具有每章开头的学习目标,考试技巧,练习题和深入的解释。由IT安全认证和培训的领先专家撰写,这个最新的自学系统可以帮助您轻松通过考试,也可作为必不可少的在职参考。CISSP All-in-One Exam Guide涵盖所有考试领域,以及由国际信息系统安全认证联盟(ISC)2®开发的2015年度新的CISSP共同知识体系。All-In-One/CISSP All-in-One Exam Guide, Seventh Edition/ Harris/184927-0/ Front MatterBlind folio iiiWe dedicate this book to all those who have served selflessly00-FM indd 314/04/1610:24AMAll-In-One/CISSP All-in-One Exam Guide, Seventh Edition/Harris/184927-0/ Front MatterBlind folio iABOUT THE AUTHORSShon Harris, CISSP, was the founder and CEO of Shon Harris Security LLC and Logi-cal Security llc, a security consultant, a former engineer in the air Forces Information Warfare unit, an instructor, and an author. Shon owned and ran her own trainingand consulting companies for 13 years prior to her death in 2014. She consulted withFortune 100 corporations and government agencies on extensive security issues. Sheauthored three best-selling CIsSP books, was a contributing author to gray Hat hackinThe Ethical hackers Handbook and Security information and Event Management (SIEM)Implementation, and a technical editor for Information Security magazineFernando maymi, Ph D,, CISSP is a security practitionerwith over 25 years experience in the field. He currently leadsa multidisciplinary team charged with developing disruptiveinnovations for cyberspace operations as well as impactful pub-lic-private partnerships aimed at better securing cyberspaceFernando has served as a consultant for both government andprivate-sector organizations in the United States and abroadHe has authored and taught dozens of courses and workshopsin cyber security for academic, government, and professionaaudiences in the United States and Latin America. Fernandois the author of over a dozen publications and holds threepatents. His awards include the U.S. Department of the army Research and DevelopmentAchievement Award and he was recognized as a hEnaaC Luminary. he worked closelywith Shon Harris, advising her on a multitude of projects, including the sixth edition ofthe CISSP all-in-One Exam Guide. Fernando is also a volunteer puppy raiser for GuidingCyes for the Blind and has raised two guide dogs, Trinket and virgoAbout the ContributorBobby e. Rogers is an information security engineer working as a contractor for Depart-ment of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, andcertification and accreditation efforts. He retired after 21 years in the U.S. air Forceserving as a network security engineer and instructor, and has secured networks all overthe world. Bobby has a master's degree in information assurance(IA)and is pursuing adoctoral degree in cybersecurity from Capitol Technology University in Maryland. Hismany certifications include CISSP-ISSEP, CEH, and MCse: Security, as well as theCompTIA A+, Network+, Security+, and mobility+ certifications00-FM indd 414/04/1610:24AMAll-In-One/CISSP All-in-One Exam Guide, Seventh Edition/ Harris/184927-0/ Front MatterBlind folio yAbout the technical editorJonathan Ham, CISSP, GSEC, GCIA, GCIH, is an independent consultant whospecializes in large-scale enterprise security issues, from policy and procedure, throughstaffing and training, to scalable prevention, detection, and response technology andtechniques. With a keen understanding of roi and tCo, he has helped his clientsachieve greater success for more than 12 years, advising in both the public and privatesectors,from small upstarts to the Fortune 500. Jonathan has been commissioned toteach NCiS investigators how to use Snort, has performed packet analysis from a facility more than 2,000 feet underground, and has chartered and trained the Cirt forone of the largest U.S. civilian federal agencies. He is a member of the GIAC AdvisoryBoard and is a SANS instructor teaching their MGt414: SANS Training Program forCISSP Certification course. He is also co-author of Network Forensics: Tracking HackersThrough Cyberspace, a textbook published by Prentice-Hall00-FM indd 514/04/1610:24AMAll-In-One/CISSP All-in-One Exam Guide, Seventh Edition/Harris/184927-0/ Front MatterCONTENTS AT A GLANCEChapter 1 Security and Risk managementChapter 2 Asset Security189Chapter 3 Security Engineering247Chapter4 Communication and Network Security..………,477Chapter 5 Identity and Access Management∴721Chapter 6 Security Assessment and Testing........∴859Chapter 7 Security Operations923Chapter 8 Software Development Security...................1077Appendix A Comprehensive Questions1213Appendix b About the CD-ROM1269Glossary…1273Index……129100-FM indd 614/04/1610:24AMAll-In-One/CISSP All-in-One Exam Guide, Seventh Edition/ Harris/184927-0/ Front MatterCONTENTSIn memory of Shon harrisForewordAcknowledgmentsF1rom the authorWhy become a cissp?Chapter 1 Security and Risk ManagementFundamental Principles of SecurityAvailabilityConfidentialityBalanced SecuritySecurity DefinitionsControl TySecurity frameworksISO/IEC 27000 SeriesEnterprise Architecture Development19Security Controls Developmentt DevelentFunctionality vs SecurityThe Crux of Computer Crime Laws45Complexities in Cybercrime48Electronic assets49The evoluf Attacks50nternatio54yPystems58Intellectual Property laws62rade secret63CTrademark65atent65Internal Protection of Intellectual Property67Software piracyPrivacyhe Increasing Need for Privacy LawsLaws, Directives, and regulationsEmployee Privacy Is00-FM indd 714/04/1610:24AMAll-In-One/CISSP All-in-One Exam guide seventh Edition/ Harris /184927-0/Front matterCISSP All-in-One Exam guideData breaches84U.S. Laws Pertaining to Data Breaches84Other Nations Laws Pertaining to Data Breaches85Policies. Standards, Baselines, Guidelines, and Procedures...86Security policy87Standards90Baselines91Guidelines92Proceed93Implementation93Risk management94Holistic Risk management95Information Systems Risk Management Policy95The risk Management Team ..........96The Risk Management ProcessThreat Modeling98Vulnerabilities98Threat100Attac100Reduction analy·········.··101Risk assessment and analysis..102Risk analysis Team103The value of Information and assets·104Costs That Make Up the value.105Identifying vulnerabilities and Threats106Methodologies for Risk Assessment107Risk analysis Approache112Qualitative Risk analysis116Protection mechanisms.119P123123Risk management Framewor.….∴Total Risk ys. Residual riskHandling risk124126126Categorize Information System....128Select s128Implement security controls129Assess Security controls129Authorize Information System...130Monitor Security Controls130Business Continuity and disaster recovery.130Standards and best practices.133Making bcm part of the enterprise security program136BCP Project Components.13900-FM indd 814/04/1610:24AMAll-In-One/CISSP All-in-One Exam Guide, Seventh Edition/ Harris/184927-0/ Front MatterContentsPersonnel securit154Hiring PI155Termination157Security-Awareness Training157Degree or certification159Security governance.159Metric160Ethics165The Computer Ethics Institute166The Internet architecture board166e Ethics pl168umma168Quick Ti170Questions175A184Chapter 2 Asset Security189Information Life Cycle190Acquisition190191archivalDisInformation Classification193ClassificationeIs..194Classification Controls197L:avers oof responsibility.199Executive ManagementData owner203Data custodian.204System Owner..204Security administrator205Supervisor205Change Control analyst205Data analyst205206editor206Why so many rol206Retention policies206Developing a Retention Policy207Protecting privacyData owners210Data processers211Data remanence211Linn collection21400-FM indd 914/04/1610:24AMAll-In-One/CISSP All-in-One Exam guide seventh Edition/ Harris /184927-0/Front matterCISSP All-in-One Exam guide215Data Security controls...216Data leak225Data leak prevention...226POther as234Protecting Mobile Devices234Paper records·········.··.235...236Summar236Quick ti237Questions.239Answers243Chapter 3 Security Engineering247System Architecture....248omputer Architecture...252The Central Processing Unit252Multiprocessing257T....258Operating systems271Process management271Memory management280Input/Output Device Management285CPU Architecture Integration287Operating system architectures291298System Security architecture...301Security policy...301Security architecture requirements302ecurityNodeS307Bell-LaPadula model307Biba model308Clark-Wilson modelNoninterference model...310Brewer and Nash modelGraham-Denning modelng311Harrison-Ruzzo-Ullman model312Evalu313Common criteria313Why Put a Product Through evaluation?.317Certification vs. Accreditation318Certification318Accreditation......31900-FM indd 1014/04/1610:24AM