资源描述:
《cissp知识点500》由会员上传分享,免费在线阅读,更多相关内容在工程资料-天天文库。
1、CISSP知识点500看看你这500多个CISSP信息安全知识点,你已经掌握了多少?1.InformationSecurityandRiskManagement■Avulnerabilityistheabsenceofasafeguard(inotherwords,itisaweakness)thatcanbeexploited.■Athreatisthepossibilitythatsomeoneorsomethingwouldexploitavulnerability,intentionallyoraccidentally,andcauseh
2、armtoanasset.■Ariskistheprobabilityofathreatagentexploitingavulnerabilityandthelosspotentialfromthataction.■Reducingvulnerabilitiesand/orthreatsreducesrisk.■Anexposureisaninstanceofbeingexposedtolossesfromathreat.■Acountermeasure,alsocalledasafeguard,mitigatestherisk.■Acounte
3、rmeasurecanbeanapplication,softwareconfiguration,hardware,orprocedure.■Ifsomeoneispracticingduecare,theyareactingresponsiblyandwillhavealowerprobabilityofbeingfoundnegligentandliableifasecuritybreachtakesplace.■Securitymanagementhasbecomemoreimportantovertheyearsbecausenetwor
4、kshaveevolvedfromcentralizedenvironmentstodistributedenvironments.■Theobjectivesofsecurityaretoprovideavailability,integrity,andconfidentialityprotectiontodataandresources.■Strategicplanningislongterm,tacticalplanningismidterm,andoperationalplanningisdaytoday.Thesemakeupaplan
5、ninghorizon.■ISO/IEC27002(formerlyISO17799Part1)isacomprehensivesetofcontrolscomprisingbestpracticesininformationsecurityandprovidesguidelinesonhowtosetupandmaintainsecurityprograms.■Securitycomponentscanbetechnical(firewalls,encryption,andaccesscontrollists)ornontechnical(se
6、curitypolicy,procedures,andcomplianceenforcement).■Assetidentificationshouldincludetangibleassets(facilitiesandhardware)andintangibleassets(corporatedataandreputation).■Projectsizing,whichmeanstounderstandanddocumentthescopeoftheproject,mustbedonebeforeariskanalysisisperforme
7、d.■Assuranceisadegreeofconfidencethatacertainsecuritylevelisbeingprovided.■CobiTisaframeworkthatdefinesgoalsforthecontrolsthatshouldbeusedtoproperlymanageITandtoensurethatITmapstobusinessneeds.■CobiTisbrokendownintofourdomains;PlanandOrganize,AcquireandImplement,DeliverandSup
8、port,andMonitorandEvaluate.■ISO/IEC27001isthestandardfortheestablish
