Samenvatting CISSP All-in-One Exam Guide, Eighth Edition

-
ISBN-10 1260142655 ISBN-13 9781260142655
221 Flashcards en notities
1 Studenten
  • Deze samenvatting

  • +380.000 andere samenvattingen

  • Een unieke studietool

  • Een oefentool voor deze samenvatting

  • Studiecoaching met filmpjes

Onthoud sneller, leer beter. Wetenschappelijk bewezen.

Dit is de samenvatting van het boek "CISSP All-in-One Exam Guide, Eighth Edition". De auteur(s) van het boek is/zijn Fernando Maymi Shon Harris. Het ISBN van dit boek is 9781260142655 of 1260142655. Deze samenvatting is geschreven door studenten die effectief studeren met de studietool van Study Smart With Chris.

Samenvatting - CISSP All-in-One Exam Guide, Eighth Edition

  • 1 Domain 1: Security and Risk Management

  • Domain 1: This domain covers many of the foundational concepts of Information systems security. Some of the topics covered include:
    1. The principles of confidentiality, integrity, and availability
    2. Security governance and compliance
    3. Legal and regulatory issues
    4. Professional ethics
    5. Personnel security policies
    6. Risk management
    7. Threat modeling
    8. Business continuity and disaster recovery
    9. Protection control types
    10. Security frameworks, models, standards, and best practices
    11. Intellectual property
    12. Data breaches
  • Which security laws, regulations or standards you can name?
    1. SOX (Sarbanes-Oxley)
    2. GLBA (Gramm-Leach-Bliley Act)
    3. PCI DSS (Payment Card Industry Data Security Standard)
    4. HIPAA (Health Insurance Portability and Accountability Act)
    5. FISMA (Federal Information Security Management Act)
  • For what reasons computers or networks are being breached?
    1. Steal business customer data for identity theft or bank fraud
    2. Company secrets are being stolen for economic espionage purposes
    3. Systems being hijacked and used within botnets to attack other organizations or spread spam 
    4. Company funds are being secretly siphoned off through complex and hard-to-identify digital methods, by organized criminals
    5. Attack on organizations to bring down their systems and websites
  • What facets does an enterprice-wide security program consist of?
    1. Technologies
    2. Procedures
    3. Processes
  • Why it's important to be a well rounded security professional?
    Because the most security programs excel within the disciplines that the team is most familiar with, and the other disciplines are found lacking. It's your responsibility to identify these shortcomings (deficiencies).
  • Where is CISSP standing for?
    Certified Information System Security Professional
  • Which 2 key terms are the essence of work as security professionals?
    1. Security
    2. Risk
  • 1.1 Fundamental Principles of Security

  • What are the core goals of security?
    AIC triad or CIA triad protection for critical assets
    1. Availability
    2. Integrity
    3. Confidentiality
  • 1.1.1 Availability

  • What are the goals of Availability protection?
    This ensures reliability and timely access to data and resources to authorized individuals. Network devices, computers and applications should provide adequate functionality to perform in a predictive manner with acceptable performance.
  • What network pieces need to be protected to stay up and running?
    1. Routers
    2. Switches, 
    3. DNS servers
    4. DHCP servers
    5. Proxies
    6. Firewalls
    7. Etc..
  • What software pieces need to be protected to stay up and running?
    1. Operating systems
    2. Applications
    3. Antimalware software
    4. Etc...
  • What environmental aspects can harm assets?
    1. Fire
    2. Flood
    3. HVAC issues
    4. Theft
    5. Attacks
  • 1.1.2 Integrity

  • when will integrity be maintained?
    When the assurance of the accuracy and reliability of information and systems is provided and any unauthorized modification is prevented.
  • How can an attacker compromise the integrity of systems or data?
    Inserting:
    1. Virus
    2. Logic Bomb
    3. Backdoor    
    into a system
  • In what ways can the integrity of a system or data being compromised by different attacks?
    1. By a way of corruption
    2. Malicious modification
    3. Replacement of data with incorrect data
  • What instrument you can use to combat threats like corruption, malicious modification or the replacement of data with incorrect data?
    1. Strict access controls
    2. Intrusion detection
    3. Hashing
  • How does most users usually affect a systems data integrity?
    By mistake, although internal users may also commit malicious deeds.
  • Name examples of users compromising integrity by accident.
    1. User deletes configuration files because of lack of disk space
    2. User inserts incorrect values into data-processing application, now customer is being charged 3000 euro instead of 30 euro.
    3. Incorrectly modifying data
  • How can security prevent the compomise of integrity?
    1. Give only certain choices to make for users to minimize the errors that can occur.
    2. System critical file should be restricted from viewing and access by users
    3. Applications should check for reasonable input values.
    4. Databases should only authorize certain individuals to modify data
    5. Data in transit should be encrypted
Lees volledige samenvatting
Deze samenvatting. +380.000 andere samenvattingen. Een unieke studietool. Een oefentool voor deze samenvatting. Studiecoaching met filmpjes.