Entradas

Mostrando entradas de 2013

CISSP Concepts

Domain Reference: Access Control

Biometrics Report:
- Type I Errors: Authorized Individuals were incorrectly rejected
- Type II Errors: Unathorized Individuals were incorrectly granted access.

SESAME: Secure European System For Applications In a Multivendors Enviroment

- Technology bult upon the Kerberos foundation.
- SESAME provides different capabilities and uses public key criptography
- SESAME differs from Kerberos in that it uses PACS (Privileged Attribute Certificate) for authentication.
- Instead of the Kerberos Tickets Exchange Methodology.

Access Controls Models

Discretionary Access Control (DAC)Mandatory Access Control (MACRole-Based Access Control (RBAC)

Trusted Computer System Evaluation Criteria (TCSEC): http://en.wikipedia.org/wiki/TCSEC Information Technology Security Evaluation Criteria (ITSEC): http://en.wikipedia.org/wiki/ITSEC Common Criteria for Information Technology Security Evaluation (CC): http://en.wikipedia.org/wiki/Common_Criteria








ISO/IEC 27000 Series

Este Grupo de estándares son conocidos como la serie ISO/IEC 27000, siendo las mejores prácticas de la industria para la administración de controles de seguridad de manera transversal en organizaciones de todo el mundo.

ISO/IEC 27000: Overview and vocabulary
ISO/IEC 27001: ISMS requeriments
ISO/IEC 27002: Code of practice for information security management
ISO/IEC 27003: Guideline for ISMS implementation
ISO/IEC 27004: Guideline for information security management measurement and metrics framework
ISO/IEC 27005: Guideline for information security risk management
ISO/IEC 27006: Guideline for bodies providing audit and certification of ISMS.
ISO/IEC 27011: Information security management guidelines for telecomunications organizations
ISO/IEC 27031: Guideline for information and communications technology readiness for business continuity
ISO/IEC 27033-1: Guideline for network security
ISO 27799: Guide for information security management in health organizations

The following ISO/IEC standards are in…