Giter Club home page Giter Club logo

cissp-mnemonics's Introduction

Domain 1: Security and Risk Management

Risk Management

SLE = AV * EF

  • Single Loss Expectancy (SLE) - Negative impact for one-time occurrence
  • Asset Value (AV)
  • Exposure Factor (EF) - If a flood will damage 40% of your data center, EF is 40%

ARO

  • Annual Rate of Occurance

ALE = ARO * SLE

  • ๐Ÿบ = ๐Ÿ˜ (get it?)
  • Ale makes arousal
  • Annual Loss Expectancy = Rate of Occurrence - Single Loss Expectancy

Threat Modeling

STRIDE - Microsoft threat modeling tool

  • S poofing
  • T ampering
  • R epudiation - attacker can deny participation
  • I nformation disclosure
  • D enial of service
  • E levation of privilege

Control Types

PTA keeps the children safe!

  • P hysical - Tangible. Locks, guards, alligator moats, etc.
  • T echincal/Logical - Automated or electronic systems.
  • A dministrative - Policy, signage.

Due Care vs Due Diligence

Imagine you have a pool. To protect children and animals from drowning in your pool, you exercise due care by building a fence around the pool. Regularly checking the fence for vulnerabilities and correcting them demonstrates due diligence.

  • Due Care - A vendor engaging in a reasonable and expected manner for the circumstance
  • Due Diligence - Demonstrates due care

Domain 3: Security Engineering

Security Models

Brewer-Nash

Brewer-Nash is also known as "The Chinese Wall" and protects against conflict of interest. Remember Chinese "brew" tea. ๐Ÿต

Simple Security vs *-Security

You must read before you can write. So reading is "simpler" than writing. This makes reading the simple security model and writing the *-security model.

Integrity vs Confidentiality models

  • Integrity Models have the letter "I" in them.
  • Bell LaPadula and Biba - Since Biba has an "I" I it, it is integrity. The two are opposite so Bell is confidentiality. For some something confidential you don't want a subject reading up above their security. So Bell has a no read up property. With this we can extract read and write for both Biba and Bell
Bell Biba
No Read Up Read Up
Write Down No Write Down

Domain 4: Communications & Network Security

Factorization of Primes vs Discreet Logs

Found this somewhere else but it made me laugh and was easy to remember: Mr. Diffie-Hellman and Dr. ElGamal are phantom poopers! They leave discreet logs!

DES Modes of Operation

Most important thing here is remember strength from weakest to strongest. No clear mnemonic to do this. My approach:

  • Remember the first and the last.
  • The center 3 are alphabetical by name and/or abbreviation.
  1. ECB - Electronic Code Block (also the only one that doesn't support an initialization vector)
  2. CBC - Cipher Block Chaining
  3. CFB - Cipher Feedback
  4. OFB - Output Feedback Mode
  5. CTR - Counter

Cloud Computing Operating Model

IaaS, PaaS, SaaS - Remember Pizza as a Service

Domain 7: Security operations

Fire Classes and Extinguisher Types

Type Mneumonic Description
A Ash Ordinary solid combustibles
B Boil, Bubble Flammable liquids and gasses
C Circuits Electrical equipment
D Dent Combustible metals
K Kitchen Oils and fats

Domain 8: Software Development Security

Ring computing model

Remember "Zero KODU"

Layer Purpose
0 Kernal
1 Operating System
2 Drivers
3 User

cissp-mnemonics's People

Contributors

therealbenforce avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.