Security Managment
Security Operations
Incidents
Response
SOAR
Monitor
Synthetic
Passive
Logs
Configuration and system managment
Antimalware
IDS / IPS
Asset managment
Patching and vulns
Vulnerability scan
Vulnerability Managment
Patch Managmente
System to manage
Configuration Managment
Automation
Baseline ( images)
EOS
EOL
Applying people
Travel
Priviledge Account Manager
Mandatory Vacations
M of N
Two Person control
Need to know and least priviledge
IAM
Protection Methods
Logon notification
Lockout
Masking
MFA
Salt and pepper
Access control
Access Controls
Atritube based
Rule Based
Role Base
Mandatory
Discretionary
Implementing SSO internal
RADIUS
TACACS+
SESAME
Kerberos
Access Review
Account Maintenance
New Role
Deprovisioning
Provisioning
Implementing SSO External
Federal
OIDC
Oauth
OpenID
SAML
Factors
Something you are
Something you have
Something you know
Laws Regulations and Compliance
Authorize to operate
Regulations
GDRP
SOX
HIPPA
PCI
Policies
Procedures
Policie
Data store
Privacy policie
NIST or ISO27000
Guideline
Baseline
Standard
Privacy
Import / Export
Licenses
Intelectual property
Disater Recover
Maintenence
Lesson learned
Full interrumpt
Parallel
Simulation
Structured Walk- trough
Read-Through
Development
Escrow arragment
Backups
Personnel and communications
Emergency response
Strategy
DB recovery
Sites
Workgroup recovery
Emergency communications
Crisis Managment
Bussenss priorities
Fault Tolerance
Power sources
UPS
Servers
Load Balancer
Clusters
Hard drive
RAID
Bussiness Continuity
Approval and Implementation
Excercise
Emergency
Vital Records
Statment of urgency
Statment of importance
Cp Goals
BCP documentation
Continuity Plan
Provisions and process
Buldings / Facilities
Warm site
Hot Site
Cold site
People
Strategy develpment
Bussiness Impact Analysis
Project scope and planning
Legal and regulation
Resources requeriments
BCP team Selection
Originitional review
Risk Assessment
Monitoring
Mitigate
Technical
Administrative
Directive
Recover
Corrective
Compensating
Detective
Deterrent
Preventive
Physical
Threat Modeling
Priorization and response
Ignoring
Aceptance
Avoidance
Transfer
Mitigation
Reduction Analysis
Detemining and diagramming potential attack
Identify threats
Identify
Supply Chain
Qualitative
Impact
Likehood
Quantitative
Anualized loss of ocurrance
Annualized rate of ocurrance
Single loss expectation
Exposure Factor
Asset Value
Application
Memory
Pointer reference
Resource exhaustion
Code security
API
Practices
Hard code credential
Erros Handling
Comments
Resilence
Elasticiiy
Scalability
Integrity measurement
Se diversity
Reuse
Signing
Controls
Parameter pollution
Metcharacter
Input
Software Devolpment
DB
Security
Obfuscation and camuflage
Parameterized
ODCB
ACID
Inference
Agregation
Concurrency
Devlop
Scrum
PERT
Gant
Models
Agile
Cascade
SAM
IDEAL
CMM
Lifecycle
Maintence
Testing
Code review
Coding
Desing Review
Control Specification
Functional requeriments
Conceptual
Secuity Asssessment and Testing
Security Managment process
KPI
Train and Awarness
Disaster Recovery and Bussiness Continuity
Account Manager
Log review
Testing code
Test coverage
Misue Case
Interface
Code review ( Fagan)
Assessment
Compliance check
Pentest
Black
Gray
White
Vulnerabilities
Infraestructure
Website
Communication and Network Security
Other technologies
NFC
RFID
Bluethoot
Secure Comunication
SPF
DKIM
PGP
Endpoint
MSSP = XDR Central + Premise and cloud + SOC
XDR = EDR + MRR + EPP + NTA + NIDS + NIPS
EPP = ERR with IPS / IDS
MDR = SIEM + NTA + EDR + TDS
EDR = AV + IDS+ FW
Switching
Virtual
Packet
Firewall
Circuit
Statefull
Next Gen
WAF
Static
Protocols
TLS
SSH
Kerberos, Radius, TACACS
Components
Screened subnet
Bastion host
Screened host
Architectures
VPN
Proxy
VxLAN
SDN
CDN
Load balancing
Active vs pasive
Active vs active
Wireless
Secure
NAC
WIDS
VoIP
RTP
SIPS
Security Architecture
Site and Facilities
Fire Prevention
Restricted Work Area security
Evidence store
Media Store
Acces Abuse
Camares
IDS
Data Center
Wiring closet
Equipment Failure
Security Models
Take Grant
Brewer Nash
Clark Wilson
Bell La Padula
Biba
Cryptography
Certificates
PKI
Hashing
Asymetric
Symetric
Ensuring CIA
Trust and assurance
Access controls
Isolation
Bounds
Confinement
Secure Design Principles
Trust but verify
Privacy by design
Zero Trust
Keep it simple
Fail Secure
Secure Defaults
Open and close
Object and subject
Security Assets
Roles
Custodian and admins
Data processor and controllers
Bussiness Owner
Asset Owners
Data Owners
Data protection Mechanism
Maskering
Anonymization
Tokenization
Pseudonymization
Cloud access security Broker
Digital Right Managment
Data classification
Requiriments
Destruction
Shredding
Destroy
Purging
Erasing
Data Location
Collect Limitation
Handling sensitive
Labeling
DLP
Host
Network
Data Maintenance
Personnel Security
Offboarding
Offboarding process
Publish fired
Reuse place
Chat
Card
Email
Network access
Mobile
Transfer
Oversight
Train & Awarness
Need to know
Separation of duties
Mandatory Vacation
Job Rotation
Onboarding
Least Priviledge
No Disclosure Agreement
Sign Security Policies
IAM and provisioning
