Certified Information Systems Security Professional, Part 2 of 9: Access and Security Models
with expert Kevin Henry
Course description
Access control is the heartbeat of information security. This course will talk about role access, layers of access, control characteristics, administrative controls and technical access. It will also cover architecture computer security concepts. This course is part of a series covering the ISC(2) Certified Information Systems Security Professional or CISSP.
Prerequisites
This series assumes a good understanding of enterprise networking and networking security. This is part 2 of a 9 part series
Learning Paths
This course will help you prepare for the following certification and exam:
Certified Information Systems Security Professional
Meet the expert
Kevin is an international author, consultant and international
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.
Course outline
Access Control
Access Control Types (20:33)
- Introduction (00:08)
- Role of Access Control (03:12)
- Definitions (03:13)
- More Definitions (02:26)
- Layers of Access Control (02:14)
- Layers of Access Control Continued (01:37)
- Access Control Mechanism Examples (01:41)
- Access Control Characteristics (05:50)
- Summary (00:08)
More Access Control Types (21:27)
- Introduction (00:08)
- Preventative Control Types (03:50)
- Administrative Controls (01:02)
- Controlling Access (01:58)
- Other Ways of Controlling Access (01:52)
- Technical Access Controls (03:08)
- Physical Access Controls (01:05)
- Accountability (01:25)
- Threats to Access Control (05:47)
- Control Combinations (01:00)
- Summary (00:08)
Information Classification (07:39)
- Introduction (00:16)
- Information Classification (03:24)
- Information Classification Criteria (00:50)
- Declassifying Data (01:43)
- Types of Classification Levels (01:15)
- Summary (00:08)
Access Control Models (29:24)
- Introduction (00:07)
- Models for Access (01:47)
- Discretionary Access Control (02:47)
- Enforcing a DAC Policy (01:28)
- Mandatory Access Control Model (02:48)
- MAC Enforcement Mechanism: Labels (01:06)
- Where Are They Used? (00:36)
- Role-Based Access Control (01:44)
- Acquiring Rights and Permissions (00:46)
- Rule-Based Access Control (00:35)
- Access Control Matrix (02:22)
- Access Control Administration (02:00)
- Access Control Methods (02:06)
- Network Access Control (01:46)
- Policy on Network Services (01:38)
- Remote Centralized Administration (00:23)
- RADIUS Charcteristics (01:45)
- TACACS+ Characteristics (00:49)
- Diameter Characteristics (00:37)
- Decentralized Access Control Administration (01:12)
- Summary (00:43)
- Summary (00:08)
Computer Security Models
Trusted Computing Base (07:49)
- Introduction (00:07)
- System Protection: Trusted Computing Base (02:43)
- System Protection: Reference Monitor (02:40)
- Security Kernel Requirements (02:09)
- Summary (00:08)
Protection Mechanisms (12:25)
- Introduction (00:10)
- Security Modes of Operation (01:50)
- System Protection: Levels of Trust (01:41)
- System Protection: Process Isolation (02:20)
- System Protection: Layering (01:32)
- System Protection: Application Program Interface (01:17)
- System Protection: Protection Rings (02:18)
- What Does It Mean to Be in a Specific Ring (01:06)
- Summary (00:08)
Security Models (21:50)
- Introduction (00:12)
- Security Models (02:55)
- Security Models Continued (01:05)
- State Machine (01:28)
- Information Flow (00:56)
- Bell-LaPadula (02:26)
- Rules of Bell-LaPadula (01:44)
- Biba (02:12)
- Clark-Wilson Model (03:08)
- Non-Interference Model (02:46)
- Brewer and Nash: Chinese Wall (01:49)
- Take-Grant Model (00:54)
- Summary (00:08)
Evaluation Criteria (19:37)
- Introduction (00:24)
- Trusted Computer System Evaluation Criteria (03:41)
- TCSEC Rating Breakdown (01:11)
- Evaluation Criteria: ITSEC (02:53)
- Comparison of Ratings (00:25)
- ITSEC: Good and Bad (00:53)
- Common Criteria (00:54)
- Common Criteria Components (03:16)
- First Set of Requirements (00:52)
- Second Set of Requirements (00:25)
- Package Ratings (00:36)
- Common Criteria Outline (01:01)
- Certification vs. Accreditation (01:44)
- Summary (01:07)
- Summary (00:08)