[CCCure CISSP] CISSPstudy Digest, Vol 21, Issue 18

Ali Jawad alijawad1 at gmail.com
Mon Mar 15 12:37:21 EDT 2010 

Hi Tom
I do agree on what is mentioned in AIO as I read it. But based on what
I read in other books and the questions I took it is all based on the
question at hand. Testing a BCP is a administrative control indeed,
but what about doing a bug test for a software application that would
be considered a technical control. Auditing system access logs or IDS
logs is definitely a technical control, what about auditing the time
punch entries for employees ?
The same goes for IDS, a network IDS is a technical device while a
photoelectronic device or a proximity device is a physical access
control device. So my advice would be to answer as many questions and
study as much real life scenarios as possible to be able to
differentiate between controls based on their usage and the question
at hand in stead of categorizing them strictly based on the book.
Regards

On Mon, Mar 15, 2010 at 7:26 PM,  <twitwicki at hannaford.com> wrote:
>
>
> Omar,
>      Another tip: Shon Harris has highlighted two controls which are
> frequently mis-categorized:
>
> Testing is an Administrative control
> Audit is a Technical (Logical) control.
>
> Also the terms Logical and Technical are equivalent when it comes to
> categorizing controls.  Would be nice if there were a standard lexicon.
>
> Regards, Tom
>
>
> Join me on Linkedin!
> http://www.linkedin.com/in/tomwitwicki
>
>
>
>
>
>
>
>             cisspstudy-reques
>             t at cccure.org
>             Sent by:                                                   To
>             cisspstudy-bounce         cisspstudy at cccure.org
>             s at cccure.org                                               cc
>
>                                                                   Subject
>             03/15/2010 12:00          CISSPstudy Digest, Vol 21, Issue 18
>             PM
>
>
>             Please respond to
>             cisspstudy at cccure
>                   .org
>
>
>
>
>
>
> Send CISSPstudy mailing list submissions to
>             cisspstudy at cccure.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>             http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> or, via email, send a message with subject or body 'help' to
>             cisspstudy-request at cccure.org
>
> You can reach the person managing the list at
>             cisspstudy-owner at cccure.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of CISSPstudy digest..."
>
>
> Today's Topics:
>
>   1. Re: Access control ? (Clement Dupuis)
>   2. Re: Access control ? (onaser525 at gmail.com)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 15 Mar 2010 00:36:33 +0000
> From: Clement Dupuis <clement.dupuis at cccure.com>
> To: onaser525 at gmail.com, The CISSP Study Mailing list
>             <cisspstudy at cccure.org>
> Subject: Re: [CCCure CISSP] Access control ?
> Message-ID:
>             <959788641003141736o384f85bbv10826cff663182f8 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Good evening,
>
> They will not ask such a question simply because all three types of control
> are needed for proper security.  You need to have administrative, logical,
> and physical.  They support each other.
>
> However when you read a question you have to attempt to grasp what is the
> context,  that will help you to come out with the proper answer.
>
> A good example would be Intrusion Detection system, they exist in both the
> physical and logical world.
>
> Take care
>
> Clement
>
> Cl?ment Dupuis, CD
> CISSP, GCFW, GCIA, QEH, QSA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS,
> MBIS, MBHS,  ACE
> ----------------------------------------------------------------------------------------------
>
> In real life:
> Senior Security Specialist and Instructor
> Security University
>>>  Call me to get the best CISSP training  <<
> ----------------------------------------------------------------------------------------------
>
> In Cyberspace:
> President/Security Evangelist/Chief Learning Officer (CLO)
> The CCCure Family of Portals
> ----------------------------------------------------------------------------------------------
>
> Business:  407 479 3903
> Fax:          407 264 8396
>
> Maintainer of :
> The CCCure Family of Portals
> http://www.cccure.org
>
> The Professional Security Testers Warehouse
> http://www.professionalsecuritytesters.org
>
> Knowledge sharing and giving back to the community
>
>
> On Sat, Mar 13, 2010 at 18:15, <onaser525 at gmail.com> wrote:
>
>> I'm reading about physical and technical controls and in more detail
> about
>> network segregation and network architecture.
>> In the Shon Harris book its says both can be carried out logical controls
>> how would you differ if it was on a test and they ask you "which access
>> control would be used if your protecting your network logically?" what
> would
>> be the right answer?
>>  They might not ask that but you never know.
>>
>> Thanks
>> Omar
>> Sent from my Verizon Wireless BlackBerry
>>
>> _______________________________________________
>> CISSPstudy mailing list
>> CISSPstudy at cccure.org
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100315/13c636d0/attachment-0001.html
>>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 15 Mar 2010 01:24:33 +0000
> From: onaser525 at gmail.com
> To: "Clement Dupuis" <clement.dupuis at cccure.com>,            "The CISSP
> Study
>             Mailing list" <cisspstudy at cccure.org>
> Subject: Re: [CCCure CISSP] Access control ?
> Message-ID:
>
> <2096680455-1268616271-cardhu_decombobulator_blackberry.rim.net-502669249- at bda398.bisx.prod.on.blackberry>
>
>
> Content-Type: text/plain; charset="windows-1252"
>
> Thank you all for your comments! I understand it now :)
>
> Omar
> Sent from my Verizon Wireless BlackBerry
>
> -----Original Message-----
> From: Clement Dupuis <clement.dupuis at cccure.com>
> Date: Mon, 15 Mar 2010 00:36:33
> To: <onaser525 at gmail.com>; The CISSP Study Mailing
> list<cisspstudy at cccure.org>
> Subject: Re: [CCCure CISSP] Access control ?
>
> Good evening,
>
> They will not ask such a question simply because all three types of control
> are needed for proper security.  You need to have administrative, logical,
> and physical.  They support each other.
>
> However when you read a question you have to attempt to grasp what is the
> context,  that will help you to come out with the proper answer.
>
> A good example would be Intrusion Detection system, they exist in both the
> physical and logical world.
>
> Take care
>
> Clement
>
> Cl?ment Dupuis, CD
> CISSP, GCFW, GCIA, QEH, QSA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS,
> MBIS, MBHS,  ACE
> ----------------------------------------------------------------------------------------------
>
> In real life:
> Senior Security Specialist and Instructor
> Security University
>>>  Call me to get the best CISSP training  <<
> ----------------------------------------------------------------------------------------------
>
> In Cyberspace:
> President/Security Evangelist/Chief Learning Officer (CLO)
> The CCCure Family of Portals
> ----------------------------------------------------------------------------------------------
>
> Business:  407 479 3903
> Fax:          407 264 8396
>
> Maintainer of :
> The CCCure Family of Portals
> http://www.cccure.org
>
> The Professional Security Testers Warehouse
> http://www.professionalsecuritytesters.org
>
> Knowledge sharing and giving back to the community
>
>
> On Sat, Mar 13, 2010 at 18:15, <onaser525 at gmail.com> wrote:
>
>> I'm reading about physical and technical controls and in more detail
> about
>> network segregation and network architecture.
>> In the Shon Harris book its says both can be carried out logical controls
>> how would you differ if it was on a test and they ask you "which access
>> control would be used if your protecting your network logically?" what
> would
>> be the right answer?
>>  They might not ask that but you never know.
>>
>> Thanks
>> Omar
>> Sent from my Verizon Wireless BlackBerry
>>
>>_______________________________________________
>> CISSPstudy mailing list
>> CISSPstudy at cccure.org
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100315/54c1acfa/attachment-0001.html
>>
>
> ------------------------------
>
> _______________________________________________
> CISSPstudy mailing list
> CISSPstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
> End of CISSPstudy Digest, Vol 21, Issue 18
> ******************************************
>
>
>
> _______________________________________________
> CISSPstudy mailing list
> CISSPstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>

More information about the CISSPstudy mailing list