Official (Isc)2 Cissp Cbk Reference

Read more

The only official, comprehensive reference guide to the CISSP
 
Thoroughly updated for 2021 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)² for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)², the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024.
 
This CBK covers the current eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Revised and updated by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with:
* Common and good practices for each objective
* Common vocabulary and definitions
* References to widely accepted computing standards
* Highlights of successful approaches through case studies
 
Whether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.

List of contents

Foreword xix
 
Introduction xxi
 
Domain 1: Security and Risk Management 1
 
Understand, Adhere to, and Promote Professional Ethics 2
 
(ISC)² Code of Professional Ethics 2
 
Organizational Code of Ethics 3
 
Understand and Apply Security Concepts 4
 
Confidentiality 4
 
Integrity 5
 
Availability 6
 
Limitations of the CIA Triad 7
 
Evaluate and Apply Security Governance Principles 8
 
Alignment of the Security Function to Business Strategy, Goals, Mission, and Objectives 9
 
Organizational Processes 10
 
Organizational Roles and Responsibilities 14
 
Security Control Frameworks 15
 
Due Care and Due Diligence 22
 
Determine Compliance and Other Requirements 23
 
Legislative and Regulatory Requirements 23
 
Industry Standards and Other Compliance Requirements 25
 
Privacy Requirements 27
 
Understand Legal and Regulatory Issues That Pertain to Information Security in a Holistic Context 28
 
Cybercrimes and Data Breaches 28
 
Licensing and Intellectual Property Requirements 36
 
Import/Export Controls 39
 
Transborder Data Flow 40
 
Privacy 41
 
Understand Requirements for Investigation Types 48
 
Administrative 49
 
Criminal 50
 
Civil 52
 
Regulatory 53
 
Industry Standards 54
 
Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 55
 
Policies 55
 
Standards 56
 
Procedures 57
 
Guidelines 57
 
Identify, Analyze, and Prioritize Business Continuity Requirements 58
 
Business Impact Analysis 59
 
Develop and Document the Scope and the Plan 61
 
Contribute to and Enforce Personnel Security Policies and Procedures 63
 
Candidate Screening and Hiring 63
 
Employment Agreements and Policies 64
 
Onboarding, Transfers, and Termination Processes 65
 
Vendor, Consultant, and Contractor Agreements and Controls 67
 
Compliance Policy Requirements 67
 
Privacy Policy Requirements 68
 
Understand and Apply Risk Management Concepts 68
 
Identify Threats and Vulnerabilities 68
 
Risk Assessment 70
 
Risk Response/Treatment 72
 
Countermeasure Selection and Implementation 73
 
Applicable Types of Controls 75
 
Control Assessments 76
 
Monitoring and Measurement 77
 
Reporting 77
 
Continuous Improvement 78
 
Risk Frameworks 78
 
Understand and Apply Threat Modeling Concepts and Methodologies 83
 
Threat Modeling Concepts 84
 
Threat Modeling Methodologies 85
 
Apply Supply Chain Risk Management Concepts 88
 
Risks Associated with Hardware, Software, and Services 88
 
Third-Party Assessment and Monitoring 89
 
Minimum Security Requirements 90
 
Service-Level
 
Requirements 90
 
Frameworks 91
 
Establish and Maintain a Security Awareness, Education, and Training Program 92
 
Methods and Techniques to Present Awareness and Training 93
 
Periodic Content Reviews 94
 
Program Effectiveness Evaluation 94
 
Summary 95
 
Domain 2: Asset Security 97
 
Identify and Classify Information and Assets 97
 
Data Classification and Data Categorization 99
 
Asset Classification 101
 
Establish Information and Asset Handling Requirements 104
 
Marking and Labeling 104
 
Handling 105
 
Storage 105
 
Declassification 106
 
Provisi

Summary

The only official, comprehensive reference guide to the CISSP

Thoroughly updated for 2021 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)² for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)², the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024.

This CBK covers the current eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Revised and updated by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with:
* Common and good practices for each objective
* Common vocabulary and definitions
* References to widely accepted computing standards
* Highlights of successful approaches through case studies

Whether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.