Defense in depth
The circle of Security
The circle of Security Networks need to be protected in layers (Defense in depth), so the attacker must pass through all of then before accessing an assetNot relying upon just one countermeasure (problem in one layer have a "backup" to compensate)
The three phases:
- Protection - taking all necessary safeguards to protect an asset
- Security Policies, Risk Management, Security Awareness, Access Controls
- Security Policies, Risk Management, Security Awareness, Access Controls
- Detection - the constant monitoring of network activity and enforcement of security policies
- Intrusion Detection, Host and Network, Auditing, Penetration testing
- Intrusion Detection, Host and Network, Auditing, Penetration testing
- Response - triggered by any anomaly found during the detection phase
- Forensics, Disaster Recover, Incidents Responses, Disaster Recovery
Official (ISC)2 Guide to the CISSP Exam
CISSP All-in-One Exam Guide, Third Edition (All in One)
CISSP ® : Certified Information Systems Security Professional Study Guide, Third Edition
Microsoft - Security Risk Management Guide, Chapter 4: Assessing Risk
0 CISSP comments:
Post a Comment