Certified Information Systems Security Professional, Part 3 of 9: Cryptography and Operations
with expert Kevin Henry
Course description
Operations security is where all the theory and policies are put into action. Topics in this course will include administration responsibilities, redundancy and fault tolerance, and threats to operations. Also, an overview of cryptography and how it can be used in something like access will be discussed. This course is part of a series covering the ISC(2) Certified Information Systems Security Professional (CISSP).
Prerequisites
This series assumes a good understanding of enterprise networking and networking security. This is part 3 of a 9 part series.
Learning Paths
This course will help you prepare for the following certification and exam:
Certified Information Systems Security Professional
Meet the expert
Kevin is an international author, consultant and international
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.
Course outline
Operations Security
Admin Responsibilities (31:38)
- Introduction (00:27)
- Operations Issues (01:22)
- Role of Operations (01:22)
- Administrator Access (01:42)
- Computer Operations: System Administrators (03:12)
- Security Administrator (01:57)
- Operational Assurance (00:50)
- Audit and Compliance (01:50)
- Some Threats to Computer Operations (04:02)
- Specific Operations Tasks (00:48)
- Agenda (00:08)
- Product Implementation Concerns (02:10)
- Logs and Monitoring (01:15)
- Records Management (01:17)
- Change Control (01:40)
- Resource Protection (02:00)
- Contingency Planning (01:53)
- System Controls (00:36)
- Trusted Recovery (02:48)
- Summary (00:08)
Redundancy and Fault Tolerance (13:17)
- Introduction (00:15)
- Fault-Tolerance Mechanisms (01:59)
- Duplexing, Mirroring, And Checkpointing (01:24)
- Redundant Array of Independent Disks (03:30)
- Fault Tolerance (00:44)
- Redundancy Mechanism (01:11)
- Backups (01:28)
- Backup Types (02:34)
- Summary (00:08)
Operational Issues (15:43)
- Introduction (00:08)
- Remote Access (00:42)
- Facsimilie Security (00:48)
- Email Security (00:44)
- Before Carrying out Vulnerability Testing (02:02)
- Vulnerability Assessments (02:18)
- Methology (03:22)
- Penetration Testing (01:02)
- Ethical Hacking (01:02)
- Hack and Attack Strategies (02:06)
- Protection Mechanism: Honeypot (01:16)
- Summary (00:08)
Threats to Operations (09:32)
- Introduction (00:08)
- Threats to Operations (01:55)
- Data Leakage: Social Engineering (00:59)
- Data Leakage - Object Reuse (00:27)
- Object Reuse (01:49)
- Why Not Just Delete the File or Format the Disk (00:31)
- Data Leakage: Keystroke Logging (00:29)
- Data Leakage: Emanation (00:47)
- Controlling Data Leakage: TEMPEST (00:34)
- Controlling Data Leakage: Control Zone (00:23)
- Controlling Data Leakage: White Noise (00:23)
- Summary (00:53)
- Summary (00:08)
Symmetric Cryptography and Hashing
Cryptography Terms (06:24)
- Introduction (00:06)
- Cryptography Objectives (01:14)
- Cryptographic Definitions (01:28)
- A Few More Definitions (02:12)
- Some More Definitions (00:47)
- Symmetric Cryptography: Use of Secret Keys (00:28)
- Summary (00:08)
Historical Uses of Cryptography (13:02)
- Introduction (00:27)
- Cryptography Uses Yesterday and Today (02:17)
- Historical Uses of Symmetric Cryptography (01:44)
- Scytale Cipher (00:38)
- Substitution Cipher (00:25)
- Caesar Cipher Example (01:14)
- Vigenere Cipher (00:30)
- Polyalphabetic Substitution and Vigenere Example (01:36)
- Enigma Machine (01:12)
- Vernam Cipher (01:14)
- Running Key and Concealment (01:32)
- Summary (00:08)
Cryptography Foundations (14:03)
- Introduction (00:05)
- One-Time Pad Characteristics (01:21)
- Binary Mathmatical Fuction (00:59)
- Key and Algorithm Relationship (01:49)
- 128-Bit Keys vs. 64-Bit Keys (02:33)
- Breaking Cryptosystems: Brute Force (00:49)
- Breaking Cryptosystems: Frequency Analysis (00:51)
- Determining Strength in a Cryptosystem (02:52)
- Characteristics of Strong Algorithms (01:46)
- Open or Closed (00:46)
- Summary (00:08)
Modern Cryptography (16:26)
- Introduction (00:23)
- Types of Ciphers Used Today (00:43)
- Encryption/Decryption Methods (00:46)
- Symmetric Ciphers: Block Cipher (01:32)
- S-Boxes Used in Block Ciphers (00:55)
- Symmetric Ciphers: Stream Cipher (02:35)
- Encryption Process and Symmetric Characteristics (01:16)
- Strength of a Stream Cipher (02:01)
- Let's Dive in Deeper (01:04)
- Symmetric Key Cryptography (04:45)
- Symmetric Key Management Issue (00:14)
- Summary (00:08)
Symmetric Algorithms (27:39)
- Introduction (00:06)
- Symmetric Algorithms Examples (01:21)
- Symmetric Downfalls (01:01)
- Secret vs. Session Keys (01:31)
- Symmetric Algorithms: DES (02:30)
- Evolution of DES (02:30)
- Block Cipher Modes: CBC (01:21)
- Block Cipher Modes: ECB, CFB, and OFB (01:34)
- Symmetric Ciphers: AES (01:10)
- Other Symmetric Algorithms (01:26)
- Agenda (00:06)
- MAC- Sender (00:04)
- Hashing Algorithms (01:53)
- Protecting the Integrity of Data (01:56)
- Data Integrity Mechanisms (00:48)
- Weakness in Using Only Hash Algorithms (00:44)
- More Protection in Data Integrity (01:58)
- Security Issues in Hashing (02:36)
- Birthday Attack (01:55)
- Summary (00:52)
- Summary (00:08)