Жанры Авторы Контакты О сайте

Книжные новинки Популярные книги

Главная Авторы Mike Wills The Official (ISC)2 SSCP CBK Reference

Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 1

Оглавление

Предыдущая Следующая

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 ...182

Оглавление

The Official (ISC)2 SSCP CBK Reference

Купить и скачать книгу Вернуться на страницу книги The Official (ISC)2 SSCP CBK Reference

Оглавление

Страница 1 Table of Contents List of Tables List of Illustrations Guide Pages The Official (ISC)2^® SSCP^® CBK^® Reference Страница 8 Acknowledgments About the Author About the Technical Editor Foreword Introduction ABOUT THIS BOOK The SSCP Seven Domains Using This Book to Defeat the Cybersecurity Kill Chain WHERE DO YOU GO FROM HERE? The SSCP CBK and Your Professional Growth Path Maintaining the SSCP Certification Join a Local Chapter LET'S GET STARTED! HOW TO CONTACT THE PUBLISHER NOTES CHAPTER 1 SSCP^® Security Operations and Administration COMPLY WITH CODES OF ETHICS Understand, Adhere to, and Promote Professional Ethics (ISC)2 Code of Ethics Organizational Code of Ethics UNDERSTAND SECURITY CONCEPTS Conceptual Models for Information Security Confidentiality Intellectual Property Protect IP by Labeling It Software, Digital Expression, and Copyright Copyleft? Industrial or Corporate Espionage Integrity REAL WORLD EXAMPLE: Trustworthiness Is Perceptual Availability Accountability Privacy Privacy Is Not Confidentiality Privacy: In Law, in Practice, in Information Systems Universal Declaration of Human Rights OECD and Privacy OECD Privacy Principles: Basic Principles of National Application Asia-Pacific Economic Cooperation Privacy Framework PII and NPI Private and Public Places Privacy versus Security, or Privacy and Security Nonrepudiation Authentication Safety Fundamental Security Control Principles Need to Know Least Privilege Separation of Duties Separation of Duties and Least Privilege: It's Not Just About Your People! Access Control and Need-to-Know Job Rotation and Privilege Creep DOCUMENT, IMPLEMENT, AND MAINTAIN FUNCTIONAL SECURITY CONTROLS Deterrent Controls Preventative Controls Detective Controls Corrective Controls Compensating Controls Residual Risk Isn't “Compensated For” The Lifecycle of a Control PARTICIPATE IN ASSET MANAGEMENT Parts or Assets? Asset Inventory Inventory Tool/System of Record Process Considerations Lifecycle (Hardware, Software, and Data) Hardware Inventory Software Inventory and Licensing Data Storage Information Lifecycle Apply Resource Protection Techniques to Media Marking Colorize to Classify Protecting Transport Sanitization and Disposal Media Disposal and Information Retention Must Match IMPLEMENT SECURITY CONTROLS AND ASSESS COMPLIANCE Technical Controls Physical Controls Human Vigilance—Keep It Working for You Administrative Controls Policies Standards Procedures Baselines Guidelines Periodic Audit and Review Audits Exercises and Operational Evaluations PARTICIPATE IN CHANGE MANAGEMENT Change Management or Configuration Management? Execute Change Management Process Identify Security Impact Testing/Implementing Patches, Fixes, and Updates PARTICIPATE IN SECURITY AWARENESS AND TRAINING Security Awareness Overview Competency as the Criterion Build a Security Culture, One Awareness Step at a Time PARTICIPATE IN PHYSICAL SECURITY OPERATIONS Physical Access Control Don't Fail to Imagine Property Approach Perimeter Parking Facility Entrance Internal Access Controls The Data Center Service Level Agreements Specific Terms and Metrics Mechanism for Monitoring Service SUMMARY CHAPTER 2 SSCP^® Access Controls ACCESS CONTROL CONCEPTS Subjects and Objects Privileges: What Subjects Can Do with Objects Data Classification, Categorization, and Access Control Access Control via Formal Security Models Star or Simple? Which Way? IMPLEMENT AND MAINTAIN AUTHENTICATION METHODS Single-Factor/Multifactor Authentication Type I: Something You Know Passwords Classical Password Policies—and Pitfalls Stay Current on Best Password Practices Passphrases Salt What You Know Before You Hash It Security Questions Personal Identification Numbers or Memorable Information Recent Access History Escrow, Recovery, and Reset Type II: Something You Have Smart Cards Security Tokens Type III: Something You Are New Factor Type: Something You Do Distress Codes Considerations When Using Biometric Methods New Factor Type: Somewhere You Are Accountability Single Sign-On Device Authentication Removable Media: A Mixed Blessing or Only a Curse? Federated Access Using SAML for Federated Identity Management SUPPORT INTERNETWORK TRUST ARCHITECTURES Trust Relationships (One-Way, Two-Way, Transitive) Extranet Third-Party Connections Zero Trust Architectures PARTICIPATE IN THE IDENTITY MANAGEMENT LIFECYCLE Authorization How Useful Is Your Identity Management and Access Control System? Proofing Provisioning/Deprovisioning Revoking vs. Deleting an Identity Identity and Access Maintenance User Access Review System Account Access Review Auditing Enforcement Entitlement Are You Positive? Manage by Groups, Not by Individual Accounts Manage Devices in Groups, Too Identity and Access Management Systems IMPLEMENT ACCESS CONTROLS Mandatory vs. Discretionary Access Control “Built-In” Solutions? Role-Based Attribute-Based Subject-Based Object-Based SUMMARY {buyButton}

Подняться наверх

Популярные жанры Детективы Классика Искусство Психология Наука и образование Фантастика Фэнтези

Книжные новинки Популярные книги Жанры Авторы Контакты О сайте

© КнигаЛит.ру 2015 - 2024. Рейтинг книг, рецензии и отзывы о бумажных и электронных книгах, сравнение цен на книги в магазинах.

На нашем сайте вы можете скачать бесплатно и читать бесплатно онлайн фрагмент интересующего вас произведения, заказать и купить бумажную книгу с доставкой в книжных интернет-магазинах, или электронную книгу в одном из популярных форматов для чтения на ридере, мобильном устройстве и ПК. Подробнее о сайте.