2
ISC2 CC Domain 3 Exam with precise detailed solutions
|| || || || || || || ||
control - ✔✔a safeguard or countermeasure designed to preserve the CIA of data
|| || || || || || || || || || || ||
access control - ✔✔limiting what objects can be available to what subjects according to what
|| || || || || || || || || || || || || || ||
rules
Access is based on three elements: - ✔✔subjects, objects, rules
|| || || || || || || || ||
subjects - ✔✔any entity that requests access to assets from object
|| || || || || || || || || ||
- referred to as active when initiates request
|| || || || || || ||
objects - ✔✔anything a subject attempts to access
|| || || || || || ||
- responds to request for service
|| || || || ||
- passive no action until called by subject
|| || || || || || ||
- must be protected
|| || ||
rules - ✔✔instruction developed to allow or deny access to an object by computing the validated
|| || || || || || || || || || || || || || || ||
identity of the subject to an access control list
|| || || || || || || ||
defence in depth - ✔✔- layered defence strategy
|| || || || || || ||
- to prevent or deter a cyber attack
|| || || || || || ||
defence in depth circle graph - ✔✔physical controls -> logical/technical controls -> admin
|| || || || || || || || || || || || ||
controls -> assets || ||
Facilities that require physical access controls - ✔✔- data centres (most important)
|| || || || || || || || || || ||
, 2
- server rooms
|| ||
- media storage facilities (if remote is more important)
|| || || || || || || ||
- evidence storage locations
|| || ||
- wiring closets
|| ||
- Distribution Cabling
|| ||
- Operations Center
|| ||
wiring closets need to be protected because - ✔✔it offers access to digital eavesdroppers and
|| || || || || || || || || || || || || || ||
network intruders ||
types of physical security - ✔✔gates, bollards (allow pedestrians, not cars)
|| || || || || || || || || ||
CPTED - ✔✔Crime Prevention Through Environmental Design
|| || || || || ||
- Basically giving principles to design your crime prevention mechanisms in a way that is
|| || || || || || || || || || || || || || ||
appropriate with your environmental surroundings || || || ||
CPTED Goals - ✔✔1. Natural Surveillance
|| || || || ||
2. Natural access control
|| || ||
3. Natural territory reinforcement
|| || ||
Natural surveillance - ✔✔- Design your security in a way that allows you to observe the natural
|| || || || || || || || || || || || || || || || ||
surroundings of your facility || || ||
ex. Windows, Open Areas, Lightning
|| || || ||
Natural access control - ✔✔Narrowing the traffic to a single point of entry
|| || || || || || || || || || || ||
natural territory reinforcement - ✔✔Making it visually and physically obvious that the area is
|| || || || || || || || || || || || || ||
closed to the public || || ||
ISC2 CC Domain 3 Exam with precise detailed solutions
|| || || || || || || ||
control - ✔✔a safeguard or countermeasure designed to preserve the CIA of data
|| || || || || || || || || || || ||
access control - ✔✔limiting what objects can be available to what subjects according to what
|| || || || || || || || || || || || || || ||
rules
Access is based on three elements: - ✔✔subjects, objects, rules
|| || || || || || || || ||
subjects - ✔✔any entity that requests access to assets from object
|| || || || || || || || || ||
- referred to as active when initiates request
|| || || || || || ||
objects - ✔✔anything a subject attempts to access
|| || || || || || ||
- responds to request for service
|| || || || ||
- passive no action until called by subject
|| || || || || || ||
- must be protected
|| || ||
rules - ✔✔instruction developed to allow or deny access to an object by computing the validated
|| || || || || || || || || || || || || || || ||
identity of the subject to an access control list
|| || || || || || || ||
defence in depth - ✔✔- layered defence strategy
|| || || || || || ||
- to prevent or deter a cyber attack
|| || || || || || ||
defence in depth circle graph - ✔✔physical controls -> logical/technical controls -> admin
|| || || || || || || || || || || || ||
controls -> assets || ||
Facilities that require physical access controls - ✔✔- data centres (most important)
|| || || || || || || || || || ||
, 2
- server rooms
|| ||
- media storage facilities (if remote is more important)
|| || || || || || || ||
- evidence storage locations
|| || ||
- wiring closets
|| ||
- Distribution Cabling
|| ||
- Operations Center
|| ||
wiring closets need to be protected because - ✔✔it offers access to digital eavesdroppers and
|| || || || || || || || || || || || || || ||
network intruders ||
types of physical security - ✔✔gates, bollards (allow pedestrians, not cars)
|| || || || || || || || || ||
CPTED - ✔✔Crime Prevention Through Environmental Design
|| || || || || ||
- Basically giving principles to design your crime prevention mechanisms in a way that is
|| || || || || || || || || || || || || || ||
appropriate with your environmental surroundings || || || ||
CPTED Goals - ✔✔1. Natural Surveillance
|| || || || ||
2. Natural access control
|| || ||
3. Natural territory reinforcement
|| || ||
Natural surveillance - ✔✔- Design your security in a way that allows you to observe the natural
|| || || || || || || || || || || || || || || || ||
surroundings of your facility || || ||
ex. Windows, Open Areas, Lightning
|| || || ||
Natural access control - ✔✔Narrowing the traffic to a single point of entry
|| || || || || || || || || || || ||
natural territory reinforcement - ✔✔Making it visually and physically obvious that the area is
|| || || || || || || || || || || || || ||
closed to the public || || ||
