- Information Assurance
- IA relates more to the business level and strategic risk management of information and related systems, rather than the creation and application of security controls.
- Therefore, IA is best thought of as a superset of information security (i.e. umbrella term), and as the business outcome of Information Risk Management.
- Information Assurance Framework
- Local computing environment
- Enclave boundaries
- References
Monthly Archives: August 2018
Cloud Computing
- What is Cloud Computing?
- NIST SP 800-145: The NIST Definition of Cloud Computing
- Overview and Vocabulary
- ISO/IEC 17788: Overview and Vocabulary
- NIST SP 500-291: NIST Cloud Computing Standards Roadmap
- NIST SP 500-292: NIST Cloud Computing Reference Architecture
- Cloud Security
- NIST SP 800-144: Guidelines on Security and Privacy in Public Cloud Computing
- Cloud Stacks
- Audit Report
- References
Cryptography
- Scenarios
- Secure communication: HTTPS/802.11i WPA2
- Encrypting files on disk: EFS, TrueCrypt
- Content protection: DVD/CSS, Blue-ray/AACS
- User Authentication
- Building blocks
- Plain-text and cipher-text
- Algorithm: publicly known, never use a proprietary cipher
- Key: one-time key/many-time key(dynamic key)
- Series Videos
- What is cryptography
- History of cryptography
- Discrete probability Crash course
- Discrete probability crash course cont
- Information theoretic security and the one time pad
- Stream ciphers and pseudo random generators
- Attacks on stream ciphers and the one time pad
- Real world stream ciphers
- PRG Security Definitions
- Semantic Security
- Stream ciphers are semantically secure
- What are block ciphers
- The Data Encryption Standard
- Exhaustive search attacks
- More attacks on block ciphers
- The AES block cipher
- Block ciphers from PRGs
- Review PRPs and PRFs
- Modes of operation one time key
- Security for many time key
- Modes of operation many time key CBC
- Modes of operation many time key CTR
- Message Authentication Codes
- MACs Based On PRFs
- CBC MAC and NMAC
- MAC padding
- PMAC and the Carter Wegman MAC
- Introduction (Collision Resistance)
- Generic birthday attack
- The Merkle Damgard Paradigm
- Constructing compression functions
- HMAC
- Timing attacks on MAC verification
- Active attacks on CPA secure encryption
- Definitions (Authenticated Encryption)
- Chosen ciphertext attacks
- Constructions from ciphers and MACs
- Case study TLS
- CBC padding attacks
- Attacking non atomic decryption
- Key Derivation
- Deterministic Encryption
- Deterministic EncryptionSIV and wide PRP
- Tweakable encryption
- Format preserving encryption
Bruce Passed ISACA CISA Exam on 28th August
CISA Cleared!
After another 50-hour study in 2 weeks (from 2018/08/14 to 2018/08/28), I cleared the ISACA CISA exam today. The following is what I used to prepare for this exam:
- CISA Certified Information Systems Auditor All-in-One Exam Guide, Third Edition
- English: CISA Review Manual, 26th Edition
- English: CISA Review Questions, Answers & Explanations Database – 12 Month Subscription
Milestone Achieved!
It’s about time to declare I’ve achieved my second milestone for 2018.
- Milestone #2: ISACA
- 2018/08/28 CISA
- 2018/08/13 CRISC
- 2018/07/24 CISM
- Milestone #1: PMI + CISSP
- 2018/07/10 RMP
- 2018/06/19 CISSP
- 2018/04/27 PBA
- 2018/04/09 ACP
Long Way to Go!
I am still on my way to build my profession on information security and the coming milestones are as follows:
- Milestone #3: ISC2
- 2018/09/14 CSSLP
- 2018/09/28 CCSP
- Milestone #4: EC-Council
- 2018/10/15 CEH
- 2018/10/29 ECSA
Level of Commitment
Image
Bruce Passed ISACA CRISC Exam on 13th August
To pass the CRISC exam, I spent around 50 hours in 3 weeks (from 2018/07/24 to 2018/08/13) studying the following materials:
- English: CRISC Review Manual, 6th Edition
- English: CRISC Review Questions, Answers & Explanations Database – 12 Month Subscription
Candidates have 4 hours to complete the 150-question exam; It takes me 3 hours to nail it, 2 hours for answering questions and 1 hour for review.
The risk management discipline is still evolving and it takes time to get yourself acquainted with the terminologies used in CRISC. There are even some conflicts or inconsistencies between risk management methodologies.
Just follow the official CRISC review manual and questions from ISACA. It would be the most efficient way to pass this exam.