Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
16 Cards in this Set
- Front
- Back
ISC2 was formed for which of the following purposes?
|
A) maintaining a Common Body of Knowledge for information security
B) certifying industry professionals and practitioners in an international IS standard C) ensuring credentials are maintained primarily through continuing education |
|
The information security Common Body of Knowledge is
|
a compilation and distillation of all security information collected internationally of relevance to information security professionals
|
|
The CBK contains:
|
10 domains
|
|
The Security Management Practices domain includes:
|
documented policies, standards, procedures, and guidelines
|
|
The Security Architecture and Models domain includes:
|
concepts and principles for secure designs of computing resources
|
|
The Access Control Systems and Methodology domain includes:
|
a collection of mechanisms to create secure architectures for asset protection
|
|
The Application Development Security domain includes:
|
an outline for the software development environment to address security concerns
|
|
The Operations Security domain includes:
|
identification of controls over hardware, media, and personnel
|
|
The Physical Security domain includes:
|
B) perimeter security controls and protection mechanisms
C) data center controls and specifications for physically secure operations |
|
The Cryptography domain includes:
|
principles, means, and methods to disguise information to assure confidentiality, integrity, and authenticity
|
|
The Telecommunications, Network, and Internet Security domain includes:
|
A) technology, principles, and best practices to secure telephone networks
B) technology, principles, and best practices to secure corporate networks C) technology, principles, and best practices to secure Internet-attached networks |
|
The Business Continuity domain includes:
|
plans for recovering business operations in the event of loss of access by personnel
|
|
The Law, Investigations, and Ethics domain includes:
|
methods to investigate computer crime incidents
|
|
People more interested in certifying themselves as security experts in a business context should consider preparing for which certification?
|
CISA
|
|
People more interested in certifying themselves as security technical practitioners should consider preparing for which certification(s)?
|
GIAC and CompTIA Security+
|
|
the growth in the security profession is driven by:
|
new technology
|