What we are up against…
There is much ballyhoo on the importance of information security to an organization. There is significant focus on the threats posed by hackers, intruders, cyber-terrorists, foreign actors, viruses, Trojan horses, spyware. etc. to the information held by a particular organization. Laws have been enacted to ensure that these actors if caught will face significant punishment under the law and organizations spend millions of dollars to ensure that their systems and infrastructure are hardened to protect themselves from this threat. Read more
CISSP Note (Domain 1: Access Control) – Three Things to Consider
Three things to consider
- Threats – potential to cause harm
- Vulnerabilities – weakness that can be exploited
- Risk – potential for harm
Risk is the likelihood that something bad will happen that causes harm to an informational asset (or the loss of the asset). A vulnerability is a weakness that could be used to endanger or cause harm to an informational asset. A threat is anything (man made or act of nature) that has the potential to cause harm.
The likelihood that a threat will use a vulnerability to cause harm creates a risk. When a threat does use a vulnerability to inflict harm, it has an impact. In the context of information security, the impact is a loss of availability, integrity, and confidentiality, and possibly other losses (lost income, loss of life, loss of real property). It should be pointed out that it is not possible to identify all risks, nor is it possible to eliminate all risk. The remaining risk is called residual risk.
|
Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW.
All Purchases are securely processed through Paypal. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECIEVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS. |
Join Me On Facebook
Business Tech Press Releases- HostWire Merges into WRGL February 10, 2012
- Altera Announces Upcoming Schedule of Events With the Financial Community February 10, 2012
- Faruqi & Faruqi, LLP Announces Investigation of Powerwave Technologies, Inc. February 10, 2012
- Satisfy Your Valentine in 10 Minutes from Your Mobile Phone or Tablet February 10, 2012
- Italsuit Brings Bargain-Hunting Thrills to Shopping Online February 10, 2012
- From the National Vulnerability Database
- CVE-2011-3958 (chrome) February 7, 2012Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. […]nvd@nist.gov
- CVE-2012-1033 (bind) February 7, 2012The resolver in ISC BIND 9 through 9.8.1-P1 does not properly implement a cache update policy, which allows remote attackers to trigger continued resolvability of domain names that are no longer registered via an unspecified "Ghost Names exploit." […]nvd@nist.gov
- CVE-2011-3971 (chrome) February 7, 2012Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. […]nvd@nist.gov
- CVE-2011-3954 (chrome) February 7, 2012Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. […]nvd@nist.gov
- CVE-2011-3970 (chrome, libxslt) February 7, 2012libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. […]nvd@nist.gov
- CVE-2012-0926 (realplayer, realplayer_sp) February 7, 2012The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. […]nvd@nist.gov
- CVE-2011-3969 (chrome) February 7, 2012Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. […]nvd@nist.gov
- CVE-2011-3956 (chrome) February 7, 2012The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. […]nvd@nist.gov
- CVE-2011-3968 (chrome) February 7, 2012Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. […]nvd@nist.gov
- CVE-2012-1035 (ada_web_services) February 7, 2012AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. […]nvd@nist.gov
- CVE-2011-3958 (chrome) February 7, 2012