Читаем CISSP Practice полностью

“Guide to Secure Web Services (NIST SP 800-95),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, August 2007.

“Guide to SSL VPNs (NIST SP 800-113 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, August 2007.

“Guide to Storage Encryption Technologies for End User Devices (NIST SP 800-111 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, August 2007.

“Guidelines on Cell Phone Forensics (NIST SP 800-101),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, May 2007.

“Guidelines on Cell Phone and PDA Security (NIST SP800-124),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, October 2008.

“Guidelines on Electronic Mail Security (NIST SP 800-45, Version 2),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, February 2007.

“Guidelines on Firewalls and Firewall Policy (NIST SP 800-41 Revision 1),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, September 2009.

“Guidelines on Security and Privacy in Public Cloud Computing (NIST SP 800-144 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, January 2011.

“Information Assurance Technical Framework (IATF),” National Security Agency (NSA), Release 3.1, Fort Meade, Maryland, September 2002.

“Information Security Continuous Monitoring for Federal Information Systems and Organizations (NIST SP800-137 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, December 2010.

“The Institute of Electrical and Electronics Engineers, Inc.,” IEEE Standard 802-2001, New York, New York, Copyright 2002.

“Institute of Standards and Technology (NIST),” U.S. Department of Commerce, Gaithersburg, Maryland, June 2010.

“Managing Information Security Risk (NIST SP800-39),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, March 2011.

“Managing Risk from Information Systems: An Organizational Perspective (NIST SP800-39),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, April 2008.

“Piloting Supply Chain Risk Management Practices for Federal Information Systems (NISTIR7622 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, June 2010.

“Recommended Security Controls for Federal Information Systems and Organizations (NIST SP800-53 R3),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, August 2009.

“Service Component-Based Architectures, Version 2.0,” CIO Council, June 2004 (www.cio.gov).

Tanenbaum, Andrew S. Computer Networks by Chapter 5, Fourth Edition, Prentice Hall PTR, Upper Saddle River, New Jersey, Copyright 2003.

“Technical Guide to Information Security Testing (NIST SP 800-115 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, November 2007.

“Telecommunications: Glossary of Telecommunication Terms, Federal Standard 1037C,” U.S. General Services Administration (GSA), Washington, DC, August 1996.

“User’s Guide to Securing External Devices for Telework and Remote Access (NIST SP 800-114),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, November 2007.

“Wikipedia Encyclopedia,” Definitions for certain terms were adapted from Wikipedia (www.wikipedia.org).

Appendix B

CISSP Acronyms and Abbreviations 2012

This appendix consists of a list of selected information system and network security acronyms and abbreviations, along with their generally accepted definitions. When there are multiple definitions for a single term, the acronym or abbreviation is stacked next to each other.

Numeric

2TDEA

Two key triple DEA

3TDEA

Three key triple DEA

3DES

Three key triple data encryption standard

1G

First generation of analog wireless technology

2G

Second generation of digital wireless technology

3G

Third generation of digital wireless technology

4G

Fourth generation of digital wireless technology

A

AAA

Authentication, authorization, accounting

ABAC

Attribute-based access control

ACE

Access control entry

ACK

Acknowledgment

ACL

Access control list

ADCCP

Advanced data communication control procedure

ADSL

Asymmetric digital subscriber line

AES

Advanced encryption standard

AES-CBC

Advanced encryption standard – Cipher block chaining

AES-CTR

Advanced encryption standard – Counter mode

AH

Authentication header

AIN