Researching Security, Skripte von Informationssicherheit

Researching Security Audit Tools

Art: Skripte

2016/2017

Hochgeladen am 17.07.2017

bill-betatest
bill-betatest 🇩🇪

4

(1)

1 dokument

1 / 66

Toggle sidebar

Diese Seite wird in der Vorschau nicht angezeigt

Lass dir nichts Wichtiges entgehen!

bg1
Page | 1
Table of Contents
1 Chapter 1 Modern network Security Threats .............................................................................................. 4
1.1 Section 1.0 Introduction ...................................................................................................................... 4
1.1.1 Topic 1.0.1 Introduction ............................................................................................................... 4
1.1.1.1 Page 1.0.1.1 Introduction ......................................................................................................... 4
1.2 Section 1.1 Fundamental Principles of a Secure Network ................................................................... 5
1.2.1 Topic 1.1.1 Evolution of Network Security .................................................................................. 5
1.2.1.1 Page 1.1.1.1 Code Red Worm Attack ....................................................................................... 5
1.2.1.2 Page 1.1.1.2 Evolution of Security Threats .............................................................................. 6
1.2.1.3 Page 1.1.1.3 Evolution of Network Security Tools ................................................................... 7
1.2.1.4 Page 1.1.1.4 Threats to Networks ............................................................................................ 8
1.2.1.5 Page 1.1.1.5 Encryption and Cryptography ............................................................................. 9
1.2.2 Topic 1.1.2 Drivers for Network Security ................................................................................... 10
1.2.2.1 Page 1.1.2.1 The Hacker ......................................................................................................... 10
1.2.2.2 Page 1.1.2.2 Evolution of Hacking .......................................................................................... 11
1.2.2.3 Page 1.1.2.3 First Network Attacks ........................................................................................ 12
1.2.2.4 Page 1.1.2.4 Network Security Professionals ......................................................................... 15
1.2.3 Topic 1.1.3 Network Security Organizations .............................................................................. 16
1.2.3.1 Page 1.1.3.1 Network Security Organizations ........................................................................ 16
1.2.3.2 Page 1.1.3.2 SANS Institute .................................................................................................... 17
1.2.3.3 Page 1.1.3.3 CERT ................................................................................................................... 18
1.2.3.4 Page 1.1.3.4 (ISC)2 .................................................................................................................. 19
1.2.3.4.1 Security certifications offered by (ISC)2 ........................................................................... 19
1.2.3.5 Page 1.1.3.5 RSS ..................................................................................................................... 21
1.2.4 Topic 1.1.4 Domains of Network Security .................................................................................. 22
1.2.4.1 Page 1.1.4.1 Network Security Domains ................................................................................ 22
1.2.4.2 Page 1.1.4.2 Security Policy ................................................................................................... 24
1.2.5 Topic 1.1.5 Network Security Policies ........................................................................................ 25
1.2.5.1 Page 1.1.5.1Network Security Policy ..................................................................................... 25
1.2.5.2 Page 1.1.5.2 Cisco SecureX Architecture ............................................................................... 26
1.2.5.3 Page 1.1.5.3 Cisco SecureX Product Categories ..................................................................... 27
1.2.5.4 Page 1.1.5.4 Network Security Policy Objectives ................................................................... 28
1.3 Section 1.2 Viruses, Worms, and Trojan horses ................................................................................ 29
1.3.1 Topic 1.2.1 Viruses ..................................................................................................................... 29
1.3.1.1 Page 1.2.1.1 Primary Vulnerabilities for End User Devices .................................................... 29
1.3.1.2 Page 1.2.1.2 Comparison of a Human Virus and a Computer Virus ...................................... 30
1.3.2 Topic 1.2.2 Worms ..................................................................................................................... 31
1.3.2.1 Page 1.2.2.1 Worms ............................................................................................................... 31
1.3.2.2 Page 1.2.2.2 Worm Components ........................................................................................... 32
1.3.2.3 Page 1.2.2.3 Worm and Virus Exploit Comparison ................................................................ 33
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42

Unvollständige Textvorschau

Nur auf Docsity: Lade Researching Security und mehr Skripte als PDF für Informationssicherheit herunter!

Table of Contents

1 Chapter 1 Modern network Security Threats

1.1 Section 1.0 Introduction

1.1.1 Topic 1.0.1 Introduction

1.1.1.1 Page 1.0.1.1 Introduction  Upon completion of this chapter you will be able to: o Describe the evolution of network security. o Describe the various drivers for network security technologies and applications. o Describe the major organizations responsible for enhancing network security. o Describe a collection of domains for network security. o Describe network security policies. o Describe computer network viruses. o Describe computer network worms. o Describe computer network Trojan Horses. o Describe the techniques used to mitigate viruses, worms, and Trojan Horses. o Explain how reconnaissance attacks are launched. o Explain how access attacks are launched. o Explain how Denial of Service (DoS) attacks are launched. o Describe the techniques used to mitigate reconnaissance attacks, access attacks, and DoS attacks. o Explain how to secure the three functional areas of Cisco routers and switches.

Network security is now an integral part of computer networking. Network security involves protocols, technologies, devices, tools, and techniques to secure data and mitigate threats. Network security solutions emerged in the 1960s, but did not mature into a comprehensive set of solutions for modern networks until the 2000s.

Network security is largely driven by the effort to stay one step ahead of ill-intentioned hackers. Just as medical doctors attempt to prevent new illness while treating existing problems, network security professionals attempt to prevent potential attacks while minimizing the effects of real-time attacks. Business continuity is another major driver of network security.

Network security organizations have been created to establish formal communities of network security professionals. These organizations set standards, encourage collaboration, and provide workforce development opportunities for network security professionals. Network security professionals should be aware of the resources provided by these organizations.

The complexity of network security makes it difficult to master all it encompasses. Different organizations have created domains that subdivide the world of network security into more manageable pieces. This division allows professionals to focus on more precise areas of expertise in their training, research, and employment.

Network security policies are created by companies and government organizations to provide a framework for employees to follow during their day-to-day work. Network security professionals at the management level are responsible for creating and maintaining the network security policy. All network security practices relate to and are guided by the network security policy.

Just as network security is composed of domains of network security, network attacks are classified so that it is easier to learn about them and address them appropriately. Viruses, worms, and Trojan horses are specific types of network attacks. More generally, network attacks are classified as reconnaissance, access, or denial of service (DoS) attacks.

Mitigating network attacks is the job of a network security professional. In this chapter, you will master the underlying theory of network security, which is essential before beginning an in-depth practice of network security. The methods of network attack mitigation are introduced here, and the implementation of these methods comprises the remainder of this course.

1.2 Section 1.1 Fundamental Principles of a Secure Network

1.2.1 Topic 1.1.1 Evolution of Network Security

1.2.1.1 Page 1.1.1.1 Code Red Worm Attack

In July 2001, the Code Red worm attacked web servers globally, infecting over 350,000 hosts, as shown in the figure. The worm not only disrupted access to the infected servers, but also affected the local networks hosting the servers, making them very slow or unusable. The Code Red worm caused a denial of service to millions of users.

If the network security professionals responsible for these Code Red-infected servers had developed and implemented a security policy, security patches would have been applied in a timely manner. The Code Red worm would have been stopped and would only merit a footnote in network security history.

Network security relates directly to an organization's business continuity. Network security breaches can disrupt e-commerce, cause the loss of business data, threaten people’s privacy, and compromise the integrity of information. These breaches can result in lost revenue for corporations, theft of intellectual property, and lawsuits, and can even threaten public safety.

Maintaining a secure network ensures the safety of network users and protects commercial interests. To keep a network secure requires vigilance on the part of an organization’s network security professionals. Network security professionals must constantly be aware of new and evolving threats and attacks to networks, and vulnerabilities of devices and applications. This information is used to adapt, develop, and implement mitigation techniques. However, security of the network is ultimately the responsibility of everyone who uses it. For this reason, it is the job of the network security professional to ensure that all users receive security awareness training. Maintaining a secure, protected network provides a more stable, functional work environment for everyone.

1.2.1.3 Page 1.1.1.3 Evolution of Network Security Tools

The evolution of network security tools. 2010 Cisco Security Intelligence Operations 2006 Cisco Zone-Based Policy Firewall 1999 First IPS 1998 Snort IDS 1997 RealSecure IDS 1995 NetRanger IDS 1994 Check Point Firewall 1991 DCE SEAL Application Layer Firewall 1989 AT&T Bell Labs Stateful Firewall 1988 DCE Packet Filter Firewall As network security became an integral part of everyday operations, devices dedicated to particular network security functions emerged.

One of the first network security tools was the intrusion detection system (IDS), first developed by SRI International in 1984. An IDS provides real-time detection of certain types of attacks while they are in progress. This detection allows network security professionals to more quickly mitigate the negative impact of these attacks on network devices and users. In the late 1990s, the intrusion prevention system (IPS) began to replace the IDS solution. IPS devices enable the detection of malicious activity and have the ability to automatically block the attack in real-time.

In addition to IDS and IPS solutions, firewalls were developed to prevent undesirable traffic from entering prescribed areas within a network, thereby providing perimeter security. In 1988, Digital Equipment Corporation (DEC) created the first network firewall in the form of a packet filter. These early firewalls inspected packets to see if they matched sets of predefined rules, with the option of forwarding or dropping the packets accordingly. Packet filtering firewalls inspect each packet in isolation without examining whether a packet is part of an existing connection. In 1989, AT&T Bell Laboratories developed the first stateful firewall. Like packet filtering firewalls, stateful firewalls use predefined rules for permitting or denying traffic. Unlike packet filtering firewalls, stateful firewalls keep track of established connections and determine if a packet belongs to an existing flow of data, providing greater security and more rapid processing.

The original firewalls were software features added to existing networking devices, such as routers. Over time, several companies developed standalone, or dedicated firewalls that enable routers and switches to offload the memory and processor-intensive activity of filtering packets. Cisco’s Adaptive Security Appliance (ASA) is available as a standalone context-aware firewall. For organizations that do not require a dedicated firewall, modern routers, like the Cisco Integrated Services Router (ISR), can be used as sophisticated stateful firewalls.

Traditional security relied on the layering of products and using multiple filters. However, as threats became more sophisticated, these filters were required to look deeper into network and application layer traffic. Security requirements included more dynamic updates of information and quicker response times to threats. For this reason, Cisco designed the Security Intelligence Operations (SIO). SIO is a cloud-based service that connects global threat information, reputation-based services, and sophisticated analysis to Cisco network security devices to provide stronger protection with faster response times.

1.2.1.4 Page 1.1.1.4 Threats to Networks

As shown in the figure, in addition to dealing with threats from outside of the network, network security professionals must also be prepared for threats from inside the network. Internal threats, whether intentional or accidental, can cause even greater damage than external threats because of direct access to, and knowledge of, the corporate network and data. Despite this fact, it has taken more than 20 years after the introduction of tools and techniques for mitigating external threats to develop tools and techniques for mitigating internal threats.

A common scenario for a threat originating from inside the network is a disgruntled employee with some technical skills and a willingness to do harm. Most threats from within the network leverage the protocols and technologies used on the local area network (LAN) or the switched infrastructure. These internal threats fall into two categories: spoofing and DoS.

Spoofing attacks are attacks in which one device attempts to pose as another by falsifying data. There are multiple types of spoofing attacks. For example, MAC address spoofing occurs when one computer accepts data packets based on the MAC address of another computer.

DoS attacks make computer resources unavailable to intended users. Attackers use various methods to launch DoS attacks.

As a network security professional, it is important to understand the methods designed specifically for targeting these types of threats and ensuring the security of the LAN.

1.2.2 Topic 1.1.2 Drivers for Network Security

1.2.2.1 Page 1.1.2.1 The Hacker The word ‘hackers’ has a variety of meanings. For many, it means Internet programmers who try to gain unauthorized access to devices on the Internet. It is also used to refer to individuals who run programs to prevent or slow network access to a large number of users, or corrupt or wipe out data on servers. But for some, the term hacker has a positive interpretation as a network professional that uses sophisticated Internet programming skills to ensure that networks are not vulnerable to attack. Good or bad, hacking is a driving force in network security.

From a business perspective, it is necessary to minimize the effects of hackers with bad intentions. Businesses lose productivity when the network is slow or unresponsive. Business profits are impacted by data loss and data corruption.

The job of a network security professional is to stay one step ahead of the hackers by attending training and workshops, participating in security organizations, subscribing to real-time feeds regarding threats, and perusing security websites on a daily basis. The network security professional must also have access to state- of-the-art security tools, protocols, techniques, and technologies. Network security professionals should have many of the same traits as law enforcement professionals. They should always remain aware of malicious activities and have the skills and tools to minimize or eliminate the threats associated with those activities.

Hacking has the unintended effect of creating a high demand for network security professionals. However, relative to other technology professions, network security has the steepest learning curve and requires a commitment to continuous professional development.

1.2.2.2 Page 1.1.2.2 Evolution of Hacking

Evolution of hacking timeline 1970  Phone Freaks (^1980)  Wardialing 1988  First internet worm (^1993)  First Def. Con Hacking Conference (^1994)  First 5-year Federal Prison sentence for Hacking (^1995)  Kevin Mitnick initially sentenced to 4 years in prison for hacking credit card accounts.  SATAN Released 1997  First Malicious Scripts Released and Used by Less Educated Hackers (Script Kiddies).  Nmap Published (^1998)  Wardriving (^2002)  Melissa Virus Creator Gets 20 Months in Federal Prison (^2006)  Vishing, Smishing (^2009)  First malicious iPhone worm 2011  Script kiddies hacked the NBC News Twitter account posting fake updates related to terrorist attacks.

Hacking started in the 1960s with phone freaking, or phreaking, which refers to using various audio frequencies to manipulate phone systems. Phreaking began when AT&T introduced automatic switches to their phone systems. The AT&T phone switches used various tones, or tone dialing, to indicate different functions, such as call termination and call dialing. A few AT&T customers realized that by mimicking a tone using a whistle, they could exploit the phone switches to make free long-distance calls.

As communication systems evolved, so did hacking methods, as shown in the figure. Wardriving became popular in the 1980s with the use of computer modems. Wardriving programs automatically scanned telephone numbers within a local area, dialing each one in search of computers, bulletin board systems, and fax machines. When a phone number was found, password-cracking programs were used to gain access.

Wardriving began in the 1990s and is still popular today. Wardriving refers to users gaining unauthorized access to networks via wireless access points. This is accomplished using a wireless-enabled portable computer or PDA. Password-cracking programs are used to authenticate, if necessary, and there is even software to crack the encryption scheme required to associate to the access point.

Other threats have evolved over time. These include network scanning tools such as Nmap, John the Ripper, Cain and Abel and SATAN, as well as remote system administration hacking tools such as Back Orifice. Network security professionals must be familiar with all of these tools.

First Spam First Spam on ARPAnet- 1978. Below is the actual spam message as distributed on ARPAnet. To: Everyone From: Subject: Presentation Today DIGITAL WILL BE GIVING A PRODUCT PRESENTATION OF THE NEWEST MEMBERS OF THE DECSYSTEM- 20 FAMILY; THE DECSYSTEM-2020, 2020T, 2060, AND 2060T. THE DECSYSTEM-20 FAMILY OF COMPUTERS HAS EVOLVED FROM THE TENEX OPERATING SYSTEM AND THE DECSYSTEM-10 <PDP-10> COMPUTER ARCHITECTURE. BOTH THE DECSYSTEM-2060T AND 2020T OFFER FULL ARPANET SUPPORT UNDER THE TOPS-20 OPERATING SYSTEM. THE DECSYSTEM-2060 IS AN UPWARD EXTENSION OF THE CURRENT DECSYSTEM 2040 AND 2050 FAMILY. THE DECSYSTEM-2020 IS A NEW LOW END MEMBER OF THE DECSYSTEM-20 FAMILY AND FULLY SOFTWARE COMPATIBLE WITH ALL OF THE OTHER DECSYSTEM- MODELS. WE INVITE YOU TO COME SEE THE 2020 AND HEAR ABOUT THE DECSYSTEM-20 FAMILY AT THE TWO PRODUCT PRESENTATIONS WE WILL BE GIVING IN CALIFORNIA THIS MONTH. THE LOCATIONS WILL BE: TUESDAY, MAY 9, 1978 - 2 PM HYATT HOUSE (NEAR THE L.A. AIRPORT) LOS ANGELES, CA THURSDAY, MAY 11, 1978 - 2 PM DUNFEY'S ROYAL COACH SAN MATEO, CA (4 MILES SOUTH OF S.F. AIRPORT AT BAYSHORE, RT 101 AND RT 92) A 2020 WILL BE THERE FOR YOU TO VIEW. ALSO TERMINALS ON-LINE TO OTHER DECSYSTEM- SYSTEMS THROUGH THE ARPANET. IF YOU ARE UNABLE TO ATTEND, PLEASE FEEL FREE TO CONTACT THE NEAREST DEC OFFICE FOR MORE INFORMATION ABOUT THE EXCITING DECSYSTEM-20 FAMILY.

First DoS Attack Mafiaboy DoS Attack - February, 2000. Below is an article describing the sentencing of Mafiaboy shortly after conviction of the DoS Attack. 'Mafiaboy' Sentenced to 8 Months. Wired News Report 09.13. "Mafiaboy," the Canadian teenager who launched a denial of service attack that paralyzed many of the Internet’s major sites for one week in February 2000, will be spending the next eight months in a youth detention center. Judge Gilles Ouellet, who presided over the trial in Quebec's Youth Court, handed down the ruling on Wednesday. Ouellet said that the 17-year-old had committed a criminal act when he attacked Yahoo, eBay and Amazon and other major Internet sites. "This is a grave matter. This attack weakened the entire electronic communication system," Ouellet told the court. "And the motivation was undeniable, this adolescent had a criminal intent." Prosecutor Louis Miville-Deschenes said that he hoped the sentence would send “a strong message to the hacker world." Mafiaboy will also serve one year of probation after his release from the detention center. During his probation he will be allowed to attend school and have a part-time job. He was also ordered by Ouellet to donate $250 to charity. Mafiaboy's real name has not been released by the court, due to the Canadian law that protects the identity of offenders under 18 years of age. Defense lawyer Yan Romanowski said that his client was shocked and saddened by his sentence and is considering an appeal. "He hoped the judge had understood that he had learned his lesson and that detention was not a proper remedy in these circumstances," Romanowski said. "Detention is too much as far as I am concerned," Romanowski added. The maximum sentence Mafiaboy could have received was two years in detention. Prosecutor Louis Miville-Deschenes had asked the court to sentence Mafiaboy to one year of detention. "We think it is a reasonable ruling. It sends a strong message to hackers that they will get caught if they do things like that," Miville-Deschenes told reporters after court was dismissed.

The first virus was an email virus by the name of the Melissa virus. It was written by David Smith of Aberdeen, New Jersey. This virus resulted in memory overflows in Internet mail servers. David Smith was sentenced to 20 months in federal prison and a $5,000 fine. Click the First Virus button to see a sample of this email.

Robert Morris created the first Internet worm with 99 lines of code. When the Morris Worm was released, 10 percent of Internet systems were brought to a halt. Robert Morris was charged and received three years’ probation, 400 hours of community service, and a fine of$10,000. Click the First Worm button to learn about some of the events that occurred when this worm was introduced.

Spamming is the use of messaging technologies such as email and test messaging to send unsolicited bulk messages. The first spam message distributed on the Advanced Research Projects Agency Network (ARPAnet) was in 1978.Click the First Spam button to view the actual spam messages that was distributed.

A DoS attack is an attempt to make a service or machine unavailable to its intended users. Click the First DoS Attack button from more information on the Mafiaboy DoS attack in February 2000.

When hackers use their creativity for malicious purposes, such as attacks via spam, DoS, or breaking into accounts, they often end up going to jail and paying large fines. They also lose access to the very environment in which they thrive.

1.2.3 Topic 1.1.3 Network Security Organizations

1.2.3.1 Page 1.1.3.1 Network Security Organizations

Network security professionals must collaborate with professional colleagues more frequently than most other professions. This includes attending workshops and conferences that are often affiliated with, sponsored, or organized by local, national, or international technology organizations, as shown in the figure.

 Three of the more well-established network security organizations are: o SysAdmin, Audit, Network, Security (SANS) Institute o Computer Emergency Response Team (CERT) o International Information Systems Security Certification Consortium ((ISC)^2 pronounced as "I- S-C-squared")

A number of other network security organizations are also important to network security professionals. InfoSysSec is a network security organization that hosts a security news portal, providing the latest breaking news pertaining to alerts, exploits, and vulnerabilities. The Mitre Corporation maintains a list of common vulnerabilities and exposures (CVE) used by prominent security organizations. Forum of Incident Response and Security Teams (FIRST) is a security organization that brings together a variety of computer security incident response teams from government, commercial, and educational organizations to foster cooperation and coordination in information sharing, incident prevention and rapid reaction. Finally, the Center for Internet Security (CIS) is a nonprofit enterprise that develops security configuration benchmarks through a global consensus to reduce the risk of business and e-commerce disruptions.

1.2.3.2 Page 1.1.3.2 SANS Institute

SANS was established in 1989 as a cooperative research and education organization, as shown in the figure. The focus of SANS is information security training and certification. SANS develops research documents about various aspects of information security.

SANS relies upon a range of individuals that include: auditors, network administrators, and chief information security officers, to share lessons and solutions to various challenges. At the heart of SANS are security practitioners from different global organizations, corporations, and universities working together to help the entire information security community.

SANS resources are largely free upon request. This includes the popular Internet Storm Center, the Internet’s early warning system; NewsBites, the weekly news digest; @RISK, the weekly vulnerability digest; flash security alerts; and more than 1,200 award-winning, original research papers.

SANS develops security courses that can be taken to prepare for Global Information Assurance Certification (GIAC) in auditing, management, operations, legal issues, security administration, and software security. GIAC validates the skills of network security professionals, ranging from entry-level information security to advanced subject areas. This can include auditing, intrusion detection, incident handling, firewalls and perimeter protection, data forensics, hacker techniques, Windows and UNIX operating system security, and secure software and application coding.

1.2.3.4 Page 1.1.3.4 (ISC)^2 (ISC)^2 , shown in Figure 1, provides vendor-neutral education products and career services in more than 135 countries. Its membership includes over 75,000 certified industry professionals worldwide.

The mission of (ISC)^2 is to make the cyber world a safer place by elevating information security to the public domain, and supporting and developing network security professionals around the world.

(ISC)^2 develops and maintains the (ISC)2 Common Body of Knowledge (CBK). The CBK defines global industry standards, serving as a common framework of terms and principles that (ISC)^2 credentials are based upon. The CBK allows professionals worldwide to discuss, debate, and resolve matters pertaining to the field.

Most notably, (ISC)^2 is universally recognized for its four information security certifications, including one of the most popular certifications in the network security profession, the Certified Information Systems Security Professional (CISSP).These credentials help to ensure that employers with certified employees maintain the safety of information assets and infrastructures.

(ISC)^2 promotes expertise in handling security threats through its education and certification programs. As members, individuals have access to current industry information and networking opportunities unique to its network of certified information security professionals.

1.2.3.4.1 Security certifications offered by (ISC)^2 Systems Security Certified Practitioner (SSCP) The SSCP Certification is only available to qualified candidates who subscribe to the (ISC) code of ethics and pass the SSCP Certification examination based on the relevant SSCP Common Body of Knowledge (CBK). Candidates must also be able to prove at least one-year experience in one of the seven domains that comprise the SSCP Certification:  Access Controls  Administration  Audit and Monitoring  Risk, Response and Recovery  Cryptography  Data Communications  Malicious Code/Malware

Certification and Accreditation Professional (CAP) CAP was co-developed by the U.S. Department of State’s Office of Information Assurance and (ISC). The CAP credential is used as a measure of the knowledge, skills and abilities of personnel involved in assessing risk and establishing security requirements, as well as ensuring that information systems possess appropriate security measures.

Certified Secure Software Lifecycle Professional (CSSLP) The CSSLP is the newest certification from (ISC), and is the only certification in the industry that ensures security is considered throughout the entire software lifecycle. It centers around seven domains:  Secure Software Concepts  Secure Software Requirements  Secure Software Design  Secure Software Implementation/Coding  Secure Software Testing  Software Acceptance  Software Deployment, Operations, Maintenance and Disposal

Certified Information Systems Security Professional (CISSP) The CISSP was the first credential in the field of information security, accredited by the ANSI to ISO Standard 17024:2003. For CISSP credential, in addition to five years of experience, professional experience must be in two or more of 10 defined (ISC) CISSP domains:  Access Control  Application Security  Business Continuity and Disaster Recovery Planning  Cryptography  Information Security and Risk Management  Legal, Regulations, Compliance and Investigations  Operations Security  Physical (Environmental) Security  Security Architecture and Design  Telecommunications and Network Security