Cargando…
CISSP study guide /
The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. The newest edition of this acclaimed study guide is aligned to cover all of the material included in the newest version of the exam's Common Body of Knowledge. The t...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Otros Autores: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Waltham, MA :
Syngress,
�2012.
|
| Edición: | 2nd ed. |
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- CISSP� Study Guide
- About the authors
- Lead Author
- Contributing Authors
- About the Technical Editor
- 1. : Introduction
- How to Prepare for the Exam
- The CISSP exam is a management exam
- The notes card approach
- Practice tests
- Read the glossary
- Readiness checklist
- Taking the Exam
- Steps to becoming a CISSP
- Computer-based testing (CBT)
- How to take the exam
- The two-pass method
- Pass one
- Pass two
- The three-pass method
- After the exam
- Good Luck!
- 2. : Domain 1
- Unique Terms and Definitions
- Introduction.
- Cornerstone Information Security ConceptsConfidentiality, integrity, and availability
- Confidentiality
- Integrity
- Availability
- Tension between the concepts
- Disclosure, alteration, and destruction
- Identity and authentication, authorization, and accountability (AAA)
- Identity and authentication
- Authorization
- Accountability
- Non-repudiation
- Least privilege and need to know
- Subjects and objects
- Defense in depth
- Access Control Models
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Non-discretionary access control
- Content- and context-dependent access controls.
- Centralized access controlDecentralized access control
- Access provisioning lifecycle
- User entitlement, access review, and audit
- Access control protocols and frameworks
- RADIUS
- Diameter
- TACACS and TACACS+
- PAP and CHAP
- Microsoft Active Directory Domains
- Procedural Issues for Access Control
- Lab els. clearance, formal access approval, and need to know
- Lab els.
- Clearance
- Formal access approval
- Need to know
- Rule-based access controls
- Access control lists
- Access Control Defensive Categories and Types
- Preventive
- Detective
- Corrective
- Recovery
- Deterrent
- Compensating.
- Comparing access controlsAuthentication Methods
- Type 1 authentication: something you know
- Passwords
- Password hashes and password cracking
- Dictionary attacks
- Brute-force and hybrid attacks
- Salts
- Password management
- Password control
- Type 2 authentication: something you have
- Synchronous dynamic token
- Asynchronous dynamic token
- Type 3 authentication: something you are
- Biometric fairness, psychological comfort, and safety
- Biometric enrollment and throughput
- Accuracy of biometric systems
- False reject rate (FRR)
- False accept rate (FAR)
- Crossover error rate (CER).
- Types of biometric controlsFingerprints
- Retina scan
- Iris scan
- Hand geometry
- Keyboard dynamics
- Dynamic signature
- Voiceprint
- Facial scan
- Someplace you are
- Access Control Technologies
- Single sign-on (SSO)
- Federated identity management
- Kerberos
- Kerberos characteristics
- Kerberos operational steps
- Kerberos strengths
- Kerberos weaknesses
- SESAME
- Security audit logs
- Types of Attackers
- Hackers
- Black hats and white hats
- Script kiddies
- Outsiders
- Insiders
- Hacktivist
- Bots and botnets
- Phishers and spear phishers
- Assessing Access Control
- Penetration testing.
- Penetration testing tools and methodology.