no more cubes

Author: Andreas

  • Betreff: E-Mail

    20131123-080959.jpg

    Titelseite der heutigen Süddeutschen. Man fragt sich in der Tat.

  • Change management process

    1. Submit the change
    2. Approve the change
    3. Document the change
    4. Test the change
    5. Implement the change
    6. Report the change

  • Reconnaissance Methods

    • FIN Scan: Uses an IP-bases server’s error-handling mechanism against it.
    • Operation System (OS) Identification: users an operating system’s weaknesses to obtain valuable information.
    • Port sweep: Bombards a servers’s IP address with packets to identify active services.
    • Evasive sweep: Identifies a server’s systems and services without ever completely connecting to it.

  • Components od a basic information system architecture

    • Network architecture
    • Protection mechanisms
    • Platform architecture
    • Security Models
    • Enterprise architecture

  • Security Models

    Address security, integrity and information flow

    • Graham-Denning: Defines the commands that a subject can execute to create or delete an object.
    • Noninterference: Prevents covert channels and interference attacks.
    • Brewer & Nash

    Address security and integrity

    Further Descriptions

    • Lipner: Was the first security model to separate objects into data and programs
    • Harrison-Ruzzo-Ullman: Comprised of generic rights and a small set of commands

  • Operating System States

    • Supervisory: A system routine, or highly privileged routine, is being executed by the system.
    • Ready: Processing can be resumed for an application.
    • Wait: A specific event must be completed before another process resumes.
    • (Needs review: Problem: An application is being run by the system.(?))

  • Control Objects for Information and Related Technology (COBIT)

    Control Objects for Information and Related Technology (COBIT)

    • can be used to as the basis for internal and external security audits.
    • determines the security mechanisms to be implemented for a system.

  • ISO / IEC 27001:2005

    ISO / IEC 27001:2005

    • can be used for certifying a company’s ISMS and making comaprisons to other companies’ ISMSs.
    • Defines a company’s ISMS and how it’s structured, controlled, run, and maintained.

  • ISO / IEC 27002

    ISO / IEC 27002

    • Defines the way in which security mechanisms should be run
    • Provides guidelines for ensuring that security controls are consistent with industry best practices

  • Information Technology Security Evaluation Criteria (ITSEC)

    Information Technology Security Evaluation Criteria (ITSEC) involves evaluation assurance by reviewing the development practices, documentation, configuration management and testing mechanisms of a system. Also, it provides separate ratings for functionality and assurance.