Data Analysis vs. Data Analytics

Analysis is focused on understanding the past; what happened and why it happened. Analytics focuses on why it happened and what will happen in the future.

Source: Wikipeida

  • Some treat data analysis as a process, part of data analytics, while data analytics as a discipline.
  • Data analysis answers, “What happened?” while data analytics answers, “Why, and What will happen next?
  • Data analysis relies on descriptive statistics, while data analytics relies on inferential statistics.

References

ABAC and CBAC

Sample XACML Implementation

Attribute-Based Access Control (ABAC)

An access control method where subject requests to perform operations on objects are granted or denied based on:

  1. assigned attributes of the subject,
  2. assigned attributes of the object,
  3. environment conditions, and
  4. a set of policies that are specified in terms of those attributes and conditions.

Source: NIST SP 800-263

Context-Based Access Control (CBAC)

The term CBAC is coined by Cisco, not a typical access control mechanisms you encountered in most of the CISSP study guides or NIST guidelines.

The Context-Based Access Control (CBAC) feature of the Cisco IOS® Firewall Feature Set actively inspects the activity behind a firewall.

Source: Cisco

CISSP PRACTICE QUESTIONS – 20200924

Effective CISSP Questions

Threat feeds convey a large quantity of data, including Indicators of Compromise (IoCs), pieces of forensic data that identify potentially malicious activities. Security analysts analyze, enrich, and turn them into threat intelligence, and security teams use them to look for persistent threats and recently discovered or zero-day exploits. Which of the following indicators provided by threat feeds provides the most value?
A. Host Artifacts
B. Domain Names
C. Hash Values
D. Tools

Continue reading

CISSP PRACTICE QUESTIONS – 20200923

Effective CISSP Questions

Bob is suffering from allegations of sexual harassment by Alice. His company receives the complaint and is considering an investigation to determine if he is responsible. If so, disciplinary action will be taken. As an investigator, which of the following is least likely to happen in the investigation?
A. Dismiss the case
B. Determine powers of investigation
C. Ask for Bob’s legal representation
D. Gather evidence

Continue reading

Criticality Analysis and BIA

  • Criticality is the degree of impact of missing something important, e.g., critical process, activity, resource, or system. Criticality analysis is the process of determining the criticality.
  • Business impact analysis (BIA) that comprising criticality analysis identifies
    1. critical activities that support the delivery of products and services,
    2. supporting activities and dependencies, and
    3. other assets and resources.
  • The more critical an activity is, the shorter its tolerable downtime is. BIA identifies activities and determines their MTDs, RTOs, and RPOs to prioritize them as critical activities. In summary, criticality analysis is part of BIA.

CISSP PRACTICE QUESTIONS – 20200921

Effective CISSP Questions

Alice and Bob work together to develop a log parser using C++.  Alice is linking the main program with the modules in object code developed by Bob. The log parser loads all the dependent modules when it starts. Which of the following best describes the role of Bob’s modules?
A. Software Development Kit (SDK)
B. Runtime library
C. Static library
D. Application Programming Interface (API)

Continue reading