邪恶八进制信息安全团队技术讨论组 » 专题安全方向{ Security Research Papers } » [转载]CISSP Prep Resources [查看完整版本]

睡猫 2006-6-27 15:48

[转载]CISSP Prep Resources

<p>文章作者：<a href="mailto:ddml@apl.jhu.edu">ddml@apl.jhu.edu</a><br />原始连接：<a href="http://www.apl.jhu.edu/~ddml/CISSP_info.html">[url]http://www.apl.jhu.edu/~ddml/CISSP_info.html[/url]</a><br /><br /></p><h2><a name="Index">Contents</a></h2><ul><li><a href="#GEN">General CISSP Info</a> </li><li><a href="#QUES">Sample CISSP Exam Questions</a> </li><li><a href="#DOM1">Domain 1 - Security Management Practices</a> </li><li><a href="#DOM2">Domain 2 - Access Control Systems and Methodology</a> </li><li><a href="#DOM3">Domain 3 - Telecommunications and Network Security</a> </li><li><a href="#DOM4">Domain 4 - Cryptography</a> </li><li><a href="#DOM5">Domain 5 - Security Architecture and Models</a> </li><li><a href="#DOM6">Domain 6 - Operations Security</a> </li><li><a href="#DOM7">Domain 7 - Applications and Systems Development Security</a> </li><li><a href="#DOM8">Domain 8 - BCP and Disaster Recovery Planning</a> </li><li><a href="#DOM9">Domain 9 - Law, Investigations, and Ethics</a> </li><li><a href="#DOM10">Domain 10 - Physical Security</a> </li></ul><hr /><dl><dt><b><a name="GEN">General CISSP Info</a></b>: </dt><dd><p><a href="http://groups.yahoo.com/group/CISSP_ISSA_BALTIMORE/">CISSP_ISSA_BALTIMORE Study Group Yahoo Site</a> </p><p><a href="http://www.eaglesreach.com/cisspforum/faq.html">CISSP Yahoo Group FAQ</a></p><p><a href="http://www.infosecuritymag.com/2003/jun/certifiable.shtml">About the CISSP Test & Certification</a></p><p><a href="http://csrc.nist.gov/publications/nistpubs/index.html">NIST Computer Security Publications</a> - from the NIST Computer Security Resources Site. </p><p><a href="http://www.csrc.nist.gov/">NIST Computer Security Resource Center</a> - CSRC. </p><p><a href="http://www.isc2.org/">ISC2</a> - International Information Systems Security Certification Consortium. </p><p><a href="http://www.cccure.org/">CISSP Open Study Guide site</a></p><p><a href="http://seclab.cs.ucdavis.edu/projects/history/seminal.html">Seminal Papers</a> - from the Computer Security Paper Archive Project. </p><p><a href="http://www.tscm.com/nstiss.html">NSTISSI No. 4009</a> - 1992 National Information Systems Security (INFOSEC) Glossary. "Provides standard definitions for many of the specialized terms relating to the disciplines of communications security (COMSEC) and automated information systems security (AISS), sometimes referred to as computer security (COMPUSEC)." The most recent Sept. 2000 version is available as a PDF file at <a href="http://www.nstissc.gov/Assets/pdf/4009.pdf">www.nstissc.gov/Assets/4009.pdf</a>. </p><p><a href="http://www.wikipedia.org/wiki/Information_security">Wikipedia's Review of Information Security</a>. </p><p><a href="http://www.cccure.org/Documents/HISM/">Handbook of Information Security Management</a> - 1999 edition. </p><p><a href="http://www.intelbrief.com/compusec.htm">Computer Security Resources</a> </p><p><a href="http://fas.org/index.html">Federation of American Scientists</a> </p><p><a href="http://www.securitymanagement.com/">SecurityManagement Online</a> extensive news and legal coverage of security issues. </p><p><a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tips/Manage.asp">Microsoft Security Tips</a> </p><p><a href="#Index"><i>Back to Index</i></a> </p><p /></dd><dt><b><a name="QUES">Sample CISSP Exam Questions</a></b>: </dt><dd><p><a href="http://cccure.org/testmain.php">CCCure's Sample CISSP Questions</a> . Be sure to check their <a href="http://www.cccure.org/modules.php?name=Downloads&d_op=viewdownload&cid=10">Study Guides and download materials</a>. </p><p><a href="http://www.cert21.com/CISSP-exams.html">Cert21 practice tests</a> - but you first need to set up an account with them. </p><p><a href="#Index"><i>Back to Index</i></a> </p><p /></dd><dt><b><a name="DOM1">Domain 1 - Security Management Practices</a></b>: </dt><dd><p>Note that there is much commonality between this and other domains. </p><p><a href="http://www.theiia.org/itaudit/index.cfm?fuseaction=forum&fid=482">Modelling Information Risk Elements</a> - by Alan Oliphant (in ITAudit) </p><p><a href="http://www.enteract.com/~bradapp/links/scm-links.html">Configuration Management Guides</a> - This material is also useful for Domain 7 review of applications configuration management. </p><p><a href="http://www.cccure.org/Documents/HISM/223-228.html">Risk Management</a> - from the Handbook of Information Security Management. </p><p><a href="http://www.microsoft.com/technet/security/tips/Manage.asp?frame=true">Microsoft Whitepapers on Security Management </a>- This is a recent (9/2002) guide with set of links to various Microsft papers that cover the management of site security policies and procedures. </p><a href="#Index"><i>Back to Index</i></a> <p /></dd><dt><b><a name="DOM2">Domain 2 - Access Control Systems and Methodology</a></b>: </dt><dd><p>There is much repetition here with other domains - review OPSEC (Domain 6) and Physical Security (Domain 10) in particular. See additional Common Criteria and Biometrics resources at those Domains. </p><p><a href="http://securitysolutions.com/">General Access Control info from Security Solutions</a>. </p><p><a href="http://hissa.nist.gov/rbac/paper/rbac1.html">NIST Paper on Role-Based Access Controls </a>- considered to be better than DAC for non-military sites. </p><p><a href="http://www.radium.ncsc.mil/tpep/library/rainbow/">Rainbow Series Library</a> - with PS and PDF formatted documents. </p><p><a href="http://www.inforeading.com/archive/rainbow/5200.28-STD.html">DOD 5200.28-STD</a> - Orange Book (1983) - DoD Trusted Computer System Evaluation Criteria (TCSEC). </p><p><a href="http://www.radium.ncsc.mil/tpep/epl/epl-by-class.html">Evaluated products List</a> - listed by rating from Orange Book. Since this list only covers evals in past three years (note the site was last updated in Sept, 2000) Also, be sure to see the <a href="http://www.radium.ncsc.mil/tpep/epl/historical.html">Historical List</a> of all previously evaluated systems (listed by vendor). </p><p><a href="http://www.inforeading.com/archive/rainbow/NCSC-TG-005.html">NCSC-TG-005</a> - Trusted Network Interpretation of the TSEC (Red Book) and <a href="http://www.inforeading.com/archive/rainbow/NCSC-TG-011.html">NCSC-TG-011</a> - Guidance for Applying the Trusted Network Interpretation. These extend the Orange Book coverage to networks. </p><p><a href="http://www.cesg.gov.uk/assurance/iacs/itsec/index.htm">ITSEC</a> - Information Technology Security Evaluation Criteria - British certification recognized in Europe. Developed as an international alternative to TCSEC. In May 1990 France, Germany, the Netherlands and the United Kingdom published the Information Technology Security Evaluation Criteria (ITSEC) based on existing work in their respective countries. Following extensive international review, Version 1.2 was subsequently published in June 1991 by the Commission of the European Communities for operational use within evaluation and certification schemes. ITSEC is a structured set of criteria for evaluating computer security within products and systems. Each evaluation involves a detailed examination of IT security features culminating in comprehensive and informed functional and penetration testing. This work is undertaken using an agreed Security Target as the baseline for ensuring that a product or system meets its security specification. ITSEC operates the concept of assurance levels E0 to E6. This scale represents ascending levels of confidence that can be placed in the TOEs security functions and determines the rigour of the evaluation. Since the launch of ITSEC in 1990, a number of other European countries have agreed to recognise the validity of ITSEC evaluations. Both ITSEC and TCSEC are forerunners of the <a href="http://www.commoncriteria.org/">Common Criteria</a> - ISO 15408 (1998)- first released in 1996. </p><p><a href="http://www.cesg.gov.uk/assurance/iacs/itsec/criteria/common-criteria/index.htm">CC EALs</a> - Common Criteria's 7 Evaluation Assurance Levels (EAL 1-7) and their relationship to ITSEC evaluation levels (E0-6). </p><p><a href="http://eros.cs.jhu.edu/~shap/NT-EAL4.html">Understanding the Windows EAL4 Evaluation</a> - a useful discussion of how the CC works.</p><p><a href="http://www.engr.sjsu.edu/biometrics/publications.html">National Biometric Test Center Publications</a> </p><p><a href="http://biometrics.cse.msu.edu/links.html">Biometrics Links</a> from the MSU Biometrics Research Site. </p><p><a href="#Index"><i>Back to Index</i></a> </p><p /></dd><dt><b><a name="DOM3">Domain 3 - Telecommunications and Network Security</a></b>: </dt><dd><p><a href="http://teleeducation.nb.ca/it/">Telecom & Networks web courses</a> - easy to follow, and a good place to start</p><p><a href="http://www.protocols.com/">Communications Protocols</a></p><p><a href="http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/index.htm">Cisco Network Terms Glossary</a> </p><p><a href="http://www.techweb.com/encyclopedia">Techweb Networking Terminology</a></p><p><a href="http://www.whatis.com/">www.whatis.com</a></p><p><a href="http://www.rfc-editor.org/">Searchable RFC Database</a></p><p><a href="http://www.cisco.com/univercd/home/home.htm">Cisco Documentation</a></p><p><a href="http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci958513,00.html?track=NL-31&ad=482836">Guide to Network Administration</a> - good coverage of common issues, plus technical info on LANs, VPNs, and network security.</p><p><a href="http://www.acm.org/crossroads/xrds1-1/tcpjmy.html">TCP/IP Overview</a> from ACM. </p><p><a href="http://www.yale.edu/pclt/COMM/TCPIP.HTM">Intro to TCP/IP</a> - an old (1995) and brief document. The ACM overview is better. </p><p><a href="http://www.dragonmount.net/tutorials/tcpip/part1/intro.htm">TCP/IP Tutorial</a> from Dragonmount </p><p><a href="ftp://ftp.isi.edu/in-notes/rfc1180.txt">RFC1180</a> - a TCP/IP tutorial. </p><p><a href="http://highered.mcgraw-hill.com/sites/dl/free/0072850841/95578/unit10_ch03.ppt">Network Device Presentation</a> - good descriptions and helpful diagrams.</p><p><a href="http://www.private.org.il/tcpip_rl.html">Uri's TCP/IP Resources List</a> - a massive set of well-organized links. This is THE PLACE to go for TCP/IP information. Much of what you need to know or want to find about TCP/IP is at this site. </p><p><a href="http://www.ericsson.com/support/telecom/index.shtml">Understanding Communications</a> - focus on the WAN side - From Ericsson</p><p><a href="http://www.oreillynet.com/pub/a/network/2001/03/16/net_2nd_lang.html">O'Reilly Network Articles</a></p><p><a href="http://www.rhyshaden.com/ethernet.htm">Data Network Resources</a> - this is good overall coverage</p><p><a href="http://www.us.anritsu.com/downloads/files/musthave.pdf">Anritsu Must-Have Reference for IP</a> - has a very good glossary of IP acronyms. </p><p><a href="http://www.webopedia.com/">Webopedia On-line Computer Encyclopedia</a> - good network coverage</p><p><a href="http://fcit.coedu.usf.edu/network/chap4/chap4.htm">Cable and Connectors</a> - this is an excellent document with helpful drawings and tables.</p><p><a href="http://www.stonewallcable.com/ProductFiles/home.html">Cable Products Catalog</a></p><p><a href="http://www.texarkanacollege.edu/~bforward/nwessch3.htm">Networking Media Course</a> - good overview set of slides, includes wireless.</p><p><a href="http://www.tek.com/Measurement/App_Notes/22_15443/eng/22W_15443_0.pdf">Fiber Technology</a></p><p><a href="http://files.quadrantcommunications.be/Quadrant.nsf/Pages/CISP">Images of Cisco network devices</a></p><p><a href="http://www.webopedia.com/quick_ref/EthernetDesignations.asp">Ethernet Designations</a> - nice chart of the different Ethernet flavors.</p><p><a href="ftp://ftp.prenhall.com/pub/esm/sample_chapters/cs/stallings/pdf/ch04.pdf">Telecommunications Media</a> - Chapter 4 of Stallings' Data and Computer Copmmunications textbook. </p><p><a href="http://www.networkmagazineindia.com/200205/krone2.shtml">CAT7 vs Fiber </a>- discussion of the different cable types and expected usage; good coverage of fiber technology.</p><p><a href="http://www.techfest.com/networking/wan.htm">WANs</a></p><p><a href="http://directory.google.com/Top/Computers/Internet/Protocols/">Google Searchable Subject Index on Internet Protocols</a></p><p><a href="http://www.iana.org/assignments/port-numbers">IANA List of Registered TCP/IP Ports</a></p><p><a href="http://www.busan.edu/~nic/networking/tcpip/ch02_07.htm">TCP/IP Protocols, Ports, and Sockets</a> - good coverage of how they work. </p><p><a href="http://www.gcn.com/vol1_no1/daily-updates/23877-1.html">DOD Migration to IPv6</a> - 10/14/03 issue of GCN </p><p><a href="http://documents.iss.net/whitepapers/IPv6.pdf">Security Implications of IPv6</a> - ISS paper that discusses how migration to IPv6 may create security problems. </p><p><a href="http://www.manualy.sk/protocols2/voip/architecture.htm">VoIP</a></p><p><a href="http://www.wkmn.com/newsite/wireless.html">Wireless Tutorial</a></p><p><a href="http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci888215,00.html">802.11 Tutorial</a></p><p><a href="http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html">Comprehensive list of network monitoring tools</a></p><p><a href="http://www.finisar.com/nt/taps.php">Shomiti Taps</a> - Finistar site</p><p><a href="http://www.lurhq.com/technical.html">LURHQ's Malware Technical Papers</a> contain some solid info about various worms and viruses, and exploits like DNS cache poisoning.</p><p><a href="http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap12.pdf">Access Control and Firewalls</a></p><p><a href="http://www.cs.unibo.it/babaoglu/courses/security/lucidi/IPSec.pdf">SSL and IPSec Tutorial</a> - presentation with good coverage and useful diagrams. Also see <a href="http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap14.pdf">SSL and TLS description</a> and <a href="http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap13.pdf">thorough IPSec presentation</a> </p><p><a href="http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.htm">IPSec Overview from Cisco</a> </p><p><a href="http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.htm">IPSec White Paper</a> - from Cisco, contains a useful summary.</p><p><a href="http://www.microsoft.com/serviceproviders/columns/what_is_ipsec_tunneling_987.asp">IPSec Tunneling Described</a> - short Microsoft article with some helpful diagrams</p><p><a href="http://www.cs.unibo.it/babaoglu/courses/security/lucidi/PKI.pdf">PKI Tutorial</a> </p><p><a href="http://www.networkcomputing.com/902/902ws1.html">Radius and TACACS</a> - Network Computing article. </p><p><a href="http://ou800doc.caldera.com/NET_bnu/rpcC.secure_rpc.html">Secure RPC</a> - brief overview. <a href="http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap15.pdf">Application Layer Security Protocols</a> </p><p><a href="http://www.linuxjournal.com/article.php?sid=5201">Sniffer tools and detection</a> article in Linux Journal - brief overview. </p><p><a href="http://grc.com/oo/packetsniff.htm">packetsniff</a> site by Steve Gibson. </p><p><a href="http://packetstormsecurity.org/sniffers/">Packet Storm's</a> alphabetized download site for sniffer and analyzer software, with descriptions. </p><p><a href="http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap10.pdf">High-level Overview of Attacks, Services, and Mechanisms</a></p><p><a href="http://www.rad.com/networks/netterms.htm">RAD Network Tutorials</a> - much easy to find info and a glossary. </p><p><a href="http://www.spirit.com/Network/index.html">Network Security Articles by Rik Farrow</a></p><p><a href="http://www.faximum.com/faq/fax/index.shtml">FAX FAQS</a> - from FAXIMUM. Very extensive coverage. </p><p><a href="http://www.iss.net/security_center/advice/Underground/">ISS Security Center's Underground info</a> </p><p><a href="http://www.apl.jhu.edu/~ddml/NETWORK_info.html">My Network Resourcess</a> </p><p><a href="http://www.apl.jhu.edu/~ddml/SECURITY_info.html">My Security Resources</a> </p><p><a href="#Index"><i>Back to Index</i></a> </p><p /></dd><dt><b><a name="DOM4">Domain 4 - Cryptography</a></b>: </dt><dd><p><a href="http://www.cs.unibo.it/babaoglu/courses/security/documents/intro-to-crypto.pdf">Intro to Cryptography and PGP </a>- Good intro with useful Glossary - heavy focus on PGP. </p><p><a href="http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap11.pdf">Summary of Cryptographic Techniques</a> </p><p><a href="http://www.apl.jhu.edu/~ddml/SECURITY_info.html#Crypto">My Crypto Links</a> - several useful links that I have found are here (part of my security web page). These include two quality sites that have massive sets of links to numerous crypto sites. Also, see <a href="http://www.apl.jhu.edu/~ddml/SECURITY_info.html#CLASS">My Security Class Links</a> that includes various NIST links. </p><p><a href="http://csrc.nist.gov/publications/nistpubs/800-7/node207.html">NIST's Cryptography Overview</a> - good discussion of symmetric and asymmetric methods. </p><p><a href="http://www.theatlantic.com/issues/2002/09/mann.htm">Homeland Insecurity</a> - Atlantic Monthly interview with Bruce Schneier. Some good crypto background material and a <a href="http://www.theatlantic.com/issues/2002/09/mann_g.htm">primer on public-key encryption</a>. </p><p><a href="http://www.wikipedia.org/wiki/Cryptography">Wikipedia's review of cryptography</a> </p><p><a href="#Index"><i>Back to Index</i></a> </p><p /></dd><dt><b><a name="DOM5">Domain 5 - Security Architecture and Models</a></b>: </dt><dd><p><a href="http://www.ietf.org/html.charters/ipsec-charter.html">IPSEC</a> - Charter for IETF's IPSEC with list of relevant RFPs from this group. </p><p><a href="http://seclab.cs.ucdavis.edu/projects/history/papers/ande72.pdf">The Anderson Report</a> - Computer Security Technology Planning Study, 1972 for USAF. </p><p><a href="http://www.netapps.org/Events/apr04confdocenterprisesecurityarchitecture.doc">Enterprise Security Architecture</a> - Draft document from the NAC Security Architecture Work Group April 2004</p><p><a href="http://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-32-92.html">The Design and Evaluation of Infosec Systems</a> - C-TR-32-92. </p><p><a href="http://www.cccure.org/Documents/HISM/399-404.html">Security Architecture</a> - from the Handbook of Information Security Management. </p><p><a href="http://www.multicians.org/general.html">Multics General Info and FAQ</a> - early mainframe timesharing system, forerunner of UNIX but more heavily secured. </p><p><a href="http://www.cs.nps.navy.mil/curricula/tracks/security/notes/chap08_31.html">Matrix of TCB Divisions</a> - a nice visual aid helping to understand the different levels of the Trusted Computer Base in TCSEC. </p><p><a href="http://www.eskimo.com/~joelm/tempest.html">The Complete, Unofficial TEMPEST Information Page</a> </p><p><a href="#Index"><i>Back to Index</i></a> </p><p /><hr /></dd><dt><b><a name="DOM6">Domain 6 - Operations Security</a></b>: </dt><dd><a><img height="433" src="enemyislistening.jpg" width="308" border="0" /></a> </dd><dt> </dt><dd><a href="http://www.cert.mil/misc/links.htm">Links to CIRT Sites</a> </dd><dd><p><a href="http://www.defendamerica.mil/articles/a021202b.html">[url]http://www.defendamerica.mil/articles/a021202b.html[/url]</a></p></dd><dd><p><a href="http://www.nipc.gov/">National Infrastructure Protection Center</a> </p><p><a href="http://www.rad.com/networks/netterms.htm">RAD Network Tutorials</a> - much easy to find info and a glossary. </p><p><a href="http://www.commoncriteria.org/">Common Criteria</a> - ISO 15408. Be sure to read the <a href="http://www.commoncriteria.org/introductory_overviews/CCIntroduction.pdf">Introduction to CC</a> - pdf file for those (like us) who don't need to read the full document. </p><p><a href="http://www.harbrook.net/consultancy/ent_wp.html">FCAPS</a> - Fault, Configuration, Accounting, Performance, and Security - model for asset management. </p><p><a href="http://www.inforeading.com/archive/rainbow/">Rainbow Series</a> - online library - note the Configuration Management and Trusted Recovery documents. </p><p><a href="http://fas.org/irp/nsa/ioss/index.html">Interagency OPSEC Support Staff</a> - info about IOSS plus links to other good OPSEC sources such as NSDD 298, and the OPSEC Professionals Society. </p><p><a href="http://fas.org/irp/doddir/dod/d5205_02.htm">DoD OPSEC Program</a> - DoD Dir 5205.2. </p><p><a href="http://www.andrews.af.mil/89cg/89cs/scbsi/opsec.html">Andrews AFB OPSEC Site</a> - has many related organizational and reference links, including a useful glossary of terms. </p><p><a href="http://www.opsec.org/">Northrop Grumman IT Site</a> </p><p><a href="#Index"><i>Back to Index</i></a> </p><p /></dd><dt><b><a name="DOM7">Domain 7 - Applications and Systems Development Security</a></b>: </dt><dd><p><a href="http://searchwindowsmanageability.techtarget.com/sDefinition/0,,sid33_gci523855,00.html">Fast Guide to RAM Types</a> </p><p><a href="http://www.itworks.be/objects/">Objects and Components</a> - OO resources from I.T. Works. </p><p><a href="https://extranet.southwire.com/docs/easfg/easvrfgp7.htm">Relational Database Concepts</a> - a brief review. </p><p><a href="http://www.cs.msstate.edu/~cs6990/Week4/Week4.ppt">Database Security</a> - helpful PowerPoint presentation from a college course. </p><p><a href="#Index"><i>Back to Index</i></a> </p><p /><hr /></dd><dt><b><a name="DOM8">Domain 8</a></b> - <strong>BCP and Disaster Recovery Planning</strong> </dt><dd> </dd><dd><a href="http://www.nwfusion.com/research/disasterrecov.html">[url]http://www.nwfusion.com/research/disasterrecov.html[/url]</a> Network World Fusion Research site on Disaster Recovery with a wide assortment of links. </dd><dd><p><a href="#Index"><i>Back to Index</i></a> </p><p /><hr /></dd><dt><b><a name="DOM9">Domain 9 - Law, Investigation & Ethics:</a></b> </dt><dd><p><a href="http://www.securityfocus.com/infocus/1669">US Information Security Law - Part 1</a> - from SecurityFocus 2/25/2003. </p><p><a href="http://www.thecre.com/fedlaw/legal8.htm">Federal Laws & Regs</a> - good set of links from fedlaw site but only thru the late 90's. Some additional related links as well to federal agencies and other security sites.</p><p><a href="http://dmoz.org/Computers/Ethics/Codes_of_Ethics/">Code of Ethics</a> from various sources including ISC2. </p><p><a href="http://www.faqs.org/rfcs/rfc1087.html">RFC 1087</a> - the IAB's "Ethics and the Internet". </p><p><a href="http://www.lawsource.com/">LAWSOURCE</a> - American Law Sources On-Line. </p><p><a href="http://travel.state.gov/mlat.html">MLAT</a> - Mutual Legal Assistance Treaties. </p><p><a href="http://www.educause.edu/issues/dmca.html">Digital Millenium Copyright Act</a> - many links to resources about the DMCA - from educause. </p><p><a href="http://www.net.ohio-state.edu/hypertext/csa-1987.html">Computer Security Act of 1987</a> - Public Law 100-235 </p><p><a href="http://wiretap.area.com/Gopher/Gov/US-Docs/compfraud.act">Computer Fraud and Abuse Act of 1986</a> - 18 USC 1030 </p><p><a href="http://www.gocsi.com/pdfs/duecare.pdf">Why the Due Care security review method is superior to Risk Assessment</a> - Donn Parker's argument against using Risk Assesssment techniques. CSI's Computer Security Alert, Number 212, November 2000. </p><p><a href="http://www.kuesterlaw.com/">Intellectual Property Law</a> - from KuesterLaw - The Technology Law Resource with links to many patent, copyright, and trademark related sites. </p><p><a href="http://www.nipc.gov/legal/legal.htm">Legal & Ethical Issues</a> from NIPC </p><p><a href="http://www.eff.org/">Electronic Frontier Foundation</a> </p><p><a href="http://www.epic.org/">Electronic Privacy Information Center</a> - EPIC</p><p><a href="http://www.cybercrime.gov/">WWW.CYBERCRIME.GOV</a> - US DOJ </p><p><a href="http://www.usdoj.gov/criminal/cybercrime/cclaws.html">Federal Computer Intrusion Laws</a> - links provided by CCIPS at the cybercrime site. </p><p><a href="http://www.usdoj.gov/criminal/cybercrime/1030_new.html">Computer Fraud & Abuse Act of 1986</a> - 18 USC 1030 w/ 1996 amendments - from the DOJ cybercrime site. </p><p><a href="http://www.house.gov/science_democrats/archive/compsec1.htm">Computer Security Act of 1987</a> - the full text of the law in an easy-to-read format. </p><p><a href="http://www.epic.org/crypto/csa/">Computer Security Act of 1987</a> - Site at the Electronic Privacy Information Center (www.epic.org) that contains links to additional related info. </p><p><a href="http://www.epic.org/privacy/terrorism/usapatriot/">Patriot Act</a></p>- at the EPIC site. <p><a href="http://www.eff.org/Privacy/Surveillance/Terrorism_militias/20011025_hr3162_usa_patriot_bill.html">USA Patriot Act</a> - full text (from the EFF site). </p><p><a href="http://www.eff.org/Privacy/Surveillance/Terrorism_militias/20011031_eff_usa_patriot_analysis.html">USA Patriot Act analysis </a>by EFF - very thorough. </p><p><a href="http://www.first.org/">FIRST</a> - Forum for Incident Response. </p><p><a href="http://www.cert.org/csirts/">CERT Incident Response Team Resources</a> </p><p><a href="http://www.legalwks.com/">Glasser LegalWorks</a> - much info (online newsletters and many links) relating to the legal side of computing. </p><p><a href="http://www.lawsource.com/also/#[United%20States]">State Law Search</a> and <a href="http://nsi.org/Library/Compsec/computerlaw/statelaws.html">State Computer Laws</a> </p><p><a href="http://www.apl.jhu.edu/~ddml/SECURITY_info.html#LAW">more</a> - additional computer law & forensics resources from my security site. </p><p><a href="#Index"><i>Back to Index</i></a> </p><p /><hr /></dd><dt><b><a name="DOM10">Domain 10 - Physical Security</a></b>: </dt><dd><p><a href="http://groups.yahoo.com/group/CISSP_ISSA_BALTIMORE/files/Physical%20Security%20/">CISSP_ISSA_BALTIMORE Yahoo Files</a> </p><p><a href="http://www.tibs.org/">The International Biometric Society</a> is devoted to the mathematical and statistical aspects of biology. </p><p><a href="http://www.biometrics.org/">The Biometric Consortium</a> US govt. focal point for research, development, testing, and evaluation. It is sponsored by NSA and NIST. See their <a href="http://www.biometrics.org/html/introduction.html">Introduction to Biometrics</a>. </p><p><a href="http://www.itl.nist.gov/div895/biometrics/about.html">NIST Biometrics Research Center</a> </p><p><a href="http://www.commoncriteria.org/site_index.html">Common Criteria</a> -site index for the new international standard for Information Security - ISO/IEC 15408. Includes a list of products that meet Common Criteria evaluation requirements. </p><p><a href="http://niap.nist.gov/">National Information Assurance Partnership</a> sponsored by NIST and NSA to disseminate information on the status of all development efforts associated with new security specs and requirements that comply with the Common Criteria. See the <a href="http://niap.nist.gov/niap/library/20020215memo.pdf">NSTISSP No. 11</a> FAQ that clarifies compliance with this national IA acquisition policy for deploying IA products at govt. sites. </p><p><a href="http://www.fs-business.com/InformationCenter/faq/FAQHalon.asp">Halon 1301 FAQ</a>. </p><p><a href="http://www.fs-business.com/informationcenter/faq/FAQHalonAlternative.asp">Halon Alternatives FAQ</a>. <a href="http://www.reliablefire.com/fm200/fm200.html">FM-200</a> is supposed to be the most effective alternative. </p><p><a href="http://www.cccure.org/Documents/Physical_Security/fm3-19.30.pdf">Army Field Manual of Physical Security</a> - (314 pages). recommended sections are Physical Barriers (c.4), Lighting (c.5), Security Systems (c.6), Access Control (c.7), and Lock and Key (c.8) </p><p><a href="#Index"><i>Back to Index</i></a> </p><p /></dd></dl><p /><hr /><p>Please send feedback and suggestions for improvement to Dave Libershal: <a href="mailto:ddml@apl.jhu.edu"></a></p><address>ddml@apl.jhu.edu</address>

查看完整版本: [转载]CISSP Prep Resources

© 1999-2008 EvilOctal Security Team