|
|
Pdf ko'rish
bet | 881/881 | Sana | 08.04.2023 | Hajmi | 19,3 Mb. | | #925879 |
| Bog'liq (CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)
A.
Confidentiality
B.
Encryption
C.
Stealth
D.
Sandbox
Document Outline - (ISC)2 CISSP® Official Study Guide
- Acknowledgments
- About the Authors
- About the Technical Editors
- Contents at a Glance
- Contents
- Introduction
- Assessment Test
- Answers to Assessment Test
- Chapter 1 Security Governance Through Principles and Policies
- Understand and Apply Concepts of Confidentiality, Integrity, and Availability
- Confidentiality
- Integrity
- Availability
- Other Security Concepts
- Protection Mechanisms
- Layering
- Abstraction
- Data Hiding
- Encryption
- Evaluate and Apply Security Governance Principles
- Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives
- Organizational Processes
- Organizational Roles and Responsibilities
- Security Control Frameworks
- Due Care and Due Diligence
- Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
- Security Policies
- Security Standards, Baselines, and Guidelines
- Security Procedures
- Understand and Apply Threat Modeling Concepts and Methodologies
- Identifying Threats
- Determining and Diagramming Potential Attacks
- Performing Reduction Analysis
- Prioritization and Response
- Apply Risk-Based Management Concepts to the Supply Chain
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 2 Personnel Security and Risk Management Concepts
- Personnel Security Policies and Procedures
- Candidate Screening and Hiring
- Employment Agreements and Policies
- Onboarding and Termination Processes
- Vendor, Consultant, and Contractor Agreements and Controls
- Compliance Policy Requirements
- Privacy Policy Requirements
- Security Governance
- Understand and Apply Risk Management Concepts
- Risk Terminology
- Identify Threats and Vulnerabilities
- Risk Assessment/Analysis
- Risk Responses
- Countermeasure Selection and Implementation
- Applicable Types of Controls
- Security Control Assessment
- Monitoring and Measurement
- Asset Valuation and Reporting
- Continuous Improvement
- Risk Frameworks
- Establish and Maintain a Security Awareness, Education, and Training Program
- Manage the Security Function
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 3 Business Continuity Planning
- Planning for Business Continuity
- Project Scope and Planning
- Business Organization Analysis
- BCP Team Selection
- Resource Requirements
- Legal and Regulatory Requirements
- Business Impact Assessment
- Identify Priorities
- Risk Identification
- Likelihood Assessment
- Impact Assessment
- Resource Prioritization
- Continuity Planning
- Strategy Development
- Provisions and Processes
- Plan Approval and Implementation
- Plan Approval
- Plan Implementation
- Training and Education
- BCP Documentation
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 4 Laws, Regulations, and Compliance
- Categories of Laws
- Criminal Law
- Civil Law
- Administrative Law
- Laws
- Computer Crime
- Intellectual Property
- Licensing
- Import/Export
- Privacy
- Compliance
- Contracting and Procurement
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 5 Protecting Security of Assets
- Identify and Classify Assets
- Defining Sensitive Data
- Defining Data Classifications
- Defining Asset Classifications
- Determining Data Security Controls
- Understanding Data States
- Handling Information and Assets
- Data Protection Methods
- Determining Ownership
- Data Owners
- Asset Owners
- Business/Mission Owners
- Data Processors
- Administrators
- Custodians
- Users
- Protecting Privacy
- Using Security Baselines
- Scoping and Tailoring
- Selecting Standards
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 6 Cryptography and Symmetric Key Algorithms
- Historical Milestones in Cryptography
- Caesar Cipher
- American Civil War
- Ultra vs. Enigma
- Cryptographic Basics
- Goals of Cryptography
- Cryptography Concepts
- Cryptographic Mathematics
- Ciphers
- Modern Cryptography
- Cryptographic Keys
- Symmetric Key Algorithms
- Asymmetric Key Algorithms
- Hashing Algorithms
- Symmetric Cryptography
- Data Encryption Standard
- Triple DES
- International Data Encryption Algorithm
- Blowfish
- Skipjack
- Advanced Encryption Standard
- Symmetric Key Management
- Cryptographic Lifecycle
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 7 PKI and Cryptographic Applications
- Asymmetric Cryptography
- Public and Private Keys
- RSA
- El Gamal
- Elliptic Curve
- Hash Functions
- Digital Signatures
- HMAC
- Digital Signature Standard
- Public Key Infrastructure
- Certificates
- Certificate Authorities
- Certificate Generation and Destruction
- Asymmetric Key Management
- Applied Cryptography
- Portable Devices
- Email
- Web Applications
- Digital Rights Management
- Networking
- Cryptographic Attacks
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 8 Principles of Security Models, Design, and Capabilities
- Implement and Manage Engineering Processes Using Secure Design Principles
- Objects and Subjects
- Closed and Open Systems
- Techniques for Ensuring Confidentiality, Integrity, and Availability
- Controls
- Trust and Assurance
- Understand the Fundamental Concepts of Security Models
- Trusted Computing Base
- State Machine Model
- Information Flow Model
- Noninterference Model
- Take-Grant Model
- Access Control Matrix
- Bell-LaPadula Model
- Biba Model
- Clark-Wilson Model
- Brewer and Nash Model (aka Chinese Wall)
- Goguen-Meseguer Model
- Sutherland Model
- Graham-Denning Model
- Select Controls Based On Systems Security Requirements
- Rainbow Series
- ITSEC Classes and Required Assurance and Functionality
- Common Criteria
- Industry and International Security Implementation Guidelines
- Certification and Accreditation
- Understand Security Capabilities of Information Systems
- Memory Protection
- Virtualization
- Trusted Platform Module
- Interfaces
- Fault Tolerance
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 9 Security Vulnerabilities, Threats, and Countermeasures
- Assess and Mitigate Security Vulnerabilities
- Client-Based Systems
- Server-Based Systems
- Database Systems Security
- Aggregation
- Inference
- Data Mining and Data Warehousing
- Data Analytics
- Large-Scale Parallel Data Systems
- Distributed Systems and Endpoint Security
- Cloud-Based Systems and Cloud Computing
- Grid Computing
- Peer to Peer
- Internet of Things
- Industrial Control Systems
- Assess and Mitigate Vulnerabilities in Web-Based Systems
- Assess and Mitigate Vulnerabilities in Mobile Systems
- Device Security
- Application Security
- BYOD Concerns
- Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
- Examples of Embedded and Static Systems
- Methods of Securing Embedded and Static Systems
- Essential Security Protection Mechanisms
- Technical Mechanisms
- Security Policy and Computer Architecture
- Policy Mechanisms
- Common Architecture Flaws and Security Issues
- Covert Channels
- Attacks Based on Design or Coding Flaws and Security Issues
- Programming
- Timing, State Changes, and Communication Disconnects
- Technology and Process Integration
- Electromagnetic Radiation
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 10 Physical Security Requirements
- Apply Security Principles to Site and Facility Design
- Secure Facility Plan
- Site Selection
- Visibility
- Natural Disasters
- Facility Design
- Implement Site and Facility Security Controls
- Equipment Failure
- Wiring Closets
- Server Rooms/Data Centers
- Media Storage Facilities
- Evidence Storage
- Restricted and Work Area Security
- Utilities and HVAC Considerations
- Fire Prevention, Detection, and Suppression
- Implement and Manage Physical Security
- Perimeter Security Controls
- Internal Security Controls
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 11 Secure Network Architecture and Securing Network Components
- OSI Model
- History of the OSI Model
- OSI Functionality
- Encapsulation/Deencapsulation
- OSI Layers
- TCP/IP Model
- TCP/IP Protocol Suite Overview
- Converged Protocols
- Content Distribution Networks
- Wireless Networks
- Securing Wireless Access Points
- Securing the SSID
- Conducting a Site Survey
- Using Secure Encryption Protocols
- Determining Antenna Placement
- Antenna Types
- Adjusting Power Level Controls
- WPS
- Using Captive Portals
- General Wi-Fi Security Procedure
- Wireless Attacks
- Secure Network Components
- Network Access Control
- Firewalls
- Endpoint Security
- Secure Operation of Hardware
- Cabling, Wireless, Topology, Communications, and Transmission Media Technology
- Transmission Media
- Network Topologies
- Wireless Communications and Security
- LAN Technologies
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 12 Secure Communications and Network Attacks
- Network and Protocol Security Mechanisms
- Secure Communications Protocols
- Authentication Protocols
- Secure Voice Communications
- Voice over Internet Protocol (VoIP)
- Social Engineering
- Fraud and Abuse
- Multimedia Collaboration
- Remote Meeting
- Instant Messaging
- Manage Email Security
- Email Security Goals
- Understand Email Security Issues
- Email Security Solutions
- Remote Access Security Management
- Plan Remote Access Security
- Dial-Up Protocols
- Centralized Remote Authentication Services
- Virtual Private Network
- Tunneling
- How VPNs Work
- Common VPN Protocols
- Virtual LAN
- Virtualization
- Network Address Translation
- Private IP Addresses
- Stateful NAT
- Static and Dynamic NAT
- Automatic Private IP Addressing
- Switching Technologies
- Circuit Switching
- Packet Switching
- Virtual Circuits
- WAN Technologies
- WAN Connection Technologies
- Dial-Up Encapsulation Protocols
- Miscellaneous Security Control Characteristics
- Transparency
- Verify Integrity
- Transmission Mechanisms
- Security Boundaries
- Prevent or Mitigate Network Attacks
- DoS and DDoS
- Eavesdropping
- Impersonation/Masquerading
- Replay Attacks
- Modification Attacks
- Address Resolution Protocol Spoofing
- DNS Poisoning, Spoofing, and Hijacking
- Hyperlink Spoofing
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 13 Managing Identity and Authentication
- Controlling Access to Assets
- Comparing Subjects and Objects
- The CIA Triad and Access Controls
- Types of Access Control
- Comparing Identification and Authentication
- Registration and Proofing of Identity
- Authorization and Accountability
- Authentication Factors
- Passwords
- Smartcards and Tokens
- Biometrics
- Multifactor Authentication
- Device Authentication
- Service Authentication
- Implementing Identity Management
- Single Sign-On
- Credential Management Systems
- Integrating Identity Services
- Managing Sessions
- AAA Protocols
- Managing the Identity and Access Provisioning Lifecycle
- Provisioning
- Account Review
- Account Revocation
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 14 Controlling and Monitoring Access
- Comparing Access Control Models
- Comparing Permissions, Rights, and Privileges
- Understanding Authorization Mechanisms
- Defining Requirements with a Security Policy
- Implementing Defense in Depth
- Summarizing Access Control Models
- Discretionary Access Controls
- Nondiscretionary Access Controls
- Understanding Access Control Attacks
- Risk Elements
- Identifying Assets
- Identifying Threats
- Identifying Vulnerabilities
- Common Access Control Attacks
- Summary of Protection Methods
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 15 Security Assessment and Testing
- Building a Security Assessment and Testing Program
- Security Testing
- Security Assessments
- Security Audits
- Performing Vulnerability Assessments
- Describing Vulnerabilities
- Vulnerability Scans
- Penetration Testing
- Testing Your Software
- Code Review and Testing
- Interface Testing
- Misuse Case Testing
- Test Coverage Analysis
- Website Monitoring
- Implementing Security Management Processes
- Log Reviews
- Account Management
- Backup Verification
- Key Performance and Risk Indicators
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 16 Managing Security Operations
- Applying Security Operations Concepts
- Need-to-Know and Least Privilege
- Separation of Duties and Responsibilities
- Job Rotation
- Mandatory Vacations
- Privileged Account Management
- Managing the Information Lifecycle
- Service-Level Agreements
- Addressing Personnel Safety and Security
- Securely Provisioning Resources
- Managing Hardware and Software Assets
- Protecting Physical Assets
- Managing Virtual Assets
- Managing Cloud-Based Assets
- Media Management
- Managing Configuration
- Baselining
- Using Images for Baselining
- Managing Change
- Security Impact Analysis
- Versioning
- Configuration Documentation
- Managing Patches and Reducing Vulnerabilities
- Systems to Manage
- Patch Management
- Vulnerability Management
- Common Vulnerabilities and Exposures
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 17 Preventing and Responding to Incidents
- Managing Incident Response
- Defining an Incident
- Incident Response Steps
- Implementing Detective and Preventive Measures
- Basic Preventive Measures
- Understanding Attacks
- Intrusion Detection and Prevention Systems
- Specific Preventive Measures
- Logging, Monitoring, and Auditing
- Logging and Monitoring
- Egress Monitoring
- Auditing to Assess Effectiveness
- Security Audits and Reviews
- Reporting Audit Results
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 18 Disaster Recovery Planning
- The Nature of Disaster
- Natural Disasters
- Man-Made Disasters
- Understand System Resilience and Fault Tolerance
- Protecting Hard Drives
- Protecting Servers
- Protecting Power Sources
- Trusted Recovery
- Quality of Service
- Recovery Strategy
- Business Unit and Functional Priorities
- Crisis Management
- Emergency Communications
- Workgroup Recovery
- Alternate Processing Sites
- Mutual Assistance Agreements
- Database Recovery
- Recovery Plan Development
- Emergency Response
- Personnel and Communications
- Assessment
- Backups and Offsite Storage
- Software Escrow Arrangements
- External Communications
- Utilities
- Logistics and Supplies
- Recovery vs. Restoration
- Training, Awareness, and Documentation
- Testing and Maintenance
- Read-Through Test
- Structured Walk-Through
- Simulation Test
- Parallel Test
- Full-Interruption Test
- Maintenance
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 19 Investigations and Ethics
- Investigations
- Investigation Types
- Evidence
- Investigation Process
- Major Categories of Computer Crime
- Military and Intelligence Attacks
- Business Attacks
- Financial Attacks
- Terrorist Attacks
- Grudge Attacks
- Thrill Attacks
- Ethics
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 20 Software Development Security
- Introducing Systems Development Controls
- Software Development
- Systems Development Lifecycle
- Lifecycle Models
- Gantt Charts and PERT
- Change and Configuration Management
- The DevOps Approach
- Application Programming Interfaces
- Software Testing
- Code Repositories
- Service-Level Agreements
- Software Acquisition
- Establishing Databases and Data Warehousing
- Database Management System Architecture
- Database Transactions
- Security for Multilevel Databases
- Open Database Connectivity
- NoSQL
- Storing Data and Information
- Types of Storage
- Storage Threats
- Understanding Knowledge-Based Systems
- Expert Systems
- Machine Learning
- Neural Networks
- Security Applications
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Chapter 21 Malicious Code and Application Attacks
- Malicious Code
- Sources of Malicious Code
- Viruses
- Logic Bombs
- Trojan Horses
- Worms
- Spyware and Adware
- Zero-Day Attacks
- Password Attacks
- Password Guessing
- Dictionary Attacks
- Social Engineering
- Countermeasures
- Application Attacks
- Buffer Overflows
- Time of Check to Time of Use
- Back Doors
- Escalation of Privilege and Rootkits
- Web Application Security
- Cross-Site Scripting
- Cross-Site Request Forgery
- SQL Injection
- Reconnaissance Attacks
- IP Probes
- Port Scans
- Vulnerability Scans
- Masquerading Attacks
- IP Spoofing
- Session Hijacking
- Summary
- Exam Essentials
- Written Lab
- Review Questions
- Appendix A Answers to Review Questions
- Chapter 1: Security Governance Through Principles and Policies
- Chapter 2: Personnel Security and Risk Management Concepts
- Chapter 3: Business Continuity Planning
- Chapter 4: Laws, Regulations, and Compliance
- Chapter 5: Protecting Security of Assets
- Chapter 6: Cryptography and Symmetric Key Algorithms
- Chapter 7: PKI and Cryptographic Applications
- Chapter 8: Principles of Security Models, Design, and Capabilities
- Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
- Chapter 10: Physical Security Requirements
- Chapter 11: Secure Network Architecture and Securing Network Components
- Chapter 12: Secure Communications and Network Attacks
- Chapter 13: Managing Identity and Authentication
- Chapter 14: Controlling and Monitoring Access
- Chapter 15: Security Assessment and Testing
- Chapter 16: Managing Security Operations
- Chapter 17: Preventing and Responding to Incidents
- Chapter 18: Disaster Recovery Planning
- Chapter 19: Investigations and Ethics
- Chapter 20: Software Development Security
- Chapter 21: Malicious Code and Application Attacks
- Appendix B Answers to Written Labs
- Chapter 1: Security Governance Through Principles and Policies
- Chapter 2: Personnel Security and Risk Management Concepts
- Chapter 3: Business Continuity Planning
- Chapter 4: Laws, Regulations, and Compliance
- Chapter 5: Protecting Security of Assets
- Chapter 6: Cryptography and Symmetric Key Algorithms
- Chapter 7: PKI and Cryptographic Applications
- Chapter 8: Principles of Security Models, Design, and Capabilities
- Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
- Chapter 10: Physical Security Requirements
- Chapter 11: Secure Network Architecture and Securing Network Components
- Chapter 12: Secure Communications and Network Attacks
- Chapter 13: Managing Identity and Authentication
- Chapter 14: Controlling and Monitoring Access
- Chapter 15: Security Assessment and Testing
- Chapter 16: Managing Security Operations
- Chapter 17: Preventing and Responding to Incidents
- Chapter 18: Disaster Recovery Planning
- Chapter 19: Investigations and Ethics
- Chapter 20: Software Development Security
- Chapter 21: Malicious Code and Application Attacks
- Index
- Advert
- EULA
Do'stlaringiz bilan baham: |
|
|