Muutke küpsiste eelistusi

Official (ISC)2® Guide to the ISSAP® CBK 2nd edition [Kõva köide]

3.78/5 (18 hinnangut Goodreads-ist)
Edited by
  • Formaat: Hardback, 600 pages, kõrgus x laius: 254x178 mm, kaal: 1280 g, 26 Tables, black and white; 108 Illustrations, black and white
  • Sari: ISC2 Press
  • Ilmumisaeg: 29-Aug-2013
  • Kirjastus: Auerbach
  • ISBN-10: 1466579005
  • ISBN-13: 9781466579002
Teised raamatud teemal:
Official (ISC)2® Guide to the ISSAP® CBK 2nd editionSuurem pilt
  • Formaat: Hardback, 600 pages, kõrgus x laius: 254x178 mm, kaal: 1280 g, 26 Tables, black and white; 108 Illustrations, black and white
  • Sari: ISC2 Press
  • Ilmumisaeg: 29-Aug-2013
  • Kirjastus: Auerbach
  • ISBN-10: 1466579005
  • ISBN-13: 9781466579002
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781466579002.html
Märksõnad:
Candidates for the CISSP-ISSAP professional certification need to not only demonstrate a thorough understanding of the six domains of the ISSAP CBK, but also need to have the ability to apply this in-depth knowledge to develop a detailed security architecture.Supplying an authoritative review of the key concepts and requirements of the ISSAP CBK, the Official (ISC)2® Guide to the ISSAP® CBK®, Second Edition provides the practical understanding required to implement the latest security protocols to improve productivity, profitability, security, and efficiency. Encompassing all of the knowledge elements needed to create secure architectures, the text covers the six domains: Access Control Systems and Methodology, Communications and Network Security, Cryptology, Security Architecture Analysis, BCP/DRP, and Physical Security Considerations.Newly Enhanced Design – This Guide Has It All!Only guide endorsed by (ISC)2Most up-to-date CISSP-ISSAP CBKEvolving terminology and changing requirements for security professionalsPractical examples that illustrate how to apply concepts in real-life situationsChapter outlines and objectives Review questions and answersReferences to free study resourcesRead It. Study It. Refer to It Often.Build your knowledge and improve your chance of achieving certification the first time around. Endorsed by (ISC)2 and compiled and reviewed by CISSP-ISSAPs and (ISC)2 members, this book provides unrivaled preparation for the certification exam and is a reference that will serve you well into your career. Earning your ISSAP is a deserving achievement that gives you a competitive advantage and makes you a member of an elite network of professionals worldwide.

Arvustused

(ISC)2 is pleased to offer the Official (ISC)2® Guide to the ISSAP® CBK®, Second Edition. This book will review and deepen your knowledge of security architecture, covering each of the six domains contained in the CISSP-ISSAP® CBK®.W. Hord Tipton, CISSP-ISSAP, CAP, CISA, Executive Director (ISC)2®

Foreword xv
Introduction xvii
Editors xxv
Domain 1 Access Control Systems & Methodology
1(130)
Introduction
4(1)
Access Control Concepts
4(7)
Discretionary Access Control
11(3)
DAC Implementation Strategies
14(4)
Nondiscretionary Access Control
18(3)
Mandatory Access Control (MAC)
21(4)
Least Privilege
25(3)
Separation of Duties
28(9)
Architectures
37(3)
Authentication, Authorization, and Accounting (AAA)
40(1)
Centralized Access Control
40(3)
Common Implementations
43(2)
Design Considerations
45(1)
Decentralized Access Control
46(1)
Design Considerations
47(3)
Federated Access Control
50(1)
Design Considerations
51(1)
Directories and Access Control
52(2)
Design Considerations
54(1)
Identity Management
54(6)
Accounting
60(5)
Access Control Administration and Management Concepts
65(1)
Access Control Administration
65(5)
Database Access
70(7)
Inherent Rights
77(1)
Official (ISC)2 Guide to the ISSAP CBK: Second Edition
Granted Rights
78(1)
Change of Privilege Levels
79(1)
Groups
79(2)
Role Based
81(5)
Task Based
86(2)
Dual Control
88(4)
Location
92(1)
Topology
92(1)
Subnet
92(2)
Geographical Considerations
94(2)
Device Type
96(4)
Authentication
100(2)
Strengths and Weaknesses of Authentication Tools
102(1)
Token-Based Authentication Tools
102(4)
Common Issues with Token Management
106(1)
Biometric Authentication Tools
107(1)
Performance Characteristics
107(1)
Implementation Considerations
108(1)
Fingerprints
109(1)
Hand Geometry
109(1)
Iris
110(1)
Retina
110(1)
Facial Recognition
110(1)
Authentication Tool Considerations
111(1)
Design Validation
112(2)
Architecture Effectiveness Assurance
114(2)
Testing Strategies
116(1)
Testing Objectives
117(1)
Testing Paradigms
118(1)
Repeatability
119(1)
Methodology
119(1)
Developing Test Procedures
120(1)
Risk-Based Considerations
121(10)
Domain 2 Communications & Network Security
131(106)
Voice and Facsimile Communications
134(1)
Pulse Code Modulation (PCM)
135(1)
Circuit-Switched versus Packet-Switched Networks
136(3)
VoIP Architecture Concerns
139(1)
End-to-End Delay
139(1)
Jitter
140(1)
Method of Voice Digitization Used
140(1)
Packet Loss Rate
140(1)
Security
141(1)
Voice Security Policies and Procedures
141(1)
Encryption
141(1)
Authentication
142(1)
Administrative Change Control
143(1)
Integrity
143(1)
Availability
143(1)
Voice Protocols
144(8)
Network Architecture
152(1)
Redundancy and Availability
152(1)
Internet versus Intranet
152(1)
Extranet
153(1)
Network Types
153(3)
Perimeter Controls
156(4)
Security Modems
160(1)
Communications and Network Polices
161(1)
Overview of Firewalls
162(3)
Firewalls vs. Routers
165(1)
Demilitarized Zone's Perimeter Controls
166(1)
IDS/IPS
167(1)
IDS Architecture
167(5)
Intrusion Prevention System
172(1)
Security Information & Event Management Considerations (SIEM)
173(3)
Wireless Considerations
176(1)
Architectures
176(3)
Security Issues
179(1)
WPA and WPA2
179(1)
IEEE 802.11i and 802.1X
180(1)
802.1X
180(1)
Zones of Control
181(1)
Network Security
182(1)
Content Filtering
182(1)
Anti-malware
182(1)
Anti-spam
183(1)
Outbound Traffic Filtering
184(1)
Mobile Code
185(1)
Policy Enforcement Design
185(2)
Application and Transport Layer Security
187(1)
Social Media
188(3)
Secure E-Commerce Protocols
191(1)
SSL/TSL and the TCP/IP Protocol Stack
191(1)
Encryption
192(1)
Authentication
193(1)
Certificates and Certificate Authorities
193(1)
Official (ISC)2 Guide to the ISSAP CBK: Second Edition
Data Integrity
193(1)
SSL/TLS Features
194(1)
Limitations of SSL/TLS
195(1)
Other Security Protocols
195(1)
Secure Remote Procedure Calls
196(1)
Network Layer Security and VPNs
196(2)
Types of VPN Tunneling
198(1)
VPN Tunneling Protocols
199(2)
Layer 2 Tunneling Protocol (L2TP)
201(3)
IPSec
204(1)
Authentication Header (AH)
205(3)
Encapsulating Security Payload (ESP)
208(1)
Cryptographic Algorithms
209(1)
L2TP/IPSec
209(1)
Authentication Using EAP
209(1)
TCP Wrapper
210(1)
SOCKS
211(1)
Comparing SOCKS and HTTP Proxies
211(1)
VPN Selection
212(1)
Topology Supported
212(1)
Authentication Supported
212(1)
Encryption Supported
212(1)
Scalability
212(1)
Management
213(1)
VPN Client Software
213(1)
Operating System and Browser Support
213(1)
Performance
213(1)
Endpoint Security
213(1)
Encryption
214(1)
Network Security Design Considerations
215(1)
Interoperability and Associated Risks
215(1)
Cross-Domain Risks and Solutions
215(2)
Audits and Assessments
217(1)
Monitoring
218(1)
Operating Environment
218(4)
Remote Access
222(1)
Monitoring
222(1)
Design Validation
222(1)
Penetration Testing
222(1)
Vulnerability Assessment
223(1)
Monitoring and Network Attacks
223(1)
Risk-Based Architecture
223(1)
Secure Sourcing Strategy
224(13)
Domain 3 Cryptography
237(110)
Cryptographic Principles
240(1)
Applications of Cryptography
240(1)
Benefits
240(1)
Uses
241(3)
Message Encryption
244(1)
Secure IP Communication
245(1)
Remote Access
246(1)
Secure Wireless Communication
247(2)
Other Types of Secure Communication
249
Identification and Authentication
25(227)
Storage Encryption
252(1)
Electronic Commerce (E-Commerce)
253(2)
Software Code Signing
255(1)
Interoperability
255(1)
Methods of Cryptography
256(1)
Symmetric Cryptosystems
256(3)
Block Cipher Modes
259(4)
Stream Ciphers
263(1)
Asymmetric Cryptosystems
264(3)
Hash Functions and Message Authentication Codes
267(4)
Digital Signatures
271(1)
Vet Proprietary Cryptography & Design Testable Cryptographic Systems
272(2)
Computational Overhead & Useful Life
274(2)
Key Management
276(1)
Purpose of the Keys and Key Types
276(2)
Cryptographic Strength and Key Size
278(5)
Key Life Cycle
283(1)
Key Creation
284(3)
Key Distribution and Crypto Information in Transit
287(1)
Symmetric Keys Distribution
288(1)
Public and Private Keys Distribution
288(2)
Key Storage
290(3)
Key Update
293(1)
Key Revocation
294(1)
Key Escrow
295(1)
Backup and Recovery
296(1)
Backup
296(1)
Key Recovery
297(1)
Public Key Infrastructure
297(1)
Key Distribution
298(1)
Certificate and Key Storage
299(1)
PKI Registration
300(1)
Official (ISC)2 Guide to the ISSAP CBK: Second Edition
How the Subject Proves Its Organizational Entity
301(1)
How a Person, Acting on Behalf of the Subject, Authenticates to Request a Certificate (Case Studies)
302(4)
Certificate Issuance
306(1)
Trust Models
307(1)
Subordinate Hierarchy
307(1)
Cross-Certified Mesh
308(1)
Certificate Chains
309(1)
Certificate Revocation
310(1)
Traditional CRL Model
311(1)
Modified CRL-Based Models
312(2)
Cross-Certification
314(1)
How Applications Use Cross-Certification
314(2)
How Cross-Certification Is Set Up
316(1)
How Cross-Certification with a Bridge CA Is Implemented in Practice
317(1)
Design Validation
318(1)
Review of Cryptanalytic Attacks
318(1)
Attack Models
318(1)
Symmetric Attacks
319(1)
Asymmetric Attacks
319(1)
Hash Function Attacks
320(1)
Network-Based Cryptanalytic Attacks
320(1)
Attacks against Keys
321(1)
Brute Force Attacks
322(1)
Side-Channel Cryptanalysis
322(1)
Risk-Based Cryptographic Architecture
323(2)
Identifying Risk and Requirements by Cryptographic Areas
325(3)
Case Study
328(3)
Cryptographic Compliance Monitoring
331(1)
Cryptographic Standards Compliance
332(1)
Industry- and Application-Specific Cryptographic Standards Compliance
333(14)
Domain 4 Security Architecture Analysis
347(80)
Risk Analysis
352(1)
Quantitative Risk Analysis
352(1)
Qualitative Risk Analysis
353(1)
Risk Theory
353(2)
Attack Vectors
355(1)
Methods of "Vector" Attack
355(3)
Attack by E-Mail
358(1)
Attack by Deception
359(1)
Hoaxes
359(1)
Hackers
359(1)
Web Page Attack
360(1)
Attack of the Worms
360(1)
Malicious Macros
361(1)
Instant Messaging, IRC, and P2P File-Sharing Networks
362(1)
Viruses
362(1)
Asset and Data Valuation
362(1)
Context and Data Value
363(1)
Corporate versus Departmental: Valuation
364(1)
Business, Legal, and Regulatory Requirements
364(2)
Product Assurance Evaluation Criteria
366(2)
Common Criteria (CC) Part 1
368(3)
Common Criteria (CC) Part2
371(1)
The Target of Evaluation (TOE)
372(1)
Evaluation Assurance Level (EAL) Overview
373(4)
Evaluation Assurance Level 1 (EAL1) - Functionally Tested
377(1)
Evaluation Assurance Level2 (EAL2) - Structurally Tested
377(1)
Evaluation Assurance Level 3 (EAL3) - Methodically Tested and Checked
377(1)
Evaluation Assurance Level 4 (EAL4) - Methodically Designed, Tested, and Reviewed
378(1)
Evaluation Assurance Level 5 (EAL5) - Semiformally Designed and Tested
378(1)
Evaluation Assurance Level 6 (EAL6) - Semiformally Verified Design and Tested
378(1)
Evaluation Assurance Level 7 (EAL7) - Formally Verified Design and Tested
379(1)
Common Criteria (CC) Part 3: Assurance Paradigm
380(1)
Significance of Vulnerabilities
380(1)
The Causes of Vulnerabilities
380(1)
Common Criteria Assurance
381(1)
Assurance through Evaluation
381(1)
The Common Criteria Evaluation Assurance Scale
381(1)
ISO/IEC27000 Series
382(2)
Software Engineering Institute - Capability Maturity Model (CMMI-DEV) Key Practices Version 1.3
384(1)
Introducing the Capability Maturity Model
384(1)
Sources of the Capability Maturity Model (CMM)
384(2)
Structure of the CMMI-DEV V1.3
386(11)
Intergroup Coordination
397(1)
Peer Reviews
398(2)
ISO 7498
400(1)
Concepts of a Layered Architecture
401(1)
Payment Card Industry Data Security Standard (PCI-DSS)
402(2)
Architectural Solutions
404(4)
Architecture Frameworks
408(2)
Department of Defense Architecture Framework (DoDAF)
410(2)
The Zachman Framework
412(1)
Design Process
413(1)
Official (ISC)2 Guide to the ISSAP CBK: Second Edition
System Security Engineering Methodologies
413(2)
Design Validation
415(1)
Certification
416(1)
Peer Reviews
416(3)
Documentation
419(8)
Domain 5 Technology Related Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
427(50)
Planning Phases and Deliverables
432(1)
Risk Analysis
433(5)
Natural Hazard Risks
438(2)
Human-Made Risks and Threats
440(2)
Industry Risks
442(1)
Do Not Forget the Neighbors!
442(2)
Business Impact Analysis
444(5)
Data Stored in Electronic Form
449(1)
Remote Replication and Off-Site Journaling
449(2)
Backup Strategies
451(5)
Selecting a Recovery Strategy for Technology
456(3)
Cost-Benefit Analysis
459(1)
Implementing Recovery Strategies
460(1)
Documenting the Plan
460(1)
The Human Factor
461(1)
Logistics
461(1)
Plan Maintenance Strategies
462(2)
Bringing It All Together - A Sample "Walk Through" of a DR Plan
464(1)
Step by Step Guide for Disaster Recovery Planning for Security Architects
465(6)
I Information Gathering
465(3)
II Plan Development and Testing
468(2)
III Ongoing Maintenance
470(1)
References
471(6)
Domain 6 Physical Security Considerations
477(46)
Physical Security Policies and Standards
480(9)
Physical Security Risks
489(1)
Unauthorized Access
490(4)
Physical Security Needs and Organization Drivers
494(2)
Facility Risk
496(5)
Restricted Work Areas
501(2)
Protection Plans
503(2)
Evacuation Drills
505(4)
Incident Response
509(2)
Design Validation
511(1)
Penetration Tests
511(2)
Access Control Violation Monitoring
513(10)
Appendix A Answers to Review Questions 523(36)
Index 559
(ISC)² Corporate