The Official (ISC)2 Guide to the CISSP CBK Reference (inbunden)
Fler böcker inom
Inbunden (Hardback)
Antal sidor
5th Edition
John Wiley & Sons Inc
Murphy, Sean (förf)/Oakes, Charles (förf)/Pajari, George (förf)/Parker, Jeff (förf)/Seidl, David (förf)/Vasquez, Mike (förf)
234 x 184 x 25 mm
1678 g
Antal komponenter
The Official (ISC)2 Guide to the CISSP CBK Reference (inbunden)

The Official (ISC)2 Guide to the CISSP CBK Reference

Inbunden Engelska, 2019-04-22
Skickas inom 5-8 vardagar.
Fri frakt inom Sverige för privatpersoner.
The only official, comprehensive reference guide to the CISSP All new for 2019 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)2, the CISSP credential?meets the stringent requirements of ISO/IEC Standard 17024. This CBK covers the new eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Written by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with: Common and good practices for each objective Common vocabulary and definitions References to widely accepted computing standards Highlights of successful approaches through case studies Whether youve earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.
Visa hela texten

Passar bra ihop

  1. The Official (ISC)2 Guide to the CISSP CBK Reference
  2. +
  3. Official (ISC)2 (R) Guide to the CISSP (R)-ISSMP (R) CBK (R)

De som köpt den här boken har ofta också köpt Official (ISC)2 (R) Guide to the CISSP (R)-ISSM... av Joseph Steinberg (inbunden).

Köp båda 2 för 1658 kr


Har du läst boken? Sätt ditt betyg »

Bloggat om The Official (ISC)2 Guide to the CISSP CB...

Övrig information

This common body of knowledge is written and reviewed by a collection of experienced CISSP experts from a range of information security roles and organizations.


Foreword xxv Introduction xxvii Domain 1: Security and Risk Management 1 Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2 Information Security 3 Evaluate and Apply Security Governance Principles 6 Alignment of Security Functions to Business Strategy, Goals, Mission, and Objectives 6 Vision, Mission, and Strategy 6 Governance 7 Due Care 10 Determine Compliance Requirements 11 Legal Compliance 12 Jurisdiction 12 Legal Tradition 12 Legal Compliance Expectations 13 Understand Legal and Regulatory Issues That Pertain to Information Security in a Global Context 13 Cyber Crimes and Data Breaches 14 Privacy 36 Understand, Adhere to, and Promote Professional Ethics 49 Ethical Decision-Making 49 Established Standards of Ethical Conduct 51 (ISC)(2) Ethical Practices 56 Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 57 Organizational Documents 58 Policy Development 61 Policy Review Process 61 Identify, Analyze, and Prioritize Business Continuity Requirements 62 Develop and Document Scope and Plan 62 Risk Assessment 70 Business Impact Analysis 71 Develop the Business Continuity Plan 73 Contribute to and Enforce Personnel Security Policies and Procedures 80 Key Control Principles 80 Candidate Screening and Hiring 82 Onboarding and Termination Processes 91 Vendor, Consultant, and Contractor Agreements and Controls 96 Privacy in the Workplace 97 Understand and Apply Risk Management Concepts 99 Risk 99 Risk Management Frameworks 99 Risk Assessment Methodologies 108 Understand and Apply Threat Modeling Concepts and Methodologies 111 Threat Modeling Concepts 111 Threat Modeling Methodologies 112 Apply Risk-Based Management Concepts to the Supply Chain 116 Supply Chain Risks 116 Supply Chain Risk Management 119 Establish and Maintain a Security Awareness, Education, and Training Program 121 Security Awareness Overview 122 Developing an Awareness Program 123 Training 127 Summary 128 Domain 2: Asset Security 131 Asset Security Concepts 131 Data Policy 132 Data Governance 132 Data Quality 133 Data Documentation 134 Data Organization 136 Identify and Classify Information and Assets 139 Asset Classification 141 Determine and Maintain Information and Asset Ownership 145 Asset Management Lifecycle 146 Software Asset Management 148 Protect Privacy 152 Cross-Border Privacy and Data Flow Protection 153 Data Owners 161 Data Controllers 162 Data Processors 163 Data Stewards 164 Data Custodians 164 Data Remanence 164 Data Sovereignty 168 Data Localization or Residency 169 Government and Law Enforcement Access to Data 171 Collection Limitation 172 Understanding Data States 173 Data Issues with Emerging Technologies 173 Ensure Appropriate Asset Retention 175 Retention of Records 178 Determining Appropriate Records Retention 178 Retention of Records in Data Lifecycle 179 Records Retention Best Practices 180 Determine Data Security Controls 181 Technical, Administrative, and Physical Controls 183 Establishing the Baseline Security 185 Scoping and Tailoring 186 Standards Selection 189 Data Protection Methods 198 Establish Information and Asset Handling Requirements 208 Marking and Labeling 208 Handling 209 Declassifying Data 210 Storage 211 Summary 212 Domain 3: Security Architecture and Engineering 213 Implement and Manage Engineering Processes Using Secure Design Principles 215 Saltzer and Schroeder's Principles 216 ISO/IEC 19249 221 Defense in Depth 229 Using Security Principles 230 Understand the Fundamental Concepts of Security Models 230 Bell-LaPadula Model 232 The Biba Integrity Model 234 The Clark-Wilson Model 235 The Brewer-Nash Model 235 Select Controls Based upon Systems Security Requirements 237 Understand Security Capabilities of Information Systems 241 Memory Protecti