0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

CISSP Study Guide: Media Viability and Physical Access Controls
By: Cybrary
December 16, 2022

Media Viability Controls: The viability of the data media can be preserved with numerous physical controls. The objective of these controls is to protect the media from damage during handling, short and long-term usage and transportation. Appropriate labeling of media is important in a system recovery process. Labels can be used to identify the type of media and any special ...

CISSP Study Guide: Desktop Vulnerabilities and Safeguards
By: Cybrary
December 16, 2022

Desktop systems contain various forms of data, some more sensitive than others. Therefore, safeguard measures to secure that data are required. Some users may have limited security awareness that the underlying architecture has to compensate for. Client systems can be gateways to critical information systems on a network. Communications hardware can also harbor vulnerable points of access into a distributed ...

CISSP Study Guide: Security Policy and Computer Architecture
By: Cybrary
December 16, 2022

A security policy is a critical component of the design and implementation of information systems. This document outlines the set of rules, practices, and procedures that specify how the system should manage, safeguard, and circulate sensitive information. Thus its objective is to educate and guide the design, development, implementation, testing and maintenance of the information system. The three most important ...

CISSP Study Guide: Using Security Mechanisms to Enhance Security
By: Cybrary
December 16, 2022

To enhance security, mechanisms should be established and implemented to control processes and applications. These mechanisms could include process isolation, protection rings, and trusted computer base (TCB). Process Isolation: Process isolation, executed by the operating system, maintains a high level of system trust by enforcing memory boundaries. Without process isolation, processes would overlap on each other’s memory space, compromising data ...

CISSP Study Guide: Information Security Models
By: Cybrary
December 16, 2022

Information security models are methods used to authenticate security policies as they are intended to provide a precise set of rules that a computer can follow to implement the fundamental security concepts, processes, and procedures contained in a security policy. These models can be abstract or intuitive. State Machine Model The state machine model refers to a system that is ...

CISSP Study Guide: Orange Book Controls
By: Cybrary
December 16, 2022

The Orange Book is one of the National Security Agency’s Rainbow Series of books on evaluating “Trusted Computer Systems”. This is the main book in the Rainbow Series and defines the Trusted Computer System Evaluation Criteria (TCSEC). The TCSEC outlines hierarchical degrees of security with the letter D being the least secure through A for the most secure. The Orange ...

CISSP Study Guide: Data Warehousing
By: Cybrary
December 16, 2022

A data warehouse is an electronic vault of data from multiple different databases that is available to users for making queries. These warehouses have been merged, integrated, and formulated so they can be used as a measurement in trend analysis and business matters. It offers a strategic view. To produce a data warehouse, data is retrieved from an operational database, ...

CISSP Study Guide: The Data Mining Process
By: Cybrary
December 16, 2022

Data mining is the process of analyzing data to identify and interpret patterns and relationships about the data. The end-result of data mining is metadata, or data about data. The patterns gleaned from the data can help organizations get a clearer perspective on their competitors and understand behavior and patterns of their customers to carry out strategic marketing. Information acquired ...

CISSP Study Guide: What is a Data Dictionary?
By: Cybrary
December 16, 2022

A data dictionary is a database for system developers. It logs all of the data structures used by an application. Sophisticated data dictionaries integrate application generators that use the data logged in the dictionary to automate some of the program production tasks. The data dictionary communicates with the DBMS, the program library, applications, and the information security system. A data ...

CISSP Study Guide: Encryption in Cryptography
By: Cybrary
December 16, 2022

Algorithms are the basis of cryptography. Encryption, a type of cryptography, refers to the mechanism of scrambling information so it cannot be deciphered or read by an unauthorized observer. An algorithm is a procedure for taking the original message, called plaintext, and using instructions combined with a message key to create a scrambled message, referred to as ciphertext. A __cryptographic ...