Official (ISC)2 Guide to the CISSP CBK - Fourth Edition 2015.pdf

(31666 KB) Pobierz

Foreword

Introduction

Editors

Preface

Domain 1 — Security & Risk Management

Confidentiality, Integrity, and Availability

Confidentiality

Integrity

Availability

Security Governance

Goals, Mission, and Objectives of the Organization

Organizational Processes

Security Roles and Responsibilities

Information Security Strategies

The Complete and Effective Security Program

Oversight Committee Representation

Control Frameworks

Due Care

Due Diligence

Compliance

Governance, Risk Management, and Compliance (GRC)

Legislative and Regulatory Compliance

Privacy Requirements Compliance

Global Legal and Regulatory Issues

Computer/Cyber Crime

Licensing and Intellectual Property

Import/Export

Trans-Border Data Flow

Privacy

Data Breaches

Relevant Laws and Regulations

Understand Professional Ethics

Regulatory Requirements for Ethics Programs

Topics in Computer Ethics

Common Computer Ethics Fallacies

Hacking and Hacktivism

Ethics Codes of Conduct and Resources

(ISC)2 Code of Professional Ethics

Support Organization’s Code of Ethics

Develop and Implement Security Policy

Business Continuity (BC) & Disaster Recovery (DR) Requirements

Project Initiation and Management

Develop and Document Project Scope and Plan

Conducting the Business Impact Analysis (BIA)

Identify and Prioritize

Assess Exposure to Outages

Recovery Point Objectives (RPO)

Manage Personnel Security

Employment Candidate Screening

Employment Agreements and Policies

Employee Termination Processes

Vendor, Consultant, and Contractor Controls

Privacy

Risk Management Concepts

Organizational Risk Management Concepts

Risk Assessment Methodologies

Identify Threats and Vulnerabilities

Risk Assessment/Analysis

Countermeasure Selection

Implementation of Risk Countermeasures

Types of Controls

Access Control Types

Controls Assessment/Monitoring and Measuring

Tangible and Intangible Asset Valuation

Continuous Improvement

Risk Management Frameworks

Threat Modeling

Determining Potential Attacks and Reduction Analysis

Technologies & Processes to Remediate Threats

Acquisitions Strategy and Practice

Hardware, Software, and Services

Manage Third-Party Governance

Minimum Security and Service-Level Requirements

Security Education, Training, and Awareness

Formal Security Awareness Training

Awareness Activities and Methods – Creating the Culture of Awareness in the

Organization

Domain 2 — Asset Security

Data Management: Determine and Maintain Ownership

Data Policy

Roles and Responsibilities

Data Ownership

Data Custodianship

Data Quality

Data Documentation and Organization

Data Standards

Data Lifecycle Control

Data Specification and Modeling

Database Maintenance

Data Audit

Data Storage and Archiving

Longevity and Use

Data Security

Data Access, Sharing, and Dissemination

Data Publishing

Classify Information and Supporting Assets

Asset Management

Software Licensing

Equipment Lifecycle

Protect Privacy

Ensure Appropriate Retention

Media, Hardware, and Personnel

Company “X” Data Retention Policy

Determine Data Security Controls

Data at Rest

Data in Transit

Baselines

Scoping and Tailoring

Standards Selection

United States Resources

International Resources

National Cyber Security Framework Manual

Framework for Improving Critical Infrastructure Cybersecurity

Domain 3 — Security Engineering

The Engineering Lifecycle Using Security Design Principles

Fundamental Concepts of Security Models

Common System Components

How They Work Together

Enterprise Security Architecture

Common Architecture Frameworks

Zachman Framework

Capturing and Analyzing Requirements

Creating and Documenting Security Architecture

Information Systems Security Evaluation Models

Common Formal Security Models

Product Evaluation Models

Industry and International Security Implementation Guidelines

Security Capabilities of Information Systems

Access Control Mechanisms

Secure Memory Management

Vulnerabilities of Security Architectures

Systems

Technology and Process Integration

Single Point of Failure (SPOF)

Client-Based Vulnerabilities

Server-Based Vulnerabilities

Database Security

Large Scale Parallel Data Systems

Distributed Systems

Cryptographic Systems

Software and System Vulnerabilities and Threats

Web-Based

Vulnerabilities in Mobile Systems

Risks from Remote Computing

Risks from Mobile Workers

Vulnerabilities in Embedded Devices and Cyber-Physical Systems

The Application and Use of Cryptography

Official (ISC)2 Guide to the CISSP CBK - Fourth Edition 2015.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: