Muutke küpsiste eelistusi

E-raamat: CISSP Passport

4.00/5 (2 hinnangut Goodreads-ist)
  • Formaat: 448 pages
  • Ilmumisaeg: 07-Oct-2022
  • Kirjastus: McGraw-Hill Education
  • Keel: eng
  • ISBN-13: 9781264277988
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 36,40 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
CISSP PassportSuurem pilt
  • Formaat: 448 pages
  • Ilmumisaeg: 07-Oct-2022
  • Kirjastus: McGraw-Hill Education
  • Keel: eng
  • ISBN-13: 9781264277988
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

This quick review study guide offers 100% coverage of every topic on the latest version of the CISSP exam

Get on the fast track to becoming CISSP certified with this affordable, portable study tool. Inside, cybersecurity instructor Bobby Rogers guides you on your career path, providing expert tips and sound advice along the way. With an intensive focus only on what you need to know to pass (ISC)2®s 2021 Certified Information Systems Security Professional exam, this certification passport is your ticket to success on exam day.

Designed for focus on key topics and exam success:





List of official exam objectives covered by domain Exam Tips offer expert pointers for success on the test Cautions highlight common pitfalls and real-world issues as well as provide warnings about the exam Tables, bulleted lists, and figures throughout focus on quick reference and review Cross-Reference elements point to an essential, related concept covered elsewhere in the book Additional Resources direct you to sources recommended for further learning Practice questions and content review after each objective section prepare you for exam mastery





Covers all exam topics, including:





Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management (IAM) Security Assessment and Testing Security Operations Software Development Security





Online content includes:





Customizable practice exam test engine 300 realistic practice questions with in-depth explanations
Acknowledgments xxvii
Introduction xxix
1.0 Security and Risk Management
1(84)
Objective 1.1 Understand, adhere to, and promote professional ethics
2(7)
The (ISC)2 Code of Ethics
3(1)
Code of Ethics Preamble
3(1)
Code of Ethics Canons
3(1)
Organizational Code of Ethics
4(1)
Workplace Ethics Statements and Policies
4(1)
Other Sources for Ethics Requirements
5(2)
Review
7(1)
1.1 Questions
7(1)
1.1 Answers
8(1)
Objective 1.2 Understand and apply security concepts
9(7)
Security Concepts
9(1)
Data, Information, Systems, and Entities
9(1)
Confidentiality
10(1)
Integrity
11(1)
Availability
11(1)
Supporting Tenets of Information Security
11(1)
Identification
11(1)
Authentication
11(1)
Authenticity
12(1)
Authorization
12(1)
Auditing and Accountability
12(1)
Nonrepudiation
12(1)
Supporting Security Concepts
13(1)
Review
14(1)
1.2 Questions
14(1)
1.2 Answers
15(1)
Objective 1.3 Evaluate and apply security governance principles
16(7)
Security Governance
16(1)
External Governance
16(1)
Internal Governance
16(1)
Alignment of Security Functions to Business Requirements
17(1)
Business Strategy and Security Strategy
17(1)
Organizational Processes
18(1)
Organizational Roles and Responsibilities
18(1)
Security Control Frameworks
19(1)
Due Care/Due Diligence
20(1)
Review
21(1)
1.3 Questions
21(1)
1.3 Answers
22(1)
Objective 1.4 Determine compliance and other requirements
23(6)
Compliance
23(1)
Legal and Regulatory Compliance
24(1)
Contractual Compliance
25(1)
Compliance with Industry Standards
25(1)
Privacy Requirements
25(1)
Review
26(1)
1.4 Questions
27(1)
1.4 Answers
28(1)
Objective 1.5 Understand legal and regulatory issues that pertain to information security in a holistic context
29(6)
Legal and Regulatory Requirements
29(1)
Cybercrimes
29(1)
Licensing and Intellectual Property Requirements
30(1)
Import/Export Controls
31(1)
Transborder Data Flow
32(1)
Privacy Issues
32(1)
Review
33(1)
1.5 Questions
33(1)
1.5 Answers
34(1)
Objective 1.6 Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)
35(4)
Investigations
35(1)
Administrative Investigations
35(1)
Civil Investigations
35(1)
Criminal Investigations
36(1)
Regulatory Investigations
36(1)
Industry Standards for Investigations
37(1)
Review
37(1)
1.6 Questions
38(1)
1.6 Answers
39(1)
Objective 1.7 Develop, document, and implement security policy, standards, procedures, and guidelines
39(6)
Internal Governance
40(1)
Policy
40(1)
Procedures
40(1)
Standards
41(1)
Guidelines
41(1)
Baselines
42(1)
Review
42(1)
1.7 Questions
43(1)
1.7 Answers
44(1)
Objective 1.8 Identify, analyze, and prioritize Business Continuity (BC) requirements
45(3)
Business Continuity
45(1)
Business Impact Analysis
46(1)
Developing the BIA
46(1)
Review
47(1)
1.8 Questions
47(1)
1.8 Answers
48(1)
Objective 1.9 Contribute to and enforce personnel security policies and procedures
48(9)
Personnel Security
49(1)
Candidate Screening and Hiring
49(1)
Employment Agreements and Policies
50(1)
Onboarding, Transfers, and Termination Processes
50(2)
Vendor, Consultant, and Contractor Agreements and Controls
52(1)
Compliance Policy Requirements
53(1)
Privacy Policy Requirements
53(1)
Review
54(1)
1.9 Questions
55(1)
1.9 Answers
56(1)
Objective 1.10 Understand and apply risk management concepts
57(13)
Risk Management
57(1)
Elements of Risk
57(2)
Identify Threats and Vulnerabilities
59(1)
Risk Assessment/Analysis
60(3)
Risk Response
63(1)
Risk Frameworks
64(1)
Countermeasure Selection and Implementation
64(1)
Applicable Types of Controls
65(1)
Control Assessments (Security and Privacy)
66(1)
Monitoring and Measurement
67(1)
Reporting
67(1)
Continuous Improvement
68(1)
Review
68(1)
1.10 Questions
69(1)
1.10 Answers
69(1)
Objective 1.11 Understand and apply threat modeling concepts and methodologies
70(4)
Threat Modeling
70(1)
Threat Components
70(2)
Threat Modeling Methodologies
72(1)
Review
73(1)
1.11 Questions
73(1)
1.11 Answers
73(1)
Objective 1.12 Apply Supply Chain Risk Management (SCRM) concepts
74(6)
Supply Chain Risk Management
74(1)
Risks Associated with Hardware, Software, and Services
74(2)
Third-Party Assessment and Monitoring
76(1)
Minimum Security Requirements
77(1)
Service Level Requirements
77(1)
Review
77(1)
1.12 Questions
78(1)
1.12 Answers
79(1)
Objective 1.13 Establish and maintain a security awareness, education, and training program
80(5)
Security Awareness, Education, and Training Program
80(1)
Methods and Techniques to Present Awareness and Training
80(2)
Periodic Content Reviews
82(1)
Program Effectiveness Evaluation
82(1)
Review
82(1)
1.13 Questions
83(1)
1.13 Answers
84(1)
2.0 Asset Security
85(30)
Objective 2.1 Identify and classify information and assets
86(4)
Asset Classification
86(1)
Data Classification
87(2)
Review
89(1)
2.1 Questions
89(1)
2.1 Answers
90(1)
Objective 2.2 Establish information and asset handling requirements
90(6)
Information and Asset Handling
90(1)
Handling Requirements
91(2)
Information Classification and Handling Systems
93(1)
Review
94(1)
2.2 Questions
95(1)
2.2 Answers
95(1)
Objective 2.3 Provision resources securely
96(3)
Securing Resources
96(1)
Asset Ownership
96(1)
Asset Inventory
96(1)
Asset Management
97(1)
Review
98(1)
2.3 Questions
99(1)
2.3 Answers
99(1)
Objective 2.4 Manage data lifecycle
99(6)
Managing the Data Life Cycle
100(1)
Data Roles
100(2)
Data Collection
102(1)
Data Location
102(1)
Data Maintenance
102(1)
Data Retention
103(1)
Data Remanence
103(1)
Data Destruction
103(1)
Review
104(1)
2.4 Questions
104(1)
2.4 Answers
105(1)
Objective 2.5 Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS))
105(4)
Asset Retention
105(1)
Asset Life Cycle
106(1)
End-of-Life and End-of-Support
106(2)
Review
108(1)
2.5 Questions
108(1)
2.5 Answers
108(1)
Objective 2.6 Determine data security controls and compliance requirements
109(6)
Data Security and Compliance
109(1)
Data States
109(1)
Control Standards Selection
110(1)
Scoping and Tailoring Data Security Controls
111(1)
Data Protection Methods
111(2)
Review
113(1)
2.6 Questions
113(1)
2.6 Answers
114(1)
3.0 Security Architecture and Engineering
115(68)
Objective 3.1 Research, implement, and manage engineering processes using secure design principles
116(6)
Threat Modeling
116(1)
Least Privilege
116(1)
Defense in Depth
117(1)
Secure Defaults
117(1)
Fail Securely
117(1)
Separation of Duties
118(1)
Keep It Simple
119(1)
Zero Trust
119(1)
Privacy by Design
119(1)
Trust But Verify
119(1)
Shared Responsibility
120(1)
Review
120(1)
3.1 Questions
121(1)
3.1 Answers
122(1)
Objective 3.2 Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)
122(8)
Security Models
122(1)
Terms and Concepts
123(1)
System States and Processing Modes
124(2)
Confidentiality Models
126(1)
Integrity Models
127(1)
Other Access Control Models
128(1)
Review
128(1)
3.2 Questions
129(1)
3.2 Answers
130(1)
Objective 3.3 Select controls based upon systems security requirements
130(5)
Selecting Security Controls
130(1)
Performance and Functional Requirements
131(1)
Data Protection Requirements
131(1)
Governance Requirements
132(1)
Interface Requirements
132(1)
Risk Response Requirements
133(1)
Review
133(1)
3.3 Questions
134(1)
3.3 Answers
134(1)
Objective 3.4 Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
135(4)
Information System Security Capabilities
135(1)
Hardware and Firmware System Security
135(2)
Secure Processing
137(1)
Review
138(1)
3.4 Questions
139(1)
3.4 Answers
139(1)
Objective 3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
139(9)
Vulnerabilities of Security Architectures, Designs, and Solutions
140(1)
Client-Based Systems
140(1)
Server-Based Systems
140(1)
Distributed Systems
141(1)
Database Systems
141(1)
Cryptographic Systems
142(1)
Industrial Control Systems
142(1)
Internet of Things
143(1)
Embedded Systems
143(1)
Cloud-Based Systems
144(1)
Virtualized Systems
145(1)
Containerization
146(1)
Microservices
146(1)
Serverless
146(1)
High-Performance Computing Systems
146(1)
Edge Computing Systems
146(1)
Review
147(1)
3.5 Questions
148(1)
3.5 Answers
148(1)
Objective 3.6 Select and determine cryptographic solutions
148(13)
Cryptography
149(1)
Cryptographic Life Cycle
149(2)
Cryptographic Methods
151(3)
Integrity
154(1)
Hybrid Cryptography
155(1)
Digital Certificates
156(1)
Public Key Infrastructure
156(2)
Nonrepudiation and Digital Signatures
158(1)
Key Management Practices
158(1)
Review
159(1)
3.6 Questions
160(1)
3.6 Answers
161(1)
Objective 3.7 Understand methods of cryptanalytic attacks
161(6)
Cryptanalytic Attacks
161(1)
Brute Force
162(1)
Ciphertext Only
162(1)
Known Plaintext
162(1)
Chosen Ciphertext and Chosen Plaintext
163(1)
Frequency Analysis
163(1)
Implementation
163(1)
Side Channel
163(1)
Fault Injection
164(1)
Timing
164(1)
Man-in-the-Middle (On-Path)
164(1)
Pass the Hash
165(1)
Kerberos Exploitation
165(1)
Ransomware
165(1)
Review
166(1)
3.7 Questions
166(1)
3.7 Answers
167(1)
Objective 3.8 Apply security principles to site and facility design
167(6)
Site and Facility Design
167(1)
Site Planning
167(1)
Secure Design Principles
168(4)
Review
172(1)
3.8 Questions
172(1)
3.8 Answers
173(1)
Objective 3.9 Design site and facility security controls
173(10)
Designing Facility Security Controls
173(1)
Crime Prevention Through Environmental Design
174(1)
Key Facility Areas of Concern
174(7)
Review
181(1)
3.9 Questions
181(1)
3.9 Answers
182(1)
4.0 Communication and Network Security
183(42)
Objective 4.1 Assess and implement secure design principles in network architectures
184(23)
Fundamental Networking Concepts
184(1)
Open Systems Interconnection and Transmission Control Protocol/Internet Protocol Models
185(2)
Internet Protocol Networking
187(2)
Secure Protocols
189(4)
Application of Secure Networking Concepts
193(1)
Implications of Multilayer Protocols
193(1)
Converged Protocols
194(1)
Micro-segmentation
195(2)
Wireless Technologies
197(1)
Wireless Theory and Signaling
197(2)
Wi-Fi
199(3)
Bluetooth
202(1)
Zigbee
202(1)
Satellite
203(1)
Li-Fi
203(1)
Cellular Networks
204(1)
Content Distribution Networks
205(1)
Review
206(1)
4.1 Questions
206(1)
4.1 Answers
207(1)
Objective 4.2 Secure network components
207(8)
Network Security Design and Components
208(1)
Operation of Hardware
208(4)
Transmission Media
212(1)
Endpoint Security
213(1)
Review
214(1)
4.2 Questions
214(1)
4.2 Answers
214(1)
Objective 4.3 Implement secure communication channels according to design
215(10)
Securing Communications Channels
215(1)
Voice
215(3)
Multimedia Collaboration
218(1)
Remote Access
219(1)
Data Communications
220(2)
Virtualized Networks
222(1)
Third-Party Connectivity
222(1)
Review
223(1)
4.3 Questions
223(1)
4.3 Answers
224(1)
5.0 Identity and Access Management (LAM)
225(34)
Objective 5.1 Control physical and logical access to assets
226(3)
Controlling Logical and Physical Access
226(1)
Logical Access
227(1)
Physical Access
228(1)
Review
228(1)
5.1 Questions
228(1)
5.1 Answers
229(1)
Objective 5.2 Manage identification and authentication of people, devices, and services
229(8)
Identification and Authentication
229(1)
Identity Management Implementation
230(1)
Single/Multifactor Authentication
230(1)
Accountability
231(1)
Session Management
232(1)
Registration, Proofing, and Establishment of Identity
232(1)
Federated Identity Management
233(1)
Credential Management Systems
233(1)
Single Sign-On
234(1)
Just-in-Time
234(1)
Review
235(1)
5.2 Questions
236(1)
5.2 Answers
236(1)
Objective 5.3 Federated identity with a third-party service
237(2)
Third-Party Identity Services
237(1)
On-Premise
237(1)
Cloud
238(1)
Hybrid
238(1)
Review
238(1)
5.3 Questions
239(1)
5.3 Answers
239(1)
Objective 5.4 Implement and manage authorization mechanisms
239(6)
Authorization Mechanisms and Models
240(1)
Discretionary Access Control
241(1)
Mandatory Access Control
241(1)
Role-Based Access Control
242(1)
Rule-Based Access Control
242(1)
Attribute-Based Access Control
243(1)
Risk-Based Access Control
243(1)
Review
243(1)
5.4 Questions
244(1)
5.4 Answers
244(1)
Objective 5.5 Manage the identity and access provisioning lifecycle
245(7)
Identity and Access Provisioning Life Cycle
245(1)
Provisioning and Deprovisioning
245(2)
Role Definition
247(1)
Privilege Escalation
248(1)
Account Access Review
249(2)
Review
251(1)
5.5 Questions
251(1)
5.5 Answers
252(1)
Objective 5.6 Implement authentication systems
252(7)
Authentication Systems
252(1)
Open Authorization
253(1)
OpenID Connect
253(1)
Security Assertion Markup Language
253(1)
Kerberos
254(2)
Remote Access Authentication and Authorization
256(1)
Review
257(1)
5.6 Questions
257(1)
5.6 Answers
258(1)
6.0 Security Assessment and Testing
259(26)
Objective 6.1 Design and validate assessment, test, and audit strategies
260(4)
Defining Assessments, Tests, and Audits
260(1)
Designing and Validating Evaluations
261(1)
Goals and Strategies
261(1)
Use of Internal, External, and Third-Party Assessors
262(1)
Review
263(1)
6.1 Questions
263(1)
6.1 Answers
264(1)
Objective 6.2 Conduct security control testing
264(8)
Security Control Testing
264(1)
Vulnerability Assessment
265(1)
Penetration Testing
265(2)
Log Reviews
267(1)
Synthetic Transactions
268(1)
Code Review and Testing
268(1)
Misuse Case Testing
269(1)
Test Coverage Analysis
269(1)
Interface Testing
269(1)
Breach Attack Simulations
270(1)
Compliance Checks
270(1)
Review
271(1)
6.2 Questions
271(1)
6.2 Answers
272(1)
Objective 6.3 Collect security process data (e.g., technical and administrative)
272(5)
Security Data
272(1)
Security Process Data
273(2)
Review
275(1)
6.3 Questions
276(1)
6.3 Answers
276(1)
Objective 6.4 Analyze test output and generate report
277(4)
Test Results and Reporting
277(1)
Analyzing the Test Results
277(1)
Reporting
278(1)
Remediation, Exception Handling, and Ethical Disclosure
278(2)
Review
280(1)
6.4 Questions
280(1)
6.4 Answers
280(1)
Objective 6.5 Conduct or facilitate security audits
281(4)
Conducting Security Audits
281(1)
Internal Security Auditors
282(1)
External Security Auditors
282(1)
Third-Party Security Auditors
283(1)
Review
284(1)
6.5 Questions
284(1)
6.5 Answers
284(1)
7.0 Security Operations
285(108)
Objective 7.1 Understand and comply with investigations
286(9)
Investigations
286(1)
Forensic Investigations
287(1)
Evidence Collection and Handling
287(3)
Digital Forensics Tools, Tactics, and Procedures
290(1)
Investigative Techniques
291(1)
Reporting and Documentation
292(1)
Review
293(1)
7.1 Questions
294(1)
7.1 Answers
294(1)
Objective 7.2 Conduct logging and monitoring activities
295(9)
Logging and Monitoring
295(1)
Continuous Monitoring
296(1)
Intrusion Detection and Prevention
296(1)
Security Information and Event Management
297(1)
Egress Monitoring
297(1)
Log Management
298(1)
Threat Intelligence
298(3)
User and Entity Behavior Analytics
301(1)
Review
302(1)
7.2 Questions
303(1)
7.2 Answers
304(1)
Objective 7.3 Perform Configuration Management (CM) (e.g., provisioning, baselining, automation)
304(4)
Configuration Management Activities
304(1)
Provisioning
305(1)
Baselining
305(1)
Automating the Configuration Management Process
306(1)
Review
306(1)
7.3 Questions
307(1)
7.3 Answers
307(1)
Objective 7.4 Apply foundational security operations concepts
308(6)
Security Operations
308(1)
Need-to-Know/Least Privilege
308(1)
Separation of Duties and Responsibilities
309(1)
Privileged Account Management
310(1)
Job Rotation
311(1)
Service Level Agreements
312(1)
Review
313(1)
7.4 Questions
314(1)
7.4 Answers
314(1)
Objective 7.5 Apply resource protection
314(4)
Media Management and Protection
315(1)
Media Management
315(1)
Media Protection Techniques
315(2)
Review
317(1)
7.5 Questions
317(1)
7.5 Answers
318(1)
Objective 7.6 Conduct incident management
318(8)
Security Incident Management
318(1)
Incident Management Life Cycle
319(5)
Review
324(1)
7.6 Questions
325(1)
7.6 Answers
326(1)
Objective 7.7 Operate and maintain detective and preventative measures
326(12)
Detective and Preventive Controls
326(1)
Allow-Listing and Deny-Listing
327(1)
Firewalls
328(3)
Intrusion Detection Systems and Intrusion Prevention Systems
331(1)
Third-Party Provided Security Services
332(1)
Honeypots and Honeynets
333(1)
Anti-malware
334(1)
Sandboxing
335(1)
Machine Learning and Artificial Intelligence
336(1)
Review
336(2)
7.7 Questions
338(1)
7.7 Answers
338(1)
Objective 7.8 Implement and support patch and vulnerability management
338(6)
Patch and Vulnerability Management
339(1)
Managing Vulnerabilities
339(1)
Managing Patches and Updates
340(2)
Review
342(1)
7.8 Questions
342(1)
7.8 Answers
343(1)
Objective 7.9 Understand and participate in change management processes
344(4)
Change Management
344(1)
Change Management Processes
344(3)
Review
347(1)
7.9 Questions
347(1)
7.9 Answers
348(1)
Objective 7.10 Implement recovery strategies
348(11)
Recovery Strategies
348(1)
Backup Storage Strategies
348(3)
Recovery Site Strategies
351(1)
Multiple Processing Sites
352(3)
Resiliency
355(1)
High Availability
355(1)
Quality of Service
356(1)
Fault Tolerance
356(1)
Review
357(1)
7.10 Questions
358(1)
7.10 Answers
359(1)
Objective 7.11 Implement Disaster Recovery (DR) processes
359(8)
Disaster Recovery
359(1)
Saving Lives and Preventing Harm to People
360(1)
The Disaster Recovery Plan
360(1)
Response
361(1)
Personnel
361(1)
Communications
361(2)
Assessment
363(1)
Restoration
363(1)
Training and Awareness
364(1)
Lessons Learned
364(1)
Review
365(1)
7.11 Questions
366(1)
7.11 Answers
367(1)
Objective 7.12 Test Disaster Recovery Plans (DRP)
367(5)
Testing the Disaster Recovery Plan
367(1)
Read-Through/Tabletop
368(1)
Walk-Through
369(1)
Simulation
369(1)
Parallel Testing
370(1)
Full Interruption
370(1)
Review
371(1)
7.12 Questions
371(1)
7.12 Answers
372(1)
Objective 7.13 Participate in Business Continuity (BC) planning and exercises
372(5)
Business Continuity
372(1)
Business Continuity Planning
373(2)
Business Continuity Exercises
375(1)
Review
376(1)
7.13 Questions
376(1)
7.13 Answers
377(1)
Objective 7.14 Implement and manage physical security
377(11)
Physical Security
377(1)
Perimeter Security Controls
378(4)
Internal Security Controls
382(4)
Review
386(1)
7.14 Questions
387(1)
7.14 Answers
387(1)
Objective 7.15 Address personnel safety and security concerns
388(5)
Personnel Safety and Security
388(1)
Travel
388(1)
Security Training and Awareness
389(1)
Emergency Management
389(1)
Duress
390(1)
Review
391(1)
7.15 Questions
391(1)
7.15 Answers
392(1)
8.0 Software Development Security
393(34)
Objective 8.1 Understand and integrate security in the Software Development Life Cycle (SDLC)
394(9)
Software Development Life Cycle
394(1)
Development Methodologies
395(3)
Maturity Models
398(2)
Operation and Maintenance
400(1)
Change Management
401(1)
Integrated Product Team
401(1)
Review
401(1)
8.1 Questions
402(1)
8.1 Answers
403(1)
Objective 8.2 Identify and apply security controls in software development ecosystems
403(9)
Security Controls in Software Development
403(1)
Programming Languages
404(1)
Libraries
405(1)
Tool Sets
406(1)
Integrated Development Environment
406(1)
Runtime
406(1)
Continuous Integration and Continuous Delivery
407(1)
Security Orchestration, Automation, and Response
407(1)
Software Configuration Management
408(1)
Code Repositories
408(1)
Application Security Testing
408(3)
Review
411(1)
8.2 Questions
411(1)
8.2 Answers
412(1)
Objective 8.3 Assess the effectiveness of software security
412(4)
Software Security Effectiveness
412(1)
Auditing and Logging Changes
413(1)
Risk Analysis and Mitigation
413(2)
Review
415(1)
8.3 Questions
415(1)
8.3 Answers
415(1)
Objective 8.4 Assess security impact of acquired software
416(4)
Security Impact of Acquired Software
416(1)
Commercial-off-the-Shelf Software
416(1)
Open-Source Software
417(1)
Third-Party Software
417(1)
Managed Services
418(1)
Review
419(1)
8.4 Questions
419(1)
8.4 Answers
420(1)
Objective 8.5 Define and apply secure coding guidelines and standards
420(7)
Secure Coding Guidelines and Standards
420(1)
Security Weaknesses and Vulnerabilities at the Source-Code Level
420(1)
Security of Application Programming Interfaces
421(1)
Secure Coding Practices
422(2)
Software-Defined Security
424(1)
Review
424(1)
8.5 Questions
425(1)
8.5 Answers
425(2)
A About the Online Content
427(4)
System Requirements
427(1)
Your Total Seminars Training Hub Account
427(1)
Privacy Notice
427(1)
Single User License Terms and Conditions
427(2)
TotalTester Online
429(1)
Technical Support
429(2)
Index 431
Bobby E. Rogers is an Information Security Engineer working for a major hospital in the southeastern United States. His previous experience includes working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts. He retired after 21 years in the United States Air Force, serving as a network security engineer and instructor, and has secured networks all over the world. Bobby has a Masters degree in Information Assurance (IA), and is pursuing a doctoral degree in IA from Capitol College, Maryland. His many certifications include CompTIAs A+, CompTIA Network+, CompTIA Security+, and CompTIA Mobility+ certifications, as well as the CISSP-ISSEP, CEH, and MCSE: Security.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97812642779882e.html
Märksõnad: