Читаем CISSP Practice полностью

“Access Control in Support of Information Systems, Security Technical Implementation Guide.” (DISA-STIG, Version 2 and Release 2). December 2008. Defense Information Systems Agency (DISA), The U.S. Department of Defense (DOD).

Garcia, Mary Lynn. 2001. The Design and Evaluation of Physical Protection Systems. Burlington, MA: Butterworth-Heinemann.

National Fire Protection Association (NFPA) 10, 1998. Quincy, MA.

National Fire Protection Association (NFPA) 25, 1998.Quincy, MA.

CPP Study Guide, 10th Edition. 1999. Alexandria, VA: The American Society for Industrial Security (ASIS).

Patterson, David G., III. 2004. Implementing Physical Protection Systems. Alexandria, VA: ASIS International.

“Security Requirements for Cryptographic Modules” (NIST FIPS PUB 140-3 draft), July 2007. National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland.

Tyska, Louis A. and Fennelly, Lawrence J. 2000. 150 Things You Should Know About Physical Security. Woburn, MA: Butterworth-Heinemann.

Appendix A

CISSP Glossary 2012

This appendix provides a glossary of key information systems and information technology security terms useful to the CISSP Exam candidates. Reading the glossary terms prior to reading the practice chapters (domains) can help the candidate understand the chapter contents better. More than one definition of a key term is provided to address multiple meanings and contexts in which the term is used or applied.

The glossary is provided for a clear understanding of technical terms used in the ten domains of this book. The CISSP Exam candidates should know these terms for a better comprehension of the subject matter presented. This glossary is a good source for answering multiple-choice questions on the CISSP Exam.

Numbers and Letters

1G

The first generation of analog-based wireless technology.

2G

The second generation of digital wireless technology that supports voice and text.

3G

The third generation of digital wireless technology that supports video.

4G

The fourth generation of digital wireless technology that provides faster display of multimedia.

802.1Q

The IEEE standard for virtual local-area networks (VLANs).

802.2

The IEEE standard for logical link control. (IEEE is Institute of Electrical and Electronics Engineers.)

802.3

The IEEE standard for carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications for Ethernet local-area networks (LANs).

802.4

The IEEE standard for Token bus access method and physical layer specifications for LANs.

802.5

The IEEE standard for Token ring access method and physical layer specifications for LANs.

802.6

The IEEE standard for Distributed queue dual bus access method and physical layer specifications for wired metropolitan-area networks (MANs).

802.11

The IEEE standard for wireless LAN medium access control (MAC) sublayer and physical layer specifications. It uses a path-sharing protocol.

802.11a

The IEEE standard for radio band that is faster than 80211b but has a smaller range.

802.11b

The IEEE standard that is inexpensive and popular with sufficient speed but with interference problems.

802.11e

The IEEE standard for providing quality of service (QoS).

802.11f

The IEEE standard for achieving access point interoperability.

802.11g

The IEEE standard that is fast but expensive and is mostly used by businesses.

802.11i

The IEEE standard for providing improved security over wired equivalent privacy (WEP).

802.11n

The IEEE standard for improving throughput rates.

802.11r

The IEEE standard for improving the amount of time for data connectivity.

802.11t

The IEEE standard for providing performance metrics.

802.11w

The IEEE standard for providing data integrity, data origination authenticity, replay protection, and data confidentiality.

802.15

The IEEE standard for wireless personal-area networks (e.g., Bluetooth).

802.16

The IEEE standard for air interface for fixed broadband wireless access systems such as wireless MANs.

A

Abstraction

(1) It is related to stepwise refinement and modularity of computer programs. (2) It is presented in levels such as high-level dealing with system/program requirements and low-level dealing with programming issues.

Access

(1) The ability to make use of any information system (IS) or information technology (IT) resources. (2) The ability to do something with information in a computer. (3) Access refers to the technical ability to do something (e.g., read, create, modify, or delete a file or execute a program).

Acceptable level of risk