Muutke küpsiste eelistusi

Official (ISC)2 Guide to the CISSP CBK Reference 5th Edition [Kõva köide]

4.26/5 (29 hinnangut Goodreads-ist)
, , , , , , , , ,
  • Formaat: Hardback, 928 pages, kõrgus x laius x paksus: 239x196x53 mm, kaal: 1656 g
  • Ilmumisaeg: 07-Jun-2019
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1119423341
  • ISBN-13: 9781119423348
Teised raamatud teemal:
  • Kõva köide
  • Hind: 104,50 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
  • Raamatukogudele
Official (ISC)2 Guide to the CISSP CBK Reference 5th EditionSuurem pilt
  • Formaat: Hardback, 928 pages, kõrgus x laius x paksus: 239x196x53 mm, kaal: 1656 g
  • Ilmumisaeg: 07-Jun-2019
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1119423341
  • ISBN-13: 9781119423348
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781119423348.html
Märksõnad:
All new for 2018 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)2, the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024. 5th edition.

The only official, comprehensive reference guide to the CISSP

All new for 2019 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)2, the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024.

This CBK covers the new eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Written by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with:

? Common and good practices for each objective

? Common vocabulary and definitions

? References to widely accepted computing standards

? Highlights of successful approaches through case studies

Whether youve earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.

Foreword xxv
Introduction xxvii
Domain 1 Security and Risk Management
1(130)
Understand and Apply Concepts of Confidentiality, Integrity, and Availability
2(4)
Information Security
3(3)
Evaluate and Apply Security Governance Principles
6(5)
Alignment of Security Functions to Business Strategy, Goals, Mission, and Objectives
6(1)
Vision, Mission, and Strategy
6(1)
Governance
7(3)
Due Care
10(1)
Determine Compliance Requirements
11(2)
Legal Compliance
12(1)
Jurisdiction
12(1)
Legal Tradition
12(1)
Legal Compliance Expectations
13(1)
Understand Legal and Regulatory Issues That Pertain to Information Security in a Global Context
13(36)
Cyber Crimes and Data Breaches
14(22)
Privacy
36(13)
Understand, Adhere to, and Promote Professional Ethics
49(8)
Ethical Decision-Making
49(2)
Established Standards of Ethical Conduct
51(5)
(ISC)2 Ethical Practices
56(1)
Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
57(5)
Organizational Documents
58(3)
Policy Development
61(1)
Policy Review Process
61(1)
Identify, Analyze, and Prioritize Business Continuity Requirements
62(18)
Develop and Document Scope and Plan
62(8)
Risk Assessment
70(1)
Business Impact Analysis
71(2)
Develop the Business Continuity Plan
73(7)
Contribute to and Enforce Personnel Security Policies and Procedures
80(19)
Key Control Principles
80(2)
Candidate Screening and Hiring
82(9)
Onboarding and Termination Processes
91(5)
Vendor, Consultant, and Contractor Agreements and Controls
96(1)
Privacy in the Workplace
97(2)
Understand and Apply Risk Management Concepts
99(12)
Risk
99(1)
Risk Management Frameworks
99(9)
Risk Assessment Methodologies
108(3)
Understand and Apply Threat Modeling Concepts and Methodologies
111(5)
Threat Modeling Concepts
111(1)
Threat Modeling Methodologies
112(4)
Apply Risk-Based Management Concepts to the Supply Chain
116(5)
Supply Chain Risks
116(3)
Supply Chain Risk Management
119(2)
Establish and Maintain a Security Awareness, Education, and Training Program
121(7)
Security Awareness Overview
122(1)
Developing an Awareness Program
123(4)
Training
127(1)
Summary
128(3)
Domain 2 Asset Security
131(82)
Asset Security Concepts
131(8)
Data Policy
132(1)
Data Governance
132(1)
Data Quality
133(1)
Data Documentation
134(2)
Data Organization
136(3)
Identify and Classify Information and Assets
139(6)
Asset Classification
141(4)
Determine and Maintain Information and Asset Ownership
145(7)
Asset Management Lifecycle
146(2)
Software Asset Management
148(4)
Protect Privacy
152(23)
Cross-Border Privacy and Data Flow Protection
153(8)
Data Owners
161(1)
Data Controllers
162(1)
Data Processors
163(1)
Data Stewards
164(1)
Data Custodians
164(1)
Data Remanence
164(4)
Data Sovereignty
168(1)
Data Localization or Residency
169(2)
Government and Law Enforcement Access to Data
171(1)
Collection Limitation
172(1)
Understanding Data States
173(1)
Data Issues with Emerging Technologies
173(2)
Ensure Appropriate Asset Retention
175(6)
Retention of Records
178(1)
Determining Appropriate Records Retention
178(1)
Retention of Records in Data Lifecycle
179(1)
Records Retention Best Practices
180(1)
Determine Data Security Controls
181(27)
Technical, Administrative, and Physical Controls
183(2)
Establishing the Baseline Security
185(1)
Scoping and Tailoring
186(3)
Standards Selection
189(9)
Data Protection Methods
198(10)
Establish Information and Asset Handling Requirements
208(4)
Marking and Labeling
208(1)
Handling
209(1)
Declassifying Data
210(1)
Storage
211(1)
Summary
212(1)
Domain 3 Security Architecture and Engineering
213(150)
Implement and Manage Engineering Processes Using Secure Design Principles
215(15)
Saltzer and Schroeder's Principles
216(5)
ISO/IEC 19249
221(8)
Defense in Depth
229(1)
Using Security Principles
230(1)
Understand the Fundamental Concepts of Security Models
230(7)
Bell-LaPadula Model
232(2)
The Biba Integrity Model
234(1)
The Clark-Wilson Model
235(1)
The Brewer-Nash Model
235(2)
Select Controls Based upon Systems Security Requirements
237(4)
Understand Security Capabilities of Information Systems
241(12)
Memory Protection
241(3)
Virtualization
244(3)
Secure Cryptoprocessor
247(6)
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
253(25)
Client-Based Systems
254(1)
Server-Based Systems
255(2)
Database Systems
257(3)
Cryptographic Systems
260(7)
Industrial Control Systems
267(4)
Cloud-Based Systems
271(3)
Distributed Systems
274(1)
Internet of Things
275(3)
Assess and Mitigate Vulnerabilities in Web-Based Systems
278(9)
Injection Vulnerabilities
279(1)
Broken Authentication
280(3)
Sensitive Data Exposure
283(1)
XML External Entities
284(1)
Broken Access Control
284(1)
Security Misconfiguration
285(1)
Cross-Site Scripting
285(1)
Using Components with Known Vulnerabilities
286(1)
Insufficient Logging and Monitoring
286(1)
Cross-Site Request Forgery
287(1)
Assess and Mitigate Vulnerabilities in Mobile Systems
287(5)
Passwords
288(1)
Multifactor Authentication
288(1)
Session Lifetime
289(1)
Wireless Vulnerabilities
290(1)
Mobile Malware
290(1)
Unpatched Operating System or Browser
290(1)
Insecure Devices
291(1)
Mobile Device Management
291(1)
Assess and Mitigate Vulnerabilities in Embedded Devices
292(3)
Apply Cryptography
295(47)
Cryptographic Lifecycle
295(3)
Cryptographic Methods
298(13)
Public Key Infrastructure
311(4)
Key Management Practices
315(3)
Digital Signatures
318(2)
Non-Repudiation
320(1)
Integrity
321(4)
Understand Methods of Cryptanalytic Attacks
325(14)
Digital Rights Management
339(3)
Apply Security Principles to Site and Facility Design
342(1)
Implement Site and Facility Security Controls
343(19)
Physical Access Controls
343(2)
Wiring Closets/Intermediate Distribution Facilities
345(1)
Server Rooms/Data Centers
346(2)
Media Storage Facilities
348(1)
Evidence Storage
349(1)
Restricted and Work Area Security
349(2)
Utilities and Heating, Ventilation, and Air Conditioning
351(4)
Environmental Issues
355(3)
Fire Prevention, Detection, and Suppression
358(4)
Summary
362(1)
Domain 4 Communication and Network Security
363(120)
Implement Secure Design Principles in Network Architectures
364(47)
Open Systems Interconnection and Transmission Control Protocol/Internet Protocol Models
365(17)
Internet Protocol Networking
382(10)
Implications of Multilayer Protocols
392(2)
Converged Protocols
394(1)
Software-Defined Networks
395(1)
Wireless Networks
396(13)
Internet, Intranets, and Extranets
409(1)
Demilitarized Zones
410(1)
Virtual LANs
410(1)
Secure Network Components
411(38)
Firewalls
412(6)
Network Address Translation
418(3)
Intrusion Detection System
421(1)
Security Information and Event Management
422(1)
Network Security from Hardware Devices
423(6)
Transmission Media
429(13)
Endpoint Security
442(5)
Implementing Defense in Depth
447(1)
Content Distribution Networks
448(1)
Implement Secure Communication Channels According to Design
449(32)
Secure Voice Communications
449(3)
Multimedia Collaboration
452(6)
Remote Access
458(8)
Data Communications
466(4)
Virtualized Networks
470(11)
Summary
481(2)
Domain 5 Identity and Access Management
483(56)
Control Physical and Logical Access to Assets
484(8)
Information
485(1)
Systems
486(1)
Devices
487(1)
Facilities
488(4)
Manage Identification and Authentication of People, Devices, and Services
492(33)
Identity Management Implementation
494(2)
Single Factor/Multifactor Authentication
496(15)
Accountability
511(1)
Session Management
511(2)
Registration and Proofing of Identity
513(7)
Federated Identity Management
520(4)
Credential Management Systems
524(1)
Integrate Identity as a Third-Party Service
525(3)
On-Premise
526(1)
Cloud
527(1)
Federated
527(1)
Implement and Manage Authorization Mechanisms
528(5)
Role-Based Access Control
528(1)
Rule-Based Access Control
529(1)
Mandatory Access Control
530(1)
Discretionary Access Control
531(1)
Attribute-Based Access Control
531(2)
Manage the Identity and Access Provisioning Lifecycle
533(4)
User Access Review
534(1)
System Account Access Review
535(1)
Provisioning and Deprovisioning
535(1)
Auditing and Enforcement
536(1)
Summary
537(2)
Domain 6 Security Assessment and Testing
539(58)
Design and Validate Assessment, Test, and Audit Strategies
540(5)
Assessment Standards
543(2)
Conduct Security Control Testing
545(30)
Vulnerability Assessment
546(8)
Penetration Testing
554(10)
Log Reviews
564(1)
Synthetic Transactions
565(2)
Code Review and Testing
567(4)
Misuse Case Testing
571(2)
Test Coverage Analysis
573(1)
Interface Testing
574(1)
Collect Security Process Data
575(12)
Account Management
577(2)
Management Review and Approval
579(1)
Key Performance and Risk Indicators
580(3)
Backup Verification Data
583(1)
Training and Awareness
584(1)
Disaster Recovery and Business Continuity
585(2)
Analyze Test Output and Generate Report
587(3)
Conduct or Facilitate Security Audits
590(6)
Internal Audits
591(1)
External Audits
591(1)
Third-Party Audits
592(1)
Integrating Internal and External Audits
593(1)
Auditing Principles
593(1)
Audit Programs
594(2)
Summary
596(1)
Domain 7 Security Operations
597(98)
Understand and Support Investigations
598(12)
Evidence Collection and Handling
599(2)
Reporting and Documentation
601(1)
Investigative Techniques
602(2)
Digital Forensics Tools, Techniques, and Procedures
604(6)
Understand Requirements for Investigation Types
610(7)
Administrative
611(2)
Criminal
613(1)
Civil
614(2)
Regulatory
616(1)
Industry Standards
616(1)
Conduct Logging and Monitoring Activities
617(15)
Define Auditable Events
618(1)
Time
619(1)
Protect Logs
620(1)
Intrusion Detection and Prevention
621(2)
Security Information and Event Management
623(2)
Continuous Monitoring
625(4)
Ingress Monitoring
629(2)
Egress Monitoring
631(1)
Securely Provision Resources
632(5)
Asset Inventory
632(2)
Asset Management
634(1)
Configuration Management
635(2)
Understand and Apply Foundational Security Operations Concepts
637(10)
Need to Know/Least Privilege
637(1)
Separation of Duties and Responsibilities
638(2)
Privileged Account Management
640(2)
Job Rotation
642(1)
Information Lifecycle
643(1)
Service Level Agreements
644(3)
Apply Resource Protection Techniques to Media
647(3)
Marking
647(1)
Protecting
647(1)
Transport
648(1)
Sanitization and Disposal
649(1)
Conduct Incident Management
650(13)
An Incident Management Program
651(2)
Detection
653(3)
Response
656(1)
Mitigation
657(1)
Reporting
658(3)
Recovery
661(1)
Remediation
661(1)
Lessons Learned
661(1)
Third-Party Considerations
662(1)
Operate and Maintain Detective and Preventative Measures
663(7)
White-listing/Black-listing
665(1)
Third-Party Security Services
665(2)
Honeypots/Honeynets
667(1)
Anti-Malware
667(3)
Implement and Support Patch and Vulnerability Management
670(2)
Understand and Participate in Change Management Processes
672(1)
Implement Recovery Strategies
673(6)
Backup Storage Strategies
673(3)
Recovery Site Strategies
676(2)
Multiple Processing Sites
678(1)
System Resilience, High Availability, Quality of Service, and Fault Tolerance
679(1)
Implement Disaster Recovery Processes
679(6)
Response
680(1)
Personnel
680(2)
Communications
682(1)
Assessment
682(1)
Restoration
683(1)
Training and Awareness
684(1)
Test Disaster Recovery Plans
685(3)
Read-Through/Tabletop
686(1)
Walk-Through
687(1)
Simulation
687(1)
Parallel
687(1)
Full Interruption
688(1)
Participate in Business Continuity Planning and Exercises
688(1)
Implement and Manage Physical Security
689(4)
Physical Access Control
689(3)
The Data Center
692(1)
Address Personnel Safety and Security Concerns
693(1)
Travel
693(1)
Duress
693(1)
Summary
694(1)
Domain 8 Software Development Security
695(180)
Understand and Integrate Security in the Software Development Lifecycle
696(80)
Development Methodologies
696(57)
Maturity Models
753(15)
Operations and Maintenance
768(2)
Change Management
770(3)
Integrated Product Team
773(3)
Identify and Apply Security Controls in Development Environments
776(26)
Security of the Software Environment
777(19)
Configuration Management as an Aspect of Secure Coding
796(2)
Security of Code Repositories
798(4)
Assess the Effectiveness of Software Security
802(33)
Logging and Auditing of Changes
802(15)
Risk Analysis and Mitigation
817(18)
Assess the Security Impact of Acquired Software
835(18)
Acquired Software Types
835(7)
Software Acquisition Process
842(3)
Relevant Standards
845(3)
Software Assurance
848(4)
Certification and Accreditation
852(1)
Define and Apply Secure Coding Standards and Guidelines
853(21)
Security Weaknesses and Vulnerabilities at the Source-Code Level
854(5)
Security of Application Programming Interfaces
859(9)
Secure Coding Practices
868(6)
Summary
874(1)
Index 875
This common body of knowledge is written and reviewed by a collection of experienced CISSP experts from a range of information security roles and organizations.