National Institute of Standards and Technology (NIST)*must know the ones with stars, otherwise just know general info about it.
Federal agency within the U.S. Federal standards. (Department of Commerce)
(NATIONAL STANDARDS WITHIN THE UNITED STATES, NOT INTERNATIONAL)
*Note that standards are not enough, you must go above and beyond & keep it all private, do not tell anyone.
Nist 1000
Nist 834 - deals with
contingency planning
Nist 27 - provides principles
Nist 61 - Deals with incident handling
Nist 73 - Deals with personal identification verification(AUTHENTIFICATION)
Nist 800 - 146: MEMORIZE THIS. Deals with cloud computing.
Mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life"
Provides standards for measurement and technology on which nearly all computing devices rely
Maintains the atomic clock that keeps the United States' official time
Maintains a list of standards and publications
International Organization for Standardization (ISO)**must know
Nongovernmental international organization
**NOTE THIS IS INTERNATIONAL.
ISO 17799 - OLD STANDARD AND WAS REPLACED BY ISO/IEC 27002. REMEMBER THE NEW ONE.
Created the OSI Reference model and deals with networks. ISO Gives us OSI. Top layers deal with applications like webbrowsers, 5,4,3 deal with operating system like windows 10. Layer 1/2 deals with hardware
Two international standards I must know:
ISO 27001:
ISO 27002:
Two international standards I must know ! ^
Its goal is to develop and publish international standards for nearly all industries
Is a network of 161 national standards institutes
Best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model
International Electrotechnical Commission (IEC)
Works with the ISO
Deals with electronic standards and electronics. All you need to know.
Is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes
Standards address a wide variety of
areas:
•Power generation
•Semiconductors
•Telecommunications
•Physical computer and networking hardware
Internet Engineering Task Force (IETF)
Develops and promotes Internet standards
Organization that oversees the internet with standards.
Focuses on the engineering aspects of Internet communication
Works closely with the W3C and ISO/IECIs a collection of working groups (WGs), with each group addressing a specific topic
World Wide Web Consortium (W3C)
Is the main international standards organization for the World Wide Web
Develops protocols and guidelines that unify the Web and ensure its long-term growth. Just know it is for webpages.
Provides standards for webpages, such as HTML, XML, ETC.
Standards developed or endorsed include:
•Cascading Style Sheets
(CSS)
•HyperText Markup Language (HTML)
•Simple Object Access Protocol (SOAP)
•Extensible Markup Language (XML)
Request for Comments (RFC)*MUST MEMORIZE
A document that ranges from a simple memo to several standards documents
Basically a document requesting for comments on things, what's your comment about html, etc.
Get comments for the standards/organizations.
RFC model allows input from many sources; encourages collaboration and peer review
Only some RFCs specify standards
RFCs never change
RFCs may originate with other organizations
RFCs that define formal standards have four stages:
1. Proposed Standard (PS),
2. Draft Standard (DS),
3. Standard (STD), and
4. Best Current Practice (BCP)
Institute of Electrical and Electronics Engineers (IEEE) *MUST KNOW 2 STANDARDS
Is an international nonprofit organization that focuses on developing and distributing standards that relate to electricity and electronics
Must memorize these two:
802.3: Deals with the ethernet (The general wire you use to connect to the internet, ya know the internet port. The hardware to computer. )
802.11: Wireless LAN.
Has the largest number of members of any technical professional organization in the world
Supports 39 societies that focus activities on specific technical areas, including magnetics, photonics, and computers
Provides training and educational opportunities covering a wide number of engineering topics
Standards are managed by the IEEE Standards Association (IEEE-SA)
International Telecommunication Union Telecommunication Sector (ITU-T)
Is a United Nations agency responsible for managing and promoting information and technology issues(HARDWARE!!!!)
International standards for the internet, United Nations Agency* REMEMBER THAT.
Two standards you must memorize:
X.509: The international standard by the United Nations for public key infrastructure. Certificiate of authority, public/private keys, digital signatures, etc.
X.25: The
international standard
by the United Nations for packet switching(routing things) it entails layer 3 of the OSI model. The standard for routing of packets thru the
internet system.
Performs all ITU standards work and is responsible for ensuring the efficient and effective production of standards covering all fields of telecommunications for all nations
Divides its recommendations into 26 separate series, each bearing a unique letter of the alphabet
•For example, switching and signaling recommendations are in the Q series
American National Standards Institute (ANSI)** must know on exam
Strives to ensure the safety and health of consumers and the protection of the environment. Note this is a national standard
**Began the code for computing, they created bits from characters using the English language. It became a problem when globalization happened. ANSI is not sufficient with all these diff languages.
Problem: It is designed for America/english language. A new standard replaced this that allows for different languages.
Oversees the creation, publication, and management of many standards and guidelines that directly affect businesses in nearly every sector
Is composed of government agencies, organizations, educational institutions, and individuals
Produces standards that affect nearly all aspects of IT but primarily software development and computer system operation
ETSI Cyber Security Technical Committee (TC CYBER)
Develops standards for information and communications technologies (ICT) that are commonly adopted by member countries in the European Union (EU)
Just Know that we have a special committee with standards for security of the internet.
Standards cover both wired and various wireless communication technologies
Cyber Security Technical Committee, called TC CYBER, centralizes all cybersecurity standards within ETSI committees
Standards focus on security issues related to the Internet and the business communications it transports
ISO/IEC 27002** MUST MEMORIZE!
Supersedes ISO 17799 - REPLACES IT !
International security standards for almost everything(Crypotgraphy, access control, policies, physical security, human resources security, operational security, compliance.. etc)
Directs its recommendations to management and security personnel responsible for information security management systems
Expands on its predecessor by adding two new sections and reorganizing several others
Payment Card Industry Data Security Standard (PCI DSS)
12 standards for credit card security. Required by credit card industry not by actual law though.
Chief Info Sec Officer (CISO)
-strategic
Must know
technology, planning, policy.
Business engagement
Initiatives
Align, target & time
Service delivery
Credibility
Relationship management
Must have good people skills and communication skills. Always ask WHY.
Security Manager
-tactical
Duties - policy development, risk assessment contingency planning, operational & tactical planning
Liaise -- with other managers from other
dept.
Responsible & accountable for tasks.
Security Technician
Configure firewalls & IDSs
Implement security software
Diagnose & troubleshoot problems
Coordinate with sys & net Admin
Entry-levelTechnical knowledge & skills
ISC^2 Certifications
International Information Systems Security Certification Consortium
Certified Information Systems Security Professional (CISSP)
•Pass exam and have 4-5 years of work experience
•Top Management decisions
•System Security Certified Practitioner (SSCP)
•Practices, roles, & responsibilities
SANS Certifications
System Administrator, Networking, and Security (SANS) Institute
Respected organization in security. One of their
certifications is the:
Several Global Information AssuranceCertifications (GIAC)
Give out security courses as well.
CompTIA Certifications
•Computing Technology Industry Association(Comp TIA)
•Security+Technical: How and what
This organization has taken over AITP and are industry certifications. For ex: Security+ is something they teach on the how and what.
ISO/IEC 27001
Defines the mandatory requirements for an information security management system
(ISMS).
Whereas 27002 indicates a suitable information security controls within the ISMS.
So 27001 is about Management more so, and 27002 is about details.
Certification
You have the knowledge (Proficiency)
Licensed
Permission from the govt to do something.
Accreditation
It's recognized and approved.