Blog Archive

By
Multiple Readers have come back asking me to create a ready reckoner for the various topics which I have written. So here it is, an easy way to find out the various topics written by me. These topics have been grouped under the various CISSP or SSCP domains / Series / Opinions so that it is easy for
you to choose from.

If you have any feedback or want me to write about certain specific topics, drop me an email - at learningwithmayur@gmail.com.

Happy Learning :)

Exam Topics / Course Content

Domain 1: Security and Risk Management

 1. What is CIA? -- https://www.mayurpahwa.com/2017/07/what-is-cia.html






7. Identification, Authentication, Authorization, and Accountability - https://www.mayurpahwa.com/2018/06/identification-authentication.html




Domain 2: Asset Security 


Domain 3: Security Architecture & Engineering 

1. Understanding Cryptography:  https://www.mayurpahwa.com/2018/12/understanding-cryptography.html

2. Symmetric and Asymmetric Cryptography: https://www.mayurpahwa.com/2018/12/symmetric-and-asymmetric-cryptography.html

3. Hybrid Cryptography: https://www.mayurpahwa.com/2018/12/hybrid-cryptography.html

4. Digital Signature: https://www.mayurpahwa.com/2019/01/digital-signature.html






10. Holy Grail of Cryptography - Homomorphic Encryption: https://www.mayurpahwa.com/2021/05/holy-grail-of-cryptography-homomorphic.html



Domain 4: Communication and Network Security

1. Understanding TCP & UDP - https://www.mayurpahwa.com/2018/10/understanding-tcp-udp.html

2. The TCP Handshake - https://www.mayurpahwa.com/2018/10/the-tcp-handshake.html

3. Asynchronous & Synchronous Communication - https://www.mayurpahwa.com/2018/10/asynchronous-synchronous-communication.html

4. Understanding NAT – Network Address Translation - https://www.mayurpahwa.com/2018/11/understanding-nat-network-address.html

5. Network Segmentation and Segregation: https://www.mayurpahwa.com/2019/07/network-segmentation-and-segregation.html

6. The Do’s and Don’ts of a Firewall:  https://www.mayurpahwa.com/2019/06/the-dos-and-donts-of-firewall.html

7. It’s the Middleman – Proxy Firewall:  https://www.mayurpahwa.com/2019/04/its-middleman-proxy-firewall.html

8. Which State are you in? I’m Stateful:  https://www.mayurpahwa.com/2019/04/which-state-are-you-in-im-stateful.html

9. This One is all about Packets: https://www.mayurpahwa.com/2019/03/this-one-is-all-about-packets.html

10. The Curious Case of Firewalls:  https://www.mayurpahwa.com/2019/03/the-curious-case-of-firewalls.html

Domain 5: Identity and Access Management

1. Access Control Models - DAC, MAC, RBAC, Rule Based & ABAC -- https://www.mayurpahwa.com/2018/08/access-control-models-dac-mac-rbac-rule.html

2. Single Sign-On & Kerberos -- https://www.mayurpahwa.com/2018/09/single-sign-on-kerberos.html

3. Understanding Security Modes - Dedicated, System high, Compartmented, Multilevel - https://www.mayurpahwa.com/2018/10/understanding-security-modes-dedicated.html

4. Crime Prevention through Environmental Design (CPTED) Approach:  https://www.mayurpahwa.com/2019/03/crime-prevention-through-environmental_16.html

Domain 6: Security Assessment and Testing

Domain 7: Security Operations


Domain 8: Software Development Security


CCSP / CCSK Exam 

Domain 1 – Cloud Computing Concepts and Architecture




Domain 2 – Governance and Enterprise Risk Management



Domain 3 – Legal Issues, Contracts and Electronic Discovery

Domain 4 – Compliance and Audit Management

Domain 5 – Information Governance

Domain 6 – Management Plane and Business Continuity

Domain 7 – Infrastructure Security

Domain 8 – Virtualization and Containers

Domain 9 – Incident Response

Domain 10 – Application Security

Domain 11 – Data Security and Encryption

Domain 12 – Identity, Entitlement, and Access Management

Domain 13 – Security as a Service

Domain 14 – Related Technologies

CISSP - General 


2.  How to Pass the CISSP Exam in First Attempt--    https://www.mayurpahwa.com/2017/06/how-to-pass-cissp-exam-in-first-attempt.html



5. Launch of CISSP Computerized Adaptive Testing (CAT) --  https://www.mayurpahwa.com/2017/12/launch-of-cissp-computerized-adaptive.html


8. CISSP Domain 2 Changes - 2018 vs 2015 -- https://www.mayurpahwa.com/2018/04/cissp-domain-2-changes-2018-vs-2015.html

9. CISSP Domain 3 Changes - 2018 vs 2015 -- https://www.mayurpahwa.com/2018/04/cissp-domain-3-changes-2018-vs-2015.html

10. CISSP Domain 4 Changes - 2018 vs 2015 -- https://www.mayurpahwa.com/2018/04/cissp-domain-4-changes-2018-vs-2015.html

11. CISSP Domain 5 Changes - 2018 vs 2015 -- https://www.mayurpahwa.com/2018/04/cissp-domain-5-changes-2018-vs-2015.html

12. CISSP Domain 6 Changes - 2018 vs 2015 -- https://www.mayurpahwa.com/2018/04/cissp-domain-6-changes-2018-vs-2015.html

13. CISSP Domain 7 Changes - 2018 vs 2015 -- https://www.mayurpahwa.com/2018/04/cissp-domain-7-changes-2018-vs-2015.html

14. CISSP Domain 8 Changes - 2018 vs 2015 -- https://www.mayurpahwa.com/2018/05/cissp-domain-8-changes-2018-vs-2015.html

15. The Endorsement Process - CISSP, SSCP & other (ISC)2 certifications: https://www.mayurpahwa.com/2019/06/the-endorsement-process-cissp-sscp.html

SSCP - General 


2.  How to Pass SSCP Exam in the First Attempt -- https://www.mayurpahwa.com/2017/08/how-to-pass-sscp-exam-in-first-attempt.html

CyberSecurity Awareness Series

1. The Free Gift - ( Based on installing malicious software ) - https://www.mayurpahwa.com/2018/01/cybersecurity-awareness-series-free-gift.html

2. Token of Thanks - ( Based on data theft through USB) - https://www.mayurpahwa.com/2018/01/cybersecurity-awareness-series-token-of.html

3. The Limited Time Offer - ( Based on Smishing/ Phishing) - https://www.mayurpahwa.com/2018/01/cybersecurity-awareness-series-limited.html


5. The Delay -- ( Based on delay in access revocation) - https://www.mayurpahwa.com/2018/02/cyber-security-awareness-series-delay.html

6. Your Credentials, Your Identity - ( Based on Sharing of Password/ Credentials) - https://www.mayurpahwa.com/2018/02/cyber-security-awareness-series-your.html

7. The Other Side - ( Based on Cyberbullying) - https://www.mayurpahwa.com/2018/03/cybersecurity-awareness-series-other.html

8. The Whistle Man - ( Based on the Importance of Security Guard ) - https://www.mayurpahwa.com/2018/03/cybersecurity-awareness-series-whistle.html

9.  The Fault In Our Code - ( Based on Application Security) - https://www.mayurpahwa.com/2018/03/cyber-security-awareness-series-fault.html

10. I Will Always Remember You - ( If you share something on Internet / Social Media, it remains forever) - https://www.mayurpahwa.com/2018/03/cybersecurity-awareness-series-i-will.html

11. When George Got Whaled - ( Based on Whaling Attack) - https://www.mayurpahwa.com/2018/10/cybersecurity-awareness-series-when.html

12. The Three Little Pigs - ( Impact on business) - https://www.mayurpahwa.com/2019/10/cybersecurity-awareness-series-three.html

13. The VEC Scam - ( Phishing) - https://www.mayurpahwa.com/2019/10/cybersecurity-awareness-series-vec-scam.html

Cloud Security (General)

1. How the Cloud Service Models are Similar to Baking a Cake - https://www.mayurpahwa.com/2019/09/how-cloud-service-models-are-similar-to.html

Privacy 

1. Understanding Privacy - https://www.mayurpahwa.com/2019/09/understanding-privacy.html

General Articles

1. The Spectre of Intel’s (Past) Meltdown - ( Based on vulnerabilities codenamed “Meltdown” & “Spectre” ) - https://www.mayurpahwa.com/2018/01/the-spectre-of-intels-past-meltdown.html


3. The New Age of Social Engineering - https://www.mayurpahwa.com/2018/02/the-new-age-of-social-engineering.html

4. Take Control of Your Data - https://www.mayurpahwa.com/2018/04/take-control-of-your-data-part-1_4.html

5. Top IT Security Certifications 2018 - https://www.mayurpahwa.com/2018/04/top-it-security-certifications-2018.html

6. 8 Important Cybersecurity lessons to learn from Avengers - https://www.mayurpahwa.com/2018/05/8-important-cybersecurity-lessons-to.html

7. Security Risk Assessment in The Internet of Things - https://www.mayurpahwa.com/2018/05/security-risk-assessment-in-internet-of.html

8. Understanding the GDPR: General Data Protection Regulation - https://www.mayurpahwa.com/2018/07/understanding-gdpr-general-data.html

9. Understanding Blockchain - https://www.mayurpahwa.com/2019/01/understanding-blockchain-part-1.html

10. Building Blocks of Blockchain: https://www.mayurpahwa.com/2019/01/building-blocks-of-blockchain-part-2.html

11. What is DevSecOps? Defined, Explained & Explored - https://www.mayurpahwa.com/2019/06/what-is-devsecops-defined-explained.html

12. These Three Technologies hold the Power to Transform Cyber Security:  https://www.mayurpahwa.com/2019/06/these-three-technologies-hold-power-to.html

13. CyberSecurity @ Airports:  https://www.mayurpahwa.com/2019/06/cybersecurity-airports.html






You may also like to read...

Identification, Authentication, Authorization, and Accountability

By
Image
The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many confuse or consider that identification and authentication are the same, while some forget or give the least importance to auditing. These are four distinct concepts and must be understood as such. Identification Whenever you log in to most of the websites, you submit a username. In case you create an account, you are asked to choose a username which identifies you. This username which you provide during login is “Identification”. It is simply a way of claiming your identity. From an information security point of view, identification describes a method where you claim whom you are. If you notice, you share your username with anyone. Your email id is a form of identification and you share this identification with everyone to receive emails. This means that identification is a public form of information. Authentication So now you have entered you
Continue Reading...

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

By
Image
Identity and Access Management is an extremely vital part of information security. An access control model is a framework which helps to manage the identity and the access management in the organization. There are 5 main types of access control models: discretionary, rule-based, role-based, attribute-based and mandatory access control model. Every model uses different methods to control how subjects access objects. While one may focus on rules, the other focus on roles of the subject. As a security professional, we must know all about these different access control models. While one company may choose to implement one of these models depending on their culture, there is no rule book which says that you cannot implement multiple models in your organization. These models are built into the core or the kernel of the different operating systems and possibly their supporting applications. Every operating system has a security kernel that enforces a reference monitor concept, whi
Continue Reading...

How to Pass SSCP Exam in the First Attempt

By
Image
Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2 . When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.  Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP? You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are
Continue Reading...

Understanding Security Modes - Dedicated , System high, Compartmented , Multilevel

By
Image
Imagine a system that processes information. This information is classified in nature. When we say, its classified, it means that the information has been labeled according to the data classification scheme finalized by the organization. This scheme can be company specific, such as public, internal and confidential or military/government specific such as Confidential, Top Secret, Secret, Public. As a general user or a security professional, you would want that proper controls to be implemented and the system to be secure that processes such information. Imagine a scenario where such a malicious user tries to access this information. What clearance must this person have? Will he/she have access to all classified levels? Hey!!, stop imagining. Let’s discuss something else now. Hold on, I know, I had asked you to imagine the scenario above. But answers to all your questions would follow, so keep on reading further. We need to learn and understand a few terms before we are ready
Continue Reading...

Cloud Computing - The Logical Model

By
Image
At a high level, both cloud and traditional computing adhere to a logical model that helps identify different layers based on functionality.  The four layers are : Infrastructure: The core components of a computing system: compute, network, and storage.The foundation that everything else is built on. The moving parts. Metastructure: The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration. Infostructure: The data and information. Content in a database, file storage, etc. Applistructure: The applications deployed in the cloud and the underlying application services used to build them. For example, Platform as a Service features like message queues, artificial intelligence analysis, or notification services. The security at different levels is mapped to the different layers. The application security is managed at the applistructure layer while the data sec
Continue Reading...