1、 Certified Information System Security Professional CISSP CISSP CBK( ) CISSP CBK ISC 2 TM CISSP CBK CBK CKB Review Seminar CBK CISSP ISC 2 TM CBK CBK CBK CBK ISC 2 TM CBK CBK CBK CBK CBK CBK CISSP 1. 2. 3. 4. 5. 6. 7. 8. BCP DRP 9. 10. 1 (Discretionary Access Control) (Mandatory Access Control) (Lat
2、tice-based Access Control) (Rule-based Access Control) (Role-based Access Control) (Access Control Lists) (Journal Monitoring) (Principle of Least Privilege) (Segregation of Duties and Responsibilities) Bell-LaPadula Biba Clark and Wilson (Non-interference Model) (State Machine Model) (Access Matrix
3、 Model) (Information Flow Model (PINs) ( ) (token) (ticket) ( ) (Single Sign On SSO) / RADIUS TACACS (Decentralized Access Control) (Brute Force) (Denial of Service) (Man-in-the-middle attacks) (Spamming) (Sniffers) Crackers ( ) (Attack Signature Identification) (Intrusion Reactive Response) (Anomal
4、y Identification) (Intrusion Response) (Alarms) (Signals) (Audit Trails) (Violation Reports) (Corrections) (Penetration Testing) 2 (Security Measure) TCP/IP Internet/Intranet/Extranet ISO/OSI ( / / ) ( / / ) IPSec TCP/IP / (Telecommuting) Secure Remote Procedure call (S-RPC) RADIUS/TACACS(Remote Acc
5、ess Dial-In User System/Terminal Access Control Access System) Packet Sniffers Internet/Intranet/Extranet (Gateways) (Proxies) Transmission Control Protocol/Internet Protocol(TCP/IP) IPSEC SKIP SWIPE SSL S/MIME SSL SET PEM Challenge Handshake Authentication Protocol(CHAP) Password Authentication Pro
6、tocol(PAP) (PPP)/ (SLIP) HDLC SDLC ISDN X 25 (Tunneling) (VPN) Packet Sniffers (Network Address Translation) Hash Totals (Record Sequence Checking) (Transmission Logging) (Transmission Error Correction) (Retransmission Controls) E MAIL (Facsimile Security) (Security Boundaries and How to translate s
7、ecurity policy to controls) ARP (worms) (flooding) (eavesdropping) (sniffers) Spamming PBX PBX Fraud and Abuse 3 ( ) (Documentation) CIA (CIA Triad) / (Change Control/Management) ( Change Control ) (Data Classification) (Objective of a Classification Scheme) / / (Worth/Valuation) (Employment Policie
8、s and Practices) / (Background Checks/Security Clearances) (Employment Agreement) (Hiring and Termination Practices) (Separation of Duties and Responsibilities) (Job Rotations) (Probability Determination) (Single Occurrence Loss) (Annual Loss Expectancy (ALE) Calculations) (Countermeasure Selection)
9、 (Countermeasure Evaluation) / / (Risk Reduction/Assignment/Acceptance) IS/IT (other individual) 4 (Applications & Systems Development Security) (agents) (applets) Active-X Java / (Aggregation) (Inference) (Poly-instantiation) (DBMS) / (Primary) (Secondary) (Real) (Virtual) (Random) (V olatile) (Seq
10、uential) (Conceptual Definition) (Functional Requirements Determination) (Protection Specifications Development) (Certification) (Accreditation) / (Process Isolation) (Hardware Segmentation) (Separation of Privilege) (Abstraction) System High (Security Kernel) (Reference Monitors) (Mode of Operation
11、) (Integrity Levels) / (Service Level Agreement) (Jargon) Myths/hoaxes (The concepts of hackers, crackers, phreaks and virus writers) Multi-partite Macintosh Active-X Java (Brute Force or Exhaustive Attack) (Denial of service) pseudo flaw (Alteration of Authorization Code) (Hidden Code) (Browsing) (
12、Inference) Flooding Cramming Time of Check/Time of Use(TOC/TOU) 5 (Use of Cryptography to Achieve) / ( DES RSA SHA MD5 HMAC DSA) ( Kerberos ISAKMP) / (Hash Function) ( MD5 SHA HMAC) One Time Cipher Keys(Pads) Key Escrow / (Secrecy) (Secrecy) (Public Key Infrastructure PKI) (Certificate Authority) (H
13、ierarchical Structure) Hierarchy Chain (System Architecture for Implementing Cryptographic Functions) ( PEM S/MIME,SSL,HTTPS(also known as SHTTP),SET,IPSEC) ( ) ( IPSEC /ISAKMP) COA KPA CTA CPA ACPA CCA (Brute Force) Crack (Replay) MIM (Birthday) 6 (Secure) CC(Common Criteria) ITSEC (TCSEC) IETF IPS
14、EC (Addressing physical and symbolic) (Address space contrasted to memory space) ( ) (OSI ) ( ) ( ) ( ) ( ) (Certification and Accreditation) (Confinement Bounds and Isolation) ( ) IETF (IPSec) ITSEC ( )(Objects and subjects(purpose and relationship) DMZ ( ) (TCB) (Bell-LaPadula,Clark-Wilson,Biba) T
15、CSEC (labels)( ) ( ) (Hook) (superzap/su) ( APIs ) Timing(TOC/TOU) 7 (Operation Security) (media) (Administrative Management) / (Job Requirements/Specifications) (Job Rotations) Mandatory taking of vacation in one week increments / / (Need to Know/Least Privilege) (Privileged Operations Functions) S
16、tandards of Due Care/Due Diligence ( fraud detection, collusion) (Marking) (Handling) (Storage) (Destruction) (Directive Controls) (Preventive Controls) (Detective Controls) (Corrective Controls) (Recovery Controls) (Operations Controls) / / (Vendor Software) (System Utilities) (Directories and Address Tables)
