Zusammenfassung der Ressource
CISSP Domains
- Domain 1: Access Control
- Concepts/methodologies/techniques
- Effectiveness
- Attacks
- Domain 2: Telecommunications and Network Security
- Network architecture and design
- Communication channels
- Network components
- Network attacks
- Domain 3: Information Security Governance and Risk Management
- Security governance and policy
- Information classification/ownership
- Contractual agreements and procurement processes
- Risk management concepts
- Personnel security
- Security education, training and awareness
- Certification and accreditation
- Domain 4: Software Development Security
- Systems development life cycle (SDLC)
- Application environment and security controls
- Effectiveness of application security
- Domain 5: Cryptography
- Encryption concepts
- Digital signatures
- Cryptanalytic attacks
- Public Key Infrastructure (PKI)
- Information hiding alternatives
- Domain 6: Security Architecture and Design
- Fundamental concepts of security models
- Capabilities of information systems (e.g. memory protection,
virtualization)
- Countermeasure principles
- Vulnerabilities and threats (e.g. cloud computing,
aggregation, data flow control)
- Domain 7: Operations Security
- Resource protection
- Incident response
- Attack prevention and response
- Patch and vulnerability management
- Domain 8: Business Continuity and Disaster Recovery Planning
- Business impact analysis
- Recovery strategy
- Disaster recovery process
- Provide training
- Domain 9: Legal, Regulations, Investigations and Compliance
- Legal issues
- Investigations
- Forensic procedures
- Compliance requirements/procedures
- Domain 10: Physical (Environmental) Security
- Site/facility design considerations
- Perimeter security
- Internal security
- Facilities security