August 7, 2025 • 23 mins
We begin by exploring foundational security principles that drive effective system design. Threat modeling emerges as a proactive approach for identifying vulnerabilities before implementation, while least privilege ensures users have only the access they absolutely need. Defense in depth creates those crucial security layers that prevent single points of failure from becoming catastrophic breaches. The podcast clarifies how secure defaults and fail-secure mechanisms ensure systems remain protected even during unexpected circumstances.
The security models section demystifies complex concepts like Bell-LaPadula (no read up, no write down) and Biba (no read down, no write up), providing clear distinctions between these often-confused frameworks. You'll gain clarity on when and why each model applies to different security priorities—whether confidentiality in Bell-LaPadula or integrity in Biba. Other essential models covered include Clark-Wilson, Brewer-Nash (Chinese Wall), and State Machine models.
Memory protection emerges as a crucial technical component, with explanations of buffer overflows, dangling pointers, and other vulnerabilities that can compromise system integrity. The practical countermeasures discussed—Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and secure coding practices—provide actionable knowledge for preventing memory-based attacks.
The episode also highlights the NSA's recent release of "Elite Wolf," a repository of signatures and analytics for operational technology networks. This timely information underscores the growing importance of securing industrial control systems, which have historically received less security attention despite their critical nature.
Whether you're preparing for the CISSP exam or looking to strengthen your security architecture knowledge, this episode provides the structured approach and key concepts you need. Ready to master the most heavily weighted domain on the CISSP exam? Visit CISSP Cyber Training for additional resources, practice questions, and comprehensive exam preparation materials.
Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Welcome to the CISSP Cyber Training Podcast, where we
provide you the training andtools you need to pass the CISSP
exam the first time.
Hi, my name is Sean Gerber andI'm your host for this
action-packed, informativepodcast.
Join me each week as I providethe information you need to pass
the CISSP exam and grow yourcybersecurity knowledge.
(00:20):
All right, let's get started.
Let's go.
Speaker 2 (00:22):
Cybersecurity knowledge All right, let's get
started.
Hey, I'm Sean Gerber with CISSPCyber Training and today's
podcast.
We're going to be focused ondomain three of my CISSP Rapid
Review exam prep.
That's the goal is to provideyou the tools you need to pass
the CISSP exam the first timeand this exam prep.
(00:43):
It walks you through step bystep of what are the things you
need to know for each sub domainit's on domain 3.1.2 and so
forth and the ultimate goal isto give you that information
that you can, so you can pass atest.
Now this is going to be partone of two parts, and the reason
is because it's quite long and,as we get into the overall
question breakdown, per domaindomain three has around is
(01:06):
around 30% of all the questionswill come out of that from a
security, architecture andengineering standpoint.
Now, again, if you can go andget all kinds of free content
out there on the web to help youpass the CISSP and I highly
encourage it However, you can goto CISSP cyber training and
have all of it curated in onespot.
I have a ton of free stuffthat's available and more that
(01:27):
keeps coming.
All of my rapid review stuff isout there as well as all of my
CISSP questions.
So go and check it out.
There's tons of stuff.
There's also paid stuff that'sthere.
But just go check it out, seewhat you think, what you like,
and then we can go from there.
But let's just talk about beforewe get into the overall content
from Domain 3, let's just talkabout some stuff that we've seen
in the news today.
So, as in the CISSP, cyberTraining, I would like the last
(01:50):
podcast.
We talked a little bit about OTand the industrial control
environment.
We're going to have just alittle bit of a path down that
way, just a little bit right.
So we kind of bounce around alittle bit on some of the areas
within controls andcybersecurity.
But one piece that just came outof an article that was passed
to me by one of my friends atNextpeak was around the NSA
releasing a repository ofsignatures and analytics for OT.
(02:15):
Now the interesting part on allthis is this is in a GitHub
library and it gives youdifferent detection signatures
and analytics for the overall OTnetworks.
This is known as Elite Wolf andit helps defenders with
critical infrastructure anddefending the industrial base.
So this is great stuff comingout of the NSA to give you some
(02:36):
signatures to put into your SIMsto ensure that you can help
protect your OT environments.
This continues to be anattractive target by a lot of
outside entities, and I've beensaying this for years.
The OT space is laggard behindin many ways around the
protections and security, andthere's a lot of different
reasons for it, but when itcomes right down to it, these
(02:58):
will be a target in the future.
One, because it can impactpeople's lives.
Two, the amount of money that'sspent on the OT space is not
equate to the amount of moneythat's spent in other areas
within cybersecurity, and sothey're an easy target, and so I
highly recommend that, if youare a cybersecurity professional
in the OT world, go out and getas many resources as you can to
(03:21):
understand the operationaltechnology and industrial
control environments.
This is Elite Wolf.
Again, go check it out with theNSA.
You can go.
They have a press release, butif you just Google NSA and
Central Security Service andthen type in Elite Wolf, you can
now get that access on GitHub.
Go check it out.
I really recommend you do itand get some more information
(03:42):
around what is out there for you.
Okay, so let's get startedabout what we're going to talk
about today with domain three.
Okay, so this is domain 3.1,and these are some of the key
things you're going to have tokeep in mind when you're
studying for the exam.
So, threat modeling.
What is threat modeling?
This is where it identifies andprioritizes potential security
threats and vulnerabilities andyou use this model to kind of
(04:05):
help you build out what controlswould you put in place.
And this integrates securityinto the very early stages of
the system development lifecycle.
So if you're building out asystem, you want to do a threat
model on what are the potentialaspects that somebody could
target your organization throughthat system.
So you're just basically you'retaking the system that's there
(04:26):
and you're pulling it apart tofigure out how could people use
it and abuse it in a way thatcould basically gain access to
your company Least privilege.
This is where users andprocesses are granted only the
minimum necessary access rightsto perform their duties.
Again, this is the bare minimumthey need to perform their
duties and you don't want toprovide more access than they
(04:46):
should have.
And this is a problem with alot of companies they will give
too much access.
This does reduce the potentialimpact for compromise by
limiting the attacker's reachand minimizing what they can do.
Defense in depth this implementsmultiple, overlapping security
controls to protect the variousassets within your organization
and this is where you layer yourdefenses.
(05:07):
It's not just one flat network,it's actually layered in
different ways so that if theyget through one layer, they
still have another layer to go.
It's the overall castle andmoat kind of thought process.
Now this aims to createresilient security posture where
failure of one control does notlead to a breach.
And again, that's the moatconcept, where failure of one
control does not lead to abreach.
And again, that's the moatconcept.
(05:27):
Now, secure defaults this iswhere product systems and
applications are configured tobe secure, coming right out of
the box.
So when you pull them out ofthe box and you plug them in,
they work and they're secure.
That's where a secure defaultis set up.
This also minimizes the attacksurface by requiring you to have
explicit action and to reducethe overall security, which
(05:50):
means if you want to go turnsecurity off, you have to
physically go in and manually dothat.
The system doesn't come withopen all on.
It comes with more or less andthis is a bit of an exaggeration
but all closed and you then goin and you will modify the
defaults to allow you the accessyou need for these systems.
Continuing with 3.1, this isfail securely.
In the event of a system orsecurity control failure, the
system defaults to a secure ormore restrictive state.
(06:11):
Again, this helps to avoid dataexposure during potentially
unexpected issues that may popup.
But it's the goal is that whenit fails because it will it will
fail in a secure format.
It won't allow data to leavethe organization.
It won't provide data back tosomebody who might be trying to
sniff for data.
It is failing secure Separationof duties.
(06:33):
This divides into critical orsensitive tasks among multiple
individuals to prevent fraud orerror and we've talked about
this in recent podcasts as wellthat you have separation of
duties, especially for yourmoney movers, and this is where
no single person can completethe entire high-end risk process
alone.
And that just means if you'regoing to move money, then there
(06:54):
has to be two-factor control,and this would be like, say,
you're launching nuclearmissiles, you would have two
people with the keys turningthem at the same time.
Because, again, you want no oneperson to have that capability.
You want to keep it simple.
So what does this mean?
This is where simplicity indesign and implementation are so
important.
I cannot stress this enough,especially myself.
I make this mistake a lot.
(07:15):
What do I do?
I want to geek out.
I want to add a lot of coolstuff to it.
Simple is better.
My software developers thatused to work for me.
I keep trying to tell themsimple is better.
And all the extra features?
All they do is they potentiallyadd risk.
That doesn't mean you add them,you don't add them in, but you
have to have a good plan to dothat.
Complex systems are oftenharder to secure, manage and
(07:37):
understand, leading to morevulnerabilities and higher risk.
It doesn't mean you don't do it.
It just means you have to takea good thought process and
approach Always verify.
Now, this again assumes no userdevice or network segment is
inherently trustworthy, whichit's not.
I like to go with TNO trust noone.
Or even if you kind of go backto what Ronald Reagan shows how
(08:00):
old I am, it's trust but verify.
The whole point of it is is inthis fact with zero trust is you
never trust, you always verify,and this requires strict
identity verification, drydevice authentication and
authorization for each accessattempt.
Zero trust.
I'm torn on this.
I think it's a great thing, andI agree that zero trust is an
(08:21):
important factor in allbusinesses.
However, if you already have anetwork that's built and you're
not Greenfield and you're notbuilding it from scratch, that
can be very challenging, and soyou need to kind of consider
what is it going to work?
Now, when you're dealing withthe Department of Defense,
there's a lot about zero trust.
So if you're getting into thecontractor space for them, you
need to really plan out withyour CMMC certifications and
(08:44):
understanding, what does it taketo become zero trust?
Continuing with domain 3.1,privacy by design this
integrates privacy protectioninto the design and architecture
of it systems and businesspractices from the beginning.
It embeds privacy safeguardsrather than adding them as an
afterthought.
Many times it is added as anafterthought.
(09:04):
So you have to develop.
When you're creating a product,you think about privacy at the
beginning, not at the end.
This happens a lot, especiallywhen you deal with m&A type
activities with security, wheresomeone will buy a company and
then they go oh yeah, we got tothink about security, I don't
know what we're going to do,yeah, so you've got to plan for
it at the beginning.
Trust but verify.
We talked about that a littlebit again with the zero trust.
(09:26):
But you need to have a level oftrust must be established.
Continuous monitoring, aud,continuous monitoring, auditing
and validation are stillperformed.
Again, not all networks will bezero trust, so you need to
trust but verify everything andthis ensures that security
policies and expected behaviorsare consistently maintained.
That's again you, just you haveto plan for all of this shared
responsibility.
(09:47):
This is the distinct securityobligations between cloud
service providers, the csps, andits customers the cloud service
provider, the CSPs, and itscustomers.
The cloud service provider willsecure the cloud itself from an
infrastructure, but thecustomer secures the cloud in it
, basically in the cloud.
So what it comes down to is, asyou build out the cloud, you'll
have a service provider mayprovide that for you the shell,
the bones.
You, as the person who is usingtheir service, may come in and
(10:10):
then secure the inside, the gutsof it.
Again, it depends upon whatkind of product you're buying
and what you're using it for.
But typically, if you're buyingsomething that's already
pre-established from aninfrastructure standpoint, they
would take care of the securityof that.
When you go in and then youconfigure the applications that
are inside the cloud, that wouldbe on you.
But, depending upon how youprovision it, you could be
(10:32):
securing both the infrastructureand the overall applications
themselves.
So you need to make sure thatyou understand the
responsibility.
Who has the responsibility forthe infrastructure?
Who has responsibility for theapplication?
Who has responsibility for thedata?
Okay, moving on to domain 3.2.
We're dealing with understandingthe fundamentals and concepts
(10:52):
of the various security models.
So we have the state machinemodel.
Okay, so the state machinemodel defines a system in terms
of states and transitionsbetween those states, so not us
country states or us states.
It is the state of the system.
The system is considered secureif it is all reachable states
are secure states and alltransitions maintain your
(11:16):
security.
So it's just basically that is.
Their model is that you musthave the states and transitions
between those between going fromone to the other is secure.
Now the information flow model.
This focuses on how informationmoves from the system and
prevents unauthorized flowbetween security levels.
If you have a security levelhere and a security level there,
you have two different ones andthey are different in what they
(11:36):
are protecting.
The data that moves fromsystems to systems must be
authorized and in many cases youwould not have data moving from
one system to the next becauseyou want to ensure that the data
that stays in one systemmaintains security and the other
one is secure in itself.
A good example of this is youhave top secret and secret
systems.
Information from a secret to atop secret system isn't
(11:58):
automatic.
They is it's basically you.
If you were going to move dataout of a top secret into a
secret so that's basicallytaking them out you would have a
process by which you woulddeclassify or you would reduce
the classification of one systemto another.
So it's there has to be a goodprotection between both of those
specific instancesnon-interference model.
(12:22):
This ensures that actions areperformed at one security level,
do not influence or provideinformation about the actions at
a higher or different securitylevel.
Again, it basically you don'twant one to give you inputs on
the other and it ultimately whatit don't want one to give you
inputs on the other.
And ultimately what it means isit means that the inputs from
the high security subjectsshould not affect outputs
observable by low securitysubjects.
(12:42):
We did this in the military alot, where you would have I
would get unclassifiedinformation and I would be able
to build a classified picturebecause I had enough
unclassified information, Icould actually understand what
they're trying to accomplishfrom a larger standpoint.
Now take grant model this is adiscretionary access control
model that represents as a graph, this is where subjects and
objects are nodes and the rightsare the edges.
(13:05):
So basically it defines rulesto take, grant, create, remove.
All of those are rights thatcan be transferred or created.
And that is the take or grantmodel.
Access control matrix this is afundamental concept that
represents permissions in atable format.
So you might have rows will besubjects, columns represent
(13:25):
objects and in there they willindicate who has access to what,
what systems have access tocertain kinds of data, and that
is just basically the accesscontrol matrix.
All of these will determinewhat is indicated within the
cells which will allow accessrights.
Now the Bellaputa model.
This focuses on confidentialityand preventing unauthorized
(13:47):
disclosure of information.
It basically enforces a no readup and a no write down.
So the point of it is is thatit's a security process where
you cannot read up into a higherclassified system and you
cannot write down, from asecurity standpoint as well.
The Biba model this primarilyfocuses on integrity and
(14:07):
preventing unauthorizedmodifications of information.
It enforces a no read downmodel, simply, and then it has a
no write up policy.
So if you think about it thatway, the Bell Laputa is no read
up, the Biba is no read down,they're the opposites on that
end.
And then the same goes for thewrite down and no write up.
(14:28):
Clark-wilson model thisintegrity model designed for
commercial environments,emphasizing on well-formed
transactions and separation ofduties, and the point of it is
is that they use constraineddata items, or CDIs, and
unconstrained data items UDIs,with transformational procedures
to ensure you have dataintegrity.
And the bottom line on this isthat it's designed so that you
(14:50):
well-formed transactions betweendifferent entities and there
are separation of dutiesincluded within it.
The Brewer Nash model this isthe Chinese wall model.
It's designed to preventconflicts of interest,
particularly in the financial orlegal sectors, and it's subject
to access information on onedata set with the conflict of
interest class, but cannotaccess any other data sets with
(15:12):
the same class.
The guggen messenger model thisfocuses on the integrity by
defining a predefined accessrules and well-formed
transactions.
It ensures that only authorizedoperations can change the state
of the system and it obviouslymaintains the integrity of that
system.
The Sutherland model this is anintegrity model that focuses on
preventing inference.
(15:33):
And Sutherland model.
It's an integrity model thatfocuses on preventing inference
or derivation of unauthorizedinformation.
It aims to prevent systems fromreaching an insecure state by
controlling how dependenciesbetween the objects are managed.
The Graham-Denny model this isa foundational model for
representing and analyzingprotection systems.
(15:56):
It defines a set of basicrights such as create, delete,
read, write, grant and transfer.
Then there's theHarrison-Russo-Ullman model, hru
model this is for accesscontrol matrix that analyze the
safety problem, determine if asubject can ever gain an
unauthorized right to an object.
It does have theoretical limitsdeciding which system can reach
(16:19):
an insecure state.
Domain 3.3, security controlsbased upon security requirements
.
So common criteria this is aninternational standard,
basically around evaluatingsecurity properties of IT
products and systems, and itdoes provide a structured
methodology for specificallyanalyzing security functional
(16:41):
requirements, or SFRs, andsecurity assurance requirements.
You will see common criteria inmany different forms when you
are working within the securityspace.
Authorization to operate, orATO this is a declaration by the
designated approval authority,so you'll be an individual
within your organization that aninformation system is approved
(17:02):
to operate in a specificenvironment.
This is one that's more used inhighly regulated environments.
It's granted aftercomprehensive security
assessment and confirms thesystem can meet acceptable risk
levels.
And again, more in thefinancial sector or in areas
that are highly regulated.
Common control authorizationthis refers to security controls
that are inherent by multipleinformation systems or
(17:24):
applications within anorganization.
These controls are typicallymanaged and accessed once.
Regarding the redundant effortsacross various other systems.
Common control authorizationthis refers to security controls
that are inherited by multipleinformation systems or
applications within anorganization.
These controls are typicallymanaged and assessed once,
(17:47):
reducing the redundant effortsacross these systems.
So there's just basically,they're inherited from various
applications to others.
Authorization to use often isused in conjunction with the ATO
right, so your ATO will say,yes, you can do it, and this is
specifically granting individualusers or groups permissions to
access and utilize systems thathas received an ATO, an
(18:08):
authorization to operate.
It focuses on user level accessand also the documentation that
goes with that.
Denial of authorization occurswhen a system or component fails
to meet the required securityposture or risk tolerance during
an assessment, and thisindicates when the system cannot
be deployed or operated untilidentified security deficiencies
are remediated.
Domain 3.4, understand thesecurity capabilities of
(18:32):
information systems, and thisincludes TPMs encryption and
decryption Memory protectionmechanisms that prevent
processes from accessing memoryareas not allocated to them.
It's crucial for preventingunauthorized access, code
injection and system crashes.
You want to make sure that yourmemory that's inside your
systems are protected frompotential hacks or just the fact
(18:53):
that they're not properly setup and therefore they have too
much.
If something happens to them,they can crash and cause data
loss.
Memory vulnerabilities youinclude buffer overflow, which
is writing more data to a bufferthan it can hold.
Dangling pointer or use afterfree this is accessing memory
after it's been deallocated.
Again, you may run into someissues where you get bad memory
(19:16):
and then it causes more issueswith your systems.
Memory leaks these are failureto release memory that is no
longer needed, leading forperformance degradation and
potential system instability.
And then race conditions thisis where multiple processes are
accessing and modifying a sharedmemory concurrently and leading
to unexpected results.
Virtualization this allowsmultiple virtual machines to run
(19:38):
on a single physical host.
Hypervisors.
They manage and isolate virtualmemory and they also are
vulnerabilities in thehypervisor that can impact all
VMs.
If you take over one hypervisor, you can potentially take over
many VMs.
The hypervisor is whereeverything sits.
Trusted platform module this isa secure crypto processor on
the motherboard and it storescryptographic keys and performs
(19:59):
integrity checks.
We talked about TPM in variouscountries and the importance of
having TPM enabled.
It's used for secure bootprocesses, verifies the
integrity and system memory andloaded components before the
operating system startup.
Memory of interfaces, thehardware and the software
components that allow the CPUand other devices to read from
(20:19):
and write to memory.
This is a secure design ofthese interfaces to ensure that
they don't allow unauthorizedaccess or manipulation of the
data, so you need to make sureany data going in and coming out
is not being affected.
Fault tolerance this is theability for a system to continue
operating without interruptionin the event of a component
failure.
This includes memory throughachieving through ECC, which is
(20:41):
error correcting code, whichwill correct the issues that you
may find, raid for storage orredundant memory modules.
Again, you want to build in andyou probably not, you're not
doing this, but the systems thatyou buy you want to have some
level of built-in faulttolerance related to data
control, encryption anddecryption.
Obviously, encryption isprotecting the data at rest in
memory and data in use by makingit unreadable because of the
(21:04):
fact that it has a key.
Unless you have the decryptionkey.
The decryption is a process ofconverting the encryption back
to its original readable formand state.
It is used to protect sensitiveinformation from being read if
the memory is potentiallycompromised.
Overall, that's what you wantto do by doing this entire
process.
Encryption and decryption is animportant part of all security
(21:24):
programs.
Memory protection bestpractices.
You have secure coding.
This implements practices likeinput validation, which is
minimizing what inputs can beput into a box, a line item in
your memory or in your web form,or whatever it might be.
Bounce checking to preventbuffer overflows.
And then you have dataexecution prevention, or DEP, or
no execute bit and X this ismarking memory regions as
(21:48):
non-executable to prevent anysort of malicious code from
running in those specific areas.
Address Space LayoutRandomization, or ASLR this is
randomizing memory addresses ofkey data areas to make it harder
for attackers to predictlocations of exploits.
And then memory-safe languagesthis is using programming
languages that inherentlyprevent common memory errors.
(22:09):
Regular patching obviously isan important part in maintaining
your memory protection bestpractices.
Again, keeping operatingsystems and applications updated
helps fix or address issues youmay run into with these various
systems.
So, again, secure coding, dataexecution prevention, address
space layout, randomization,memory, safe languages and
(22:30):
regular patching.
You'll see more about DEP andASLR, especially on the CISP.
Thanks so much for joining metoday.
This was part one of Domain 3'sRapid Review.
You can expect next week or thenext episode will be part two
of Domain 3's Rapid Review.
You can get all of this contentat CISSP Cyber Training.
(22:50):
Head on over there.
You get access to all of mypodcasts.
You can get access to over1,500 CISSP questions.
There's all kinds of contentthat's available for you at
CISSP Cyber Training Tons.
If you really want to get theCISSP and you want to learn it,
it will walk you through step bystep by step on what you need
to know to pass the exam.
So head on over to CISSP CyberTraining.
(23:13):
Thanks so much again forjoining me.
Have a wonderful day and wewill catch you on the flip side,
see ya.
Thanks so much for joining metoday on my podcast.
If you like what you heard,please leave a review on iTunes,
as I would greatly appreciateyour feedback.
Also, check out my videos thatare on YouTube and just head to
my channel at CISSP CyberTraining and you will find a
plethora or a cornucopia ofcontent to help you pass the
(23:35):
CISSP exam the first time.
Lastly, head to CISSP CyberTraining and sign up for 360
free CISSP questions to help youin your CISSP journey.
Thanks again for listening.
Welcome to the CISSP Cyber Training Podcast, where we
provide you the training andtools you need to pass the CISSP
exam the first time.
Hi, my name is Sean Gerber andI'm your host for this
action-packed, informativepodcast.
Join me each week as I providethe information you need to pass
the CISSP exam and grow yourcybersecurity knowledge.
(00:20):
All right, let's get started.
Let's go.
Speaker 2 (00:22):
Cybersecurity knowledge All right, let's get
started.
Hey, I'm Sean Gerber with CISSPCyber Training and today's
podcast.
We're going to be focused ondomain three of my CISSP Rapid
Review exam prep.
That's the goal is to provideyou the tools you need to pass
the CISSP exam the first timeand this exam prep.
(00:43):
It walks you through step bystep of what are the things you
need to know for each sub domainit's on domain 3.1.2 and so
forth and the ultimate goal isto give you that information
that you can, so you can pass atest.
Now this is going to be partone of two parts, and the reason
is because it's quite long and,as we get into the overall
question breakdown, per domaindomain three has around is
(01:06):
around 30% of all the questionswill come out of that from a
security, architecture andengineering standpoint.
Now, again, if you can go andget all kinds of free content
out there on the web to help youpass the CISSP and I highly
encourage it However, you can goto CISSP cyber training and
have all of it curated in onespot.
I have a ton of free stuffthat's available and more that
(01:27):
keeps coming.
All of my rapid review stuff isout there as well as all of my
CISSP questions.
So go and check it out.
There's tons of stuff.
There's also paid stuff that'sthere.
But just go check it out, seewhat you think, what you like,
and then we can go from there.
But let's just talk about beforewe get into the overall content
from Domain 3, let's just talkabout some stuff that we've seen
in the news today.
So, as in the CISSP, cyberTraining, I would like the last
(01:50):
podcast.
We talked a little bit about OTand the industrial control
environment.
We're going to have just alittle bit of a path down that
way, just a little bit right.
So we kind of bounce around alittle bit on some of the areas
within controls andcybersecurity.
But one piece that just came outof an article that was passed
to me by one of my friends atNextpeak was around the NSA
releasing a repository ofsignatures and analytics for OT.
(02:15):
Now the interesting part on allthis is this is in a GitHub
library and it gives youdifferent detection signatures
and analytics for the overall OTnetworks.
This is known as Elite Wolf andit helps defenders with
critical infrastructure anddefending the industrial base.
So this is great stuff comingout of the NSA to give you some
(02:36):
signatures to put into your SIMsto ensure that you can help
protect your OT environments.
This continues to be anattractive target by a lot of
outside entities, and I've beensaying this for years.
The OT space is laggard behindin many ways around the
protections and security, andthere's a lot of different
reasons for it, but when itcomes right down to it, these
(02:58):
will be a target in the future.
One, because it can impactpeople's lives.
Two, the amount of money that'sspent on the OT space is not
equate to the amount of moneythat's spent in other areas
within cybersecurity, and sothey're an easy target, and so I
highly recommend that, if youare a cybersecurity professional
in the OT world, go out and getas many resources as you can to
(03:21):
understand the operationaltechnology and industrial
control environments.
This is Elite Wolf.
Again, go check it out with theNSA.
You can go.
They have a press release, butif you just Google NSA and
Central Security Service andthen type in Elite Wolf, you can
now get that access on GitHub.
Go check it out.
I really recommend you do itand get some more information
(03:42):
around what is out there for you.
Okay, so let's get startedabout what we're going to talk
about today with domain three.
Okay, so this is domain 3.1,and these are some of the key
things you're going to have tokeep in mind when you're
studying for the exam.
So, threat modeling.
What is threat modeling?
This is where it identifies andprioritizes potential security
threats and vulnerabilities andyou use this model to kind of
(04:05):
help you build out what controlswould you put in place.
And this integrates securityinto the very early stages of
the system development lifecycle.
So if you're building out asystem, you want to do a threat
model on what are the potentialaspects that somebody could
target your organization throughthat system.
So you're just basically you'retaking the system that's there
(04:26):
and you're pulling it apart tofigure out how could people use
it and abuse it in a way thatcould basically gain access to
your company Least privilege.
This is where users andprocesses are granted only the
minimum necessary access rightsto perform their duties.
Again, this is the bare minimumthey need to perform their
duties and you don't want toprovide more access than they
(04:46):
should have.
And this is a problem with alot of companies they will give
too much access.
This does reduce the potentialimpact for compromise by
limiting the attacker's reachand minimizing what they can do.
Defense in depth this implementsmultiple, overlapping security
controls to protect the variousassets within your organization
and this is where you layer yourdefenses.
(05:07):
It's not just one flat network,it's actually layered in
different ways so that if theyget through one layer, they
still have another layer to go.
It's the overall castle andmoat kind of thought process.
Now this aims to createresilient security posture where
failure of one control does notlead to a breach.
And again, that's the moatconcept, where failure of one
control does not lead to abreach.
And again, that's the moatconcept.
(05:27):
Now, secure defaults this iswhere product systems and
applications are configured tobe secure, coming right out of
the box.
So when you pull them out ofthe box and you plug them in,
they work and they're secure.
That's where a secure defaultis set up.
This also minimizes the attacksurface by requiring you to have
explicit action and to reducethe overall security, which
(05:50):
means if you want to go turnsecurity off, you have to
physically go in and manually dothat.
The system doesn't come withopen all on.
It comes with more or less andthis is a bit of an exaggeration
but all closed and you then goin and you will modify the
defaults to allow you the accessyou need for these systems.
Continuing with 3.1, this isfail securely.
In the event of a system orsecurity control failure, the
system defaults to a secure ormore restrictive state.
(06:11):
Again, this helps to avoid dataexposure during potentially
unexpected issues that may popup.
But it's the goal is that whenit fails because it will it will
fail in a secure format.
It won't allow data to leavethe organization.
It won't provide data back tosomebody who might be trying to
sniff for data.
It is failing secure Separationof duties.
(06:33):
This divides into critical orsensitive tasks among multiple
individuals to prevent fraud orerror and we've talked about
this in recent podcasts as wellthat you have separation of
duties, especially for yourmoney movers, and this is where
no single person can completethe entire high-end risk process
alone.
And that just means if you'regoing to move money, then there
(06:54):
has to be two-factor control,and this would be like, say,
you're launching nuclearmissiles, you would have two
people with the keys turningthem at the same time.
Because, again, you want no oneperson to have that capability.
You want to keep it simple.
So what does this mean?
This is where simplicity indesign and implementation are so
important.
I cannot stress this enough,especially myself.
I make this mistake a lot.
(07:15):
What do I do?
I want to geek out.
I want to add a lot of coolstuff to it.
Simple is better.
My software developers thatused to work for me.
I keep trying to tell themsimple is better.
And all the extra features?
All they do is they potentiallyadd risk.
That doesn't mean you add them,you don't add them in, but you
have to have a good plan to dothat.
Complex systems are oftenharder to secure, manage and
(07:37):
understand, leading to morevulnerabilities and higher risk.
It doesn't mean you don't do it.
It just means you have to takea good thought process and
approach Always verify.
Now, this again assumes no userdevice or network segment is
inherently trustworthy, whichit's not.
I like to go with TNO trust noone.
Or even if you kind of go backto what Ronald Reagan shows how
(08:00):
old I am, it's trust but verify.
The whole point of it is is inthis fact with zero trust is you
never trust, you always verify,and this requires strict
identity verification, drydevice authentication and
authorization for each accessattempt.
Zero trust.
I'm torn on this.
I think it's a great thing, andI agree that zero trust is an
(08:21):
important factor in allbusinesses.
However, if you already have anetwork that's built and you're
not Greenfield and you're notbuilding it from scratch, that
can be very challenging, and soyou need to kind of consider
what is it going to work?
Now, when you're dealing withthe Department of Defense,
there's a lot about zero trust.
So if you're getting into thecontractor space for them, you
need to really plan out withyour CMMC certifications and
(08:44):
understanding, what does it taketo become zero trust?
Continuing with domain 3.1,privacy by design this
integrates privacy protectioninto the design and architecture
of it systems and businesspractices from the beginning.
It embeds privacy safeguardsrather than adding them as an
afterthought.
Many times it is added as anafterthought.
(09:04):
So you have to develop.
When you're creating a product,you think about privacy at the
beginning, not at the end.
This happens a lot, especiallywhen you deal with m&A type
activities with security, wheresomeone will buy a company and
then they go oh yeah, we got tothink about security, I don't
know what we're going to do,yeah, so you've got to plan for
it at the beginning.
Trust but verify.
We talked about that a littlebit again with the zero trust.
(09:26):
But you need to have a level oftrust must be established.
Continuous monitoring, aud,continuous monitoring, auditing
and validation are stillperformed.
Again, not all networks will bezero trust, so you need to
trust but verify everything andthis ensures that security
policies and expected behaviorsare consistently maintained.
That's again you, just you haveto plan for all of this shared
responsibility.
(09:47):
This is the distinct securityobligations between cloud
service providers, the csps, andits customers the cloud service
provider, the CSPs, and itscustomers.
The cloud service provider willsecure the cloud itself from an
infrastructure, but thecustomer secures the cloud in it
, basically in the cloud.
So what it comes down to is, asyou build out the cloud, you'll
have a service provider mayprovide that for you the shell,
the bones.
You, as the person who is usingtheir service, may come in and
(10:10):
then secure the inside, the gutsof it.
Again, it depends upon whatkind of product you're buying
and what you're using it for.
But typically, if you're buyingsomething that's already
pre-established from aninfrastructure standpoint, they
would take care of the securityof that.
When you go in and then youconfigure the applications that
are inside the cloud, that wouldbe on you.
But, depending upon how youprovision it, you could be
(10:32):
securing both the infrastructureand the overall applications
themselves.
So you need to make sure thatyou understand the
responsibility.
Who has the responsibility forthe infrastructure?
Who has responsibility for theapplication?
Who has responsibility for thedata?
Okay, moving on to domain 3.2.
We're dealing with understandingthe fundamentals and concepts
(10:52):
of the various security models.
So we have the state machinemodel.
Okay, so the state machinemodel defines a system in terms
of states and transitionsbetween those states, so not us
country states or us states.
It is the state of the system.
The system is considered secureif it is all reachable states
are secure states and alltransitions maintain your
(11:16):
security.
So it's just basically that is.
Their model is that you musthave the states and transitions
between those between going fromone to the other is secure.
Now the information flow model.
This focuses on how informationmoves from the system and
prevents unauthorized flowbetween security levels.
If you have a security levelhere and a security level there,
you have two different ones andthey are different in what they
(11:36):
are protecting.
The data that moves fromsystems to systems must be
authorized and in many cases youwould not have data moving from
one system to the next becauseyou want to ensure that the data
that stays in one systemmaintains security and the other
one is secure in itself.
A good example of this is youhave top secret and secret
systems.
Information from a secret to atop secret system isn't
(11:58):
automatic.
They is it's basically you.
If you were going to move dataout of a top secret into a
secret so that's basicallytaking them out you would have a
process by which you woulddeclassify or you would reduce
the classification of one systemto another.
So it's there has to be a goodprotection between both of those
specific instancesnon-interference model.
(12:22):
This ensures that actions areperformed at one security level,
do not influence or provideinformation about the actions at
a higher or different securitylevel.
Again, it basically you don'twant one to give you inputs on
the other and it ultimately whatit don't want one to give you
inputs on the other.
And ultimately what it means isit means that the inputs from
the high security subjectsshould not affect outputs
observable by low securitysubjects.
(12:42):
We did this in the military alot, where you would have I
would get unclassifiedinformation and I would be able
to build a classified picturebecause I had enough
unclassified information, Icould actually understand what
they're trying to accomplishfrom a larger standpoint.
Now take grant model this is adiscretionary access control
model that represents as a graph, this is where subjects and
objects are nodes and the rightsare the edges.
(13:05):
So basically it defines rulesto take, grant, create, remove.
All of those are rights thatcan be transferred or created.
And that is the take or grantmodel.
Access control matrix this is afundamental concept that
represents permissions in atable format.
So you might have rows will besubjects, columns represent
(13:25):
objects and in there they willindicate who has access to what,
what systems have access tocertain kinds of data, and that
is just basically the accesscontrol matrix.
All of these will determinewhat is indicated within the
cells which will allow accessrights.
Now the Bellaputa model.
This focuses on confidentialityand preventing unauthorized
(13:47):
disclosure of information.
It basically enforces a no readup and a no write down.
So the point of it is is thatit's a security process where
you cannot read up into a higherclassified system and you
cannot write down, from asecurity standpoint as well.
The Biba model this primarilyfocuses on integrity and
(14:07):
preventing unauthorizedmodifications of information.
It enforces a no read downmodel, simply, and then it has a
no write up policy.
So if you think about it thatway, the Bell Laputa is no read
up, the Biba is no read down,they're the opposites on that
end.
And then the same goes for thewrite down and no write up.
(14:28):
Clark-wilson model thisintegrity model designed for
commercial environments,emphasizing on well-formed
transactions and separation ofduties, and the point of it is
is that they use constraineddata items, or CDIs, and
unconstrained data items UDIs,with transformational procedures
to ensure you have dataintegrity.
And the bottom line on this isthat it's designed so that you
(14:50):
well-formed transactions betweendifferent entities and there
are separation of dutiesincluded within it.
The Brewer Nash model this isthe Chinese wall model.
It's designed to preventconflicts of interest,
particularly in the financial orlegal sectors, and it's subject
to access information on onedata set with the conflict of
interest class, but cannotaccess any other data sets with
(15:12):
the same class.
The guggen messenger model thisfocuses on the integrity by
defining a predefined accessrules and well-formed
transactions.
It ensures that only authorizedoperations can change the state
of the system and it obviouslymaintains the integrity of that
system.
The Sutherland model this is anintegrity model that focuses on
preventing inference.
(15:33):
And Sutherland model.
It's an integrity model thatfocuses on preventing inference
or derivation of unauthorizedinformation.
It aims to prevent systems fromreaching an insecure state by
controlling how dependenciesbetween the objects are managed.
The Graham-Denny model this isa foundational model for
representing and analyzingprotection systems.
(15:56):
It defines a set of basicrights such as create, delete,
read, write, grant and transfer.
Then there's theHarrison-Russo-Ullman model, hru
model this is for accesscontrol matrix that analyze the
safety problem, determine if asubject can ever gain an
unauthorized right to an object.
It does have theoretical limitsdeciding which system can reach
(16:19):
an insecure state.
Domain 3.3, security controlsbased upon security requirements
.
So common criteria this is aninternational standard,
basically around evaluatingsecurity properties of IT
products and systems, and itdoes provide a structured
methodology for specificallyanalyzing security functional
(16:41):
requirements, or SFRs, andsecurity assurance requirements.
You will see common criteria inmany different forms when you
are working within the securityspace.
Authorization to operate, orATO this is a declaration by the
designated approval authority,so you'll be an individual
within your organization that aninformation system is approved
(17:02):
to operate in a specificenvironment.
This is one that's more used inhighly regulated environments.
It's granted aftercomprehensive security
assessment and confirms thesystem can meet acceptable risk
levels.
And again, more in thefinancial sector or in areas
that are highly regulated.
Common control authorizationthis refers to security controls
that are inherent by multipleinformation systems or
(17:24):
applications within anorganization.
These controls are typicallymanaged and accessed once.
Regarding the redundant effortsacross various other systems.
Common control authorizationthis refers to security controls
that are inherited by multipleinformation systems or
applications within anorganization.
These controls are typicallymanaged and assessed once,
(17:47):
reducing the redundant effortsacross these systems.
So there's just basically,they're inherited from various
applications to others.
Authorization to use often isused in conjunction with the ATO
right, so your ATO will say,yes, you can do it, and this is
specifically granting individualusers or groups permissions to
access and utilize systems thathas received an ATO, an
(18:08):
authorization to operate.
It focuses on user level accessand also the documentation that
goes with that.
Denial of authorization occurswhen a system or component fails
to meet the required securityposture or risk tolerance during
an assessment, and thisindicates when the system cannot
be deployed or operated untilidentified security deficiencies
are remediated.
Domain 3.4, understand thesecurity capabilities of
(18:32):
information systems, and thisincludes TPMs encryption and
decryption Memory protectionmechanisms that prevent
processes from accessing memoryareas not allocated to them.
It's crucial for preventingunauthorized access, code
injection and system crashes.
You want to make sure that yourmemory that's inside your
systems are protected frompotential hacks or just the fact
(18:53):
that they're not properly setup and therefore they have too
much.
If something happens to them,they can crash and cause data
loss.
Memory vulnerabilities youinclude buffer overflow, which
is writing more data to a bufferthan it can hold.
Dangling pointer or use afterfree this is accessing memory
after it's been deallocated.
Again, you may run into someissues where you get bad memory
(19:16):
and then it causes more issueswith your systems.
Memory leaks these are failureto release memory that is no
longer needed, leading forperformance degradation and
potential system instability.
And then race conditions thisis where multiple processes are
accessing and modifying a sharedmemory concurrently and leading
to unexpected results.
Virtualization this allowsmultiple virtual machines to run
(19:38):
on a single physical host.
Hypervisors.
They manage and isolate virtualmemory and they also are
vulnerabilities in thehypervisor that can impact all
VMs.
If you take over one hypervisor, you can potentially take over
many VMs.
The hypervisor is whereeverything sits.
Trusted platform module this isa secure crypto processor on
the motherboard and it storescryptographic keys and performs
(19:59):
integrity checks.
We talked about TPM in variouscountries and the importance of
having TPM enabled.
It's used for secure bootprocesses, verifies the
integrity and system memory andloaded components before the
operating system startup.
Memory of interfaces, thehardware and the software
components that allow the CPUand other devices to read from
(20:19):
and write to memory.
This is a secure design ofthese interfaces to ensure that
they don't allow unauthorizedaccess or manipulation of the
data, so you need to make sureany data going in and coming out
is not being affected.
Fault tolerance this is theability for a system to continue
operating without interruptionin the event of a component
failure.
This includes memory throughachieving through ECC, which is
(20:41):
error correcting code, whichwill correct the issues that you
may find, raid for storage orredundant memory modules.
Again, you want to build in andyou probably not, you're not
doing this, but the systems thatyou buy you want to have some
level of built-in faulttolerance related to data
control, encryption anddecryption.
Obviously, encryption isprotecting the data at rest in
memory and data in use by makingit unreadable because of the
(21:04):
fact that it has a key.
Unless you have the decryptionkey.
The decryption is a process ofconverting the encryption back
to its original readable formand state.
It is used to protect sensitiveinformation from being read if
the memory is potentiallycompromised.
Overall, that's what you wantto do by doing this entire
process.
Encryption and decryption is animportant part of all security
(21:24):
programs.
Memory protection bestpractices.
You have secure coding.
This implements practices likeinput validation, which is
minimizing what inputs can beput into a box, a line item in
your memory or in your web form,or whatever it might be.
Bounce checking to preventbuffer overflows.
And then you have dataexecution prevention, or DEP, or
no execute bit and X this ismarking memory regions as
(21:48):
non-executable to prevent anysort of malicious code from
running in those specific areas.
Address Space LayoutRandomization, or ASLR this is
randomizing memory addresses ofkey data areas to make it harder
for attackers to predictlocations of exploits.
And then memory-safe languagesthis is using programming
languages that inherentlyprevent common memory errors.
(22:09):
Regular patching obviously isan important part in maintaining
your memory protection bestpractices.
Again, keeping operatingsystems and applications updated
helps fix or address issues youmay run into with these various
systems.
So, again, secure coding, dataexecution prevention, address
space layout, randomization,memory, safe languages and
(22:30):
regular patching.
You'll see more about DEP andASLR, especially on the CISP.
Thanks so much for joining metoday.
This was part one of Domain 3'sRapid Review.
You can expect next week or thenext episode will be part two
of Domain 3's Rapid Review.
You can get all of this contentat CISSP Cyber Training.
(22:50):
Head on over there.
You get access to all of mypodcasts.
You can get access to over1,500 CISSP questions.
There's all kinds of contentthat's available for you at
CISSP Cyber Training Tons.
If you really want to get theCISSP and you want to learn it,
it will walk you through step bystep by step on what you need
to know to pass the exam.
So head on over to CISSP CyberTraining.
(23:13):
Thanks so much again forjoining me.
Have a wonderful day and wewill catch you on the flip side,
see ya.
Thanks so much for joining metoday on my podcast.
If you like what you heard,please leave a review on iTunes,
as I would greatly appreciateyour feedback.
Also, check out my videos thatare on YouTube and just head to
my channel at CISSP CyberTraining and you will find a
plethora or a cornucopia ofcontent to help you pass the
(23:35):
CISSP exam the first time.
Lastly, head to CISSP CyberTraining and sign up for 360
free CISSP questions to help youin your CISSP journey.
Thanks again for listening.
Popular Podcasts
New Heights with Jason & Travis Kelce
Football’s funniest family duo — Jason Kelce of the Philadelphia Eagles and Travis Kelce of the Kansas City Chiefs — team up to provide next-level access to life in the league as it unfolds. The two brothers and Super Bowl champions drop weekly insights about the weekly slate of games and share their INSIDE perspectives on trending NFL news and sports headlines. They also endlessly rag on each other as brothers do, chat the latest in pop culture and welcome some very popular and well-known friends to chat with them. Check out new episodes every Wednesday. Follow New Heights on the Wondery App, YouTube or wherever you get your podcasts. You can listen to new episodes early and ad-free, and get exclusive content on Wondery+. Join Wondery+ in the Wondery App, Apple Podcasts or Spotify. And join our new membership for a unique fan experience by going to the New Heights YouTube channel now!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!