(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. Mike Chapple
Читать онлайн книгу.(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple
rel="nofollow" href="#ulink_00f6c466-cd9a-55bf-8215-2196deb9cc15">Chapter 16: Managing Security Operations Chapter 17: Preventing and Responding to Incidents Chapter 18: Disaster Recovery Planning Chapter 19: Investigations and Ethics Chapter 20: Software Development Security Chapter 21: Malicious Code and Application Attacks
33 Index
List of Tables
1 Chapter 2TABLE 2.1 Comparison of quantitative and qualitative risk analysisTABLE 2.2 Quantitative risk analysis formulas
2 Chapter 5TABLE 5.1 Securing email dataTABLE 5.2 Unmodified data within a databaseTABLE 5.3 Masked data
3 Chapter 6TABLE 6.1 AND operation truth tableTABLE 6.2 OR operation truth tableTABLE 6.3 NOT operation truth tableTABLE 6.4 Exclusive OR operation truth tableTABLE 6.5 Using the Vigenère systemTABLE 6.6 The encryption operationTABLE 6.7 Symmetric and asymmetric key comparisonTABLE 6.8 Comparison of symmetric and asymmetric cryptography systemsTABLE 6.9 Symmetric encryption memorization chart
4 Chapter 7TABLE 7.1 Hash algorithm memorization chartTABLE 7.2 Digital certificate formats
5 Chapter 8TABLE 8.1 Subjects and objectsTABLE 8.2 Fail terms definitions related to physical and digital productsTABLE 8.3 An access control matrixTABLE 8.4 Common Criteria evaluation assurance levels
6 Chapter 10TABLE 10.1 Static voltage and damageTABLE 10.2 Fire extinguisher classes
7 Chapter 11TABLE 11.1 IP classesTABLE 11.2 IP classes' default subnet masksTABLE 11.3 802.11 wireless networking amendmentsTABLE 11.4 UTP categories
8 Chapter 12TABLE 12.1 Common load-balancing scheduling techniquesTABLE 12.2 Circuit switching vs. packet switchingTABLE 12.3 Bandwidth levels of SDH and SONET
List of Illustrations
1 Chapter 1FIGURE 1.1 The CIA TriadFIGURE 1.2 The five elements of AAA servicesFIGURE 1.3 Strategic, tactical, and operational plan timeline comparisonFIGURE 1.4 An example of diagramming to reveal threat concernsFIGURE 1.5 A risk matrix or risk heat map
2 Chapter 2FIGURE 2.1 Ex-employees must return all company property.FIGURE 2.2 The cyclical relationships of risk elementsFIGURE 2.3 The six major elements of quantitative risk analysisFIGURE 2.4 The categories of security controls in a defense-in-depth impleme...FIGURE 2.5 The elements of the risk management framework (RMF) (from NIST SP...
3 Chapter 3FIGURE 3.1 Earthquake hazard map of the United States
4 Chapter 5FIGURE 5.1 Data classificationsFIGURE 5.2 Clearing a hard drive
5 Chapter 6FIGURE 6.1 Challenge-response authentication protocolFIGURE 6.2 The magic doorFIGURE 6.3 Symmetric key cryptographyFIGURE 6.4 Asymmetric key cryptography
6 Chapter 7FIGURE 7.1 Asymmetric key cryptographyFIGURE 7.2 Steganography toolFIGURE 7.3 Image with embedded message
7 Chapter 8FIGURE 8.1 Transitive trustFIGURE 8.2 The TCB, security perimeter, and reference monitorFIGURE 8.3 The take-grant model's directed graphFIGURE 8.4 The Bell–LaPadula modelFIGURE 8.5 The Biba modelFIGURE 8.6 Memorizing Bell–LaPadula and BibaFIGURE 8.7 The Clark–Wilson model
8 Chapter 9FIGURE 9.1 The four-layer protection ring modelFIGURE 9.2 The lifecycle of an executed processFIGURE 9.3 Types of hypervisorsFIGURE 9.4 Application containers versus a hypervisor
9 Chapter 10FIGURE 10.1 A smartcard's ISO 7816 interfaceFIGURE 10.2 Hot and cold aislesFIGURE 10.3 The fire triangleFIGURE 10.4 The four primary stages of fireFIGURE 10.5 A secure physical boundary with an access control vestibule and ...
10 Chapter 11FIGURE 11.1 The OSI modelFIGURE 11.2 OSI model encapsulationFIGURE 11.3 The OSI model peer layer logical channelsFIGURE 11.4 OSI model layer-based network container namesFIGURE 11.5 Comparing the OSI model with the TCP/IP modelFIGURE 11.6 The TCP three-way handshakeFIGURE 11.7 An RFID antennaFIGURE 11.8 The configuration dialog boxes for a transparent (left) vs. a no...FIGURE 11.9 A ring topologyFIGURE 11.10 A linear bus topology and a tree bus topologyFIGURE 11.11 A star topologyFIGURE 11.12 A mesh topology
11 Chapter 12FIGURE 12.1 IPsec's encryption of a packet in transport modeFIGURE 12.2 IPsec's encryption of a packet in tunnel modeFIGURE 12.3 Two LANs being connected using a tunnel-mode VPN across the inte...FIGURE 12.4 A client connecting to a network via a remote-access/tunnel VPN ...
12 Chapter 13FIGURE 13.1 Graph of FRR and FAR errors indicating the CER point
13 Chapter 14FIGURE 14.1 Role-Based Access ControlFIGURE 14.2 A representation of the boundaries provided by lattice-based acc...FIGURE 14.3 Wireshark capture
14 Chapter 15FIGURE 15.1 Nmap scan of a web server run from a Linux systemFIGURE 15.2 Default Apache server page running on the server scanned in Figu...FIGURE 15.3 Nmap scan of a large network run from a Mac system using the Ter...FIGURE 15.4 Network vulnerability scan of the same web server that was port ...FIGURE 15.5 Web application vulnerability scan of the same web server that w...FIGURE 15.6 Scanning a database-backed application with sqlmapFIGURE 15.7 Penetration testing processFIGURE 15.8 The Metasploit Framework automated system exploitation tool allo...FIGURE 15.9 Fagan inspections follow a rigid formal process, with defined en...FIGURE 15.10 Prefuzzing input file containing a series of 1sFIGURE 15.11 The input file from Figure 15.10 after being run through the zz...
15 Chapter 16FIGURE 16.1 Cloud shared responsibility modelFIGURE 16.2 Creating and deploying imagesFIGURE 16.3 Web server and database server
16 Chapter 17FIGURE 17.1 Incident managementFIGURE 17.2 SYN flood attackFIGURE 17.3 A man-in-the-middle attackFIGURE 17.4 Intrusion prevention systemFIGURE 17.5 Viewing a log entry
17 Chapter 18FIGURE 18.1 Seismic hazard mapFIGURE 18.2 Flood hazard map for Miami–Dade County, FloridaFIGURE 18.3 Failover cluster with network load balancing
18 Chapter 20FIGURE 20.1 RStudio Desktop IDEFIGURE 20.2 Security vs. user-friendliness vs. functionalityFIGURE 20.3 The iterative lifecycle model with feedback loopFIGURE 20.4 The spiral lifecycle modeFIGURE 20.5 Software Assurance Maturity ModelFIGURE 20.6 The IDEAL modelFIGURE 20.7 Gantt chartFIGURE 20.8 The DevOps modelFIGURE 20.9 Hierarchical data modelFIGURE 20.10 Customers table from a relational databaseFIGURE 20.11 ODBC as the interface between applications and a back-end datab...
19 Chapter 21FIGURE 21.1 Account number input pageFIGURE