.
• 0: No changes since last backup.
• 1: File modified; backup required.
Types of Backup Strategies:
1. Incremental Backup:
• Backs up changes since the last incremental backup.

on
• Benefit: Efficient storage, faster backups.
• Limitation: Slower restoration due to multiple backup sets.
u t i
2. Differential Backup:
tr i b
Benefit: Faster restoration than incremental, as onlyis
• Backs up changes since the last full backup.

rD
• two sets (full +

•
differential) are needed.
Limitation: Larger storage requirement over
t f otime.
o
,N
3. Full Backup:
•
a
Benefit: Easiest and fastesthfor full restoration.
Backs up all data regardless of changes.

Nause and backup time.

•
•
e t
Limitation: High storage

je
ana
4. Mirror Backup:
Creates h
•
b exact copy of data with no compression.
u Highaccess
•
l S
Benefit: Direct to data copy; near-instantaneous restoration.

Backup C
•
o Limitation: storage space requirement.

By Rotations:

S P• Purpose: Establish a schedule for tape use, retention, and rotation to ensure
reliable and organized data recovery.

CIS • Common Rotation Types:

for • First In, First Out (FIFO): Oldest backup tape used first.

tes • Grandfather-Father-Son (GFS): Rotates backups on weekly, monthly,

and yearly schedules.
N o • Tower of Hanoi: Complex rotation minimizing the number of backups

ell
for data retention.

orn Checksum (Cyclic Redundancy Check - CRC):

C • Purpose: Verifies data integrity by detecting changes in data over time.

• Application: Ensures reliability in backup data, safeguarding against corruption
during storage and transfer.

• Backup Storage Strategies ensure that data is securely stored and recoverable, balancing storage
needs, backup and restore times, and data integrity checks.
• Incremental and differential backups are efficient methods, while full and mirror backups provide
complete data snapshots.
• Backup rotations ensure data freshness and organization, and CRC checksums verify data integrity
across all backup types, enhancing reliability and security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Backup Storage Strategies:
Types of Backup Storage Locations:
• Types of storage locations: 1. Onsite Backup:
onsite, offsite, cloud • Stored in the same physical location as the original data.
• Importance of geographic • Pros: Quick access for data recovery; lower cost.
separation • Cons: Vulnerable to local disasters (e.g., fire, flood) impacting
• Other storage strategies: both original and backup data.
electronic vaulting, tape 2. Offsite Backup:
rotation • Data stored at a different, geographically remote location.
• Reasons for tape rotation • Pros: Protects against regional risks (natural disasters, political
events).
•
i on
Cons: Longer retrieval times; may involve additional cost for
t
secure transfer and storage.
i bu
3. Cloud Backup:
str
•
D i
Data is stored in the cloud, managed by a third-party provider.

for
• Pros: High availability, scalable, low-cost for storage and
recovery.
t
•
No
Cons: Dependent on internet connection; potential privacy and
security concerns.
h a,
Na
Additional Backup Storage Strategies:

et
• Electronic Vaulting:
•
je
Automated tape management system (e.g., tape jukebox)

ha
controlled by robotic arms.
b
Su
• Purpose: Efficiently manage multiple tapes; suited for large data
l storage needs.

y Co
• Benefit: Streamlines backup process with automated scheduling.

B • Tape Rotation Strategies:

SP
• Definition: Techniques for managing backup tapes to optimize

CI S storage and recovery.

for • Popular Methods:

• FIFO (First-In, First-Out): Oldest backup tapes are used
es
ot
first for new backups.
• Grandfather-Father-Son (GFS): Cycles backups with

ell N daily, weekly, and monthly retention.

orn • Tower of Hanoi: A complex rotation method to maximize

backup coverage with fewer tapes.
C • Purpose of Tape Rotation: Ensures timely backups, manages
storage efficiently, and maintains historical backup records.

• Backup storage strategies vary by location and function. Onsite storage allows easy access but is
vulnerable to local incidents.
• Offsite storage provides a geographic safety net, ideal for disaster recovery, while cloud storage
offers scalable, high-availability solutions but depends on network access.
• Electronic vaulting automates tape management, and tape rotation strategies (like GFS and FIFO)
help maintain organized, secure, and accessible backup systems, ensuring backup reliability and
recovery efficiency.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Redundant Array of Independent Disks (RAID)
• Purpose of RAID
• Enhancing data speed and
availability
• Types of RAID: RAID 0, RAID
1, RAID 5, and RAID 10
Definition and Purpose:
• RAID (Redundant Array of Independent Disks):
A configuration of multiple disk drives working together to provide enhanced
performance or data redundancy.
• Benefits of RAID:
Offers increased data speed and reliability, based on configuration.
Types of RAID:
1. RAID 0 (Striping):

on
• Function: Data is split across multiple drives, allowing for faster
read and write speeds.
uti
•
tr i b
Disadvantage: No redundancy—if one disk fails, all data is lost.
•
is
Use Case: Ideal for non-critical systems where speed is
D
for
prioritized.
2. RAID 1 (Mirroring):
t
• No
Function: Data is duplicated across multiple disks, providing
redundancy.
h a,
Na
• Advantage: Offers high data availability—if one disk fails, data

et
remains accessible.
•
je
Use Case: Suitable for systems where data reliability is crucial.
ha
RAID 5 (ParitybProtection):
3.
u Uses parity to store data redundantly across three or
SFunction:
•
l
y C• o more drives.

PB
Advantage: Balances speed and redundancy, with cost-effective
storage.

I SS • Use Case: Widely used in environments where both data

r C protection and performance are needed.

fo
es 4. RAID 10 (Mirroring and Striping):

ot • Function: Combines the benefits of RAID 0 (speed) and RAID 1

ll N
(redundancy) by striping and mirroring data across at least four

rn e drives.

C o • Advantage: High performance with redundancy; however, it is

one of the most costly RAID solutions.
• Use Case: Preferred for critical applications requiring both high
speed and availability.

• RAID (Redundant Array of Independent Disks) provides enhanced speed or redundancy by using
multiple disks together in a system.
• Key RAID types include RAID 0 (striping for speed), RAID 1 (mirroring for reliability), RAID 5 (parity for
balance of performance and cost), and RAID 10 (combining mirroring and striping for high speed and
availability).
• RAID setups support various business needs, from improving data access speed to ensuring high
availability and data recovery.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Clustering and Redundancy
Definitions:
• High Availability (HA) as a key
outcome • Clustering:
• Clustering vs. Redundancy • Involves multiple systems working together to handle a load.
approaches
• Commonly used for web servers managed by a load
balancer.
• If one system fails, performance is reduced, but overall
functionality continues.
• Each system in a cluster actively contributes to handling

on
incoming requests.
• Redundancy:
uti
•
tr i b
Consists of a primary system actively handling all work, with
secondary systems in standby.
D is
•
t for
If the primary system fails, a secondary system takes over

No
seamlessly.

a,
• No performance drop if primary fails, as the secondary
h
system is configured identically to the primary.
Na
et
Primary By-product:
je
ha
• Both clustering and redundancy aim for High Availability (HA) to
b
minimize downtime from planned/unplanned outages or component
failures.
l Su
y Co
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Clustering and Redundancy are recovery strategies that enhance high availability (HA).
• Clustering distributes workload among multiple active systems, reducing performance
proportionally if one fails.
• Redundancy, by contrast, designates a primary system for handling tasks, with secondary systems
on standby, resulting in no performance loss if the primary fails.
• Both approaches are fundamental in ensuring continuous operations, with clustering focusing on
shared workload and redundancy on seamless backup.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Recovery Site Strategies
• Site recovery plans for continuity
• Types of recovery sites: Cold,
Warm, Hot, Mobile, and
Redundant
• Cost vs. Recovery Time for each
strategy
Recovery Site Types:
• Cold Site:
• Provides a basic shell with infrastructure and HVAC.
• Does not include computer hardware, data, or people.
• Cost: Lowest ($)
• Recovery Time: Weeks, as it requires setup and equipment
installation.
• Warm Site:
• Includes basic infrastructure and equipment (racks, cabling).

on
• Lacks computer hardware, data, and people.
• Cost: Moderate ($$)
uti
•
r i b
Recovery Time: Days, as basic setup is in place, but systems
t
need to be added.
D is
for
• Hot Site:
•
t
Fully equipped with servers, network equipment; lacks only
data and personnel.
No
• Cost: High ($$$)
h a,
Na
• Recovery Time: Hours, as most infrastructure is already in

et
place.
• Mobile Site:
je
•
bha
A hot site on wheels, often in a shipping container; flexible for

Su
relocation.
l Cost: High ($$$)
Co
•
• Recovery Time: Days to hours, depending on transportation
By time to the needed location.

I SSP • Redundant Site:

• Fully equipped, with mirrored data and ready personnel.
r C
fo • Architected for automatic failover from the primary site.

es • Cost: Extremely high ($$$)

ot • Recovery Time: Instant to seconds, as systems are always

ell N online and synced.

orn
C

• Recovery Site Strategies aim to maintain operational continuity by enabling data

recovery based on urgency and budget.
• Cold sites are the cheapest, requiring weeks to bring online, while redundant sites
offer instant failover at the highest cost.
• Other strategies—warm, hot, and mobile sites—balance setup costs with recovery
speed, accommodating varying recovery needs and ensuring businesses are prepared
for significant disruptions.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Geographic Disparity in Recovery Site Strategies
• Importance of geographic
distance between primary and
recovery sites
• Internal vs. external recovery
sites
• Other recovery agreements
(Reciprocal Agreements,
Resource Capacity Agreements,
Multiple Processing Sites)
• Key metrics: Recovery Point
Objective (RPO) and Recovery
Time Objective (RTO)
•
Reciprocal Agreements:
•
•
Resource Capacity Agreements: a
•
Multiple Processing
•
• B Benefit: Ensures continuity by processing transactions simultaneously
S P
Geographic Disparity:
• Definition: A recovery site is geographically remote if it’s located far
enough from the primary site to avoid being impacted by the same
disaster (e.g., a site on the East Coast should have a recovery site in the
Midwest or West Coast).
• Purpose: Ensures that primary site outages (e.g., natural disasters) do
not affect the recovery site.
Internal vs. External Recovery Sites:
• Internal Recovery Site: Owned by the organization; organization has
full control.
• External Recovery Site: Provided by third-party providers, such as
Sungard, which offers a global network of recovery sites. ti on
i bu
tr
Cloud Services: Increasingly popular as part of disaster recovery,
s
offering remote storage and scalability.
i
fo rD
o
Definition: An arrangement where two companiest downtime.
agree to support
N to dependency risks.
each other’s recovery needs if one experiences
, due
h a
Practicality: Rare in private enterprise
N
t vendors
je
Purpose: Agreements with e to ensure availability of resources
a
during a disaster, essential
hSites:
for continuity.
b
SuRedundant processing sites geographically dispersed, used
forC
l
o functions (e.g., credit card processing).
Definition:
critical
y
at different locations.

CIS RPO and RTO (Key Metrics for Disaster Recovery):

for • Recovery Point Objective (RPO): Defines how much data loss an

tes organization can tolerate. Drives backup strategies.

o
ll N
• Recovery Time Objective (RTO): Time required to resume operations at
a defined service level. Essential for assessing recovery site needs.

rn e Achieving System Resilience and High Availability:

C o • Recovery strategies and tools: Clustering, redundancy, replication,

spare parts, and RAID contribute to system resilience, high availability,
and quality of service (QoS).

• Geographic Disparity ensures that recovery sites remain unaffected by local disruptions at the
primary site.
• Internal vs. external recovery sites balance control with convenience, and options like reciprocal
agreements, resource capacity agreements, and multiple processing sites offer additional
recovery support.
• Metrics like RPO and RTO help define acceptable data loss and recovery time, guiding strategic
decisions around recovery and continuity plans.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Business Continuity and Disaster Recovery Processes (BCM, BCP, DRP)
• Disaster: An event disrupting Disaster Definition:
normal business operations
• BCM (Business Continuity
• A disaster is any event or circumstance that disrupts the normal
functioning of business operations, impacting the ability to continue
Management): Framework for BCP
routine processes.
and DRP
• BCP (Business Continuity Plan): Business Continuity Management (BCM):
Business process survival strategy
• DRP (Disaster Recovery Plan): • Definition: The overarching management process that includes
Technology infrastructure recovery developing, implementing, testing, and maintaining business continuity
(BCP) and disaster recovery (DRP) plans.
• Purpose: Ensures that organizations can manage unexpected events
ti on
and continue operations with minimal impact.
i bu
Business Continuity Plan (BCP):
s t r
i
o rD
• Focus: Continuation and survival of business operations.
f
• Objective: Outlines strategies and actions too tkeep critical business
, N event.
processes running during and after a disruptive
a
a
• Coverage: Addresses key processes, h resources, personnel, and
e tN
procedures to maintain essential functions when disruptions occur.

aje
Disaster Recovery Plan (DRP):
h
S ubof essential IT systems and infrastructure.
• Focus: Recovery

C ol Restores critical technology and data systems that are

• Objective:
B y for resuming operations after a disaster.
necessary

I SSP• Coverage: Encompasses IT assets, networks, hardware, software, and

data to support operational continuity.
C
for
tes
o
ell N
orn
C

• BCM is a comprehensive framework for maintaining BCP and DRP plans to handle disruptions.
• BCP focuses on sustaining critical business processes, while DRP is dedicated to recovering vital
technology and infrastructure needed to resume business operations.
• Together, they ensure organizational resilience against unforeseen disruptions.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 BCP/DRP Process Steps
Key BCP/DRP Steps:
• BCP Focus: Maintain operational
continuity post-incident. 1.
• DRP Focus: Recover and restore
systems to a Business As Usual
(BAU) state.
2.
• External Dependencies:
Consider how external resources
may impact continuity.
3.
4.
5.
Develop Contingency Planning Policy
• Establish a formal policy with authority and guidance to
create a robust contingency plan.
Conduct Business Impact Analysis (BIA)
• Identify and prioritize critical information systems and
business components essential for mission continuity.
Identify Controls
• Implement measures that minimize disruption effects,
ti on
bu
improve system availability, and manage lifecycle costs.
i
str
Create Contingency Strategies
D i
for
• Define recovery strategies to ensure rapid and effective
t
system restoration post-disruption.
No
a,
Develop Contingency Plan
h
Na
• Document an actionable plan with steps for system

et
recovery in case of an incident.

je
ha
6. Ensure Testing, Training, and Exercises
b
1. Testing: Validates the efficacy of recovery steps.
l Su
2. Training: Prepares personnel for plan activation.

y Co
3. Exercises: Identifies gaps in the plan to enhance
B preparedness.

I SSP7. Maintenance
r C • Keep the plan current by regularly updating it to align with
fo system and organizational changes.
s
ote External Dependencies:

ell N • Consider critical suppliers, like fuel delivery services for generators,

orn as dependencies during disaster scenarios.

C • Develop strategies for dependable external support, such as having
backup suppliers or service providers.

• The BCP/DRP process emphasizes continuity and rapid recovery from disruptions. BCP keeps
operations functioning, while DRP focuses on returning systems to normal.
• Key steps include policy creation, impact analysis, controls, contingency strategies, and rigorous
testing.
• Additionally, addressing external dependencies ensures that resources essential to recovery are
accessible during a disaster.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Definitions and Cost Implications of RPO, RTO, WRT, and MTD

• RPO (Recovery Point Objective): Definitions:

Maximum data loss tolerable (in
time).
• RTO (Recovery Time Objective):
Time to restore systems to a
defined service level.
• WRT (Work Recovery Time):
Time to verify system/data
integrity post-recovery.
1. Recovery Point Objective (RPO):
1. Measures data loss tolerance in terms of time (e.g., seconds, minutes,
hours).
2. Defines how much recent data the business can afford to lose.
3. Cost Implications: Lower RPO (e.g., seconds of data loss) requires
high-cost solutions (real-time backup/replication). Higher RPO (e.g.,
daily backups) is less costly.
2. Recovery Time Objective (RTO):
1. Maximum allowable time to recover systems to a functional level after
a disruption.

on
• MTD (Maximum Tolerable 2. Shorter RTOs lead to faster system recovery but increase costs.
Downtime): Total acceptable 3.
ti
Cost Implications: The shorter the RTO, the higher the investment in
u
downtime for business resources and technology to ensure rapid recovery.

tr i b
continuity. 3. Work Recovery Time (WRT):
is
r Dissues.
1. Time required to confirm system/data functionality post-restoration.
2.
fo
Ensures that operations can fully resume without
t for thorough testing.
3.
o
Component of MTD, highlighting the need
4. Maximum Tolerable Downtime (MTD):
,N
Total time a business processacan
1.
a h be down before severe impact.
tN
2. Formula: MTD = RTO + WRT
3.
e
Key metric in deciding disaster declaration timing.

h aje
Example Scenario (Bank Disaster):
•
u b RPO would accept a day’s data loss with daily backups.
Bank with a 24-hour
S
l loss tolerance (e.g., few seconds), continuous replication and
streamo
• For minimal

• BMTDy Crepresents the ultimate threshold before significant operational loss and
backups are necessary.

S PRelationships
reputational damage.

CIS
for • Timeline: BAU -> Disaster -> RPO -> RTO -> WRT -> MTD

tes • Each component illustrates steps from initial data loss to full business continuity

o
restoration.

ell N
orn
C

• RPO, RTO, WRT, and MTD are essential metrics in continuity planning, each defining
recovery objectives and potential downtime impact. RPO and RTO have direct cost
implications—the lower these objectives, the higher the cost of maintaining them. MTD
(comprising RTO + WRT) serves as a critical threshold for decision-making in disaster
recovery, ensuring the business can continue to operate with minimal interruption.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Business Impact Analysis (BIA)
• Purpose of BIA: Predict
consequences of a disaster and
gather data for recovery strategy
development.
• Key Measurements of Time:
RPO, RTO, WRT, MTD for critical
functions/processes.
• Process Steps: Identify business
functions, assess impacts, and
establish recovery priorities.
Purpose of the BIA Process:
• The BIA is essential to Business Continuity Planning (BCP).
• Predicts the impact of disruptions on critical business functions and
determines recovery objectives.
• Key output: Establishes RPO (Recovery Point Objective), RTO
(Recovery Time Objective), WRT (Work Recovery Time), and MTD
(Maximum Tolerable Downtime).
• Helps prioritize systems and processes in a disaster, enabling
on

u ti
resource allocation for the recovery of the most critical functions.
Process Steps
r i b
t Criticality:
is
rD
1. Determine Mission/Business Processes and Recovery
• Identify key business processes.
fo
t estimate tolerable
• Determine impacts of disruptiono and
downtime (using RPO, RTO,,WRT, N MTD metrics).
h a
2. a
Identify Resource Requirements:
•
e t N to restore critical business
Assess what is needed

h aje ensures
operations (e.g., staff, data, equipment, facilities).
•
u b dependencies.realistic recovery efforts by
This evaluation
l S
identifying
3. o
C Recovery Priorities for System Resources:
Identify
y
B • Link system resources to essential processes and establish
S P dependency-based priorities.
CI S • Set recovery order based on business impact and
for dependency structure.

tes Process Insights:

o
ell N • Involves staff from various functions for insights on critical systems

orn and recovery needs.

C • Uses a combination of quantitative (e.g., financial records) and

qualitative (e.g., interviews, observation) data.
• The BIA is iterative and collaborative, often requiring detailed analysis
across teams and departments.

• The Business Impact Analysis (BIA) is a structured process to identify critical business functions and
assess the potential impacts of disruptions.
• It defines essential recovery times (RPO, RTO, WRT, and MTD) and prioritizes resources and
processes for efficient recovery.
• This proactive planning enables an organization to protect vital assets and maintain operations
during and after a disaster.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Disaster Response Process
• MTD (Maximum Tolerable
Downtime): Determines when to
declare a disaster.
• Disaster Declaration: Made by
an authoritative entity when MTD
will be exceeded.
• Disaster Response Team:
Includes personnel from key
organizational functions.
MTD Role in Disaster Declaration:
• A disaster is declared if the incident response shows that recovery within the
MTD is impossible.
• MTD is the maximum downtime a business can endure without risking
viability.
• Example: If a data center fire occurs and MTD is 4 hours, a disaster is declared
if recovery will exceed this time.
Disaster Declaration Process:
• Disasters are officially declared when incidents surpass MTD and threaten
operations.

on
• Communication: Internal and • Decision made by CEO or Business Continuity Board/Committee.
external, involving all relevant
ti
• Clear criteria are necessary to differentiate between incidents and disasters.
u
stakeholders. Incident Assessment Prior to Declaration:
tr i b
• Training & Awareness: Essential
for effective disaster response. the MTD.
D s
• The incident response team evaluates severity and the likelihood of meeting
i
for
• If MTD is at risk, the Disaster Recovery Plan (DRP) is activated.
t
No
Personnel Involved:
• The Disaster Response Team includes members from:
• Executive Management
h a,
Na
• Legal
•
• IT
jeet
Human Resources

•
bha
Public Relations
•
l Su Security

Co
• Team members should be trained in response protocols and participate in
regular DR tests.
By Training and Awareness:

I SSP • Regular training, at least annually, is crucial for ensuring effective disaster
recovery.

r C • Prepares the team for quick and accurate response to real disaster situations.
fo Lessons Learned:
es
ot
• Post-disaster analysis to evaluate what worked, what needs improvement,
and plan adjustments.

ell N • Continuous improvement for future incidents and disasters.

orn Communication During Disaster:

C • Internal: Communication with senior management, legal, HR, Board

members, and PR.
• External: Coordination with regulators, law enforcement, media, and
customers.

• The Disaster Response Process activates the Disaster Recovery Plan (DRP) when an incident
threatens to exceed MTD.
• Declaring a disaster involves an assessment of impact, engaging a trained response team, and
executing a well-communicated response.
• Training and reviewing lessons learned improve future resilience, while effective internal and external
communication ensures coordinated management during a crisis.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Restoration Order
• BIA (Business Impact Analysis) System Recovery Priority Determined by BIA:
determines the recovery priority • BIA prioritizes systems for recovery based on criticality to business
of systems. operations.
• Dependency Charts: Map out
dependencies to inform • Ensures limited recovery resources focus on the most essential
restoration sequence. systems first.
• DR Site Restoration Order: Most Dependency Charts for Restoration Order:
critical systems are restored first.
• Primary Site Restoration Order: • Dependency Charts map the necessary components and sequence for
each system.
on
Least critical systems are
restored first to test stability. • Example: Restoring a website requires activating dependencies like
uti
r i
load balancers, database servers, and web clusters before the web
t b
server.
D is
Disaster Recovery Site Restoration Order:
t for
• After a disaster is declared, recovery effortsofocus on bringing critical
N
a, operational impact and
systems online at the DR site.
• Critical systems are prioritized to a h
minimize
maintain essential services.t N
je e
b hais ready, least critical systems are restored first
Primary Site Restoration Post-Disaster:
• Once the primary
to ensure lthe
u
Senvironment
site
o is stable.

B yC
• After initial testing and adjustments, critical systems are restored,

SP
ensuring smooth operation and reliability at the main site.

CI S
for
tes
o
ell N
orn
C

• Restoration order in disaster recovery is guided by the BIA, which prioritizes critical systems.
• Dependency charts clarify restoration order by mapping component dependencies.
• At a DR site, critical systems are restored first, while at the primary site, least critical systems are
restored first to test stability, followed by critical systems to ensure a seamless transition back to
normal operations.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 BCP and DRP Testing
Read-through/Checklist Test:
• Types of DRP tests: Read-
through, Walkthrough, • Purpose: Ensures all major DRP components are included.
Simulation, Parallel, Full-
• Process: Review DRP for essential information (first steps, contact
interruption/Full-scale. lists, etc.).
• Order of Testing: Start with the
least impactful (Read-through) • Impact: Minimal; no effect on systems.
and progress to the most
Walkthrough Test:
impactful (Full-scale).
• Impact on Systems: Parallel • Purpose: Allows stakeholders to review and discuss the plan.
tests affect only backup
ti on
• Process: All stakeholders (IT, legal, management) gather to go through
systems; Full-scale tests impact the plan, identifying gaps.
i bu
production.
str
• Impact: Paper-based; no effect on systems.
D i
Simulation Test:
t for
• Purpose: Tests response to a hypothetical N odisaster with scenario-
based guidance.
h a,
• Process: Facilitator presentsN aascenario (e.g., fire, virus outbreak);
stakeholders respond ase iftreal.

h
• Impact: Paper-based;ajeno effect on systems.
Parallel Test:Su
b
C olVerifies plan effectiveness on backup systems without
B y
• Purpose:
impacting production.

I SSP• Process: Staff work on backup (parallel) systems at recovery sites.

C
for • Impact: Affects backup systems; no risk to production.

tes Full-interruption/Full-scale Test:

o
ell N • Purpose: Comprehensive test to assess DRP readiness by impacting

rn
production.

C o • Process: Simulates actual disaster; both backup and production

systems are involved.
• Impact: Highest risk; affects production systems. Requires
management approval and prior testing success.

• BCP and DRP testing is essential to validate recovery plans. Tests progress from low-impact (Read-
through, Walkthrough) to high-impact (Parallel, Full-interruption).
• Full-interruption tests are the most conclusive but require management approval due to the impact
on production.
• Each test type ensures preparedness across different disaster scenarios and validates various
aspects of the DRP, contributing to the overall resilience of the organization.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Goals of Business Continuity Management (BCM)
• BCM encompasses BCP and
DRP.
• Primary Goals:Safety of People,
Minimization of Damage,Survival
of Business
• Top Priority: Safety of people.
1. Safety of People:
• Highest Priority: BCM’s foremost goal is ensuring the safety of
personnel during any business continuity or disaster recovery efforts.
• All BCM processes should focus on protecting human life above all
else.
2. Minimization of Damage:
• Goal: Reduce the damage to facilities and business operations.

physical, operational, and reputational damage. ti on

• Includes safeguarding business assets, infrastructure, and minimizing

i bu
3. Survival of Business:
st r
D ofi
operations. fo r
• Objective: Maintain business continuity and avoid cessation

o t
N functions to sustain
• Focus on preserving the essential business
,
ha
business viability post-disaster.
Additional Considerations: Na
• Personnel Safety andje et Concerns: Extend beyond the
a and managing situations under duress.
Security
hsafety
b
workplace to travel
uOrganizations should provide security, medical, and
l S
• Travel Safety:

y Co assistance for employees traveling to potentially unsafe

emergency
regions.
P B
I SS situations, such as using code words or silent alarms, is critical for
• Handling Duress: Training on responding calmly in high-pressure

C
or
employee safety.
s f
o te
ell N
orn
C

• The primary goals of Business Continuity Management are to ensure people's safety, minimize
damage, and ensure business survival.
• Safety of personnel is the highest priority in BCM, followed by actions that protect physical and
business assets.
• Addressing security concerns, including during travel or duress situations, is essential for a
comprehensive BCM approach.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

CISSP Cornell Notes by
Col Subhajeet Naha, Retd, CISSP
Domain 8 : Software Development Security
 Software Development Security (Application Security)
Core Concepts:
• Importance of application
security in today’s business
environment.
• Security involvement through
entire application life cycle.
Key Areas:
• Application Complexity &
Security Challenges
Application Security in Modern Organizations:
• Application Dependency: Businesses increasingly rely on
applications, making security a critical component of their
operations.
• Complexity & Security Challenges: As applications become more
advanced and integrated with various business functions, security
threats also become more sophisticated and varied.
Life Cycle Security Involvement:

on
• Development Phases &
• Security is not limited to just development phases but must be
Security Integration integrated through the entire life cycle of an application.
u ti
• Operations and
• Development Phase: Security practices need torbe i b
tthe design
applied
Decommissioning
is
from the very beginning, integrating security into
and development.
fo rD
•
o t securitypatching,
Operations Phase: Continuous monitoring, and

,N
updating are essential for maintaining post-
deployment.
Decommissioning &a h a
•
t N Disposal: When an application is no

e e
longer needed, secure
and systemjcomponents
disposal
are
practices
removed
ensure that data
securely to avoid
h
breaches. a
u b
l S 8:
Objective of Domain
o
y
• EquipCsecurity professionals to understand, apply, and enforce
B
security throughout all stages of software development and

I SSP application management.

C
for
tes
o
ell N
orn
C

• Domain 8 on Software Development Security emphasizes the need for security integration across
all stages of an application’s life cycle—from development to disposal.
• Security professionals must focus on protecting applications at every phase to mitigate risks and
ensure secure operational integrity.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


Core Concepts:
• Security as a core element in
all SDLC phases.
• Importance of early security
involvement.
• Difference between SDLC
and System Life Cycle (SLC).
Key Security Aspects in SDLC:
• Design Phase: Integrate
security measures based on
requirements.
• Development to Retirement
Phases: Ongoing security
assessment.
• End-of-Life Management:
Secure disposal and archival
practices.
Security in SDLC
Security’s Role in Development:
• Integral Security Design: Effective security starts at the architecture
level, emphasizing proactive design to prevent vulnerabilities.
• Early Involvement Benefits: Involving security early helps avoid costly
and inefficient last-minute security patches and addresses potential
attack vectors from the start.
Continuous Security Across Phases:
• Throughout SDLC: Security must follow each stage from initial design,
on
phase addresses specific security needs.
u i
development, and testing to deployment and active use, ensuring each
t
•
tr
Development Stage: Security requirements guide codingi b
is
practices to mitigate risks like injection attacks or
D
for
unauthorized access.
t
No
• Deployment and Use: Ensure that security measures like
access controls, monitoring, and regular updates are in
a,
place.
h
•
Na
Retirement Phase: Proper decommissioning practices

je et
prevent exposure of sensitive data and eliminate risks related
to unused applications.

b ha
Su Development Life Cycle): Focuses on developing,
SDLC vs. SLC:
l
Co and building applications with embedded security.
• SDLC (Software
y
designing,
B
P
• SLC (System Life Cycle): Starts post-deployment, focusing on
S securing the application throughout its operational life, change
CI S management, and secure disposal at end-of-life.
for
tes
o
ell N
orn
C

• Effective application security requires involvement at each SDLC phase, from design to
decommissioning.
• Addressing security early and consistently helps minimize vulnerabilities, reduces costs, and aligns
with proactive risk management.
• The SDLC focuses on application creation, while the SLC encompasses its operational lifespan,
emphasizing security throughout.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security in SDLC and SLC Phases
Core Concepts:
• Security at every SDLC/SLC
phase.
• Risk Analysis & Threat Modeling
in early stages.
• Testing Types: Static (SAST),
Dynamic (DAST), and Fuzz
Testing.
• Certification & Accreditation
before deployment.
Key Phases in SDLC/SLC:
1. Requirements Phase: Identify
security needs through risk
analysis.
2. Architecture & Design:
SDLC & SLC Overview:
• Security must be embedded in every phase, ensuring comprehensive
risk management.
• Agile and structured methodologies may vary in approach but should
prioritize security consistency.
Early Phases (Requirements & Design):
• Risk Analysis during Requirements Phase: Identifies potential
vulnerabilities and informs the security strategy.
on
• Threat Modeling during Architecture & Design: Defines specific
uti
security controls and considers potential attack vectors.
tr i b
Development & Testing:
D is
t for
• Security within Development: Code is built with secure coding

No
Conduct threat modeling to practices and reviewed for vulnerabilities.

a,
inform security controls.
3. Development: Build security
h
• Testing Phase: Critical for identifying and addressing vulnerabilities.
into code proactively. •
Na
Static Testing (SAST): Analyzes code without executing it.
4. Testing Phase: Apply static,
•
e et
Dynamic Testing (DAST): Tests application in runtime.
j
ha
dynamic, and fuzz testing to
• Fuzz Testing: Sends random or unexpected inputs to reveal
detect vulnerabilities.
u b
errors.
5. Release/Deployment (SDLC)
l SMaintenance:
or Implementation (SLC): Deployment
C o &
Perform
certification/accreditation. B y
• Certification & Accreditation: Final step before deployment,
6. Operations & Maintenance:
S P confirming all security standards are met.

CIS • Change Management: Continuous security evaluation during system

Secure change management

for
for ongoing updates.
changes to maintain integrity.

t s
7. Decommissioning/Disposal:
e
Ensure safe archival and End-of-Life Management:
o
ll N
disposal of assets.
• During decommissioning, security ensures safe archival and disposal,
rn e protecting data integrity even in retirement.

C o

• Security is essential throughout SDLC and SLC, from initial requirements and design to testing,
deployment, and end-of-life.
• Early risk analysis and threat modeling set the stage for secure design, while robust testing
identifies vulnerabilities.
• The final steps in certification and change management solidify security, making it a continual
priority across the software's lifecycle.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


Core Concepts:
• Waterfall Model: Linear,
phase-by-phase
development with sign-offs
after each phase.
• Process: Each phase must
be completed to proceed,
moving in one direction—
downward.
• Limitations: Does not allow
for changes or backward
movement once a phase is
complete.
Waterfall Model Phases:
1. Requirements Gathering:
Business analysts capture
the owner’s needs.
2. Design: Requirements are
translated into technical
specifications.
3. Implementation:
Development team builds
according to specifications.
4. Testing: Ensures product
meets the initial
requirements.
5. Deployment: Product is
S that
released for use.
CI S
6. Maintenance: Ongoing
for
tes
support and updates.
o • Newer methodologies have been developed to address the
ll N
rn e
C o
• The Waterfall approach is a traditional, linear SDLC model that requires each phase to be
completed in succession.
• While it offers structure and clarity, it’s inflexible to mid-process changes and can be costly if
adjustments are needed later.
• New methodologies aim to provide flexibility and allow continuous involvement of application
owners throughout the development cycle.
Waterfall Approach in SDLC
Waterfall Model Overview:
• A step-by-step approach to software development where each
phase depends on the completion of the previous one.
• Sign-offs and approvals required after each phase.
• Allows for a structured development flow from start to finish.
Pros of Waterfall Model:
• Provides clear structure and documented checkpoints.
on
• Ensures every phase is thoroughly completed and signed off before
uti
moving forward.
tr i b
Cons of Waterfall Model:
D is
t for
• Rigid and inflexible: Any modifications or additions requested by the
No
application owner after a phase is complete require formal change
management.
a,
h
Na
• Additional cost and time: Making changes after initial requirements
are set is time-consuming and costly, as it disrupts the linear flow.
je et
ha
• Owner exclusion: Application owners are often only involved at the
b
beginning, losing the chance to adapt the project to evolving needs as
l Su
it progresses.
CoLimitations:
Example of
• B
y
If the owner suggests new ideas mid-process, they may be advised
P
changes aren’t possible due to frozen design specifications,
which restricts the development team’s flexibility.
Alternative Methodologies:
limitations of the Waterfall approach, providing greater flexibility and
adaptability to evolving requirements.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 Development Methodologies
Overview of Methodologies:
Core Concepts:
• Purpose of Methodologies: • Waterfall Model: Traditional, sequential approach with rigid phase
completion requirements.
Ensure efficient and
effective code development. • Spiral Model: Allows the development process to revisit previous
• Methodology Variety: phases, ideal for iterative improvements or addressing overlooked
Reflect the structure of the requirements.
Waterfall model but with
• Agile Model: Small, team-based approach allowing for parallel
adaptations for flexibility. development and quick adjustments to changing requirements.
• Security Integration:
Security should be Agile-Scrum Master Role:
t i on
embedded at every stage of
• Scrum masters are responsible for ensuring team efforts align,
i b u
development, regardless of
s tr
overseeing activities, and facilitating agile workflows effectively.
the methodology. i
D and flexible
• Combination Approach:
o rrole
• Agile processes rely on collaboration, frequent feedback,
f
Methodologies can be responses to changes, making the scrum master’s
o t crucial to

,N
combined to leverage efficient coordination and delivery.
strengths of each for Combining Methodologies:
h a
optimal results. a
N (e.g., Agile-Waterfall) to capitalize
Key Development
e tlarger
• Teams may use a hybrid approach
j
on Waterfall’s structureefor projects and Agile’s flexibility for
ha
Methodologies:
iterative development.
1. Waterfall
b
2. Spiral
Su at Every Stage:
Importance of Security
l
3. Agile
C o the methodology, security considerations should be a part
• No matter
4. Agile-Scrum Master Role
B y
of each phase from planning to deployment and beyond, preventing

S P security gaps from occurring.

CIS
for
tes
o
ell N
orn
C

• Various development methodologies, including Waterfall, Spiral, and Agile, offer distinct
approaches to software development, with Agile promoting flexibility and Spiral allowing iterative
revisits.
• The Agile-Scrum Master plays a key role in coordinating these efforts effectively. Regardless of the
chosen methodology, security should be a continuous consideration to ensure resilient, secure code
throughout the development process.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Various Development Methodologies and Key Characteristics
Core Concepts:
• Purpose: Improve software
clarity, efficiency, and
quality.
• Different Methodologies:
Tailored to project needs,
from sequential processes to
iterative, risk-driven
approaches.
• Customer Interaction: Some
methodologies (e.g., Agile)
integrate customer feedback
continuously.
• Security Integration:
Waterfall
• Sequential Process: Complete each phase before moving to the next.
• Non-Iterative: Previous phases cannot be revisited once completed.
• Best Use: Works well for projects with clearly defined stages and
requirements.
• Structured Programming Development
• Logic-Based: Emphasizes structured control flow, aiming to improve
clarity, quality, and development time.
• Foundation for Object-Oriented Programming (OOP): It’s said to be a
base for OOP concepts.
on
•
(loops, conditional branches) improve readability.
uti
Use Case: Suitable for projects where organized control structures
Agile
tr i b
•
D is
Iterative Development: Multiple rapid cycles of defining, developing,

for
Essential to embed security and deploying.
t
No
across all methodologies. • Customer Interaction: Heavy focus on continuous customer feedback.

a,
Key Development • Best For: Dynamic projects that benefit from flexibility and continuous
user input.
Methodologies:
h
1. Waterfall Scaled Agile Framework (SAFe)
Na
2. Structured Programming •
jeet
Scaled Agile: Designed for large organizations to coordinate numerous

ha
Development Agile teams.
3. Agile •
b
Collaboration Focused: Ensures effective communication and delivery
4. Scaled Agile Framework
Su
in large, multi-team settings.
l
Co
5. Spiral Method • Ideal For: Complex, large-scale projects needing Agile benefits at an
6. Cleanroom Development
By organizational scale.
Spiral Method

I SSP • Risk-Driven Iterations: Combines iterative processes with risk

r C assessments.

fo • Hybrid Model: Integrates Waterfall and Agile-like phases.

es • Good For: Projects where risk analysis and iterative refinement are
ot essential.

ell N Cleanroom Development

orn • Reliability Focused: Aims for software with a certifiable level of

C •
reliability.
Defect Prevention: Emphasis on preventing errors through rigorous
design and development practices.
• Best Application: High-stakes environments where reliability is
paramount (e.g., aerospace, defense).

• The Waterfall, Structured Programming, Agile, Scaled Agile Framework, Spiral, and Cleanroom
methodologies each offer unique benefits.
• Waterfall’s structured flow is best for well-defined projects, while Agile’s iterative nature suits
projects requiring adaptability and customer feedback.
• The Scaled Agile Framework allows large organizations to apply Agile across multiple teams, and
Spiral combines risk management with iterative phases.
• Cleanroom prioritizes defect prevention, ideal for critical applications.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Waterfall vs. Agile Methodologies
Core Concepts:
• Different Approaches:
Waterfall is sequential; Agile
is iterative.
• Team Focus: Agile
emphasizes small, skilled
teams.
• Delivery Cadence: Agile
focuses on frequent,
incremental deliveries
(sprints).
• Leadership Roles: Agile uses
a "scrum master" to
coordinate.
Priorities of Each Approach:
• Waterfall: Phased, linear,
comprehensive
requirements.
• Agile: Flexible, iterative, early
code delivery.
Methodology Priorities:
1. Waterfall
1. Sequential Phases: Progresses in a linear fashion from
requirements to design, development, testing, and
deployment.
2. Fixed Requirements: All project requirements are defined
upfront, with limited opportunity for changes once the
project begins.
3. Goal: Achieve complete project deliverables through a
on
structured and planned approach.
uti
4. Advantages: Works well when project scope is clear and
tr i
unchanging; good for projects with strict timelines andb
detailed specifications.
D is
2. Agile
t for
1. obroken down into shorter
Nthe
Iterative Sprints: Development is
cycles, known as "sprints," ,with
incremental updates. ha
goal of producing
t Na Engages stakeholders frequently,
2. Customer Involvement:
ee early and adjusting requirements as
needed. aj
gathering feedback

u
3. Scrum bhMaster Role: Guides the team, ensures productivity,
S removes obstacles to keep sprints on track.
land
o
C4. Goal: Deliver working software quickly and allow for
By adaptability based on feedback.

I SSP 5. Advantages: Best for projects with changing requirements or

r C where user feedback can enhance product development.

fo
es
ot
ell N
orn
C

• Waterfall prioritizes a structured, linear approach, focusing on completing all project phases
sequentially with set requirements.
• Agile emphasizes flexibility, with frequent, incremental deliveries via "sprints" that allow for
continuous feedback and adjustments.
• Waterfall is ideal for well-defined projects, while Agile suits dynamic, evolving projects that benefit
from early and continuous user input.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Role of Scrum Master in Agile Development
Core Concepts: Responsibilities of a Scrum Master:
• Coordination: Manages team
• Coordination of Activities: Leads and organizes team efforts,
efforts in alignment with project
ensuring that all work aligns with the sprint’s goals and timelines.
goals.
• Focus on Productivity: Keeps • External Barrier Shield: Protects the team from external interruptions,
team on task, minimizing delays. allowing members to stay focused and dedicated to sprint tasks.
• Role Summary: Facilitates and
shields team from external • Facilitator Role: Acts as a mediator, ensuring smooth workflow within
interruptions. the team by addressing any questions or conflicts that arise.
Key Advantages of a Scrum Master: • Scrum Principles Enforcement: Ensures that all team members
1. Shields team from outside adhere to agile and scrum best practices and processes.
ti on
interference
b u and
Productivity Focus: Continuously seeks ways to streamlineitasks
2. Enforces scrum principles and •
remove any obstacles, enhancing the team's speed ands t r
practices i effectiveness.
3. Removes barriers to team •
o r D rapid task
Security Consideration: Encourages a balance between
f
progress
t ensuring software
completion and adherence to security practices,
o
,N
4. Facilitates close team quality and resilience.
cooperation
h a
5. Enhances overall productivity
a
etN
h aje
S ub
C ol
By
I SSP
r C
fo
es
ot
ell N
orn
C

• The Scrum Master plays a crucial role in Agile development, coordinating team activities, enforcing
scrum principles, and protecting the team from disruptions.
• They facilitate collaboration, remove barriers, and ensure smooth workflow, enhancing productivity
while guiding the team to meet project goals efficiently.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Maturity Models in Development Process Improvement
Core Concepts:
• Purpose of Maturity Models:
Improve the development
process, including security,
by building capabilities and
benchmarking.
• CMMI Levels: Six levels
(Incomplete, Initial,
Managed, Defined,
Quantitatively Managed,
Optimizing) to assess
organizational maturity.
• OWASP SAMM Levels:
Focused on software
assurance with three levels
(Initial Implementation,
Structured Realization,
Optimized Operation).
Key Models:
1. CMMI
2. OWASP SAMM
Capability Maturity Model Integration (CMMI):
• Level 0 (Incomplete/Initiating): Ad hoc and undefined processes; work
may be incomplete.
• Level 1 (Initial): Reactive and unpredictable; work is completed but often
exceeds budget or timeline.
• Level 2 (Managed): Projects are planned and managed, with key metrics
tracked.
• Level 3 (Defined): Proactive organization; standards guide all projects
on
and programs.
uti
• Level 4 (Quantitatively Managed): Data-driven, with performance
tr i b
measured for stakeholder needs and predictable outcomes.
is
r Dwith agility and
• Level 5 (Optimizing): Continuous improvement focus,
innovation based on stability.
t fo
o
OWASP Software Assurance Maturity Model
a , N (SAMM):
• Purpose: Focus on software securityah through a measurable model
tN
adaptable for various organizations.
e
• Maturity Levels:
h aje
Levelb
•
S u 1: Initial implementation phase.
•
o lLevel 2: Structured and strategic realization.
B yC • Level 3: Optimized operations, with mature processes.

S P• Business Functions in SAMM: Governance, Design, Implementation,

CIS
Verification, Operations.

for Operation and Maintenance:

tes • Key Actions: Monitoring, periodic evaluation, and patching support long-
o
ll N
term secure and functional applications.

rn e • Purpose: Identifies security issues, ensures best practices, and

C o responds to vulnerabilities through proactive patching.

• Maturity models like CMMI and OWASP SAMM provide frameworks to assess and enhance
development processes, focusing on security and quality improvement.
• CMMI has six levels that measure organizational maturity, from incomplete processes to continuous
optimization, while SAMM evaluates software security posture with three maturity levels across key
business functions.
• The maintenance phase emphasizes monitoring, evaluation, and patching to support secure, reliable
software long-term.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Change Management in Security Operations and Software Development

Change Management Overview:

• Purpose of Change
Management: Ensures
changes are evaluated for
costs, benefits, and risks,
reducing potential
disruptions.Areas of
Application: Operations and
software
development.Change
• Goal: Assess and control changes to reduce operational and security
risks.
• Change Request (RFC) Process: A formal process for requesting
changes. Common sources for RFCs include:
• Service Requests for enhancements or new functionality.
• Incident Management Process to address unexpected
issues.

on
Request (RFC) Process: • Service Level Agreements (SLA) adjustments to meet
Requests initiated through agreed-upon performance standards.
uti
service requests, incident
Importance in Software Development:
tr i b
management, or SLAs.
is
r D stability.
Related Processes: • Configuration Management: Maintains consistent application
• Configuration Management
fo
configurations throughout the software lifecycle, ensuring
t deployment of
• Release Management
o
, Nsecure software releases.
• Release Management: Manages the timing and
a
software updates, aiming for controlled,
h
a
e tN
h aje
S ub
C ol
B y
I SSP
C
for
tes
o
ell N
orn
C

• Change management is critical for ensuring that all changes—whether in operational settings or
software development—are assessed for risk, costs, and benefits before implementation.
• In software development, configuration and release management are essential components of
change management, supporting stability and security in software releases.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Integrated Product Team (IPT):
Core Concepts:
• IPT Definition: A
multidisciplinary team
focused on delivering a
secure and functional
product throughout its
lifecycle.
• DevOps Approach: A
unified software
development approach that
merges:
• Software
Development
• Operations
Quality Assurance
•
Key Goals:
• Agile, responsive
development.
• Early and continuous
inclusion of security.
IPT Overview:
• Function: IPTs, akin to DevOps, involve professionals with expertise
across development, operations, and quality assurance.
• Team Dynamics: Team members engage at different levels throughout
the project but are collectively responsible for ensuring product
security, functionality, and maintenance.
DevOps Approach:
• Purpose: To integrate development, operations, and QA from the
project's beginning.
ti on
• Efficiency Benefits: This unification fosters a collaborative
i bu
r
t effect,
environment, reduces project handoffs, and mitigates the "silo"
s
i
r Dfrom the outset,
where teams work separately.
t fo
• Security Integration: By including security measures
o
the risk of last-minute vulnerabilities is minimized.
,N
Common Issues with Separate Teams: a
h independently, risking
N a
misalignment on goals. et
• Lack of Collaboration: Teams work
• Delayed Security h aje Security considerations are often added
ub increasing the likelihood of security gaps.
Integration:
S
after development,

C ol
B y
I SSP
C
for
tes
o
ell N
orn
C

• An Integrated Product Team (IPT), or DevOps approach, combines development, operations, and
quality assurance to create an agile, collaborative, and secure environment.
• This model emphasizes early security integration and continuous involvement, reducing risks
associated with the isolated development of individual teams.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 DevOps Security / SecDevOps
• Security in DevOps: Integrate DevOps to SecDevOps:
security throughout DevOps,
• Terminology Shift: The transition from DevOps to DevSecOps or
evolving into SecDevOps.
SecDevOps emphasizes that security is a built-in component, not an
• Security Involvement Timing:
afterthought.
Security should be involved from
the very start and throughout all Security Integration Steps:
phases.
Components of Secure DevOps: 1. Plan for Security: Outline security measures and policies from the
1. Plan for Security: Security should project’s outset.
be a planned, foundational 2. Collaborative Engagement: Developers, operations, and security
aspect.
on
teams should work closely, ensuring cohesive and holistic security
ti
2. Collaboration: Strong efforts.
i b u
coordination among developers,
3. Developer Role: By educating and involving developers in
s r
t creation.
secure
coding techniques, security is embedded directly into icode
operations, and security teams.
3. Developer Engagement: Active
fo rD
involvement of developers in
secure practices.
Security Techniques for DevOps:
o t
N that have built-in security
features minimizes vulnerabilities. a,
4. Secure Development Practices: • Secure Frameworks: Adopting frameworks
Use secure coding frameworks
a h
t N helping detect
and techniques.
• Automated Security Testing: Automating tests ensures consistent
5. Automate Security Testing:
security checks as code
je e
changes, vulnerabilities
ha
Utilize CI/CD pipelines for faster.
continuous security validation.
b
uof Traditional Techniques: Traditional methods like
6. Selective Traditional
l Stesting
• Selective Use
Techniques: Use slower security
bestC
o
penetration can be too slow for DevOps; therefore, they are
methods like penetration testing
B y used strategically.

SP
only when necessary.

CI S
for
tes
o
ell N
orn
C

• Security should be integrated throughout DevOps, evolving into SecDevOps, with active
collaboration among teams and a strong focus on automated security testing.
• This approach enables continuous security assurance without slowing down development cycles,
making it ideal for agile and iterative workflows.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Canary Testing and Deployments
Canary Testing Mechanics:
• Canary Testing Definition:
Release new code/features to • Hyperfocused Testing: Rather than pushing updates to all users, only
a small user subset to identify a small group experiences the new features first.
potential issues before full
• User Feedback: Feedback from this initial release provides insight into
deployment.
potential bugs or issues, which developers can address before a
• Purpose: Early issue
broader rollout.
detection, similar to the
"canary in a coal mine" for • Reduced Risk: Problems that may not have been detected in pre-
warning against danger. production are caught early without impacting the entire user base.

on
Process:
1. Selective Release: Code Smoke Testing in Context:
uti
changes are initially •
tr i
Definition: An initial testing approach focused on verifying core b
released to a small group. functionality.
is
rD
2. Feedback and Monitoring:
Responses are monitored •
f o
Application: Ensures that any critical failures are identified
t errors that might
immediately after deployment, addressing simple
for issues, allowing for fixes
o
,N
before a wider release. disrupt essential features.
Related Testing Concept:
h a
a
tN
• Smoke Testing: A quick
preliminary check to ensure
e
key features are functioning
h aje
ub
after a change.

S
C ol
By
I SSP
r C
fo
es
ot
ell N
orn
C

• Canary testing allows new software changes to be deployed safely to a limited user group before
general release, reducing the risk of widespread issues.
• It provides early detection of issues in a real environment, while smoke testing offers a quick check of
basic functionality post-deployment.
• Both approaches aim to improve release quality by identifying and addressing potential issues early.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Software Development Overview
Core Concepts:
• Programming Languages: Evolved
through generations; help in
secure and efficient code
development.
• Programming Language
Generations:
• Gen 1 & 2: Low-level (machine
and assembly languages)
• Gen 3 & 4: High-level
(structured and object-
oriented, e.g., Pascal, Java)
• Gen 5: Natural languages (e.g.,
Prolog)
Components in Development:
1. Libraries: Reusable code
collections; static (accessed
Programming Languages:
• Generations:
• Early languages (Gen 1 & 2) were low-level and closer to
machine code.
• High-level languages (Gen 3 & 4) brought structured,
object-oriented programming.
• Newest (Gen 5) languages aim at natural language
processing, enhancing AI and automation.
Development Tools and Components:
• Libraries: Store code snippets, functions, documentation. Public
ti on
libraries allow cross-application use.
i bu
• Static Libraries: Linked at compile time.
str
D i
for
• Dynamic Libraries: Accessed at runtime for flexibility and
efficiency.
t
No
• SDKs/Tool Sets: Collections of development tools specific to

a,
during build) vs. dynamic platform types (e.g., mobile, desktop).
(accessed at runtime).
h
Na
• IDE Components:
2. Tool Sets (SDKs): Development
tools (compiler, debugger) aiding •
jeet
Streamline coding with a code editor, compiler, debugger,
and automation tools.
ha
specific platforms.
3. IDEs: Comprehensive tools for •
b
Examples: Visual Studio (Microsoft), Eclipse, IntelliJ IDEA.
coding (e.g., Visual Studio, •
l SuSelection depends on factors like language support, cost,
Co
Eclipse). and usability.
4. Translators: Convert code to
machine language: By Translators and Execution:
1. Assemblers (assembly
I SSP • Translators make code executable by computers, which only
understand binary.
C
language to machine code)
r
o
2. Compilers (high-level to
f
• Assemblers: Entire low-level code to machine code.
machine code)
es • Compilers: Entire high-level code to machine language
ot
3. Interpreters (high-level code before execution.
ll N
to machine code, line-by-line
• Interpreters: Line-by-line high-level to machine language
rn e
at runtime) at runtime.

C o
5. Runtime: The phase when code
executes on the system. Runtime
• The period when the code is active and interacting with the system
resources.

• Software development involves using programming languages, libraries, and tools like SDKs and
IDEs to create applications.
• Libraries offer reusable code, and SDKs provide specific platform tools. IDEs integrate these
components, enabling efficient coding. Translators (assemblers, compilers, interpreters) convert
code into machine language.
• Runtime is the execution phase, making all these components function together.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Continuous Integration, Delivery, and Deployment (CI/CD)
• CI/CD Definition:
• CI/CD can stand for
Continuous Integration,
Continuous Delivery or
Continuous Integration,
Continuous Deployment.
• Three Key Processes:
• Continuous Integration (CI):
Automates code commits and
testing.
• Continuous Delivery (CD):
Automates validated code
changes and releases into the
repository.
CI/CD Explained:
• Continuous Integration: Focuses on frequently committing code
changes to a repository, with automated testing integrated to ensure
code stability. By automating these processes, it’s easier to test and
validate new code before it reaches production.
• Continuous Delivery: Expands on CI by adding automated release
capabilities. Validated code changes can be automatically integrated
and released into a code repository, ready for a production
environment.
on
• Continuous Deployment: Takes CI/CD a step further by automatically
uti
tr i b
pushing changes directly into production. With continuous deployment,
sends the code back to the developer for corrections.
D is
there’s no need for human intervention unless a test fails, which then

• Continuous Deployment (CD):

Benefits of CI/CD:
t for
Automates releasing changes
• CI/CD Pipeline Efficiency: Reduces timeN
o
to production and ensures
a, released.
into production without human
intervention.
h
stable, high-quality code is continuously
a in testing, the code is returned to the
• Main Goals:
t N
• Error Handling: If any error occurs
• Streamlined code integration
e e
developer for resolution, promoting
j reliable production releases.
ha
• Automated testing and
deployment
b
• Faster production-ready
l Su
Co
releases

y
S PB
CI S
for
es
ot
ell N
orn
C

• CI/CD stands for Continuous Integration, Continuous Delivery, and/or Deployment. CI focuses on
automated code commits and testing.
• CD (Delivery) adds automated code release into repositories, while CD (Deployment) automatically
pushes code changes into production if testing is successful.
• CI/CD optimizes the development process, allowing reliable, fast code updates without manual
intervention.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Software Configuration Management (SCM)
Overview of SCM:
Core Concepts:
• SCM Definition: Process for • Purpose: SCM provides a structured approach to managing software
changes, allowing for clear tracking and organization of revisions and
systematically managing,
updates to code, documentation, and processes.
organizing, and controlling
software changes during the • Core Practices:
SDLC. • Baseline Establishment: Defining and maintaining a
• Key Activities: starting point of the software or project for future
• Establishing baselines and comparisons.
revision control Revision Control: Systematic control of changes in software
on
•
• Build and process
management
code and documents to avoid conflicts or loss of
uti
• Encouraging team
information.
tr i b
collaboration within the
•
D is
Build Management: Organizing and managing the build
process for consistent and accurate software builds.

for
development team.
• Relation to Change t
• Team Collaboration: SCM fosters effective teamwork by maintaining
Management: Part of broader No
clear documentation of each change and ensuring that team members
configuration and change
h a,
work with the most current information.
management processes. Benefits Explained:
Na
Benefits of SCM:
jeet
• Productivity and Error Reduction: SCM minimizes errors by clearly
ha
• Improves productivity and
tracking all changes, so any issues can be resolved efficiently, and by
reduces errors.
b
Su SCM enables smoother workflows in
ensuring that only approved and validated changes are incorporated.
• Supports consistent version
control and change tracking. l
o environments with consistent, organized change
• Process Efficiency:
y C
development
• Facilitates organized, systematic
changes to code, documents, B
management practices.
and other resources.
I SSP
r C
fo
es
ot
ell N
orn
C

• Software Configuration Management (SCM) is a systematic approach for managing software

changes, including baseline establishment, revision control, and build management, which
collectively improve productivity and reduce errors.
• SCM is essential for organized and efficient software development, fostering effective teamwork and
helping track and manage changes consistently throughout the SDLC.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


Core Concepts:
• Definition of Code Repository:
Storage location for software and
application source code.
• Examples of Popular
Repositories: GitHub,
SourceForge, Project Locker,
SourceRepo.
• Types of Repositories: Support for
public/open-source and private
projects; some repositories, like
Project Locker, are private-
focused.
Repository Capabilities Beyond
Storage:
• Versioning and Release Control
• Code Review and Collaboration
• Bug Tracking and Document
Management
• Patch Management
S PB
CI S
for
es
ot
ell N
orn
C
Code Repositories
Code Repository Overview:
• Code repositories act as central storage points for managing code,
allowing developers to store, manage, and retrieve code effectively.
• Popular Repositories:
• GitHub and SourceForge: Popular for open-source and
collaborative projects.
• Project Locker and SourceRepo: Focus on enterprise-grade,
private repositories designed for secure code management.
Enhanced Features:
ti on
• Versioning and Release Control: Provides a clear history of code
i bu
s
changes, making it easier to track progress and roll back if t r
issues
i
r D and
arise.
fo
discussion forums for team collaboration. ot
• Collaboration Tools: Enables code reviews, feedback,
a , Nfor bug tracking,
• Bug and Document Management: Allows
a hof related files and data.
documentation, and management
N
tcode
je e
• Patch Support: Facilitates patches for error correction and
ha
feature enhancement.
b
l Su
y Co

• Code repositories are essential storage and management platforms for software and application
code, supporting both open-source and private projects.
• Beyond storage, they offer robust version control, code review, collaboration, bug tracking, and
document management, making them invaluable for efficient, secure, and collaborative software
development.
• Popular options include GitHub for open-source projects and Project Locker for enterprise-level
private code management.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Application Security Testing
Core Techniques for Security
Testing:
1. SAST (Static Application
Security Testing)
• White-box testing
• Examines code itself
2. DAST (Dynamic Application
Security Testing)
• Black-box testing
• Examines running
application
3. Fuzz Testing
• Dynamic testing
approach
• Premise is chaos-based
input to uncover flaws
Additional Technique:
• IAST (Interactive Application
Security Testing)
• Combines SAST and
DAST elements
Core Testing Techniques:
• Static Application Security Testing (SAST):
• Type: White-box testing
• Functionality: Examines code for vulnerabilities without
executing it.
• Purpose: Detects flaws early in development by analyzing
source code or binaries.
• Dynamic Application Security Testing (DAST):
• Type: Black-box testing
ti on
• Functionality: Tests the application during runtime to
i bu
assess vulnerabilities in a live environment.
str
•
D i
Purpose: Finds runtime issues like authentication and data
for
validation errors.
t
No
• Fuzz Testing:
a,
• Type: Dynamic testing form
h
•
Na
Functionality: Uses random and unexpected inputs to
je et
discover potential vulnerabilities in error-handling logic.

ha
• Conducted while the • Purpose: Identifies unforeseen weaknesses by stressing the
application is running
b
application with diverse input data.
with visible source code
l Su Security Testing (IAST):
Co of SAST and DAST:
Interactive Application

y
• Combination
B • Conducted while the application is running and allows
S P
CI S visibility into source code and runtime behavior.

or
• Purpose: Provides a more comprehensive approach by

s f examining both code-level flaws and runtime issues.

o te
ell N
orn
C

• Application security testing utilizes multiple techniques—SAST, DAST, and Fuzz Testing—to
comprehensively assess code security from various perspectives, such as static code analysis,
runtime behavior, and input robustness.
• IAST combines SAST and DAST capabilities, allowing real-time testing with code visibility for a more
in-depth analysis. Incorporating these methods ensures thorough security assessment across
development and deployment phases.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Secure Programming
Key Security-Oriented Concepts in Modern Programming and Security:
Programming: • Earlier programming practices made secure coding difficult due to
1. Inheritance limited language capabilities.
2. Encapsulation • Today, security requirements are easier to meet due to built-in
3. Polymorphism security functions in most modern programming languages.
4. Polyinstantiation
Key Secure Programming Techniques:
Focus on Security from Project
Start: • Inheritance:
• SecDevOps Approach • Allows objects to inherit characteristics from previously
• Defining Security Requirements defined objects, eliminating the need to reprogram

on
Early characteristics and promoting consistent security practices
• Utilizing Built-in Security across code.
uti
Capabilities of Modern Languages • Encapsulation:
tr i b
Objective: Incorporate secure •
is
Concept from VPN tunneling applied in programming.
D
for
programming practices through • Wraps an object or code to hide specific information and
structured methodologies, leveraging
t
adapts the code to particular needs, providing controlled
No
modern programming capabilities to access to object functionality.

a,
enhance application security. • Polymorphism:
h
Na
• Similar to polymorphic viruses but non-malicious.
•
jeet
Code that can change based on specific requirements,
behaving adaptively to suit the application environment’s
ha
needs.
b
Su
• Polyinstantiation:
l
Co
• Allows objects to exist in multiple independent instances,

By enabling flexibility in secure data handling.

SP
Importance of SecDevOps:

CI S • Security becomes integral from project inception to deployment.

for • Diverse team collaboration (e.g., information owners, technology

experts) helps accurately define and incorporate security
es
ot
components at each stage.

ll N
Programming Tools for Security:

rn e • Newer tools and methodologies facilitate security integration directly

into programming.
C o • For example, inheritance ensures that secure characteristics
consistently propagate across all new objects, minimizing security
gaps.

• Secure programming benefits from incorporating security requirements at the start of development,
following a SecDevOps approach.
• Techniques like inheritance, encapsulation, polymorphism, and polyinstantiation allow for secure,
adaptable, and maintainable code.
• Modern programming languages with built-in security capabilities make addressing security needs
more feasible, and tools for secure inheritance and encapsulation ensure consistent security
practices across applications.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


Definition:
• Hides or obscures code to protect
it from unauthorized viewing or
reverse engineering.
Types of Code Obfuscation:
1. Lexical Obfuscation
2. Data Obfuscation
3. Control Flow Obfuscation
Disadvantage of Code Obfuscation:
Code Obfuscation
Purpose of Code Obfuscation:
• Intended to make code difficult for unauthorized users to interpret,
thus protecting the code’s logic and purpose.
• Commonly used to prevent reverse engineering and enhance the
security of sensitive or proprietary code.
Types of Obfuscation:
1. Lexical Obfuscation:

on
• Potential delays in recovery or • Alters the appearance of the code without changing its
maintenance due to lack of clarity functionality.
ti
in obfuscated code, especially •
debugging info, and altering code formatting. tri
Changes may include modifying comments, removing bu
during a disaster recovery
situation.
D is
for
• Easiest to implement but weakest in terms of security
BCM Strategy: effectiveness.
• Secure storage of original code
o t
(software vault) as part of BCM. 2. Data Obfuscation:
, N
Changes data structuresa
•
h in the code, making it challenging

t Na
to understand data relationships and values.

j ee
3. Control Flow Obfuscation:
•
b halogical
Alters the flow within the code by reordering
S u and methods. irrelevant conditions, or modifying
statements, inserting
olloops
•C More advanced and difficult to reverse-engineer than lexical
B y or data obfuscation.
I SSPPotential Disadvantages:
C
for • Maintenance and Disaster Recovery: If obfuscated code is required

tes for urgent maintenance or restoration during a disaster, understanding

o the code can be extremely difficult.

ell N • Mitigation Strategy: To prevent obfuscation-related setbacks, use a

orn software vault to securely store unaltered mission-critical source

C code. Incorporate this into Business Continuity Management (BCM)
planning to ensure recovery options.

• Code obfuscation enhances security by obscuring the purpose and logic of code, making it difficult
for unauthorized users to interpret or reverse-engineer.
• Three primary types—lexical, data, and control flow—offer different levels of complexity, with control
flow being the most sophisticated.
• While obfuscation strengthens code security, it can hinder maintenance or recovery efforts.
• To mitigate this, unaltered source code should be stored securely in a software vault as part of BCM
strategy

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security in Software Environments
Definition:
• Separation of different
software environments
(development, test, QA, and
production) to maintain
security and operational
integrity.
Best Practice:
• Segregate specific
Separation of Environments:
1. Development Environment:
• Where coding and initial development take place.
• Often requires flexibility and a relaxed set of permissions, but
should remain isolated from sensitive data.
2. Testing Environment:
• Used to test application functionality without risking
production data.
• Security should ensure no production data is used and that

on
components of the software tests do not compromise other environments.
environment to prevent 3. QA (Quality Assurance) Environment:
uti
cross-environment •
i b
Allows for thorough validation of the application’s performance
tr
interference and secure
sensitive data.
and security.
D is
for
• Critical to apply security checks and vulnerability
Security Role: assessments in QA before any code moves to production.
t
No
• Security should act as an 4. Production Environment:

a,
advisor in each environment • The live environment where the application is accessible to end -
to ensure that best practices users.
h
and controls are in place.
Na
et
• Requires strict security controls, monitoring, and adherence to
security policies, as it holds live data and real user interactions.
je
ha
Role of Security in Each Environment:
b
Su
• Advisor Role: Security teams should be actively involved in each
l
environment to establish guidelines, monitor adherence to policies, and

y Co
review changes.

B • Data Protection: Ensure that sensitive data is not exposed in

SP
development, test, or QA environments.

CI S • Access Control: Limit access to each environment based on roles and

responsibilities, preventing unauthorized users from crossing into other
for environments.

es Benefits of Environment Separation:

ot
ll N
• Risk Mitigation: Reduces the risk of code changes in development or
testing accidentally impacting production.

rn e • Enhanced Security: Enables focused security controls tailored to the

C o needs of each specific environment.

• Operational Efficiency: Prevents disruptions in production due to
issues in development or testing phases.

• Separating software development environments is a best practice that safeguards against security
risks and operational disruptions.
• By isolating development, testing, QA, and production, each environment can be managed with
tailored security controls.
• Security plays an advisory role across these environments to maintain data protection, implement
access controls, and prevent cross-environment interference.
• This separation ultimately supports a secure, efficient software development lifecycle.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 DBMS, Concurrency, and Lock Controls
DBMS Components and Security Needs:
Components of DBMS:
1. Hardware Security: Physical protection and secure configurations to
• Hardware, software, language
prevent unauthorized access.
(e.g., SQL), users, data
Database Terminology: 2. Software Security: Ensure DBMS software is up-to-date and patched
against vulnerabilities.
• Columns/Fields = Attributes
• Records/Rows = Tuples 3. Database Language Security (e.g., SQL): Implement permissions and
controls within SQL to restrict data manipulation.
Key Concepts in Relational
Databases: 4. User Access Controls: Define roles and restrict access to authorized
• Primary Key: Unique identifier for users only. Provide user training on security responsibilities and proper
database usage.
on
each row/tuple in a table
• Foreign Key: References primary 5.
control lists (ACLs) to protect sensitive information.
uti
Data Security: Secure the data itself, utilizing encryption and access
key in another table, linking tables
Relational Database Structure:
tr i b
together
Concurrency Control: •
D is
Attributes (Columns): Represent the specific data points within a table.
• Allows multiple processes to •
for
Tuples (Rows): Each row represents a unique entry in the table,
t
No
access or modify data identified by a primary key.
simultaneously
a,
• Concurrency and Locking Mechanisms:
Locks: •
h
Concurrency allows multiple transactions to occur simultaneously,

Na
• Prevent data corruption by increasing efficiency.
controlling simultaneous access
ACID Properties:
•
jeet
Locking Controls: Essential to prevent data inconsistencies by

ha
managing data access in concurrent environments, especially during
1. Atomicity - Ensures transactions
b
write operations.
are completed entirely or not at
Su
ACID Properties in Databases:
l
Co
all. • Atomicity: All parts of a transaction must complete or none of them will.
2. Consistency - Maintains
database integrity by following By Ensures reliability by avoiding partial transactions.

SP
• Consistency: Ensures only valid data is saved, preserving integrity rules
rules. within the database.

CI S
3. Isolation - Ensures concurrent
• Isolation: Each transaction is processed independently, without

for
transactions do not interfere. interference from others, maintaining accuracy.

es
4. Durability - Guarantees
• Durability: Once a transaction is committed, it remains in the database
ot
transaction permanence after
even in case of a system failure.

ll N
commit.
Importance of Database Security:

rn e • Databases often hold sensitive, critical business information.

C o • Security in databases extends to all aspects: access control, data

protection, application-level security, and physical safeguards.
• Each layer of the DBMS environment must be secured to prevent
unauthorized access and ensure data integrity.

• DBMS environments manage critical data through hardware, software, database languages, and
user interfaces, with strict security applied to each component.
• In relational databases, primary and foreign keys organize data, while concurrency and lock controls
prevent corruption when multiple users access data.
• Databases adhere to ACID properties (Atomicity, Consistency, Isolation, and Durability) to ensure
transaction integrity and reliability.
• Comprehensive database security across layers is essential to protect valuable business
information from unauthorized access.
Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024
 DBMS Architecture Components
1. Hardware:
DBMS Architecture Components • Physical foundation of the DBMS, often consisting of dedicated
Core Components: servers.
1. Hardware
2. Software
• Includes RAID controllers for redundancy, ensuring data availability
even if hardware fails.
3. Language (e.g., SQL)
4. Users • Redundant components (power, cooling, and network) provide
5. Data system resilience and reliability.
Primary Function of Each 2. Software:
Component: • Operating System (OS): Supports the database application,

on
• Facilitates data storage, retrieval, handling low-level system management and security.
and security within a structured •
u
Database Software/Application: Manages data storage, retrieval,ti
database environment
i b
and user interaction, requiring robust application security to prevent
tr
unauthorized data access.
D is
for
3. Language (SQL):
•
t
SQL (Structured Query Language): The primary language used to
No
communicate with and manage database contents.
•
h a,
Variants include T-SQL, MySQL, PostgreSQL, and SQLite.

Na
• SQL commands allow for data querying, updating, and structuring,

et
supporting user interactions within the DBMS.
4. Users: je
•
bha
Individuals interacting with the database, typically through a user
Su
interface provided by the DBMS software.
l
Co
• Admin and super users may access data directly via SQL queries,

By enabling more advanced database management.

SP
• User roles and access levels should be defined and controlled to

CI S secure data from unauthorized access.

5. Data:
for • The critical information stored within the DBMS, often containing
es
ot
valuable and sensitive information.

ll N
• Requires security measures across all DBMS components,

rn e ensuring data is protected at every level, including hardware security,

software controls, and user access management.
C o

• DBMS architecture is made up of five key components—hardware, software, language, users, and
data.
• Each component is essential in supporting the secure and efficient functioning of the database.
• Hardware provides the physical infrastructure; software (OS and DBMS) manages data operations;
• SQL or a similar language enables user interactions; users are managed through roles and
permissions; and
• Data is safeguarded through a comprehensive security framework that covers all DBMS elements.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Relational Database Fundamentals
Evolution of Databases:
Evolution of Databases:
• Shift from hierarchical, flat-file • Earlier databases used hierarchical structures or flat files on tapes,
databases to Relational Database limiting data linking and complexity.
Management Systems (RDBMS)
• RDBMS now dominates due to its ability to store and relate data
Core Components of RDBMS:
objects, allowing users to make informed decisions through inferred
• Attributes and Tuples
relationships.
• Primary and Foreign Keys
2. Relational Database Structure:
• RDBMS consists of two-dimensional tables containing data linked by
relationships.
ti on
i bu
• Each table is composed of rows and columns.
tr
• Rows (also called tuples) represent individual records.is
D
rwithin
• Columns (also called attributes) represent fields
t fo those records.
o
,N
3. Primary and Foreign Keys for Data Integrity:
a
a
• Primary Key: A unique identifier forh each row in a table, ensuring that
t N table, StudentID serves as a
each record is unique. In a student
e
ain jaesecondary table that references the primary
primary key.
h
b creating a link between tables. For instance,
• Foreign Key: A key
key in a mainu
S table,
l in a registration table acts as a foreign key, linking it back to
o
StudentID
C table.
y
the student
• B
S P Together, primary and foreign keys maintain referential integrity,

CI S ensuring related data across tables remains consistent and linked,

which supports data reliability and easy cross-referencing.
for
tes
o
ell N
orn
C

• Relational databases (RDBMS) replaced hierarchical databases, allowing for structured, two-
dimensional tables that link data through relationships.
• RDBMS uses attributes (columns) and tuples (rows) to organize data, and primary and foreign keys
to maintain referential integrity, allowing users to easily relate information across tables.
• This structure enhances data-driven decision-making by supporting data consistency and relational
insights.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Common Database Terms & Referential Integrity
Referential Integrity:
1. Referential Integrity
2. Key Database Terms (Tuple, • Definition: Ensures that relationships between tables remain
Attribute, Field, Primary Key, consistent.
Foreign Key)
• Primary Key Validation: When a new record is added, primary key
values are checked to meet criteria like length, data type, and
uniqueness.
• Example: Every StudentID in the student table must be unique and
valid; each StudentID in a related registration table must correspond to

on
an existing student.
2. Common Database Terms: u ti
r i b
t data
is
• Tuple: Represents a single row in a table (each row is a unique
entry).
fo rD
characteristic or data type (e.g., LastNameo
t
• Attribute: A single column within a table, representing a specific

, N of a row and column,

or Course).

h
• Field: The specific data point at the aintersection
N a
where individual data entries reside.
• Primary Key: A uniqueje et for each row, ensuring no two rows
identifier
share the same key.
b haExample: AuthorID in an authors table.
l
• Foreign Key:SuA column in one table referencing the primary key in
another,o creating a relationship between tables. Example: AuthorID as
y C key in a books table linking to the authors table.
a foreign
B
I SSP
r C
fo
es
ot
ell N
orn
C

• Referential integrity is essential in relational databases, ensuring data consistency across tables
through primary key validation.
• Key terms include Tuple (row), Attribute (column), Field (individual data point), Primary Key (unique
identifier within a table), and Foreign Key (a reference linking two tables).
• Referential integrity allows for data reliability and relational insights across connected tables.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Concurrency & Lock Controls in Databases
Concurrency:
• Concurrency
• Definition: The capability allowing multiple users or processes to
• Lock Controls
access or update shared data simultaneously.
• Database Integrity
• Purpose: Supports real-time data access, enabling up-to-date
information critical for decision-making.
• Example: Two users may attempt to view or modify the same data
entry at the same time, leading to possible conflicts if not managed
properly.
2. Lock Controls:
ti on
• Definition: Mechanisms within a DBMS that prevent concurrentuaccess
from corrupting data.
s trib
r
• Functionality: Locks restrict access to data items whileDi a process or
user is editing them, maintaining data integrity.fo
o t
• Types of Locks: A record lock is commonly
, Nfrom otherwhere
used, a specific
h a
data record is locked to prevent updates users.
a
e t Ntheirtoedits
• Example: If User A locks a record make updates, User B can only

je
view it until User A completes and releases the lock.

b
3. Database Integrity:ha
• Concurrencyl Suand locking work together to protect data accuracy and
Co
reliability.
y
B controls prevent issues like data corruption that could occur if
• Lock
P
I SS simultaneously.
multiple users attempted to write to the same database entry
C
for
tes
o
ell N
orn
C

• Concurrency allows multiple users to access data at the same time, supporting real-time decision-
making.
• Lock controls are used to maintain data integrity by preventing simultaneous updates to the same
data.
• This functionality is essential for protecting databases from corruption and ensuring data reliability.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 ACID Properties in RDBMS
1. Atomicity:
1. Atomicity
2. Consistency • Definition: Ensures that all parts of a transaction are completed
3. Isolation successfully, or none are applied if any part fails.
4. Durability • Purpose: Prevents partial updates that could lead to data
inconsistencies.
• Example: When transferring funds between accounts, if any part of the
process fails, the entire transaction is rolled back to maintain data
integrity.
2. Consistency:
ti on
b
• Definition: Ensures the database remains in a valid state byiadheringu
str
to all defined rules and constraints.
i
D to the
• Purpose: Guarantees data remains accurate and r
schema rules after a transaction. t fo conforms

N o
a, rules (e.g., negative
• Example: If a transaction violates database
balance not allowed), it will not behcompleted.
3. Isolation: t Na
je e is isolated from others, meaning it is
invisible to other ha
• Definition: Each transaction
btransactions until it’s fully completed.
S u
• Purpose:lPrevents concurrent transactions from interfering with each
o
Cmaintaining
y
other, data integrity.
• B
S P Example: User B cannot see changes made by User A’s transaction

CI S until it is fully completed.

for 4. Durability:

tes • Definition: Ensures that once a transaction is completed, the changes

o
ll N
are permanently saved and will not be lost.

rn e • Purpose: Protects against data loss due to unexpected issues like

C o power outages.
• Example: After a transaction is committed, the data changes are
written to disk and preserved even if there’s a system crash.

• The ACID properties in RDBMS — Atomicity, Consistency, Isolation, and Durability — are
fundamental principles that ensure database transactions are processed reliably.
• They prevent partial updates, ensure adherence to rules, maintain transaction isolation, and
guarantee that completed changes are permanent, which collectively support data integrity and
reliability in multi-user environments.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Metadata in Data Management
Definition of Metadata:
1. Definition of Metadata
2. Examples of Metadata • Explanation: Metadata is "data about data" that provides context and
additional details about other data items.
• Purpose: Helps in identifying, organizing, and managing data more
effectively by giving descriptive information.
2. Examples of Metadata:
• File Metadata: Information about a file such as creation date, last
modified date, file owner, file size, etc.
t i on
• Database Metadata: Includes table structures, column types,
i bu
constraints, and relationships between tables.
st r
i
rD
• Document Metadata: Author, title, keywords, document type, and
summary.
t fo
o
, N and retrieval by
Uses:

a
hwithout revealing the actual data
• Data Management: Supports data organization
a
providing information about data
content.
e tN
a je Useful for tracking data ownership, changes,
h
• Security & Compliance:
ub which aids in auditing and maintaining data integrity.
and permissions,
S
C ol
B y
I SSP
C
for
tes
o
ell N
orn
C

• Metadata provides essential information about data, enabling efficient management, retrieval, and
security of data.
• By offering details such as creation date, file size, ownership, and structure, metadata improves the
functionality and integrity of data systems and is critical for organizing and accessing information
effectively.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Development Ecosystems in Software Security
1. Types of Development
Ecosystems
2. Common Characteristics
Types of Development Ecosystems:
• CI/CD (Continuous Integration/Continuous Delivery/Deployment):
Automates the integration, testing, and release of code to streamline
the development process and ensure frequent, stable updates.
• SOAR (Security Orchestration, Automation, and Response):
Coordinates and automates security tasks, helping to quickly identify
and respond to threats.
• SCM (Software Configuration Management): Manages changes to

on
software, ensuring version control, consistency, and tracking
throughout the software lifecycle.
u t i
2. Common Characteristics:
r i b
t errors,
is
rD
• Automation: Key in maintaining consistency, reducing manual
fo
and ensuring quality across all stages of software development.
t processes, leading to
o
, N products and updates.
• Efficiency and Delivery: Designed to streamline
a
faster and more reliable delivery of software
h security measures to protect
a
t Nstakeholders, integrating security at every
• Security Focus: Emphasizes proactive
e
both the organization and its
phase.
h aje
S ub
C ol
B y
I SSP
C
for
tes
o
ell N
orn
C

• Development ecosystems like CI/CD, SOAR, and SCM provide structured frameworks that focus on
efficiency, automation, and security.
• Each ecosystem serves a unique purpose—whether for code integration, security response, or
configuration management—but they share common goals of delivering high-quality products,
automating workflows, and proactively securing development processes.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Methods for Assessing Software Security
1.Security Testing Methods
2.Key Processes in Security
Assessment
3.Certification vs. Accreditation
Security Testing Methods:
• Testing Types:
• White Box Testing: Detailed internal examination of code,
logic, and architecture.
• Black Box Testing: Testing without knowledge of internal
workings, focusing on inputs and outputs.
• Threat Modeling: Identifies potential vulnerabilities and
possible attack vectors.

on
• Penetration Testing: Simulated attacks to evaluate
application resilience.
ut i
2. Key Processes in Security Assessment:
tr i b
is
strategies to mitigate them.
f o rD
• Risk Analysis and Mitigation: Analyzes risks and implements

• Auditing and Logging Changes: Tracks ando

t
,N
reviews changes to detect
a
potential issues and ensure accountability.
hchecks logs for suspicious activity
a
and performance issues. t N
• Logging and Monitoring: Regularly

je e
• Internal and External
compliance andb
ha Audits: Provides an objective review, ensuring
SuProcess: Evaluates third-party components for security
identifying security gaps.
l
Co
• Procurement
y
compliance.
B
P
S requirements before release.
• Testing and Verification: Validates that applications meet security

CI S
for • Code Signing: Verifies the origin and integrity of code to prevent

tes tampering.

N o 3. Certification vs. Accreditation:

rn ell • Certification: In-depth, technical analysis confirming that security

C o requirements are met.

• Accreditation: Management’s formal approval to implement certified
applications, signifying risk acceptance.

• Software security assessment involves comprehensive testing methods, risk analysis, logging, and
audits.
• Key activities include threat modeling, penetration testing, and certification and accreditation, which
confirm technical compliance and secure management approval, respectively.
• Each process ensures that software security is maintained and meets organizational and regulatory
standards.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Security Assessment of Acquired Software
1. Importance of Security Importance of Security Assessment for Purchased Software:
Assessment for Purchased • Security assessment is essential regardless of whether software is
Software developed in-house or acquired from an external vendor.
2. Security Involvement in
Acquisition • Objective: To identify and mitigate any potential security risks within
3. Source Code Availability and the purchased software, as external software can still introduce
Escrow Agreements vulnerabilities.
2. Security Involvement in Acquisition:
• Security should be actively involved in evaluating the acquired
software for functionality and vulnerabilities.
ti on
• The assessment includes evaluating both the operational ibu
is tr
effectiveness of the software and any security-related concerns.

f o r Dassessments,
• Methods: Can include black-box testing, vulnerability
and security audits on the acquired software.t
N o
3. Source Code Availability and Escrow
h athe, source code, offering only the
Agreements:
• Vendors may not provide access
t Na to
compiled product.
je e
• Escrow Agreement: a can
hensuring
This be arranged to store the source code
b
orusupport.
with a third party,
operationsS
access if the vendor ceases business
l
y Co
P B
I SS
C
for
tes
o
ell N
orn
C

• Purchasing software does not eliminate the need for a security assessment.
• Security should evaluate any acquired software for vulnerabilities to ensure it meets the
organization's standards.
• If source code is unavailable, companies can establish escrow agreements to secure access to the
code for future needs.
• This proactive approach mitigates risks associated with vendor dependency and software
vulnerabilities.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Software Acquisition Methods and Assurance
1. Software Assurance Phases for
Acquisition
2. COTS Software (Commercial
Off-The-Shelf)
3. Open Source Software
4. COTS vs. Open Source: Pros
and Cons
Software Assurance Phases for Acquisition:
• Involves ensuring that any acquired software—regardless of the source—is
secure and aligns with organizational requirements.
• Emphasis on applying the Software Development Life Cycle (SDLC)
principles to assess, test, and validate software before deployment.
2. Commercial Off-the-Shelf (COTS) Software:
• Definition: Readily available software intended for mass use, such as
Microsoft 365 or ERP solutions.
• Advantages:
• Established functionality and reliability.
• Community support and peer evaluations available.
ti on
• Frequent updates and patches by the vendor.
i bu
• Disadvantages:
str
•
D i
Limited to black-box testing; no access to source code.
•
t for
Dependency on vendor’s business stability and support.

No
• Potential vulnerabilities due to widespread use.

a,
3. Open Source Software:
h
Na
• Definition: Software with available source code, inviting community
collaboration and modification.
• Advantages:
jeet
•
bha
Allows code examination, modification, and control by the
organization.
•
l SuTypically faster identification and resolution of security issues.

y Co
• Maintains stability beyond the original creators, supported by a
broad community.
B
SP
• Disadvantages:

CI S • Community-based development may introduce accidental or

malicious vulnerabilities.

for • Requires a rigorous assessment similar to in-house developed

es software.
ot 4. COTS vs. Open Source:

ell N • Similarity: Both are popular, cost-effective alternatives to in-house

rn
development.

C o • Differences: COTS is proprietary, often without source code access, while

open-source is customizable with full access to the code base.
• Considerations for Both: Organizations should treat both COTS and open
source software with caution and integrate security reviews to mitigate
risks.

• When acquiring software, whether COTS or open source, organizations must prioritize security and
evaluate software thoroughly, using the SDLC process where possible.
• COTS offers established functionality but is restrictive, while open source offers flexibility and
community support but requires proactive assessment to prevent vulnerabilities.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Third-Party Code and Managed Service Providers (MSPs)
1. Third-Party Code in Software Development:
1. Third-Party Code in
• Definition: Code created by external developers (independent
Software Development
contractors or employees of another company) rather than by internal
2. Managed Service Providers development teams.
(MSPs)
3. Assessment of Managed • Key Consideration: Third-party code should undergo the same
Service Providers security and functionality evaluations as in-house developed code.
• Best Practice: Apply SDLC rigorously to validate code quality, security,
and alignment with organizational standards.
2. Managed Service Providers (MSPs):
ti on
r ibuonand
• Definition: MSPs handle IT infrastructure, enterprise applications,
support services for client organizations, enabling them totfocus
core operations.
D is
• Common Services Offered:
t for
Network monitoring, data backup,oand recovery.
, N support.
•
Security management andatechnical
•
h
Enterprise applicationamanagement and cloud services
tN
•
bundling.
e
e provide cost-effective solutions, often
• Advantage for SMBs:
h ajMSPs
more affordablebthan managing IT infrastructure in-house.
l SofuManaged Service Providers:
o
3. Assessment
C
B y
• Purpose: Ensures that the MSP’s services align with organizational
S P goals, especially around security, privacy, and compliance.

CIS • Assessment Criteria:

for • SOC Reports: Independent audit reports providing insights
tes into security practices.

N o • Site Visits: Senior management and stakeholders conduct

rn ell evaluations.

C o • Customer References: Discussions with current MSP

customers to gauge service quality.
• Regulatory Assessments: Ensuring MSP compliance with
industry standards and regulatory requirements relevant to
the organization.

• Third-party code and MSPs offer valuable services but require stringent assessments to ensure
quality, security, and alignment with organizational standards.
• The SDLC process should be applied to third-party code, while MSPs should be evaluated through
SOC reports, site visits, and customer references to verify compliance and suitability.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Cloud Service Models and Security
• Cloud Service Models (SaaS,
IaaS, PaaS)Security
• Involvement in Cloud
Acquisitions
• Shared Responsibility Model
• Due Diligence and Agreements
Cloud Service Models:
• Software as a Service (SaaS): Provides applications hosted by a
third-party provider accessible over the internet.
• Infrastructure as a Service (IaaS): Delivers virtualized computing
resources like storage, network, and servers over the internet.
• Platform as a Service (PaaS): Supplies a platform allowing
organizations to develop, run, and manage applications without
dealing with infrastructure complexities.
2. Security Involvement in Cloud Acquisitions:
Role of Security: Security teams should be involved from the initial
on
•
ti
decision-making phase to ensure that security considerations align
u
with organizational standards.
tr i b
•
D is
Key Considerations: Security should assess data protection,
compliance, and risk management strategies before moving data or

for
assets to the cloud.
t
No
3. Shared Responsibility Model:

a,
• Definition: The cloud provider and the customer share
h
responsibilities for security based on the service model:
• Na
SaaS: Provider manages infrastructure and platform security,

jeet
while the customer manages data access and protection.
•
bha
IaaS: Provider handles basic infrastructure security;
customer manages OS, applications, and data.
•
l Su
PaaS: Provider secures the platform, and the customer is

y Co responsible for applications and data security.

B • Accountability: The customer is ultimately accountable, requiring

SP
clear understanding of control responsibilities for each party.

CI S 4. Due Diligence and Agreements:

for • Due Diligence: Organizations should perform thorough evaluations

es of cloud providers, assessing compliance, data protection

ot
capabilities, and disaster recovery processes.

ll N
• Written Agreement: All responsibilities, including risk management

rn e and compliance obligations, should be documented in the service

agreement to ensure mutual understanding of obligations.
C o

• Cloud services require security’s involvement from the start, emphasizing due diligence and the
shared responsibility model.
• Each cloud model (SaaS, IaaS, PaaS) has different shared security responsibilities, which should be
clearly defined in service agreements to ensure both the provider and customer understand and
fulfill their security roles.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Secure Coding Guidelines and Vulnerabilities
• Importance of Secure Coding
• OWASP, NIST, and CIS
Frameworks
• Common Code-Level
Vulnerabilities
Importance of Secure Coding:
• Secure coding is essential for consistently producing software with fewer
vulnerabilities.
• Secure coding guidelines and best practices should be applied across all
stages of development.
• Modern programming tools offer built-in security features; leveraging
these tools improves application security.
2. OWASP, NIST, and CIS Frameworks:
• OWASP (Open Web Application Security Project): Known for
publishing the Top 10 Web Application Security Risks, providing
mitigation techniques for common web app vulnerabilities.
ti on
•
bu
NIST (National Institute of Standards and Technology): Offers secure
i
tr
software frameworks that guide best practices for software security.
s
•
D i
CIS (Center for Internet Security): Provides resources for secure

for
software development practices.
t
No
3. Common Code-Level Vulnerabilities:
• Covert Channels: Unintentional communication paths that may leak
a,
sensitive information. Types include timing and storage.
h
•
Na
Buffer Overflows: When input data exceeds allocated buffer space,

detection.
jeet
causing application instability or data corruption. Usually patched after

•
bha
Memory/Object Reuse: Risks arise when storage with sensitive data

Su
isn’t properly cleared, allowing potential access by other applications.
l
Co
• Executable Mobile Code: Code that downloads and executes on a
system when users click links. Sandboxing mitigates risk.
By • TOCTOU (Time-of-Check Time-of-Use): Also known as a race condition,

I SSP where a delay between checking and using a value leaves an opening for
exploitation.
r C • Backdoors/Trapdoors: Developer shortcuts for system access that may
fo persist post-development, allowing unauthorized access if not removed.
es
ot
• Malformed Input: Input that fails validation, leading to risks like SQL

ll N
injection. Input validation is critical.

rn e • Citizen Developers: Non-expert users given access to powerful

development tools without proper security training, posing security risks.
C o

• Secure coding guidelines and frameworks (e.g., OWASP, NIST, CIS) help standardize secure
development practices.
• Common vulnerabilities, like buffer overflows, TOCTOU, and backdoors, highlight risks at the source
code level.
• Comprehensive input validation and secure handling of data are essential to mitigate these risks,
along with proper training for non-expert users (citizen developers) accessing powerful development
tools.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024


• Definition of Buffer Overflow
• Exploitation and Risks
• Mitigation Techniques: ASLR and
Bounds Checking
• Additional Protective Measures
Buffer Overflow
1. Definition of Buffer Overflow:
• Buffer overflow occurs when information sent to a storage buffer
exceeds its capacity, causing an overflow condition.
• Common in applications where predefined buffer sizes do not
dynamically adjust, leading to vulnerabilities.
• Buffer overflow vulnerabilities can result in privilege escalation or
execution of malicious code.
2. Exploitation and Risks:
• Attackers can exploit overflow conditions by placing executable

ti on
code into overflow data, potentially elevating system privileges.
•
i bu
Attackers leverage the inability of buffers to resize dynamically to
execute malicious code or disrupt system functions.
str
3. Mitigation Techniques:
D i
•
for
Address Space Layout Randomization (ASLR):
t
• Randomizes memory location
N o oftosystem executables,

buffer locations. a
,
making it difficult for attackers predict and exploit

a h
• Without ASLR,
t Nattackers may study program behavior
e
aje Checking:
and buffer usage to launch attacks.
•
h
Bounds/Parameter
•ubVerifies that input values are within specific bounds
S
l before use, ensuring no overflow occurs.
o
C • Examples
B y ranges,
include ensuring string length limits, number
and array bounds are enforced during input

SP4. Additional Protective Measures:

handling.

CI S
for • Parameter/Bounds Checking: Limits data size and format

tes during input validation.

o
ll N
• Enhanced Development Processes: Incorporates code
reviews to catch vulnerabilities early.

rn e • Runtime Checking: Validates array and buffer bounds during

C o runtime to prevent overflows.
• Safe Programming Languages and Libraries: Using
languages with built-in memory safety features reduces
overflow risks.

• Buffer overflow vulnerabilities arise when more data than a buffer can handle is sent, leading to
potential exploits.
• Mitigation methods like ASLR randomise executable locations in memory, making it harder for
attackers to predict buffer usage.
• Bounds checking and runtime validation of data ensure inputs stay within safe limits, while safe
programming practices, including language and library selection, further protect against buffer
overflows.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Application Programming Interfaces (APIs)
1. Definition and Role of APIs:
• Definition and Role of APIs
• Common API Formats: REST and 1. APIs enable communication between different applications,
acting as translators to facilitate data exchange.
SOAP
• Security Techniques for APIs 2. Essential for web applications where disparate components
need to interact smoothly.
3. Example: Similar to a restaurant server relaying orders from
customers to the kitchen, APIs translate and communicate
requests between applications.
2. Common API Formats:
1. Representational State Transfer (REST):
ti on
i bu to
s tr
1. Newer, more flexible, and lightweight alternative
SOAP, primarily HTTP-based.
D i
o r
2. Easier to learn and faster in processing, outputs in

2. Simple Object Access Protocolo

tf
various formats (e.g., CSV, JSON, RSS, XML).

, Nby Microsoft; more rigid and

(SOAP):

standardized,a h a
1. Older format, developed
XML-based.
N WS standards, offering robust
et through
2. Extensible
errorje
a handling for complex applications.

u bh for APIs:
3. Security Techniques
S
1. l Authentication
C o tokens (e.g.,
and Authorization: Access control using
OAuth) to secure access.
y
PB
2. Encryption (TLS): Ensures data security during transmission

I SS over insecure channels.

r C 3. Data Validation: Validates inputs to ensure they are safe

fo and within expected formats.

es 4. API Gateways: Acts as a gatekeeper, managing API

ot requests, authentication, and routing.

ell N 5. Quotas and Throttling: Limits the number of requests to

orn prevent abuse and ensure stable performance.

C 6. Testing and Validation: Regular testing to identify
vulnerabilities and ensure security measures function as
intended.

• APIs enable application interoperability by translating and facilitating communication between

different software components, with REST and SOAP as the primary formats.
• REST is lightweight and flexible, while SOAP is more standardized and suited for complex needs.
• To secure APIs, best practices include authentication, TLS encryption, input validation, and API
gateways to manage traffic, ensuring secure and reliable API use.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Secure Coding Practices
• Definition and Importance of
Secure Coding Practices
• Key Secure Coding
Techniques
• Concepts of Coupling and
Cohesion
• Polyinstantiation
Definition and Importance of Secure Coding Practices:
• Secure coding aims to prevent software vulnerabilities that could lead
to exploitation.
• Involves various techniques to minimize risks during the software
development lifecycle.
Key Secure Coding Techniques:
• Input Validation: Ensures that input data meets defined criteria,
preventing malicious data from causing vulnerabilities.
• Authentication and Password Management: Proper handling of user
credentials to secure user access.
ti on
• Session Management: Securely manages user sessions to prevent
i bu
hijacking.
str
D i
• Cryptographic Practices: Utilizes encryption and hashing for data

for
confidentiality and integrity.
t
No
• Error Handling and Logging: Manages errors without revealing

a,
sensitive information and logs securely for auditing.
h
• System Configuration: Ensures systems are set up securely,
minimizing exposure to threats.
Na
eet
• File/Database Security: Protects file and database contents from
j
ha
unauthorized access.
b
Su
• Memory Management: Prevents memory leaks and vulnerabilities like
l
buffer overflows.

y Co
Concepts of Coupling and Cohesion:
B • Coupling: Refers to the interdependency between different units of

I SSP code. Low coupling is preferred, as it allows components to function

r C independently.

fo • Cohesion: Indicates how closely related the functionalities within a

es unit of code are. High cohesion is optimal, promoting clarity and ease
ot of maintenance.

ell N Polyinstantiation:

orn • Creating multiple independent instances of an object to prevent

C unauthorized inference.
• Useful in systems where different levels of access are required to
prevent unauthorized data sharing.

• Secure coding practices are essential to reduce vulnerabilities in software, incorporating input
validation, secure authentication, session management, and cryptographic practices, among others.
• Key design principles like low coupling and high cohesion promote modular, secure code, while
polyinstantiation prevents unauthorized inference by creating separate instances of objects for
different access levels.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Coupling and Cohesion
• Definitions of Coupling and
Cohesion
• Ideal Combination for
Optimal Code Quality
Definitions of Coupling and Cohesion:
• Coupling: Refers to the interdependence between different units of
code within a codebase.
• Low Coupling: Code units operate independently,
minimizing reliance on other parts of the codebase.
• High Coupling: Code units are heavily interdependent,
making the codebase more complex and less modular.
• Cohesion: Describes how closely related the functionality within a

on
single unit of code is.
• ti
High Cohesion: The unit's code is highly related, focused on
u
i b
a single task or functionality, making it easier to understand
tr
and maintain.
D is
for
• Low Cohesion: The unit's code handles unrelated tasks,
making it harder to manage and prone to errors.
o t
Ideal Combination for Optimal Code Quality: N
h aare, considered optimal:
Na interdependencies, allowing
• Low Coupling and High Cohesion
•
t
Low Coupling: Reduces
individual unitseto function independently, simplifying testing
h aje
and maintenance.
• u
High bCohesion: Ensures each code unit is focused and
S
lorganized, making it more understandable and less error-
o
yC
prone.
• B
SP code, which may be challenging to maintain, test, and debug.
High Coupling and Low Cohesion are indicators of poorly written

CI S
for
tes
o
ell N
orn
C

• In coding, low coupling and high cohesion are ideal.

• Low coupling minimizes dependencies between code units, while high cohesion ensures that each
unit focuses on a single, related task, making the code modular, easier to maintain, and efficient for
development.
• High coupling and low cohesion, on the other hand, signal poor code organization and are best
avoided.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Polyinstantiation
1. Definition of Polyinstantiation:
Definition of Polyinstantiation • The term "poly" means many, and "instantiation" refers to
Purpose and Use Cases creating an instance.
Example in a Military Context
• Polyinstantiation is the creation of multiple independent
Prevention of Unauthorized instances of the same data, each accessible based on a
Inference user's clearance level.
2. Purpose and Use Cases:
• Polyinstantiation helps prevent unauthorized inference by
displaying data according to the user's clearance level, thus
maintaining data confidentiality.
ti on
• Commonly used in environments where data needs to be
i bu
tr
separated by security levels, such as military or government
s
systems.
D i
3. Example in a Military Context:
t for
•
No
Consider a system on a military base used to track units. If a

a,
General tries to add "Charlie Company 6," and it already
h
exists at a higher classification, a system without
Na
polyinstantiation might reveal its existence through an error
message.
je et
•
b ha
With polyinstantiation, the system would map "Charlie
Company 6" to a lower-level version for those without
l Su clearance, concealing sensitive information.
4.
y Co of Unauthorized Inference:
Prevention

P B • Unauthorized inference occurs when users deduce sensitive

I SS information from system responses.

r C • Polyinstantiation prevents this by allowing the same data to

s fo exist at multiple classification levels, ensuring that users only

see what they are authorized to view.
ote
ell N
orn
C

• Polyinstantiation allows data to exist in multiple forms according to user clearance,

preventing unauthorized inference in sensitive environments.
• By mapping data based on classification levels, it ensures that users at lower levels
cannot infer or access higher-level information, safeguarding confidentiality in settings
like military systems or classified databases.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Software-Defined Security
Definition and Purpose of Software-Defined Security:
• Definition and Purpose of
Software-Defined Security • Software-defined security refers to implementing, controlling, and
• Growth and Role in Cloud and managing security measures through software, rather than hardware.
Virtualization • Aligns with other software-defined functions, allowing flexibility,
• Functional Capabilities scalability, and ease of management.
• Policy-Driven Approach
Growth and Role in Cloud and Virtualization:
• The rise of software-defined security has paralleled the growth of cloud
computing and virtualization, adapting security measures to dynamic
virtual environments.
ti on
u
• Provides a flexible security framework suited to virtualized andbcloud-
i
str
based infrastructures.
i
Functional Capabilities:
fo rD
o t hardware-based
• Software-defined security can replicate traditional
security functions like firewalls, intrusionN
a , detection and prevention, and
access management.
a h
• These security functions can N
e t protection
be instantiated, configured, and managed

a je
via software, offering similar in a virtual form.

bh
Policy-Driven Approach:
u
l S security is typically managed by policies that align
o
• Software-defined

yC
with organizational
aBcost-effective
goals and objectives, optimizing security controls in
manner.

I SSP• Policies can dictate configurations and security measures to meet

C specific needs within the virtual environment.
for
tes
o
ell N
orn
C

• Software-defined security provides a flexible, scalable way to manage security through software
rather than hardware, particularly valuable in cloud and virtualized environments.
• By replicating functions like firewalls and access controls and allowing them to be managed by
policies, it aligns security with organizational goals in an efficient, adaptable manner.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Software Development Vulnerabilities
• Causes of Software
Vulnerabilities
• Common Vulnerability Types:
Backdoors, Between-the-Lines
Attacks
• Impact of Insecure Coding and
Citizen Developers
Causes of Software Vulnerabilities:
• Insecure Coding Practices: Poorly implemented code increases risks
of vulnerabilities, leaving software open to exploitation.
• Citizen Developers: Non-expert users creating code without adequate
security training, potentially introducing security weaknesses.
Common Vulnerability Types:
• Backdoors/Trapdoors: Often result from insecure code, allowing
hidden access points that attackers can exploit.
• Between-the-Lines Attack: Also known as a man-in-the-middle (MITM)ti on
i
attack, where an attacker intercepts or modifies communications bu
between devices or people, compromising data integrity.
str
D i
Impact of Insecure Coding and Citizen Developers:
f o r
• t
o can lead to
Vulnerabilities in software due to insecure coding
unauthorized access, data breaches, and
, Nexploitation of backdoors.
h aintroduce
• a
Citizen developers may inadvertently vulnerabilities,

e tN
increasing an organization's exposure to potential attacks.

h aje
S ub
C ol
By
I SSP
r C
fo
es
ot
ell N
orn
C

• Software development vulnerabilities stem from insecure coding practices and citizen developers
lacking security expertise.
• Common vulnerabilities include backdoors, which allow unauthorized access, and MITM attacks
that compromise communication security.
• Ensuring secure coding practices and training citizen developers can help minimize these risks and
improve software security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

 Primary Reasons Leading to Software Development Vulnerabilities

Role of Citizen Developers:

• Role of Citizen Developers
• Insecure Coding Practices
• Common Attacks:
Backdoors, Between-the-
Lines, Memory Reuse
• These backdoors may enable attackers to bypass authentication
• Citizen developers often lack formal training in secure coding, which
can lead to insecure, unreliable applications.
• These self-taught users may not be aware of security best practices,
leading to vulnerabilities through insecure technology use and poor
coding practices.
Insecure Coding Practices:
• Insecure coding opens pathways for backdoor/trapdoor attacks, where
unauthorized access points are created in the software.
ti on
mechanisms or install remote access software covertly. tri
bu

D is
Common Attacks Stemming from Insecure Practices:
t for
o
• Between-the-Lines Attack (Man-in-the-Middle):
N
•
h a,
Attackers intercept or alter communications between

Na
devices or individuals, compromising data integrity and
confidentiality.
e t
je
a from a previous operation remains in memory,
• Memory Reuse (Object Reuse):
• b hdata
Residual

l Su may be unintentionally accessed, leading to data

which

C o leakage.

B y • Secure coding mandates clearing memory of sensitive data

S P before subsequent operations to prevent unauthorized data

CI S access.

for
tes
o
ell N
orn
C

• Software vulnerabilities often arise from citizen developers lacking secure coding expertise and
insecure coding practices.
• Key vulnerabilities include backdoors allowing unauthorized access, between-the-lines attacks
intercepting communication, and memory reuse exposing residual data.
• Addressing these risks with secure coding practices and proper training can enhance software
reliability and security.

Cornell Notes by Col Subhajeet Naha, Retd, CISSP 2024

GET YOUR CISSP

SHARE IT AND MAKE WORLD A

BETTER PLACE TO LIVE