Page 3 - CISSO_Workbookv18
P. 3
Certified Information Systems Security Officer
Table of Contents
Course Introduction ...................................................................................................................................... 6
Module 1 – Risk Management .................................................................................................................... 13
Section 1 – Risk Definitions ..................................................................................................................... 16
Section 2 – Risk Management ................................................................................................................. 29
Section 3 – Risk Assessment ................................................................................................................... 35
Section 4 – Responding to Risk ............................................................................................................... 57
Module 2 – Security Management ............................................................................................................. 69
Section 1 – Understanding Security ........................................................................................................ 71
Section 2 – Information Security Management System ......................................................................... 77
Section 3 – Roles and Responsibility ....................................................................................................... 91
Section 4 – Security Frameworks ............................................................................................................ 97
Section 5 – Human Resources ............................................................................................................... 105
Chapter 3 – Identification and Authentication ......................................................................................... 119
Section 1 – Identity Management ......................................................................................................... 121
Section 2 – Authentication Techniques ................................................................................................ 134
Section 3 – Single Sign-on ..................................................................................................................... 152
Section 4 – Access Control Monitoring ................................................................................................. 167
Chapter 4 – Access Control ....................................................................................................................... 178
Section 1 – Access Control Types and Characteristics .......................................................................... 180
Section 2 – Information Classification .................................................................................................. 194
Section 3 – Access Control Models and Techniques ............................................................................. 201
Section 4 – Access Control Methods ..................................................................................................... 214
Chapter 5 – Security Models and Evaluation Criteria ............................................................................... 224
Section 1 – Trusted Computing Base .................................................................................................... 226
Section 2 – Protection Mechanisms ..................................................................................................... 231
Section 3 – Security Models .................................................................................................................. 240
Section 4 – Evaluation Criteria .............................................................................................................. 256
Chapter 6 – Operations Security ............................................................................................................... 269
Section 1 – Administrative Management Responsibilities ................................................................... 271
Section 2 – Product Implementation Management ............................................................................. 282
Section 3 – Redundancy and Fault Tolerance ....................................................................................... 293
Section 4 – Operational Issues and Responses ..................................................................................... 303
Certified Information Systems Security Officer P a g e | 3
©Mile2 – All Rights Reserved - v18