Premium Essay

Sscp Study Notes

In: Computers and Technology

Submitted By mrairtouch
Words 17808
Pages 72
SSCP Study Notes
1. Access Controls
2. Administration
3. Audit and Monitoring
4. Risk, Response, and Recovery
5. Cryptography
6. Data Communications
7. Malicious Code

Modified version of original study guide by Vijayanand Banahatti (SSCP)

Table of Content

1.0 ACCESS CONTROLS…………………………………………………………...... 03
2.0 ADMINISTRATION ……………………………………………………………... 07
3.0 AUDIT AND MONITORING…………………………………………………...... 13
4.0 RISK, RESPONSE, AND RECOVERY………………………………………....... 18
5.0 CRYPTOGRAPHY……………………………………………………………....... 21
6.0 DATA COMMUNICATIONS…………………………………………………...... 25
7.0 MALICIOUS CODE……………………………………………………………..... 31
REFERENCES………………………………………………………………………........ 33 1.0 ACCESS CONTROLS

Access control objects: Any objects that need controlled access can be considered an access control object. Access control subjects: Any users, programs, and processes that request permission to objects are access control subjects. It is these access control subjects that must be identified, authenticated and authorized. Access control systems: Interface between access control objects and access control subjects.

1.1 Identification, Authentication, Authorization, Accounting

1.1.1 Identification and Authentication Techniques
Identification works with authentication, and is defined as a process through which the identity of an object is ascertained. Identification takes place by using some form of authentication.

Authentication Types Example
Something you know Passwords, personal identification numbers (PIN), pass phrases, mother's maiden name, fave sports team etc
Something you have Proximity cards, Identification tokens, Keys,
Identification badges, Passports, certificates, transponders, smart cards etc.
Something you are Fingerprints, Signatures, Eye characteristics, Facial characteristics, Voiceprints, DNA.
These three types of

Similar Documents

Premium Essay

Fine

...Current Applications of Genetic Technology in Predisposition Testing and Microsatellite Instability Assays By Marsha L. Frazier, Li-Kuo Su, Christopher I. Amos, Patrick M. Lynch From the Departments of Epidemiology, Gastrointestinal Medical Oncology and Digestive Diseases, and Molecular and Cellular Oncology, The University of Texas M.D. Anderson Cancer Center, Houston, TX. Address reprint requests to Marsha L. Frazier, MD, Department of Epidemiology, The University of Texas M.D. Anderson Cancer Center, 1515 Holcombe Blvd, Houston, TX 77030; email mlfrazier@notes .mdacc.tmc.edu. INTRODUCTION IT IS POSSIBLE TO test selected subjects for germline mutations in genes causing familial adenomatous polyposis (FAP),1 hereditary nonpolyposis colorectal cancer(HNPCC),2-8 Peutz-Jeghers syndrome,9,10 and juvenile polyposis.11-13 Because the genes that are mutated in familial colorectal cancer syndromes can be mutated at a variety of different locations, assays for mutation detection are not simple. Many different approaches to mutation detection have been described in the literature, some of which are also described here. Specific strategies for testing are also discussed. THE BASICS Isolation of DNA and Polymerase Chain Reaction (PCR) DNA or RNA for genetic testing is almost always isolated from peripheral-blood leukocytes. This requires that the blood be drawn in tubes containing some sort of anticoagulant. The preferred anticoagulants are either citrate or EDTA. The cells are lysed...

Words: 3112 - Pages: 13

Premium Essay

Cissp Cpe-Guidelines

...(ISC)2® CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES & GUIDELINES 2013 (ISC)² CPE Policies & Guidelines (rev. 8, November 18, 2013) ©2013 International Information Systems Security Certification Consortium, Inc. Page 1 of 16 (ISC)² CPE Policies & Guidelines (rev 8.November 18, 2013) ©2013 International Information Systems Security Certification Consortium, Inc. Table of Contents Overview .................................................................................................................................................................................... 3 CPE General Requirements ........................................................................................................................................................ 3 Required Number of CPE Credits ............................................................................................................................................... 4 Concentrations ....................................................................................................................................................................... 5 Multiple Credentials ............................................................................................................................................................... 5 Rollover CPE ..............................................................................................................................................................................

Words: 6091 - Pages: 25

Premium Essay

Samnavay

...Multicollinearity What multicollinearity is. Let H = the set of all the X (independent) variables. Let Gk = the set of all the X variables except Xk. The formula for standard errors is then sbk   (1  R 2 s 1  RYH *y ) * ( N  K  1) s X k 2 X k Gk 2 s 1  RYH *y Tolk * ( N  K  1) s X k  Vif k * 2 s 1  RYH *y ( N  K  1) s X k Questions: What happens to the standard errors as R2YH increases? As N increases? As K increases? As the multiple correlation between one DV and the others increases? From the above formulas, it is apparent that  The bigger R2YH is, the smaller the standard error will be.  The bigger R2XkGk is (i.e. the more highly correlated Xk is with the other IVs in the model), the bigger the standard error will be. Indeed, if Xk is perfectly correlated with the other IVs, the standard error will equal infinity. This is referred to as the problem of multicollinearity. The problem is that, as the Xs become more highly correlated, it becomes more and more difficult to determine which X is actually producing the effect on Y. Also, 1 - R2XkGk is referred to as the Tolerance of Xk. A tolerance close to 1 means there is little multicollinearity, whereas a value close to 0 suggests that multicollinearity may be a threat. The reciprocal of the tolerance is known as the Variance Inflation Factor (VIF). The VIF shows us how much the variance of the coefficient estimate is being inflated by multicollinearity...

Words: 3754 - Pages: 16

Free Essay

Gene Marker Identification Targeting Toll-Like Receptor 4 (Tlr4), Breast Cancer 1 (Brca1), and Adenosine Triphosphatase 1 Alpha 1 (Atp1A1) Genes: Assessing Their Association with Subclinical Mastitis Cases in Dairy Water Buffaloes, Bubalus Bubalis

...(TLR4), Breast Cancer 1 (BRCA1), and Adenosine Triphosphatase 1 Alpha 1 (ATP1A1) Genes: Assessing Their Association With Subclinical Mastitis Cases in Dairy Water Buffaloes, Bubalus bubalis Thesis Proposal Cyndi Candelaria Biendima Patricia Malapit Cabatit Submitted to the Department of Biology College of Arts and Sciences University of the Philippines Manila Padre Faura, Ermita, Manila In partial fulfilment of the requirements for Undergraduate Thesis (BIO 200) TABLE OF CONTENTS Title Page1 Table of Contents2 Introduction3 Review of Related Literature6 Proposed Methodology14 Presentation of Results20 Literature Cited22 Line Item Budget26 Project Timeline27 1.0 INTRODUCTION 1.1 Background of the Study Cases of intramammary infections such as mastitis in water buffaloes contribute to large annual losses in milk production and net profit for smallholder farmers in the Philippines. Social and economic factors might prevent households from diagnosing, treating, and eliminating from circulation those animals or animal products, such as milk, that are afflicted with mastitis or which came from individuals afflicted with mastitis; this is especially true in the case of the asymptomatic subclinical mastitis, which tends to become chronic and difficult to eradicate by conventional antimicrobial therapies (Brouillette & Malouin, 2005; Ng et al., 2010). With the advent of technology comes new techniques in identifying and treating diseases...

Words: 7544 - Pages: 31

Premium Essay

Whwifhwie

...A Handbook of Statistical Analyses using SAS SECOND EDITION Geoff Der Statistician MRC Social and Public Health Sciences Unit University of Glasgow Glasgow, Scotland and Brian S. Everitt Professor of Statistics in Behavioural Science Institute of Psychiatry University of London London, U.K. CHAPMAN & HALL/CRC Boca Raton London New York Washington, D.C. Library of Congress Cataloging-in-Publication Data Catalog record is available from the Library of Congress This book contains information obtained from authentic and highly regarded sources. Reprinted material is quoted with permission, and sources are indicated. A wide variety of references are listed. Reasonable efforts have been made to publish reliable data and information, but the author and the publisher cannot assume responsibility for the validity of all materials or for the consequences of their use. Neither this book nor any part may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, microfilming, and recording, or by any information storage or retrieval system, without prior permission in writing from the publisher. The consent of CRC Press LLC does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific permission must be obtained in writing from CRC Press LLC for such copying. Direct all inquiries to CRC Press LLC, 2000 N.W. Corporate Blvd., Boca Raton, Florida 33431. Trademark Notice:...

Words: 38316 - Pages: 154

Premium Essay

It Law and Ethics

...information security as well as come to understand the role of culture as it applies to ethics in information security. Chapter Objectives When you complete this chapter, you will be able to: Differentiate between law and ethics Identify major national and international laws that relate to the practice of information security Understand the role of culture as it applies to ethics in information security Access current information on laws, regulations, and relevant professional organizations Set-up Notes This chapter could be completed in a single class session, if there is sufficient time to cover the material. Unless the students have not had the opportunity to read the material in advance (in some settings, the textbooks are not made available until the first class meeting), it may be prudent to have a general discussion of the topic, with detailed lecture to follow at the next class meeting. The subject matter can be covered in 1.25 to 2.5 hours. Lecture Notes and Teaching Tips with Quick Quizzes Introduction As a future information security professional, it is vital that you understand the scope of an organization’s legal and ethical responsibilities. To minimize the organization’s liabilities the information security practitioner must understand the current legal environment and keep apprised of new laws, regulations, and ethical issues as they emerge. By educating employees and management about their legal and ethical obligations and the proper use of...

Words: 4470 - Pages: 18

Premium Essay

Test

...Slide 1 Email: jkanglim@unimelb.edu.au Office: Room 1110 Redmond Barry Building Website: http://jeromyanglim.googlepages.com/ Appointments: For appointments regarding course or with the application of statistics to your thesis, just send me an email Cluster Analysis & Factor Analysis 325-711 Research Methods 2007 Lecturer: Jeromy Anglim “Of particular concern is the fairly routine use of a variation of exploratory factor analysis wherein the researcher uses principal components analysis (PCA), retains components with eigenvalues greater than 1 and uses varimax rotation, a bundle of procedures affectionately termed “Little Jiffy” …” Preacher, K. J., MacCallum, R. C. (2003). Repairing Tom Swift's Electric Factor Analysis Machine. Understanding Statistics, 2(1), 13-43. DECRIPTION: This session will first introduce students to factor analysis techniques including common factor analysis and principal components analysis. A factor analysis is a data reduction technique to summarize a number of original variables into a smaller set of composite dimensions, or factors. It is an important step in scale development and can be used to demonstrate construct validity of scale items. We will then move onto cluster analysis techniques. Cluster analysis groups individuals or objects into clusters so that objects in the same cluster are homogeneous and there is heterogeneity across clusters. This technique is often used to segment the data into similar, natural, groupings. For both analytical...

Words: 10031 - Pages: 41

Free Essay

How to Develop and Implement a Winning Trading Sytem

...Beyond Technical Analysis Beyond Technical Analysis: How to Develop and Implement a Winning Trading System Tushar S. Chande, PhD John Wiley 61 Sons, Inc. New York • Chichester • Brisbane • Toronto • Singapore • Weinheim This text is printed on acid-free paper. Copyright © 1997 by Tushar S. Chande. Published by John Wiley & Sons, Inc. Data Scrambling is a trademark of Tushar S. Chande. TradeStadon, System Writer Plus, and Power Editor are trademarks of Omega Research, Inc. Excel is a registered trademark of Microsoft Corporation. Continuous Contractor is a trademark of TechTools, Inc. Portfolio Analyzer is a trademark of Tom Berry. All rights reserved. Printed simultaneously in Canada. Reproduction or translation of any part of this work beyond that permitted by Section 107 or 108 of the 1976 United States Copyright Act without the permission of the copyright holder is unlawful. Requests for permission or further information should be addressed to the Permissions Department of John Wiley & Sons. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. Library of Congress Cataloging in Publicaton Data: Chande, Tushar S., 1958Beyond technical analysis : how...

Words: 19157 - Pages: 77

Premium Essay

Paper

...Management of Information Security Third Edition This page intentionally left blank Management of Information Security Third Edition Michael Whitman, Ph.D., CISM, CISSP Herbert Mattord, M.B.A., CISM, CISSP Kennesaw State University ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Management of Information Security, Third Edition Michael E. Whitman and Herbert J. Mattord Vice President, Career and Professional Editorial: Dave Garza Executive Editor: Stephen Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Developmental Editor: Lynne Raughley Editorial Assistant: Meghan Orvis Vice President, Career and Professional Marketing: Jennifer McAvey Marketing Director: Deborah S. Yarnell Senior Marketing Manager: Erin Coffin Marketing Coordinator: Shanna Gibbs Production Director: Carolyn Miller Production Manager: Andrew Crouth Senior Content Project Manager: Andrea Majot Senior Art Director: Jack Pendleton Cover illustration: Image copyright 2009. Used under license from Shutterstock.com Production Technology Analyst: Tom Stover © 2010 Course Technology, Cengage Learning ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information...

Words: 229697 - Pages: 919

Premium Essay

Cataolog

...ork2012 - 2013 Catalog A Message from the President “Sullivan University is truly a unique and student success focused institution.” I have shared that statement with numerous groups and it simply summarizes my basic philosophy of what Sullivan is all about. When I say that Sullivan is “student success focused,” I feel as President that I owe a definition of this statement to all who are considering Sullivan University. First, Sullivan is unique among institutions of higher education with its innovative, career-first curriculum. You can earn a career diploma or certificate in a year or less and then accept employment while still being able to complete your associate, bachelor’s, master’s or doctoral degree by attending during the day, evenings, weekends, or online. Business and industry do not expand or hire new employees only in May or June each year. Yet most institutions of higher education operate on a nine-month school year with almost everyone graduating in May. We remained focused on your success and education, and continue to offer our students the opportunity to begin classes or to graduate four times a year with our flexible, year-round full-time schedule of classes. If you really want to attend a school where your needs (your real needs) come first, consider Sullivan University. I believe we can help you exceed your expectations. Since words cannot fully describe the atmosphere at Sullivan University, please accept my personal invitation to visit and experience...

Words: 103133 - Pages: 413

Premium Essay

Vulnerability in Information

...network-based applications and services can pose security risks to individuals and to the information resources of companies and governments. Information is an asset that must be protected. Without adequate network security, many individuals, businesses, and governments risk losing that asset. Network security is the process by which digital information assets are protected. The goals of network security are as follows: ■ ■ ■ Protect confidentiality Maintain integrity Ensure availability With this in mind, it is imperative that all networks be protected from threats and vulnerabilities for a business to achieve its fullest potential. Typically, these threats are persistent because of vulnerabilities, which can arise from the following: Note...

Words: 13317 - Pages: 54

Premium Essay

Books

...Dream Dare Win www.jeywin.com Annual Report 2007-08 Ministry of Finance Government of India Dream Dare Win 1 www.jeywin.com Dream Dare Win www.jeywin.com FOR PUBLIC CONTACT PURPOSE: Ministry of Finance Department of Economic Affairs North Block, New Delhi - 110 001 Phones: 23095120, 23092453 Website: http://www.finmin.nic.in/the_ministry/dept_eco_affairs/index.html Department of Expenditure North Block New Delhi - 110 001 Phones: 23095661, 23095613 Website: http://www.finmin.nic.in/the_ministry/dept_expenditure/index.html Department of Revenue North Block New Delhi - 110 001 Phones: 23095384, 23095385 Website: http://www.finmin.nic.in/the_ministry/dept_revenue/index.html Department of Disinvestment Block 11 & 14, CGO Complex Lodhi Road, New Delhi -110 003 Phones: 24368528, 24368523, 24368044 Website: http://www.divest.nic.in Department of Financial Services Jeevan Deep Building, Parliament Street, New Delhi 110 001 Phones: 23748721, 23748734 Website: http://www.finmin.nic.in Dream Dare Win 2 www.jeywin.com Dream Dare Win www.jeywin.com Contents Paragraph No. INTRODUCTION Page No. 1 CHAPTER - I Department of Economic Affairs 9 Economic Division 1 11 Budget Division 2 12 Capital Markets Division 3 15 Infrastructure Division 4 19 Fund Bank Division (including UN Branch) 5 23 Foreign Trade Division 6 26 Aid Accounts & Audit Division ...

Words: 132399 - Pages: 530

Premium Essay

Sql Quiz

...Emory University | Internetworking Technology Handbook | [Type the document subtitle] | | SAVIOUR EMMANUEL UDOBONG | [Pick the date] | [Type the abstract of the document here. The abstract is typically a short summary of the contents of the document. Type the abstract of the document here. The abstract is typically a short summary of the contents of the document.] | Internetworking Basics An internetwork is a collection of individual networks, connected by intermediate networking devices, that functions as a single large network. Internetworking refers to the industry, products, and procedures that meet the challenge of creating and administering internetworks. The following articles provide information about internetworking basics: * Internetworking Basics * Introduction to LAN Protocols * Introduction to WAN Technologies * Bridging and Switching Basics * Routing Basics * Network Management Basics * Open System Interconnection Protocols LAN Technologies A LAN is a high-speed data network that covers a relatively small geographic area. It typically connects workstations, personal computers, printers, servers, and other devices. LANs offer computer users many advantages, including shared access to devices and applications, file exchange between connected users, and communication between users via electronic mail and other applications. The following articles provide information different LAN technologies: * Ethernet...

Words: 217433 - Pages: 870

Premium Essay

It Systems Technician

...4.1 Framework Control Objectives Management Guidelines Maturity Models COBIT 4.1 The IT Governance Institute® The IT Governance Institute (ITGITM) (www.itgi.org) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology. Effective IT governance helps ensure that IT supports business goals, optimises business investment in IT, and appropriately manages IT-related risks and opportunities. ITGI offers original research, electronic resources and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities. Disclaimer ITGI (the “Owner”) has designed and created this publication, titled COBIT® 4.1 (the “Work”), primarily as an educational resource for chief information officers (CIOs), senior management, IT management and control professionals. The Owner makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of any proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, CIOs, senior management, IT management and control professionals should apply their own professional judgement to the specific circumstances presented by the particular systems or IT environment. Disclosure Copyright © 2007 by the IT Governance...

Words: 85189 - Pages: 341

Premium Essay

Cobit 4.1

...4.1 Framework Control Objectives Management Guidelines Maturity Models COBIT 4.1 The IT Governance Institute® The IT Governance Institute (ITGITM) (www.itgi.org) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology. Effective IT governance helps ensure that IT supports business goals, optimises business investment in IT, and appropriately manages IT-related risks and opportunities. ITGI offers original research, electronic resources and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities. Disclaimer ITGI (the “Owner”) has designed and created this publication, titled COBIT® 4.1 (the “Work”), primarily as an educational resource for chief information officers (CIOs), senior management, IT management and control professionals. The Owner makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of any proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, CIOs, senior management, IT management and control professionals should apply their own professional judgement to the specific circumstances presented by the particular systems or IT environment. Disclosure Copyright © 2007 by...

Words: 84132 - Pages: 337