What’s new in Telecommunications and Network Security
ISC2 published the 3rd edition of their CISSP CBK in late 2012. I ordered my copy in December 2012 and said, “So what’s new in Telecomm?”
First, let me say that all quoted material in this article is from the “Official (ISC)2 Guide to the CISSP® CBK Third Edition.”
I started going through the Telecommunications and Network Security domain and “WOW!!!” My hat’s off to the people who put this domain together.
In the 3rd edition, there are four main sections:
- Secure Network Architecture and Design
- Securing Network Components
- Secure Communication Channels
- Network Attacks
Compare this to the 2nd edition, which had eight sections:
- Layer 1: Physical Layer
- Layer 2: Data-link Layer
- Layer 3: Network Layer
- Layer 4: Transport Layer
- Layer 5: Session Layer
- Layer 6: Presentation Layer
- Layer 7: Application Layer
You can tell just by looking at the index that the emphasis has changed from the old OSI model to a “new way of thinking” about network security.
When I was looking at the Network Layer and found that 3rd edition went into detail regarding RIPv1 and RIPv2, as well as OSPFv1 and OSPFv2 I was OK with the level of detail, what I found impressing was how “easy” it was to read and understand. Even when it went into all the protocols associated with the Network Layer, I found it “easy” to read. But on to some good stuff; check out SASE and CASE in the Presentation Layer.
I noticed that this new edition also contained SCADA, which I found to be quite factual and straightforward. It is of interest to note the vulnerabilities in the reference table on page 312.
Multimedia collaboration and spimming, I think I need a new dictionary. Even SEM and SEIM, no wait a minute that should be SIEM. That is of course, unless they are coining a new phrase. I’m going to stick with SIEM, Security Information and Event Management. In any event, in the Telecommunications domain they refer to Security Event and Incident Management but talk about SIEM devices. Maybe it’s just a typo, you know how those things happen.
I like how the “Attack” section was organized. It clarified some things for me.
For me this domain is well organized, well highlighted, and as I said before, an “easy” read. There is however, way too much information in this domain to include it here, you’ll simply have to get the new CISSP CBK and read this domain or enroll in one of our training programs. Fill out the short form below for pricing information and details regarding our course.