Читать книгу (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple - Страница 30

THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:

 Domain 1.0: Security and Risk Management1.2 Understand and apply security concepts1.2.1 Confidentiality, integrity, and availability, authenticity and nonrepudiation1.3 Evaluate and apply security governance principles1.3.1 Alignment of security function to business strategy, goals, mission, and objectives1.3.2 Organizational processes (e.g., acquisitions, divestitures, governance committees)1.3.3 Organizational roles and responsibilities1.3.4 Security control frameworks1.3.5 Due care/due diligence1.7 Develop, document, and implement security policy, standards, procedures, and guidelines1.11 Understand and apply threat modeling concepts and methodologies1.12 Apply Supply Chain Risk Management (SCRM) concepts1.12.1 Risks associated with hardware, software, and services1.12.2 Third-party assessment and monitoring1.12.3 Minimum security requirements1.12.4 Service level requirements

 Domain 3: Security Architecture and Engineering3.1 Research, implement and manage engineering processes using secure design principles3.1.1 Threat modeling3.1.3 Defense in depth

The Security and Risk Management domain of the CISSP certification exam encompasses many of the foundational elements of security solutions. Additional elements of this domain are discussed in various chapters: Chapter 2, “Personnel Security and Risk Management Concepts”; Chapter 3, “Business Continuity Planning”; Chapter 4, “Laws, Regulations, and Compliance”; and Chapter 19, “Investigations and Ethics.” Please be sure to review all these chapters to have a complete perspective on the topics of this domain.