(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. Mike Chapple

Чтение книги онлайн.

СКАЧАТЬ 1.1 Understand, adhere to, and promote professional ethics 19 1.1.1 (ISC)² Code of Professional Ethics 19 1.1.2 Organizational code of ethics 19 1.2 Understand and apply security concepts 1 1.2.1 Confidentiality, integrity, and availability, authenticity and nonrepudiation 1 1.3 Evaluate and apply security governance principles 1 1.3.1 Alignment of security function to business strategy, goals, mission, and objectives 1 1.3.2 Organizational processes (e.g., acquisitions, divestitures, governance committees) 1 1.3.3 Organizational roles and responsibilities 1 1.3.4 Security control frameworks 1 1.3.5 Due care/due diligence 1 1.4 Determine compliance and other requirements 4 1.4.1 Contractual, legal, industry standards, and regulatory requirements 4 1.4.2 Privacy requirements 4 1.5 Understand legal and regulatory issues that pertain to information security in a holistic context 4 1.5.1 Cybercrimes and data breaches 4 1.5.2 Licensing and intellectual property (IP) requirements 4 1.5.3 Import/export controls 4 1.5.4 Transborder data flow 4 1.5.5 Privacy 4 1.6 Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards) 19 1.7 Develop, document, and implement security policy, standards, procedures, and guidelines 1 1.8 Identify, analyze, and prioritize Business Continuity (BC) requirements 3 1.8.1 Business Impact Analysis (BIA) 3 1.8.2 Develop and document the scope and the plan 3 1.9 Contribute to and enforce personnel security policies and procedures 2 1.9.1 Candidate screening and hiring 2 1.9.2 Employment agreements and policies 2 1.9.3 Onboarding, transfers, and termination processes 2 1.9.4 Vendor, consultant, and contractor agreements and controls 2 1.9.5 Compliance policy requirements СКАЧАТЬ