CCSP study notes

- 15 mins read
Unstructured CCSP study notes PDF slides version EPUB version PDF report version I highly recommend reading - Cybersecurity / ISC2-CCSP for further notes. Business Requirements Analysis Inventory of Assets Surveys, audits, interviews, automation, etc Valuation of Assets Do not put a $10 lock on a $5 bicycle Data owner is the business manager in charge of the data Determination of Criticality Tangible assets - Cars in a Car Rental Agency Intangible assets - Music copyright for a Label Processes - Register failure in a fast food restaurant Data paths - Logistical coordination, Cargo to Carriers Personnel - Surgeon in a surgery Identify Single Points of Failure (SPOF) Criticality - SPOFs SPOF - Single Point of Failure
The Linux process model We’ll take a traditional multi-user Linux environment as a starting point. In this scenario, the provider runs the hardware, the operating system and supporting system functions. It turns out that on Linux processes cannot actually do much beyond compute operations on data in their own memory space. In order to do anything outside of that a process has to request that the kernel perform an operation on its behalf.

Fault Event Model

- 1 min read
Fault Event Model Source Notes Diagrams created with PlantUML PlantUML requires Graphviz to be installed to generate component diagrams Probabilities Success Abort Failure 0.9700 0.0291 0.0009 Human Error Probability (HEP) HEP Magnitude Reference - Human limit (team) 0.00001 10^-5 Reference - Human limit (person) 0.00010 10^-4 Task - Routine, familiar 0.00040 10^-4 Task - Routine, instruction 0.00600 10^-3 Task - Routine with deviation 0.01600 10^-2 Task - Non-routine, instruction 0.03000 10^-2 Task - Emergency with plan 0.

Kafka pattern visualization

- 1 min read
Kafka pipeline - dataflow Source Kafka pipeline - connection initialization Source Kafka pipeline, multi-platform - dataflow Source Kafka pipeline, multi-platform - connection initialization Source Notes Diagrams created with PlantUML PlantUML requires Graphviz to be installed to generate component diagrams

R - Coin toss

- 1 min read
Code library(ggplot2) library(gridExtra) set.seed(1) coin <- c(0,1) flipCoin <- function(num_flips=1000) { sample(coin, size=num_flips, replace=TRUE) } flipEstimate <- function(flips) { sum(flips==1) / length(flips) } plotFlips <- function(coinflips) { qplot( 1:length(coinflips), cumsum(coinflips==1) / (1:length(coinflips)), geom='line', ylim=coin, xlab = '# of flips', ylab = 'Freq coinflip == 1' ) } g1 <- plotFlips(flipCoin(10)) g2 <- plotFlips(flipCoin(100)) g3 <- plotFlips(flipCoin(1000)) g4 <- plotFlips(flipCoin(10000)) grid.arrange(g1, g2, g3, g4, ncol=2) Plot

R - plotting notes

- 2 mins read
Setup library(ggplot2) library(gridExtra) Distribution size <- 100 vect <- seq(1, size, by=1) m <- mean(vect) std <- sqrt(var(vect)) distF <- data.frame( indx = vect, gaus = dnorm(vect, mean=m, sd=std), pois = dpois(vect, vect), unif = dunif(vect, min=1, max=size) ) g1 <- ggplot(data=distF, aes(x=indx, y=gaus)) + geom_point(shape=1) + guides(legend.title=element_blank()) g2 <- ggplot(data=distF, aes(x=indx, y=pois)) + geom_point(shape=1) g3 <- ggplot(data=distF, aes(x=indx, y=unif)) + geom_point(shape=1) grid.arrange(g1, g2, g3, ncol=3)` Random sampling randF <- data.
Update 2019-11: This work has been integrated into the PlantUML standard library 🎉🎉 New repository with sprites for Kubernetes in PlantUML projects. These sprites have been generated using the PlantUML encodesprite command. See The source of the images is the kubernetes-icons repository at This repository inherits the Apache license from there. See LICENSE. Example @startuml !include ../resource/k8s-sprites-unlabeled-25pct.iuml package "Infrastructure" { component "<$master>\nmaster" as master component "<$etcd>\netcd" as etcd component "<$node>\nnode" as node } Sprites References https://github.
OPA is a lightweight general-purpose policy engine that can be co-located with your service. You can integrate OPA as a sidecar, host-level daemon, or library. - Open Policy Agent Published a new middleware library for actix-web to enable OPA integration. Source Rust crate Docs

Service mesh visualizations

- 1 min read
Direct connections Source Central proxy Source Sidecar proxy Source Istio Source Notes Diagrams created with PlantUML PlantUML requires Graphviz to be installed to generate component diagrams

Kubernetes building blocks

- 1 min read
mtail mtail - extract whitebox monitoring data from application logs for collection into a timeseries database - This project does not have an official docker image. I have a public, automated build at, tlsrouter TLSRouter is a TLS proxy that routes connections to backends based on the TLS SNI (Server Name Indication) of the TLS handshake. It carries no encryption keys and cannot decode the traffic that it proxies.