The Official (ISC)2 CISSP CBK Reference - Kraus, Aaron

. .

Résumé :

Foreword xix
Introduction xxi

Domain 1: Security and Risk Management 1
Understand, Adhere to, and Promote Professional Ethics 2
(ISC)² Code of Professional Ethics 2
Organizational Code of Ethics 3
Understand and Apply Security Concepts 4
Confidentiality 4
Integrity 5
Availability 6
Limitations of the CIA Triad 7
Evaluate and Apply Security Governance Principles 8
Alignment of the Security Function to Business Strategy, Goals, Mission, and Objectives 9
Organizational Processes 10
Organizational Roles and Responsibilities 14
Security Control Frameworks 15
Due Care and Due Diligence 22
Determine Compliance and Other Requirements 23
Legislative and Regulatory Requirements 23
Industry Standards and Other Compliance Requirements 25
Privacy Requirements 27
Understand Legal and Regulatory Issues That Pertain to Information Security in a Holistic Context 28
Cybercrimes and Data Breaches 28
Licensing and Intellectual Property Requirements 36
Import/Export Controls 39
Transborder Data Flow 40
Privacy 41
Understand Requirements for Investigation Types 48
Administrative 49
Criminal 50
Civil 52
Regulatory 53
Industry Standards 54
Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 55
Policies 55
Standards 56
Procedures 57
Guidelines 57
Identify, Analyze, and Prioritize Business Continuity Requirements 58
Business Impact Analysis 59
Develop and Document the Scope and the Plan 61
Contribute to and Enforce Personnel Security Policies and Procedures 63
Candidate Screening and Hiring 63
Employment Agreements and Policies 64
Onboarding, Transfers, and Termination Processes 65
Vendor, Consultant, and Contractor Agreements and Controls 67
Compliance Policy Requirements 67
Privacy Policy Requirements 68
Understand and Apply Risk Management Concepts 68
Identify Threats and Vulnerabilities 68
Risk Assessment 70
Risk Response/Treatment 72
Countermeasure Selection and Implementation 73
pplicable Types of Controls 75
Control Assessments 76
Monitoring and Measurement 77
Reporting 77
Continuous Improvement 78
Risk Frameworks 78
Understand and Apply Threat Modeling Concepts and Methodologies 83
Threat Modeling Concepts 84
Threat Modeling Methodologies 85
Apply Supply Chain Risk Management Concepts 88
Risks Associated with Hardware, Software, and Services 88
Third-Party Assessment and Monitoring 89
Minimum Security Requirements 90
Service-Level
Requirements 90
Frameworks 91
Establish and Maintain a Security Awareness, Education, and Training Program 92
Methods and Techniques to Present Awareness and Training 93
Periodic Content Reviews 94
Program Effectiveness Evaluation 94
Summary 95

Domain 2: Asset Security 97
Identify and Classify Information and Assets 97
Data Classification and Data Categorization 99
Asset Classification 101
Establish Information and Asset Handling Requirements 104
Marking and Labeling 104
Handling 105
Storage 105
Declassification 106
Provision Resources Securely 108
Information and Asset Ownership 108
Asset Inventory 109
Asset Management 112
Manage Data Lifecycle 115
Data Roles 116
Data Collection 120
Data Location 120
Data Maintenance 121
Data Retention 122
Data Destruction 123
Data Remanence 123
Ensure Appropriate Asset Retention 127
Determining Appropriate Records Retention 129
Records Retention Best Practices 130
Determine Data Security Controls and Compliance Requirements 131
D...

Biographie:
..

Sommaire:

The only official, comprehensive reference guide to the CISSP

Thoroughly updated for 2021 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)² for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)², the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024.

This CBK covers the current eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Revised and updated by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with:

• Common and good practices for each objective
• Common vocabulary and definitions
• References to widely accepted computing standards
• Highlights of successful approaches through case studies

Whether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.