CCSP

• Level 1 – Over 6 million transactions annually
• Level 2 – Between 1 and 6 million transactions annually
• Level 3 – Between 20,000 and 1 million transactions annually
• Level 4 – Less than 20,000 transactions annually

 ISO/IEC 15408

ranking based on Common Criteria Security evaluation

to what extent was it the product tested?

EAL 1 Functionally tested

EAL 2 Structurally tested

EAL 3 Methodically tested and checked

EAL 4 Methodically designed, tested and reviewed

EAL 5 Semi-formally designed and tested

EAL 6 Semi-formally verified design and tested

EAL 7 Formally verified design and tested

 Evaluation criteria for IT security

EAL Levels 1-7

 U.S. government computer security standard used to approve cryptographic modules

Level 1: Requires production-grade equipment and externally tested algorithms.

Level 2: Adds requirements for physical tamper-evidence and role-based authentication. Software implementations must run on an Operating System approved to Common Criteria at EAL2.

Level 3: lvl2 + There must also be physical or logical separation between the interfaces by which “critical security parameters” enter and leave the module. Private keys can only enter or leave in encrypted form.

Level 4: This level makes the physical security requirements more stringent, requiring the ability to be tamper-active, erasing the contents of the device if it detects various forms of environmental attack.

RAID: striping data, adding parity bits for aiding in recovery

Data dispersion: bit splittting (make chunks and distribute them), adding erasure coding as paritiy bits

Randomization: replace (parts of) data with random characters, keep format 

Hashing: one-way hash, makes it unrecoverable (integrity checks)

Shuffling: use different entries from the same data set

Masking: hiding data with useless characters, keep format

Nulls: deleting raw data before it is represented

Tier 1: generally utilized by small businesses

Tier 2: 

Tier 3: utilized by larger businesses

Tier 4:  typically serve enterprise corporations 

Information technology — Security techniques — Application security

• Defining
• Designing
• Development
• Testing
• Secure Operations
• Disposal

• Spoofing
• Tampering
• Repudiation
• Information disclosure (privacy breach or data leak)
• Denial of service
• Elevation of privilege

All = Application Layer
People= Presentation Layer
Seem = Session Layer
To = Transport Layer
Need = Network Layer
Data = Data Link Layer
Processing = Physical Layer

TLS

SSL

Whole-Instance Encryption

Volume Encryption

Label-based

Metadata-based

Content-based

Data Analytics: Data mining, real-time, agile business intelligence

Type 1: Bare-metal

Type 2: runs on host

Measures maturity of software

1. Initial

2. Repeatable

3. Defined

4. Capable

5. Efficient

Basic Site Infrastructure

little to none redundancy

Scheduled maintanance will require system taken offline

Untoward personell activity WILL result in downtime

Redundant Site Infrastructure Capacity Component

Critical operations do not have to be interrupted for maintanance

Untoward personel activity MAY cause downtime

Unplanned failures MAY result in downtime

Concurrently Maintanable Site Infrastructure

dual power supplies for all systems

critical operations can continue when component fail

loss of component MAY cause downtime

loss of a system WILL cause downtime

planned maintanance will not necessarily cause downtime

Fault-Tolerant Site Infrastructure

redundancy of IT and electronical components

loss of a system or component WILL NOT cause downtime

a single loss, event or personell activity WILL NOT cause downtime

scheduled maintanance WILL NOT cause downtime

each VM should be logically isolated

all hosts should be physically and logically isolated as much as possible

Tightly coupled:

storage devices are directly connected to a shared physical backplane

each component has same policies and rule sets

enhances perfomance bc it scales

 Loosely coupled:

greater flexibility

each node is indepentant from each other, only logically connected

disc space is apportioned to the customer and is allocated to each of the guest instances

the virtualized OS of the guest can utilize and manipulate the volume

block storage / raw disk storage

analog mounted drive

all data is stored in a filesystem

customers get access to the parts they're assigned to

file storage

user is limited to upload, storing and manipulating files (not installing and running programms)

Temporary ressource that is used for processing

instance store volumes

durable data storage

low cost and large amounts

typically used for archives and backup

not suitable for production

can't install and run programms, but can run queries

for large amounts of data that require time-sensitive communication and low latency

multimedia content

replicates portions of data at data centers physically located nearer to the end user

Human interface devices (Keyboard, Video, Mouse = KVM)

Secure Data Ports

Tamper Labels

Fixed Firmware

Soldered Circuit board

Reduces Buffer

Air-Gapped Pushbuttons

The Electronic Communication Privacy Act 

restricts government from wiretapping phone calls etc.