CISSP考试指南笔记:8.15 快速提示

于 2021-04-16 22:59:28 发布
阅读量338 收藏
点赞数
分类专栏: CISSP备考资料
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xuzhina/article/details/115773683
版权

  • Security should be addressed in each phase of system development. It should not be addressed only at the end of development because of the added cost, time, and effort and the lack of functionality.

  • The attack surface is the collection of possible entry points for an attacker. The reduction of this surface reduces the possible ways that an attacker can exploit a system.

  • Threat modeling is a systematic approach used to understand how different threats could be realized and how a successful compromise could take place.

  • Computer-aided software engineering refers to any type of software that allows for the automated development of software, which can come in the form of program editors, debuggers, code analyzers, version-control mechanisms, and more. The goals are to increase development speed and productivity and reduce errors.

  • Various levels of testing should be carried out during development: unit (testing individual components), integration (verifying components work together in the production environment), acceptance (ensuring code meets customer requirements), regression (testing after changes take place), static analysis (reviewing programming code), and dynamic analysis (reviewing code during execution).

  • Fuzzing is the act of sending random data to the target program in order to trigger failures.

  • Zero-day vulnerabilities are vulnerabilities that do not currently have a resolution or solution.

  • The ISO/IEC 27034 standard covers the following items: application security overview and concepts, organization normative framework, application security management process, protocols and application security control data structure, case studies, and application security assurance prediction.

  • The Open Web Application Security Project (OWASP) is an organization dedicated to helping the industry develop more secure software.

  • An integrated product team (IPT) is a multidisciplinary development team with representatives from many or all the stakeholder populations.

  • The CMMI model uses five maturity levels designated by the numbers 1 through 5. Each level represents the maturity level of the process quality and optimization. The levels are organized as follows: 1 = Initial, 2 = Repeatable, 3 = Defined, 4 = Managed, 5 = 5 Optimizing.

剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记:8.15 快速提示

debugeeker
关注
专栏目录
CISSP学习指南:用于2018 CISSP考试的学习材料
02-05
CISSP学习指南:用于2018 CISSP考试的学习材料
CISSP学习详细笔记、错题,考点标黑标红
03-19
### CISSP 学习详细笔记与错题分析 #### 安全管理核心概念与原则 **保密性(Confidentiality)**: - **目的**:确保数据处于保密状态,阻止或最小化未授权访问(包括恶意攻击和无意识的人为错误)。 - **控制手段**...
CISSP考试指南笔记:1.20 快速提示
debugeeker的专栏
12-18 227
The objectives of security are to provide availability, integrity, and confidentiality protection to data and resources. A vulnerability is a weakness in a system that allows a threat source to compromise its security. A threat is the possibili..
CISSP考试指南笔记:2.8 快速提示
debugeeker的专栏
12-19 212
Information goes through a life cycle that starts with its acquisition and ends with its disposal. Each phase of the information life cycle requires different considerations when assessing risks and selecting controls. New information is prepared for use .
CISSP考试指南笔记:7.14 快速提示
debugeeker的专栏
03-17 216
Facilities that house systems that process sensitive information should have physical access controls to limit access to authorized personnel only. Clipping levels should be implemented to establish a baseline of user activity and acceptable errors...
CISSP考试指南笔记:5.12 快速提示
debugeeker的专栏
03-05 268
Access is a flow of information between a subject and an object. A subject is an active entity that requests access to an object, which is a passive entity. A subject can be a user, program, or process. Some security mechanisms that provid..
CISSP考试指南笔记:6.6 快速提示
debugeeker的专栏
03-06 294
An audit is a systematic assessment of the security controls of an information system. Setting a clear set of goals is probably the most important step of planning a security audit. Internal audits benefit from the auditors’ familiarity with th..
CISSP考试指南笔记:4.16 快速提示
debugeeker的专栏
02-04 240
A protocol is a set of rules that dictates how computers communicate over networks. The application layer, layer 7, has services and protocols required by the user’s applications for networking functionality. The presentation layer, layer 6, fo..
CISSP考试指南笔记:3.24 快速提示
debugeeker的专栏
01-28 167
System architecture is a formal tool used to design computer systems in a manner that ensures each of the stakeholders’ concerns is addressed. A system’s architecture is made up of different views, which are representations of system components and ..
CISSP考试指南笔记:1.19 道德
debugeeker的专栏
12-18 206
(ISC)2 requires all certified system security professionals to commit to fully supporting its Code of Ethics. Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsi
CISSP考试指南笔记:2.6 保护资产
debugeeker的专栏
12-19 187
Data Security Controls Which controls we choose to use to mitigate risks to our information depend not only on the value we assign to that information, but also on the dynamic state of that information. Data exists in one of three states: at rest, in moti
CISSP考试资料合集(含最新第八版教程指南).zip
08-19
CISSP考试辅导资料 CISSP历年考试习题 CISSP最新全套培训讲义(完整版) CISSP 2020年最新考生复习经验分享汇总 cissp 考试复习重点与做题方法(考生汇总) 国内顶级培训机构CISSP中英文对照习题1000题 CISSP官方...
CISSP考试指南
06-18
在本文档中,有关CISSP认证考试指南的内容较为有限,但可以推断出该指南主要面向希望考取CISSP认证的个人。文档提到了中国民间信息安全学习群体和一个相关的网站***,以及“国盟信息安全基地”这几个关键词。这里...
CISSP学习笔记 CISSP关键知识点总结汇总.zip
01-05
CISSP学习笔记CISSP关键知识点总结汇总,以网上搜集到的CISSP学习资料为基础,补充修改了关键内容,不保证正确。 第一章 通过原则和策略的安全治理 第二章 人员安全和风险管理概念 第三章 业务连续性计划 第四章 ...
基于java+Face++人脸识别项目前端采用android实现.zip
09-14
1、资源项目源码均已通过严格测试验证,保证能够正常运行; 2、项目问题、技术讨论,可以给博主私信或留言,博主看到后会第一时间与您进行沟通; 3、本项目比较适合计算机领域相关的毕业设计课题、课程作业等使用,尤其对于人工智能、计算机科学与技术等相关专业,更为适合; 4、下载使用后,可先查看README.md文件(如有),本项目仅用作交流学习参考,请切勿用于商业用途。1、资源项目源码均已通过严格测试验证,保证能够正常运行; 2、项目问题、技术讨论,可以给博主私信或留言,博主看到后会第一时间与您进行沟通; 3、本项目比较适合计算机领域相关的毕业设计课题、课程作业等使用,尤其对于人工智能、计算机科学与技术等相关专业,更为适合; 4、下载使用后,可先查看README.md文件(如有),本项目仅用作交流学习参考,请切勿用于商业用途。1、资源项目源码均已通过严格测试验证,保证能够正常运行; 2、项目问题、技术讨论,可以给博主私信或留言,博主看到后会第一时间与您进行沟通; 3、本项目比较适合计算机领域相关的毕业设计课题、课程作业等使用,尤其对于人工智能、计算机科学与技术等相关专业,更为适合; 4、下载使
基于go-zero的云盘管理系统(CloudDisk).zip
最新发布
09-14
这是一个基于go-zero框架实现的云盘管理系统。它提供了用户管理、存储池管理以及文件分享等核心功能。系统支持密码登录、邮箱注册、用户详情、用户容量查询等用户模块功能。在存储池模块,系统支持中心存储池资源管理和个人存储池资源管理,包括文件上传、文件秒传、文件分片上传以及对接MinIO等功能。此外,系统还提供了文件分享模块,支持创建分享记录、获取资源详情和资源保存等操作。该项目轻量级、高效且易于扩展,是网盘系统的一个优秀实现。 1、资源项目源码均已通过严格测试验证,保证能够正常运行; 2、项目问题、技术讨论,可以给博主私信或留言,博主看到后会第一时间与您进行沟通; 3、本项目比较适合计算机领域相关的毕业设计课题、课程作业等使用,尤其对于人工智能、计算机科学与技术等相关专业,更为适合; 4、下载使用后,可先查看reADME.md文件(如有),本项目仅用作交流学习参考,请切勿用于商业用途。
C#中的Lambda表达式:简化委托与表达式树
09-14
在C#编程语言中,Lambda表达式提供了一种简洁的方式来表示匿名函数,即没有具体名称的函数。Lambda表达式在C# 3.0中引入,作为.NET Framework的一部分,它们在LINQ(Language Integrated Query)查询中尤其有用,但也可以用于任何需要委托类型的地方。 Lambda表达式是C#中一个非常强大和灵活的特性,它允许以简洁的方式编写匿名函数。Lambda表达式可以用于委托、表达式树、LINQ查询等多种场景。通过使用Lambda表达式,开发者可以编写更加简洁、可读和可维护的代码。理解Lambda表达式的工作原理和使用场景对于编写高效的C#程序至关重要。 在C#编程语言中,Lambda表达式提供了一种简洁的方式来表示匿名函数,即没有具体名称的函数。Lambda表达式在C# 3.0中引入,作为.NET Framework的一部分,它们在LINQ(Language Integrated Query)查询中尤其有用,但也可以用于任何需要委托类型的地方。 Lambda表达式是C#中一个非常强大和灵活的特性,它允许以简洁的方式编写匿名函数。Lambda表达式可以
基于ssm的旅游管理系统设计与实现.docx
09-14
基于ssm的旅游管理系统设计与实现.docx
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值