2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet881/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   873   874   875   876   877   878   879   880   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

A.
Confidentiality
B.
Encryption
C.
Stealth
D.
Sandbox

Document Outline

  • (ISC)2 CISSP® Official Study Guide
  • Acknowledgments
  • About the Authors
  • About the Technical Editors
  • Contents at a Glance
  • Contents
  • Introduction
  • Assessment Test
  • Answers to Assessment Test
  • Chapter 1 Security Governance Through Principles and Policies
    • Understand and Apply Concepts of Confidentiality, Integrity, and Availability
      • Confidentiality
      • Integrity
      • Availability
      • Other Security Concepts
      • Protection Mechanisms
      • Layering
      • Abstraction
      • Data Hiding
      • Encryption
    • Evaluate and Apply Security Governance Principles
      • Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives
      • Organizational Processes
      • Organizational Roles and Responsibilities
      • Security Control Frameworks
      • Due Care and Due Diligence
    • Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
      • Security Policies
      • Security Standards, Baselines, and Guidelines
      • Security Procedures
    • Understand and Apply Threat Modeling Concepts and Methodologies
      • Identifying Threats
      • Determining and Diagramming Potential Attacks
      • Performing Reduction Analysis
      • Prioritization and Response
    • Apply Risk-Based Management Concepts to the Supply Chain
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 2 Personnel Security and Risk Management Concepts
    • Personnel Security Policies and Procedures
      • Candidate Screening and Hiring
      • Employment Agreements and Policies
      • Onboarding and Termination Processes
      • Vendor, Consultant, and Contractor Agreements and Controls
      • Compliance Policy Requirements
      • Privacy Policy Requirements
    • Security Governance
    • Understand and Apply Risk Management Concepts
      • Risk Terminology
      • Identify Threats and Vulnerabilities
      • Risk Assessment/Analysis
      • Risk Responses
      • Countermeasure Selection and Implementation
      • Applicable Types of Controls
      • Security Control Assessment
      • Monitoring and Measurement
      • Asset Valuation and Reporting
      • Continuous Improvement
      • Risk Frameworks
    • Establish and Maintain a Security Awareness, Education, and Training Program
    • Manage the Security Function
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 3 Business Continuity Planning
    • Planning for Business Continuity
    • Project Scope and Planning
      • Business Organization Analysis
      • BCP Team Selection
      • Resource Requirements
      • Legal and Regulatory Requirements
    • Business Impact Assessment
      • Identify Priorities
      • Risk Identification
      • Likelihood Assessment
      • Impact Assessment
      • Resource Prioritization
    • Continuity Planning
      • Strategy Development
      • Provisions and Processes
    • Plan Approval and Implementation
      • Plan Approval
      • Plan Implementation
      • Training and Education
      • BCP Documentation
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 4 Laws, Regulations, and Compliance
    • Categories of Laws
      • Criminal Law
      • Civil Law
      • Administrative Law
    • Laws
      • Computer Crime
      • Intellectual Property
      • Licensing
      • Import/Export
      • Privacy
    • Compliance
    • Contracting and Procurement
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 5 Protecting Security of Assets
    • Identify and Classify Assets
      • Defining Sensitive Data
      • Defining Data Classifications
      • Defining Asset Classifications
      • Determining Data Security Controls
      • Understanding Data States
      • Handling Information and Assets
      • Data Protection Methods
    • Determining Ownership
      • Data Owners
      • Asset Owners
      • Business/Mission Owners
      • Data Processors
      • Administrators
      • Custodians
      • Users
      • Protecting Privacy
    • Using Security Baselines
      • Scoping and Tailoring
      • Selecting Standards
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 6 Cryptography and Symmetric Key Algorithms
    • Historical Milestones in Cryptography
      • Caesar Cipher
      • American Civil War
      • Ultra vs. Enigma
    • Cryptographic Basics
      • Goals of Cryptography
      • Cryptography Concepts
      • Cryptographic Mathematics
      • Ciphers
    • Modern Cryptography
      • Cryptographic Keys
      • Symmetric Key Algorithms
      • Asymmetric Key Algorithms
      • Hashing Algorithms
    • Symmetric Cryptography
      • Data Encryption Standard
      • Triple DES
      • International Data Encryption Algorithm
      • Blowfish
      • Skipjack
      • Advanced Encryption Standard
      • Symmetric Key Management
    • Cryptographic Lifecycle
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 7 PKI and Cryptographic Applications
    • Asymmetric Cryptography
      • Public and Private Keys
      • RSA
      • El Gamal
      • Elliptic Curve
    • Hash Functions
      • SHA
      • MD2
      • MD4
      • MD5
    • Digital Signatures
      • HMAC
      • Digital Signature Standard
    • Public Key Infrastructure
      • Certificates
      • Certificate Authorities
      • Certificate Generation and Destruction
    • Asymmetric Key Management
    • Applied Cryptography
      • Portable Devices
      • Email
      • Web Applications
      • Digital Rights Management
      • Networking
    • Cryptographic Attacks
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 8 Principles of Security Models, Design, and Capabilities
    • Implement and Manage Engineering Processes Using Secure Design Principles
      • Objects and Subjects
      • Closed and Open Systems
      • Techniques for Ensuring Confidentiality, Integrity, and Availability
      • Controls
      • Trust and Assurance
    • Understand the Fundamental Concepts of Security Models
      • Trusted Computing Base
      • State Machine Model
      • Information Flow Model
      • Noninterference Model
      • Take-Grant Model
      • Access Control Matrix
      • Bell-LaPadula Model
      • Biba Model
      • Clark-Wilson Model
      • Brewer and Nash Model (aka Chinese Wall)
      • Goguen-Meseguer Model
      • Sutherland Model
      • Graham-Denning Model
    • Select Controls Based On Systems Security Requirements
      • Rainbow Series
      • ITSEC Classes and Required Assurance and Functionality
      • Common Criteria
      • Industry and International Security Implementation Guidelines
      • Certification and Accreditation
    • Understand Security Capabilities of Information Systems
      • Memory Protection
      • Virtualization
      • Trusted Platform Module
      • Interfaces
      • Fault Tolerance
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 9 Security Vulnerabilities, Threats, and Countermeasures
    • Assess and Mitigate Security Vulnerabilities
      • Hardware
      • Firmware
    • Client-Based Systems
      • Applets
      • Local Caches
    • Server-Based Systems
    • Database Systems Security
      • Aggregation
      • Inference
      • Data Mining and Data Warehousing
      • Data Analytics
      • Large-Scale Parallel Data Systems
    • Distributed Systems and Endpoint Security
      • Cloud-Based Systems and Cloud Computing
      • Grid Computing
      • Peer to Peer
    • Internet of Things
    • Industrial Control Systems
    • Assess and Mitigate Vulnerabilities in Web-Based Systems
    • Assess and Mitigate Vulnerabilities in Mobile Systems
      • Device Security
      • Application Security
      • BYOD Concerns
    • Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
      • Examples of Embedded and Static Systems
      • Methods of Securing Embedded and Static Systems
    • Essential Security Protection Mechanisms
      • Technical Mechanisms
      • Security Policy and Computer Architecture
      • Policy Mechanisms
    • Common Architecture Flaws and Security Issues
      • Covert Channels
      • Attacks Based on Design or Coding Flaws and Security Issues
      • Programming
      • Timing, State Changes, and Communication Disconnects
      • Technology and Process Integration
      • Electromagnetic Radiation
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 10 Physical Security Requirements
    • Apply Security Principles to Site and Facility Design
      • Secure Facility Plan
      • Site Selection
      • Visibility
      • Natural Disasters
      • Facility Design
    • Implement Site and Facility Security Controls
      • Equipment Failure
      • Wiring Closets
      • Server Rooms/Data Centers
      • Media Storage Facilities
      • Evidence Storage
      • Restricted and Work Area Security
      • Utilities and HVAC Considerations
      • Fire Prevention, Detection, and Suppression
    • Implement and Manage Physical Security
      • Perimeter Security Controls
      • Internal Security Controls
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 11 Secure Network Architecture and Securing Network Components
    • OSI Model
      • History of the OSI Model
      • OSI Functionality
      • Encapsulation/Deencapsulation
      • OSI Layers
    • TCP/IP Model
      • TCP/IP Protocol Suite Overview
    • Converged Protocols
      • Content Distribution Networks
    • Wireless Networks
      • Securing Wireless Access Points
      • Securing the SSID
      • Conducting a Site Survey
      • Using Secure Encryption Protocols
      • Determining Antenna Placement
      • Antenna Types
      • Adjusting Power Level Controls
      • WPS
      • Using Captive Portals
      • General Wi-Fi Security Procedure
      • Wireless Attacks
    • Secure Network Components
      • Network Access Control
      • Firewalls
      • Endpoint Security
      • Secure Operation of Hardware
    • Cabling, Wireless, Topology, Communications, and Transmission Media Technology
      • Transmission Media
      • Network Topologies
      • Wireless Communications and Security
      • LAN Technologies
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 12 Secure Communications and Network Attacks
    • Network and Protocol Security Mechanisms
      • Secure Communications Protocols
      • Authentication Protocols
    • Secure Voice Communications
      • Voice over Internet Protocol (VoIP)
      • Social Engineering
      • Fraud and Abuse
    • Multimedia Collaboration
      • Remote Meeting
      • Instant Messaging
    • Manage Email Security
      • Email Security Goals
      • Understand Email Security Issues
      • Email Security Solutions
    • Remote Access Security Management
      • Plan Remote Access Security
      • Dial-Up Protocols
      • Centralized Remote Authentication Services
    • Virtual Private Network
      • Tunneling
      • How VPNs Work
      • Common VPN Protocols
      • Virtual LAN
    • Virtualization
    • Network Address Translation
      • Private IP Addresses
      • Stateful NAT
      • Static and Dynamic NAT
      • Automatic Private IP Addressing
    • Switching Technologies
      • Circuit Switching
      • Packet Switching
      • Virtual Circuits
    • WAN Technologies
      • WAN Connection Technologies
      • Dial-Up Encapsulation Protocols
    • Miscellaneous Security Control Characteristics
      • Transparency
      • Verify Integrity
      • Transmission Mechanisms
    • Security Boundaries
    • Prevent or Mitigate Network Attacks
      • DoS and DDoS
      • Eavesdropping
      • Impersonation/Masquerading
      • Replay Attacks
      • Modification Attacks
      • Address Resolution Protocol Spoofing
      • DNS Poisoning, Spoofing, and Hijacking
      • Hyperlink Spoofing
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 13 Managing Identity and Authentication
    • Controlling Access to Assets
      • Comparing Subjects and Objects
      • The CIA Triad and Access Controls
      • Types of Access Control
    • Comparing Identification and Authentication
      • Registration and Proofing of Identity
      • Authorization and Accountability
      • Authentication Factors
      • Passwords
      • Smartcards and Tokens
      • Biometrics
      • Multifactor Authentication
      • Device Authentication
      • Service Authentication
    • Implementing Identity Management
      • Single Sign-On
      • Credential Management Systems
      • Integrating Identity Services
      • Managing Sessions
      • AAA Protocols
    • Managing the Identity and Access Provisioning Lifecycle
      • Provisioning
      • Account Review
      • Account Revocation
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 14 Controlling and Monitoring Access
    • Comparing Access Control Models
      • Comparing Permissions, Rights, and Privileges
      • Understanding Authorization Mechanisms
      • Defining Requirements with a Security Policy
      • Implementing Defense in Depth
      • Summarizing Access Control Models
      • Discretionary Access Controls
      • Nondiscretionary Access Controls
    • Understanding Access Control Attacks
      • Risk Elements
      • Identifying Assets
      • Identifying Threats
      • Identifying Vulnerabilities
      • Common Access Control Attacks
      • Summary of Protection Methods
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 15 Security Assessment and Testing
    • Building a Security Assessment and Testing Program
      • Security Testing
      • Security Assessments
      • Security Audits
    • Performing Vulnerability Assessments
      • Describing Vulnerabilities
      • Vulnerability Scans
      • Penetration Testing
    • Testing Your Software
      • Code Review and Testing
      • Interface Testing
      • Misuse Case Testing
      • Test Coverage Analysis
      • Website Monitoring
    • Implementing Security Management Processes
      • Log Reviews
      • Account Management
      • Backup Verification
      • Key Performance and Risk Indicators
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 16 Managing Security Operations
    • Applying Security Operations Concepts
      • Need-to-Know and Least Privilege
      • Separation of Duties and Responsibilities
      • Job Rotation
      • Mandatory Vacations
      • Privileged Account Management
      • Managing the Information Lifecycle
      • Service-Level Agreements
      • Addressing Personnel Safety and Security
    • Securely Provisioning Resources
      • Managing Hardware and Software Assets
      • Protecting Physical Assets
      • Managing Virtual Assets
      • Managing Cloud-Based Assets
      • Media Management
    • Managing Configuration
      • Baselining
      • Using Images for Baselining
    • Managing Change
      • Security Impact Analysis
      • Versioning
      • Configuration Documentation
    • Managing Patches and Reducing Vulnerabilities
      • Systems to Manage
      • Patch Management
      • Vulnerability Management
      • Common Vulnerabilities and Exposures
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 17 Preventing and Responding to Incidents
    • Managing Incident Response
      • Defining an Incident
      • Incident Response Steps
    • Implementing Detective and Preventive Measures
      • Basic Preventive Measures
      • Understanding Attacks
      • Intrusion Detection and Prevention Systems
      • Specific Preventive Measures
    • Logging, Monitoring, and Auditing
      • Logging and Monitoring
      • Egress Monitoring
      • Auditing to Assess Effectiveness
      • Security Audits and Reviews
      • Reporting Audit Results
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 18 Disaster Recovery Planning
    • The Nature of Disaster
      • Natural Disasters
      • Man-Made Disasters
    • Understand System Resilience and Fault Tolerance
      • Protecting Hard Drives
      • Protecting Servers
      • Protecting Power Sources
      • Trusted Recovery
      • Quality of Service
    • Recovery Strategy
      • Business Unit and Functional Priorities
      • Crisis Management
      • Emergency Communications
      • Workgroup Recovery
      • Alternate Processing Sites
      • Mutual Assistance Agreements
      • Database Recovery
    • Recovery Plan Development
      • Emergency Response
      • Personnel and Communications
      • Assessment
      • Backups and Offsite Storage
      • Software Escrow Arrangements
      • External Communications
      • Utilities
      • Logistics and Supplies
      • Recovery vs. Restoration
    • Training, Awareness, and Documentation
    • Testing and Maintenance
      • Read-Through Test
      • Structured Walk-Through
      • Simulation Test
      • Parallel Test
      • Full-Interruption Test
      • Maintenance
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 19 Investigations and Ethics
    • Investigations
      • Investigation Types
      • Evidence
      • Investigation Process
    • Major Categories of Computer Crime
      • Military and Intelligence Attacks
      • Business Attacks
      • Financial Attacks
      • Terrorist Attacks
      • Grudge Attacks
      • Thrill Attacks
    • Ethics
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 20 Software Development Security
    • Introducing Systems Development Controls
      • Software Development
      • Systems Development Lifecycle
      • Lifecycle Models
      • Gantt Charts and PERT
      • Change and Configuration Management
      • The DevOps Approach
      • Application Programming Interfaces
      • Software Testing
      • Code Repositories
      • Service-Level Agreements
      • Software Acquisition
    • Establishing Databases and Data Warehousing
      • Database Management System Architecture
      • Database Transactions
      • Security for Multilevel Databases
      • Open Database Connectivity
      • NoSQL
    • Storing Data and Information
      • Types of Storage
      • Storage Threats
    • Understanding Knowledge-Based Systems
      • Expert Systems
      • Machine Learning
      • Neural Networks
      • Security Applications
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Chapter 21 Malicious Code and Application Attacks
    • Malicious Code
      • Sources of Malicious Code
      • Viruses
      • Logic Bombs
      • Trojan Horses
      • Worms
      • Spyware and Adware
      • Zero-Day Attacks
    • Password Attacks
      • Password Guessing
      • Dictionary Attacks
      • Social Engineering
      • Countermeasures
    • Application Attacks
      • Buffer Overflows
      • Time of Check to Time of Use
      • Back Doors
      • Escalation of Privilege and Rootkits
    • Web Application Security
      • Cross-Site Scripting
      • Cross-Site Request Forgery
      • SQL Injection
    • Reconnaissance Attacks
      • IP Probes
      • Port Scans
      • Vulnerability Scans
    • Masquerading Attacks
      • IP Spoofing
      • Session Hijacking
    • Summary
    • Exam Essentials
    • Written Lab
    • Review Questions
  • Appendix A Answers to Review Questions
    • Chapter 1: Security Governance Through Principles and Policies
    • Chapter 2: Personnel Security and Risk Management Concepts
    • Chapter 3: Business Continuity Planning
    • Chapter 4: Laws, Regulations, and Compliance
    • Chapter 5: Protecting Security of Assets
    • Chapter 6: Cryptography and Symmetric Key Algorithms
    • Chapter 7: PKI and Cryptographic Applications
    • Chapter 8: Principles of Security Models, Design, and Capabilities
    • Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
    • Chapter 10: Physical Security Requirements
    • Chapter 11: Secure Network Architecture and Securing Network Components
    • Chapter 12: Secure Communications and Network Attacks
    • Chapter 13: Managing Identity and Authentication
    • Chapter 14: Controlling and Monitoring Access
    • Chapter 15: Security Assessment and Testing
    • Chapter 16: Managing Security Operations
    • Chapter 17: Preventing and Responding to Incidents
    • Chapter 18: Disaster Recovery Planning
    • Chapter 19: Investigations and Ethics
    • Chapter 20: Software Development Security
    • Chapter 21: Malicious Code and Application Attacks
  • Appendix B Answers to Written Labs
    • Chapter 1: Security Governance Through Principles and Policies
    • Chapter 2: Personnel Security and Risk Management Concepts
    • Chapter 3: Business Continuity Planning
    • Chapter 4: Laws, Regulations, and Compliance
    • Chapter 5: Protecting Security of Assets
    • Chapter 6: Cryptography and Symmetric Key Algorithms
    • Chapter 7: PKI and Cryptographic Applications
    • Chapter 8: Principles of Security Models, Design, and Capabilities
    • Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
    • Chapter 10: Physical Security Requirements
    • Chapter 11: Secure Network Architecture and Securing Network Components
    • Chapter 12: Secure Communications and Network Attacks
    • Chapter 13: Managing Identity and Authentication
    • Chapter 14: Controlling and Monitoring Access
    • Chapter 15: Security Assessment and Testing
    • Chapter 16: Managing Security Operations
    • Chapter 17: Preventing and Responding to Incidents
    • Chapter 18: Disaster Recovery Planning
    • Chapter 19: Investigations and Ethics
    • Chapter 20: Software Development Security
    • Chapter 21: Malicious Code and Application Attacks
  • Index
  • Advert
  • EULA

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   873   874   875   876   877   878   879   880   881




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish