Chapter 7

Data and Application Security Issues

THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:

  • Application Development Security
    • Understand and apply security in the system life cycle
      • Systems Development Life Cycle (SDLC); maturity models; operation and maintenance; change management
    • Understand the application environment and security controls
      • Security of the application environment; security issues of programming languages; security issues in source code (e.g., buffer overflow); configuration management
    • Assess the effectiveness of application security
      • Auditing and logging; Corrective actions
  • Operations Security
    • Understand configuration management concepts (e.g., versioning, baselining)

All too often, security administrators are unaware ...

Get CISSP®: Certified Information Systems Security Professional Study Guide, Fifth Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.