CISSP通行证 英文版2025|PDF|Epub|mobi|kindle电子书版本百度云盘下载

CISSP通行证 英文版PDF格式电子书版下载

注意：本站所有压缩包均有解压码： 点击下载压缩包解压工具

1 Security Management Practices1

Objective1.01 Management Responsibilities2

Objective1.02 Risk Management3

Risk Analysis4

Objective1.03 Possible Threats5

Objective1.04 Security Control Types7

Objective1.05 Calculating Risk10

Quantitative Versus Qualitative Approaches10

Dealing with Risk13

Countermeasure Selection13

Objective1.06 Security Policies and their Supporting Counterparts14

Security Policy15

Standards15

Baselines15

Guidelines16

Procedures16

Objective1.07 Roles and Responsibilities17

Data Owner17

Data Custodian17

User17

Security Auditor18

Objective1.08 Information Classification18

Military Versus Commercial Classifications19

Objective1.09 Employee Management21

Operational Administrative Controls22

CHECKPOINT23

Review Questions24

Review Answers26

2 Access Control29

Definitions30

Objective2.01 Identification and Authentication30

Three Steps to Access Control31

Authentication31

Biometrics32

Passwords35

Cognitive Password36

One-Time Password37

Cryptographic Keys39

Passphrase39

Memory Cards39

Smart Cards40

Authorization40

Objective2.02 Single Sign-On Technologies41

Kerberos42

Directory Services42

SESAME45

Thin Clients45

Objective2.03 Access Control Models and Techniques46

DAC46

MAC47

RBAC48

Access Control Techniques49

Restricted Interfaces50

Capability Table and ACLs50

Content-Dependent Access Control51

Other Access Techniques52

Objective2.04 Access Control Administration52

Centralized Access Control Administration52

RADIUS53

Diameter54

TACACS54

Decentralized Access Control Administration55

Objective2.05 Intrusion Detection System55

Network-Based and Host-Based55

Signature-Based and Behavior-Based57

Downfalls of IDS58

Objective2.06 Unauthorized Access Control and Attacks58

Unauthorized Disclosure of Information59

Emanation Security60

Attack Types60

Penetration Testing62

CHECKPOINT63

Review Questions65

Review Answers67

3 Security Models and Architecture69

Central Processing Unit70

Objective3.01 System Components70

Storage and Memory Types73

Virtual Memory75

Data Access Storage77

Processing Instructions77

Operating States78

Objective3.02 Operation System Security Mechanisms78

Process Isolation79

Protection Rings79

Virtual Machine81

Trusted Computing Base81

Reference Monitor and Security Kernel82

Objective3.03 Security Models83

The Different Models83

Bell-LaPadula Model84

State Machine Models84

Biba86

Clark-Wilson Model88

Non-Interference Model88

Access Control Matrix Model89

Information Flow Model89

Brewer and Nash Model90

Graham-Denning and Harrison-Ruzzo-Ullman Models90

Objective3.04 Security Evaluation Criteria92

Security Evaluations93

Trusted Computer System Evaluation Criteria93

Rainbow Series94

Information Technology Security Evaluation Criteria95

Common Criteria95

Certification Versus Accreditation97

CHECKPOINT99

Review Questions100

Review Answers102

4 Physical Security105

Objective4.01 Controls Pertaining to Physical Security106

Facility Location107

Facility Construction109

Computing Area112

Hardware Backups113

Objective4.02 Electrical Power and Environmental Issues114

UPS114

Power Interference115

Environmental Considerations118

Ventilation118

Objective4.03 Fire Detection and Suppression119

Water, Steam, and Gas119

Fire Prevention120

Fire Detection120

Fire Types122

Fire Suppression122

Halon123

Fire Extinguishing Issues123

Water Sprinklers124

Emergency Response125

Objective4.04 Perimeter Security125

Lock Types126

Facility Access127

Entrance Protection128

Fencing129

Surveillance Devices130

Lighting130

Intrusion Detection Systems131

CHECKPOINT133

Review Questions134

Review Answers136

5 Telecommunications and Networking Security139

Objective5.01 TCP/IP Suite140

Internet Protocol (IP)143

Networks143

Intranets and Extra.nets144

Objective5.02 Cabling and Data Transmission Types145

Coaxial Cable145

Twisted-Pair Cable146

Fiber147

Cable Issues148

Broadband and Baseband149

Fire Ratings149

Signals150

Asynchronous and Synchronous151

Transmission Methods151

Objective5.03 LAN Technologies152

Network Topologies152

Media Access Technologies154

Ethernet154

Token Passing155

Polling156

Protocols156

Address Resolution Protocol (ARP)156

Reverse Address Resolution Protocol (RARP)157

Boot Protocol158

Other TCP/IP Protocols159

Internet Control Message Protocol (ICMP)159

Objective5.04 Networking Devices and Services160

Repeater160

Bridge161

Switches161

VLAN162

Router162

Brouters164

Gateway164

Summary of Devices165

Firewalls166

Packet Filtering166

Proxy Firewalls167

Stateful Firewalls169

Firewall Architecture170

Firewall Administration173

Remote Connectivity174

PPP174

SLIP174

PAP175

CHAP175

EAP175

VPN176

PPTP177

L2TP177

IPSec177

Network Services178

DNS178

NAT179

Objective5.05 Telecommunications Protocols and Devices180

FDDI181

SONET181

Dedicated Link182

CSU/DSU184

S/WAN184

ISDN184

DSL185

Cable Modems186

WAN Switching186

Frame Relay187

X.25188

ATM188

Quality of Service189

SMDS189

Multiservice Access Technologies190

SDLC190

HDLC190

Objective5.06 Remote Access Methods and Technologies191

Remote Access191

Wireless Technology193

Spread Spectrum193

WAP194

Access Points195

SSID196

OSA and SKA196

Cell Phone Cloning198

PBX Threats198

Objective5.07 Fault Tolerance Mechanisms199

Backing Up200

Clustering200

RAID200

CHECKPOINT201

Review Questions202

Review Answers205

6 Cryptography209

Objective6.01 Cryptography Definitions210

Definitions210

Keys and Text211

Keyspace212

Strength of Cryptosystem213

Attacks214

Spy-Like Ciphers215

Steganography215

Objective6.02 Cipher Types216

Kerckhoff's Principle217

Key Escrow218

Substitution Cipher218

Transposition Cipher219

Block Cipher220

Stream Cipher221

Symmetric Cryptography223

Asymmetric Cryptography225

Objective6.03 Hybrid Approach227

Key Management228

Data Encryption229

Security Goals230

Types of Symmetric Algorithms231

DES231

Advanced Encryption Standard (AES)233

Triple-DES (3DES)233

Other Symmetric Algorithms234

Asymmetrical Algorithms234

Diffie-Hellman Key Exchange235

El Gamal236

Elliptic Curve Cryptosystems (ECC)236

Objective6.04 Message Integrity and Digital Signatures236

Message Integrity236

One-Way Hash237

Attacks on Hashing Functions238

Hashing Algorithms240

Message Authentication Code240

Electronic Signing242

DSS243

Certificate Authority (CA)244

Public Key Infrastructure244

Objective6.05 Cryptography Applications244

Registration Authority245

Certificate Revocation List (CRL)245

Components of PKI246

PKI Steps247

0ne-Time Pad248

Encryption at Different Layers250

Objective6.06 Cryptographic Protocols251

Privacy-Enhanced Mail (PEM)252

Message Security Protocol (MSP)252

Pretty Good Privacy (PGP)252

Internet Security253

Secure Hypertext Transfer Protocol (S-HTTP)253

Secure Sockets Layer (SSL)254

HTTPS254

S/MIME255

SSH2255

SET256

IPSec257

Other Security Technologies261

Objective6.07 Attacks261

Ciphertext-Only Attack262

Known-Plaintext Attack262

Chosen-Plaintext Attack262

Adaptive Chosen-Plaintext Attack263

Chosen-Ciphertext Attack263

Adaptive Chosen-Ciphertext Attack263

Man-in-the-Middle Attack263

CHECKPOINT264

Algebraic Attack264

Analytic Attack264

Review Questions266

Review Answers268

7 Disaster Recovery and Business Continuity271

Objective7.01 Disaster Recovery versus Business Continuity272

Objective7.02 Project Initiation Phase274

Objective7.03 Business Impact Analysis275

Objective7.04 Possible Threats279

Objective7.05 Backups and Off-Site Facilities280

Employees and the Working Environment280

Choosing a Software Backup Storage Facility282

Backup Facility Alternatives283

Objective7.06 DRP and BCP Planning Objectives285

Emergency Response288

Documentation289

Recovery and Restoration289

Testing and Drills290

Maintenance291

Phase Breakdown292

Prevention292

CHECKPOINT293

Review Questions294

Review Answers297

8 Law,Investigation, and Ethics299

Objective8.01 Ethics300

(ISC)2300

Computer Ethics Institute301

Internet Activities Board301

Characteristics of an Attacker302

Objective8.02 Hacking Methods302

Problems with Prosecuting Attackers303

Types of Attacks304

Salami304

Data Diddling304

Excessive Privileges304

Password Sniffing305

IP Spoofing305

Dumpster Diving305

Wiretapping305

Social Engineering306

More Attack Types306

Attack Categories307

Phone Fraud307

Security Principles308

Objective8.03 Organization Liabilities and Ramifications308

Legal Liability309

PrivacyIssues309

Privacy Act of 1974309

Electronic Communications Privacy Act of 1986310

Health Insurance Portability and Accountability Act (HIPAA)310

Gramm Leach Bliley Act of 1999310

Employee Monitoring311

Transborder Information Flow312

International Issues312

Objective8.04 Types of Law313

Civil Law313

Criminal Law313

Computer Fraud and Abuse Act of 1986314

Economic Espionage Act of 1996314

Federal Policies314

Administrative Law314

Federal Sentencing Guidelines of 1991315

Intellectual Property Laws315

Trade Secret315

Copyright © 2025  最新更新

Trademark317

Patent317

Software Piracy317

Objective8.05 Computer Crime Investigation318

Who Should Investigate?318

Incident Response Plan319

Incident Response Team319

Collecting Evidence320

Incident Handling320

Search and Seizure322

Forensics323

Admissibility of Evidence324

Evidence Types324

Best Evidence324

Secondary Evidence325

Hearsay Evidence325

Enticement and Entrapment325

Trial326

CHECKPOINT327

Review Questions328

Review Answers331

9 Applications and Systems Development333

Objective9.01 Project Development334

Software Lifecycle335

Project Initiation336

Functional Design Analysis and Planning336

Software Development Models336

System Design Specifications337

Software Development338

Acceptance Testing/Implementation338

Operations/Maintenance339

Disposal339

Software Development Methods339

Change Control340

Administrative Controls341

Program Language Evolution342

Objective9.02 Object-Oriented Programming342

Classes and Objects343

Polyinstantiation344

Abstraction344

Polymorphism344

Application Threats345

Objective9.03 Distributed Computing347

ORB and CORBA347

COM and DCOM348

Enterprise Java Bean349

OLE349

ActiveX350

Java Applets350

CGI351

Cookies351

Objective9.04 Databases352

Relational Data Model353

Data Dictionary354

Database Jargon355

Structured Query Language356

Hierarchical Database Model356

Network Database Management System356

Distributed Data Model356

Object-Oriented Database357

Database Interface Languages357

Concurrency Issues358

Aggregation and Inference359

Data Warehousing361

Data Mining361

Objective9.05 Artificial Intelligence362

Expert Systems362

Artificial Neural Network363

Virus364

Objective9.06 Malware364

Worms365

Logic Bomb365

Trojan Horse365

Denial of Service366

DDoS366

Smurf Attacks366

Timing Attacks367

CHECKPOINT368

Review Questions369

Review Answers371

10 Operations Security373

Objective10.01 Operations Controls374

Due Care375

Administrative Control375

Job Rotation376

Separation of Duties376

Least Privilege and Need-to-Know377

Mandatory Vacations377

Clipping Levels378

Control Categories378

Objective10.02 Configuration Management and Media Control380

Media Controls381

Input/Output Data Controls383

Objective10.03 Reacting to Failures and Recovering383

Trusted Recovery384

Facsimile Security385

Operational Responsibilities386

Unusual or Unexplained Occurrences386

Deviations from Standards387

Unscheduled Initial Program Loads387

Personnel Operators388

Objective10.04 Software Backups389

Network Availability389

RAID389

Backups391

Contingency Management393

CHECKPOINT393

Review Questions394

Review Answers396

A About the Free Online Practice Exam397

Mike Meyers' Certification Passport FREE Online Practice Exam Instructions397

System Requirements397

Technical Support398

B Career Flight Path399

Career Paths in Security399

Index403