Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Articles & Books From Lawrence C. Miller
Showcase your security expertise with the highly regarded CISSP certification The CISSP certification, held by more than 150,000 security professionals worldwide, is the gold standard of cybersecurity certifications. The CISSP Exam certifies cybersecurity professionals and opens doors for career advancement. Fully updated and revised to reflect the 2024 ISC2 CISSP Exam Outline, CISSP For Dummies is packed with helpful content for all eight security domains.
Article / Updated 08-02-2018
Mobile systems include the operating systems and applications on smartphones, tablets, phablets, smart watches, and wearables. The most popular operating system platforms for mobile systems are Apple iOS, Android, and Windows 10.The vulnerabilities that are found on mobile systems include
Lack of robust resource access controls.
Article / Updated 08-02-2018
Embedded devices encompass the wide variety of systems and devices that are Internet connected. Mainly, we’re talking about devices that are not human connected in the computing sense. Examples of such devices include
Automobiles and other vehicles.
Home appliances, such as clothes washers and dryers, ranges and ovens, refrigerators, thermostats, televisions, video games, video surveillance systems, and home automation systems.
Article / Updated 08-02-2018
Basic computer (system) architecture refers to the structure of a computer system and comprises its hardware, firmware, and software.
The CompTIA A+ certification exam covers computer architecture in depth and is an excellent way to prepare for this portion of the CISSP examination.Hardware
Hardware consists of the physical components in computer architecture.
Article / Updated 04-14-2023
On the CISSP exam, you need to be able to recognize the techniques used to identify and fix vulnerabilities in systems and the techniques for security assessments and testing for the various types of systems.
Client-based systems
The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications.
Article / Updated 09-19-2022
Web-based systems contain many components, including application code, database management systems, operating systems, middleware, and the web server software itself. These components may, individually and collectively, have security design or implementation defects. Some of the defects present include these:
Failure to block injection attacks.
Article / Updated 08-01-2018
Evaluation criteria provide a standard for quantifying the security of a computer system or network. These criteria include the Trusted Computer System Evaluation Criteria (TCSEC), Trusted Network Interpretation (TNI), European Information Technology Security Evaluation Criteria (ITSEC), and the Common Criteria.
Article / Updated 08-01-2018
If you ask an experienced security and risk professional about risk frameworks, chances are they will think you are talking about either risk assessment frameworks or risk management frameworks. You need to understand the difference for the CISSP Exam. These frameworks are distinct but deal with the same general subject matter: identification of risk that can be treated in some way.
Article / Updated 08-01-2018
Models are used to express access control requirements in a theoretical or mathematical framework that precisely describes or quantifies real access control systems. Common access control models include Bell-LaPadula, Access Matrix, Take-Grant, Biba, Clark-Wilson, Information Flow, and Non-interference.
Bell-LaPadula, Access Matrix, and Take-Grant models address confidentiality of stored information.
Article / Updated 08-01-2018
Various security controls and countermeasures that should be applied to security architecture, as appropriate, include defense in depth, system hardening, implementation of heterogeneous environments, and designing system resilience.
Defense in depth
Defense in depth is a strategy for resisting attacks. A system that employs defense in depth will have two or more layers of protective controls that are designed to protect the system or data stored there.