(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. Mike Chapple

Чтение книги онлайн.

Читать онлайн книгу (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple страница 25

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple

Скачать книгу

2 1.9.6 Privacy policy requirements 2 1.10 Understand and apply risk management concepts 2 1.10.1 Identify threats and vulnerabilities 2 1.10.2 Risk assessment/analysis 2 1.10.3 Risk response 2 1.10.4 Countermeasure selection and implementation 2 1.10.5 Applicable types of controls (e.g., preventive, detective, corrective) 2 1.10.6 Control assessments (security and privacy) 2 1.10.7 Monitoring and measurement 2 1.10.8 Reporting 2 1.10.9 Continuous improvement (e.g., Risk maturity modeling) 2 1.10.10 Risk frameworks 2 1.11 Understand and apply threat modeling concepts and methodologies 1 1.12 Apply Supply Chain Risk Management (SCRM) concepts 1 1.12.1 Risks associated with hardware, software, and services 1 1.12.2 Third-party assessment and monitoring 1 1.12.3 Minimum security requirements 1 1.12.4 Service level requirements 1 1.13 Establish and maintain a security awareness, education, and training program 2 1.13.1 Methods and techniques to present awareness and training (e.g., social engineering, phishing, security champions, gamification) 2 1.13.2 Periodic content reviews 2 1.13.3 Program effectiveness evaluation 2 Domain 2 Asset Security 2.1 Identify and classify information and assets 5 2.1.1 Data classification 5 2.1.2 Asset Classification 5 2.2 Establish information and asset handling requirements 5 2.3 Provision resources securely 16 2.3.1 Information and asset ownership 16 2.3.2 Asset inventory (e.g., tangible, intangible) 16 2.3.3 Asset management 16 2.4

Скачать книгу