CISSP Domain- The Remaining Areas of Security Engineering
In our last blog “CISSP Domain 3: Security Architecture and Engineering” we covered some of the key areas of CISSP domain including- security design principles, subject and object model, failure modes, security models, certification, accreditation, cloud computing, and virtualization and in this blog post, we will try to cover the remaining ones. So, let’s begin with this post.
High Availability And Fault Tolerance
For security professional, the fundamentals of redundant systems and risk mitigation are important and are reviewed as follows:
- The key concept of having high availability is having high redundant systems at different locations. For instance; the cluster of web servers in a particular place still works even if the single server fails.
- On the other hand, fault tolerance prepares and protects the system from a single failure by making them resilient.
Client and server vulnerabilities
Nowadays, most of the companies use some sort of client-server network topology that connects all the wireless devices and workstations to the central server. So, all of them can be accessed more quickly and easily. As an aspirant you need to have the knowledge about the following concepts;
Client security issues
There are basically two types of security issues known as:
- Applets: applets that are written in languages like Java and ActiveX have some serious security issues as they openly allow remote websites to run code on your computer. That’s the primary reason experienced security professionals do not recommend applets.
- Local Caching: If you are using the internet for search purposes for a while then, you may know that cache is the local store of information that browser use to speed things up by eliminating redundant lookups. Although it reduces the waste of time and efforts, the cache can be easily corrupted using the ‘Cache Poisoning’ where malicious attackers insert the fake records in the DNS cache which redirects the users on the illegal website.
These are the client security issues you will learn throughout the ISC2 Certification Course.
Server security issues
In the CISSP Course Duration, your experienced instructors may give you a tour of the security issues that are particular to a certain environment. As all the servers are directly affected by the data flow, it is essential to protect the database from the inference, aggregation and other database-specific security attacks.
When you will settle down to write the CISSP exam then you may witness questions regarding database attacks. Out of all, two specific database attacks you need to know about are: –
Inference: – the inference occurs when an individual figure out sensitive information from the data available to him or her.
Aggregation: – the situation of aggregation occurs when an individual with low-level information clearance is able to figure out all the pieces of low-level information to determine a very sensitive piece of information.
Now, you know that in the absence of a certified professional every database is under the threat of cyber-attack. Therefore, it is highly suggested to hire CISSP professionals to protect organizations from cyber threats. If you are willing to become the CISSP professional then, it is the right time to enroll in the CISSP certification training Course at ProICT Training. Visit today to learn more!
Leave a Reply