如何快速通过 Cissp考试.pptVIP

How to Pass the CISSP The Evil Geniuses Edition The CBK Divided into 10 Sections The test is 250 questions Ethics questions are guaranteed to be there Every test is different Expect 20 questions from each section These slides are based on the notes from someone who took the class Security Management Practices The concept of due diligence Due Diligence – the idea that everything that could be done has. ? Mgt anything…. If you see management as part of an answer consider it VERY seriously. Seems like it is always the right answer. Remember…. C-I-A Confidentiality, Integrity, Availability. Same as above. If you see one of these as a possible answer, it is probably the correct answer. User is primarily responsible for security of data, this means that management may create controls to secure data but ultimately the user is the one who decides to follow them. Security Management Practices ·???????? Least privilege “need to know” basis ·???????? Standards, Baselines Procedures, Guidelines Standards think HW, SW Mechanism like Norton is standard for Anti-virus Baseline think Platform unique Procedures think Required Guidelines think Recommended Security Management Practices The Books ·???Red Book = Trusted Network Interpretation (orange book for networks) ·???Orange book = Trusted Computer security evaluation criteria ·?Confidentiality only…. Government based Security Management Practices The Certifications ·ITSEC = international community attempt to “harmonization” – more commercial flavor ·Adds Integrity and availabilty issues Common criteria = new effort to bring all together Replaces previous scheme C1, C2, B1, B2, A Security Management Practices ·?Types of classification Object/subject object = passive (files, data, sometimes program) subject = active (usually people) SUI = sensitive but unclassified information Security Management Practices ·Who is responsible for what controls ?Owner has responsib