+ All Categories

Download - CISSP Overview

Transcript
Page 1: CISSP Overview

CISSP Overview

CISSP OverviewCISSP Overview

Page 2: CISSP Overview

CISSP Overview

목 차

1. Introduction

2. CISSP의 의미와 시험준비방법3. CBK 소개

Page 3: CISSP Overview

CISSP Overview

1.1 ISC2 ?

(ISC)2 = International Information Systems Security Certifications Consortium, Inc.

(ISC)2 is a global, not-for-profit organization dedicated to: • Maintaining a Common Body of Knowledge for Information Security [IS]. • Certifying industry professionals and practitioners in an international IS stand

ard • Administering training and certification examinations. • Ensuring credentials are maintained, primarily through continuing education.

Governments, corporations, centers of higher learning and organizations worldwide demand a common platform for and proficiency in mastering the dynamic nature of information security. (ISC)2 helps fulfill these needs.

Thousands of IS professionals in over 35 countries worldwide have attained certification in one of the two designations administered by (ISC)2: • Certified Information Systems Security Professional [CISSP] • System Security Certified Practitioner [SSCP]

Both credentials indicate those certified have demonstrated experience in the field of information security, passed a rigorous examination, subscribe to a Code of Ethics and maintain certification with continuing education.

1.Introduction

Page 4: CISSP Overview

CISSP Overview

1.2 Why choose certification? Information security [IS] professionals invest substantially in information assets, i

ncluding technology, architecture and process. But how can protection of these assets be ensured? Only through the strengths of

the professionals in charge. Industry standards, ethics and certification of IS professionals and practitioners b

ecomes critical to ensuring a higher standard for security is achieved. (ISC)2, as the only not-for-profit consortium charged with maintaining, administering and certifying IS professionals in the Common Body of Knowledge [CBK], is the premier resource for IS professionals worldwide. Benefits of (ISC)2 Certification to the Enterprise – Establishes best practices – Provides a solutions-orientation, not specialization, particularly with the broad

er understanding of the IS CBK – Access to a network of global industry and subject matter/domain experts – Resource for broad-based security information – Adds to credibility with the rigor and regimen of the certification examinations – Provides a business and technology orientation to risk management

Benefits of (ISC)2 Certification to the Professional – Confirms a working knowledge of information security – Confirms passing of a rigorous examination – Career differentiator, with peer networking and added IS credibility – Broadening expectation of credentials

1.Introduction

Page 5: CISSP Overview

CISSP Overview

1.3 How to become certified?

(1) Determine which type of certification you are best qualified for: (2) CISSP [Certified Information Systems Security Professional] ?Tailored for

IS professionals with a minimum of 3 years cumulative experience in one or more of the ten CBK domains

(3) Understand and accept the principles stated in the (ISC)2 Certification Code of Ethics, which all certified individuals are required to adhere to.

(4) Broaden your IS understanding of the Common Body of Knowledge [CBK], usually achieved through personal study guides [which can be downloaded online], taking of CBK Review Seminars, keeping abreast of industry news, and familiarity with examination reference materials.

(5) Taking and passing of the appropriate certification examination. (6) Upon passing the certification examination, continuing to keep your cred

ential vital with continuing professional education, recertification every three years and other requirements to stay in good standing.

1.Introduction

Page 6: CISSP Overview

CISSP Overview

1.4 Code of Ethics

Safety of the commonwealth, duty to our principals, and to each other

requires that we adhere, and be seen to adhere, to the highest ethical

standards of behavior. Therefore, strict adherence to this code is a

condition of certification.

Canons

Protect society, the commonwealth, and the infrastructure.

Act honorably, honestly, justly, responsibly, and legally.

Provide diligent and competent service to principals.

Advance and protect the profession.

1.Introduction

Page 7: CISSP Overview

CISSP Overview

1.5 CISSP Exam Structure

The CISSP Certification examination consists of 250 multiple-choice questions. Candidates have up to 6 hours to complete the examination. Ten CISSP information systems security test domains are covered in the examination pertaining to the Common Body of Knowledge:

• Access Control Systems & Methodology • Applications & Systems Development • Business Continuity & Disaster Recovery Planning • Cryptography • Law, Investigation & Ethics • Operations Security (Computer) • Physical Security • Security Architecture & Models • Security Management Practices • Telecommunications & Network Security ?I & II

1.Introduction

Page 8: CISSP Overview

CISSP Overview

1.6 CISSP Exam 행정사항가 . 시험장소 및 일시 : Seoul, Korea

December 08, 2001Dongguk University

나 . 시험비용 : Fee : 450$다 . 응시요령

• (ISC)2 의 홈페이지에서 응시원서를 신청

• 자신이 응시할 날짜와 지역 등을 표기한 응시원서를 (ISC)2 에 제출

• 일단 접수가 되면 시험장소와 날짜에 대한 확인편지가 응시자에게 발송

라 . 시험결과

• 시험일로부터 약 6-8 주가 지난 후 시험결과 ( 합격 / 불합격 ) 통보

• 예상합격선 : 70% 이상 득점

• 불합격 시 최소 3 개월 간은 재응시 불가

1.Introduction

Page 9: CISSP Overview

CISSP Overview

2.1 CISSP 시험의 Positioning2. CISSP 의 의미와 시험준비방법

가 . 정보보호 전문가를 입증하는 시험이 아니라 입문의 시험임 .나 . 정보보호 전문가가 가져야 할 기본 공통 Knowledge 를 점검하는 시험임 .다 . 보안의 관점을 넓히는 계기가 될 수 있는 시험임 .라 . 한국자격시험과 미국자격시험의 관점의 차이가 존재함 .

정보보안의 General Common Sense

네트웍보안 암호화인증 보안관리 보안메카니즘

OS보안

참고 :http://www.danam21.co.kr/sjs1234

Page 10: CISSP Overview

CISSP Overview

2.2 왜 CISSP 자격이 필요한가 ?

가 . 현실의 매너리즘에서 탈피하여 작은 도전과 성취의 기회나 . 전반적인 정보보호관련 내용들을 정리해 볼 수 있는 기회다 . 남들이 취득하니…라 . 자신의 전문성을 입증할 여타 정보가 없는 상황에서 남들에게 자신을 드러낼 수 있는 좋은 방법

참고 :http://www.danam21.co.kr/sjs1234

2. CISSP 의 의미와 시험준비방법

Page 11: CISSP Overview

CISSP Overview

2.3 CISSP 자격을 취득하면 ?

가 . 포럼에 가입하여 전세계 CISSP 들과 정보공유나 . 국내활동에 참여하여 교류 및 정보공유다 . 자격은 잊어버리고 진짜 실력의 배양라 . 후학의 양성

참고 :http://www.danam21.co.kr/sjs1234

2. CISSP 의 의미와 시험준비방법

Page 12: CISSP Overview

CISSP Overview

2.4 CISSP 와 CISA가 . 범위 : 10, 7나 . 자격 : 3 년 , 3 년다 . 활동분야 : Security, Auditor라 . 합격선 : 70, 75마 . 합격률 : 30%, 30-50%바 . 난이도 사 . 시험시기 : 2-3/ 년 , 1/ 년아 . 전문성자 . 우선순위는 ?

개인적인 생각 : CISSP 가 CISA 되기가 CISA 가 CISSP 되기 보다 쉬움…

참고 :http://www.danam21.co.kr/sjs1234

2. CISSP 의 의미와 시험준비방법

Page 13: CISSP Overview

CISSP Overview

2.5 CISSP 시험 준비방법가 . 아래의 책을 봐라 .- Information Security Management Handbook, Tipton & Krause- CISSP Examination Textbook, Rao나 . Hal Tipton 의 자료를 봐라다 . ISC2 의 Study Guide 를 봐라라 . Ben Rothke 의 PPT 를 봐라마 . 매일 한시간씩 읽어라바 . 최소 한달은 집중 공부해라 .사 . 자신의 Study note 를 만들어라아 . 시험 2 주전에는 문제를 풀어봐라자 . 한주전에는 열심히 복습을 하라차 . Study group 을 만들어서 서로 정보를 공유하라카 . 아래의 Site 를 북마크하고 자주 들르라 - www.cccure.org, www.isc2.org, www.sans.org, www.cissps.com

Adrien de Beaupr 의 Tips&Tricks to help you in your studies 에서 발췌

2. CISSP 의 의미와 시험준비방법

Page 14: CISSP Overview

CISSP Overview

2.5 CISSP 시험 준비방법타 . 시험장에서는 마실것과 먹을것을 가져가고 휴식을 취해라 .파 . 답을 쓰기전에 문제를 최소 2 번이상은 열심히 읽어라 .하 . 10 개의 도메인에 전문가가 될 필요는 없고 중요한 개념을 잡아라 .거 . 시험을 치기 위해 그 분야의 경험이 꼭 있을 필요는 없다 .

** 추가가 . 영어사전을 가지고 가라 .나 . 시간이 제한된 경우 너무 파고 들어가지 말라 .다 . 시험시간을 잘 활용해라 .

Adrien de Beaupr 의 Tips&Tricks to help you in your studies 에서 발췌

2. CISSP 의 의미와 시험준비방법

Page 15: CISSP Overview

CISSP Overview

2.6 CISSP 시험 준비 교육의 의미가 . 전반적인 영역의 이해나 . 핵심 개념의 파악다 . 수강생간의 상호 교류라 . 기타 세부사항 파악 및 문제풀이는 스스로 공부

2. CISSP 의 의미와 시험준비방법

Page 16: CISSP Overview

CISSP Overview

3.1 CBK Overview

3.CBK 소개

(1) Access controlSystems &

Methodology

(6) Security Architecture &

Model

(3) Security ManagementPractices

(9) Laws,Investigations and

Ethics

(2) Telecommunications

& NetworkSecurity

(5) Cryptography

(4) Applications &System

developmentSecurity

(10) PhysicalSecurity

(8) Business continuity planning &

DRP

(7) OperationsSecurity

Page 17: CISSP Overview

CISSP Overview

3.2 Access Control Systems & Methodology

Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use & content of a system. In permits management to specify what users can do, which resources they can access, and what operations they can perform on a system.

• Accountability• Access control technique• Access control Administration• Access control model• Identification & Authentication Techniques• Access control methodologies & Implementation• File & Data ownership & custodianship• Methods of Attack• Monitoring• Penetration Testing

참고 : CISSP Study Guide , ISC2

3.CBK 소개

Page 18: CISSP Overview

CISSP Overview

3.2 Access Control Systems & Methodology

이해필요사항… .

• Access control concepts, methodologies and implementation within centralized & decentralized environments across the enterprises’ computer system

• Access control techniques, detective and corrective measures should be studied to understands the potential risks, vulnerabilities, and exposures.

참고 : CISSP Study Guide , ISC2

3.CBK 소개

Page 19: CISSP Overview

CISSP Overview

3.2 Access Control Systems & Methodology

3.CBK 소개

User X

Functions of an access control mechanism

Access control

mechanism

User X

Identification data

authentication data

authorization dataName, Account no.

Identifieduser

(1) Identification process

User X Access

control mechanism

User X

Identification data

authentication data

authorization dataRemembered infoPossessed objectsPersonal characteristics

Valid/invaliduser

(2) Authentication process

Trojan horse 문제 – Public-Key systems

Technique?

Page 20: CISSP Overview

CISSP Overview

3.2 Access Control Systems & Methodology

3.CBK 소개

Functions of an access control mechanism

User X Access

control mechanism

User X

Identification data

authentication data

authorization dataObject resourcesAction requests Permitted/denied

actions

(3) Authorization process

* Resource-HW-SW-Commodities(processor time, disc space …)-Data

* Action privileges-READ(direct read, statistical or aggregate data read only)-ADD(insert, append)-Modify(write)

Subject

Object

Access request

Reference monitor

* Security Policy: which rules decide who gets access to your data? - capture the security requirement of an enterprise or describe the steps that have to be taken to achieve security* Security Model: capture policies for confidentiality(BLP)… - formalisation of security policy

Model?Technique?Implementation?Administration?Monitoring?Attack?

Page 21: CISSP Overview

CISSP Overview

3.2 Access Control Systems & Methodology

3.CBK 소개

 1. The Computer Security Policy Model the Orange Book is based on is: the Bell-LaPadula Model the Data Encryption Standard (DES) Kerberos Tempest 2. Which of the following is needed for System Accountability? audit mechanisms documented design as laid out in the Common Criteria authorization Formal verification of system design

Page 22: CISSP Overview

CISSP Overview

3.3 Telecommunications & Network Security

Telecommunication & Network Security domain encompasses the structures, transmission methods, transport formats, & security measures used to provide integrity, availability, authentication, and confidentiality for transmissions over private & public communications networks and media.

• ISO/OSI Layers and characteristics• Communication Network Security• Internet/Intranet/Extranet- Firewalls, Routers, Switches, Gateways, Proxies- Protocols, Services, Security techniques• E-mail Security• Facsimile Security• Secure Voice Communications• Security boundaries and how to translate security policy to contro

l• Network Attacks & countermeasures

참고 : CISSP Study Guide , ISC2

3.CBK 소개

Page 23: CISSP Overview

CISSP Overview

3.3 Telecommunications & Network Security

이해 필요사항

• Communications & network security as it relates to voice communications

• Data communications in terms of local area, wide area, and remote access

• Intranet/Internet/Extranet in terms of Firewalls, Routers, & TCP/IP• Communications security management & techniques in terms of p

reventive, detective and corrective measures.

참고 : CISSP Study Guide , ISC2

3.CBK 소개

Page 24: CISSP Overview

CISSP Overview3.CBK 소개

System SystemLAN

System

WAN

Internet

Attack?

E-mailPSTN

VoiceFAX

RouterFW…

OSI 7 Layer

Protocol-IPSEC-SSL-PPP-…

Security technique?-VPN-NAT-Monitoring…

Service-ISDN-HDSL-…

3.3 Telecommunications & Network Security

Page 25: CISSP Overview

CISSP Overview3.CBK 소개3.3 Telecommunications & Network Security

 10. Which one of the following benefits resulting from the use of secure gateways (firewalls) is not true: reduces the risks from malicious hackers prevents the spread of viruses reduces the threat level on internal system allow centralize management and control of services

Page 26: CISSP Overview

CISSP Overview

3.4 Security Management Practices

Security management entails the identification of an organizations’ information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines that ensure confidentiality, Integrity, and availability. Management tools such as data classification, risk assessment, and risk analysis are used to identify the threats, classify assets, and to rate their vulnerabilities so that effective security controls can be implemented.

• Security Management Concepts & Principles• Change Control/Management• Data Classification• Information/Data• Employment policies & Practices• Policies, Standards, Guideline and Procedures• Role & Responsibilities• Security Awareness Training• Security Management Planning

참고 : CISSP Study Guide , ISC2

3.CBK 소개

Page 27: CISSP Overview

CISSP Overview

3.4 Security Management Practices

이해 필요사항

• The planning, organization, and roles of individuals in identifying and securing an organization’s information assets

• The development and use of policies stating management’s views and position on particular topics and the use of guidelines, standards, and procedures, to support the policies

• Security Awareness training• The importance of confidentiality, proprietary and private informat

ion• Employment agreement, hiring, and termination practices• Risk Management practices

참고 : CISSP Study Guide , ISC2

3.CBK 소개

Page 28: CISSP Overview

CISSP Overview

Corporate IT Security Policy

Baseline Approach Informal Approach

Safeguards

Detailed Risk Analysis Combined approach

Follow up

Corporate Risk Analysis strategy options

ISO: Overview of the planning & management of IT security

Organizational aspects of IT security

IT security recommendations

IT system security policy

IT security plan

Security AwarenessImplementation

Risk Management

3.4 Security Management Practices

3.CBK 소개

Page 29: CISSP Overview

CISSP Overview

3.4 Security Management Practices

3.CBK 소개

 15. Which of the following is the best reason for the use of an automated risk analysis tool: much of the data gathered during the review cannot be reused for subsequent analysis's automated methodologies require minimal training and knowledge of risk analysis most software tools have user interfaces that are easy to use minimal information gathering is required due to the amount of information built into the tool  

Page 30: CISSP Overview

CISSP Overview

3.5 Application & Systems Development Security

Applications and systems development security refers to the controls that are included within systems and applications software and the steps used in their development. Applications refer to agents, applets, SW, DB, DW, KB systems.

• Application Issues• Database & DW• Data/Information storage• Knowledge-based Systems• System Development Controls• Malicious Code• Methods of Attack

참고 : CISSP Study Guide , ISC2

3.CBK 소개

Page 31: CISSP Overview

CISSP Overview

이해 필요사항

• Security & controls of System development process, system life cycle, application control, DW, DM, KB systems, program interfaces, and concepts used to ensure data and application integrity, security and availability

참고 : CISSP Study Guide , ISC2

3.CBK 소개3.5 Application & Systems Development Security

Page 32: CISSP Overview

CISSP Overview3.CBK 소개3.5 Application & Systems Development Security

ClientApplication

Server Application DB

DW

request

response

Attack

DBSecurity

ApplicationSecurity

Application Development ProcessSecurity

Page 33: CISSP Overview

CISSP Overview3.CBK 소개3.5 Application & Systems Development Security

 16. Which of the following can be used as a covert channel? Storage and timing Storage and low bits Storage and permissions Storage and classification

Page 34: CISSP Overview

CISSP Overview

3.6 Cryptography

Cryptography domain addressed the principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity.

• Use of Cryptography to achieve• Cryptographic concepts, methodologies, and practices• Private key algorithms• Public Key algorithms• PKI• System architecture for implementing cryptographic functions• Method of attack

참고 : CISSP Study Guide , ISC2

3.CBK 소개

Page 35: CISSP Overview

CISSP Overview

이해 필요사항

• Public key and private key algorithms in terms of their applications and uses

• Algorithm construction, key distribution and management, and methods of attack

• The application, construction, and use of digital signatures to provide authenticity of electronic transactions, and nonrepudiation of the parties involved.

참고 : CISSP Study Guide , ISC2

3.CBK 소개3.6 Cryptography

Page 36: CISSP Overview

CISSP Overview3.CBK 소개3.6 Cryptography

EncipherClear text

Receiver’sPublic key

DecipherCiphertext

Receiver’sprivate key

Clear text

Sender Receiver

Secrete Key Secrete Key

Cryptology: the science of secret codes.Cryptography: deals with systems for transforming data into codes.-Cryptog

rapher. Cryptanalysis: deals with techniques for illegitimately recovering the critica

l data from cryptograms. – Cryptanalyst.

Attack

Private Key algorithmPublic Key algorithm

PKIApplication-SSL, IPSEC, HTTPS…

Page 37: CISSP Overview

CISSP Overview3.CBK 소개3.6 Cryptography

Which one of the following statements about digital signatures is not true:

it enhances authentication

it makes repudiation by the sender possible

it prevents non-repudiation by the receiver

it makes repudiation by the sender impossible

Page 38: CISSP Overview

CISSP Overview

3.7 Security Architecture & Models

The security architectures and models contains the concepts, principles, structures, and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to inforce various levels of confidentiality, integrity, and availability.

• Principles of common computer and network organizations, architectures and designs.

• Principles of common security models(BLP…), architectures(IPSEC..), and evaluation criteria(Orange Book, ITSEC..).

• Common flaw and security issues associated with system architectures and designs

참고 : CISSP Study Guide , ISC2

3.CBK 소개

Page 39: CISSP Overview

CISSP Overview

이해 필요사항

• Security models in terms of confidentiality, integrity, information flow, commercial vs. government requirements

• System models in terms of CC, ITSEC, TCSE, IETF IPSEC• Technical platforms in terms of HW, firmware, and SW• System security techniques in terms of preventative, detective, an

d corrective controls

참고 : CISSP Study Guide , ISC2

3.CBK 소개3.7 Security Architecture & Models

Page 40: CISSP Overview

CISSP Overview3.CBK 소개3.7 Security Architecture & Models

26. In Mandatory Access Control, sensitivity labels contain what information? the item's classification the item's classification and catagory set the item's classification, catagory and compartment the item's classification and it's compartment

Page 41: CISSP Overview

CISSP Overview

3.8 Operations Security Operation Security is used to identify the controls over HW, media, and the operator

with access privileges to any resources.

• Administrative management• Concepts• Control Types• Operation controls• Resource Protection• Auditing• Audit trails• Monitoring• Monitoring tools and techniques• Intrusion detection• Penetrating testing techniques• Threats and countermeasures• Violation, Breaches, and reporting

참고 : CISSP Study Guide , ISC2

3.CBK 소개

Page 42: CISSP Overview

CISSP Overview

이해 필요사항

• The resources that must be protected, the privileges that must be restricted, the control mechanisms available, the potential for abuse of access, the appropriate controls, and the principles of good practice.

참고 : CISSP Study Guide , ISC2

3.CBK 소개3.8 Operations Security

Page 43: CISSP Overview

CISSP Overview

참고 : CISSP Study Guide , ISC2

3.CBK 소개3.8 Operations Security

Systems(Resource)

ProductionOperation

Resource Protection-password-library-OS-sensitive data…

Auditing-review-compliance check

Operation control-change management-Media control-Administration control

Control Type-preventive-detective….

Page 44: CISSP Overview

CISSP Overview

참고 : CISSP Study Guide , ISC2

3.CBK 소개3.8 Operations Security

32. It is a violation of the "separation of duties" principle when which of the following individuals access the security systems software: security administrator security analyst systems auditor systems programmer

Page 45: CISSP Overview

CISSP Overview

3.9 BCP & DRP The BCP & DRP domain addresses the preservation of the business in the face of ma

jor disruptions to normal business operations. BCP & DRP involve the preparation, testing and updating of specific actions to protect critical business processes from the effect of major system and network failure.

• BCP• DRP• Element of business continuity planning• BCP/DRP Events

참고 : CISSP Study Guide , ISC2

3.CBK 소개

Page 46: CISSP Overview

CISSP Overview

이해 필요사항

• The difference of BCP & DRP• Business continuity planning in terms of project scope and planni

ng, business impact analysis, recovery strategies, recovery plan development, and implementation.

• DR in terms of recovery plan development, implementation and restoration.

참고 : CISSP Study Guide , ISC2

3.CBK 소개3.9 BCP & DRP

Page 47: CISSP Overview

CISSP Overview3.CBK 소개3.9 BCP & DRP

Identifying the mission or business critical functions

Identifying the resources that support the critical functions

Anticipating potential contingencies or disaster (likelihood, scenarios)

Selecting contingency planning strategies

Implementing the contingency strategies

Testing & revising the strategies

BCP: If a man or natural event is minor & less constructive, the challenge is to recover from disruptions and continue support for critical functions.

DRP: If a man or natural event is major & very constructive, the challenge is to recover from a disaster and restore critical functions to normal operations

Page 48: CISSP Overview

CISSP Overview3.CBK 소개3.9 BCP & DRP

  37. Which of the following *must* be at a "hot site"? Backup data, computers, climate control, cables and peripherals Computers and peripherals Computers, peripherals, and dedicated climate control systems Dedicated climate control systems

Page 49: CISSP Overview

CISSP Overview

3.10 Law, Investigations & Ethics The Law, Investigations, and Ethics domain address computer crime laws & regulatio

ns; the investigative measures and techniques which can be used to determine if a crime has been committed, methods to gather evidence if it has, as well as the ethical issues and code of conduct for the security professional.

• Laws• Major categories and types of laws• Investigations• Major categories of computer crimes• Incident handling• Ethics

참고 : CISSP Study Guide , ISC2

3.CBK 소개

Page 50: CISSP Overview

CISSP Overview

이해 필요사항

• The method for determining whether a computer crime has been committed

• The law that would be applicable for the crime• Laws prohibiting specific types of computer crime• Methods to gather and preserve evidence of a computer crime, inv

estigative methods and techniques• The way in which RFC 1087 and ISC2 code of ethics

참고 : CISSP Study Guide , ISC2

3.CBK 소개3.10 Law, Investigations & Ethics

Page 51: CISSP Overview

CISSP Overview3.CBK 소개3.10 Law, Investigations & Ethics

44. The ISC2 Code of Ethics does not include which of the following behaviors for

a CISSP: moral ethical legal control

Page 52: CISSP Overview

CISSP Overview

3.11 Physical security The Physical security domain addresses the threats, vulnerabilities, and countermea

sures that can be utilized to physically protect an enterprise’s resources and sensitive information. These resources include people, the facility in which they work, and the data, equipment, support system, media, and supplies they utilize.

• Facility Requirements• Technical Controls• Environment/Life Safety• Physical security threats• Elements of physical security

참고 : CISSP Study Guide , ISC2

3.CBK 소개

Page 53: CISSP Overview

CISSP Overview

이해 필요사항

• The elements involved in choosing a secure site, its design and configuration, and the methods for securing the facility against unauthorized access, theft of equipment and information, and the environmental and safety measures needed to protect people, the facility, and its resources.

참고 : CISSP Study Guide , ISC2

3.CBK 소개3.11 Physical security

Page 54: CISSP Overview

CISSP Overview

참고 : CISSP Study Guide , ISC2

3.CBK 소개3.11 Physical security

Resource

Facility-restricted area-visitor control-Fence..-Security guard-CCTV-Alarm, detector…

Technical controls-smart/dumb card-audit trail-intrusion detection-biometric control

Physical security Threat-fire, smoke-water-explosion-storm…

Environmental/Life safety-Power-water leakage-fire detection-natural disaster

Page 55: CISSP Overview

CISSP Overview3.CBK 소개3.11 Physical security

46. Which is the last line of defense in a physical security sense: people interior barriers exterior barriers perimeter barriers


Top Related