Mike Chapple

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide


Скачать книгу

5.6.2 Security Assertion Markup Language (SAML) 14 5.6.3 Kerberos 14 5.6.4 Remote Authentication Dial-In User Service (RADIUS)/Terminal Access Controller Access Control System Plus (TACACS+) 14 Domain 6 Security Assessment and Testing 6.1 Design and validate assessment, test, and audit strategies 15 6.1.1 Internal 15 6.1.2 External 15 6.1.3 Third-party 15 6.2 Conduct security control testing 15 6.2.1 Vulnerability assessment 15 6.2.2 Penetration testing 15 6.2.3 Log reviews 15 6.2.4 Synthetic transactions 15 6.2.5 Code review and testing 15 6.2.6 Misuse case testing 15 6.2.7 Test coverage analysis 15 6.2.8 Interface testing 15 6.2.9 Breach attack simulations 15 6.2.10 Compliance checks 15 6.3 Collect security process data (e.g., technical and administrative) 15, 18 6.3.1 Account management 15 6.3.2 Management review and approval 15 6.3.3 Key performance and risk indicators 15 6.3.4 Backup verification data 15 6.3.5 Training and awareness 15, 18 6.3.6 Disaster Recovery (DR) and Business Continuity (BC) 18, 3 6.4 Analyze test output and generate report 15 6.4.1 Remediation 15 6.4.2 Exception handling 15 6.4.3 Ethical disclosure 15 6.5 Conduct or facilitate security audits 15 6.5.1 Internal 15