###### tags: `CISSP` # CISSP CBK 為什麼要了解每個名詞 才有辦法串聯知識體系(A mile wide, an inch deep) 考試要三觀正確 要BY THE BOOK(實務權宜措施可能會有徧差) CISSP 8 CBK Domains 1. Security and Risk Management (D1) 2. Asset Security (D2) 3. Security Architecture and Engineering (D3) 4. Communication and Network Security (D4) 5. Identity and Access Management(IAM) (D5) 6. Security Assessment and Testing (D6) 7. Security Operations (D7) 8. Software Development Security (D8) 對應的OUTLINE [cissp-certification-exam-outline](https://www.isc2.org/certifications/cissp/cissp-certification-exam-outline) 主角有 - 企業目標 [Business Goal] - [CIA] - [Assets] - [Risks] - [Controls] - [Assessment] 劇本是 資安(D1)跟IT一樣要Support [Business Goal] 基於此目的要定義[CIA]是什麼 而[Assets]的安全性要達到[CIA] [Risks]會衝擊[CIA] 為了解決風險所以要採取資安控制措施[Controls] 包含(D2)、(D3)、(D5)、(D7)、(D8) 並確保有效性(D6)