Жанры
Авторы
Контакты
О сайте
Книжные новинки
Популярные книги
Найти
Главная
Авторы
Aaron Kraus
The Official (ISC)2 CISSP CBK Reference
Читать книгу The Official (ISC)2 CISSP CBK Reference - Leslie Fife, Aaron Kraus - Страница 1
Оглавление
Предыдущая
Следующая
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
...
177
Оглавление
Купить и скачать книгу
Вернуться на страницу книги The Official (ISC)2 CISSP CBK Reference
Оглавление
Страница 1
Table of Contents
List of Tables
List of Illustrations
Guide
Pages
CISSP: Certified Information Systems Security Professional The Official (ISC)
2®
CISSP
®
CBK
®
Reference
Страница 8
Lead Authors
Technical Reviewer
Foreword
Introduction
Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management
Security Assessment and Testing
Security Operations
Software Development Security
DOMAIN 1 Security and Risk Management
UNDERSTAND, ADHERE TO, AND PROMOTE PROFESSIONAL ETHICS
(ISC)
2
Code of Professional Ethics
Organizational Code of Ethics
Ethics and the Internet
UNDERSTAND AND APPLY SECURITY CONCEPTS
Confidentiality
Integrity
Availability
Limitations of the CIA Triad
EVALUATE AND APPLY SECURITY GOVERNANCE PRINCIPLES
Alignment of the Security Function to Business Strategy, Goals, Mission, and Objectives
Organizational Processes
Governance Committees
Mergers and Acquisitions
Divestitures
Organizational Roles and Responsibilities
Security Control Frameworks
ISO/IEC 27001
ISO/IEC 27002
NIST 800-53
NIST Cybersecurity Framework
CIS Critical Security Controls
Due Care and Due Diligence
DETERMINE COMPLIANCE AND OTHER REQUIREMENTS
Legislative and Regulatory Requirements
U.S. Computer Security Act of 1987
U.S. Federal Information Security Management Act (FISMA) of 2002
Industry Standards and Other Compliance Requirements
U.S. Sarbanes–Oxley Act of 2002
System and Organization Controls
Payment Card Industry Data Security Standard
Privacy Requirements
UNDERSTAND LEGAL AND REGULATORY ISSUES THAT PERTAIN TO INFORMATION SECURITY IN A HOLISTIC CONTEXT
Cybercrimes and Data Breaches
U.S. Computer Fraud and Abuse Act of 1986, 18 U.S.C. § 1030
U.S. Electronic Communications Privacy Act of 1986
U.S. Economic Espionage Act of 1996
U.S. Child Pornography Prevention Act of 1996
U.S. Identity Theft and Assumption Deterrence Act of 1998
USA PATRIOT Act of 2001
U.S. Homeland Security Act of 2002
U.S. Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003
U.S. Intelligence Reform and Terrorism Prevention Act of 2004
The Council of Europe's Convention on Cybercrime of 2001
The Computer Misuse Act 1990 (U.K.)
Information Technology Act of 2000 (India)
Cybercrime Act 2001 (Australia)
Licensing and Intellectual Property Requirements
Licensing
Patents
Trademarks
Copyrights
Trade Secrets
Import/Export Controls
Transborder Data Flow
Privacy
U.S. Federal Privacy Act of 1974, 5 U.S.C. § 552a
U.S. Health Insurance Portability and Accountability Act of 1996
U.S. Children's Online Privacy Protection Act of 1998
U.S. Gramm-Leach-Bliley Act of 1999
U.S. Health Information Technology for Economic and Clinical Health Act of 2009
Data Protection Directive (EU)
Data Protection Act 1998 (UK)
Safe Harbor
EU-US Privacy Shield
General Data Protection Regulation (EU)
GDPR Fines
Determination
Lower Level
Upper Level
UNDERSTAND REQUIREMENTS FOR INVESTIGATION TYPES
Administrative
Criminal
Civil
Regulatory
Industry Standards
DEVELOP, DOCUMENT, AND IMPLEMENT SECURITY POLICY, STANDARDS, PROCEDURES, AND GUIDELINES
Policies
Standards
Procedures
Guidelines
IDENTIFY, ANALYZE, AND PRIORITIZE BUSINESS CONTINUITY REQUIREMENTS
Business Impact Analysis
Develop and Document the Scope and the Plan
People
Processes
Technologies
CONTRIBUTE TO AND ENFORCE PERSONNEL SECURITY POLICIES AND PROCEDURES
Candidate Screening and Hiring
Employment Agreements and Policies
Onboarding, Transfers, and Termination Processes
Onboarding
Transfers
Termination
Vendor, Consultant, and Contractor Agreements and Controls
Compliance Policy Requirements
Privacy Policy Requirements
UNDERSTAND AND APPLY RISK MANAGEMENT CONCEPTS
Identify Threats and Vulnerabilities
Threats
Vulnerabilities
Assets
Risk Assessment
Risk Identification
Risk Analysis
Quantitative Risk Calculation
Risk Evaluation
Risk Response/Treatment
Avoid
Mitigate
Transfer
Accept
Countermeasure Selection and Implementation
Security-Effectiveness
Cost-Effectiveness
Operational Impact
Applicable Types of Controls
Control Assessments
Monitoring and Measurement
Reporting
Continuous Improvement
Risk Frameworks
International Standards Organization
U.S. National Institute of Standards and Technology
COBIT and RiskIT
UNDERSTAND AND APPLY THREAT MODELING CONCEPTS AND METHODOLOGIES
Threat Modeling Concepts
Attacker-centric
Asset-centric
Software-centric (or System-centric)
Threat Modeling Methodologies
STRIDE
PASTA
NIST 800-154
DREAD
Other Models
APPLY SUPPLY CHAIN RISK MANAGEMENT CONCEPTS
Risks Associated with Hardware, Software, and Services
Malicious Code in the Supply Chain
SolarWinds and the SUNBURST Attack
Third-Party Assessment and Monitoring
Minimum Security Requirements
Service-Level Requirements
Frameworks
NIST IR 7622
ISO 28000
U.K. National Cyber Security Centre
ESTABLISH AND MAINTAIN A SECURITY AWARENESS, EDUCATION, AND TRAINING PROGRAM
Methods and Techniques to Present Awareness and Training
Social Engineering
Security Champions
Gamification
Periodic Content Reviews
Program Effectiveness Evaluation
SUMMARY
{buyButton}
Подняться наверх
