CISSP Study Log

Started chapter 15 on Security Assessment and Testing.

Finished chapter 14 on Controlling and Monitoring Access, covering permissions/rights/privileges, authorization mechanisms (implicit deny, access control matrix, capability lists, constrained interfaces, content and context-dependent controls), and the main access control models (DAC, RBAC, Rule-Based, ABAC, MAC, Risk-Based). Reviewed SSO implementations including SAML, OAuth 2.0, OpenID Connect, Kerberos, RADIUS, and TACACS+, plus the zero trust components (subjects, policy engines, policy administrators, and policy enforcement points). Studied common access control attacks like privilege escalation, password attacks (dictionary, brute force, spraying, credential stuffing, birthday, rainbow table), pass-the-hash, Mimikatz, sniffing, and spoofing, along with core protection methods like salting/peppering, MFA, account lockout, and password masking.

Started chapter 14 on Controlling and Monitoring Access, covering the distinctions between permissions, rights, and privileges along with authorization mechanisms like implicit deny, access control matrices, and capability lists. Reviewed core security principles including need-to-know, least privilege, and separation of duties, plus constrained interfaces and content/context-dependent controls. Covered the main access control models (DAC, RBAC, Rule-Based, ABAC, MAC, and Risk-Based) and the MAC model variations (hierarchical, compartmentalized, and hybrid).

Completed chapter 13 on Managing Identity and Access Management (IAM).

Started chapter 13 on Managing Identity and Access Management (IAM). This chapter covers the fundamentals of identity and access management, including the different types of identities, the different types of access, and the different types of access management. It also covers the different types of identity and access management policies, and the different types of identity and access management systems.