Communication & Network Security Domain The Communication and Network Security domain deals with topics related to network components such as network models, network devices and protocols; specifically, how they function and how they are relevant to security. This domain discusses the OSI model as a guiding principle in networking, cabling, wireless connectivity, TCP/IP and [...]
Site & Facility Design Principles & Security Controls- Part 2 Utilities and Heating, Ventilation, and Air Conditioning (HVAC) We come to the part where we talk about physical site & facility controls. The heating and air-conditioning systems are necessary for maintaining a safe and acceptable operating environment for computers and personnel. Computing equipment and [...]
Site & Facility Design Principles & Security Controls- Part 1 One of the most important topics in CISSP course is physical site & facility controls. Some of the principles are provided by Crime Prevention through Environmental Design (CPTED) which are widely adopted all over the world by the security professionals to design public and [...]
Cryptography- Part 2 Asymmetric Cryptography / Public Key Cryptography In this method, two keys are used: Private Key: This key is only known by the owner itself. Public key: This key is issued by using Public Key Infrastructure (PKI) where a trusted Certification Authority (CA) certifies the ownership of key pairs. Only the private [...]
Cryptography- Part 1 This page we discuss cryptography, concepts, algorithms, attacks, and management. The sensitivity of assets is determined by confidentiality and integrity requirements and the impact of compromise on the corporation. Cryptography is the science of encrypting and decrypting communications to make them unintelligible for all but the intended recipient. Cryptography used to [...]
Assessing & Mitigating Vulnerabilities of Embedded Devices Embedded devices or embedded computer systems are the computing system specially designed for a dedicated purpose with the mechanical and electrical system. These embedded systems may have internet connectivity. An example of the embedded system commonly used for general purposes are: Digital Watches Automobiles and other vehicles [...]
Assessing & Mitigating Vulnerabilities of Mobile Systems These days, one of the most important aspects of cyber security is the ability to secure mobile systems. Smartphones available in the market are running on different popular Operating systems such as iOS, Blackberry OS, Android, Symbian, and Windows, etc. All of these have an online store for [...]
Assessing & Mitigating Vulnerabilities of Web Systems Web Servers are the programs that are used for hosting websites. Web servers may be deployed on a separate web server hardware or installed on a host as a program. One of the most important aspects of cyber security is the ability to secure web systems. This [...]
Assessing & Mitigating Vulnerabilities of Security Architectures- Part II (IoT) Cloud-based systems Cloud Computing eliminates the need for on-premises devices by renting a virtual machine hosted by a trusted third-party. This remote computing enhances the efficiency, performance, scalability, and security. There are three different models for cloud computing: Iaas (Infrastructure as a service): Instead [...]