Description

Book Synopsis


Table of Contents

Foreword xix

Introduction xxi

Domain 1: Security and Risk Management 1

Understand, Adhere to, and Promote Professional Ethics 2

(ISC)2 Code of Professional Ethics 2

Organizational Code of Ethics 3

Understand and Apply Security Concepts 4

Confidentiality 4

Integrity 5

Availability 6

Limitations of the CIA Triad 7

Evaluate and Apply Security Governance Principles 8

Alignment of the Security Function to Business Strategy, Goals, Mission, and Objectives 9

Organizational Processes 10

Organizational Roles and Responsibilities 14

Security Control Frameworks 15

Due Care and Due Diligence 22

Determine Compliance and Other Requirements 23

Legislative and Regulatory Requirements 23

Industry Standards and Other Compliance Requirements 25

Privacy Requirements 27

Understand Legal and Regulatory Issues That Pertain to Information Security in a Holistic Context 28

Cybercrimes and Data Breaches 28

Licensing and Intellectual Property Requirements 36

Import/Export Controls 39

Transborder Data Flow 40

Privacy 41

Understand Requirements for Investigation Types 48

Administrative 49

Criminal 50

Civil 52

Regulatory 53

Industry Standards 54

Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 55

Policies 55

Standards 56

Procedures 57

Guidelines 57

Identify, Analyze, and Prioritize Business Continuity Requirements 58

Business Impact Analysis 59

Develop and Document the Scope and the Plan 61

Contribute to and Enforce Personnel Security Policies and Procedures 63

Candidate Screening and Hiring 63

Employment Agreements and Policies 64

Onboarding, Transfers, and Termination Processes 65

Vendor, Consultant, and Contractor Agreements and Controls 67

Compliance Policy Requirements 67

Privacy Policy Requirements 68

Understand and Apply Risk Management Concepts 68

Identify Threats and Vulnerabilities 68

Risk Assessment 70

Risk Response/Treatment 72

Countermeasure Selection and Implementation 73

Applicable Types of Controls 75

Control Assessments 76

Monitoring and Measurement 77

Reporting 77

Continuous Improvement 78

Risk Frameworks 78

Understand and Apply Threat Modeling Concepts and Methodologies 83

Threat Modeling Concepts 84

Threat Modeling Methodologies 85

Apply Supply Chain Risk Management Concepts 88

Risks Associated with Hardware, Software, and Services 88

Third-Party Assessment and Monitoring 89

Minimum Security Requirements 90

Service-Level

Requirements 90

Frameworks 91

Establish and Maintain a Security Awareness, Education, and Training Program 92

Methods and Techniques to Present Awareness and Training 93

Periodic Content Reviews 94

Program Effectiveness Evaluation 94

Summary 95

Domain 2: Asset Security 97

Identify and Classify Information and Assets 97

Data Classification and Data Categorization 99

Asset Classification 101

Establish Information and Asset Handling Requirements 104

Marking and Labeling 104

Handling 105

Storage 105

Declassification 106

Provision Resources Securely 108

Information and Asset Ownership 108

Asset Inventory 109

Asset Management 112

Manage Data Lifecycle 115

Data Roles 116

Data Collection 120

Data Location 120

Data Maintenance 121

Data Retention 122

Data Destruction 123

Data Remanence 123

Ensure Appropriate Asset Retention 127

Determining Appropriate Records Retention 129

Records Retention Best Practices 130

Determine Data Security Controls and Compliance Requirements 131

Data States 133

Scoping and Tailoring 135

Standards Selection 137

Data Protection Methods 141

Summary 144

Domain 3: Security Architecture and Engineering 147

Research, Implement, and Manage Engineering Processes Using Secure Design Principles 149

ISO/IEC 19249 150

Threat Modeling 157

Secure Defaults 160

Fail Securely 161

Separation of Duties 161

Keep It Simple 162

Trust, but Verify 162

Zero Trust 163

Privacy by Design 165

Shared Responsibility 166

Defense in Depth 167

Understand the Fundamental Concepts of Security Models 168

Primer on Common Model Components 168

Information Flow Model 169

Noninterference Model 169

Bell–LaPadula Model 170

Biba Integrity Model 172

Clark–Wilson Model 173

Brewer–Nash Model 173

Take-Grant Model 175

Select Controls Based Upon Systems Security Requirements 175

Understand Security Capabilities of Information Systems 179

Memory Protection 180

Secure Cryptoprocessor 182

Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 187

Client-Based Systems 187

Server-Based Systems 189

Database Systems 191

Cryptographic Systems 194

Industrial Control Systems 200

Cloud-Based Systems 203

Distributed Systems 207

Internet of Things 208

Microservices 212

Containerization 214

Serverless 215

Embedded Systems 216

High-Performance Computing Systems 219

Edge Computing Systems 220

Virtualized Systems 221

Select and Determine Cryptographic Solutions 224

Cryptography Basics 225

Cryptographic Lifecycle 226

Cryptographic Methods 229

Public Key Infrastructure 243

Key Management Practices 246

Digital Signatures and Digital Certificates 250

Nonrepudiation 252

Integrity 253

Understand Methods of Cryptanalytic Attacks 257

Brute Force 258

Ciphertext Only 260

Known Plaintext 260

Chosen Plaintext Attack 260

Frequency Analysis 261

Chosen Ciphertext 261

Implementation Attacks 261

Side-Channel Attacks 261

Fault Injection 263

Timing Attacks 263

Man-in-the-Middle 263

Pass the Hash 263

Kerberos Exploitation 264

Ransomware 264

Apply Security Principles to Site and Facility Design 265

Design Site and Facility Security Controls 265

Wiring Closets/Intermediate Distribution Facilities 266

Server Rooms/Data Centers 267

Media Storage Facilities 268

Evidence Storage 269

Restricted and Work Area Security 270

Utilities and Heating, Ventilation, and Air Conditioning 272

Environmental Issues 275

Fire Prevention, Detection, and Suppression 277

Summary 281

Domain 4: Communication and Network Security 283

Assess and Implement Secure Design Principles in Network Architectures 283

Open System Interconnection and Transmission Control Protocol/Internet Protocol Models 285

The OSI Reference Model 286

The TCP/IP Reference Model 299

Internet Protocol Networking 302

Secure Protocols 311

Implications of Multilayer Protocols 313

Converged Protocols 315

Microsegmentation 316

Wireless Networks 319

Cellular Networks 333

Content Distribution Networks 334

Secure Network Components 335

Operation of Hardware 335

Repeaters, Concentrators, and Amplifiers 341

Hubs 341

Bridges 342

Switches 342

Routers 343

Gateways 343

Proxies 343

Transmission Media 345

Network Access Control 352

Endpoint Security 354

Mobile Devices 355

Implement Secure Communication Channels According to Design 357

Voice 357

Multimedia Collaboration 359

Remote Access 365

Data Communications 371

Virtualized Networks 373

Third-Party

Connectivity 374

Summary 374

Domain 5: Identity and Access Management 377

Control Physical and Logical Access to Assets 378

Access Control Definitions 378

Information 379

Systems 380

Devices 381

Facilities 383

Applications 386

Manage Identification and Authentication of People, Devices, and Services 387

Identity Management Implementation 388

Single/Multifactor Authentication 389

Accountability 396

Session Management 396

Registration, Proofing, and Establishment of Identity 397

Federated Identity Management 399

Credential Management Systems 399

Single Sign-On 400

Just-In-Time 401

Federated Identity with a Third-Party Service 401

On Premises 402

Cloud 403

Hybrid 403

Implement and Manage Authorization Mechanisms 404

Role-Based Access Control 405

Rule-Based Access Control 405

Mandatory Access Control 406

Discretionary Access Control 406

Attribute-Based Access Control 407

Risk-Based Access Control 408

Manage the Identity and Access Provisioning Lifecycle 408

Account Access Review 409

Account Usage Review 411

Provisioning and Deprovisioning 411

Role Definition 412

Privilege Escalation 413

Implement Authentication Systems 414

OpenID Connect/Open Authorization 414

Security Assertion Markup Language 415

Kerberos 416

Remote Authentication Dial-In User Service/Terminal Access Controller Access Control System Plus 417

Summary 418

Domain 6: Security Assessment and Testing 419

Design and Validate Assessment, Test, and Audit Strategies 420

Internal 421

External 422

Third-Party 423

Conduct Security Control Testing 423

Vulnerability Assessment 423

Penetration Testing 428

Log Reviews 435

Synthetic Transactions 435

Code Review and Testing 436

Misuse Case Testing 437

Test Coverage Analysis 438

Interface Testing 439

Breach Attack Simulations 440

Compliance Checks 441

Collect Security Process Data 442

Technical Controls and Processes 443

Administrative Controls 443

Account Management 444

Management Review and Approval 445

Management Reviews for Compliance 446

Key Performance and Risk Indicators 447

Backup Verification Data 450

Training and Awareness 450

Disaster Recovery and Business Continuity 451

Analyze Test Output and Generate Report 452

Typical Audit Report Contents 453

Remediation 454

Exception Handling 455

Ethical Disclosure 456

Conduct or Facilitate Security Audits 458

Designing an Audit Program 458

Internal Audits 459

External Audits 460

Third-Party Audits 460

Summary 461

Domain 7: Security Operations 463

Understand and Comply with Investigations 464

Evidence Collection and Handling 465

Reporting and Documentation 467

Investigative Techniques 469

Digital Forensics Tools, Tactics, and Procedures 470

Artifacts 475

Conduct Logging and Monitoring Activities 478

Intrusion Detection and Prevention 478

Security Information and Event Management 480

Continuous Monitoring 481

Egress Monitoring 483

Log Management 484

Threat Intelligence 486

User and Entity Behavior Analytics 488

Perform Configuration Management 489

Provisioning 490

Asset Inventory 492

Baselining 492

Automation 493

Apply Foundational Security Operations Concepts 494

Need-to-Know/Least Privilege 494

Separation of Duties and Responsibilities 495

Privileged Account Management 496

Job Rotation 498

Service-Level

Agreements 498

Apply Resource Protection 499

Media Management 500

Media Protection Techniques 501

Conduct Incident Management 502

Incident Management Plan 503

Detection 505

Response 506

Mitigation 507

Reporting 508

Recovery 510

Remediation 510

Lessons Learned 511

Operate and Maintain Detective and Preventative Measures 511

Firewalls 512

Intrusion Detection Systems and Intrusion Prevention Systems 514

Whitelisting/Blacklisting 515

Third-Party-Provided Security Services 515

Sandboxing 517

Honeypots/Honeynets 517

Anti-malware 518

Machine Learning and Artificial Intelligence Based Tools 518

Implement and Support Patch and Vulnerability Management 519

Patch Management 519

Vulnerability Management 521

Understand and Participate in Change Management Processes 522

Implement Recovery Strategies 523

Backup Storage Strategies 524

Recovery Site Strategies 527

Multiple Processing Sites 527

System Resilience, High Availability, Quality of Service, and Fault Tolerance 528

Implement Disaster Recovery Processes 529

Response 529

Personnel 530

Communications 531

Assessment 532

Restoration 533

Training and Awareness 534

Lessons Learned 534

Test Disaster Recovery Plans 535

Read-through/Tabletop 536

Walkthrough 536

Simulation 537

Parallel 537

Full Interruption 537

Participate in Business Continuity Planning and Exercises 538

Implement and Manage Physical Security 539

Perimeter Security Controls 541

Internal Security Controls 543

Address Personnel Safety and Security Concerns 545

Travel 545

Security Training and Awareness 546

Emergency Management 546

Duress 547

Summary 548

Domain 8: Software Development Security 549

Understand and Integrate Security in the Software Development Life Cycle (SDLC) 550

Development Methodologies 551

Maturity Models 561

Operation and Maintenance 567

Change Management 568

Integrated Product Team 571

Identify and Apply Security Controls in Software Development Ecosystems 572

Programming Languages 572

Libraries 577

Toolsets 578

Integrated Development Environment 579

Runtime 580

Continuous Integration and Continuous Delivery 581

Security Orchestration, Automation, and Response 583

Software Configuration Management 585

Code Repositories 586

Application Security Testing 588

Assess the Effectiveness of Software Security 590

Auditing and Logging of Changes 590

Risk Analysis and Mitigation 595

Assess Security Impact of Acquired Software 599

Commercial Off-the-Shelf 599

Open Source 601

Third-Party 602

Managed Services (SaaS, IaaS, PaaS) 602

Define and Apply Secure Coding Guidelines and Standards 604

Security Weaknesses and Vulnerabilities at the Source-Code Level 605

Security of Application Programming Interfaces 613

API Security Best Practices 613

Secure Coding Practices 618

Software-Defined Security 621

Summary 624

Index 625

The Official ISC2 CISSP CBK Reference

    Product form

    £66.60

    Includes FREE delivery

    RRP £74.00 – you save £7.40 (10%)

    Order before 4pm today for delivery by Fri 26 Jun 2026.

    A Hardback by Arthur J. Deane, Aaron Kraus

    2 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of The Official ISC2 CISSP CBK Reference by Arthur J. Deane

      Publisher: John Wiley & Sons Inc
      Publication Date: 11/11/2021
      ISBN13: 9781119789994, 978-1119789994
      ISBN10: 1119789990
      Also in:
      Computing Computer science

      Description

      Book Synopsis


      Table of Contents

      Foreword xix

      Introduction xxi

      Domain 1: Security and Risk Management 1

      Understand, Adhere to, and Promote Professional Ethics 2

      (ISC)2 Code of Professional Ethics 2

      Organizational Code of Ethics 3

      Understand and Apply Security Concepts 4

      Confidentiality 4

      Integrity 5

      Availability 6

      Limitations of the CIA Triad 7

      Evaluate and Apply Security Governance Principles 8

      Alignment of the Security Function to Business Strategy, Goals, Mission, and Objectives 9

      Organizational Processes 10

      Organizational Roles and Responsibilities 14

      Security Control Frameworks 15

      Due Care and Due Diligence 22

      Determine Compliance and Other Requirements 23

      Legislative and Regulatory Requirements 23

      Industry Standards and Other Compliance Requirements 25

      Privacy Requirements 27

      Understand Legal and Regulatory Issues That Pertain to Information Security in a Holistic Context 28

      Cybercrimes and Data Breaches 28

      Licensing and Intellectual Property Requirements 36

      Import/Export Controls 39

      Transborder Data Flow 40

      Privacy 41

      Understand Requirements for Investigation Types 48

      Administrative 49

      Criminal 50

      Civil 52

      Regulatory 53

      Industry Standards 54

      Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 55

      Policies 55

      Standards 56

      Procedures 57

      Guidelines 57

      Identify, Analyze, and Prioritize Business Continuity Requirements 58

      Business Impact Analysis 59

      Develop and Document the Scope and the Plan 61

      Contribute to and Enforce Personnel Security Policies and Procedures 63

      Candidate Screening and Hiring 63

      Employment Agreements and Policies 64

      Onboarding, Transfers, and Termination Processes 65

      Vendor, Consultant, and Contractor Agreements and Controls 67

      Compliance Policy Requirements 67

      Privacy Policy Requirements 68

      Understand and Apply Risk Management Concepts 68

      Identify Threats and Vulnerabilities 68

      Risk Assessment 70

      Risk Response/Treatment 72

      Countermeasure Selection and Implementation 73

      Applicable Types of Controls 75

      Control Assessments 76

      Monitoring and Measurement 77

      Reporting 77

      Continuous Improvement 78

      Risk Frameworks 78

      Understand and Apply Threat Modeling Concepts and Methodologies 83

      Threat Modeling Concepts 84

      Threat Modeling Methodologies 85

      Apply Supply Chain Risk Management Concepts 88

      Risks Associated with Hardware, Software, and Services 88

      Third-Party Assessment and Monitoring 89

      Minimum Security Requirements 90

      Service-Level

      Requirements 90

      Frameworks 91

      Establish and Maintain a Security Awareness, Education, and Training Program 92

      Methods and Techniques to Present Awareness and Training 93

      Periodic Content Reviews 94

      Program Effectiveness Evaluation 94

      Summary 95

      Domain 2: Asset Security 97

      Identify and Classify Information and Assets 97

      Data Classification and Data Categorization 99

      Asset Classification 101

      Establish Information and Asset Handling Requirements 104

      Marking and Labeling 104

      Handling 105

      Storage 105

      Declassification 106

      Provision Resources Securely 108

      Information and Asset Ownership 108

      Asset Inventory 109

      Asset Management 112

      Manage Data Lifecycle 115

      Data Roles 116

      Data Collection 120

      Data Location 120

      Data Maintenance 121

      Data Retention 122

      Data Destruction 123

      Data Remanence 123

      Ensure Appropriate Asset Retention 127

      Determining Appropriate Records Retention 129

      Records Retention Best Practices 130

      Determine Data Security Controls and Compliance Requirements 131

      Data States 133

      Scoping and Tailoring 135

      Standards Selection 137

      Data Protection Methods 141

      Summary 144

      Domain 3: Security Architecture and Engineering 147

      Research, Implement, and Manage Engineering Processes Using Secure Design Principles 149

      ISO/IEC 19249 150

      Threat Modeling 157

      Secure Defaults 160

      Fail Securely 161

      Separation of Duties 161

      Keep It Simple 162

      Trust, but Verify 162

      Zero Trust 163

      Privacy by Design 165

      Shared Responsibility 166

      Defense in Depth 167

      Understand the Fundamental Concepts of Security Models 168

      Primer on Common Model Components 168

      Information Flow Model 169

      Noninterference Model 169

      Bell–LaPadula Model 170

      Biba Integrity Model 172

      Clark–Wilson Model 173

      Brewer–Nash Model 173

      Take-Grant Model 175

      Select Controls Based Upon Systems Security Requirements 175

      Understand Security Capabilities of Information Systems 179

      Memory Protection 180

      Secure Cryptoprocessor 182

      Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 187

      Client-Based Systems 187

      Server-Based Systems 189

      Database Systems 191

      Cryptographic Systems 194

      Industrial Control Systems 200

      Cloud-Based Systems 203

      Distributed Systems 207

      Internet of Things 208

      Microservices 212

      Containerization 214

      Serverless 215

      Embedded Systems 216

      High-Performance Computing Systems 219

      Edge Computing Systems 220

      Virtualized Systems 221

      Select and Determine Cryptographic Solutions 224

      Cryptography Basics 225

      Cryptographic Lifecycle 226

      Cryptographic Methods 229

      Public Key Infrastructure 243

      Key Management Practices 246

      Digital Signatures and Digital Certificates 250

      Nonrepudiation 252

      Integrity 253

      Understand Methods of Cryptanalytic Attacks 257

      Brute Force 258

      Ciphertext Only 260

      Known Plaintext 260

      Chosen Plaintext Attack 260

      Frequency Analysis 261

      Chosen Ciphertext 261

      Implementation Attacks 261

      Side-Channel Attacks 261

      Fault Injection 263

      Timing Attacks 263

      Man-in-the-Middle 263

      Pass the Hash 263

      Kerberos Exploitation 264

      Ransomware 264

      Apply Security Principles to Site and Facility Design 265

      Design Site and Facility Security Controls 265

      Wiring Closets/Intermediate Distribution Facilities 266

      Server Rooms/Data Centers 267

      Media Storage Facilities 268

      Evidence Storage 269

      Restricted and Work Area Security 270

      Utilities and Heating, Ventilation, and Air Conditioning 272

      Environmental Issues 275

      Fire Prevention, Detection, and Suppression 277

      Summary 281

      Domain 4: Communication and Network Security 283

      Assess and Implement Secure Design Principles in Network Architectures 283

      Open System Interconnection and Transmission Control Protocol/Internet Protocol Models 285

      The OSI Reference Model 286

      The TCP/IP Reference Model 299

      Internet Protocol Networking 302

      Secure Protocols 311

      Implications of Multilayer Protocols 313

      Converged Protocols 315

      Microsegmentation 316

      Wireless Networks 319

      Cellular Networks 333

      Content Distribution Networks 334

      Secure Network Components 335

      Operation of Hardware 335

      Repeaters, Concentrators, and Amplifiers 341

      Hubs 341

      Bridges 342

      Switches 342

      Routers 343

      Gateways 343

      Proxies 343

      Transmission Media 345

      Network Access Control 352

      Endpoint Security 354

      Mobile Devices 355

      Implement Secure Communication Channels According to Design 357

      Voice 357

      Multimedia Collaboration 359

      Remote Access 365

      Data Communications 371

      Virtualized Networks 373

      Third-Party

      Connectivity 374

      Summary 374

      Domain 5: Identity and Access Management 377

      Control Physical and Logical Access to Assets 378

      Access Control Definitions 378

      Information 379

      Systems 380

      Devices 381

      Facilities 383

      Applications 386

      Manage Identification and Authentication of People, Devices, and Services 387

      Identity Management Implementation 388

      Single/Multifactor Authentication 389

      Accountability 396

      Session Management 396

      Registration, Proofing, and Establishment of Identity 397

      Federated Identity Management 399

      Credential Management Systems 399

      Single Sign-On 400

      Just-In-Time 401

      Federated Identity with a Third-Party Service 401

      On Premises 402

      Cloud 403

      Hybrid 403

      Implement and Manage Authorization Mechanisms 404

      Role-Based Access Control 405

      Rule-Based Access Control 405

      Mandatory Access Control 406

      Discretionary Access Control 406

      Attribute-Based Access Control 407

      Risk-Based Access Control 408

      Manage the Identity and Access Provisioning Lifecycle 408

      Account Access Review 409

      Account Usage Review 411

      Provisioning and Deprovisioning 411

      Role Definition 412

      Privilege Escalation 413

      Implement Authentication Systems 414

      OpenID Connect/Open Authorization 414

      Security Assertion Markup Language 415

      Kerberos 416

      Remote Authentication Dial-In User Service/Terminal Access Controller Access Control System Plus 417

      Summary 418

      Domain 6: Security Assessment and Testing 419

      Design and Validate Assessment, Test, and Audit Strategies 420

      Internal 421

      External 422

      Third-Party 423

      Conduct Security Control Testing 423

      Vulnerability Assessment 423

      Penetration Testing 428

      Log Reviews 435

      Synthetic Transactions 435

      Code Review and Testing 436

      Misuse Case Testing 437

      Test Coverage Analysis 438

      Interface Testing 439

      Breach Attack Simulations 440

      Compliance Checks 441

      Collect Security Process Data 442

      Technical Controls and Processes 443

      Administrative Controls 443

      Account Management 444

      Management Review and Approval 445

      Management Reviews for Compliance 446

      Key Performance and Risk Indicators 447

      Backup Verification Data 450

      Training and Awareness 450

      Disaster Recovery and Business Continuity 451

      Analyze Test Output and Generate Report 452

      Typical Audit Report Contents 453

      Remediation 454

      Exception Handling 455

      Ethical Disclosure 456

      Conduct or Facilitate Security Audits 458

      Designing an Audit Program 458

      Internal Audits 459

      External Audits 460

      Third-Party Audits 460

      Summary 461

      Domain 7: Security Operations 463

      Understand and Comply with Investigations 464

      Evidence Collection and Handling 465

      Reporting and Documentation 467

      Investigative Techniques 469

      Digital Forensics Tools, Tactics, and Procedures 470

      Artifacts 475

      Conduct Logging and Monitoring Activities 478

      Intrusion Detection and Prevention 478

      Security Information and Event Management 480

      Continuous Monitoring 481

      Egress Monitoring 483

      Log Management 484

      Threat Intelligence 486

      User and Entity Behavior Analytics 488

      Perform Configuration Management 489

      Provisioning 490

      Asset Inventory 492

      Baselining 492

      Automation 493

      Apply Foundational Security Operations Concepts 494

      Need-to-Know/Least Privilege 494

      Separation of Duties and Responsibilities 495

      Privileged Account Management 496

      Job Rotation 498

      Service-Level

      Agreements 498

      Apply Resource Protection 499

      Media Management 500

      Media Protection Techniques 501

      Conduct Incident Management 502

      Incident Management Plan 503

      Detection 505

      Response 506

      Mitigation 507

      Reporting 508

      Recovery 510

      Remediation 510

      Lessons Learned 511

      Operate and Maintain Detective and Preventative Measures 511

      Firewalls 512

      Intrusion Detection Systems and Intrusion Prevention Systems 514

      Whitelisting/Blacklisting 515

      Third-Party-Provided Security Services 515

      Sandboxing 517

      Honeypots/Honeynets 517

      Anti-malware 518

      Machine Learning and Artificial Intelligence Based Tools 518

      Implement and Support Patch and Vulnerability Management 519

      Patch Management 519

      Vulnerability Management 521

      Understand and Participate in Change Management Processes 522

      Implement Recovery Strategies 523

      Backup Storage Strategies 524

      Recovery Site Strategies 527

      Multiple Processing Sites 527

      System Resilience, High Availability, Quality of Service, and Fault Tolerance 528

      Implement Disaster Recovery Processes 529

      Response 529

      Personnel 530

      Communications 531

      Assessment 532

      Restoration 533

      Training and Awareness 534

      Lessons Learned 534

      Test Disaster Recovery Plans 535

      Read-through/Tabletop 536

      Walkthrough 536

      Simulation 537

      Parallel 537

      Full Interruption 537

      Participate in Business Continuity Planning and Exercises 538

      Implement and Manage Physical Security 539

      Perimeter Security Controls 541

      Internal Security Controls 543

      Address Personnel Safety and Security Concerns 545

      Travel 545

      Security Training and Awareness 546

      Emergency Management 546

      Duress 547

      Summary 548

      Domain 8: Software Development Security 549

      Understand and Integrate Security in the Software Development Life Cycle (SDLC) 550

      Development Methodologies 551

      Maturity Models 561

      Operation and Maintenance 567

      Change Management 568

      Integrated Product Team 571

      Identify and Apply Security Controls in Software Development Ecosystems 572

      Programming Languages 572

      Libraries 577

      Toolsets 578

      Integrated Development Environment 579

      Runtime 580

      Continuous Integration and Continuous Delivery 581

      Security Orchestration, Automation, and Response 583

      Software Configuration Management 585

      Code Repositories 586

      Application Security Testing 588

      Assess the Effectiveness of Software Security 590

      Auditing and Logging of Changes 590

      Risk Analysis and Mitigation 595

      Assess Security Impact of Acquired Software 599

      Commercial Off-the-Shelf 599

      Open Source 601

      Third-Party 602

      Managed Services (SaaS, IaaS, PaaS) 602

      Define and Apply Secure Coding Guidelines and Standards 604

      Security Weaknesses and Vulnerabilities at the Source-Code Level 605

      Security of Application Programming Interfaces 613

      API Security Best Practices 613

      Secure Coding Practices 618

      Software-Defined Security 621

      Summary 624

      Index 625

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account