CISSP考试指南笔记：1.20 快速提示

• The objectives of security are to provide availability, integrity, and confidentiality protection to data and resources.

• A vulnerability is a weakness in a system that allows a threat source to compromise its security.

• A threat is the possibility that someone or something would exploit a vulnerability, either intentionally or accidentally, and cause harm to an asset.

• A risk is the probability of a threat agent exploiting a vulnerability and the loss potential from that action.

• A countermeasure, also called a safeguard or control, mitigates the risk.

• A control can be administrative, technical, or physical and can provide deterrent, preventive, detective, corrective, or recovery protection.

• A compensating control is an alternative control that is put into place because of financial or business functionality reasons. • COBIT is a framework of control objectives and allows for IT governance.

• ISO/IEC 27001 is the standard for the establishment, implementation, control, and improvement of the information security management system.

• The ISO/IEC 27000 series were derived from BS 7799 and are international best practices on how to develop and maintain a security program.

• Enterprise architecture frameworks are used to develop architectures for specific stakeholders and present information in views.

剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记：1.20 快速提示