Study Notes: CISSP Security Concepts
Here’s my study notes from Security Concepts in ISC(²) CISSP Official Study guide.
Table Of Contents
- CIA Triad
- DAD Triad
- AAA Framework
- Protection Mechanisms
- Security Boundaries
- Security Governance Principles
CIA Triad
Principle | Key concepts |
---|---|
Confidentiality | Sensitivity, Discretion, Criticality, Concealment, Secrecy, Privacy, Seclusion, Isolation |
Integrity | Accuracy, Truthfulness, Validity, Accountability, Responsibility, Completeness, Comprehensiveness |
Availability | Usability, Accessibility, Timeliness |
DAD Triad
The opposite of CIA Triad. Think of it as the objectives of an adversary.
- Disclosure
- Alteration
- Denial
AAA Framework
The AAA framework are the fundamental mechanisms of a secure environment.
The ISC(²) is separating the Auditing from Accounting. Some organizations and knowledge-bases consider auditing and accounting as one category.
Category | Explanation |
---|---|
Identification | Claiming an identity. |
Authentication | Proving an identity. |
Authorization | Requesting access to system. |
Auditing | Recording events related to the subject and system. |
Accounting | Reviewing the event logs. |
Protection Mechanisms
Concept | Key ideas |
---|---|
Defense in Depth | Layered security > parallel. |
Abstraction | Classification, categorization and labelling. |
Data Hiding | Unable to access or see, not only hidden. |
Encryption | Scrambled data and key-assigned. |
Security Boundaries
The intersection between any two areas, subnets, or environments that have different security requirements or needs.
- Applies to both physical and digital areas.
- The perimeter of the security boundaries and its respective policies must be clearly defined.
- All security mechanisms must be weighed against the value of the protected assets.
Security Governance Principles
The collection of of practices related to supporting, evaluating, defining, and directing the security efforts of an organization.