16-10-2012, 01:51 PM
CISSP Study Booklet on Cryptography
CISSP Study Booklet.doc (Size: 433.5 KB / Downloads: 24)
WARNING:
As with any security related topic, this is a living document that will and must evolve as other people read it and technology evolves. Please feel free to send me comments or input to be added to this document. Any comments, typo correction, etc… are most welcome and can be send directly to: cdupuis[at]uniconseil.com
DISTRIBUTION AGREEMENT:
This document may be freely read, stored, reproduced, disseminated, translated or quoted by any means and on any medium provided the following conditions are met:
• Every reader or user of this document acknowledges that he his aware that no guarantee is given regarding its contents, on any account, and specifically concerning veracity, accuracy and fitness for any purpose. Do not blame me if some of the exam questions are not covered or the correct answer is different from the content of this document. Remember: look for the most correct answer, this document is based on the seminar content, standards, books, and where and when possible the source of information will be mentioned.
• No modification is made other than cosmetic, change of representation format, translation, correction of obvious syntactic errors.
• Comments and other additions may be inserted, provided they clearly appear as such. Comments and additions must be dated and their author(s) identifiable. Please forward your comments for insertion into the original document.
• Redistributing this document to a third party requires simultaneous redistribution of this licence, without modification, and in particular without any further condition or restriction, expressed or implied, related or not to this redistribution. In particular, in case of inclusion in a database or collection, the owner or the manager of the database or the collection renounces any right related to this inclusion and concerning the possible uses of the document after extraction from the database or the collection, whether alone or in relation with other documents.
Cryptography
Description :
The Cryptography domain addresses the principles, means, and methods of securing information to ensure its integrity, confidentiality, and authenticity.
Expected Knowledge :
The professional should fully understand :
• Basic concepts within cryptography.
• Public and private key algorithms in terms of their applications and uses.
• Cryptography algorithm construction, key distribution, key management, and methods of attack
• Applications, constructions, and use of digital signatures
• Principles of authenticity of electronic transactions and non-repudiation
The CISSP can meet the expectations defined above by understanding such Operations Security key areas of knowledge as
• Authentication
• Certificate authority
• Digital Signatures/Non-Repudiation
• Encryption
• Error Detecting/Correcting features
• Hash Functions
• Kerberos
• Key Escrow
• Messages Digest
• MD5
• SHA
• HMAC
• One-Time cipher keys
• Private Key Algorithms
• Applications and Uses
• Algorithm Methodology
• Key Distribution and Management
• Key Generation/Distribution
• Key Recovery
• Key Storage and Destruction