Week 2: (ISC)2 Common Body of Knowledge PDF

(ISC)2 Common Body of Knowledge The ten security domains provided by the Certified Information Systems Security Professional (CISSP). **Access Control Systems and Methodology**: Focuses on protecting resources from unauthorized access while allowing access to authorized personnel. Includes authentication methods like passwords, two-factor authentication, biometrics, and single sign-on (SSO). **Telecommunications and Network Security**: Emphasizes the security of communications, protocols, and network services. It addresses vulnerabilities like perimeter security, extranet access, and Internet-based attacks. **Business Continuity Planning and Disaster Recovery**: Involves planning for system failures, natural disasters, and service interruptions. Includes backup testing, off-site storage, and ensuring critical services remain available after a disaster. **Security Management Practices**: Focuses on security awareness and risk assessment, educating IT staff and users about threats. Emphasizes organized security teams for efficient crisis response. **Security Architecture and Models**: Involves policy planning for security issues like desktop security, data backups, and antivirus solutions. **Law, Investigation, and Ethics**: Covers legal aspects of security, including forensic practices, evidence handling, employee surveillance, and privacy laws. **Application and Systems Development Security**: Deals with security in software development, including permission handling, integrity checks, and preventing insider threats like spyware. **Cryptography**: Discusses the use of encryption to secure data, including different encryption types and key management in Public Key Infrastructure (PKI). **Computer Operations Security**: Involves securing ongoing computer operations against threats like malicious code and denial-of-service attacks. **Physical Security**: Ensures physical access to servers and workstations is secured, including mechanisms like locked doors and access logging. The **International Organisation for Standardisation** (ISO) is a standard setting body, with voluntary members who are recognised authorities. Each member represents a single country. Amongst many other standards, the ISO have created a range of standards related to information security. In particular, the ISO 27000 series. **27k series** https://www.dcc.ac.uk/guidance/briefing-papers/standards-watch-papers/information-security-management-iso-27000-iso-27k-s  **Security Standards and Digital Curation**: Digital information's flexibility makes it vulnerable to unauthorized access or changes. Effective Information Security Management Systems (ISMS) ensure data confidentiality, integrity, and availability.  **ISO/IEC 27000 Series**: This series of standards defines ISMS implementation. Core documents, ISO/IEC 27001 and 27002, outline ISMS requirements and implementation guidance, based on the PDCA model.  **Functionality**: ISO 27001 mandates risk management and 130+ security controls, while ISO 27002 provides practical guidance.  **Benefits**: Certification enhances security, compliance, data protection, and business continuity. The text compares various information security frameworks and standards: 1. **ISO 27000**: Follows a \"plan, do, check, act\" cycle, focusing on risk assessment and control implementation. 2. **NIST**: Similar to ISO 27000 but adds phases: identify, protect, detect, respond, and recover. 3. **Common Criteria**: Applies to hardware and software security, focusing on consumer confidence without prescribing specific controls. This applies only to security products. 4. **Common Body of Knowledge**: Covers risk management, identity, and access control. All frameworks emphasize risk management, review, and reflection but avoid specific implementation requirements.

Week 2: (ISC)2 Common Body of Knowledge PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue