CISSP重点.docxVIP

CISSP重点通过做题归纳出CISSP重点考察的知识点Ch1. Information Security Governance and Risk Management1、CobiT与ITIL关系The Control Objectives for Information and related Technology (CobiT) is a framework developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and ensure IT maps to business needs, not specifically just security needs. The Information Technology Infrastructure Library (ITIL) is the de facto standard of best practices for IT service management. A customizable可定制 framework, ITIL provides the goals, the general activities necessary to achieve these goals, and the input and output values for each process required to meet these determined goals. ITIL provides steps for achieving IT service management goals as they relate to business needs.In essence, CobiT addresses what is to be achieved, while ITIL addresses how to achieve it. In order to achieve many of the objectives addressed in CobiT, an organization can use ITIL, which provides process-level steps for achieving IT service management objectives.CobiT can be used as a model for IT governance. Actually, Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a model for corporate governance. CobiT is derived from the COSO framework. You can think of CobiT as a way to meet many of the COSO objectives, but only from the IT perspective.2、欧洲Privacy法案（Safe Harbor欧洲安全港）The Safe Harbor requirements were created to harmonize the data privacy practices of the U.S. with the European Unions stricter privacy controls, and to prevent accidental information disclosure and loss. The framework outlines how any entity that is going to move private data to and from Europe must go about protecting it.The Health Insurance Portability and Accountability Act (HIPAA)provides a framework and guidelines to ensure security, integrity, and privacy when handling confidential medical information withi