• Wyszukiwanie zaawansowane
  • Kategorie
  • Kategorie BISAC
  • Książki na zamówienie
  • Promocje
  • Granty
  • Książka na prezent
  • Opinie
  • Pomoc
  • Załóż konto
  • Zaloguj się

The Official (Isc)2 Cissp Cbk Reference » książka

zaloguj się | załóż konto
Logo Krainaksiazek.pl

koszyk

konto

szukaj
topmenu
Księgarnia internetowa
Szukaj
Książki na zamówienie
Promocje
Granty
Książka na prezent
Moje konto
Pomoc
 
 
Wyszukiwanie zaawansowane
Pusty koszyk
Bezpłatna dostawa dla zamówień powyżej 20 złBezpłatna dostawa dla zamówień powyżej 20 zł

Kategorie główne

• Nauka
 [2683942]
• Literatura piękna
 [1633963]

  więcej...
• Turystyka
 [63606]
• Informatyka
 [142538]
• Komiksy
 [32051]
• Encyklopedie
 [21625]
• Dziecięca
 [513474]
• Hobby
 [108575]
• AudioBooki
 [2047]
• Literatura faktu
 [198581]
• Muzyka CD
 [672]
• Słowniki
 [2768]
• Inne
 [404142]
• Kalendarze
 [1848]
• Podręczniki
 [165261]
• Poradniki
 [410274]
• Religia
 [456028]
• Czasopisma
 [396]
• Sport
 [59722]
• Sztuka
 [227679]
• CD, DVD, Video
 [3891]
• Technologie
 [205420]
• Zdrowie
 [89042]
• Książkowe Klimaty
 [125]
• Zabawki
 [2960]
• Puzzle, gry
 [3429]
• Literatura w języku ukraińskim
 [263]
• Art. papiernicze i szkolne
 [10025]
Kategorie szczegółowe BISAC

The Official (Isc)2 Cissp Cbk Reference

ISBN-13: 9781119789994 / Angielski / Twarda / 2021 / 672 str.

(isc)2
The Official (Isc)2 Cissp Cbk Reference (isc)2 9781119789994 John Wiley & Sons Inc - książkaWidoczna okładka, to zdjęcie poglądowe, a rzeczywista szata graficzna może różnić się od prezentowanej.

The Official (Isc)2 Cissp Cbk Reference

ISBN-13: 9781119789994 / Angielski / Twarda / 2021 / 672 str.

(isc)2
cena 405,59 zł
(netto: 386,28 VAT:  5%)

Najniższa cena z 30 dni: 392,39 zł
Termin realizacji zamówienia:
ok. 22 dni roboczych.

Darmowa dostawa!
Kategorie:
Informatyka, Bazy danych
Kategorie BISAC:
Computers > Security - Network Security
Business & Economics > Auditing
Computers > Certification Guides - General
Wydawca:
John Wiley & Sons Inc
Język:
Angielski
ISBN-13:
9781119789994
Rok wydania:
2021
Ilość stron:
672
Waga:
1.23 kg
Wymiary:
23.8 x 18.8 x 3.81
Oprawa:
Twarda
Wolumenów:
01

Foreword xixIntroduction xxiDomain 1: Security and Risk Management 1Understand, Adhere to, and Promote Professional Ethics 2(ISC)² Code of Professional Ethics 2Organizational Code of Ethics 3Understand and Apply Security Concepts 4Confidentiality 4Integrity 5Availability 6Limitations of the CIA Triad 7Evaluate and Apply Security Governance Principles 8Alignment of the Security Function to Business Strategy, Goals, Mission, and Objectives 9Organizational Processes 10Organizational Roles and Responsibilities 14Security Control Frameworks 15Due Care and Due Diligence 22Determine Compliance and Other Requirements 23Legislative and Regulatory Requirements 23Industry Standards and Other Compliance Requirements 25Privacy Requirements 27Understand Legal and Regulatory Issues That Pertain to Information Security in a Holistic Context 28Cybercrimes and Data Breaches 28Licensing and Intellectual Property Requirements 36Import/Export Controls 39Transborder Data Flow 40Privacy 41Understand Requirements for Investigation Types 48Administrative 49Criminal 50Civil 52Regulatory 53Industry Standards 54Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 55Policies 55Standards 56Procedures 57Guidelines 57Identify, Analyze, and Prioritize Business Continuity Requirements 58Business Impact Analysis 59Develop and Document the Scope and the Plan 61Contribute to and Enforce Personnel Security Policies and Procedures 63Candidate Screening and Hiring 63Employment Agreements and Policies 64Onboarding, Transfers, and Termination Processes 65Vendor, Consultant, and Contractor Agreements and Controls 67Compliance Policy Requirements 67Privacy Policy Requirements 68Understand and Apply Risk Management Concepts 68Identify Threats and Vulnerabilities 68Risk Assessment 70Risk Response/Treatment 72Countermeasure Selection and Implementation 73Applicable Types of Controls 75Control Assessments 76Monitoring and Measurement 77Reporting 77Continuous Improvement 78Risk Frameworks 78Understand and Apply Threat Modeling Concepts and Methodologies 83Threat Modeling Concepts 84Threat Modeling Methodologies 85Apply Supply Chain Risk Management Concepts 88Risks Associated with Hardware, Software, and Services 88Third-Party Assessment and Monitoring 89Minimum Security Requirements 90Service-LevelRequirements 90Frameworks 91Establish and Maintain a Security Awareness, Education, and Training Program 92Methods and Techniques to Present Awareness and Training 93Periodic Content Reviews 94Program Effectiveness Evaluation 94Summary 95Domain 2: Asset Security 97Identify and Classify Information and Assets 97Data Classification and Data Categorization 99Asset Classification 101Establish Information and Asset Handling Requirements 104Marking and Labeling 104Handling 105Storage 105Declassification 106Provision Resources Securely 108Information and Asset Ownership 108Asset Inventory 109Asset Management 112Manage Data Lifecycle 115Data Roles 116Data Collection 120Data Location 120Data Maintenance 121Data Retention 122Data Destruction 123Data Remanence 123Ensure Appropriate Asset Retention 127Determining Appropriate Records Retention 129Records Retention Best Practices 130Determine Data Security Controls and Compliance Requirements 131Data States 133Scoping and Tailoring 135Standards Selection 137Data Protection Methods 141Summary 144Domain 3: Security Architecture and Engineering 147Research, Implement, and Manage Engineering Processes Using Secure Design Principles 149ISO/IEC 19249 150Threat Modeling 157Secure Defaults 160Fail Securely 161Separation of Duties 161Keep It Simple 162Trust, but Verify 162Zero Trust 163Privacy by Design 165Shared Responsibility 166Defense in Depth 167Understand the Fundamental Concepts of Security Models 168Primer on Common Model Components 168Information Flow Model 169Noninterference Model 169Bell-LaPadula Model 170Biba Integrity Model 172Clark-Wilson Model 173Brewer-Nash Model 173Take-Grant Model 175Select Controls Based Upon Systems Security Requirements 175Understand Security Capabilities of Information Systems 179Memory Protection 180Secure Cryptoprocessor 182Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 187Client-Based Systems 187Server-Based Systems 189Database Systems 191Cryptographic Systems 194Industrial Control Systems 200Cloud-Based Systems 203Distributed Systems 207Internet of Things 208Microservices 212Containerization 214Serverless 215Embedded Systems 216High-Performance Computing Systems 219Edge Computing Systems 220Virtualized Systems 221Select and Determine Cryptographic Solutions 224Cryptography Basics 225Cryptographic Lifecycle 226Cryptographic Methods 229Public Key Infrastructure 243Key Management Practices 246Digital Signatures and Digital Certificates 250Nonrepudiation 252Integrity 253Understand Methods of Cryptanalytic Attacks 257Brute Force 258Ciphertext Only 260Known Plaintext 260Chosen Plaintext Attack 260Frequency Analysis 261Chosen Ciphertext 261Implementation Attacks 261Side-Channel Attacks 261Fault Injection 263Timing Attacks 263Man-in-the-Middle 263Pass the Hash 263Kerberos Exploitation 264Ransomware 264Apply Security Principles to Site and Facility Design 265Design Site and Facility Security Controls 265Wiring Closets/Intermediate Distribution Facilities 266Server Rooms/Data Centers 267Media Storage Facilities 268Evidence Storage 269Restricted and Work Area Security 270Utilities and Heating, Ventilation, and Air Conditioning 272Environmental Issues 275Fire Prevention, Detection, and Suppression 277Summary 281Domain 4: Communication and Network Security 283Assess and Implement Secure Design Principles in Network Architectures 283Open System Interconnection and Transmission Control Protocol/Internet Protocol Models 285The OSI Reference Model 286The TCP/IP Reference Model 299Internet Protocol Networking 302Secure Protocols 311Implications of Multilayer Protocols 313Converged Protocols 315Microsegmentation 316Wireless Networks 319Cellular Networks 333Content Distribution Networks 334Secure Network Components 335Operation of Hardware 335Repeaters, Concentrators, and Amplifiers 341Hubs 341Bridges 342Switches 342Routers 343Gateways 343Proxies 343Transmission Media 345Network Access Control 352Endpoint Security 354Mobile Devices 355Implement Secure Communication Channels According to Design 357Voice 357Multimedia Collaboration 359Remote Access 365Data Communications 371Virtualized Networks 373Third-PartyConnectivity 374Summary 374Domain 5: Identity and Access Management 377Control Physical and Logical Access to Assets 378Access Control Definitions 378Information 379Systems 380Devices 381Facilities 383Applications 386Manage Identification and Authentication of People, Devices, and Services 387Identity Management Implementation 388Single/Multifactor Authentication 389Accountability 396Session Management 396Registration, Proofing, and Establishment of Identity 397Federated Identity Management 399Credential Management Systems 399Single Sign-On 400Just-In-Time 401Federated Identity with a Third-Party Service 401On Premises 402Cloud 403Hybrid 403Implement and Manage Authorization Mechanisms 404Role-Based Access Control 405Rule-Based Access Control 405Mandatory Access Control 406Discretionary Access Control 406Attribute-Based Access Control 407Risk-Based Access Control 408Manage the Identity and Access Provisioning Lifecycle 408Account Access Review 409Account Usage Review 411Provisioning and Deprovisioning 411Role Definition 412Privilege Escalation 413Implement Authentication Systems 414OpenID Connect/Open Authorization 414Security Assertion Markup Language 415Kerberos 416Remote Authentication Dial-In User Service/Terminal Access Controller Access Control System Plus 417Summary 418Domain 6: Security Assessment and Testing 419Design and Validate Assessment, Test, and Audit Strategies 420Internal 421External 422Third-Party 423Conduct Security Control Testing 423Vulnerability Assessment 423Penetration Testing 428Log Reviews 435Synthetic Transactions 435Code Review and Testing 436Misuse Case Testing 437Test Coverage Analysis 438Interface Testing 439Breach Attack Simulations 440Compliance Checks 441Collect Security Process Data 442Technical Controls and Processes 443Administrative Controls 443Account Management 444Management Review and Approval 445Management Reviews for Compliance 446Key Performance and Risk Indicators 447Backup Verification Data 450Training and Awareness 450Disaster Recovery and Business Continuity 451Analyze Test Output and Generate Report 452Typical Audit Report Contents 453Remediation 454Exception Handling 455Ethical Disclosure 456Conduct or Facilitate Security Audits 458Designing an Audit Program 458Internal Audits 459External Audits 460Third-Party Audits 460Summary 461Domain 7: Security Operations 463Understand and Comply with Investigations 464Evidence Collection and Handling 465Reporting and Documentation 467Investigative Techniques 469Digital Forensics Tools, Tactics, and Procedures 470Artifacts 475Conduct Logging and Monitoring Activities 478Intrusion Detection and Prevention 478Security Information and Event Management 480Continuous Monitoring 481Egress Monitoring 483Log Management 484Threat Intelligence 486User and Entity Behavior Analytics 488Perform Configuration Management 489Provisioning 490Asset Inventory 492Baselining 492Automation 493Apply Foundational Security Operations Concepts 494Need-to-Know/Least Privilege 494Separation of Duties and Responsibilities 495Privileged Account Management 496Job Rotation 498Service-LevelAgreements 498Apply Resource Protection 499Media Management 500Media Protection Techniques 501Conduct Incident Management 502Incident Management Plan 503Detection 505Response 506Mitigation 507Reporting 508Recovery 510Remediation 510Lessons Learned 511Operate and Maintain Detective and Preventative Measures 511Firewalls 512Intrusion Detection Systems and Intrusion Prevention Systems 514Whitelisting/Blacklisting 515Third-Party-Provided Security Services 515Sandboxing 517Honeypots/Honeynets 517Anti-malware 518Machine Learning and Artificial Intelligence Based Tools 518Implement and Support Patch and Vulnerability Management 519Patch Management 519Vulnerability Management 521Understand and Participate in Change Management Processes 522Implement Recovery Strategies 523Backup Storage Strategies 524Recovery Site Strategies 527Multiple Processing Sites 527System Resilience, High Availability, Quality of Service, and Fault Tolerance 528Implement Disaster Recovery Processes 529Response 529Personnel 530Communications 531Assessment 532Restoration 533Training and Awareness 534Lessons Learned 534Test Disaster Recovery Plans 535Read-through/Tabletop 536Walkthrough 536Simulation 537Parallel 537Full Interruption 537Participate in Business Continuity Planning and Exercises 538Implement and Manage Physical Security 539Perimeter Security Controls 541Internal Security Controls 543Address Personnel Safety and Security Concerns 545Travel 545Security Training and Awareness 546Emergency Management 546Duress 547Summary 548Domain 8: Software Development Security 549Understand and Integrate Security in the Software Development Life Cycle (SDLC) 550Development Methodologies 551Maturity Models 561Operation and Maintenance 567Change Management 568Integrated Product Team 571Identify and Apply Security Controls in Software Development Ecosystems 572Programming Languages 572Libraries 577Toolsets 578Integrated Development Environment 579Runtime 580Continuous Integration and Continuous Delivery 581Security Orchestration, Automation, and Response 583Software Configuration Management 585Code Repositories 586Application Security Testing 588Assess the Effectiveness of Software Security 590Auditing and Logging of Changes 590Risk Analysis and Mitigation 595Assess Security Impact of Acquired Software 599Commercial Off-the-Shelf 599Open Source 601Third-Party 602Managed Services (SaaS, IaaS, PaaS) 602Define and Apply Secure Coding Guidelines and Standards 604Security Weaknesses and Vulnerabilities at the Source-Code Level 605Security of Application Programming Interfaces 613API Security Best Practices 613Secure Coding Practices 618Software-Defined Security 621Summary 624Index 625



Udostępnij

Facebook - konto krainaksiazek.pl



Opinie o Krainaksiazek.pl na Opineo.pl

Partner Mybenefit

Krainaksiazek.pl w programie rzetelna firma Krainaksiaze.pl - płatności przez paypal

Czytaj nas na:

Facebook - krainaksiazek.pl
  • książki na zamówienie
  • granty
  • książka na prezent
  • kontakt
  • pomoc
  • opinie
  • regulamin
  • polityka prywatności

Zobacz:

  • Księgarnia czeska

  • Wydawnictwo Książkowe Klimaty

1997-2024 DolnySlask.com Agencja Internetowa

© 1997-2022 krainaksiazek.pl
     
KONTAKT | REGULAMIN | POLITYKA PRYWATNOŚCI
Zobacz: Księgarnia Czeska | Wydawnictwo Książkowe Klimaty | Mapa strony | Lista autorów
KrainaKsiazek.PL - Księgarnia Internetowa
Polityka prywatnosci - link
Krainaksiazek.pl - płatnośc Przelewy24
Przechowalnia Przechowalnia