Certified Information System Security Professional (CISSP) CBK Review培训

Access Control

Security architecture that protects the assets of your systems:

• Concepts, methodologies and techniques
• Effectiveness
• Attacks

Telecommunications & Network Security

Network structures, transmission methods, transport formats and security measures that provide availability, integrity and confidentiality:

• Network architecture and design
• Communication channels
• Network components
• Network attacks

Information Security Governance & Risk Management

Identifying an organisation’s information assets, and the development, documentation and implementation of policies, standards, procedures and guidelines:

• Security governance and policy
• Information classification and ownership
• Contractual agreements and procurement processes
• Risk management concepts
• Personnel security
• Security education, training and awareness
• Certification and accreditation

Software Development Security

The controls found in systems and applications software, and their development:

• Systems Development Life Cycle (SDLC)
• Application environment and security controls
• Effectiveness of application security

Cryptography

The principles, means and methods of disguising information; to ensure its integrity, confidentiality and authenticity:

• Encryption concepts
• Digital signatures
• Cryptanalytic attacks
• Public Key Infrastructure (PKI)
• Information hiding alternatives

Security Architecture & Design

The concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks and applications:

• Fundamental concepts of security models
• Capabilities of information systems (e.g. memory protection, virtualization)
• Countermeasure principles
• Vulnerabilities and threats (e.g. cloud computing, aggregation, data flow control)

Security Operations (formerly 'Operations Security')

Controls over hardware, media and operators with access privileges:

• Resource protection
• Incident response
• Attack prevention and response
• Patch and vulnerability management

Business Continuity & Disaster Recovery Planning

How to maintain business in the face of major disruptions:

• Business impact analysis
• Recovery strategy
• Disaster recovery process
• Provide training

Legal, Regulations, Investigations and Compliance

Computer crime laws, investigation and how to gather evidence:

• Legal issues
• Investigations
• Forensic procedures
• Compliance requirements/procedures

Physical (Environmental) Security

How to protect your business's resources and sensitive information:

• Site / facility design considerations
• Perimeter security
• Internal security
• Facilities security