论坛公告:应用容器安全指南(SP800-190)中文版   美国政府宣布禁用卡巴斯基软件   《中华人民共和国网络安全法》讨论帖   新手报到专用帖   【论坛公告】关于本站广告贴泛滥问题的整理通知   

当前时区为 UTC + 8 小时


发表新帖 回复这个主题  [ 2 篇帖子 ] 
作者 内容
 文章标题 : 2012 CBK 知识点更新 3 - 8
帖子发表于 : 2012-02-03 15:47 
离线
中级用户

注册: 2011-11-27 19:21
最近: 2013-10-02 10:02
拥有: 4,283.00 安全币

奖励: 934 安全币
在线: 8828 点
帖子: 69
3.INFORMATION SECURITY GOVERNANCE & RISK MANAGEMENT
reworded3.B.1Organizational processes (e.g., acquisitions, divestitures, governance committees)
reworded3.B.2Security roles and responsibilities
reworded3.EManage the information life cycle (e.g., classification, categorization, and ownership)
new3.FManage third-party governance (e.g., on-site assessment, document exchange and review, process/policy review)
reworded3.G.2Risk assessment/analysis (qualitative, quantitative, hybrid)
new3.G.5Tangible and intangible asset valuation
reworded3.HManage personnel security
reworded3.H.1Employment candidate screening (e.g., reference checks, education verification, background checks)
reworded3.JManage the Security Function
new3.J.1Budget
new3.J.2Metrics

reworded4.SOFTWARE DEVELOPMENT SECURITY
reworded4.AUnderstand and apply security in the software development life cycle
reworded4.A.1Development Life Cycle
reworded4.BUnderstand the environment and security controls
reworded4.B.1Security of the software environment
reworded4.B.3Security issues in source code (e.g., buffer overflow, escalation of privilege, backdoor)
reworded4.CAssess the effectiveness of software security
reworded4.C.1Certification and accreditation (i.e., system authorization)
5.CRYPTOGRAPHY
new5.BUnderstand the cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance)
reworded5.G.3Brute Force (e.g., rainbow tables, specialized/scalable architecture, GPUs, CUDA)
reworded5.HUse cryptography to maintain network security
reworded5.IUse cryptography to maintain application security
6.SECURITY ARCHITECTURE & DESIGN
reworded6.E.1Web-based (e.g., XML, SAML, OWASP)
reworded6.E.4Database security (e.g., inference, aggregation, data mining, warehousing)
new6.E.5Distributed systems (e.g., cloud computing, grid computing, peer to peer)
7.OPERATIONS SECURITY
reworded7.AUnderstand security operations concepts
reworded7.B.2Asset management (e.g., equipment life cycle, software licensing)
reworded7.C.5Remediation and review (e.g., root cause analysis)
reworded7.DPreventitive measures against attacks (e.g., malicious code, zero-day exploit, denial of service)
reworded7.FUnderstand change and configuration management (e.g., versioning, baselining)
reworded7.GUnderstand system resilience and fault tolerance requirements
8.BUSINESS CONTINUITY & DISASTER RECOVERY PLANNING
reworded8.EExercise, assess and maintain the plan (e.g., version control, distribution)
reworded10.FPersonnel privacy and safety (e.g., duress, travel, monitoring)


--------本帖迄今已累计获得4安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 2012 CBK 知识点更新 3 - 8
帖子发表于 : 2013-07-25 13:40 
离线
中级用户

注册: 2006-10-23 20:23
最近: 2013-07-29 16:08
拥有: 15.50 安全币

奖励: 12 安全币
在线: 320 点
帖子: 74
不错,顶顶顶。。。。


回到顶部
 奖励本帖 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 2 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 1 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
华安信达(CISPS.org) ©2003 - 2012