交大慧谷培训中心 内部资料,仅供参考
CISSP 最新学习笔记
此文是我班2014年高分考生袁同学在准备CISSP考试过程中的边看书边整理的一个学习笔记,整理的非常细致到位,特借此供各位备考学员参考。
第1章节到第10章节主要是学习all in one第六版资料时笔记;第11章到18章节主要是在学习完all in one后做cccure网站上面练习题后,补充的知识点;第19章到25章节为学习officeial guide教材后补充的知识点;最后第26章是总复习时作actual练习题时补充的知识点。
在看书3遍all in one后,主要补充学习了pre guide的学习笔记,cccure练习题和official guide进行知识点的补充,最后总复习阶段(1周左右)以本复习笔记为基础,配合actual练习题进行。
- 1 -
交大慧谷培训中心 内部资料,仅供参考
目 录
一. Chapter 3:Security management practices .......................................................... 5
1.1 安全管理 ......................................................................................................... 5 1.2 风险管理 ......................................................................................................... 6 1.3 Policies、standards、baselines、guidelines、procedures ........................... 7 1.4 Classification ................................................................................................... 8 1.5 employee ......................................................................................................... 9 二. chapter 4:Access Control ................................................................................... 10
2.1 Identification, Authentication(= Validating), and Authorization(标识、认证、授权) .................................................................................................................. 10 2.2 Access Control Models(访问控制模型) .................................................... 12 2.3 Access Control Techniques and Technologies(方法和技术) .................... 13 2.4 Access Control Administration(访问控制管理) ......................................... 13 2.5 Access Control Methods(访问控制方法) .................................................. 14 2.6 Access Control Type ..................................................................................... 15 2.7 access control practices ................................................................................ 15 2.8 Access Control Monitoring ............................................................................ 15 2.9 A few threats to access control ..................................................................... 16 三. Chapter 5:Security Models and Architecture ..................................................... 17
3.1 Computer Architecture .................................................................................. 17 3.2 Operation System Architecture ..................................................................... 20 3.3 System architecture ...................................................................................... 20 3.4 安全模型 ....................................................................................................... 21 3.5 运行的安全模式security modes of operation ............................................... 23 3.6 Systems Evaluation Methods ........................................................................ 23 3.7 A Few Threats to Security Models and Architectures ................................... 24 四. Chapter 6:Physical Security ............................................................................... 26
4.1 Planning process ........................................................................................... 26 4.2 Protecting assets ........................................................................................... 28 4.3 Internal Support Systems .............................................................................. 28 4.4 Environmental issues .................................................................................... 29 4.5 Perimeter security ......................................................................................... 31 五. Chapter 7:Telecommunications and Networking Security ................................. 33
5.1 开放系统模型 ................................................................................................ 33 5.2 TCP/IP ........................................................................................................... 34 5.3 Type of transmission ..................................................................................... 35 5.4 LAN Networking ............................................................................................ 35 5.5 介质访问技术Media access technology ...................................................... 36 5.6 LAN Protocols ............................................................................................... 37 5.7 Networking Device ........................................................................................ 37 5.8 Networking services and protocols ............................................................... 39
- 2 -
交大慧谷培训中心 内部资料,仅供参考
5.9 MAN、WAN................................................................................................... 40 5.10 远程访问remote access ............................................................................. 43 5.11 wireless technologies .................................................................................. 44 六. Chapter 8:Cryptography ..................................................................................... 47
6.1 加密方法methods of encryption .................................................................. 48 6.2 对称算法的类型Type of symmetric methods ............................................... 49 6.3 非对称算法的类型 ......................................................................................... 50 6.4 Message Integrity hash MD5 SHA ........................................................... 51 6.5 PKI-Public Key infrastructure ...................................................................... 54 6.6 链路加密和端到端加密 ................................................................................. 54 6.7 E-mail标准 .................................................................................................... 54 6.8 Internet security ............................................................................................. 55 6.9 Attack ............................................................................................................. 56 七. Chapter 9:Business Continuity Planning ........................................................... 57
7.1 Make BCP Part of the Security Policy and Program .................................... 58 7.2 业务连续性计划的需求 ................................................................................. 58 7.3 Recovery Strategies恢复策略 ...................................................................... 59 7.4 Developing Goals for the Plans .................................................................... 61 7.5 testing and revising the plan测试和修改计划 ............................................... 61 八. Chapter 10:Law, investigation and Ethics .......................................................... 63
8.1 Computer Crime Investigations ..................................................................... 64 九. Chapter 11:Application and system development ............................................. 66
9.1 Database Management ................................................................................. 66 9.2 System Development .................................................................................... 68 9.3 Application Development Methodology ......................................................... 71 9.4 攻击 ............................................................................................................... 72 十. Chapter 12:Operation Security .......................................................................... 74
10.1 Security Operations and Product Evaluation .............................................. 74 10.2 Network and Resource Availability .............................................................. 76 10.3 Email security .............................................................................................. 76 10.4 Hack and Attack Methods ........................................................................... 77 十一. Cccure security management ........................................................................... 79 十二. Cccure AC ......................................................................................................... 80 十三. Cccure CPU ...................................................................................................... 82 十四. Cccure AP ......................................................................................................... 84 十五. Cccure encryption ............................................................................................. 86 十六. Cccure telecommunication ................................................................................ 88 十七. Cccure OS运行安全 ......................................................................................... 89 十八. Cccure 法律 ...................................................................................................... 91 十九. official guide 法律 ............................................................................................. 92 二十. official guide BCP .............................................................................................. 93 二十一. official guide 安全管理 .................................................................................. 93 二十二. official guide AP ............................................................................................. 94 二十三. official guide密码 ........................................................................................... 96
- 3 -