[CCCure CISSP] CISSPstudy Digest, Vol 21, Issue 18
Ali Jawad
alijawad1 at gmail.com
Mon Mar 15 12:40:35 EDT 2010
Hi Again
The IDS idea was first mentioned by Clement in this tread and I am
only complementing his thoughts on this. Another thing I would like to
point out is that in AIO there is a table for controls including
Deterrent and Preventative where those measures are strictly
categorized, this also depends on the question at hand, sometimes a
fence,badge is preventative and sometimes deterrent, it really depends
on what choices you are offered and what keywords are used in the
question.
Regards
On Mon, Mar 15, 2010 at 7:37 PM, Ali Jawad <alijawad1 at gmail.com> wrote:
> Hi Tom
> I do agree on what is mentioned in AIO as I read it. But based on what
> I read in other books and the questions I took it is all based on the
> question at hand. Testing a BCP is a administrative control indeed,
> but what about doing a bug test for a software application that would
> be considered a technical control. Auditing system access logs or IDS
> logs is definitely a technical control, what about auditing the time
> punch entries for employees ?
> The same goes for IDS, a network IDS is a technical device while a
> photoelectronic device or a proximity device is a physical access
> control device. So my advice would be to answer as many questions and
> study as much real life scenarios as possible to be able to
> differentiate between controls based on their usage and the question
> at hand in stead of categorizing them strictly based on the book.
> Regards
>
> On Mon, Mar 15, 2010 at 7:26 PM, <twitwicki at hannaford.com> wrote:
>>
>>
>> Omar,
>> Another tip: Shon Harris has highlighted two controls which are
>> frequently mis-categorized:
>>
>> Testing is an Administrative control
>> Audit is a Technical (Logical) control.
>>
>> Also the terms Logical and Technical are equivalent when it comes to
>> categorizing controls. Would be nice if there were a standard lexicon.
>>
>> Regards, Tom
>>
>>
>> Join me on Linkedin!
>> http://www.linkedin.com/in/tomwitwicki
>>
>>
>>
>>
>>
>>
>>
>> cisspstudy-reques
>> t at cccure.org
>> Sent by: To
>> cisspstudy-bounce cisspstudy at cccure.org
>> s at cccure.org cc
>>
>> Subject
>> 03/15/2010 12:00 CISSPstudy Digest, Vol 21, Issue 18
>> PM
>>
>>
>> Please respond to
>> cisspstudy at cccure
>> .org
>>
>>
>>
>>
>>
>>
>> Send CISSPstudy mailing list submissions to
>> cisspstudy at cccure.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>> or, via email, send a message with subject or body 'help' to
>> cisspstudy-request at cccure.org
>>
>> You can reach the person managing the list at
>> cisspstudy-owner at cccure.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of CISSPstudy digest..."
>>
>>
>> Today's Topics:
>>
>> 1. Re: Access control ? (Clement Dupuis)
>> 2. Re: Access control ? (onaser525 at gmail.com)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Mon, 15 Mar 2010 00:36:33 +0000
>> From: Clement Dupuis <clement.dupuis at cccure.com>
>> To: onaser525 at gmail.com, The CISSP Study Mailing list
>> <cisspstudy at cccure.org>
>> Subject: Re: [CCCure CISSP] Access control ?
>> Message-ID:
>> <959788641003141736o384f85bbv10826cff663182f8 at mail.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Good evening,
>>
>> They will not ask such a question simply because all three types of control
>> are needed for proper security. You need to have administrative, logical,
>> and physical. They support each other.
>>
>> However when you read a question you have to attempt to grasp what is the
>> context, that will help you to come out with the proper answer.
>>
>> A good example would be Intrusion Detection system, they exist in both the
>> physical and logical world.
>>
>> Take care
>>
>> Clement
>>
>> Cl?ment Dupuis, CD
>> CISSP, GCFW, GCIA, QEH, QSA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS,
>> MBIS, MBHS, ACE
>> ----------------------------------------------------------------------------------------------
>>
>> In real life:
>> Senior Security Specialist and Instructor
>> Security University
>>>> Call me to get the best CISSP training <<
>> ----------------------------------------------------------------------------------------------
>>
>> In Cyberspace:
>> President/Security Evangelist/Chief Learning Officer (CLO)
>> The CCCure Family of Portals
>> ----------------------------------------------------------------------------------------------
>>
>> Business: 407 479 3903
>> Fax: 407 264 8396
>>
>> Maintainer of :
>> The CCCure Family of Portals
>> http://www.cccure.org
>>
>> The Professional Security Testers Warehouse
>> http://www.professionalsecuritytesters.org
>>
>> Knowledge sharing and giving back to the community
>>
>>
>> On Sat, Mar 13, 2010 at 18:15, <onaser525 at gmail.com> wrote:
>>
>>> I'm reading about physical and technical controls and in more detail
>> about
>>> network segregation and network architecture.
>>> In the Shon Harris book its says both can be carried out logical controls
>>> how would you differ if it was on a test and they ask you "which access
>>> control would be used if your protecting your network logically?" what
>> would
>>> be the right answer?
>>> They might not ask that but you never know.
>>>
>>> Thanks
>>> Omar
>>> Sent from my Verizon Wireless BlackBerry
>>>
>>> _______________________________________________
>>> CISSPstudy mailing list
>>> CISSPstudy at cccure.org
>>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100315/13c636d0/attachment-0001.html
>>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Mon, 15 Mar 2010 01:24:33 +0000
>> From: onaser525 at gmail.com
>> To: "Clement Dupuis" <clement.dupuis at cccure.com>, "The CISSP
>> Study
>> Mailing list" <cisspstudy at cccure.org>
>> Subject: Re: [CCCure CISSP] Access control ?
>> Message-ID:
>>
>> <2096680455-1268616271-cardhu_decombobulator_blackberry.rim.net-502669249- at bda398.bisx.prod.on.blackberry>
>>
>>
>> Content-Type: text/plain; charset="windows-1252"
>>
>> Thank you all for your comments! I understand it now :)
>>
>> Omar
>> Sent from my Verizon Wireless BlackBerry
>>
>> -----Original Message-----
>> From: Clement Dupuis <clement.dupuis at cccure.com>
>> Date: Mon, 15 Mar 2010 00:36:33
>> To: <onaser525 at gmail.com>; The CISSP Study Mailing
>> list<cisspstudy at cccure.org>
>> Subject: Re: [CCCure CISSP] Access control ?
>>
>> Good evening,
>>
>> They will not ask such a question simply because all three types of control
>> are needed for proper security. You need to have administrative, logical,
>> and physical. They support each other.
>>
>> However when you read a question you have to attempt to grasp what is the
>> context, that will help you to come out with the proper answer.
>>
>> A good example would be Intrusion Detection system, they exist in both the
>> physical and logical world.
>>
>> Take care
>>
>> Clement
>>
>> Cl?ment Dupuis, CD
>> CISSP, GCFW, GCIA, QEH, QSA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS,
>> MBIS, MBHS, ACE
>> ----------------------------------------------------------------------------------------------
>>
>> In real life:
>> Senior Security Specialist and Instructor
>> Security University
>>>> Call me to get the best CISSP training <<
>> ----------------------------------------------------------------------------------------------
>>
>> In Cyberspace:
>> President/Security Evangelist/Chief Learning Officer (CLO)
>> The CCCure Family of Portals
>> ----------------------------------------------------------------------------------------------
>>
>> Business: 407 479 3903
>> Fax: 407 264 8396
>>
>> Maintainer of :
>> The CCCure Family of Portals
>> http://www.cccure.org
>>
>> The Professional Security Testers Warehouse
>> http://www.professionalsecuritytesters.org
>>
>> Knowledge sharing and giving back to the community
>>
>>
>> On Sat, Mar 13, 2010 at 18:15, <onaser525 at gmail.com> wrote:
>>
>>> I'm reading about physical and technical controls and in more detail
>> about
>>> network segregation and network architecture.
>>> In the Shon Harris book its says both can be carried out logical controls
>>> how would you differ if it was on a test and they ask you "which access
>>> control would be used if your protecting your network logically?" what
>> would
>>> be the right answer?
>>> They might not ask that but you never know.
>>>
>>> Thanks
>>> Omar
>>> Sent from my Verizon Wireless BlackBerry
>>>
>>>_______________________________________________
>>> CISSPstudy mailing list
>>> CISSPstudy at cccure.org
>>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>>
>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100315/54c1acfa/attachment-0001.html
>>>
>>
>> ------------------------------
>>
>> _______________________________________________
>> CISSPstudy mailing list
>> CISSPstudy at cccure.org
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>
>>
>> End of CISSPstudy Digest, Vol 21, Issue 18
>> ******************************************
>>
>>
>>
>> _______________________________________________
>> CISSPstudy mailing list
>> CISSPstudy at cccure.org
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>
>
More information about the CISSPstudy
mailing list