CHF70.00
Download steht sofort bereit
The only official, comprehensive reference guide to the CISSP
All new for 2019 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)² for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)², the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024.
This CBK covers the new eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Written by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with:
Common and good practices for each objective
Common vocabulary and definitions
References to widely accepted computing standards
Highlights of successful approaches through case studies
Whether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.
Autorentext
This common body of knowledge is written and reviewed by a collection of experienced CISSP experts from a range of information security roles and organizations.
Klappentext
"The opportunity has never been greater for dedicated men and women to carve out a meaningful career and make a difference in their organizations. The CISSP CBK will be your constant companion in protecting and securing the critical data assets of your organization that will serve you for years to come." David Shearer, CISSP, CEO of (ISC)2 Information security professionals play a pivotal role in protecting the essential fabric of business, finance, communications, and virtually all aspects of 21st century daily life. This all-new, authoritative Common Body of Knowledge (CBK®) from (ISC)2 provides a resource for IT professionals who are designing, engineering, implementing, and managing information security programs to protect their organizations from increasingly sophisticated attacks. With exhaustive coverage of all eight domains of CISSP, this book provides a comprehensive guide to applying these principles in everyday practice. The 300+ CISSP objectives and sub-objectives are covered in a format that supplies common practices for each, a common lexicon with definitions, and appropriate references to both widely accepted computing standards and case studies that highlight successful approaches to problems. Written and reviewed by a team of highly knowledgeable CISSPs representing a variety of organizations and roles, it explains and defines all things related to CISSP. Explored in depth are Security and Risk Management, Asset Security, Security Engineering, Communications and Network Security, Identity and Asset Management, Security Assessment and Testing, Security Operations, and Software Development Security. From understanding essential security concepts to the exercise of due care, legal compliance, professional ethics, and practical defense against an ever-growing variety of attacks, this book constitutes a vital reference that will serve you well throughout your career.
Zusammenfassung
The only official, comprehensive reference guide to the CISSP
All new for 2019 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)2, the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024.
This CBK covers the new eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Written by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with:
Inhalt
Foreword xxv
Introduction xxvii
Domain 1: Security and Risk Management 1
Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2
Information Security 3
Evaluate and Apply Security Governance Principles 6
Alignment of Security Functions to Business Strategy, Goals, Mission, and Objectives 6
Vision, Mission, and Strategy 6
Governance 7
Due Care 10
Determine Compliance Requirements 11
Legal Compliance 12
Jurisdiction 12
Legal Tradition 12
Legal Compliance Expectations 13
Understand Legal and Regulatory Issues That Pertain to Information Security in a Global Context 13
Cyber Crimes and Data Breaches 14
Privacy 36
Understand, Adhere to, and Promote Professional Ethics 49
Ethical Decision-Making 49
Established Standards of Ethical Conduct 51
(ISC)² Ethical Practices 56
Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 57
Organizational Documents 58
Policy Development 61
Policy Review Process 61
Identify, Analyze, and Prioritize Business Continuity Requirements 62
Develop and Document Scope and Plan 62
Risk Assessment 70
Business Impact Analysis 71
Develop the Business Continuity Plan 73
Contribute to and Enforce Personnel Security Policies and Procedures 80
Key Control Principles 80
Candidate Screening and Hiring 82
Onboarding and Termination Processes 91
Vendor, Consultant, and Contractor Agreements and Controls 96
Privacy in the Workplace 97
Understand and Apply Risk Management Concepts 99
Risk 99
Risk Management Frameworks 99
Risk Assessment Methodologies 108
Understand and Apply Threat Modeling Concepts and Methodologies 111
Threat Modeling Concepts 111
Threat Modeling Methodologies 112
Apply Risk-Based Management Concepts to the Supply Chain 116
Supply Chain Risks 116
Supply Chain Risk Management 119
Establish and Maintain a Security Awareness, Education, and Training Program 121
Security Awareness Overview 122
Developing an Awareness Program 123
Training 127
Summary 128
Domain 2: Asset Security 131
Asset Security Concepts 131
Data Policy 132
Data Governance 132
Data Quality 133
Data Documentation 134
Data Organization 136
Identify and Classify Information and Assets 139
Asset Classification 141
Determine and Maintain Information and Asset Ownership 145
Asset Management Lifecycle 146
Software Asset Management 148
Protect Privacy 152
Cross-Border Privacy and Data Flow Protection 153
Data Owners 161
Data Controllers 162
Data Processors 163
Data Stewards 164
Data Custodians 164
Data Remanence 164
Data Sovereignty 168
Data Localization or Residency 169
Government and Law Enforcement Access to Data 171
Collection Limitation 172
Understanding Data States 173
Data Issues with Emerging Technologies 173
Ensure Appropriate Asset Retention 175
Retention of Records 178
Determining Appropriate Records Retention 178
Retention of Records in Data Lifecycle 179
Records Retention Best Practices 180
Determine Data Security Controls 181
Technical, Administrative, and Physical Controls 183
Establis…