Posts Tagged ‘nsa’
Espionage Act and Governance, Risk & Compliance for the CISSP-CISA
http://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002
Federal Information Security Management Act of 2002
From Wikipedia, the free encyclopedia
Jump to: navigation, search
The Federal Information Security Management Act of 2002 (”FISMA”, 44 U.S.C. § 3541, et seq.) is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 (Pub.L. 107-347, 116 Stat. 2899). The act recognized the importance of information security to the economic and national security interests of the United States.[1] The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.[1]
FISMA has brought attention within the federal government to cybersecurity and explicitly emphasized a “risk-based policy for cost-effective security”.[1] FISMA requires agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agencys information security program and report the results to Office of Management and Budget (OMB). OMB uses this data to assist in its oversight responsibilities and to prepare this annual report to Congress on agency compliance with the act.[2] In FY 2008, federal agencies spent $6.2 billion securing the governments total information technology investment of approximately $68 billion or about 9.2 percent of the total information technology portfolio.[3]
Implementation of FISMA
In accordance with FISMA, NIST is responsible for developing standards, guidelines, and associated methods and techniques for providing adequate information security for all agency operations and assets, excluding national security systems. NIST works closely with federal agencies to improve their understanding and implementation of FISMA to protect their information and information systems and publishes standards and guidelines which provide the foundation for strong information security programs at agencies. NIST performs its statutory responsibilities through the Computer Security Division of the Information Technology Laboratory.[4] NIST develops standards, metrics, tests, and validation programs to promote, measure, and validate the security in information systems and services. NIST hosts the following:
FISMA implementation project[5]
Information Security Automation Program (ISAP) * National Vulnerability Database (NVD) the U.S. government content repository for ISAP and SCAP. NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g., FISMA)[6]
Duration : 0:8:50
CISA and CISSP exam cram at the Queen Mary in Long Beach, CA to support the Cyber Security Act
http://en.wikipedia.org/wiki/CISSP
Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the not-for-profit[1] International Information Systems Security Certification Consortium, commonly known as (ISC)². As of June 30, 2009, (ISC)² reports 63,358 members who hold the CISSP certification in 134 countries.[2] In June, 2004, the CISSP was the first information security credential accredited by ANSI ISO/IEC Standard 17024:2003 accreditation, and, as such, has led industry acceptance of this global standard and its stringent requirements.[3][4] It is formally approved by the U.S. Department of Defense (DoD) in both their Information Assurance Technical (IAT) and Managerial (IAM) categories.[5] The CISSP has been adopted as a baseline for the U.S. National Security Agency’s ISSEP program.[6]
Duration : 0:0:49
Part 1/2: Public key infrastrcture for the CISSP and CISA novice under Cyber Security Act of 2009
http://en.wikipedia.org/wiki/Public_key_infrastructure
The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.[1]
In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA) . For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA.
The term trusted third party (TTP) may also be used for certificate authority (CA). The term PKI is sometimes erroneously used to denote public key algorithms, which do not require the use of a CA.
Duration : 0:2:2
Public-private cryptography key pairs for the CISSP and CISA novice under Cyber Security Act of 2009
Public-private cryptography key pairs for the CISSP and CISA novice under Cyber Security Act of 2009
http://www.coresecuritypatterns.com/blogs/?p=1523
Public Key Cryptography (PKC) uses two keys, a “public key” and a “private key”, to implement an encryption algorithm that doesn’t require two parties to first exchange a secret key in order to conduct secure communications. In a nice mathematical twist, this conceptual breakthrough also enables an elegant implementation of digital signatures.
For thousands of years, it was unanimously agreed in the cryptography community that the only way for two parties to establish secure communications was to first exchange a secret key of some kind. This seemed to be simple common sense: if the recipient didn’t have a secret to give them some leverage, how could they be in a better position to decrypt the message than an eavesdropper? Practically speaking, this meant that one of the parties first had to send a trusted person to the second party with a secret key (which typically took a fair amount of time), or send the key through an existing encryption channel that couldn’t be completely trusted (if it was broken, all of the keys transmitted over that channel were also broken).
Tages: pki public key ietf diffie-hellman algorithm ssh encrypt rfc reading room parties cryptography computer, pki, security, ttp, act, verisign, cissp, 2009, cisa, tcp, udp, ccna, digital, signature, nsa, nist, niap, cryptography, federal, information, processing, gao,
Duration : 0:2:37
Part 2/2: CISSP, CISA licensing under the NIST Cyber Security Act of 2009
Tutorial white papers on cryptography
Part one:
http://www.securityhorizon.com/journa…
Part two:
http://www.securityhorizon.com/journa…
The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA) . For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA.
The term trusted third party (TTP) may also be used for certificate authority (CA). The term PKI is sometimes erroneously used to denote public key algorithms, which do not require the use of a CA.
Category: Science & Technology
Tags: computer pki security ttp act verisign of cissp 2009 cisa tcp udp ccna digital signature nsa nist niap cryptography federal information processing gao government accountability office cybersecurity cyberwar cyber forensics csi
Duration : 0:5:1
Understanding CISSP & CISA licensing under the Cyber Security Act of 2009 (FIPS, NIST, PKI)
Tutorial white papers on cryptography
Part one:
http://www.securityhorizon.com/journal/spring2006.pdf
Part two:
http://www.securityhorizon.com/journal/summer2006.pdf
The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA) . For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA.
The term trusted third party (TTP) may also be used for certificate authority (CA). The term PKI is sometimes erroneously used to denote public key algorithms, which do not require the use of a CA.
Duration : 0:4:22
4/4: Summary of OSI model and networking protocols for CISSP
http://www.issa-la.org/Default.aspx?id=1060
ISSA LA – Certified Information Systems Security Professional (CISSP) Training
Dates:
November 16th-19th, 2009
Location:
UCLA Extension
Room 408
1010 Westwood Boulevard,
Los Angeles, CA, 90024
Pricing:
Early Discount Sign-ups (ISSA members and Full Time students) $1500 (Discounted pricing extended to Oct. 31st, after which pricing will be $1650 for ISSA members)
For payment via other methods, such as check and PO, or company/group discounts contact Mikhael Felker (education_director@issa-la.org)
Instructor:
Dr. Eugene Schultz, CISM, CISSP
Chief Technology Officer, Emagined Security
Course Description:
Of all the information security-related certifications available, no certification is held by more information security professionals than the Certified Information Systems Security Professional (CISSP) certification. This course thoroughly covers the 10 Core Body of Knowledge (CBK) areas represented within the examination:
Duration : 0:5:45
The seven layer OSI reference model tutorial for novice CISA and CISSP candidates
The seven layer OSI reference model tutorial for novice CISA and CISSP candidates.
http://en.wikipedia.org/wiki/OSI_model
The Open System Interconnection Reference Model (OSI Reference Model or OSI Model) is an abstract description for layered communications and computer network protocol design. It was developed as part of the Open Systems Interconnection (OSI) initiative.[1] In its most basic form, it divides network architecture into seven layers which, from top to bottom, are the Application, Presentation, Session, Transport, Network, Data-Link, and Physical Layers. It is therefore often referred to as the OSI Seven Layer Model.
A layer is a collection of conceptually similar functions that provide services to the layer above it and receives service from the layer below it. On each layer an instance provides services to the instances at the layer above and requests service from the layer below. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of the path. Conceptually two instances at one layer are connected by a horizontal protocol connection on that layer.
Duration : 0:4:15