Book description
This follow-on edition to The CISSP Prep Guide: Mastering CISSP and ISSEP offers value-add coverage not featured anywhere else! You'll prepare for passing CISSP with a revised review of each of the ten CISSP domains, updated to reflect current thinking/technology, especially in the areas of cyber-terrorism prevention and disaster recovery. You'll also cover CAP, a major section of the ISSEP that has been elevated from its status as part of an advanced concentration to its own certification. The accompanying CD-ROM contains revised test questions to make your preparation complete. Order your copy today and make your exam preparation complete!
Table of contents
- Copyright
- About the Authors
- Credits
- Foreword
- Acknowledgments
- Introduction
-
1. Focused Review of the CISSP Ten Domains
-
1. Information Security and Risk Management
- 1.1. Our Approach
- 1.2. Security Management Concepts
- 1.3. Information Classification Process
- 1.4. Security Policy Implementation
- 1.5. Roles and Responsibilities
-
1.6. Risk Management and Assessment
- 1.6.1. Principles of Risk Management
- 1.6.2. RM Roles
- 1.6.3. Overview of Risk Analysis
- 1.6.4. Security Posture Assessment Methodologies
- 1.7. Security Awareness
- 1.8. Assessment Questions
-
2. Access Control
- 2.1. Rationale
- 2.2. Controls
- 2.3. Models for Controlling Access
-
2.4. Access Control Attacks
- 2.4.1. Denial of Service/Distributed Denial of Service (DoS/DDoS)
- 2.4.2. Back Door
- 2.4.3. Spoofing
- 2.4.4. Man-in-the-Middle
- 2.4.5. Replay
- 2.4.6. TCP Hijacking
- 2.4.7. Social Engineering
- 2.4.8. Dumpster Diving
- 2.4.9. Password Guessing
- 2.4.10. Software Exploitation
- 2.4.11. Mobile Code
- 2.4.12. Trojan Horses
- 2.4.13. Logic Bomb
- 2.4.14. System Scanning
- 2.5. Penetration Testing
- 2.6. Identification and Authentication
- 2.7. Single Sign-On (SSO)
- 2.8. Access Control Methodologies
- 2.9. Assessment Questions
-
3. Telecommunications and Network Security
- 3.1. The C.I.A. Triad
- 3.2. Protocols
- 3.3. LAN Technologies
- 3.4. Cabling Types
- 3.5. Network Topologies
- 3.6. LAN Transmission Protocols
- 3.7. Networking Devices
- 3.8. Firewall Types
- 3.9. Firewall Architectures
- 3.10. Common Data Network Services
- 3.11. Data Network Types
- 3.12. WAN Technologies
-
3.13. Remote Access Technologies
- 3.13.1. Remote Access Types
- 3.13.2. Remote Access Security Methods
-
3.13.3. Virtual Private Networking (VPN)
- 3.13.3.1. VPN Examples
- 3.13.3.2. VPN Tunneling
-
3.13.3.3. VPN and Remote Access Protocols
- 3.13.3.3.1. Point-to-Point Tunneling Protocol (PPTP)
- 3.13.3.3.2. Layer 2 Tunneling Protocol (L2TP)
- 3.13.3.3.3. Internet Protocol Security (IPSec)
- 3.13.3.3.4. Serial Line Internet Protocol (SLIP)
- 3.13.3.3.5. Point-to-Point Protocol (PPP)
- 3.13.3.3.6. Password Authentication Protocol
- 3.13.3.3.7. Challenge Handshake Authentication Protocol
- 3.13.3.3.8. MS-CHAP
- 3.13.3.3.9. MS-CHAP version 2
- 3.13.3.3.10. Extensible Authentication Protocol
- 3.13.3.3.11. EAP Transport Level Security
- 3.13.3.4. Wireless VPNs
- 3.13.4. RADIUS and TACACS
- 3.14. Network Availability
- 3.15. Wireless Technologies
-
3.16. Wireless Security
- 3.16.1. Wireless Transport Layer Security Protocol
- 3.16.2. WEP Encryption
-
3.16.3. Wireless Vulnerabilities
- 3.16.3.1. Denial-of-Service Attacks
- 3.16.3.2. The "WAP Gap"
- 3.16.3.3. Insertion Attacks
- 3.16.3.4. Rogue Access Points
- 3.16.3.5. WEP Weaknesses
- 3.16.3.6. WEP Encryption Workarounds
- 3.16.3.7. Service Set Identifier (SSID) Issues
- 3.16.3.8. Wireless Scanning and Eavesdropping
- 3.16.3.9. War Driving
- 3.16.3.10. Wireless Packet Sniffers and Scanners
- 3.16.3.11. PDA Security Issues
- 3.17. Intrusion Detection and Response
- 3.18. Network Attacks and Abuses
- 3.19. Probing and Scanning
- 3.20. Malicious Code
- 3.21. Web Security
- 3.22. Assessment Questions
-
4. Cryptography
- 4.1. Introduction
- 4.2. Definitions
- 4.3. Background
- 4.4. Cryptographic Technologies
- 4.5. Classical Ciphers
- 4.6. Secret-Key Cryptography (Symmetric-Key)
-
4.7. Public-Key (Asymmetric) Cryptosystems
- 4.7.1. One-Way Functions
- 4.7.2. Public-Key Algorithms
- 4.7.3. Public-Key Cryptosystem Algorithm Categories
- 4.7.4. Asymmetric and Symmetric Key Length Strength Comparisons
- 4.7.5. Digital Signatures
- 4.7.6. Digital Signature Standard (DSS) and Secure Hash Standard (SHS)
- 4.7.7. MD5
- 4.7.8. Sending a Message with a Digital Signature
- 4.7.9. Hashed Message Authentication Code (HMAC)
- 4.7.10. Hash Function Characteristics
- 4.8. Cryptographic Attacks
- 4.9. Public-Key Certification Systems
- 4.10. Approaches to Escrowed Encryption
- 4.11. Identity-Based Encryption
- 4.12. Quantum Computing
- 4.13. E-mail Security Issues and Approaches
-
4.14. Internet Security Applications
- 4.14.1. Message Authentication Code (MAC) or the Financial Institution Message Authentication Standard (FIMAS)
- 4.14.2. Secure Electronic Transaction (SET)
- 4.14.3. Secure Sockets Layer (SSL)/Transaction Layer Security (TLS)
- 4.14.4. Internet Open Trading Protocol (IOTP)
- 4.14.5. MONDEX
- 4.14.6. IPSec
- 4.14.7. Secure Hypertext Transfer Protocol (S-HTTP)
- 4.14.8. Secure Shell (SSH-2)
- 4.15. Wireless Security
- 4.16. Assessment Questions
- 5. Security Architecture and Design
-
6. Operations Security
- 6.1. Operations Security Concepts
-
6.2. Controls and Protections
- 6.2.1. Categories of Controls
-
6.2.2. Orange Book Controls
- 6.2.2.1. Covert Channel Analysis
- 6.2.2.2. Trusted Facility Management
- 6.2.2.3. Trusted Recovery
- 6.2.2.4. Modes of Operation
- 6.2.2.5. Configuration Management and Change Control
- 6.2.2.6. Configuration Management Plan
- 6.2.2.7. Configuration Control Board (CCB)
- 6.2.2.8. Administrative Controls
- 6.2.2.9. Least Privilege
- 6.2.2.10. Operations Job Function Overview
- 6.2.2.11. Record Retention
- 6.2.2.12. Data Remanence
- 6.2.3. Operations Controls
- 6.3. Monitoring and Auditing
- 6.4. Threats and Vulnerabilities
- 6.5. Maintaining Resource Availability
- 6.6. Operational E-Mail Security
- 6.7. E-Mail Phishing
- 6.8. Fax Security
- 6.9. Assessment Questions
-
7. Application Security
- 7.1. Systems Engineering
- 7.2. The System Life Cycle or System Development Life Cycle (SDLC)
- 7.3. The Software Life Cycle Development Process
- 7.4. The Software Capability Maturity Model (CMM)
- 7.5. Agile Methodology
- 7.6. Object-Oriented Systems
- 7.7. Artificial Intelligence Systems
- 7.8. Database Systems
- 7.9. Application Controls
- 7.10. Assessment Questions
-
8. Business Continuity Planning and Disaster Recovery Planning
- 8.1. Business Continuity Planning
- 8.2. Disaster Recovery Planning (DRP)
- 8.3. Assessment Questions
-
9. Legal, Regulations, Compliance, and Investigations
- 9.1. Types of Computer Crime
- 9.2. Examples of Computer Crime
- 9.3. Law
- 9.4. Investigation
- 9.5. Liability
-
9.6. Ethics
- 9.6.1. (ISC)2 Code of Ethics
- 9.6.2. The Computer Ethics Institute's Ten Commandments of Computer Ethics
- 9.6.3. The Internet Architecture Board (IAB) Ethics and the Internet (RFC 1087)
- 9.6.4. The U.S. Department of Health and Human Services Code of Fair Information Practices
- 9.6.5. The Organization for Economic Cooperation and Development (OECD)
- 9.7. Assessment Questions
-
10. Physical (Environmental) Security
- 10.1. Threats to Physical Security
-
10.2. Controls for Physical Security
- 10.2.1. Administrative Controls
- 10.2.2. Environmental and Life Safety Controls
- 10.2.3. Physical and Technical Controls
- 10.3. Assessment Questions
-
1. Information Security and Risk Management
-
2. The Certification and Accreditation Professional (CAP) Credential
-
11. Understanding Certification and Accreditation
-
11.1. System Authorization
-
11.1.1. A Select History of Systems Authorization
- 11.1.1.1. Federal Information Processing Standard (FIPS) 102
- 11.1.1.2. Trusted Computer System Evaluation Criteria (TCSEC)
- 11.1.1.3. Office of Management and Budget Circular A-130
- 11.1.1.4. DoD Information Technology Security Certification and Accreditation Process (DITSCAP)
- 11.1.1.5. The System Security Authorization Agreement (SSAA)
- 11.1.1.6. The National Information Assurance Certification and Accreditation Process (NIACAP)
- 11.1.1.7. Defense Information Assurance Certification and Accreditation Process (DIACAP)
- 11.1.1.8. British Standard 7799 and ISO/IEC 17799
- 11.1.1.9. Common Criteria ISO/IEC 15408
- 11.1.1.10. Federal Information Security Management Act (FISMA)
- 11.1.1.11. Federal Information Technology Security Assessment Framework (FITSAF)
- 11.1.1.12. FIPS 199
- 11.1.1.13. FIPS 200
- 11.1.2. More and More Standards
-
11.1.1. A Select History of Systems Authorization
- 11.2. What Is Certification and Accreditation?
- 11.3. Assessment Questions
-
11.1. System Authorization
- 12. Initiation of the System Authorization Process
-
13. The Certification Phase
- 13.1. Security Control Assessment
- 13.2. Security Certification Documentation
- 13.3. DITSCAP Certification Phases
- 13.4. DIACAP Certification Phases
- 13.5. End of the Certification Phase
- 13.6. Assessment Questions
- 14. The Accreditation Phase
- 15. Continuous Monitoring Process
-
11. Understanding Certification and Accreditation
- A. Answers to Assessment Questions
- B. Glossary of Terms and Acronyms
-
C. The Information System Security Architecture Professional (ISSAP) Certification
- C.1. Access Control Systems Methodology
- C.2. Telecommunications and Network Security
- C.3. Cryptography
- C.4. Requirements Analysis and Security Standards/Guidelines Criteria
- C.5. Technology-Related Business Continuity Planning and Disaster Recovery Planning
- C.6. Physical Security Integration
- C.7. Assessment Questions: ISSAP
-
D. The Information System Security Engineering Professional (ISSEP) Certification
-
D.1. Systems Security Engineering
- D.1.1. The Information Assurance Technical Framework
-
D.1.2. Systems Engineering/Systems Security Engineering Processes
- D.1.2.1. The Systems Engineering Process
- D.1.2.2. The Information Systems Security Engineering Process
- D.1.2.3. Discover Information Protection Needs
- D.1.2.4. Define System Security Requirements
- D.1.2.5. Design System Security Architecture
- D.1.2.6. Develop Detailed Security Design
- D.1.2.7. Implement System Security
- D.1.2.8. Assess Information Protection Effectiveness
- D.1.3. Summary Showing the Correspondence of the SE and ISSE Activities
- D.1.4. ISSE and Its Relationship to C&A Processes
- D.1.5. Implementing Information Assurance in the System Life Cycle
- D.1.6. The System Life Cycle Phases
- D.2. Risk Management and the System Development Life Cycle
- D.3. Technical Management
- D.4. Certification and Accreditation
- D.5. United States Government Information Assurance (IA) Regulations
- D.6. Assessment Questions
-
D.1. Systems Security Engineering
-
E. The Information System Security Management Professional (ISSMP) Certification
- E.1. Enterprise Security Management Practices
-
E.2. Enterprise-Wide Systems Development Practices
- E.2.1. Building Security into the Systems Development Life Cycle (SDLC)
-
E.2.2. Integrating Application and Network Security Controls
- E.2.2.1. Systems Engineering
- E.2.2.2. The Information Systems Security Engineering Process
- E.2.2.3. Discover Information Protection Needs
- E.2.2.4. Define System Security Requirements
- E.2.2.5. Design System Security Architecture
- E.2.2.6. Develop Detailed Security Design
- E.2.2.7. Implement System Security
- E.2.2.8. Assess Information Protection Effectiveness
- E.2.3. Summary Showing the Correspondence of the SE and ISSE Activities
- E.2.4. ISSE and Its Relationship to C&A Processes
- E.3. Integrating Security with the Configuration Management Program
- E.4. Developing and Integrating Processes to Identify System Vulnerabilities and Threats
- E.5. Overseeing Compliance of Operations Security
- E.6. Business Continuity Planning (BCP), Disaster Recovery Planning (DRP), and Continuity of Operations Planning (COOP)
- E.7. Law, Investigation, Forensics, and Ethics
- E.8. Assessment Questions-ISSMP
-
F. Security Control Catalog
-
F.1. Security Controls, Supplemental Guidance, and Control Enhancements
-
F.1.1. Family: Access Control–Class: Technical
- F.1.1.1. AC-1 ACCESS CONTROL POLICY AND PROCEDURES
- F.1.1.2. AC-2 ACCOUNT MANAGEMENT
- F.1.1.3. AC-3 ACCESS ENFORCEMENT
- F.1.1.4. AC-4 INFORMATION FLOW ENFORCEMENT
- F.1.1.5. AC-5 SEPARATION OF DUTIES
- F.1.1.6. AC-6 LEAST PRIVILEGE
- F.1.1.7. AC-7 UNSUCCESSFUL LOGIN ATTEMPTS
- F.1.1.8. AC-8 SYSTEM USE NOTIFICATION
- F.1.1.9. AC-9 PREVIOUS LOGON NOTIFICATION
- F.1.1.10. AC-10 CONCURRENT SESSION CONTROL
- F.1.1.11. AC-11 SESSION LOCK
- F.1.1.12. AC-12 SESSION TERMINATION
- F.1.1.13. AC-13 SUPERVISION AND REVIEW—ACCESS CONTROL
- F.1.1.14. AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION
- F.1.1.15. AC-15 AUTOMATED MARKING
- F.1.1.16. AC-16 AUTOMATED LABELING
- F.1.1.17. AC-17 REMOTE ACCESS
- F.1.1.18. AC-18 WIRELESS ACCESS RESTRICTIONS
- F.1.1.19. AC-19 ACCESS CONTROL FOR PORTABLE AND MOBILE DEVICES
- F.1.1.20. AC-20 PERSONALLY OWNED INFORMATION SYSTEMS
- F.1.2. Family: Awareness And Training—Class: Operational
-
F.1.3. Family: Audit And Accountability—Class: Technical
- F.1.3.1. AU-1 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES
- F.1.3.2. AU-2 AUDITABLE EVENTS
- F.1.3.3. AU-3 CONTENT OF AUDIT RECORDS
- F.1.3.4. AU-4 AUDIT STORAGE CAPACITY
- F.1.3.5. AU-5 AUDIT PROCESSING
- F.1.3.6. AU-6 AUDIT MONITORING, ANALYSIS, AND REPORTING
- F.1.3.7. AU-7 AUDIT REDUCTION AND REPORT GENERATION
- F.1.3.8. AU-8 TIME STAMPS
- F.1.3.9. AU-9 PROTECTION OF AUDIT INFORMATION
- F.1.3.10. AU-10 NON-REPUDIATION
- F.1.3.11. AU-11 AUDIT RETENTION
-
F.1.4. Family: Certification, Accreditation, And Security—Class: Management Assessments
- F.1.4.1. CA-1 CERTIFICATION, ACCREDITATION, AND SECURITY ASSESSMENT POLICIES AND PROCEDURES
- F.1.4.2. CA-2 SECURITY ASSESSMENTS
- F.1.4.3. CA-3 INFORMATION SYSTEM CONNECTIONS
- F.1.4.4. CA-4 SECURITY CERTIFICATION
- F.1.4.5. CA-5 PLAN OF ACTION AND MILESTONES
- F.1.4.6. CA-6 SECURITY ACCREDITATION
- F.1.4.7. CA-7 CONTINUOUS MONITORING
-
F.1.5. Family: Configuration Management—Class: Operational
- F.1.5.1. CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES
- F.1.5.2. CM-2 BASELINE CONFIGURATION
- F.1.5.3. CM-3 CONFIGURATION CHANGE CONTROL
- F.1.5.4. CM-4 MONITORING CONFIGURATION CHANGES
- F.1.5.5. CM-5 ACCESS RESTRICTIONS FOR CHANGE
- F.1.5.6. CM-6 CONFIGURATION SETTINGS
- F.1.5.7. CM-7 LEAST FUNCTIONALITY
-
F.1.6. Family: Contingency Planning—Class: Operational
- F.1.6.1. CP-1 CONTINGENCY PLANNING POLICY AND PROCEDURES
- F.1.6.2. CP-2 CONTINGENCY PLAN
- F.1.6.3. CP-3 CONTINGENCY TRAINING
- F.1.6.4. CP-4 CONTINGENCY PLAN TESTING
- F.1.6.5. CP-5 CONTINGENCY PLAN UPDATE
- F.1.6.6. CP-6 ALTERNATE STORAGE SITES
- F.1.6.7. CP-7 ALTERNATE PROCESSING SITES
- F.1.6.8. CP-8 TELECOMMUNICATIONS SERVICES
- F.1.6.9. CP-9 INFORMATION SYSTEM BACKUP
- F.1.6.10. CP-10 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION
-
F.1.7. Family: Identification And Authentication—Class: Technical
- F.1.7.1. IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES
- F.1.7.2. IA-2 USER IDENTIFICATION AND AUTHENTICATION
- F.1.7.3. IA-3 DEVICE IDENTIFICATION AND AUTHENTICATION
- F.1.7.4. IA-4 IDENTIFIER MANAGEMENT
- F.1.7.5. IA-5 AUTHENTICATOR MANAGEMENT
- F.1.7.6. IA-6 AUTHENTICATOR FEEDBACK
- F.1.7.7. IA-7 CRYPTOGRAPHIC MODULE AUTHENTICATION
- F.1.8. Family: Incident Response—Class: Operational
- F.1.9. Family: Maintenance—Class: Operational
- F.1.10. Family: Media Protection—Class: Operational
-
F.1.11. Family: Physical And Environmental Protection—Class: Operational
- F.1.11.1. PE-1 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES
- F.1.11.2. PE-2 PHYSICAL ACCESS AUTHORIZATIONS
- F.1.11.3. PE-3 PHYSICAL ACCESS CONTROL
- F.1.11.4. PE-4 ACCESS CONTROL FOR TRANSMISSION MEDIUM
- F.1.11.5. PE-5 ACCESS CONTROL FOR DISPLAY MEDIUM
- F.1.11.6. PE-6 MONITORING PHYSICAL ACCESS
- F.1.11.7. PE-7 VISITOR CONTROL
- F.1.11.8. PE-8 ACCESS LOGS
- F.1.11.9. PE-9 POWER EQUIPMENT AND POWER CABLING
- F.1.11.10. PE-10 EMERGENCY SHUTOFF
- F.1.11.11. PE-11 EMERGENCY POWER
- F.1.11.12. PE-12 EMERGENCY LIGHTING
- F.1.11.13. PE-13 FIRE PROTECTION
- F.1.11.14. PE-14 TEMPERATURE AND HUMIDITY CONTROLS
- F.1.11.15. PE-15 WATER DAMAGE PROTECTION
- F.1.11.16. PE-16 DELIVERY AND REMOVAL
- F.1.11.17. PE-17 ALTERNATE WORK SITE
- F.1.12. Family: Planning—Class: Management
-
F.1.13. Family: Personnel Security—Class: Operational
- F.1.13.1. PS-1 PERSONNEL SECURITY POLICY AND PROCEDURES
- F.1.13.2. PS-2 POSITION CATEGORIZATION
- F.1.13.3. PS-3 PERSONNEL SCREENING
- F.1.13.4. PS-4 PERSONNEL TERMINATION
- F.1.13.5. PS-5 PERSONNEL TRANSFER
- F.1.13.6. PS-6 ACCESS AGREEMENTS
- F.1.13.7. PS-7 THIRD-PARTY PERSONNEL SECURITY
- F.1.13.8. PS-8 PERSONNEL SANCTIONS
- F.1.14. Family: Risk Assessment—Class: Management
-
F.1.15. Family: System And Services Acquisition—Class: Management
- F.1.15.1. SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES
- F.1.15.2. SA-2 ALLOCATION OF RESOURCES
- F.1.15.3. SA-3 LIFE CYCLE SUPPORT
- F.1.15.4. SA-4 ACQUISITIONS
- F.1.15.5. SA-5 INFORMATION SYSTEM DOCUMENTATION
- F.1.15.6. SA-6 SOFTWARE USAGE RESTRICTIONS
- F.1.15.7. SA-7 USER INSTALLED SOFTWARE
- F.1.15.8. SA-8 SECURITY DESIGN PRINCIPLES
- F.1.15.9. SA-9 OUTSOURCED INFORMATION SYSTEM SERVICES
- F.1.15.10. SA-10 DEVELOPER CONFIGURATION MANAGEMENT
- F.1.15.11. SA-11 DEVELOPER SECURITY TESTING
-
F.1.16. Family: System And Communications Protection—Class: Technical
- F.1.16.1. SC-1 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES
- F.1.16.2. SC-2 APPLICATION PARTITIONING
- F.1.16.3. SC-3 SECURITY FUNCTION ISOLATION
- F.1.16.4. SC-4 INFORMATION REMNANTS
- F.1.16.5. SC-5 DENIAL OF SERVICE PROTECTION
- F.1.16.6. SC-6 RESOURCE PRIORITY
- F.1.16.7. SC-7 BOUNDARY PROTECTION
- F.1.16.8. SC-8 TRANSMISSION INTEGRITY
- F.1.16.9. SC-9 TRANSMISSION CONFIDENTIALITY
- F.1.16.10. SC-10 NETWORK DISCONNECT
- F.1.16.11. SC-11 TRUSTED PATH
- F.1.16.12. SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT
- F.1.16.13. SC-13 USE OF VALIDATED CRYPTOGRAPHY
- F.1.16.14. SC-14 PUBLIC ACCESS PROTECTIONS
- F.1.16.15. SC-15 COLLABORATIVE COMPUTING
- F.1.16.16. SC-16 TRANSMISSION OF SECURITY PARAMETERS
- F.1.16.17. SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES
- F.1.16.18. SC-18 MOBILE CODE
- F.1.16.19. SC-19 VOICE OVER INTERNET PROTOCOL
-
F.1.17. Family: System And Information Integrity–Class: Operational
- F.1.17.1. SI-1 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES
- F.1.17.2. SI-2 FLAW REMEDIATION
- F.1.17.3. SI-3 MALICIOUS CODE PROTECTION
- F.1.17.4. SI-4 INTRUSION DETECTION TOOLS AND TECHNIQUES
- F.1.17.5. SI-5 SECURITY ALERTS AND ADVISORIES
- F.1.17.6. SI-6 SECURITY FUNCTIONALITY VERIFICATION
- F.1.17.7. SI-7 SOFTWARE AND INFORMATION INTEGRITY
- F.1.17.8. SI-8 SPAM AND SPYWARE PROTECTION
- F.1.17.9. SI-9 INFORMATION INPUT RESTRICTIONS
- F.1.17.10. SI-10 INFORMATION INPUT ACCURACY, COMPLETENESS, AND VALIDITY
- F.1.17.11. SI-11 ERROR HANDLING
- F.1.17.12. SI-12 INFORMATION OUTPUT HANDLING AND RETENTION
-
F.1.1. Family: Access Control–Class: Technical
-
F.1. Security Controls, Supplemental Guidance, and Control Enhancements
- G. Control Baselines
Product information
- Title: The CISSP® and CAP
- Author(s):
- Release date: November 2006
- Publisher(s): Wiley
- ISBN: 9780470007921
You might also like
book
How to be a Presentation God: Build, Design, and Deliver Presentations that Dominate!
How to build, design, and deliver a fire-breathing, wing-flapping, roar-bellowing behemoth of a presentation Unlike most …
book
Social Engineering: The Art of Human Hacking
The first book to reveal and dissect the technical aspect of many social engineering maneuvers From …
book
CompTIA Security+ Review Guide, 4th Edition
Consolidate your knowledge base with critical Security+ review CompTIA Security+ Review Guide, Fourth Edition, is the …
book
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 8th Edition
CISSP Study Guide - fully updated for the 2018 CISSP Body of Knowledge CISSP (ISC)2 Certified …