CISSP Certified Information Systems Security Professional : the Official (ISC)2 CISSP CBK Reference /
The only official, comprehensive reference guide to the CISSP Thoroughly updated for 2021 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information se...
Clasificación: | Libro Electrónico |
---|---|
Autores principales: | , |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Hoboken, New Jersey :
Sybex,
[2021]
|
Edición: | Sixth edition. |
Temas: | |
Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright Page
- Contents at a Glance
- Contents
- Foreword
- Introduction
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
- Domain 1 Security and Risk Management
- Understand, Adhere to, and Promote Professional Ethics
- (ISC)2 Code of Professional Ethics
- Organizational Code of Ethics
- Understand and Apply Security Concepts
- Confidentiality
- Integrity
- Availability
- Evaluate and Apply Security Governance Principles
- Alignment of the Security Function to Business Strategy, Goals, Mission, and Objectives
- Organizational Processes
- Organizational Roles and Responsibilities
- Security Control Frameworks
- Due Care and Due Diligence
- Determine Compliance and Other Requirements
- Legislative and Regulatory Requirements
- Industry Standards and Other Compliance Requirements
- Privacy Requirements
- Understand Legal and Regulatory Issues That Pertain to Information Security in a Holistic Context
- Cybercrimes and Data Breaches
- Licensing and Intellectual Property Requirements
- Import/Export Controls
- Transborder Data Flow
- Privacy
- Understand Requirements for Investigation Types
- Administrative
- Criminal
- Civil
- Regulatory
- Industry Standards
- Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
- Policies
- Standards
- Procedures
- Guidelines
- Identify, Analyze, and Prioritize Business Continuity Requirements
- Business Impact Analysis
- Develop and Document the Scope and the Plan
- Contribute to and Enforce Personnel Security Policies and Procedures
- Candidate Screening and Hiring
- Employment Agreements and Policies
- Onboarding, Transfers, and Termination Processes
- Vendor, Consultant, and Contractor Agreements and Controls
- Compliance Policy Requirements
- Privacy Policy Requirements
- Understand and Apply Risk Management Concepts
- Identify Threats and Vulnerabilities
- Risk Assessment
- Risk Response/Treatment
- Countermeasure Selection and Implementation
- Applicable Types of Controls
- Control Assessments
- Monitoring and Measurement
- Reporting
- Continuous Improvement
- Risk Frameworks
- Understand and Apply Threat Modeling Concepts and Methodologies
- Threat Modeling Concepts
- Threat Modeling Methodologies
- Apply Supply Chain Risk Management Concepts
- Risks Associated with Hardware, Software, and Services
- Third-Party Assessment and Monitoring
- Minimum Security Requirements
- Service-Level Requirements
- Frameworks
- Establish and Maintain a Security Awareness, Education, and Training Program
- Methods and Techniques to Present Awareness and Training
- Periodic Content Reviews
- Program Effectiveness Evaluation
- Summary
- Domain 2 Asset Security