首页
学习
活动
专区
圈层
工具
发布
首页
学习
活动
专区
圈层
工具
MCP广场
社区首页 >专栏 >CISSP考试指南笔记:3.7 认证与认可

CISSP考试指南笔记:3.7 认证与认可

作者头像
血狼debugeeker
发布于 2020-12-29 03:16:10
发布于 2020-12-29 03:16:10
3330
举报
文章被收录于专栏:debugeeker的专栏debugeeker的专栏

Security is made up of system administration, physical security, installation, configuration mechanisms within the environment, and continuous monitoring.

Certification


Certification is the comprehensive technical evaluation of the security components and their compliance for the purpose of accreditation.

The goal of a certification process is to ensure that a system, product, or network is right for the customer’s purposes.

The certification process and corresponding documentation will indicate the good, the bad, and the ugly about the product and how it works within the given environment.

剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记:3.7 认证与认可

本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2020/12/26 ,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 作者个人站点/博客 前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体同步曝光计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
暂无评论
推荐阅读
编辑精选文章
换一批
CISSP考试指南笔记:7.14 快速提示
剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记:7.14 快速提示
血狼debugeeker
2021/03/23
2860
CISSP考试指南笔记:5.8 物理/逻辑访问的控制
The first piece to building a security foundation within an organization is a security policy. It is management’s responsibility to construct a security policy and delegate the development of the supporting procedures, standards, and guidelines; indicate which personnel controls should be used; and specify how testing should be carried out to ensure all pieces fulfill the company’s security goals. These items are administrative controls and work at the top layer of a hierarchical access control model.
血狼debugeeker
2021/03/02
3270
CISSP考试指南笔记:3.18 公钥基础设施
Public key infrastructure (PKI) consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion.
血狼debugeeker
2021/01/29
4220
CISSP考试指南笔记:3.6 系统评估方法
An assurance evaluation examines the security-relevant parts of a system, meaning the TCB, access control mechanisms, reference monitor, kernel, and protection mechanisms. The relationship and interaction between these components are also evaluated in order to determine the level of protection required and provided by the system.
血狼debugeeker
2020/12/29
5190
CISSP考试指南笔记:5.5 访问控制机制
An access control mechanism dictates how subjects access objects. It uses access control technologies and security mechanisms to enforce the rules and objectives of an access control model. There are five main types of access control models: discretionary, mandatory, role based, rule based, and attribute based.
血狼debugeeker
2021/03/02
4410
CISSP考试指南笔记:3.24 快速提示
剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记:3.24 快速提示
血狼debugeeker
2021/02/02
3530
CISSP考试指南笔记:5.2 安全原则
Information, systems, and resources must be available to users in a timely manner so productivity will not be affected.
血狼debugeeker
2021/03/02
2850
CISSP考试指南笔记:8.1 创建好的代码
Quality can be defined as fitness for purpose.
血狼debugeeker
2021/09/10
3060
CISSP考试指南笔记:3.22 站点规划过程
The objectives of the site and facility security program depend upon the level of protection required for the various assets and the company as a whole. And this required level of protection, in turn, depends upon the organization’s acceptable risk level. This acceptable risk level should be derived from the laws and regulations with which the organization must comply and from the threat profile of the organization overall.
血狼debugeeker
2021/02/02
5260
CISSP考试指南笔记:4.14 网络加密
Link encryption encrypts all the data along a specific communication path, as in a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data that are part of the packets are also encrypted. The only traffic not encrypted in this technology is the data link control messaging information, which includes instructions and parameters that the different link devices use to synchronize communication methods. Link encryption provides protection against packet sniffers and eavesdroppers.
血狼debugeeker
2021/02/04
4080
CISSP考试指南笔记:7.12 实施灾难恢复
Recovering from a disaster begins way before the event occurs. It starts by anticipating threats and developing goals that support the business’s continuity of operations.
血狼debugeeker
2021/03/23
5180
CISSP考试指南笔记:4.4 传输介质
A transmission medium is a physical thing through which data is moved. three different types of transmission media: electrical wires, optical fibers, and free space.
血狼debugeeker
2021/02/02
3260
CISSP考试指南笔记:4.16 快速提示
剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记:4.16 快速提示
血狼debugeeker
2021/02/05
3460
CISSP考试指南笔记:4.12 通信通道
Multiservice access technologies combine several types of communication categories (data, voice, and video) over one transmission line. This provides higher performance, reduced operational costs, and greater flexibility, integration, and control for administrators. The regular phone system is based on a circuit-switched, voice-centric network, called the public-switched telephone network (PSTN). The PSTN uses circuit switching instead of packet switching.
血狼debugeeker
2021/02/04
4320
CISSP考试指南笔记:3.20 针对密码学的攻击
Eavesdropping and sniffing data as it passes over a network are considered passive attacks because the attacker is not affecting the protocol, algorithm, key, message, or any parts of the encryption system.
血狼debugeeker
2021/01/29
3590
CISSP考试指南笔记:1.13 风险评估和分析
A risk assessment, which is really a tool for risk management, is a method of identifying vulnerabilities and threats and assessing the possible impacts to determine where to implement security controls.After a risk assessment is carried out, the results are analyzed. Risk analysis is used to ensure that security is cost effective, relevant, timely, and responsive to threats.
血狼debugeeker
2020/12/21
6420
CISSP考试指南笔记:4.8 网络组件
A repeater provides the simplest type of connectivity because it only repeats electrical signals between cable segments, which enables it to extend a network. Repeaters work at the physical layer and are add-on devices for extending a network connection over a greater distance.
血狼debugeeker
2021/02/02
3720
CISSP考试指南笔记:5.3 身份标识、身份验证、授权与可问责性
Identification describes a method by which a subject (user, program, or process) claims to have a specific identity (username, account number, or e-mail address).
血狼debugeeker
2021/03/02
4390
CISSP考试指南笔记:5.10 访问控制监控
Intrusion detection systems (IDSs) are different from traditional firewall products because they are designed to detect a security breach. Intrusion detection is the process of detecting an unauthorized use of, or attack upon, a computer, network, or telecommunications infrastructure.
血狼debugeeker
2021/03/02
4650
CISSP考试指南笔记:4.10 城域网
A metropolitan area network (MAN) is usually a backbone that connects LANs to each other and LANs to WANs, the Internet, and telecommunications and cable networks. A majority of today’s MANs are Synchronous Optical Networks (SONETs) or FDDI rings and Metro Ethernet provided by the telecommunications service providers.
血狼debugeeker
2021/02/02
3120
相关推荐
CISSP考试指南笔记:7.14 快速提示
更多 >
领券
问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档