CISSP Study Guide CERTIFICATION TRAINING John Sisler DATASAGE INC | 321 COMMONS WALK CIR CARY NC 27519 CISSP Study GuideCISSP Study Guide Contents Chapter 1 – Taking the Exam ......................................................................................................................................................... 10 Chapter 2 - Cryptography .............................................................................................................................................................. 10 Cryptography Concepts ............................................................................................................................................................. 10 Cryptography History ................................................................................................................................................................ 11 Cryptosystem Features.............................................................................................................................................................. 12 Encryption Systems ................................................................................................................................................................... 13 Substitution Ciphers .................................................................................................................................................................. 14 Symmetric Algorithms ............................................................................................................................................................... 15 5 Modes of DES ...................................................................................................................................................................... 16 Triple DES (3DES) ................................................................................................................................................................... 18 Advanced Encryption Standard (AES) .................................................................................................................................... 18 International Data Encryption Algorithm (IDEA) ................................................................................................................... 18 Skipjack .................................................................................................................................................................................. 18 Blowfish ................................................................................................................................................................................. 18 Twofish .................................................................................................................................................................................. 18 RC4 or ARC4 ........................................................................................................................................................................... 18 RC5 ......................................................................................................................................................................................... 18 RC6 ......................................................................................................................................................................................... 19 CAST ....................................................................................................................................................................................... 19 Asymmetric Algorithms ............................................................................................................................................................. 19 Diffie-Hellman ........................................................................................................................................................................ 19 Key Agreement Process ......................................................................................................................................................... 19 RSA ......................................................................................................................................................................................... 19 El Gamal ................................................................................................................................................................................. 19 Elliptic Curve Cryptosystem (ECC) ......................................................................................................................................... 20 Knapsack ................................................................................................................................................................................ 20 Zero Knowledge Proof ........................................................................................................................................................... 20 Message Integrity ...................................................................................................................................................................... 20 Hash Functions ...................................................................................................................................................................... 20 Message Digest Algorithms ................................................................................................................................................... 20 Digital Signatures ....................................................................................................................................................................... 21 Public Key Infrastructure (PKI) ............................................................................................................................................... 22 Key Management .................................................................................................................................................................. 23 Page 1 of 125 CISSP Study Guide CISSP Study GuideCISSP Study Guide Trusted Platform Module .......................................................................................................................................................... 24 Encryption Communication Levels ............................................................................................................................................ 25 Link Encryption ...................................................................................................................................................................... 25 End-to-End Encryption........................................................................................................................................................... 25 Email Security ............................................................................................................................................................................ 25 Internet Security ........................................................................................................................................................................ 26 Cryptography Attacks ................................................................................................................................................................ 27 Chapter 3 – Physical Security ........................................................................................................................................................ 29 Threat Mitigation Techniques ................................................................................................................................................... 29 Geographical Man Made and Political Threats ......................................................................................................................... 29 Natural Threats and Mitigation ............................................................................................................................................. 29 Communications .................................................................................................................................................................... 29 Man-Made Threats ................................................................................................................................................................ 29 Site and Facility Design .............................................................................................................................................................. 30 Layered Defense Model ......................................................................................................................................................... 30 Crime Prevention Through Environmental Design (CPTED) .................................................................................................. 30 Physical Security Plan Goals .................................................................................................................................................. 31 Facility Selection Issues ......................................................................................................................................................... 31 Computer and Equipment Rooms ........................................................................................................................................