Название: The Official (ISC)2 CISSP CBK Reference
Автор: Aaron Kraus
Издательство: John Wiley & Sons Limited
Жанр: Зарубежная компьютерная литература
isbn: 9781119790006
isbn:
MICHAEL S. WILLS, CAMS, CISSP, SSCP, is assistant professor of applied and innovative information technologies at the College of Business at Embry-Riddle Aeronautical University – Worldwide, where he continues his graduate and undergraduate teaching and research in cybersecurity and information assurance.
Mike has also been an advisor on science and technology policy to the UK's Joint Intelligence Committee, Ministry of Justice, and Defense Science and Technology Laboratories, helping them to evolve an operational and policy consensus relating topics from cryptography and virtual worlds, through the burgeoning surveillance society, to the proliferation of weapons of mass disruption (not just “destruction”) and their effects on global, regional, national, and personal security. For a time, this had him sometimes known as the UK's nonresident expert on outer space law.
Mike has been supporting the work of (ISC)2 by writing, editing, and updating books, study guides, and course materials for both their SSCP and CISSP programs. He wrote the SSCP Official Study Guide, 2nd Edition (Sybex, 2019), followed quickly by the SSCP Official Common Book of Knowledge, 5th Edition. He was lead author for the 2021 update of (ISC)2's official CISSP and SSCP training materials. Mike has also contributed to several industry roundtables and white papers on digital identity and cyber fraud detection and prevention and has been a panelist and webinar presenter on these and related topics for ACAMS.
Foreword
EARNING THE GLOBALLY RECOGNIZED CISSP® security certification is a proven way to build your career and demonstrate deep knowledge of cybersecurity concepts across a broad range of domains. Whether you are picking up this book to supplement your preparation to sit for the exam or are an existing CISSP using it as a desk reference, you'll find the The Official (ISC)2® CISSP® CBK® Reference to be the perfect primer on the security concepts covered in the eight domains of the CISSP CBK.
The CISSP is the most globally recognized certification in the information security market. It immediately signifies that the holder has the advanced cybersecurity skills and knowledge to design, engineer, implement, and manage information security programs and teams that protect against increasingly sophisticated attacks. It also conveys an adherence to best practices, policies, and procedures established by (ISC)2 cybersecurity experts.
The recognized leader in the field of information security education and certification, (ISC)2 promotes the development of information security professionals throughout the world. As a CISSP with all the benefits of (ISC)2 membership, you are part of a global network of more than 161,000 certified professionals who are working to inspire a safe and secure cyber world.
Drawing from a comprehensive, up-to-date global body of knowledge, the CISSP CBK provides you with valuable insights on the skills, techniques, and best practices a security professional should be familiar with, including how different elements of the information technology ecosystem interact.
If you are an experienced CISSP, you will find this edition of the CISSP CBK an indispensable reference. If you are still gaining the experience and knowledge you need to join the ranks of CISSPs, the CISSP CBK is a deep dive that can be used to supplement your studies.
As the largest nonprofit membership body of certified information security professionals worldwide, (ISC)2 recognizes the need to identify and validate not only information security competency, but also the ability to build, manage, and lead a security organization. Written by a team of subject matter experts, this comprehensive compendium covers all CISSP objectives and subobjectives in a structured format with common practices for each objective, a common lexicon and references to widely accepted computing standards and case studies.
The opportunity has never been greater for dedicated professionals to advance their careers and inspire a safe and secure cyber world. The CISSP CBK will be your constant companion in protecting your organization and will serve you for years to come.
Sincerely,
Clar Rosso
CEO, (ISC)2
Introduction
THE CERTIFIED INFORMATION SYSTEMS Security Professional (CISSP) certification identifies a professional who has demonstrated skills, knowledge, and abilities across a wide array of security practices and principles. The exam covers eight domains of practice, which are codified in the CISSP Common Body of Knowledge (CBK). The CBK presents topics that a CISSP can use in their daily role to identify and manage security risks to data and information systems and is built on a foundation comprising fundamental security concepts of confidentiality, integrity, availability, nonrepudiation, and authenticity (CIANA), as well as privacy and security (CIANA+PS). A variety of controls can be implemented for both data and systems, with the goal of either safeguarding or mitigating security risks to each of these foundational principles.
Global professionals take many paths into information security, and each candidate's experience must be combined with variations in practice and perspective across industries and regions due to the global reach of the certification. For most security practitioners, achieving CISSP requires study and learning new disciplines, and professionals are unlikely to work across all eight domains on a daily basis. The CISSP CBK is a baseline standard of security knowledge to help security practitioners deal with new and evolving risks, and this guide provides easy reference to aid practitioners in applying security topics and principles. This baseline must be connected with the reader's own experience and the unique operating environment of the reader's organization to be effective. The rapid pace of change in security also demands that practitioners continuously maintain their knowledge, so CISSP credential holders are also expected to maintain their knowledge via continuing education. Reference materials like this guide, along with other content sources such as industry conferences, webinars, and research are vital to maintaining this knowledge.
The domains presented in the CBK are progressive, starting with a foundation of basic security and risk management concepts in Chapter 1, “Security and Risk Management,” as well as fundamental topics of identifying, valuing, and applying proper risk mitigations for asset security in Chapter 2,“Asset Security.” Applying security to complex technology environments can be achieved by applying architecture and engineering concepts, which are presented in Chapter 3, “Security Architecture and Engineering.” Chapter 4, “Communication and Network Security,” details both the critical risks to as well as the critical defensive role played by communications networks, and Chapter 5, “Identity and Access Management,” covers the crucial practices of identifying users (both human and nonhuman) and controlling their access to systems, data, and other resources. Once a security program is designed, it is vital to gather information about and assess its effectiveness, which is covered in Chapter 6, “Security Assessment and Testing,” and keep the entire affair running — also known as security operations or SecOps, which is covered in Chapter 7, “Security СКАЧАТЬ