[CCCure CISSP] CISSPstudy Digest, Vol 21, Issue 18
twitwicki at hannaford.com
twitwicki at hannaford.com
Mon Mar 15 12:26:16 EDT 2010
Omar,
Another tip: Shon Harris has highlighted two controls which are
frequently mis-categorized:
Testing is an Administrative control
Audit is a Technical (Logical) control.
Also the terms Logical and Technical are equivalent when it comes to
categorizing controls. Would be nice if there were a standard lexicon.
Regards, Tom
Join me on Linkedin!
http://www.linkedin.com/in/tomwitwicki
cisspstudy-reques
t at cccure.org
Sent by: To
cisspstudy-bounce cisspstudy at cccure.org
s at cccure.org cc
Subject
03/15/2010 12:00 CISSPstudy Digest, Vol 21, Issue 18
PM
Please respond to
cisspstudy at cccure
.org
Send CISSPstudy mailing list submissions to
cisspstudy at cccure.org
To subscribe or unsubscribe via the World Wide Web, visit
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
cisspstudy-request at cccure.org
You can reach the person managing the list at
cisspstudy-owner at cccure.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CISSPstudy digest..."
Today's Topics:
1. Re: Access control ? (Clement Dupuis)
2. Re: Access control ? (onaser525 at gmail.com)
----------------------------------------------------------------------
Message: 1
Date: Mon, 15 Mar 2010 00:36:33 +0000
From: Clement Dupuis <clement.dupuis at cccure.com>
To: onaser525 at gmail.com, The CISSP Study Mailing list
<cisspstudy at cccure.org>
Subject: Re: [CCCure CISSP] Access control ?
Message-ID:
<959788641003141736o384f85bbv10826cff663182f8 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Good evening,
They will not ask such a question simply because all three types of control
are needed for proper security. You need to have administrative, logical,
and physical. They support each other.
However when you read a question you have to attempt to grasp what is the
context, that will help you to come out with the proper answer.
A good example would be Intrusion Detection system, they exist in both the
physical and logical world.
Take care
Clement
Cl?ment Dupuis, CD
CISSP, GCFW, GCIA, QEH, QSA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS,
MBIS, MBHS, ACE
----------------------------------------------------------------------------------------------
In real life:
Senior Security Specialist and Instructor
Security University
>> Call me to get the best CISSP training <<
----------------------------------------------------------------------------------------------
In Cyberspace:
President/Security Evangelist/Chief Learning Officer (CLO)
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Business: 407 479 3903
Fax: 407 264 8396
Maintainer of :
The CCCure Family of Portals
http://www.cccure.org
The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org
Knowledge sharing and giving back to the community
On Sat, Mar 13, 2010 at 18:15, <onaser525 at gmail.com> wrote:
> I'm reading about physical and technical controls and in more detail
about
> network segregation and network architecture.
> In the Shon Harris book its says both can be carried out logical controls
> how would you differ if it was on a test and they ask you "which access
> control would be used if your protecting your network logically?" what
would
> be the right answer?
> They might not ask that but you never know.
>
> Thanks
> Omar
> Sent from my Verizon Wireless BlackBerry
>
> _______________________________________________
> CISSPstudy mailing list
> CISSPstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100315/13c636d0/attachment-0001.html
>
------------------------------
Message: 2
Date: Mon, 15 Mar 2010 01:24:33 +0000
From: onaser525 at gmail.com
To: "Clement Dupuis" <clement.dupuis at cccure.com>, "The CISSP
Study
Mailing list" <cisspstudy at cccure.org>
Subject: Re: [CCCure CISSP] Access control ?
Message-ID:
<2096680455-1268616271-cardhu_decombobulator_blackberry.rim.net-502669249- at bda398.bisx.prod.on.blackberry>
Content-Type: text/plain; charset="windows-1252"
Thank you all for your comments! I understand it now :)
Omar
Sent from my Verizon Wireless BlackBerry
-----Original Message-----
From: Clement Dupuis <clement.dupuis at cccure.com>
Date: Mon, 15 Mar 2010 00:36:33
To: <onaser525 at gmail.com>; The CISSP Study Mailing
list<cisspstudy at cccure.org>
Subject: Re: [CCCure CISSP] Access control ?
Good evening,
They will not ask such a question simply because all three types of control
are needed for proper security. You need to have administrative, logical,
and physical. They support each other.
However when you read a question you have to attempt to grasp what is the
context, that will help you to come out with the proper answer.
A good example would be Intrusion Detection system, they exist in both the
physical and logical world.
Take care
Clement
Cl?ment Dupuis, CD
CISSP, GCFW, GCIA, QEH, QSA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS,
MBIS, MBHS, ACE
----------------------------------------------------------------------------------------------
In real life:
Senior Security Specialist and Instructor
Security University
>> Call me to get the best CISSP training <<
----------------------------------------------------------------------------------------------
In Cyberspace:
President/Security Evangelist/Chief Learning Officer (CLO)
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Business: 407 479 3903
Fax: 407 264 8396
Maintainer of :
The CCCure Family of Portals
http://www.cccure.org
The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org
Knowledge sharing and giving back to the community
On Sat, Mar 13, 2010 at 18:15, <onaser525 at gmail.com> wrote:
> I'm reading about physical and technical controls and in more detail
about
> network segregation and network architecture.
> In the Shon Harris book its says both can be carried out logical controls
> how would you differ if it was on a test and they ask you "which access
> control would be used if your protecting your network logically?" what
would
> be the right answer?
> They might not ask that but you never know.
>
> Thanks
> Omar
> Sent from my Verizon Wireless BlackBerry
>
>_______________________________________________
> CISSPstudy mailing list
> CISSPstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100315/54c1acfa/attachment-0001.html
>
------------------------------
_______________________________________________
CISSPstudy mailing list
CISSPstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
End of CISSPstudy Digest, Vol 21, Issue 18
******************************************
More information about the CISSPstudy
mailing list