Certified Information Systems Security Professional, Part 3 of 9: Cryptography and Operations

Course description

Operations security is where all the theory and policies are put into action. Topics in this course will include administration responsibilities, redundancy and fault tolerance, and threats to operations. Also, an overview of cryptography and how it can be used in something like access will be discussed. This course is part of a series covering the ISC(2) Certified Information Systems Security Professional (CISSP).

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.

Prerequisites

This series assumes a good understanding of enterprise networking and networking security. This is part 3 of a 9 part series.

Meet the expert

Kevin Henry

Kevin is an international author, consultant and international
speaker. He is the official course development writer for ISC2 CISSP, ISACA CRISC and mile2’s C)ISSO. Kevin has been educating IT professionals for over 30 years. He also provides cyber security consulting and support services for organizations around the world. Assisting them with setting up Information Security programs and addressing areas ranging from in-depth risk analysis to policy creation and security awareness.

Video Runtime

147 Minutes

Time to complete

187 Minutes

Course Outline

Operations Security

Admin Responsibilities (31:38)

• Introduction (00:27)
• Operations Issues (01:22)
• Role of Operations (01:22)
• Administrator Access (01:42)
• Computer Operations: System Administrators (03:12)
• Security Administrator (01:57)
• Operational Assurance (00:50)
• Audit and Compliance (01:50)
• Some Threats to Computer Operations (04:02)
• Specific Operations Tasks (00:48)
• Agenda (00:08)
• Product Implementation Concerns (02:10)
• Logs and Monitoring (01:15)
• Records Management (01:17)
• Change Control (01:40)
• Resource Protection (02:00)
• Contingency Planning (01:53)
• System Controls (00:36)
• Trusted Recovery (02:48)
• Summary (00:08)

Redundancy and Fault Tolerance (13:17)

• Introduction (00:15)
• Fault-Tolerance Mechanisms (01:59)
• Duplexing, Mirroring, And Checkpointing (01:24)
• Redundant Array of Independent Disks (03:30)
• Fault Tolerance (00:44)
• Redundancy Mechanism (01:11)
• Backups (01:28)
• Backup Types (02:34)
• Summary (00:08)

Operational Issues (15:43)

• Introduction (00:08)
• Remote Access (00:42)
• Facsimilie Security (00:48)
• Email Security (00:44)
• Before Carrying out Vulnerability Testing (02:02)
• Vulnerability Assessments (02:18)
• Methology (03:22)
• Penetration Testing (01:02)
• Ethical Hacking (01:02)
• Hack and Attack Strategies (02:06)
• Protection Mechanism: Honeypot (01:16)
• Summary (00:08)

Threats to Operations (09:32)

• Introduction (00:08)
• Threats to Operations (01:55)
• Data Leakage: Social Engineering (00:59)
• Data Leakage - Object Reuse (00:27)
• Object Reuse (01:49)
• Why Not Just Delete the File or Format the Disk (00:31)
• Data Leakage: Keystroke Logging (00:29)
• Data Leakage: Emanation (00:47)
• Controlling Data Leakage: TEMPEST (00:34)
• Controlling Data Leakage: Control Zone (00:23)
• Controlling Data Leakage: White Noise (00:23)
• Summary (00:53)
• Summary (00:08)

Symmetric Cryptography and Hashing

Cryptography Terms (06:24)

• Introduction (00:06)
• Cryptography Objectives (01:14)
• Cryptographic Definitions (01:28)
• A Few More Definitions (02:12)
• Some More Definitions (00:47)
• Symmetric Cryptography: Use of Secret Keys (00:28)
• Summary (00:08)

Historical Uses of Cryptography (13:02)

• Introduction (00:27)
• Cryptography Uses Yesterday and Today (02:17)
• Historical Uses of Symmetric Cryptography (01:44)
• Scytale Cipher (00:38)
• Substitution Cipher (00:25)
• Caesar Cipher Example (01:14)
• Vigenere Cipher (00:30)
• Polyalphabetic Substitution and Vigenere Example (01:36)
• Enigma Machine (01:12)
• Vernam Cipher (01:14)
• Running Key and Concealment (01:32)
• Summary (00:08)

Cryptography Foundations (14:03)

• Introduction (00:05)
• One-Time Pad Characteristics (01:21)
• Binary Mathmatical Fuction (00:59)
• Key and Algorithm Relationship (01:49)
• 128-Bit Keys vs. 64-Bit Keys (02:33)
• Breaking Cryptosystems: Brute Force (00:49)
• Breaking Cryptosystems: Frequency Analysis (00:51)
• Determining Strength in a Cryptosystem (02:52)
• Characteristics of Strong Algorithms (01:46)
• Open or Closed (00:46)
• Summary (00:08)

Modern Cryptography (16:26)

• Introduction (00:23)
• Types of Ciphers Used Today (00:43)
• Encryption/Decryption Methods (00:46)
• Symmetric Ciphers: Block Cipher (01:32)
• S-Boxes Used in Block Ciphers (00:55)
• Symmetric Ciphers: Stream Cipher (02:35)
• Encryption Process and Symmetric Characteristics (01:16)
• Strength of a Stream Cipher (02:01)
• Let's Dive in Deeper (01:04)
• Symmetric Key Cryptography (04:45)
• Symmetric Key Management Issue (00:14)
• Summary (00:08)

Symmetric Algorithms (27:39)

• Introduction (00:06)
• Symmetric Algorithms Examples (01:21)
• Symmetric Downfalls (01:01)
• Secret vs. Session Keys (01:31)
• Symmetric Algorithms: DES (02:30)
• Evolution of DES (02:30)
• Block Cipher Modes: CBC (01:21)
• Block Cipher Modes: ECB, CFB, and OFB (01:34)
• Symmetric Ciphers: AES (01:10)
• Other Symmetric Algorithms (01:26)
• Agenda (00:06)
• MAC- Sender (00:04)
• Hashing Algorithms (01:53)
• Protecting the Integrity of Data (01:56)
• Data Integrity Mechanisms (00:48)
• Weakness in Using Only Hash Algorithms (00:44)
• More Protection in Data Integrity (01:58)
• Security Issues in Hashing (02:36)
• Birthday Attack (01:55)
• Summary (00:52)
• Summary (00:08)