Cover image for The Official (ISC)2 CISSP CBK Reference, 6th Edition

The Official (ISC)2 CISSP CBK Reference, 6th Edition

Author Arthur J. Deane , Aaron Kraus
Release Date: 2021/09/01
ISBN: 9781119789994
Topic:
0%
18
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

The only official, comprehensive reference guide to the CISSP

Thoroughly updated for 2021 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)2, the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024.

This CBK covers the current eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Revised and updated by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with:

  • Common and good practices for each objective
  • Common vocabulary and definitions
  • References to widely accepted computing standards
  • Highlights of successful approaches through case studies
Whether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Lead Authors
  5. Technical Reviewer
  6. Foreword
  7. Introduction
  8. DOMAIN 1: Security and Risk Management
    1. UNDERSTAND, ADHERE TO, AND PROMOTE PROFESSIONAL ETHICS
    2. UNDERSTAND AND APPLY SECURITY CONCEPTS
    3. EVALUATE AND APPLY SECURITY GOVERNANCE PRINCIPLES
    4. DETERMINE COMPLIANCE AND OTHER REQUIREMENTS
    5. UNDERSTAND LEGAL AND REGULATORY ISSUES THAT PERTAIN TO INFORMATION SECURITY IN A HOLISTIC CONTEXT
    6. UNDERSTAND REQUIREMENTS FOR INVESTIGATION TYPES
    7. DEVELOP, DOCUMENT, AND IMPLEMENT SECURITY POLICY, STANDARDS, PROCEDURES, AND GUIDELINES
    8. IDENTIFY, ANALYZE, AND PRIORITIZE BUSINESS CONTINUITY REQUIREMENTS
    9. CONTRIBUTE TO AND ENFORCE PERSONNEL SECURITY POLICIES AND PROCEDURES
    10. UNDERSTAND AND APPLY RISK MANAGEMENT CONCEPTS
    11. UNDERSTAND AND APPLY THREAT MODELING CONCEPTS AND METHODOLOGIES
    12. APPLY SUPPLY CHAIN RISK MANAGEMENT CONCEPTS
    13. ESTABLISH AND MAINTAIN A SECURITY AWARENESS, EDUCATION, AND TRAINING PROGRAM
    14. SUMMARY
  9. DOMAIN 2: Asset Security
    1. IDENTIFY AND CLASSIFY INFORMATION AND ASSETS
    2. ESTABLISH INFORMATION AND ASSET HANDLING REQUIREMENTS
    3. PROVISION RESOURCES SECURELY
    4. MANAGE DATA LIFECYCLE
    5. ENSURE APPROPRIATE ASSET RETENTION
    6. DETERMINE DATA SECURITY CONTROLS AND COMPLIANCE REQUIREMENTS
    7. SUMMARY
  10. DOMAIN 3: Security Architecture and Engineering
    1. RESEARCH, IMPLEMENT, AND MANAGE ENGINEERING PROCESSES USING SECURE DESIGN PRINCIPLES
    2. UNDERSTAND THE FUNDAMENTAL CONCEPTS OF SECURITY MODELS
    3. SELECT CONTROLS BASED UPON SYSTEMS SECURITY REQUIREMENTS
    4. UNDERSTAND SECURITY CAPABILITIES OF INFORMATION SYSTEMS
    5. ASSESS AND MITIGATE THE VULNERABILITIES OF SECURITY ARCHITECTURES, DESIGNS, AND SOLUTION ELEMENTS
    6. SELECT AND DETERMINE CRYPTOGRAPHIC SOLUTIONS
    7. UNDERSTAND METHODS OF CRYPTANALYTIC ATTACKS
    8. APPLY SECURITY PRINCIPLES TO SITE AND FACILITY DESIGN
    9. DESIGN SITE AND FACILITY SECURITY CONTROLS
    10. SUMMARY
  11. DOMAIN 4: Communication and Network Security
    1. ASSESS AND IMPLEMENT SECURE DESIGN PRINCIPLES IN NETWORK ARCHITECTURES
    2. SECURE NETWORK COMPONENTS
    3. IMPLEMENT SECURE COMMUNICATION CHANNELS ACCORDING TO DESIGN
    4. SUMMARY
  12. DOMAIN 5: Identity and Access Management
    1. CONTROL PHYSICAL AND LOGICAL ACCESS TO ASSETS
    2. MANAGE IDENTIFICATION AND AUTHENTICATION OF PEOPLE, DEVICES, AND SERVICES
    3. FEDERATED IDENTITY WITH A THIRD-PARTY SERVICE
    4. IMPLEMENT AND MANAGE AUTHORIZATION MECHANISMS
    5. MANAGE THE IDENTITY AND ACCESS PROVISIONING LIFECYCLE
    6. IMPLEMENT AUTHENTICATION SYSTEMS
    7. SUMMARY
  13. DOMAIN 6: Security Assessment and Testing
    1. DESIGN AND VALIDATE ASSESSMENT, TEST, AND AUDIT STRATEGIES
    2. CONDUCT SECURITY CONTROL TESTING
    3. COLLECT SECURITY PROCESS DATA
    4. ANALYZE TEST OUTPUT AND GENERATE REPORT
    5. CONDUCT OR FACILITATE SECURITY AUDITS
    6. SUMMARY
  14. DOMAIN 7: Security Operations
    1. UNDERSTAND AND COMPLY WITH INVESTIGATIONS
    2. CONDUCT LOGGING AND MONITORING ACTIVITIES
    3. PERFORM CONFIGURATION MANAGEMENT
    4. APPLY FOUNDATIONAL SECURITY OPERATIONS CONCEPTS
    5. APPLY RESOURCE PROTECTION
    6. CONDUCT INCIDENT MANAGEMENT
    7. OPERATE AND MAINTAIN DETECTIVE AND PREVENTATIVE MEASURES
    8. IMPLEMENT AND SUPPORT PATCH AND VULNERABILITY MANAGEMENT
    9. UNDERSTAND AND PARTICIPATE IN CHANGE MANAGEMENT PROCESSES
    10. IMPLEMENT RECOVERY STRATEGIES
    11. IMPLEMENT DISASTER RECOVERY PROCESSES
    12. TEST DISASTER RECOVERY PLANS
    13. PARTICIPATE IN BUSINESS CONTINUITY PLANNING AND EXERCISES
    14. IMPLEMENT AND MANAGE PHYSICAL SECURITY
    15. ADDRESS PERSONNEL SAFETY AND SECURITY CONCERNS
    16. SUMMARY
  15. DOMAIN 8: Software Development Security
    1. UNDERSTAND AND INTEGRATE SECURITY IN THE SOFTWARE DEVELOPMENT LIFE CYCLE (SDLC)
    2. IDENTIFY AND APPLY SECURITY CONTROLS IN SOFTWARE DEVELOPMENT ECOSYSTEMS
    3. ASSESS THE EFFECTIVENESS OF SOFTWARE SECURITY
    4. ASSESS SECURITY IMPACT OF ACQUIRED SOFTWARE
    5. DEFINE AND APPLY SECURE CODING GUIDELINES AND STANDARDS
    6. SUMMARY
  16. Index
  17. End User License Agreement
3.149.214.32