I cannot take credit for creating these mnemonics. They are the result of various online searches and the efforts of others. Kudos to their creators. OSI Layer - Please Do Not Touch Steve's Pet Alligator (Physical, Data Link, Network, Transport, Session, Presentation, Application) Data at Each Stage of OSI Layer - Don't Don't Don't Stop Pouring Free Beer (Data Data Data Segment Packet Frame Bits) OR Some People F*** Bit**es (Segments, Packets, Frames, Bits) TCP/IP Layer - NITA (Network, Internet, Transport, Application) Evaluation Assurance Model - Father Son Mother My Sweet Small Family (F S M M S S F) (Functionally Tested, Structurally Tested, Methodically tested and checked, Methodically designed, tested and reviewed, Semi-formally designed and tested, Semi-formally designed, verified and tested, Formally designed, verified and tested Asymmetric Cryptography = DEREK (Diffie-Hellman ElGamal RSA ECC Knapsack) Symmetric Cryptography = 23BRAIDS (Twofish 3DES Blowfish RC5 AES IDEA DES SAFER) Fire extinguisher - A = Ashes (regular fires like paper and wood) B = Boil (liquids like gasoline) C = Electri C ity D = Dent - like a metal can K = Kitchen (oil/grease) MAC (mandatory access control) is known as the lattice model (Big Mac with Lettuce) MD5 is a 128-bit hash because 8 minus 2 minus 1 = 5 SkipJack has 8 letters. Key size is "80 bits" Twofish - There is a process involved here called Whitening. Mental image of literally 2 fish "whitening" each others teeth. Blowfish - This is for key size, which can be 32 up to 448. I again think about "blowing" air into a fish, and imagining the fish getting bigger and bigger. Thus, it starts at 32 but can be "blown" up to 448 bits. Biba - The I in biba means Integrity Ring Computing Model: Zero KODU (0 Kernel, 1 OS, 2, Drivers, 3 Users) Retina Scan vs Iris Scan. Retina is a longer word than Iris. Retina is longer hence more detailed hence more intrusive. Iris stays same for the life of the person. Retina are blood vessels. Iris is mostly used. Patent = 20 years. Notice there is the word "ten" in Patent. 10 fits better into 20, than it does 70 (Copyright) Trade Mark is 10 years. USPTO: United States Patents and Trademark Office (Library of Congress takes care of Copyright) (Trade Secret is protected by Economics Espionage Act) RAID 0: Striping - 0 looks like a circle (person going in circles and leaving data everywhere (on both hard drives) RAID 1: Mirroring - 1 or | looks like a mirror Risk = Threat x Vulnerability (RISK TV) ALE = ARO x SLE
ALE (CAUSES) AROSLE (🍺 = 😍) SLE = AV x EF SLEAVEF (Up my sleeve(f)) ALE = Annual Loss Expectancy SLE = Single Loss Expectancy ARO = Annualized Rate of Occurrence (e.g; 1 flood in 20 years, 1/20 = 0.05) AV = Asset Value (value of asset after depreciation) EF = Exposure Factor (% damage with single occurrence - e.g; 80% of server unusable after a breach) NIST 800-37 (Risk Management Framework) - People Can See I Am Always Monitoring (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor) Business Continuity Planning
C(ow)P(ig)SOW -
Domain 7 Incident Response: Think of a Drumroll aka DRMRRRL when there is an incident (Detect, Response, Mitigate, Report, Recover, Remediate, Lessons Learnt): In Mitigate, you contain, in Recover, you bring to last good known state, in Remediate, you do RCA/fix the Root Cause) Canons of ISC - PAPA Protect society, the common good, necessary public trust and confidence, and the infrastructure (Social Responsibility, no unethical hacking), Act honorably, honestly, justly, responsibly, and legally (Maintain Integrity, don't lie, etc) Provide diligent and competent service to principals (Protect organization you are working for) , Advance and protect profession (Don't share exam questions, false endorsement) CSUSAD - Information Lifecycle (Create, Save, Use, Share, Archive, Destroy) Fagan Inspection (Code Review): Planets Orbit Perfectly In Round Formations (Planning, Overview, Preparation, Inspection, Rework, Followup) Domain 8 Software Capability Maturity Model (IDEAL is the other model) - How mature is your capability? (Think of mature software developers liking Oreo cookies) I Really Don't Mind Oreos (Initiating, Repeatable (lifecycle management, proper QA), Defined (documented), Managed (is Quantitative, and Quality Mgmt), Optimized(Change Management is followed) Change Management Process - Red Rabbits Are Trained In Dancing (Request, Review, Accept/Reject, Testing, Implement, Document) Change and Configuration Management - Rabbits Chasing Rabbits (Request, Change Control, Release Control)(Request - Red, Change Control - Rabbits Are Trained, Release Control - In Dancing) 5 Phases of SDLC RDITE - Real Developers Ideas Take Effort (Requirements Analysis, Design, Implementation, Testing, Evolution) Work in Progress Below Agile is a Framework: Scrum (most popular), Kanban and SAFe are examples are Agile Framework. DevOps or DevSecOps can be used alongside Agile 3. Bell-Lapdula - I made a little one-liner jingle for this. I say it like this: Bell, LA PA DU LA - CON FI DEN SHI AL IT E. I've repeated this many times in my head, and in fact, I recall this from my SSCP studies 4 years ago. 4. Running key (or “book”) ciphers often use a passage from a commonly available book as the encryption key. I remember this because in IT, we use a "Run book", so anytime I see a practice question asking How a Running key works, I remember "Run Book". 10. TCSEC vs ITSEC = Orange Book. Orange has vitamin C in it, ITSEC does not. Threat Modelling:
Standards / Acts / Regulations ISO 27001 -> info sec mgmt system ISO 22301 -> BCP MS – business continuity management system PCI-DSS -> card security NIST 800-37 -> IS information security FEDRAMP -> Federal risk and authorization program GLBA act – Privacy Financial services SOX -> Publicly Traded Companies – s not a standard but a law for publicliy traded companies doing business in US PIPEDA - > Canada - Personal Information Protection and Electronic Documents Act of Canada GDPR -> EU – Privacy HIPPS -> Healthcare
1 Comment
12/3/2023 11:17:59 am
I wanted to express my gratitude for your insightful and engaging article. Your writing is clear and easy to follow, and I appreciated the way you presented your ideas in a thoughtful and organized manner. Your analysis was both thought-provoking and well-researched, and I enjoyed the real-life examples you used to illustrate your points. Your article has provided me with a fresh perspective on the subject matter and has inspired me to think more deeply about this topic.
Reply
Leave a Reply. |
AuthorSaad is a Senior Collaboration Engineer. He is CCIE x 3 (Collaboration, R&S and Data Center) Categories
All
Archives
May 2022
|