Learn your way! Get started

Certified Information Systems Security Professional, Part 2 of 9: Access and Security Models

with expert Kevin Henry


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 3/22/2018
Level Beginner
Runtime 2h 20m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code N/A
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

Access control is the heartbeat of information security. This course will talk about role access, layers of access, control characteristics, administrative controls and technical access. It will also cover architecture computer security concepts. This course is part of a series covering the ISC(2) Certified Information Systems Security Professional or CISSP.

Prerequisites

This series assumes a good understanding of enterprise networking and networking security. This is part 2 of a 9 part series

Learning Paths

This course will help you prepare for the following certification and exam:
Certified Information Systems Security Professional

Meet the expert

Kevin is an international author, consultant and international
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.

Course outline



Access Control

Access Control Types (20:33)
  • Introduction (00:08)
  • Role of Access Control (03:12)
  • Definitions (03:13)
  • More Definitions (02:26)
  • Layers of Access Control (02:14)
  • Layers of Access Control Continued (01:37)
  • Access Control Mechanism Examples (01:41)
  • Access Control Characteristics (05:50)
  • Summary (00:08)
More Access Control Types (21:27)
  • Introduction (00:08)
  • Preventative Control Types (03:50)
  • Administrative Controls (01:02)
  • Controlling Access (01:58)
  • Other Ways of Controlling Access (01:52)
  • Technical Access Controls (03:08)
  • Physical Access Controls (01:05)
  • Accountability (01:25)
  • Threats to Access Control (05:47)
  • Control Combinations (01:00)
  • Summary (00:08)
Information Classification (07:39)
  • Introduction (00:16)
  • Information Classification (03:24)
  • Information Classification Criteria (00:50)
  • Declassifying Data (01:43)
  • Types of Classification Levels (01:15)
  • Summary (00:08)
Access Control Models (29:24)
  • Introduction (00:07)
  • Models for Access (01:47)
  • Discretionary Access Control (02:47)
  • Enforcing a DAC Policy (01:28)
  • Mandatory Access Control Model (02:48)
  • MAC Enforcement Mechanism: Labels (01:06)
  • Where Are They Used? (00:36)
  • Role-Based Access Control (01:44)
  • Acquiring Rights and Permissions (00:46)
  • Rule-Based Access Control (00:35)
  • Access Control Matrix (02:22)
  • Access Control Administration (02:00)
  • Access Control Methods (02:06)
  • Network Access Control (01:46)
  • Policy on Network Services (01:38)
  • Remote Centralized Administration (00:23)
  • RADIUS Charcteristics (01:45)
  • TACACS+ Characteristics (00:49)
  • Diameter Characteristics (00:37)
  • Decentralized Access Control Administration (01:12)
  • Summary (00:43)
  • Summary (00:08)

Computer Security Models

Trusted Computing Base (07:49)
  • Introduction (00:07)
  • System Protection: Trusted Computing Base (02:43)
  • System Protection: Reference Monitor (02:40)
  • Security Kernel Requirements (02:09)
  • Summary (00:08)
Protection Mechanisms (12:25)
  • Introduction (00:10)
  • Security Modes of Operation (01:50)
  • System Protection: Levels of Trust (01:41)
  • System Protection: Process Isolation (02:20)
  • System Protection: Layering (01:32)
  • System Protection: Application Program Interface (01:17)
  • System Protection: Protection Rings (02:18)
  • What Does It Mean to Be in a Specific Ring (01:06)
  • Summary (00:08)
Security Models (21:50)
  • Introduction (00:12)
  • Security Models (02:55)
  • Security Models Continued (01:05)
  • State Machine (01:28)
  • Information Flow (00:56)
  • Bell-LaPadula (02:26)
  • Rules of Bell-LaPadula (01:44)
  • Biba (02:12)
  • Clark-Wilson Model (03:08)
  • Non-Interference Model (02:46)
  • Brewer and Nash: Chinese Wall (01:49)
  • Take-Grant Model (00:54)
  • Summary (00:08)
Evaluation Criteria (19:37)
  • Introduction (00:24)
  • Trusted Computer System Evaluation Criteria (03:41)
  • TCSEC Rating Breakdown (01:11)
  • Evaluation Criteria: ITSEC (02:53)
  • Comparison of Ratings (00:25)
  • ITSEC: Good and Bad (00:53)
  • Common Criteria (00:54)
  • Common Criteria Components (03:16)
  • First Set of Requirements (00:52)
  • Second Set of Requirements (00:25)
  • Package Ratings (00:36)
  • Common Criteria Outline (01:01)
  • Certification vs. Accreditation (01:44)
  • Summary (01:07)
  • Summary (00:08)