You're reading from CISSP in 21 Days Boost your confidence and get the competitive edge you need to crack the exam in just 21 days!

Product type Paperback

Published in Jun 2016

Publisher

ISBN-13 9781785884498

Length 402 pages

Edition 2nd Edition

Concepts

Cybersecurity

Author (1):

M. L. Srinivasan

View More author details

Table of Contents (22) Chapters

Preface

1. Day 1 – Security and Risk Management - Security, Compliance, and Policies FREE CHAPTER

2. Day 2 – Security and Risk Management - Risk Management, Business Continuity, and Security Education

3. Day 3 – Asset Security - Information and Asset Classification

4. Day 4 – Asset Security - Data Security Controls and Handling

5. Day 5 – Exam Cram and Practice Questions

6. Day 6 – Security Engineering - Security Design, Practices, Models, and Vulnerability Mitigation

7. Day 7 – Security Engineering - Cryptography

8. Day 8 – Communication and Network Security - Network Security

9. Day 9 – Communication and Network Security - Communication Security

10. Day 10 – Exam Cram and Practice Questions

11. Day 11 – Identity and Access Management - Identity Management

12. Day 12 – Identity and Access Management - Access Management, Provisioning, and Attacks

13. Day 13 – Security Assessment and Testing - Designing, Performing Security Assessment, and Tests

14. Day 14 – Security Assessment and Testing - Controlling, Analyzing, Auditing, and Reporting

15. Day 15 – Exam Cram and Practice Questions

16. Day 16 – Security Operations - Foundational Concepts

17. Day 17 – Security Operations - Incident Management and Disaster Recovery

18. Day 18 – Software Development Security - Security in Software Development Life Cycle

19. Day 19 – Software Development Security - Assessing effectiveness of Software Security

20. Day 20 – Exam Cram and Practice Questions

21. Day 21 – Exam Cram and Mock Test

Threats and vulnerabilities to application systems

As a security professional, one must s on the following while considering security for applications:

Asset: An asset is basically a resource. It may be a computer, operating system, database management system and so on.
Threat: This is an event that could compromise an asset by exploiting the weaknesses or vulnerabilities in the asset.
Threat agent: A threat cannot manifest on its own. It needs an agent to exploit vulnerabilities. For example, hacking is a threat. Not having suitable patch management control or monitoring control is a vulnerability. Hacking is done by a hacker. Hence, a malicious hacker is a threat agent for unethical hacking.
Vulnerability: This is a weakness in the system that a threat agent could exploit. Inappropriate change controls or insufficient security testing in a software development process is an example of weak development processes. Such weaknesses could introduce vulnerabilities in the software.
Attack: This...

The rest of the chapter is locked

You're reading from CISSP in 21 Days Boost your confidence and get the competitive edge you need to crack the exam in just 21 days!

Table of Contents (22) Chapters

Threats and vulnerabilities to application systems

Authors (1)

Personalised recommendations for you

You're reading from CISSP in 21 Days Boost your confidence and get the competitive edge you need to crack the exam in just 21 days!

Table of Contents (22) Chapters

Threats and vulnerabilities to application systems

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you