第1页 / 共46页
第2页 / 共46页
第3页 / 共46页
第4页 / 共46页
第5页 / 共46页
第6页 / 共46页
第7页 / 共46页
第8页 / 共46页
CISSP 考试大纲.pdf
1) ACCESS CONTROL
Overview
Key Areas of Knowledge
2) TELECOMMUNICATIONS AND NETWORK SECURITY
Overview
Key Areas of Knowledge
3) INFORMATION SECURITY GOVERNANCE & RISK MANAGEMENT
Overview
Key Areas of Knowledge
4) SOFTWARE DEVELOPMENT SECURITY
Overview
Key Areas of Knowledge
5) CRYPTOGRAPHY
Overview
Key Areas of Knowledge
6) SECURITY ARCHITECTURE & DESIGN
Overview
Key Areas of Knowledge
7) OPERATIONS SECURITY
Overview
Key Areas of Knowledge
8) BUSINESS CONTINUITY & DISASTER RECOVERY PLANNING
Overview
Key Areas of Knowledge
9) LEGAL, REGULATIONS, INVESTIGATIONS AND COMPLIANCE
Overview
Key Areas of Knowledge
10) PHYSICAL (ENVIRONMENTAL) SECURITY
Overview
Key Areas of Knowledge
REFERENCES
SAMPLE EXAM QUESTIONS
CISSP® Exam Questions
Innovative Drag & Drop and Hotspot CISSP Questions
How the New CISSP Questions be scored?
What will the New CISSP Questions look like?
Drag & Drop Sample CISSP Question (please note: in order to score a correct answer, both correct answers must be pulled into the box on the right hand side - partial score will not be awarded, if only one correct answer is pulled into the box).
Hot Spot Sample CISSP Question
GENERAL EXAMINATION INFORMATION
Paper Based Test (PBT)
Any questions?
GENERAL EXAMINATION INFORMATION
Computer Based Testing (CBT)
Registering for the Exam
Scheduling a Test Appointment
Non Disclosure
Day of the Exam
Any questions?
Effective Date: January 1, 2012
(Exam Outline)
Effective Date: January 1, 2012
1
© 2014 International Information Systems Security Certification Consortium, Inc. All Rights Reserved. Duplication for commercial
purposes is prohibited. 5.12.14, V14
January 1, 2012
Effective Date: January 1, 2012
Non-Discrimination
ISC)² does not discriminate candidates based on their nationality, gender, religion, race,
ethnicity, sexual orientation, age and disability. For further information on (ISC)²’s non-
discrimination policy, please visit https://www.isc2.org/legal-info-policies.aspx.
2
© 2014 International Information Systems Security Certification Consortium, Inc. All Rights Reserved. Duplication for commercial
purposes is prohibited. 5.12.14, V14
Effective Date: January 1, 2012
1)
ACCESS CONTROL...............................................................................................................................7
Overview ...................................................................................................................................................7
Key Areas of Knowledge ........................................................................................................................7
2) TELECOMMUNICATIONS AND NETWORK SECURITY ..........................................................................9
Overview ...................................................................................................................................................9
Key Areas of Knowledge ........................................................................................................................9
3)
INFORMATION SECURITY GOVERNANCE & RISK MANAGEMENT ................................................. 11
Overview ................................................................................................................................................ 11
Key Areas of Knowledge ..................................................................................................................... 11
4)
SOFTWARE DEVELOPMENT SECURITY .............................................................................................. 14
Overview ................................................................................................................................................ 14
Key Areas of Knowledge ..................................................................................................................... 14
5)
CRYPTOGRAPHY .............................................................................................................................. 15
Overview ................................................................................................................................................ 15
Key Areas of Knowledge ..................................................................................................................... 15
6)
SECURITY ARCHITECTURE & DESIGN .............................................................................................. 17
Overview ................................................................................................................................................ 17
Key Areas of Knowledge ..................................................................................................................... 17
7) OPERATIONS SECURITY ...................................................................................................................... 19
Overview ................................................................................................................................................ 19
Key Areas of Knowledge ..................................................................................................................... 19
8) BUSINESS CONTINUITY & DISASTER RECOVERY PLANNING ........................................................... 21
Overview ................................................................................................................................................ 21
Key Areas of Knowledge ..................................................................................................................... 22
9) LEGAL, REGULATIONS, INVESTIGATIONS AND COMPLIANCE ....................................................... 23
Overview ................................................................................................................................................ 23
Key Areas of Knowledge ..................................................................................................................... 23
10)
PHYSICAL (ENVIRONMENTAL) SECURITY ...................................................................................... 25
3
© 2014 International Information Systems Security Certification Consortium, Inc. All Rights Reserved. Duplication for commercial
purposes is prohibited. 5.12.14, V14
Effective Date: January 1, 2012
Overview ................................................................................................................................................ 25
Key Areas of Knowledge ..................................................................................................................... 25
REFERENCES ............................................................................................................................................... 27
SAMPLE EXAM QUESTIONS ....................................................................................................................... 32
CISSP® Exam Questions ........................................................................................................................ 32
GENERAL EXAMINATION INFORMATION ................................................................................................ 34
Paper Based Test (PBT) ............................................................................................................................. 34
Any questions? .......................................................................................................................................... 37
GENERAL EXAMINATION INFORMATION ................................................................................................ 38
Computer Based Testing (CBT) ............................................................................................................... 38
Registering for the Exam .......................................................................................................................... 38
Scheduling a Test Appointment ............................................................................................................. 39
Non Disclosure ........................................................................................................................................... 42
Day of the Exam ....................................................................................................................................... 42
Any questions? .......................................................................................................................................... 46
4
© 2014 International Information Systems Security Certification Consortium, Inc. All Rights Reserved. Duplication for commercial
purposes is prohibited. 5.12.14, V14
Effective Date: January 1, 2012
The Certified Information Systems Security Professional (CISSP) is an information assurance
professional who has demonstrated a globally recognized level of competence provided by a
common body of knowledge that defines the architecture, design, management, risk and
controls that assure the security of business environments.
This Candidate Information Bulletin provides the following:
• Exam blueprint to a limited level of detail that outlines major topics and sub- topics
within the domains,
• Suggested reference list,
• Description of the format of the items on the exam, and
• Basic registration/administration policies
Candidates must meet the following requirements prior to taking the CISSP examination:
• Submit the examination fee
• Applicants must have a minimum of five years of cumulative paid full-time security
professional work experience in two or more of the ten domains of the (ISC)² CISSP®
CBK®. If you hold a certification on the (ISC)² - approved list (visit
www.isc2.org/credential waiver for a complete list), you may receive one year waiver
out of the five-year experience requirement. Alternatively, a four-year degree
leading to a Baccalaureate or regional equivalent can substitute for one year
towards the five-year requirement. No more than 1 year of experience may be
waived.
• Attest to the truth of his or her assertions regarding professional experience, and
legally commit to abide by the (ISC)² Code of Ethics (Section 3).
• Before candidates are allowed to take the test at testing centers, they must respond
“yes” or “No” to the following four questions regarding criminal history and related
background:
1. Have you ever been convicted of a felony; a misdemeanor involving a
computer crime, dishonesty, or repeat offenses; or a Court Martial in military
service, or is there a felony charge, indictment, or information now pending
against you? (Omit minor traffic violations and offenses prosecuted in juvenile
court).
2. Have you ever had a professional license, certification, membership or
registration revoked, or have you ever been censured or disciplined by any
professional organization or government agency?
3. Have you ever been involved, or publicly identified, with criminal hackers or
hacking?
4. Have you ever been known by any other name, alias, or pseudonym? (You
need not include user identities or screen names with which you were publicly
identified).
5
© 2014 International Information Systems Security Certification Consortium, Inc. All Rights Reserved. Duplication for commercial
purposes is prohibited. 5.12.14, V14
Effective Date: January 1, 2012
CISSP professional experience includes but is not limited to:
Work requiring special education or intellectual attainment, usually including a liberal
education or college degree.
Work requiring habitual memory of a body of knowledge shared by others doing similar
work.
Management/supervision of projects and/or employees.
Work requiring the exercise of judgment, management decision-making, and discretion.
Work requiring the exercise of ethical judgment (as opposed to ethical behavior).
Professional writing and oral communication (e.g., presentation).
Research and development.
The specification and selection of controls and mechanisms (i.e. identification and
authentication technology- does not include the mere operation of these controls).
Teaching, instructing, training and the mentoring of others.
Applicable job title examples are: CISO, Director, Manager, Supervisor, Analyst,
Cryptographer, Cyber Architect, Information Assurance Engineer, Instructor, Professor,
Lecturer, Investigator, Computer Scientist, Program Manager, Lead, etc.
6
© 2014 International Information Systems Security Certification Consortium, Inc. All Rights Reserved. Duplication for commercial
purposes is prohibited. 5.12.14, V14
1) ACCESS CONTROL
Overview
Effective Date: January 1, 2012
Access Control domain covers mechanisms by which a system grants or revokes the right to
access data or perform an action on an information system.
Access Control systems include:
File permissions, such as “create,” “read,” “edit,” or “delete” on a file server.
Program permissions, such as the right to execute a program on an application server.
Data rights, such as the right to retrieve or update information in a database.
CISSP candidates should fully understand access control concepts, methodologies and their
implementation within centralized and decentralized environments across an organization’s
computing environment.
Key Areas of Knowledge
A. Control access by applying the following concepts/methodologies/
techniques
A.1
Policies
A.2
Types of controls (preventive, detective, corrective, etc.)
A.3
Techniques (e.g., non-discretionary, discretionary and mandatory)
A.4
Identification and Authentication
A.5 Decentralized/distributed access control techniques
A.6 Authorization mechanisms
A.7
Logging and monitoring
B. Understand access control attacks
B.1
Threat modeling
B.2
Asset valuation
B.3
Vulnerability analysis
B.4
Access aggregation
7
© 2014 International Information Systems Security Certification Consortium, Inc. All Rights Reserved. Duplication for commercial
purposes is prohibited. 5.12.14, V14
Effective Date: January 1, 2012
C. Assess effectiveness of access controls
C.1
User entitlement
C.2 Access review & audit
D. Identity and access provisioning lifecycle (e.g., provisioning, review,
revocation)
8
© 2014 International Information Systems Security Certification Consortium, Inc. All Rights Reserved. Duplication for commercial
purposes is prohibited. 5.12.14, V14
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
