CISSP Domain 5 Review / Mind Map (1 of 2) | Access Control Overview

Поділитися
Вставка
  • Опубліковано 24 гру 2024

КОМЕНТАРІ • 67

  • @destcert
    @destcert  3 роки тому +3

    We wrote a CISSP guidebook! Check it out here: destcert.com/guidebook/

  • @tendaig7048
    @tendaig7048 4 роки тому +12

    RBAC and RuBAC are types of Non-discretionary access control.

    • @tiphotisted
      @tiphotisted 4 роки тому

      Yeah, I saw that. Only DAC is discretionary as far as I have seen in other sources. Everything else is non discretionary.

    • @tulpapainting1718
      @tulpapainting1718 3 роки тому +1

      Finally, proof that this guy is human - I was starting to get an inferiority complex when comparing his quality of work. Loving the videos.

    • @jimhunold9975
      @jimhunold9975 10 місяців тому

      The destination CISSP book states you should stay away from non-discretionary, that is contradiction to the what I see out there. I see RBAC implemented more than anything.

  • @alexboccio6446
    @alexboccio6446 4 роки тому +7

    Thank you for the very helpful videos! One thing that may be an error - at ~9:00 you mention RBAC, RuleBAC, and ABAC as discretionary access controls, however the official study guide and other materials I've seen all list these as non-discretionary.

    • @destcert
      @destcert  4 роки тому +21

      Hi Alex, Thanks for pointing out something that has become very confusing in regards to the CISSP. It turns out that even the official guide is wrong and many of the other materials that have ‘copied’ the original ‘wrong’ description of ‘non-discretionary’ access control. Here’s the explanation. Discretionary access control is simply defined as ‘the owner decides who can access what they own of behalf of the organization.’ Any system that allows the owner to be accountable for deciding who can access their assets, is operating in discretionary mode. So, in role based access, even though we create ‘roles’ or ‘groups’ that a whole bunch of people may be part of, it is still up to the OWNER to decide what the role or group should have as far as permissions is concerned. That, by definition, is the definition of discretionary. And here is where the confusion usually appears. The owner may ‘delegate’ that RESPONSIBILITY to a system administrator to administer the role-based requirements, but the owner still remains ACCOUNTABLE. In Non-discretionary access control, an owner DOES NOT exists, and that why we leave it up to the next-best choice, the administrator. Non-discretionary should not exist, we don’t like it because there is no real ACCOUNTABILITY. There should always be an owner that is ACCOUNTABLE. In Role-based access control, there should always be an owner that is ACCOUNTABLE for who has access, and what permissions, the role or group has. Therefore, it is an example of discretionary.
      Hope that clears things up.

    • @estrategiaygestiondecibers1673
      @estrategiaygestiondecibers1673 3 роки тому +3

      @@destcert Is there an article where I can find this clarification?

    • @krauzo
      @krauzo 3 роки тому +5

      @@destcert I would really appreciate some source for those claims as this is the only place on the Internet I've found such classification. Thanks in advance!

    • @strcelrau
      @strcelrau 3 роки тому

      @@destcert I think there is always an owner for the data. In Non-Discretionary there is a General somewhere that decides that this data should be Secret or Top Secret... :)

    • @sdcooper105
      @sdcooper105 3 роки тому

      @@destcert I too am finding this EXTREMLY confusing considering both The Sybex Edition 8 Official Study Guide and the guys at IT Dojo questions of the day 5:50 (ua-cam.com/video/WJWvcYv--OY/v-deo.html) contradicts this.
      The further detailed explanation you provided here makes it seem as if its possible to have both Role-Based and Rule-Based Access controls be Discretionary and Non-Discretionary. Even though 'THERE SHOULD' be an accountable owner, it sounds like its still possible to create roles with permissions that DON'T have an accountable owner. Its confusing because you mention that Accountability is a Service of AC but then mention an AC model that does not have Accountability and "should not exist". If its an access control model that doesn't meet the fundamental access control model requirements, wouldn't it just not be considered an access control?

  • @uroojbaig5598
    @uroojbaig5598 2 роки тому

    Absolutely the best and smooth explanations given for the CISSP domains. Thank you Rob and Team!

  • @latinlefty17
    @latinlefty17 4 роки тому +1

    Awesome content and method of delivery

  • @AlrightIamdone
    @AlrightIamdone 4 роки тому +1

    Hi Rob, can you please confirm that ABAC and Rule BAC is also discretionary just like you explained that Role-BAC is?

  • @linj551
    @linj551 4 роки тому +1

    the Sybex book said that only DAC is discretionary control, and the others including role-based, rule-based, attribute-based, MAC all belongs to the nondiscretionary control. which one should be right?

  • @ciscosaeen3709
    @ciscosaeen3709 10 місяців тому

    Question. I believe iris scanner is considered to be the most accurate and retina scanner comes second. can you confirm this please.

  • @fernhbowers
    @fernhbowers 2 роки тому +1

    I so appreciate the Videos...Such a Blessing. I really feel confident that I will PASS 2022!

    • @destcert
      @destcert  2 роки тому

      Glad you find it helpful! All the best to your studies!

  • @mohammadtaufeeq68
    @mohammadtaufeeq68 4 роки тому +3

    I wish I could give a million likes for each of your videos...thanks a lot dear.

  • @thesamenametwice9464
    @thesamenametwice9464 Рік тому

    One thing I wish you'd incorporate into these videos are the acronyms. Many times I am getting asked on Learnzapp questions that have a multitude of acronyms that aren't spelled out, and would have gotten them correct had I knew what they initially stood for before attempting the practice tests.

  • @RajputSaab84
    @RajputSaab84 3 роки тому +2

    Your videos are gold mine..! thanks for all your efforts :)

  • @jnc05
    @jnc05 4 роки тому +2

    Is there a place to download the finished map for review?

    • @destcert
      @destcert  4 роки тому +2

      Not yet. Working on that!

  • @jesse8117
    @jesse8117 4 роки тому +1

    Do you have domain 4?

    • @destcert
      @destcert  4 роки тому +1

      Just uploaded the first of 4 Domain 4 videos. The remainder will be up in the next 2-3 weeks. All the best in your studies!

    • @jesse8117
      @jesse8117 4 роки тому

      @@destcert Thank you!!! I love your videos!

  • @NajeebMohammed
    @NajeebMohammed 4 роки тому +1

    Great Content and thanks a lot for your efforts.

  • @SegInfoBR
    @SegInfoBR 4 роки тому +1

    Hi Rob, congratulations by videos, were excellents. Please advise when domain 4 will be available?

    • @destcert
      @destcert  4 роки тому +2

      Writing domain 4 MindMaps now. Will record likely next week. Should be out before January.

    • @SegInfoBR
      @SegInfoBR 4 роки тому

      @@destcert Thanks for the return and congratulations again for the materials provided with excellent quality.

  • @idealadder
    @idealadder 4 роки тому +1

    Outstanding videos

    • @destcert
      @destcert  4 роки тому

      Thank you so much 😀

  • @pavanareddy6243
    @pavanareddy6243 4 роки тому +2

    Please can you upload Domain 3 and Domain4

    • @destcert
      @destcert  4 роки тому +1

      I'm working on them now!

  • @gauravtrivedi80
    @gauravtrivedi80 4 роки тому +2

    Thanks so much, really great videos!,
    Do have link for remaining domains ?
    2 Asset Security
    3 Security Architecture and Engineering
    4 Communication and Network Security
    7 Security Operations
    8 Software Development Security
    ------------------Link already provided----------------------------------
    1 Security and Risk Management
    5 Identity and Access Management (IAM)
    6 Security Assessment and Testing

    • @destcert
      @destcert  4 роки тому +2

      Glad you like the videos! I’m working my way through the other domains. Domain 7 is up next.

    • @gauravtrivedi80
      @gauravtrivedi80 4 роки тому +1

      @@destcert Awesome!, thanks you!

  • @carlr.5222
    @carlr.5222 2 роки тому

    RBAC and RUBAC - aren't these NON-Discretionary?

  • @bbizzle6901
    @bbizzle6901 4 роки тому

    Hey Rob, am I correct that you don't have any mind map videos of domain 4?

    • @destcert
      @destcert  4 роки тому +1

      Just uploaded the first of 4 Domain 4 videos. The remainder will be up in the next 2-3 weeks. All the best in your studies!

    • @bbizzle6901
      @bbizzle6901 4 роки тому +2

      @@destcert Thanks Rob. I had my exam on the 31st and passed at a 100 questions. Your videos were helpful for getting me back into the flow of studying all the concepts

  • @sunny308616
    @sunny308616 2 роки тому

    Hey Rob, The videos are awesome, however I think the concept of Least Privilege and Need to know are opposite to what you have mentioned. Least Privilege = Mapped to user (subject). What minimum access is required to perform the job and Need to Know = mapped to object. Whether a particular object is accessible to a subject or not.

  • @davidchan6012
    @davidchan6012 3 роки тому

    Hey, great video. Well organised. Thanks.

  • @thenicefamily2078
    @thenicefamily2078 3 роки тому +2

    Just tossed a coin to your Witcher (or 2 coffees). Cheers for this.

    • @destcert
      @destcert  3 роки тому

      Ha! Love the Witcher reference. Thanks so much for the coffees. Greatly appreciated! All the best in your studies!

  • @vikas53953
    @vikas53953 4 роки тому +1

    Really helpful and Many thanks, If possible, Could you share for other domains also

    • @destcert
      @destcert  4 роки тому

      Yup! I am working through the other domains. Domain 8 is up next, then 2, 3, and 4.

    • @vikas53953
      @vikas53953 4 роки тому

      Many thanks and appreciated

  • @ANTZGTR
    @ANTZGTR 4 роки тому +1

    Great video

  • @generalblaster9089
    @generalblaster9089 3 роки тому +2

    This is a copy and paste from ISC2 official material: "RBACs are managed by the system owner and represent an implementation of DAC" pag 447

  • @yachidan
    @yachidan Рік тому

    You are awesome ❤

    • @destcert
      @destcert  10 місяців тому

      You're awesome, too! Thanks for watching! Explore more CISSP resources at destcert.com 🙌

  • @MS-cs7gt
    @MS-cs7gt Рік тому

    Role based and rule based ACs are not DAC

  • @SoFloofeh
    @SoFloofeh 4 роки тому +1

    thanks

  • @tuncery
    @tuncery 3 роки тому +3

    10k+ view but only 394 like... its not fair..

    • @destcert
      @destcert  3 роки тому +1

      I know, right??? 😜

    • @tuncery
      @tuncery 3 роки тому +3

      @@destcert 2nd rule from isc2 code of ethics canon: act honestly,justly etc. Give him a like :) 😂😂

  • @sattikhurram757
    @sattikhurram757 4 роки тому +4

    where is cissp mind map domain 3 and 4.Please upload as soon as. Thnkx

    • @destcert
      @destcert  4 роки тому +4

      I am working on Domain 3 now, and domain 4 next.

  • @MrSadav82
    @MrSadav82 3 роки тому

    Attribute / Context or Content? I guess it's mistake, supposed to be Context