CISSP CBK 双sP

网络安全

cissp

需积分: 12 22 下载量 76 浏览量 2018-08-29 10:18:00 上传评论 1 收藏 30.93MB PDF 举报

温馨提示

试读

1667页

CISSP是一种反映信息系统安全专业人员水平的证书，可以证明证书持有者具备了符合国际标准要求的信息安全知识和经验能力，已经得到了全球范围的广泛认可。 CISSP认证考试由 (ISC)² 组织与管理，参加CISSP认证的人员需要遵守CISSP 道德规范（Code　of　Ethics），同时要有在信息系统安全通用知识框架（CBK）的十个领域之中拥有最少2个范围的专业经验5年；或者4年的有关专业经验及拥有学士资格或ISC2认可的证书。此外，CISSP应考者还需要得到另外一位持有有效ISC2认证的专业人士推荐确认（Endorsement)。有效的推荐人指任何持有CISSP、SSCP及CAP的专业人士。随着全球性信息化的深入发展，信息网络技术已广泛应用到企业商务系统、金融业务系统、政府部门信息系统等，由于Internet具有开放性、国际性和自由性等特点，因此为保护机密信息不受黑客和间谍的入侵及破坏，各系统对网络安全的问题日益重视，在此方面的投资比例亦日趋增大。为此，建立一套统一的标准，培养合格的信息安全专业人员来应付网络安全的需要显得尤为迫切。CISSP正是为了满足此方面的需求发展而来，并在信息系统安全领域发挥了极为重要的作用。

资源推荐

资源详情

资源评论

Foreword
Introduction
Editors
Preface
Domain 1 — Security & Risk Management
Confidentiality, Integrity, and Availability
Confidentiality
Integrity
Availability
Security Governance
Goals, Mission, and Objectives of the Organization
Organizational Processes
Security Roles and Responsibilities
Information Security Strategies
The Complete and Effective Security Program
Oversight Committee Representation
Control Frameworks
Due Care
Due Diligence
Compliance
Governance, Risk Management, and Compliance (GRC)
Legislative and Regulatory Compliance

Privacy Requirements Compliance
Global Legal and Regulatory Issues
Computer/Cyber Crime
Licensing and Intellectual Property
Import/Export
Trans-Border Data Flow
Privacy
Data Breaches
Relevant Laws and Regulations
Understand Professional Ethics
Regulatory Requirements for Ethics Programs
Topics in Computer Ethics
Common Computer Ethics Fallacies
Hacking and Hacktivism
Ethics Codes of Conduct and Resources
(ISC)2 Code of Professional Ethics
Support Organization’s Code of Ethics
Develop and Implement Security Policy
Business Continuity (BC) & Disaster Recovery (DR) Requirements
Project Initiation and Management
Develop and Document Project Scope and Plan
Conducting the Business Impact Analysis (BIA)
Identify and Prioritize
Assess Exposure to Outages
Recovery Point Objectives (RPO)
Manage Personnel Security
Employment Candidate Screening
Employment Agreements and Policies
Employee Termination Processes
Vendor, Consultant, and Contractor Controls
Privacy
Risk Management Concepts
Organizational Risk Management Concepts
Risk Assessment Methodologies
Identify Threats and Vulnerabilities
Risk Assessment/Analysis
Countermeasure Selection
Implementation of Risk Countermeasures
Types of Controls
Access Control Types
Controls Assessment/Monitoring and Measuring
Tangible and Intangible Asset Valuation
Continuous Improvement

Risk Management Frameworks
Threat Modeling
Determining Potential Attacks and Reduction Analysis
Technologies & Processes to Remediate Threats
Acquisitions Strategy and Practice
Hardware, Software, and Services
Manage Third-Party Governance
Minimum Security and Service-Level Requirements
Security Education, Training, and Awareness
Formal Security Awareness Training
Awareness Activities and Methods – Creating the Culture of Awareness in the
Organization
Domain 2 — Asset Security
Data Management: Determine and Maintain Ownership
Data Policy
Roles and Responsibilities
Data Ownership
Data Custodianship
Data Quality
Data Documentation and Organization
Data Standards
Data Lifecycle Control
Data Specification and Modeling
Database Maintenance
Data Audit
Data Storage and Archiving
Longevity and Use
Data Security
Data Access, Sharing, and Dissemination
Data Publishing
Classify Information and Supporting Assets
Asset Management
Software Licensing
Equipment Lifecycle
Protect Privacy
Ensure Appropriate Retention
Media, Hardware, and Personnel
Company “X” Data Retention Policy
Determine Data Security Controls
Data at Rest
Data in Transit

Baselines
Scoping and Tailoring
Standards Selection
United States Resources
International Resources
National Cyber Security Framework Manual
Framework for Improving Critical Infrastructure Cybersecurity
Domain 3 — Security Engineering
The Engineering Lifecycle Using Security Design Principles
Fundamental Concepts of Security Models
Common System Components
How They Work Together
Enterprise Security Architecture
Common Architecture Frameworks
Zachman Framework
Capturing and Analyzing Requirements
Creating and Documenting Security Architecture
Information Systems Security Evaluation Models
Common Formal Security Models
Product Evaluation Models
Industry and International Security Implementation Guidelines
Security Capabilities of Information Systems
Access Control Mechanisms
Secure Memory Management
Vulnerabilities of Security Architectures
Systems
Technology and Process Integration
Single Point of Failure (SPOF)
Client-Based Vulnerabilities
Server-Based Vulnerabilities
Database Security
Large Scale Parallel Data Systems
Distributed Systems
Cryptographic Systems
Software and System Vulnerabilities and Threats
Web-Based
Vulnerabilities in Mobile Systems
Risks from Remote Computing
Risks from Mobile Workers
Vulnerabilities in Embedded Devices and Cyber-Physical Systems
The Application and Use of Cryptography