(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. Mike Chapple

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple


Скачать книгу
2.6.4 Data protection methods (e.g., Digital Rights Management (DRM), Data Loss Prevention (DLP), Cloud Access Security Broker (CASB)) 5 Domain 3 Security Architecture and Engineering 3.1 Research, implement and manage engineering processes using secure design principles 1, 8, 9, 16 3.1.1 Threat Modeling 1 3.1.2 Least Privilege 16 3.1.3 Defense in Depth 1 3.1.4 Secure defaults 8 3.1.5 Fail securely 8 3.1.6 Separation of duties (SoD) 16 3.1.7 Keep it simple 8 3.1.8 Zero Trust 8 3.1.9 Privacy by design 8 3.1.10 Trust but verify 8 3.1.11 Shared responsibility 9 3.2 Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula) 8 3.3 Select controls based upon systems security requirements 8 3.4 Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption) 8 3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements 9, 16, 20 3.5.1 Client-based systems 9 3.5.2 Server-based systems 9 3.5.3 Database systems 20 3.5.4 Cryptographic systems 7 3.5.5 Industrial Control Systems (ICS) 9 3.5.6 Cloud-based systems (e.g., Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS)) 16 3.5.7 Distributed systems 9 3.5.8 Internet of Things (IoT) 9 3.5.9 Microservices 9 3.5.10 Containerization 9 3.5.11 Serverless 9 3.5.12 Embedded systems 9 3.5.13 High-Performance Computing (HPC) systems
Скачать книгу