Corpus documentaire du CISSP

Préparer l’examen CISSP exige un travail soutenu. Le programme comporte 8 domaines (voir les résumés des contenus 1, 2, 3, 4, 5, 6, 7 et 8) qui aborde tous les aspects de la cybersécurité sans toutefois les approfondir. Le programme revu tous les trois ans par l’ISC(2) cite de nombreuses références et ouvrages qui forment une partie de l’état de l’art. Un article précédent établit une liste des normes ISO dont il est recommandé d’avoir une idée du contenu. Voici une liste d’autres documents, dont beaucoup sont américains, importants à connaitre pour être certifié.A.
Principes de gouvernance d'entreprise du G20 et de l'OCDE |
||
OECD Privacy Framework |
||
Asia Pacific Economic Cooperation Privacy Framework |
||
NIST 199 - Standards for Security Categorization of Federal Information and Information Systems |
||
NIST 800-34 Rev. 1 - Contingency Planning Guide for Federal Information Systems |
||
FIPS 200 Minimum Security Requirements for Federal Information and Information Systems |
||
NIST 800-37 - Risk Management Framework for Information Systems and Organizations |
||
COSO Enterprise Risk Management - Integrating with Strategy and Performance |
||
COBIT 2019 – gouvernance IT |
||
Référentiel des risques IT (ISACA) |
||
Health Information Trust Alliance Common Security Framework |
||
NERC CIP – cybersecurity v5 standards |
||
PCI DSS v4 - Industrie des cartes de paiement (PCI) - Norme de sécurité des données |
||
NIST 800-30r1 Guide for Conducting Risk Assessments |
||
NIST 800-60 Guide for Mapping Types of Information and Information Systems to Security Categories |
||
NIST Special Publication 800-160 – Vol 1 Systems Security Engineering |
||
NIST 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations |
||
NIST 800-63-3 – Digital Identity Guidelines |
||
NIST 800-63-3A – Enrollment and Identity Proofing |
||
NIST 800-63-3B – NIST 800-63-3A – Enrollment and Identity Proofing |
||
|
||
NIST 800-192 – Verification and Test Methods for Access Control Policies/Models |
||
OSSTMM 3– Open Source Security Testing Methodology Manual |
||
NIST 800-122 - Guide to Protecting the Confidentiality of Personally Identifiable Information |
||
BS EN 15713:2009 - Secure destruction of confidential material - Code of practice |
||
NIST SP 800-30 Guide for Conducting Risk Assessments |
||
NIST SP 800-18 Rev. 1 Guide for Developing Security Plans for Federal Information Systems |
||
NIST SP 800-160 Volume 2 Developing Cyber Resilient SystemsA Systems Security Engineering Approach |
||
NIST SP 800-39 Managing Information Security Risk Organization, Mission, and Information System View |
||
NISTIR 8062 An Introduction to Privacy Engineering and Risk Management in Federal Systems |
||
ITU-T X-SERIES Recommendations data networks, open system communications and security |
||
CIS (Center for Internet Security) Benchmarks (hardening guides) et référentiel |
||
The Protection of Information in Computer Systems (SALTZER, SCHROEDER) |
||
FIPS 201-2 - Personal Identity Verification (PIV) of Federal Employees and Contractors |
||
NIST SP 800-115 Technical Guide to Information Security Testing and Assessment |
||
Common Criteria for Information TechnologySecurity Evaluation (part 1, 2 and 3) v3.1 – release 5 |
||
FedRAMP Continuous Monitoring Strategy Guide |
||
SP 800-55 Rev. 1 Measurement Guide for Information Security |
||
NIST 800-70 R4 - National Checklist Program for IT Products – Guidelines for Checklist Users and Developers |
Pour en savoir plus sur les 20 meilleures formations sur la sécurité des systèmes d’information, téléchargez gratuitement notre livre blanc ci-dessous :