Muutke küpsiste eelistusi

E-raamat: Official (ISC)2 Guide to the CISSP CBK

3.79/5 (156 hinnangut Goodreads-ist)
Edited by
  • Formaat: 1304 pages
  • Sari: ISC2 Press
  • Ilmumisaeg: 08-Apr-2015
  • Kirjastus: Apple Academic Press Inc.
  • Keel: eng
  • ISBN-13: 9781498759885
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 77,21 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Official (ISC)2 Guide to the CISSP CBKSuurem pilt
  • Formaat: 1304 pages
  • Sari: ISC2 Press
  • Ilmumisaeg: 08-Apr-2015
  • Kirjastus: Apple Academic Press Inc.
  • Keel: eng
  • ISBN-13: 9781498759885
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

As a result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams, it has announced that enhancements will be made to both the Certified Information Systems Security Professional (CISSP) credential, beginning April 15, 2015. (ISC)² conducts this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of todays practicing information security professionals.

Refreshed technical content has been added to the official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today. Some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organizations information security program within an ever-changing security landscape.

The domain names have been updated as follows:

CISSP Domains, Effective April 15, 2015





Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) Asset Security (Protecting Security of Assets) Security Engineering (Engineering and Management of Security) Communications and Network Security (Designing and Protecting Network Security) Identity and Access Management (Controlling Access and Managing Identity) Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) Software Development Security (Understanding, Applying, and Enforcing Software Security)

Some candidates may be wondering how these updates affect training materials for the CISSP credential. As part of the organizations comprehensive education strategy and certifying body best practices, (ISC)² training materials do not teach directly to its credential examinations. Rather, (ISC)² Education is focused on teaching the core competencies relevant to the roles and responsibilities of todays practicing information security professional. It is designed to refresh and enhance the knowledge of experienced industry professionals.
Foreword xv
Introduction xvii
Editors xxi
Preface xxiii
Domain 1 Security & Risk Management
Security & Risk Management
1(6)
Confidentiality, Integrity, and Availability
7(2)
Confidentiality
7(1)
Integrity
7(1)
Availability
7(2)
Security Governance
9(14)
Goals, Mission, and Objectives of the Organization
10(2)
Organizational Processes
12(1)
Security Roles and Responsibilities
13(9)
Information Security Strategies
22(1)
The Complete and Effective Security Program
23(11)
Oversight Committee Representation
23(8)
Control Frameworks
31(2)
Due Care
33(1)
Due Diligence
33(1)
Compliance
34(7)
Governance, Risk Management, and Compliance (GRC)
36(1)
Legislative and Regulatory Compliance
37(1)
Privacy Requirements Compliance
38(3)
Global Legal and Regulatory Issues
41(16)
Computer/Cyber Crime
41(4)
Licensing and Intellectual Property
45(2)
Import/Export
47(3)
Trans-Border Data Flow
50(1)
Privacy
51(2)
Data Breaches
53(2)
Relevant Laws and Regulations
55(2)
Understand Professional Ethics
57(14)
Regulatory Requirements for Ethics Programs
59(1)
Topics in Computer Ethics
60(1)
Common Computer Ethics Fallacies
61(2)
Hacking and Hacktivism
63(1)
Ethics Codes of Conduct and Resources
63(2)
(ISC)2 Code of Professional Ethics
65(1)
Support Organization's Code of Ethics
66(5)
Develop and Implement Security Policy
71(1)
Business Continuity (BC) & Disaster Recovery (DR) Requirements
72(8)
Project Initiation and Management
72(2)
Develop and Document Project Scope and Plan
74(1)
Conducting the Business Impact Analysis (BIA)
75(1)
Identify and Prioritize
75(3)
Assess Exposure to Outages
78(1)
Recovery Point Objectives (RPO)
79(1)
Manage Personnel Security
80(11)
Employment Candidate Screening
80(6)
Employment Agreements and Policies
86(3)
Employee Termination Processes
89(1)
Vendor, Consultant, and Contractor Controls
89(1)
Privacy
90(1)
Risk Management Concepts
91(65)
Organizational Risk Management Concepts
93(2)
Risk Assessment Methodologies
95(7)
Identify Threats and Vulnerabilities
102(1)
Risk Assessment/Analysis
103(6)
Countermeasure Selection
109(1)
Implementation of Risk Countermeasures
109(2)
Types of Controls
111(5)
Access Control Types
116(16)
Controls Assessment/Monitoring and Measuring
132(12)
Tangible and Intangible Asset Valuation
144(2)
Continuous Improvement
146(1)
Risk Management Frameworks
147(9)
Threat Modeling
156(5)
Determining Potential Attacks and Reduction Analysis
157(2)
Technologies & Processes to Remediate Threats
159(2)
Acquisitions Strategy and Practice
161(6)
Hardware, Software, and Services
161(2)
Manage Third-Party Governance
163(1)
Minimum Security and Service-Level Requirements
164(3)
Security Education, Training, and Awareness
167(16)
Formal Security Awareness Training
167(2)
Awareness Activities and Methods -- Creating the Culture of Awareness in the Organization
169(14)
Domain 2 Asset Security
Asset Security
183(4)
Data Management: Determine and Maintain Ownership
187(6)
Data Policy
187(1)
Roles and Responsibilities
188(1)
Data Ownership
189(1)
Data Custodianship
189(1)
Data Quality
190(2)
Data Documentation and Organization
192(1)
Data Standards
193(4)
Data Lifecycle Control
194(1)
Data Specification and Modeling
194(1)
Database Maintenance
195(1)
Data Audit
195(1)
Data Storage and Archiving
196(1)
Longevity and Use
197(10)
Data Security
197(1)
Data Access, Sharing, and Dissemination
198(1)
Data Publishing
199(8)
Classify Information and Supporting Assets
207(3)
Asset Management
210(3)
Software Licensing
212(1)
Equipment Lifecycle
212(1)
Protect Privacy
213(5)
Ensure Appropriate Retention
218(5)
Media, Hardware, and Personnel
218(2)
Company "X" Data Retention Policy
220(3)
Determine Data Security Controls
223(9)
Data at Rest
223(2)
Data in Transit
225(3)
Baselines
228(3)
Scoping and Tailoring
231(1)
Standards Selection
232(17)
United States Resources
232(3)
International Resources
235(2)
National Cyber Security Framework Manual
237(3)
Framework for Improving Critical Infrastructure Cybersecurity
240(9)
Domain 3 Security Engineering
Security Engineering
249(6)
The Engineering Lifecycle Using Security Design Principles
255(5)
Fundamental Concepts of Security Models
260(31)
Common System Components
261(8)
How They Work Together
269(1)
Enterprise Security Architecture
270(5)
Common Architecture Frameworks
275(1)
Zachman Framework
276(12)
Capturing and Analyzing Requirements
288(2)
Creating and Documenting Security Architecture
290(1)
Information Systems Security Evaluation Models
291(12)
Common Formal Security Models
291(1)
Product Evaluation Models
292(6)
Industry and International Security Implementation Guidelines
298(5)
Security Capabilities of Information Systems
303(4)
Access Control Mechanisms
303(1)
Secure Memory Management
304(3)
Vulnerabilities of Security Architectures
307(18)
Systems
310(2)
Technology and Process Integration
312(6)
Single Point of Failure (SPOF)
318(3)
Client-Based Vulnerabilities
321(2)
Server-Based Vulnerabilities
323(2)
Database Security
325(43)
Large Scale Parallel Data Systems
327(4)
Distributed Systems
331(4)
Cryptographic Systems
335(33)
Software and System Vulnerabilities and Threats
368(4)
Web-Based
369(3)
Vulnerabilities in Mobile Systems
372(5)
Risks from Remote Computing
373(2)
Risks from Mobile Workers
375(2)
Vulnerabilities in Embedded Devices and Cyber-Physical Systems
377(7)
The Application and Use of Cryptography
384(36)
The History of Cryptography
384(2)
Emerging Technology
386(1)
Core Information Security Principles
387(1)
Additional Features of Cryptographic Systems
387(2)
The Cryptographic Lifecycle
389(3)
Public Key Infrastructure (PKI)
392(1)
Key Management Processes
393(7)
Creation and Distribution of Keys
400(8)
Digital Signatures
408(1)
Digital Rights Management (DRM)
409(2)
Non-Repudiation
411(1)
Hashing
412(1)
Simple Hash Functions
412(3)
Methods of Cryptanalytic Attacks
415(5)
Site and Facility Design Considerations
420(3)
The Security Survey
420(3)
Site Planning
423(8)
Roadway Design
424(1)
Crime Prevention through Environmental Design (CPTED)
424(2)
Windows
426(5)
Design and Implement Facility Security
431(1)
Implementation and Operation of Facilities Security
432(21)
Communications and Server Rooms
432(2)
Restricted and Work Area Security
434(1)
Data Center Security
435(18)
Domain 4 Communications & Network Security
Communications & Network Security
453(6)
Secure Network Architecture and Design
459(26)
OSI and TCP/IP
459(11)
IP Networking
470(5)
Directory Services
475(10)
Implications of Multi-Layer Protocols
485(4)
Converged Protocols
489(44)
Implementation
490(9)
Voice over Internet Protocol (VoIP)
499(5)
Wireless
504(4)
Wireless Security Issues
508(3)
Cryptography Used to Maintain Communications Security
511(22)
Securing Network Components
533(17)
Hardware
537(4)
Transmission Media
541(3)
Network Access Control Devices
544(4)
End Point Security
548(1)
Content Distribution Networks
549(1)
Secure Communication Channels
550(50)
Voice
550(3)
Multimedia Collaboration
553(2)
Open Protocols, Applications, and Services
555(4)
Remote Access
559(9)
Data Communications
568(22)
Virtualized Networks
590(10)
Network Attacks
600(35)
The Network as an Enabler or Channel of Attack
601(1)
The Network as a Bastion of Defense
602(1)
Network Security Objectives and Attack Modes
602(6)
Scanning Techniques
608(6)
Security Event Management (SEM)
614(3)
IP Fragmentation Attacks and Crafted Packets
617(4)
Denial-of-Service (DoS)/Distributed-Denial-of Service (DDoS) Attacks
621(2)
Spoofing
623(3)
Session Highjack
626(9)
Domain 5 Identity & Access Management
Identity & Access Management
635(6)
Physical and Logical Access to Assets
641(6)
Identification and Authentication of People and Devices
647(9)
Identification, Authentication, and Authorization
647(9)
Identity Management Implementation
656(45)
Password Management
656(2)
Account Management
658(1)
Profile Management
659(1)
Directory Management
659(1)
Directory Technologies
660(13)
Single/Multi-Factor Authentication
673(11)
Accountability
684(2)
Session Management
686(2)
Registration and Proof of Identity
688(3)
Credential Management Systems
691(10)
Identity as a Service (IDaaS)
701(5)
Integrate Third-Party Identity Services
706(3)
Implement and Manage Authorization Mechanisms
709(5)
Role-Based Access Control
709(2)
Rule-Based Access Control
711(1)
Mandatory Access Controls (MACs)
711(2)
Discretionary Access Controls (DACs)
713(1)
Prevent or Mitigate Access Control Attacks
714(14)
Windows PowerShell Equivalent Commands
722(6)
Identity and Access Provisioning Lifecycle
728(9)
Provisioning
728(1)
Review
729(1)
Revocation
729(8)
Domain 6 Security Assessment & Testing
Security Assessment & Testing
737(6)
Assessment and Test Strategies
743(26)
Software Development as Part of System Design
744(1)
Log Reviews
745(8)
Synthetic Transactions
753(2)
Code Review and Testing
755(8)
Negative Testing/Misuse Case Testing
763(2)
Interface Testing
765(4)
Collect Security Process Data
769(5)
Internal and Third-Party Audits
774(11)
SOC Reporting Options
774(11)
Domain 7 Security Operations
Security Operations
785(4)
Investigations
789(25)
The Crime Scene
790(2)
Policy, Roles, and Responsibilities
792(2)
Incident Handling and Response
794(3)
Recovery Phase
797(1)
Evidence Collection and Handling
798(1)
Reporting and Documenting
799(5)
Evidence Collection and Processing
804(3)
Continuous and Egress Monitoring
807(2)
Data Leak/Loss Prevention (DLP)
809(5)
Provisioning of Resources through Configuration Management
814(2)
Foundational Security Operations Concepts
816(12)
Key Themes
816(1)
Controlling Privileged Accounts
817(1)
Managing Accounts Using Groups and Roles
818(2)
Separation of Duties and Responsibilities
820(2)
Monitor Special Privileges
822(1)
Job Rotation
823(1)
Manage the Information Lifecycle
823(2)
Service Level Agreements (SLAs)
825(3)
Resource Protection
828(7)
Tangible versus Intangible Assets
828(1)
Hardware
829(1)
Media Management
829(6)
Incident Response
835(7)
Incident Management
835(1)
Security Measurements, Metrics, and Reporting
836(1)
Managing Security Technologies
837(1)
Detection
837(2)
Response
839(1)
Reporting
840(1)
Recovery
840(1)
Remediation and Review (Lessons Learned)
840(2)
Preventative Measures against Attacks
842(11)
Unauthorized Disclosure
842(1)
Network Intrusion Detection System Architecture
843(6)
Whitelisting, Blacklisting, and Greylisting... Oh My!
849(1)
Third-party Security Services, Sandboxing, Anti-malware, Honeypots and Honeynets
849(4)
Patch and Vulnerability Management
853(7)
Security and Patch Information Sources
855(5)
Change and Configuration Management
860(14)
Configuration Management
861(3)
Recovery Site Strategies
864(3)
Multiple Processing Sites
867(1)
System Resilience and Fault Tolerance Requirements
868(6)
The Disaster Recovery Process
874(12)
Documenting the Plan
875(2)
Response
877(4)
Personnel
881(1)
Communications
881(2)
Assessment
883(1)
Restoration
883(1)
Provide Training
884(1)
Exercise, Assess, and Maintain the Plan
885(1)
Test Plan Review
886(8)
Tabletop Exercise/Structured Walk-Through Test
887(1)
Walk-Through Drill/Simulation Test
888(1)
Functional Drill/Parallel Test
888(1)
Full-Interruption/Full-Scale Test
889(1)
Update and Maintenance of the Plan
889(5)
Business Continuity and Other Risk Areas
894(10)
Implementation and Operation of Perimeter Security
894(10)
Access Control
904(31)
Card Types
905(1)
Closed Circuit TV
906(11)
Internal Security
917(5)
Building and Inside Security
922(13)
Personnel Safety
935(14)
Privacy
935(1)
Travel
935(2)
Duress
937(12)
Domain 8 Security in the Software Development Life Cycle
Security in the Software Development Life Cycle
949(4)
Software Development Security Outline
953(11)
Development Life Cycle
954(5)
Maturity Models
959(1)
Operation and Maintenance
960(1)
Change Management
961(1)
Integrated Product Team (e.g., DevOps)
962(2)
Environment and Security Controls
964(24)
Software Development Methods
964(3)
The Database and Data Warehousing Environment
967(11)
Database Vulnerabilities and Threats
978(2)
DBMS Controls
980(4)
Knowledge Management
984(2)
Web Application Environment
986(2)
Security of the Software Environment
988(37)
Applications Development and Programming Concepts
988(2)
The Software Environment
990(11)
Libraries & Toolsets
1001(3)
Security Issues in Source Code
1004(6)
Malicious Software (Malware)
1010(10)
Malware Protection
1020(5)
Software Protection Mechanisms
1025(24)
Security Kernels, Reference Monitors, and the TCB
1025(15)
Configuration Management
1040(1)
Security of Code Repositories
1041(5)
Security of Application Programming Interfaces (API)
1046(3)
Assess the Effectiveness of Software Security
1049(10)
Certification and Accreditation
1049(2)
Auditing and Logging of Changes
1051(1)
Risk Analysis and Mitigation
1052(7)
Assess Software Acquisition Security
1059(12)
Appendix A Answers to Domain Review Questions 1071(82)
Appendix B Domain 1 Materials 1153(14)
Appendix C Domain 2 Materials 1167(20)
Appendix D Domain 3 Materials 1187(4)
Appendix E Domain 4 Materials 1191(4)
Appendix F Domain 5 Materials 1195(6)
Appendix G Domain 6 Materials 1201(6)
Appendix H Domain 7 Materials 1207(12)
Appendix I Domain 8 Materials 1219(8)
Appendix J Glossary 1227(30)
Appendix K Index 1257
Adam Gordon
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97814987598856e.html
Märksõnad: