Aaron Kraus - The Official (ISC)2 CISSP CBK Reference

Здесь есть возможность читать онлайн «Aaron Kraus - The Official (ISC)2 CISSP CBK Reference» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

The Official (ISC)2 CISSP CBK Reference: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «The Official (ISC)2 CISSP CBK Reference»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

The only official, comprehensive reference guide to the CISSP Thoroughly updated for 2021 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)2, the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024.
This CBK covers the current eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Revised and updated by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with:
Common and good practices for each objective Common vocabulary and definitions References to widely accepted computing standards Highlights of successful approaches through case studies Whether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security

The Official (ISC)2 CISSP CBK Reference — читать онлайн ознакомительный отрывок

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «The Official (ISC)2 CISSP CBK Reference», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

Table of Contents

1 Cover

2 Title Page CISSP: Certified Information Systems Security Professional The Official (ISC) 2® CISSP ® CBK ® Reference Sixth Edition ARTHUR DEANE AARON KRAUS

3 Copyright

4 Lead Authors

5 Technical Reviewer

6 Foreword

7 Introduction

8 DOMAIN 1: Security and Risk Management UNDERSTAND, ADHERE TO, AND PROMOTE PROFESSIONAL ETHICS UNDERSTAND AND APPLY SECURITY CONCEPTS EVALUATE AND APPLY SECURITY GOVERNANCE PRINCIPLES DETERMINE COMPLIANCE AND OTHER REQUIREMENTS UNDERSTAND LEGAL AND REGULATORY ISSUES THAT PERTAIN TO INFORMATION SECURITY IN A HOLISTIC CONTEXT UNDERSTAND REQUIREMENTS FOR INVESTIGATION TYPES DEVELOP, DOCUMENT, AND IMPLEMENT SECURITY POLICY, STANDARDS, PROCEDURES, AND GUIDELINES IDENTIFY, ANALYZE, AND PRIORITIZE BUSINESS CONTINUITY REQUIREMENTS CONTRIBUTE TO AND ENFORCE PERSONNEL SECURITY POLICIES AND PROCEDURES UNDERSTAND AND APPLY RISK MANAGEMENT CONCEPTS UNDERSTAND AND APPLY THREAT MODELING CONCEPTS AND METHODOLOGIES APPLY SUPPLY CHAIN RISK MANAGEMENT CONCEPTS ESTABLISH AND MAINTAIN A SECURITY AWARENESS, EDUCATION, AND TRAINING PROGRAM SUMMARY

9 DOMAIN 2: Asset Security IDENTIFY AND CLASSIFY INFORMATION AND ASSETS ESTABLISH INFORMATION AND ASSET HANDLING REQUIREMENTS PROVISION RESOURCES SECURELY MANAGE DATA LIFECYCLE ENSURE APPROPRIATE ASSET RETENTION DETERMINE DATA SECURITY CONTROLS AND COMPLIANCE REQUIREMENTS SUMMARY

10 DOMAIN 3: Security Architecture and Engineering RESEARCH, IMPLEMENT, AND MANAGE ENGINEERING PROCESSES USING SECURE DESIGN PRINCIPLES UNDERSTAND THE FUNDAMENTAL CONCEPTS OF SECURITY MODELS SELECT CONTROLS BASED UPON SYSTEMS SECURITY REQUIREMENTS UNDERSTAND SECURITY CAPABILITIES OF INFORMATION SYSTEMS ASSESS AND MITIGATE THE VULNERABILITIES OF SECURITY ARCHITECTURES, DESIGNS, AND SOLUTION ELEMENTS SELECT AND DETERMINE CRYPTOGRAPHIC SOLUTIONS UNDERSTAND METHODS OF CRYPTANALYTIC ATTACKS APPLY SECURITY PRINCIPLES TO SITE AND FACILITY DESIGN DESIGN SITE AND FACILITY SECURITY CONTROLS SUMMARY

11 DOMAIN 4: Communication and Network Security ASSESS AND IMPLEMENT SECURE DESIGN PRINCIPLES IN NETWORK ARCHITECTURES SECURE NETWORK COMPONENTS IMPLEMENT SECURE COMMUNICATION CHANNELS ACCORDING TO DESIGN SUMMARY

12 DOMAIN 5: Identity and Access Management CONTROL PHYSICAL AND LOGICAL ACCESS TO ASSETS MANAGE IDENTIFICATION AND AUTHENTICATION OF PEOPLE, DEVICES, AND SERVICES FEDERATED IDENTITY WITH A THIRD-PARTY SERVICE IMPLEMENT AND MANAGE AUTHORIZATION MECHANISMS MANAGE THE IDENTITY AND ACCESS PROVISIONING LIFECYCLE IMPLEMENT AUTHENTICATION SYSTEMS SUMMARY

13 DOMAIN 6: Security Assessment and Testing DESIGN AND VALIDATE ASSESSMENT, TEST, AND AUDIT STRATEGIES CONDUCT SECURITY CONTROL TESTING COLLECT SECURITY PROCESS DATA ANALYZE TEST OUTPUT AND GENERATE REPORT CONDUCT OR FACILITATE SECURITY AUDITS SUMMARY

14 DOMAIN 7: Security Operations UNDERSTAND AND COMPLY WITH INVESTIGATIONS CONDUCT LOGGING AND MONITORING ACTIVITIES PERFORM CONFIGURATION MANAGEMENT APPLY FOUNDATIONAL SECURITY OPERATIONS CONCEPTS APPLY RESOURCE PROTECTION CONDUCT INCIDENT MANAGEMENT OPERATE AND MAINTAIN DETECTIVE AND PREVENTATIVE MEASURES IMPLEMENT AND SUPPORT PATCH AND VULNERABILITY MANAGEMENT UNDERSTAND AND PARTICIPATE IN CHANGE MANAGEMENT PROCESSES IMPLEMENT RECOVERY STRATEGIES IMPLEMENT DISASTER RECOVERY PROCESSES TEST DISASTER RECOVERY PLANS PARTICIPATE IN BUSINESS CONTINUITY PLANNING AND EXERCISES IMPLEMENT AND MANAGE PHYSICAL SECURITY ADDRESS PERSONNEL SAFETY AND SECURITY CONCERNS SUMMARY

15 DOMAIN 8: Software Development Security UNDERSTAND AND INTEGRATE SECURITY IN THE SOFTWARE DEVELOPMENT LIFE CYCLE (SDLC) IDENTIFY AND APPLY SECURITY CONTROLS IN SOFTWARE DEVELOPMENT ECOSYSTEMS ASSESS THE EFFECTIVENESS OF SOFTWARE SECURITY ASSESS SECURITY IMPACT OF ACQUIRED SOFTWARE DEFINE AND APPLY SECURE CODING GUIDELINES AND STANDARDS SUMMARY

16 Index

17 End User License Agreement

List of Tables

1 Chapter 2TABLE 2.1 Examples of Asset Classifications

2 Chapter 3TABLE 3.1 An Example Access MatrixTABLE 3.2 Cloud Service ModelsTABLE 3.3 Cryptographic ApproachesTABLE 3.4 Overview of Block CiphersTABLE 3.5 General Data Center Redundancy Tier Levels

3 Chapter 4TABLE 4.1 IPv4 Network ClassesTABLE 4.2 802.11 Standard AmendmentsTABLE 4.3 Basic Overview of Cellular Wireless TechnologiesTABLE 4.4 Important Characteristics for Common Network Cabling Types

List of Illustrations

1 Chapter 1FIGURE 1.1 CIA TriadFIGURE 1.2 NIST Cybersecurity FrameworkFIGURE 1.3 Relationship between policies, procedures, standards, and guideli...FIGURE 1.4 Relationship between MTD, RTO, and RPOFIGURE 1.5 Relationship between threats, vulnerabilities, assets, and risks...FIGURE 1.6 Steps for assessing riskFIGURE 1.7 ISO 31000:2018FIGURE 1.8 NIST Risk Management Framework

2 Chapter 2FIGURE 2.1 General benefits of asset classificationFIGURE 2.2 Data de-identification via anonymizationFIGURE 2.3 Data de-identification via maskingFIGURE 2.4 Typical asset management lifecycleFIGURE 2.5 Secure data lifecycleFIGURE 2.6 Relationship between data processor and data controllerFIGURE 2.7 Data states and examplesFIGURE 2.8 Tailoring process

3 Chapter 3FIGURE 3.1 N-tier architectureFIGURE 3.2 Finite state modelFIGURE 3.3 Simple Security Property and Star Property rulesFIGURE 3.4 Simple Integrity Property and Star Integrity Property rulesFIGURE 3.5 Brewer–Nash security modelFIGURE 3.6 Plan-Do-Check-Act cycleFIGURE 3.7 Operating system memory protectionFIGURE 3.8 Trusted Platform Module processesFIGURE 3.9 The cloud shared responsibility model for IaaS, PaaS, and SaaSFIGURE 3.10 Components of the Mirai DDoS BotNet attackFIGURE 3.11 Monoliths and microservicesFIGURE 3.12 An operating system efficiently allocates hardware resources bet...FIGURE 3.13 Type 1 and Type 2 hypervisorsFIGURE 3.14 ECB, CBC and CFB block encryption implementationsFIGURE 3.15 Stream cipher encryption algorithmFIGURE 3.16 Block cipher encryption algorithmFIGURE 3.17 Multiple rounds of mathematical functions in block ciphersFIGURE 3.18 Block cipher with substitution of S-boxesFIGURE 3.19 Block cipher with permutation of P-boxesFIGURE 3.20 Adding padding at the end of a message in a block cipherFIGURE 3.21 ECB padding produces serious weaknesses for longer messagesFIGURE 3.22 CBC mode encryptionFIGURE 3.23 CFB mode encryptionFIGURE 3.24 CTR mode encryptionFIGURE 3.25 Elliptic curveFIGURE 3.26 A certificate chain protects a CA's root private keyFIGURE 3.27 Producing and verifying a digital signatureFIGURE 3.28 Steps for using a cryptographic hash to detect tampering of a me...FIGURE 3.29 HMAC process

4 Chapter 4FIGURE 4.1 The OSI reference modelFIGURE 4.2 TCP three-way handshakeFIGURE 4.3 The TCP/IP reference modelFIGURE 4.4 Comparison of the OSI and TCP/IP modelsFIGURE 4.5 NAT implemented on a perimeter firewallFIGURE 4.6 Man-in-the-middle attackFIGURE 4.7 Virtual local area networkFIGURE 4.8 Multiple firewall deployment architectureFIGURE 4.9 Ring topologyFIGURE 4.10 Linear bus and tree bus topologiesFIGURE 4.11 Star topologyFIGURE 4.12 Mesh topologyFIGURE 4.13 Common areas of increased risk in remote access

5 Chapter 5FIGURE 5.1 The access management lifecycle

6 Chapter 6FIGURE 6.1 Pen test phases

7 Chapter 7FIGURE 7.1 Security perimeters

8 Chapter 8FIGURE 8.1 The Waterfall modelFIGURE 8.2 Scrum process flowFIGURE 8.3 SAMM domains and practices

Guide

1 Cover

2 Table of Contents

3 Title Page CISSP: Certified Information Systems Security Professional The Official (ISC) 2® CISSP ® CBK ® Reference Sixth Edition ARTHUR DEANE AARON KRAUS

4 Copyrigt

5 Lead Authors

6 Technical Reviewer

7 Foreword

8 Introduction

9 Begin Reading

10 Index

Читать дальше
Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

Похожие книги на «The Official (ISC)2 CISSP CBK Reference»

Представляем Вашему вниманию похожие книги на «The Official (ISC)2 CISSP CBK Reference» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.


Отзывы о книге «The Official (ISC)2 CISSP CBK Reference»

Обсуждение, отзывы о книге «The Official (ISC)2 CISSP CBK Reference» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.

x