Arthur J. Deane, Aaron Kraus

The Official (ISC)2 CISSP CBK Reference (eBook, ePUB)

• Format: ePub

Produktbeschreibung

The only official, comprehensive reference guide to the CISSP Thoroughly updated for 2021 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)² for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)², the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024. This CBK covers the current eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Revised and updated by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with: * Common and good practices for each objective * Common vocabulary and definitions * References to widely accepted computing standards * Highlights of successful approaches through case studies Whether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.

---

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in A, B, BG, CY, CZ, D, DK, EW, E, FIN, F, GR, HR, H, IRL, I, LT, L, LR, M, NL, PL, P, R, S, SLO, SK ausgeliefert werden.

Produktdetails

• Verlag: John Wiley & Sons
• Seitenzahl: 672
• Erscheinungstermin: 11. August 2021
• Englisch
• ISBN-13: 9781119790006
• Artikelnr.: 62473130

Inhaltsangabe

Foreword xix

Introduction xxi

Domain 1: Security and Risk Management 1

Understand, Adhere to, and Promote Professional Ethics 2

(ISC)² Code of Professional Ethics 2

Organizational Code of Ethics 3

Understand and Apply Security Concepts 4

Confidentiality 4

Integrity 5

Availability 6

Limitations of the CIA Triad 7

Evaluate and Apply Security Governance Principles 8

Alignment of the Security Function to Business Strategy, Goals, Mission, and Objectives 9

Organizational Processes 10

Organizational Roles and Responsibilities 14

Security Control Frameworks 15

Due Care and Due Diligence 22

Determine Compliance and Other Requirements 23

Legislative and Regulatory Requirements 23

Industry Standards and Other Compliance Requirements 25

Privacy Requirements 27

Understand Legal and Regulatory Issues That Pertain to Information Security in a Holistic Context 28

Cybercrimes and Data Breaches 28

Licensing and Intellectual Property Requirements 36

Import/Export Controls 39

Transborder Data Flow 40

Privacy 41

Understand Requirements for Investigation Types 48

Administrative 49

Criminal 50

Civil 52

Regulatory 53

Industry Standards 54

Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 55

Policies 55

Standards 56

Procedures 57

Guidelines 57

Identify, Analyze, and Prioritize Business Continuity Requirements 58

Business Impact Analysis 59

Develop and Document the Scope and the Plan 61

Contribute to and Enforce Personnel Security Policies and Procedures 63

Candidate Screening and Hiring 63

Employment Agreements and Policies 64

Onboarding, Transfers, and Termination Processes 65

Vendor, Consultant, and Contractor Agreements and Controls 67

Compliance Policy Requirements 67

Privacy Policy Requirements 68

Understand and Apply Risk Management Concepts 68

Identify Threats and Vulnerabilities 68

Risk Assessment 70

Risk Response/Treatment 72

Countermeasure Selection and Implementation 73

Applicable Types of Controls 75

Control Assessments 76

Monitoring and Measurement 77

Reporting 77

Continuous Improvement 78

Risk Frameworks 78

Understand and Apply Threat Modeling Concepts and Methodologies 83

Threat Modeling Concepts 84

Threat Modeling Methodologies 85

Apply Supply Chain Risk Management Concepts 88

Risks Associated with Hardware, Software, and Services 88

Third-Party Assessment and Monitoring 89

Minimum Security Requirements 90

Service-Level

Requirements 90

Frameworks 91

Establish and Maintain a Security Awareness, Education, and Training Program 92

Methods and Techniques to Present Awareness and Training 93

Periodic Content Reviews 94

Program Effectiveness Evaluation 94

Summary 95

Domain 2: Asset Security 97

Identify and Classify Information and Assets 97

Data Classification and Data Categorization 99

Asset Classification 101

Establish Information and Asset Handling Requirements 104

Marking and Labeling 104

Handling 105

Storage 105

Declassification 106

Provisi