{"product_id":"the-official-isc2-cissp-cbk-reference","title":"The Official (Isc)2 Cissp Cbk Reference","description":"\u003ctable align=\"center\" border=\"0\" cellpadding=\"2\" cellspacing=\"0\" width=\"100%\"\u003e\n\u003ctr\u003e\n\u003ctd class=\"productDetailSmallElements\"\u003e\n\u003cp\u003e\n\u003cstrong\u003eJacket Description\/Back\u003c\/strong\u003e:\u003cbr\u003e\n\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003e\"The CISSP continues to be a mark of distinction around the world, signifying not only experiential and practical knowledge but also a commitment to lifelong learning and improvement. The CISSP CBK is a living, breathing resource that cybersecurity practitioners and leaders can refer to as they go about the daily mission of inspiring a safe and secure cyber world.\"\u003c\/b\u003e\u003cbr\u003e--\u003cb\u003eClar Rosso, CEO, (ISC)\u003csup\u003e2\u003c\/sup\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eInformation security professionals play a pivotal role in protecting the essential fabric of business, finance, communications, and virtually all aspects of 21st century daily life. This updated, authoritative Common Body of Knowledge (CBK\u003csup\u003e(R)\u003c\/sup\u003e) from (ISC)\u003csup\u003e2\u003c\/sup\u003e provides a resource for IT professionals who are designing, engineering, implementing, and managing information security programs to protect their organizations from increasingly sophisticated attacks.\u003c\/p\u003e\n\u003cp\u003eWith exhaustive coverage of all eight domains of CISSP, this book provides a comprehensive guide to applying these principles in everyday practice. The 300+ CISSP objectives and sub-objectives are covered in a format that supplies common practices for each, a common lexicon with definitions, and appropriate references to both widely accepted computing standards and case studies that highlight successful approaches to problems. Written and reviewed by a team of highly knowledgeable CISSPs representing a variety of organizations and roles, it explains and defines all things related to CISSP.\u003c\/p\u003e\n\u003cp\u003eExplored in depth are Security and Risk Management, Asset Security, Security Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, and Software Development Security. From understanding essential security concepts to the exercise of due care, legal compliance, professional ethics, and practical defense against an ever-growing variety of attacks, this book constitutes a vital reference that will serve you well throughout your career.\u003c\/p\u003e\n\u003cbr\u003e\u003cbr\u003e\n\u003cstrong\u003eTable of Contents\u003c\/strong\u003e:\u003cbr\u003e\n\u003cp\u003eForeword xix\u003c\/p\u003e\n\u003cp\u003eIntroduction xxi\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eDomain 1: Security and Risk Management 1\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eUnderstand, Adhere to, and Promote Professional Ethics 2\u003c\/p\u003e\n\u003cp\u003e(ISC)\u003csup\u003e2\u003c\/sup\u003e Code of Professional Ethics 2\u003c\/p\u003e\n\u003cp\u003eOrganizational Code of Ethics 3\u003c\/p\u003e\n\u003cp\u003eUnderstand and Apply Security Concepts 4\u003c\/p\u003e\n\u003cp\u003eConfidentiality 4\u003c\/p\u003e\n\u003cp\u003eIntegrity 5\u003c\/p\u003e\n\u003cp\u003eAvailability 6\u003c\/p\u003e\n\u003cp\u003eLimitations of the CIA Triad 7\u003c\/p\u003e\n\u003cp\u003eEvaluate and Apply Security Governance Principles 8\u003c\/p\u003e\n\u003cp\u003eAlignment of the Security Function to Business Strategy, Goals, Mission, and Objectives 9\u003c\/p\u003e\n\u003cp\u003eOrganizational Processes 10\u003c\/p\u003e\n\u003cp\u003eOrganizational Roles and Responsibilities 14\u003c\/p\u003e\n\u003cp\u003eSecurity Control Frameworks 15\u003c\/p\u003e\n\u003cp\u003eDue Care and Due Diligence 22\u003c\/p\u003e\n\u003cp\u003eDetermine Compliance and Other Requirements 23\u003c\/p\u003e\n\u003cp\u003eLegislative and Regulatory Requirements 23\u003c\/p\u003e\n\u003cp\u003eIndustry Standards and Other Compliance Requirements 25\u003c\/p\u003e\n\u003cp\u003ePrivacy Requirements 27\u003c\/p\u003e\n\u003cp\u003eUnderstand Legal and Regulatory Issues That Pertain to Information Security in a Holistic Context 28\u003c\/p\u003e\n\u003cp\u003eCybercrimes and Data Breaches 28\u003c\/p\u003e\n\u003cp\u003eLicensing and Intellectual Property Requirements 36\u003c\/p\u003e\n\u003cp\u003eImport\/Export Controls 39\u003c\/p\u003e\n\u003cp\u003eTransborder Data Flow 40\u003c\/p\u003e\n\u003cp\u003ePrivacy 41\u003c\/p\u003e\n\u003cp\u003eUnderstand Requirements for Investigation Types 48\u003c\/p\u003e\n\u003cp\u003eAdministrative 49\u003c\/p\u003e\n\u003cp\u003eCriminal 50\u003c\/p\u003e\n\u003cp\u003eCivil 52\u003c\/p\u003e\n\u003cp\u003eRegulatory 53\u003c\/p\u003e\n\u003cp\u003eIndustry Standards 54\u003c\/p\u003e\n\u003cp\u003eDevelop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 55\u003c\/p\u003e\n\u003cp\u003ePolicies 55\u003c\/p\u003e\n\u003cp\u003eStandards 56\u003c\/p\u003e\n\u003cp\u003eProcedures 57\u003c\/p\u003e\n\u003cp\u003eGuidelines 57\u003c\/p\u003e\n\u003cp\u003eIdentify, Analyze, and Prioritize Business Continuity Requirements 58\u003c\/p\u003e\n\u003cp\u003eBusiness Impact Analysis 59\u003c\/p\u003e\n\u003cp\u003eDevelop and Document the Scope and the Plan 61\u003c\/p\u003e\n\u003cp\u003eContribute to and Enforce Personnel Security Policies and Procedures 63\u003c\/p\u003e\n\u003cp\u003eCandidate Screening and Hiring 63\u003c\/p\u003e\n\u003cp\u003eEmployment Agreements and Policies 64\u003c\/p\u003e\n\u003cp\u003eOnboarding, Transfers, and Termination Processes 65\u003c\/p\u003e\n\u003cp\u003eVendor, Consultant, and Contractor Agreements and Controls 67\u003c\/p\u003e\n\u003cp\u003eCompliance Policy Requirements 67\u003c\/p\u003e\n\u003cp\u003ePrivacy Policy Requirements 68\u003c\/p\u003e\n\u003cp\u003eUnderstand and Apply Risk Management Concepts 68\u003c\/p\u003e\n\u003cp\u003eIdentify Threats and Vulnerabilities 68\u003c\/p\u003e\n\u003cp\u003eRisk Assessment 70\u003c\/p\u003e\n\u003cp\u003eRisk Response\/Treatment 72\u003c\/p\u003e\n\u003cp\u003eCountermeasure Selection and Implementation 73\u003c\/p\u003e\n\u003cp\u003eApplicable Types of Controls 75\u003c\/p\u003e\n\u003cp\u003eControl Assessments 76\u003c\/p\u003e\n\u003cp\u003eMonitoring and Measurement 77\u003c\/p\u003e\n\u003cp\u003eReporting 77\u003c\/p\u003e\n\u003cp\u003eContinuous Improvement 78\u003c\/p\u003e\n\u003cp\u003eRisk Frameworks 78\u003c\/p\u003e\n\u003cp\u003eUnderstand and Apply Threat Modeling Concepts and Methodologies 83\u003c\/p\u003e\n\u003cp\u003eThreat Modeling Concepts 84\u003c\/p\u003e\n\u003cp\u003eThreat Modeling Methodologies 85\u003c\/p\u003e\n\u003cp\u003eApply Supply Chain Risk Management Concepts 88\u003c\/p\u003e\n\u003cp\u003eRisks Associated with Hardware, Software, and Services 88\u003c\/p\u003e\n\u003cp\u003eThird-Party Assessment and Monitoring 89\u003c\/p\u003e\n\u003cp\u003eMinimum Security Requirements 90\u003c\/p\u003e\n\u003cp\u003eService-Level\u003c\/p\u003e\n\u003cp\u003eRequirements 90\u003c\/p\u003e\n\u003cp\u003eFrameworks 91\u003c\/p\u003e\n\u003cp\u003eEstablish and Maintain a Security Awareness, Education, and Training Program 92\u003c\/p\u003e\n\u003cp\u003eMethods and Techniques to Present Awareness and Training 93\u003c\/p\u003e\n\u003cp\u003ePeriodic Content Reviews 94\u003c\/p\u003e\n\u003cp\u003eProgram Effectiveness Evaluation 94\u003c\/p\u003e\n\u003cp\u003eSummary 95\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eDomain 2: Asset Security 97\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eIdentify and Classify Information and Assets 97\u003c\/p\u003e\n\u003cp\u003eData Classification and Data Categorization 99\u003c\/p\u003e\n\u003cp\u003eAsset Classification 101\u003c\/p\u003e\n\u003cp\u003eEstablish Information and Asset Handling Requirements 104\u003c\/p\u003e\n\u003cp\u003eMarking and Labeling 104\u003c\/p\u003e\n\u003cp\u003eHandling 105\u003c\/p\u003e\n\u003cp\u003eStorage 105\u003c\/p\u003e\n\u003cp\u003eDeclassification 106\u003c\/p\u003e\n\u003cp\u003eProvision Resources Securely 108\u003c\/p\u003e\n\u003cp\u003eInformation and Asset Ownership 108\u003c\/p\u003e\n\u003cp\u003eAsset Inventory 109\u003c\/p\u003e\n\u003cp\u003eAsset Management 112\u003c\/p\u003e\n\u003cp\u003eManage Data Lifecycle 115\u003c\/p\u003e\n\u003cp\u003eData Roles 116\u003c\/p\u003e\n\u003cp\u003eData Collection 120\u003c\/p\u003e\n\u003cp\u003eData Location 120\u003c\/p\u003e\n\u003cp\u003eData Maintenance 121\u003c\/p\u003e\n\u003cp\u003eData Retention 122\u003c\/p\u003e\n\u003cp\u003eData Destruction 123\u003c\/p\u003e\n\u003cp\u003eData Remanence 123\u003c\/p\u003e\n\u003cp\u003eEnsure Appropriate Asset Retention 127\u003c\/p\u003e\n\u003cp\u003eDetermining Appropriate Records Retention 129\u003c\/p\u003e\n\u003cp\u003eRecords Retention Best Practices 130\u003c\/p\u003e\n\u003cp\u003eDetermine Data Security Controls and Compliance Requirements 131\u003c\/p\u003e\n\u003cp\u003eData States 133\u003c\/p\u003e\n\u003cp\u003eScoping and Tailoring 135\u003c\/p\u003e\n\u003cp\u003eStandards Selection 137\u003c\/p\u003e\n\u003cp\u003eData Protection Methods 141\u003c\/p\u003e\n\u003cp\u003eSummary 144\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eDomain 3: Security Architecture and Engineering 147\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eResearch, Implement, and Manage Engineering Processes Using Secure Design Principles 149\u003c\/p\u003e\n\u003cp\u003eISO\/IEC 19249 150\u003c\/p\u003e\n\u003cp\u003eThreat Modeling 157\u003c\/p\u003e\n\u003cp\u003eSecure Defaults 160\u003c\/p\u003e\n\u003cp\u003eFail Securely 161\u003c\/p\u003e\n\u003cp\u003eSeparation of Duties 161\u003c\/p\u003e\n\u003cp\u003eKeep It Simple 162\u003c\/p\u003e\n\u003cp\u003eTrust, but Verify 162\u003c\/p\u003e\n\u003cp\u003eZero Trust 163\u003c\/p\u003e\n\u003cp\u003ePrivacy by Design 165\u003c\/p\u003e\n\u003cp\u003eShared Responsibility 166\u003c\/p\u003e\n\u003cp\u003eDefense in Depth 167\u003c\/p\u003e\n\u003cp\u003eUnderstand the Fundamental Concepts of Security Models 168\u003c\/p\u003e\n\u003cp\u003ePrimer on Common Model Components 168\u003c\/p\u003e\n\u003cp\u003eInformation Flow Model 169\u003c\/p\u003e\n\u003cp\u003eNoninterference Model 169\u003c\/p\u003e\n\u003cp\u003eBell-LaPadula Model 170\u003c\/p\u003e\n\u003cp\u003eBiba Integrity Model 172\u003c\/p\u003e\n\u003cp\u003eClark-Wilson Model 173\u003c\/p\u003e\n\u003cp\u003eBrewer-Nash Model 173\u003c\/p\u003e\n\u003cp\u003eTake-Grant Model 175\u003c\/p\u003e\n\u003cp\u003eSelect Controls Based Upon Systems Security Requirements 175\u003c\/p\u003e\n\u003cp\u003eUnderstand Security Capabilities of Information Systems 179\u003c\/p\u003e\n\u003cp\u003eMemory Protection 180\u003c\/p\u003e\n\u003cp\u003eSecure Cryptoprocessor 182\u003c\/p\u003e\n\u003cp\u003eAssess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 187\u003c\/p\u003e\n\u003cp\u003eClient-Based Systems 187\u003c\/p\u003e\n\u003cp\u003eServer-Based Systems 189\u003c\/p\u003e\n\u003cp\u003eDatabase Systems 191\u003c\/p\u003e\n\u003cp\u003eCryptographic Systems 194\u003c\/p\u003e\n\u003cp\u003eIndustrial Control Systems 200\u003c\/p\u003e\n\u003cp\u003eCloud-Based Systems 203\u003c\/p\u003e\n\u003cp\u003eDistributed Systems 207\u003c\/p\u003e\n\u003cp\u003eInternet of Things 208\u003c\/p\u003e\n\u003cp\u003eMicroservices 212\u003c\/p\u003e\n\u003cp\u003eContainerization 214\u003c\/p\u003e\n\u003cp\u003eServerless 215\u003c\/p\u003e\n\u003cp\u003eEmbedded Systems 216\u003c\/p\u003e\n\u003cp\u003eHigh-Performance Computing Systems 219\u003c\/p\u003e\n\u003cp\u003eEdge Computing Systems 220\u003c\/p\u003e\n\u003cp\u003eVirtualized Systems 221\u003c\/p\u003e\n\u003cp\u003eSelect and Determine Cryptographic Solutions 224\u003c\/p\u003e\n\u003cp\u003eCryptography Basics 225\u003c\/p\u003e\n\u003cp\u003eCryptographic Lifecycle 226\u003c\/p\u003e\n\u003cp\u003eCryptographic Methods 229\u003c\/p\u003e\n\u003cp\u003ePublic Key Infrastructure 243\u003c\/p\u003e\n\u003cp\u003eKey Management Practices 246\u003c\/p\u003e\n\u003cp\u003eDigital Signatures and Digital Certificates 250\u003c\/p\u003e\n\u003cp\u003eNonrepudiation 252\u003c\/p\u003e\n\u003cp\u003eIntegrity 253\u003c\/p\u003e\n\u003cp\u003eUnderstand Methods of Cryptanalytic Attacks 257\u003c\/p\u003e\n\u003cp\u003eBrute Force 258\u003c\/p\u003e\n\u003cp\u003eCiphertext Only 260\u003c\/p\u003e\n\u003cp\u003eKnown Plaintext 260\u003c\/p\u003e\n\u003cp\u003eChosen Plaintext Attack 260\u003c\/p\u003e\n\u003cp\u003eFrequency Analysis 261\u003c\/p\u003e\n\u003cp\u003eChosen Ciphertext 261\u003c\/p\u003e\n\u003cp\u003eImplementation Attacks 261\u003c\/p\u003e\n\u003cp\u003eSide-Channel Attacks 261\u003c\/p\u003e\n\u003cp\u003eFault Injection 263\u003c\/p\u003e\n\u003cp\u003eTiming Attacks 263\u003c\/p\u003e\n\u003cp\u003eMan-in-the-Middle 263\u003c\/p\u003e\n\u003cp\u003ePass the Hash 263\u003c\/p\u003e\n\u003cp\u003eKerberos Exploitation 264\u003c\/p\u003e\n\u003cp\u003eRansomware 264\u003c\/p\u003e\n\u003cp\u003eApply Security Principles to Site and Facility Design 265\u003c\/p\u003e\n\u003cp\u003eDesign Site and Facility Security Controls 265\u003c\/p\u003e\n\u003cp\u003eWiring Closets\/Intermediate Distribution Facilities 266\u003c\/p\u003e\n\u003cp\u003eServer Rooms\/Data Centers 267\u003c\/p\u003e\n\u003cp\u003eMedia Storage Facilities 268\u003c\/p\u003e\n\u003cp\u003eEvidence Storage 269\u003c\/p\u003e\n\u003cp\u003eRestricted and Work Area Security 270\u003c\/p\u003e\n\u003cp\u003eUtilities and Heating, Ventilation, and Air Conditioning 272\u003c\/p\u003e\n\u003cp\u003eEnvironmental Issues 275\u003c\/p\u003e\n\u003cp\u003eFire Prevention, Detection, and Suppression 277\u003c\/p\u003e\n\u003cp\u003eSummary 281\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eDomain 4: Communication and Network Security 283\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eAssess and Implement Secure Design Principles in Network Architectures 283\u003c\/p\u003e\n\u003cp\u003eOpen System Interconnection and Transmission Control Protocol\/Internet Protocol Models 285\u003c\/p\u003e\n\u003cp\u003eThe OSI Reference Model 286\u003c\/p\u003e\n\u003cp\u003eThe TCP\/IP Reference Model 299\u003c\/p\u003e\n\u003cp\u003eInternet Protocol Networking 302\u003c\/p\u003e\n\u003cp\u003eSecure Protocols 311\u003c\/p\u003e\n\u003cp\u003eImplications of Multilayer Protocols 313\u003c\/p\u003e\n\u003cp\u003eConverged Protocols 315\u003c\/p\u003e\n\u003cp\u003eMicrosegmentation 316\u003c\/p\u003e\n\u003cp\u003eWireless Networks 319\u003c\/p\u003e\n\u003cp\u003eCellular Networks 333\u003c\/p\u003e\n\u003cp\u003eContent Distribution Networks 334\u003c\/p\u003e\n\u003cp\u003eSecure Network Components 335\u003c\/p\u003e\n\u003cp\u003eOperation of Hardware 335\u003c\/p\u003e\n\u003cp\u003eRepeaters, Concentrators, and Amplifiers 341\u003c\/p\u003e\n\u003cp\u003eHubs 341\u003c\/p\u003e\n\u003cp\u003eBridges 342\u003c\/p\u003e\n\u003cp\u003eSwitches 342\u003c\/p\u003e\n\u003cp\u003eRouters 343\u003c\/p\u003e\n\u003cp\u003eGateways 343\u003c\/p\u003e\n\u003cp\u003eProxies 343\u003c\/p\u003e\n\u003cp\u003eTransmission Media 345\u003c\/p\u003e\n\u003cp\u003eNetwork Access Control 352\u003c\/p\u003e\n\u003cp\u003eEndpoint Security 354\u003c\/p\u003e\n\u003cp\u003eMobile Devices 355\u003c\/p\u003e\n\u003cp\u003eImplement Secure Communication Channels According to Design 357\u003c\/p\u003e\n\u003cp\u003eVoice 357\u003c\/p\u003e\n\u003cp\u003eMultimedia Collaboration 359\u003c\/p\u003e\n\u003cp\u003eRemote Access 365\u003c\/p\u003e\n\u003cp\u003eData Communications 371\u003c\/p\u003e\n\u003cp\u003eVirtualized Networks 373\u003c\/p\u003e\n\u003cp\u003eThird-Party\u003c\/p\u003e\n\u003cp\u003eConnectivity 374\u003c\/p\u003e\n\u003cp\u003eSummary 374\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eDomain 5: Identity and Access Management 377\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eControl Physical and Logical Access to Assets 378\u003c\/p\u003e\n\u003cp\u003eAccess Control Definitions 378\u003c\/p\u003e\n\u003cp\u003eInformation 379\u003c\/p\u003e\n\u003cp\u003eSystems 380\u003c\/p\u003e\n\u003cp\u003eDevices 381\u003c\/p\u003e\n\u003cp\u003eFacilities 383\u003c\/p\u003e\n\u003cp\u003eApplications 386\u003c\/p\u003e\n\u003cp\u003eManage Identification and Authentication of People, Devices, and Services 387\u003c\/p\u003e\n\u003cp\u003eIdentity Management Implementation 388\u003c\/p\u003e\n\u003cp\u003eSingle\/Multifactor Authentication 389\u003c\/p\u003e\n\u003cp\u003eAccountability 396\u003c\/p\u003e\n\u003cp\u003eSession Management 396\u003c\/p\u003e\n\u003cp\u003eRegistration, Proofing, and Establishment of Identity 397\u003c\/p\u003e\n\u003cp\u003eFederated Identity Management 399\u003c\/p\u003e\n\u003cp\u003eCredential Management Systems 399\u003c\/p\u003e\n\u003cp\u003eSingle Sign-On 400\u003c\/p\u003e\n\u003cp\u003eJust-In-Time 401\u003c\/p\u003e\n\u003cp\u003eFederated Identity with a Third-Party Service 401\u003c\/p\u003e\n\u003cp\u003eOn Premises 402\u003c\/p\u003e\n\u003cp\u003eCloud 403\u003c\/p\u003e\n\u003cp\u003eHybrid 403\u003c\/p\u003e\n\u003cp\u003eImplement and Manage Authorization Mechanisms 404\u003c\/p\u003e\n\u003cp\u003eRole-Based Access Control 405\u003c\/p\u003e\n\u003cp\u003eRule-Based Access Control 405\u003c\/p\u003e\n\u003cp\u003eMandatory Access Control 406\u003c\/p\u003e\n\u003cp\u003eDiscretionary Access Control 406\u003c\/p\u003e\n\u003cp\u003eAttribute-Based Access Control 407\u003c\/p\u003e\n\u003cp\u003eRisk-Based Access Control 408\u003c\/p\u003e\n\u003cp\u003eManage the Identity and Access Provisioning Lifecycle 408\u003c\/p\u003e\n\u003cp\u003eAccount Access Review 409\u003c\/p\u003e\n\u003cp\u003eAccount Usage Review 411\u003c\/p\u003e\n\u003cp\u003eProvisioning and Deprovisioning 411\u003c\/p\u003e\n\u003cp\u003eRole Definition 412\u003c\/p\u003e\n\u003cp\u003ePrivilege Escalation 413\u003c\/p\u003e\n\u003cp\u003eImplement Authentication Systems 414\u003c\/p\u003e\n\u003cp\u003eOpenID Connect\/Open Authorization 414\u003c\/p\u003e\n\u003cp\u003eSecurity Assertion Markup Language 415\u003c\/p\u003e\n\u003cp\u003eKerberos 416\u003c\/p\u003e\n\u003cp\u003eRemote Authentication Dial-In User Service\/Terminal Access Controller Access Control System Plus 417\u003c\/p\u003e\n\u003cp\u003eSummary 418\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eDomain 6: Security Assessment and Testing 419\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eDesign and Validate Assessment, Test, and Audit Strategies 420\u003c\/p\u003e\n\u003cp\u003eInternal 421\u003c\/p\u003e\n\u003cp\u003eExternal 422\u003c\/p\u003e\n\u003cp\u003eThird-Party 423\u003c\/p\u003e\n\u003cp\u003eConduct Security Control Testing 423\u003c\/p\u003e\n\u003cp\u003eVulnerability Assessment 423\u003c\/p\u003e\n\u003cp\u003ePenetration Testing 428\u003c\/p\u003e\n\u003cp\u003eLog Reviews 435\u003c\/p\u003e\n\u003cp\u003eSynthetic Transactions 435\u003c\/p\u003e\n\u003cp\u003eCode Review and Testing 436\u003c\/p\u003e\n\u003cp\u003eMisuse Case Testing 437\u003c\/p\u003e\n\u003cp\u003eTest Coverage Analysis 438\u003c\/p\u003e\n\u003cp\u003eInterface Testing 439\u003c\/p\u003e\n\u003cp\u003eBreach Attack Simulations 440\u003c\/p\u003e\n\u003cp\u003eCompliance Checks 441\u003c\/p\u003e\n\u003cp\u003eCollect Security Process Data 442\u003c\/p\u003e\n\u003cp\u003eTechnical Controls and Processes 443\u003c\/p\u003e\n\u003cp\u003eAdministrative Controls 443\u003c\/p\u003e\n\u003cp\u003eAccount Management 444\u003c\/p\u003e\n\u003cp\u003eManagement Review and Approval 445\u003c\/p\u003e\n\u003cp\u003eManagement Reviews for Compliance 446\u003c\/p\u003e\n\u003cp\u003eKey Performance and Risk Indicators 447\u003c\/p\u003e\n\u003cp\u003eBackup Verification Data 450\u003c\/p\u003e\n\u003cp\u003eTraining and Awareness 450\u003c\/p\u003e\n\u003cp\u003eDisaster Recovery and Business Continuity 451\u003c\/p\u003e\n\u003cp\u003eAnalyze Test Output and Generate Report 452\u003c\/p\u003e\n\u003cp\u003eTypical Audit Report Contents 453\u003c\/p\u003e\n\u003cp\u003eRemediation 454\u003c\/p\u003e\n\u003cp\u003eException Handling 455\u003c\/p\u003e\n\u003cp\u003eEthical Disclosure 456\u003c\/p\u003e\n\u003cp\u003eConduct or Facilitate Security Audits 458\u003c\/p\u003e\n\u003cp\u003eDesigning an Audit Program 458\u003c\/p\u003e\n\u003cp\u003eInternal Audits 459\u003c\/p\u003e\n\u003cp\u003eExternal Audits 460\u003c\/p\u003e\n\u003cp\u003eThird-Party Audits 460\u003c\/p\u003e\n\u003cp\u003eSummary 461\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eDomain 7: Security Operations 463\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eUnderstand and Comply with Investigations 464\u003c\/p\u003e\n\u003cp\u003eEvidence Collection and Handling 465\u003c\/p\u003e\n\u003cp\u003eReporting and Documentation 467\u003c\/p\u003e\n\u003cp\u003eInvestigative Techniques 469\u003c\/p\u003e\n\u003cp\u003eDigital Forensics Tools, Tactics, and Procedures 470\u003c\/p\u003e\n\u003cp\u003eArtifacts 475\u003c\/p\u003e\n\u003cp\u003eConduct Logging and Monitoring Activities 478\u003c\/p\u003e\n\u003cp\u003eIntrusion Detection and Prevention 478\u003c\/p\u003e\n\u003cp\u003eSecurity Information and Event Management 480\u003c\/p\u003e\n\u003cp\u003eContinuous Monitoring 481\u003c\/p\u003e\n\u003cp\u003eEgress Monitoring 483\u003c\/p\u003e\n\u003cp\u003eLog Management 484\u003c\/p\u003e\n\u003cp\u003eThreat Intelligence 486\u003c\/p\u003e\n\u003cp\u003eUser and Entity Behavior Analytics 488\u003c\/p\u003e\n\u003cp\u003ePerform Configuration Management 489\u003c\/p\u003e\n\u003cp\u003eProvisioning 490\u003c\/p\u003e\n\u003cp\u003eAsset Inventory 492\u003c\/p\u003e\n\u003cp\u003eBaselining 492\u003c\/p\u003e\n\u003cp\u003eAutomation 493\u003c\/p\u003e\n\u003cp\u003eApply Foundational Security Operations Concepts 494\u003c\/p\u003e\n\u003cp\u003eNeed-to-Know\/Least Privilege 494\u003c\/p\u003e\n\u003cp\u003eSeparation of Duties and Responsibilities 495\u003c\/p\u003e\n\u003cp\u003ePrivileged Account Management 496\u003c\/p\u003e\n\u003cp\u003eJob Rotation 498\u003c\/p\u003e\n\u003cp\u003eService-Level\u003c\/p\u003e\n\u003cp\u003eAgreements 498\u003c\/p\u003e\n\u003cp\u003eApply Resource Protection 499\u003c\/p\u003e\n\u003cp\u003eMedia Management 500\u003c\/p\u003e\n\u003cp\u003eMedia Protection Techniques 501\u003c\/p\u003e\n\u003cp\u003eConduct Incident Management 502\u003c\/p\u003e\n\u003cp\u003eIncident Management Plan 503\u003c\/p\u003e\n\u003cp\u003eDetection 505\u003c\/p\u003e\n\u003cp\u003eResponse 506\u003c\/p\u003e\n\u003cp\u003eMitigation 507\u003c\/p\u003e\n\u003cp\u003eReporting 508\u003c\/p\u003e\n\u003cp\u003eRecovery 510\u003c\/p\u003e\n\u003cp\u003eRemediation 510\u003c\/p\u003e\n\u003cp\u003eLessons Learned 511\u003c\/p\u003e\n\u003cp\u003eOperate and Maintain Detective and Preventative Measures 511\u003c\/p\u003e\n\u003cp\u003eFirewalls 512\u003c\/p\u003e\n\u003cp\u003eIntrusion Detection Systems and Intrusion Prevention Systems 514\u003c\/p\u003e\n\u003cp\u003eWhitelisting\/Blacklisting 515\u003c\/p\u003e\n\u003cp\u003eThird-Party-Provided Security Services 515\u003c\/p\u003e\n\u003cp\u003eSandboxing 517\u003c\/p\u003e\n\u003cp\u003eHoneypots\/Honeynets 517\u003c\/p\u003e\n\u003cp\u003eAnti-malware 518\u003c\/p\u003e\n\u003cp\u003eMachine Learning and Artificial Intelligence Based Tools 518\u003c\/p\u003e\n\u003cp\u003eImplement and Support Patch and Vulnerability Management 519\u003c\/p\u003e\n\u003cp\u003ePatch Management 519\u003c\/p\u003e\n\u003cp\u003eVulnerability Management 521\u003c\/p\u003e\n\u003cp\u003eUnderstand and Participate in Change Management Processes 522\u003c\/p\u003e\n\u003cp\u003eImplement Recovery Strategies 523\u003c\/p\u003e\n\u003cp\u003eBackup Storage Strategies 524\u003c\/p\u003e\n\u003cp\u003eRecovery Site Strategies 527\u003c\/p\u003e\n\u003cp\u003eMultiple Processing Sites 527\u003c\/p\u003e\n\u003cp\u003eSystem Resilience, High Availability, Quality of Service, and Fault Tolerance 528\u003c\/p\u003e\n\u003cp\u003eImplement Disaster Recovery Processes 529\u003c\/p\u003e\n\u003cp\u003eResponse 529\u003c\/p\u003e\n\u003cp\u003ePersonnel 530\u003c\/p\u003e\n\u003cp\u003eCommunications 531\u003c\/p\u003e\n\u003cp\u003eAssessment 532\u003c\/p\u003e\n\u003cp\u003eRestoration 533\u003c\/p\u003e\n\u003cp\u003eTraining and Awareness 534\u003c\/p\u003e\n\u003cp\u003eLessons Learned 534\u003c\/p\u003e\n\u003cp\u003eTest Disaster Recovery Plans 535\u003c\/p\u003e\n\u003cp\u003eRead-through\/Tabletop 536\u003c\/p\u003e\n\u003cp\u003eWalkthrough 536\u003c\/p\u003e\n\u003cp\u003eSimulation 537\u003c\/p\u003e\n\u003cp\u003eParallel 537\u003c\/p\u003e\n\u003cp\u003eFull Interruption 537\u003c\/p\u003e\n\u003cp\u003eParticipate in Business Continuity Planning and Exercises 538\u003c\/p\u003e\n\u003cp\u003eImplement and Manage Physical Security 539\u003c\/p\u003e\n\u003cp\u003ePerimeter Security Controls 541\u003c\/p\u003e\n\u003cp\u003eInternal Security Controls 543\u003c\/p\u003e\n\u003cp\u003eAddress Personnel Safety and Security Concerns 545\u003c\/p\u003e\n\u003cp\u003eTravel 545\u003c\/p\u003e\n\u003cp\u003eSecurity Training and Awareness 546\u003c\/p\u003e\n\u003cp\u003eEmergency Management 546\u003c\/p\u003e\n\u003cp\u003eDuress 547\u003c\/p\u003e\n\u003cp\u003eSummary 548\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eDomain 8: Software Development Security 549\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eUnderstand and Integrate Security in the Software Development Life Cycle (SDLC) 550\u003c\/p\u003e\n\u003cp\u003eDevelopment Methodologies 551\u003c\/p\u003e\n\u003cp\u003eMaturity Models 561\u003c\/p\u003e\n\u003cp\u003eOperation and Maintenance 567\u003c\/p\u003e\n\u003cp\u003eChange Management 568\u003c\/p\u003e\n\u003cp\u003eIntegrated Product Team 571\u003c\/p\u003e\n\u003cp\u003eIdentify and Apply Security Controls in Software Development Ecosystems 572\u003c\/p\u003e\n\u003cp\u003eProgramming Languages 572\u003c\/p\u003e\n\u003cp\u003eLibraries 577\u003c\/p\u003e\n\u003cp\u003eToolsets 578\u003c\/p\u003e\n\u003cp\u003eIntegrated Development Environment 579\u003c\/p\u003e\n\u003cp\u003eRuntime 580\u003c\/p\u003e\n\u003cp\u003eContinuous Integration and Continuous Delivery 581\u003c\/p\u003e\n\u003cp\u003eSecurity Orchestration, Automation, and Response 583\u003c\/p\u003e\n\u003cp\u003eSoftware Configuration Management 585\u003c\/p\u003e\n\u003cp\u003eCode Repositories 586\u003c\/p\u003e\n\u003cp\u003eApplication Security Testing 588\u003c\/p\u003e\n\u003cp\u003eAssess the Effectiveness of Software Security 590\u003c\/p\u003e\n\u003cp\u003eAuditing and Logging of Changes 590\u003c\/p\u003e\n\u003cp\u003eRisk Analysis and Mitigation 595\u003c\/p\u003e\n\u003cp\u003eAssess Security Impact of Acquired Software 599\u003c\/p\u003e\n\u003cp\u003eCommercial Off-the-Shelf 599\u003c\/p\u003e\n\u003cp\u003eOpen Source 601\u003c\/p\u003e\n\u003cp\u003eThird-Party 602\u003c\/p\u003e\n\u003cp\u003eManaged Services (SaaS, IaaS, PaaS) 602\u003c\/p\u003e\n\u003cp\u003eDefine and Apply Secure Coding Guidelines and Standards 604\u003c\/p\u003e\n\u003cp\u003eSecurity Weaknesses and Vulnerabilities at the Source-Code Level 605\u003c\/p\u003e\n\u003cp\u003eSecurity of Application Programming Interfaces 613\u003c\/p\u003e\n\u003cp\u003eAPI Security Best Practices 613\u003c\/p\u003e\n\u003cp\u003eSecure Coding Practices 618\u003c\/p\u003e\n\u003cp\u003eSoftware-Defined Security 621\u003c\/p\u003e\n\u003cp\u003eSummary 624\u003c\/p\u003e\n\u003cp\u003eIndex 625\u003c\/p\u003e\n\u003cbr\u003e\u003cbr\u003e\n\u003cstrong\u003ePublisher Marketing\u003c\/strong\u003e:\u003cbr\u003e\n\u003cp\u003e\u003cb\u003eThe only official, comprehensive reference guide to the CISSP\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eThoroughly updated for 2021 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)\u003csup\u003e2\u003c\/sup\u003e for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)\u003csup\u003e2\u003c\/sup\u003e, the CISSP credential meets the stringent requirements of ISO\/IEC Standard 17024.\u003c\/p\u003e\n\u003cp\u003eThis CBK covers the current eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Revised and updated by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with: \u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eCommon and good practices for each objective\u003c\/li\u003e\n\u003cli\u003eCommon vocabulary and definitions\u003c\/li\u003e\n\u003cli\u003eReferences to widely accepted computing standards\u003c\/li\u003e\n\u003cli\u003eHighlights of successful approaches through case studies\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003eWhether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.\u003c\/p\u003e\n\u003cbr\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\u003cbr\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/table\u003e\u003cp\u003e\u003cb\u003eAuthor:\u003c\/b\u003e Deane, Arthur J\u003cbr\u003e\u003cb\u003ePublisher:\u003c\/b\u003e Sybex\u003cbr\u003e\u003cb\u003eBinding:\u003c\/b\u003e Hardcover\u003cbr\u003e\u003cb\u003ePub Date:\u003c\/b\u003e 2021-09-15\u003cbr\u003e\u003cb\u003eBISAC:\u003c\/b\u003e Computers \/ Security \/ Network Security|Business \u0026amp; Economics \/ Auditing|Computers \/ Certification Guides \/ General|Computers \/ Internet \/ Online Safety \u0026amp; Privacy\u003cbr\u003e\u003cb\u003eSubjects:\u003c\/b\u003e Security measures|Examinations|Electronic data processing personnel|Certification|Computer networks\u003cbr\u003e\u003cb\u003eWeight:\u003c\/b\u003e 2.73 lbs\u003cbr\u003e\u003cb\u003eISBN:\u003c\/b\u003e 9781119789994\u003cbr\u003e\u003cb\u003eASIN:\u003c\/b\u003e -\u003cbr\u003e\u003cb\u003eSKU:\u003c\/b\u003e SP-9781119789994\u003c\/p\u003e","brand":"Sybex","offers":[{"title":"Default Title","offer_id":52425761947929,"sku":"SP-9781119789994","price":110.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0913\/0380\/5209\/files\/9781119789994_spiral.png?v=1779484611","url":"https:\/\/westbindery.com\/products\/the-official-isc2-cissp-cbk-reference","provider":"West Bindery","version":"1.0","type":"link"}