The Effective CISSP: Security and Risk Management (Paperback)

Wu, Wentz

  • 出版商: Wentz Wu
  • 出版日期: 2020-04-27
  • 售價: $1,300
  • 貴賓價: 9.5$1,235
  • 語言: 英文
  • 頁數: 326
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 9574376478
  • ISBN-13: 9789574376476
  • 相關分類: Cisco資訊安全
  • 立即出貨 (庫存=1)



Start with a Solid Foundation to Secure Your CISSP

The Effective CISSP: Security and Risk Management is for CISSP aspirants and those who are interested in information security or confused by cybersecurity buzzwords and jargon. It is a supplement, not a replacement, to the CISSP study guides that CISSP aspirants have used as their primary source. It introduces core concepts, not all topics, of Domain One in the CISSP CBK - Security and Risk Management. It helps CISSP aspirants build a conceptual security model or blueprint so that they can proceed to read other materials, learn confidently and with less frustration, and pass the CISSP exam accordingly. Moreover, this book is also beneficial for ISSMP, CISM, and other cybersecurity certifications.

This book proposes an integral conceptual security model by integrating ISO 31000, NIST FARM Risk Framework, and PMI Organizational Project Management (OPM) Framework to provide a holistic view for CISSP aspirants. It introduces two overarching models as the guidance for the first CISSP Domain: Wentz's Risk and Governance Model.

  • Wentz's Risk Model is based on the concept of neutral risk and integrates the Peacock Model, the Onion Model, and the Protection Ring Model derived from the NIST Generic Risk Model.
  • Wentz's Governance Model is derived from the integral discipline of governance, risk management, and compliance.

There are six chapters in this book organized structurally and sequenced logically. If you are new to CISSP, read them in sequence; if you are eager to learn anything and have a bird view from one thousand feet high, the author highly suggests keeping an eye on Chapter 2 Security and Risk Management.

This book, as both a tutorial and reference, deserves space on your bookshelf.



「有效的CISSP:安全與風險管理」適用於CISSP考生以及對資訊安全感興趣或對網路安全術語和行話感到困惑的人。它是CISSP考生使用的主要資料來源的「補充」,而不是替代品。它介紹了CISSP CBK(安全與風險管理)第一領域的核心概念,而不是所有主題。它幫助CISSP考生建立一個概念性的安全模型或藍圖,以便他們可以繼續閱讀其他資料,自信地學習並減少挫折,並相應地通過CISSP考試。此外,這本書對ISSMP、CISM和其他網路安全認證也有益處。

本書提出了一個整體的概念性安全模型,通過整合ISO 31000、NIST FARM風險框架和PMI組織專案管理(OPM)框架,為CISSP考生提供全面的視角。它介紹了兩個總體模型作為第一個CISSP領域的指導:Wentz的風險和治理模型。

- Wentz的風險模型基於中性風險的概念,並整合了從NIST通用風險模型衍生出的Peacock模型、洋蔥模型和保護環模型。
- Wentz的治理模型源於治理、風險管理和合規性的整體學科。