Mike Chapple

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide


Скачать книгу

href="#u1b48377b-7af8-5c8a-9a23-f9b26030ec38">18 7.13 Participate in Business Continuity (BC) planning and exercises 3 7.14 Implement and manage physical security 10 7.14.1 Perimeter security controls 10 7.14.2 Internal security controls 10 7.15 Address personnel safety and security concerns 16 7.15.1 Travel 16 7.15.2 Security training and awareness 16 7.15.3 Emergency management 16 7.15.4 Duress 16 Domain 8 Software Development Security 8.1 Understand and integrate security in the Software Development Life Cycle (SDLC) 20 8.1.1 Development methodologies (e.g., Agile, Waterfall, DevOps, DevSecOps) 20 8.1.2 Maturity models (e.g., Capability Maturity Model (CMM), Software Assurance Maturity Model (SAMM)) 20 8.1.3 Operation and maintenance 20 8.1.4 Change management 20 8.1.5 Integrated Product Team (IPT) 20 8.2 Identify and apply security controls in software development ecosystems 15, 17, 20, 21 8.2.1 Programming languages 20 8.2.2 Libraries 20 8.2.3 Tool sets 20 8.2.4 Integrated Development Environment (IDE) 20 8.2.5 Runtime 20 8.2.6 Continuous Integration and Continuous Delivery (CI/CD) 20 8.2.7 Security Orchestration, Automation, and Response (SOAR) 17 8.2.8 Software Configuration Management (SCM) 20 8.2.9 Code repositories 20 8.2.10 Application security testing (e.g., Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST)) 15 8.3 Assess the effectiveness of software security 20 8.3.1 Auditing and logging of changes 20 8.3.2 Risk analysis and mitigation 20 8.4 Assess security impact of acquired software