(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. Mike Chapple

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple


Скачать книгу
Understand and apply threat modeling concepts and methodologies 1 1.12 Apply Supply Chain Risk Management (SCRM) concepts 1 1.12.1 Risks associated with hardware, software, and services 1 1.12.2 Third-party assessment and monitoring 1 1.12.3 Minimum security requirements 1 1.12.4 Service level requirements 1 1.13 Establish and maintain a security awareness, education, and training program 2 1.13.1 Methods and techniques to present awareness and training (e.g., social engineering, phishing, security champions, gamification) 2 1.13.2 Periodic content reviews 2 1.13.3 Program effectiveness evaluation 2 Domain 2 Asset Security 2.1 Identify and classify information and assets 5 2.1.1 Data classification 5 2.1.2 Asset Classification 5 2.2 Establish information and asset handling requirements 5 2.3 Provision resources securely 16 2.3.1 Information and asset ownership 16 2.3.2 Asset inventory (e.g., tangible, intangible) 16 2.3.3 Asset management 16 2.4 Manage data lifecycle 5 2.4.1 Data roles (i.e., owners, controllers, custodians, processors, users/subjects) 5 2.4.2 Data collection 5 2.4.3 Data location 5 2.4.4 Data maintenance 5 2.4.5 Data retention 5 2.4.6 Data remanence 5 2.4.7 Data destruction 5 2.5 Ensure appropriate asset retention (e.g., End-of-Life (EOL) End-of-Support (EOS)) 5 2.6 Determine data security controls and compliance requirements 5 2.6.1 Data states (e.g., in use, in transit, at rest) 5 2.6.2 Scoping and tailoring 5 2.6.3 Standards selection 5
Скачать книгу