projects:cism
差别
这里会显示出您选择的修订版和当前版本之间的差别。
| 两侧同时换到之前的修订记录前一修订版后一修订版 | 前一修订版 | ||
| projects:cism [2026/02/11 22:30] – jackiez | projects:cism [2026/02/11 22:44] (当前版本) – jackiez | ||
|---|---|---|---|
| 行 182: | 行 182: | ||
| leaders should also work carefully with other information technology leaders and the organization' | leaders should also work carefully with other information technology leaders and the organization' | ||
| ### Chapter6 Security Assessment and Testing | ### Chapter6 Security Assessment and Testing | ||
| + | **Be able to list the vulnerabilities that exist in modern computing environments.** Cybersecurity professionals should remain aware of the risks posed by vulnerabilities both on-premises | ||
| + | and in the cloud. Improper or weak patch management can be the source of many of these vulnerabilities, | ||
| + | that actually exists, the report is known as a false negative. | ||
| + | **Know the purpose of threat hunting.** Threat hunting activities presume that an organization is already compromised and search for indicators of those compromises. Threat hunting efforts include the use of advisories, bulletins, and threat intelligence feeds in an intelligence | ||
| + | fusion program. They search for signs that attackers gained initial access to a network and then conducted maneuver activities on that network. | ||
| + | **Know the purpose of vulnerability scans.** Vulnerability scans leverage application, | ||
| + | **Describe how penetration testing places security professionals in the role of attackers.** Penetration tests may be conducted in a manner that provides the testers with full access to information before the test (white box), no information at all (black box), or somewhere in | ||
| + | between those two extremes (gray box). Testers conduct tests within the rules of engagement and normally begin with reconnaissance efforts, including war driving, war flying, footprinting, | ||
| + | to a system. From there, they seek to conduct privilege escalation to increase their level of access and lateral movement/ | ||
| + | **Describe how bug bounty programs incentivize vulnerability reporting.** Bug bounty programs allow external security professionals to probe the security of an organization' | ||
| + | systems. Testers who discover vulnerabilities are provided with financial rewards for their participation. This approach is a good way to motivate hackers to work for good, rather than using discovered vulnerabilities against a target. | ||
| + | **Know how to use cybersecurity exercises to ensure that teams are prepared for security incidents.** Exercises are designed to test the skills of security professionals. Blue teams are responsible for managing the organization' | ||
| + | teams as they attempt to gain access to systems on the target network. | ||
| + | White teams serve as the neutral moderators of the exercise. Purple teaming is conducted after an exercise to bring together the red and blue teams for knowledge sharing. | ||
| ### Chapter7 Cybersecurity Technology | ### Chapter7 Cybersecurity Technology | ||
| + | **Know the role of endpoint security technologies in an enterprise cybersecurity program.** Antimalware software protects endpoint devices from many different threats. Antimalware | ||
| + | software uses signature detection and heuristic detection to prevent malware infections. Endpoint detection and response (EDR) platforms manage the detection, containment, | ||
| + | configuration management systems maintain secure system configurations, | ||
| + | holes that might be exploited by an attacker. | ||
| + | **Explain the role of network segmentation.** Network segmentation techniques place systems and users of different security levels on different network segments, containing the damage caused by a potential security incident. Firewalls provide segmentation of networks into security zones, whereas VLANs group users and devices by function. | ||
| + | **Understand the security requirements for routers, switches, | ||
| + | Switch security techniques include VLAN pruning, the prevention of VLAN hopping, and port security. Router security techniques include the use of access control lists to filter traffic and quality of service controls to prioritize important network use. | ||
| + | **Explain the three major cloud service models.** In the anything-as-a-service (XaaS) approach to computing, there are three major cloud service models. Infrastructure-as-a-service (IaaS) offerings allow customers to purchase and interact with the basic building blocks of a | ||
| + | technology infrastructure. Software-as-a-service (SaaS) offerings provide customers with access to a fully managed application running in the cloud. Platform-as-a-service (PaaS) offerings provide a platform where customers may run applications that they have developed themselves. | ||
| + | **Describe the four major cloud deployment models.** Public cloud service providers deploy infrastructure and then make it accessible to any customers who wish to take advantage of it in a multitenant model. The term private cloud is used to describe any cloud infrastructure that is provisioned for use by a single customer. A community cloud service shares characteristics of both the public and private models. Community cloud services do run in a multitenant environment, | ||
| + | community cloud services together. | ||
| + | **Understand the shared responsibility model of cloud security.** Under the shared responsibility model of cloud security, | ||
| + | service providers and the customers' | ||
| + | security of the operating system itself. In SaaS, the cloud provider is responsible for the security of the entire environment, | ||
| + | **Understand secure software development concepts.** Software should be created using a standardized software development lifecycle that moves software through development, | ||
| + | **Explain secure code deployment and automation concepts.** Code repositories serve as a version control mechanism and centralized authority for the secure provisioning and deprovisioning of code. Developers and operations teams should work together on developing automated courses of action as they implement a DevOps approach to creating and deploying software. Software | ||
| + | applications should be designed to support both scalability and elasticity. | ||
| + | **Understand the goals of cryptography.** The four goals of cryptography are confidentiality, | ||
| + | prove to a third party that a message came from its purported sender. | ||
| + | **Explain the differences between symmetric and asymmetric encryption.** Symmetric encryption uses the same shared secret key to encrypt and decrypt information. Users must have some mechanism | ||
| + | to exchange these shared secret keys. Asymmetric encryption provides each user with a pair of keys: a public key, which is freely shared, and a private key, which is kept secret. Anything encrypted with one key from the pair may be decrypted with the other key from the same pair. | ||
| + | **Explain how digital signatures provide nonrepudiation.** Digital signatures provide nonrepudiation by allowing a third party to verify the authenticity of a message. Senders create digital signatures by using a hash function to generate a message digest and then encrypting that digest with their own private key. | ||
| + | Others may verify the digital signature by decrypting it with the sender' | ||
| + | **Understand the purpose and use of digital certificates.** Digital certificates provide a trusted mechanism for sharing public keys with other individuals. Users and organizations obtain digital certificates from certificate authorities (CAs), who demonstrate their trust in the certificate by applying their digital signature. Recipients of the digital certificate can rely on the public key it contains if they trust the issuing CA and verify the CA's digital signature. | ||
| + | **Explain the major components of an identity and access management program.** Identity and access management systems perform three major functions: identification, | ||
| + | authorization. Identification is the process of a user making a claim of identity, such as by providing a username. Authentication allows the user to prove their identity. Authentication may be done using something you know, something you have, or something you are. | ||
| + | Multifactor authentication combines different authentication techniques to provide stronger security. Authorization ensures that authenticated users may only perform actions necessary to carry out their assigned responsibilities. | ||
| ### Chapter8 Incident Response | ### Chapter8 Incident Response | ||
| + | **Security events are occurrences that may escalate into a security incident.** An event is any observable occurrence in a system or network. A security event includes any observable | ||
| + | occurrence that relates to a security function. A security incident is a violation or imminent threat of violation of computer security policies, | ||
| + | **The cybersecurity incident response process has four phases.** The four phases of incident response are preparation; | ||
| + | post-incident activities. The process is not a simple progression of steps from start to finish. Instead, it includes loops that allow responders to return to prior phases as needed during the response. | ||
| + | **Security event indicators include alerts, logs, publicly available information, | ||
| + | event management systems, antivirus software, file integrity checking software, and third-party monitoring services. Logs are generated by operating systems, services, applications, | ||
| + | security incident is in progress. | ||
| + | **Policies, procedures, and playbooks guide incident response efforts.** The incident response policy serves as the cornerstone of an organization' | ||
| + | response. Procedures provide the detailed, tactical information that CSIRT members need when responding to an incident. CSIRTs often develop playbooks that describe the specific procedures that they will follow in the event of a specific type of cybersecurity incident. | ||
| + | **Incident response teams should represent diverse stakeholders.** The core incident response team normally consists of cybersecurity professionals with specific expertise in incident response. | ||
| + | In addition to the core team members, the CSIRT may include representation from technical subject matter experts, IT support staff,legal counsel, human resources staff, and public relations and marketing teams. | ||
| + | **Incidents may be classified according to the attack vector where they originate.** Common attack vectors for security incidents include external/ | ||
| + | **Response teams classify the severity of an incident.** The functional impact of an incident is the degree of impairment that it causes to the organization. The economic impact is the amount of | ||
| + | financial loss that the organization incurs. In addition to measuring the functional and economic impact of a security incident, organizations should measure the time that services will be unavailable and the recoverability effort. Finally, the nature of the data involved in an | ||
| + | incident also contributes to the severity of the information impact. | ||
| ### Chapter9 Business Continuity and Disaster Recovery | ### Chapter9 Business Continuity and Disaster Recovery | ||
| - | + | **Understand the four steps of the business continuity planning process.** Business continuity planning involves four distinct phases: | |
| + | project scope and planning, business impact analysis, continuity planning, and approval and implementation. Each task contributes to the overall goal of ensuring that business operations continue uninterrupted in the face of an emergency. | ||
| + | **Describe how to perform the business organization analysis.** In the business organization analysis, the individuals responsible for leading the BCP process determine which departments | ||
| + | and individuals have a stake in the business continuity plan. This analysis serves as the foundation for BCP team selection and, after validation by the BCP team, is used to guide the next stages of BCP development. | ||
| + | **List the necessary members of the business continuity planning team.** The BCP team should contain, at a minimum, | ||
| + | technical experts from the IT department; physical and IT security personnel with BCP skills; legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; | ||
| + | **Know the legal and regulatory requirements that face business continuity planners.** Business leaders must exercise due diligence to ensure that shareholders' | ||
| + | event disaster strikes. Some industries are also subject to federal, state,and local regulations that mandate specific BCP procedures. Many businesses also have contractual obligations to their clients that they must meet before, during, and after a disaster. | ||
| + | **Explain the steps of the business impact analysis process.** The five stages of the business impact analysis process are the identification of priorities, risk identification, | ||
| + | **Describe the process used to develop a continuity strategy.** During the strategy development phase, the BCP team determines which risks they will mitigate. In the provisions and | ||
| + | processes phase, the team designs mechanisms and procedures that will mitigate identified risks. The plan must then be approved by senior management and implemented. Personnel must also receive training on their roles in the BCP process. | ||
| + | **Explain the importance of comprehensively documenting an organization' | ||
| + | a written record of the procedures to follow when disaster strikes. It prevents the “it' | ||
| + | **Be familiar with the common types of recovery facilities.** The common types of recovery facilities are cold sites,warm sites, hot sites, mobile sites, and multiple sites. Be sure you | ||
| + | understand the benefits and drawbacks for each such facility. | ||
| + | **Understand the technologies that may assist with database backup.** Databases benefit from three backup technologies.Electronic vaulting is used to transfer database backups to a remote | ||
| + | site as part of a bulk transfer. In remote journaling, data transfers occur on a more frequent basis. With remote mirroring technology, | ||
| + | **Explain the common processes used in disaster recovery programs.** These programs should take a comprehensive approach to planning and include considerations related to the initial | ||
| + | response effort, personnel involved, communication among the team and with internal and external entities, assessment of response efforts, and restoration of services. DR programs should also include training and awareness efforts to ensure personnel understand their responsibilities and lessons learned sessions to continuously improve the program. | ||
| + | **Know the five types of disaster recovery plan tests and the impact each has on normal business operations.** The five types of disaster recovery plan tests are: read-through tests, | ||
| + | structured walk-throughs, | ||
| + | Neither has an impact on business operations. Simulation tests may shut down noncritical business units. Parallel tests involve relocating personnel but do not affect day-to-day operations. Full-interruption tests involve shutting down primary systems and shifting responsibility to the recovery facility. | ||
projects/cism.1770816653.txt.gz · 最后更改: 由 jackiez