Mike Chapple

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide


Скачать книгу

Contractual, legal, industry standards, and regulatory requirements 4 1.4.2 Privacy requirements 4 1.5 Understand legal and regulatory issues that pertain to information security in a holistic context 4 1.5.1 Cybercrimes and data breaches 4 1.5.2 Licensing and intellectual property (IP) requirements 4 1.5.3 Import/export controls 4 1.5.4 Transborder data flow 4 1.5.5 Privacy 4 1.6 Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards) 19 1.7 Develop, document, and implement security policy, standards, procedures, and guidelines 1 1.8 Identify, analyze, and prioritize Business Continuity (BC) requirements 3 1.8.1 Business Impact Analysis (BIA) 3 1.8.2 Develop and document the scope and the plan 3 1.9 Contribute to and enforce personnel security policies and procedures 2 1.9.1 Candidate screening and hiring 2 1.9.2 Employment agreements and policies 2 1.9.3 Onboarding, transfers, and termination processes 2 1.9.4 Vendor, consultant, and contractor agreements and controls 2 1.9.5 Compliance policy requirements 2 1.9.6 Privacy policy requirements 2 1.10 Understand and apply risk management concepts 2 1.10.1 Identify threats and vulnerabilities 2 1.10.2 Risk assessment/analysis 2 1.10.3 Risk response 2 1.10.4 Countermeasure selection and implementation 2 1.10.5 Applicable types of controls (e.g., preventive, detective, corrective) 2 1.10.6 Control assessments (security and privacy) 2 1.10.7 Monitoring and measurement 2 1.10.8 Reporting 2 1.10.9 Continuous improvement (e.g., Risk maturity modeling) 2 1.10.10 Risk frameworks 2 1.11