Certified Information Systems Security Professional, Part 2 of 9: Access and Security Models
Interactive

Certified Information Systems Security Professional, Part 2 of 9: Access and Security Models

LearnNow Online
Updated Aug 21, 2018

Course description

Access control is the heartbeat of information security. This course will talk about role access, layers of access, control characteristics, administrative controls and technical access. It will also cover architecture computer security concepts. This course is part of a series covering the ISC(2) Certified Information Systems Security Professional or CISSP.

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.


Prerequisites

This series assumes a good understanding of enterprise networking and networking security. This is part 2 of a 9 part series


Meet the expert

Kevin Henry

Kevin is an international author, consultant and international
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.

Video Runtime

140 Minutes

Time to complete

180 Minutes

Course Outline

Access Control

Access Control Types (20:33)

  • Introduction (00:08)
  • Role of Access Control (03:12)
  • Definitions (03:13)
  • More Definitions (02:26)
  • Layers of Access Control (02:14)
  • Layers of Access Control Continued (01:37)
  • Access Control Mechanism Examples (01:41)
  • Access Control Characteristics (05:50)
  • Summary (00:08)

More Access Control Types (21:27)

  • Introduction (00:08)
  • Preventative Control Types (03:50)
  • Administrative Controls (01:02)
  • Controlling Access (01:58)
  • Other Ways of Controlling Access (01:52)
  • Technical Access Controls (03:08)
  • Physical Access Controls (01:05)
  • Accountability (01:25)
  • Threats to Access Control (05:47)
  • Control Combinations (01:00)
  • Summary (00:08)

Information Classification (07:39)

  • Introduction (00:16)
  • Information Classification (03:24)
  • Information Classification Criteria (00:50)
  • Declassifying Data (01:43)
  • Types of Classification Levels (01:15)
  • Summary (00:08)

Access Control Models (29:24)

  • Introduction (00:07)
  • Models for Access (01:47)
  • Discretionary Access Control (02:47)
  • Enforcing a DAC Policy (01:28)
  • Mandatory Access Control Model (02:48)
  • MAC Enforcement Mechanism: Labels (01:06)
  • Where Are They Used? (00:36)
  • Role-Based Access Control (01:44)
  • Acquiring Rights and Permissions (00:46)
  • Rule-Based Access Control (00:35)
  • Access Control Matrix (02:22)
  • Access Control Administration (02:00)
  • Access Control Methods (02:06)
  • Network Access Control (01:46)
  • Policy on Network Services (01:38)
  • Remote Centralized Administration (00:23)
  • RADIUS Charcteristics (01:45)
  • TACACS+ Characteristics (00:49)
  • Diameter Characteristics (00:37)
  • Decentralized Access Control Administration (01:12)
  • Summary (00:43)
  • Summary (00:08)
Computer Security Models

Trusted Computing Base (07:49)

  • Introduction (00:07)
  • System Protection: Trusted Computing Base (02:43)
  • System Protection: Reference Monitor (02:40)
  • Security Kernel Requirements (02:09)
  • Summary (00:08)

Protection Mechanisms (12:25)

  • Introduction (00:10)
  • Security Modes of Operation (01:50)
  • System Protection: Levels of Trust (01:41)
  • System Protection: Process Isolation (02:20)
  • System Protection: Layering (01:32)
  • System Protection: Application Program Interface (01:17)
  • System Protection: Protection Rings (02:18)
  • What Does It Mean to Be in a Specific Ring (01:06)
  • Summary (00:08)

Security Models (21:50)

  • Introduction (00:12)
  • Security Models (02:55)
  • Security Models Continued (01:05)
  • State Machine (01:28)
  • Information Flow (00:56)
  • Bell-LaPadula (02:26)
  • Rules of Bell-LaPadula (01:44)
  • Biba (02:12)
  • Clark-Wilson Model (03:08)
  • Non-Interference Model (02:46)
  • Brewer and Nash: Chinese Wall (01:49)
  • Take-Grant Model (00:54)
  • Summary (00:08)

Evaluation Criteria (19:37)

  • Introduction (00:24)
  • Trusted Computer System Evaluation Criteria (03:41)
  • TCSEC Rating Breakdown (01:11)
  • Evaluation Criteria: ITSEC (02:53)
  • Comparison of Ratings (00:25)
  • ITSEC: Good and Bad (00:53)
  • Common Criteria (00:54)
  • Common Criteria Components (03:16)
  • First Set of Requirements (00:52)
  • Second Set of Requirements (00:25)
  • Package Ratings (00:36)
  • Common Criteria Outline (01:01)
  • Certification vs. Accreditation (01:44)
  • Summary (01:07)
  • Summary (00:08)