Читать книгу CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide - Gibson Darril - Страница 12
Chapter 1
Security Governance Through Principles and Policies
ОглавлениеTHE CISSP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:
✓ Domain 1: Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
■ A. Understand and apply concepts of confidentiality, integrity and availability
■ B. Apply security governance principles through:
■ B.1 Alignment of security function to strategy, goals, mission, and objectives (e.g., business case, budget and resources)
■ B.2 Organizational processes (e.g., acquisitions, divestitures, governance committees)
■ B.3 Security roles and responsibilities
■ B.4 Control frameworks
■ B.5 Due care
■ B.6 Due diligence
■ F. Develop and implement documented security policy, standards, procedures, and guidelines
■ J. Understand and apply threat modeling
■ J.1 Identifying threats (e.g., adversaries, contractors, employees, trusted partners)
■ J.2 Determining and diagramming potential attacks (e.g., social engineering, spoofing)
■ J.3 Performing reduction analysis
■ J.4 Technologies and processes to remediate threats (e.g., software architecture and operations)
■ K. Integrate security risk considerations into acquisition strategy and practice
■ K.1 Hardware, software, and services
■ K.2 Third-party assessment and monitoring (e.g., on-site assessment, document exchange and review, process/policy review)
■ K.3 Minimum security requirements
■ K.4 Service-level requirements
The Security and Risk Management domain of the Common Body of Knowledge (CBK) for the CISSP certification exam deals with many of the foundational elements of security solutions. These include elements essential to the design, implementation, and administration of security mechanisms. Additional elements of this domain are discussed in various chapters: Chapter 2, “Personal Security and Risk Management Concepts”; Chapter 3, “Business Continuity Planning”; and Chapter 4, “Laws, Regulations, and Compliance.” Please be sure to review all of these chapters to have a complete perspective on the topics of this domain.
