您好,欢迎访问三七文档
当前位置:首页 > 商业/管理/HR > 经营企划 > CISA串讲_XXXX[1][1]11
ContinuousControlsMonitoring2010CISAGo-through2010CISAREVIEW2010CISAREVIEWMovetoNextLevelMovetoNextLevelZhaoYangWangCISSP,CISA,PMP2Outlines章节重点内容重要专题重要概念必考知识点考试注意事项附录3章节重点内容–ITServiceDelivery&SupportITSMChangemanagementProgramlibrarymanagementsystem4章节重点内容–ITServiceDelivery&SupportHardwaremaintenance&monitoringReleasemanagementCapacitymanagement5章节重点内容–ITServiceDelivery&SupportDatabaseUtilityprogramSoftwarelicense6章节重点内容–ITServiceDelivery&SupportNetwork–OSI,TCP/IP–Lanmedia–Lantopology–Landevices–wanmessagetransmissiontechniques–wanmultiplexing–VPN–wireless7章节重点内容–ITServiceDelivery&SupportPublicglobalinternetinfrastructureNetworkmanagementMiddleware&component-oriented8章节重点内容–ProtectionofInformationAssetsimportanceofinformationsecuritymanagement–Goal–Elements–roles&responsibilities9章节重点内容–ProtectionofInformationAssetsimportanceofinformationsecuritymanagement–inventory&classification–layeredsystemaccesspermission–MACvs.DAC10章节重点内容–ProtectionofInformationAssetsimportanceofinformationsecuritymanagement–Privacy–HR&security–Computercrime11章节重点内容–ProtectionofInformationAssetslogicalaccessexposureandcontrols–trojanhorse,virus,worm–backdoor,trapdoor–roundingdown,salamitechnique–socialengineering12章节重点内容–ProtectionofInformationAssetslogicalaccessexposureandcontrols–I&A(somethingyouknow/have/are)–secureID&password–twofactorauthenticationtechnique–SSO13章节重点内容–ProtectionofInformationAssetslogicalaccessexposureandcontrols–biometrics–authorizationissuescentralizedenvironmentdecentralizedenvironmentmobilepopularityaccessrighttosystemlogsBLP,systemexit,specialuserID14章节重点内容–ProtectionofInformationAssetsNetworkinfrastructuresecurity–Lanrisk&issues–dial-upaccesscontrols–C/Ssecurity&controls15章节重点内容–ProtectionofInformationAssetsNetworkinfrastructuresecurity–wirelesssecurity&controls–internetsecurity&controls–Firewall–IDS–honeynet,honeyport16章节重点内容–ProtectionofInformationAssetsNetworkinfrastructuresecurity–Encryption–PKI–virus17章节重点内容–ProtectionofInformationAssetsNetworkinfrastructuresecurity–VoIP–PBX18章节重点内容–ProtectionofInformationAssetsAuditingnetworkinfrastructuresecurity–penetrationtest–computerforensic19章节重点内容–ProtectionofInformationAssetsEnvironmentalexposuresandcontrols–powerfailureandcountermeasures–auditingenvironmentalcontrols20章节重点内容–ProtectionofInformationAssetsPhysicalaccessexposuresandcontrols–physicalaccessissuesandexposures–Controls–auditingphysicalaccess–mobilecomputingcontrols21章节重点内容–BCP&DRPConceptofBCP/DRP–Purpose–Responsibility–first2steps–goodBCP.22章节重点内容–BCP&DRPBIA–3issues(process,information,recoverytime)–determinationofrecoverytime–riskranking23章节重点内容–BCP&DRPRPO&RTORecoveryStrategies–recoveryalternatives24章节重点内容–BCP&DRPOrganization&assignmentofresponsibilities–transportationteam–relocationteam25章节重点内容–BCP&DRPComponentsofBCP–keydecisionmakingpersonnel&calltree–backupofrequiredsuppliers–networkdisasterrecoverymethods–RAID–insurance26章节重点内容–BCP&DRPPlantesting–desk-basedevaluation/papertest–preparednesstest–fulloperationaltest27章节重点内容–BCP&DRPPlanmaintenance–review–update–train–test28章节重点内容–BCP&DRPBackupandrestoration–offsitelibrarycontrols–offsitefacilitiescontrols–offsitemedia&documentscontrols–backup29章节重点内容–BCP&DRPAuditingDRP/BCP–reviewDRP/BCP–evaluationofpriortestresults–evaluationofoff-sitestorage/facilities/–interviewkeypersonnel–reviewcontractandinsurancecoverage30重要专题-1Database–DD,DS,DBMS–Integrity–Normalization–Accesscontrol–Portability31重要专题-2Network–Protocol–Device–Media–Networktype–NetworkTopologies–Messagetransmissiontechniques–Multiplex(TDM,ATDM,FDM,)–Wireless(protocol,risk&controls)32重要专题-3Encryption–Privatekey,publickey–ECC,QC–Digest,signature–Digitalenvelope–Encryptionalgorithm33重要专题-4Exposures&Attack–Wiretapping–Malware–Logicbomb–DOS–Wardriving–Piggybacking–Trapdoor–Asynchronousattack–Phishing–Man-in-the-middle–Bruteforce,passwordguessing,call-forwarding34重要专题-5firewall/IDS/IPS/AAA–Firewalltypes–Firewallsystems–Firewallissues–IDStypes–IDSlimitations–IDSvs.IPS35重要专题-6RAID–Stripping–Mirroring–Parity–RAID0–RAID1–RAID5–RAID1+036重要专题-7PKI–Digitalcertificates–CA–RA–CPS–CRL–Distinguishedusername,publickey,thealgorithm,validityperiod,signature–Man-in-the-middle37重要专题-8Biometrics–FRR,RAR,EER–Socialacceptance–Securityissues(collection,distribution,processing)–Palm,handgeometry,iris,retina,fingerprint,face–Signature,voice38重要专题-9Risk–vulnerability,threat,risk–inherent,control,detection,audit–qualitative,quantitative,semi-quantitative–Auditrisk(inherent,control,detection,overall)–Samplingrisk–Secondaryrisk–Avoid,mitigate,transfer,accept,Eliminate–Utilitytheory-Reducerisktoanacceptablelevel39重要概念-1Accountability/Auditability/TraceabilityEffectivevs.EfficientOwner,user,administrator.40重要概念-2DDvs.DSCompliancevs.SubstantivetestingQCvs.QA41重要概念-3Integrity,ACCA,ACIDRPOvs.RTOChangemanagement,Configurationmanagement,baseline,version/release42重要概念-4Baselinevs.benchmark(plan,research,observe,analyze,adapt,improve)Problemvs.incidentAuthentication
三七文档所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
扫描二维码
wbsyghd
本文标题:CISA串讲_XXXX[1][1]11
链接地址:https://www.777doc.com/doc-693591 .html