Certified Information Systems Security Professional, CISSP, Part 2 of 9: Access and Security Models

Access control is the heartbeat of information security. This course will talk about role access, layers of access, control characteristics, administrative controls and technical access. It will also cover architecture computer security concepts. This course contains the following lessons:

Lesson 1:

• Role of Access Control
• Definitions
• More Definitions
• Layers of Access Control
• Layers of Access Control Continued
• Access Control Mechanism Examples
• Access Control Characteristics.

Lesson 2:

• Preventative Control Types
• Administrative Controls
• Controlling Access
• Other Ways of Controlling Access
• Technical Access Controls
• Physical Access Controls
• Accountability
• Threats to Access Control
• Control Combinations.

Lesson 3:

• Information Classification
• Information Classification Criteria
• Declassifying Data
• Types of Classification Levels.

Lesson 4:

• Models for Access
• Discretionary Access Control
• Enforcing a DAC Policy
• Mandatory Access Control Model
• MAC Enforcement Mechanism: Labels
• Where Are They Used?
• Role-Based Access Control
• Acquiring Rights and Permissions
• Rule-Based Access Control
• Access Control Matrix
• Access Control Administration
• Access Control Methods
• Network Access Control
• Policy on Network Services
• Remote Centralized Administration
• RADIUS Characteristics
• TACACS+ Characteristics
• Diameter Characteristics
• Decentralized Access Control Administration
• Summary.

Lesson 5:

• System Protection: Trusted Computing Base
• System Protection: Reference Monitor
• Security Kernel Requirements.

Lesson 6:

• Security Modes of Operation
• System Protection: Levels of Trust
• System Protection: Process Isolation
• System Protection: Layering
• System Protection: Application Program Interface
• System Protection: Protection Rings
• What Does It Mean to Be in a Specific Ring.

Lesson 7:

• Security Models
• Security Models Continued
• State Machine
• Information Flow
• Bell-LaPadula
• Rules of Bell-LaPadula
• Biba
• Clark-Wilson Model
• Non-Interference Model
• Brewer and Nash: Chinese Wall
• Take-Grant Model.

Lesson 8:

• Trusted Computer System Evaluation Criteria
• TCSEC Rating Breakdown
• Evaluation Criteria: ITSEC
• Comparison of Ratings
• ITSEC: Good and Bad
• Common Criteria
• Common Criteria Components
• First Set of Requirements
• Second Set of Requirements
• Package Ratings
• Common Criteria Outline
• Certification vs. Accreditation
• Summary.