Monday, February 11, 2008

CISSP 10 Domains Overview

Here you can see the main concepts of each domain.

Access Control Systems and Methodology


Mechanisms and methods used to enable administrators and managers to control what subjects can access.
* Identification, Authentication, Authorization, Monitoring.
* Access Control Administration.
* Categories and Controls.
* Control Threats and Measures.
* Dana ownership.
* Attacks to the Access Control.

Telecommunications and Network Security


Protocols and devices security.
* OSI.
* LAN, MAN (metropolitan) and WAN technologies.
* Internet, intranet, extranet.
* VPN's, routers, bridges and repeaters.
* topologies.
* Network Attacks.
* Network Security Concepts and Risks.
* Business Goals and Network Security.


Security Management Practices


Company assets to determine the level of protection required, in order to reducing threats and monetary loss.
* Data classification.
* Policies, procedures, standards and guidelines.
* Risk assessment and management.
* Personal security and awareness.

Applications and Systems Development Security


* Data mining and data warehousing.
* Development practices.
* System storage.
* Malicious code.
* Software Based Controls.
* Software Development Lifecyle and Principles.

Cryptography


Cryptographic technologies, and attacks to the cryptography.
* Basic Concepts and Algorithms.
* Symetric vs Asymetric algorithms.
* Signatures and Certification.
* Cryptanalysis.
* PKI.


Security Architecture and Models


Concepts, Principles and Standards for designing and implementing secure applications.
* SO states, kernel functions and memory mapping.
* Security models.
* TCSSE Trusted Computer Security Evaluations (evaluation criteria)
* Common Criteria and ITSEC
* Common flaws in applications and systems.
* Principles and Benefits
* Trusted Systems and Computing Base.
* System and Enterprise Architecture.


Operations Security


Controls over personnel, hardware, systems, auditing and monitoring.
* Administrative responsibilities to personnel and jobs.
* Maintenance concepts. (AV,FW,auditing)
* Preventive, corrective, and recovery controls.
* Standards.
* Media, Backups and Change Control Management.
* Controls Categories.


Business Continuity Planning and Disaster Recovery Planning


Preservation of business activities when faced with disruptions or disasters.
* Resource identification and value.
* Risk assessment.
* Crisis management.
* Response and Recovery Plans.
* Restoration Activities.
* Plan development, implementation and maintenance.

Laws Investigations and Ethics


* Laws, regulations and crimes.
* Licensing and software privacy.
* Export and import laws and issues.
* Evidence types and admissibility into court.
* Incident handling, and forensics.
* Major Legal Systems
* Common and Civil Law
* Regulations, Laws and Information Security


Physical Security


Threats, risks and contra measures to protect: facilities,hardware,data,media and personnel.
* Restricted areas, authorization methods and controls.
* Sensors and alarms.
* Intrusion detection.
* Fire detection, prevention and suppression.
* Fencing security guards, and security badge types.
* Layered Physical Defense and Entry Points.
* Site Location Principle.

2 comments:

Steffi said...

interesting blog. It would be great if you can provide more details about it. Thanks you



CISSP

yaklibber924 said...

This web site is really a walk-via for the entire information you wanted about this and didn’t know who to ask. Glimpse here, and you’ll undoubtedly discover it. casino online