You are previewing CISSP Cert Guide, Second Edition.
O'Reilly logo
CISSP Cert Guide, Second Edition

Book Description

In this best-of-breed study guide, two leading experts help you master all the topics you need to know to succeed on your CISSP exam and advance your career in IT security. Their concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know.

Every feature of this book supports both efficient exam preparation and long-term mastery:

  • Opening Topics Lists identify the topics you’ll need to learn in each chapter, and list (ISC)2’s official exam objectives

  • Key Topics feature figures, tables, and lists that call attention to the information that’s most crucial for exam success

  • Exam Preparation Tasks allow you to review key topics, complete memory tables, define key terms, work through scenarios, and answer review questions. All of these help you go beyond memorizing mere facts to master the concepts that are crucial to passing the exam and enhancing your career

  • Key Terms are listed in each chapter and defined in a complete glossary, explaining all the field’s essential terminology

  • The companion website contains the powerful Pearson IT Certification Practice Test Engine, with two practice exams and access to a large library of exam-realistic questions. The compansion website also includes memory tables, lists, and other resources, all in a searchable PDF format.

    This study guide helps you master all the topics on the latest CISSP exam, including

  • Access control

  • Telecommunications and network security

  • Information security governance and risk management

  • Software development security

  • Cryptography

  • Security architecture and design

  • Operation security

  • Business continuity and disaster recovery planning

  • Legal, regulations, investigations, and compliance

  • Physical (environmental) security

  • Table of Contents

    1. About This E-Book
    2. Title Page
    3. Copyright Page
    4. Contents at a Glance
    5. Table of Contents
    6. About the Author
    7. Dedication
    8. Acknowledgments
    9. About the Technical Reviewers
    10. We Want to Hear from You!
    11. Reader Services
    12. Book Features and Exam Preparation Methods
      1. Companion Website
      2. Pearson IT Certification Practice Test Engine and Questions
      3. Install the Software
      4. Activate and Download the Practice Exam
      5. Activating Other Exams
      6. Assessing Exam Readiness
      7. Premium Edition eBook and Practice Tests
    13. Introduction: The CISSP Certification
      1. The Goals of the CISSP Certification
        1. Sponsoring Bodies
        2. Stated Goals
      2. The Value of the CISSP Certification
        1. To the Security Professional
        2. To the Enterprise
      3. The Common Body of Knowledge
        1. Security and Risk Management (e.g. Security, Risk, Compliance, Law, Regulations, Business Continuity)
        2. Asset Security (Protecting Security of Assets)
        3. Security Engineering (Engineering and Management of Security)
        4. Communication and Network Security (Designing and Protecting Network Security)
        5. Identity and Access Management (Controlling Access and Managing Identity)
        6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
        7. Security Operations (e.g. Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
        8. Software Development Security (Understanding, Applying, and Enforcing Software Security)
      4. Steps to Becoming a CISSP
        1. Qualifying for the Exam
        2. Signing Up for the Exam
        3. About the CISSP Exam
    14. Chapter 1. Security and Risk Management
      1. Foundation Topics
        1. Security Terms
        2. Security Governance Principles
        3. Compliance
        4. Legal and Regulatory Issues
        5. Professional Ethics
        6. Security Documentation
        7. Business Continuity
        8. Personnel Security Policies
        9. Risk Management Concepts
        10. Threat Modeling
        11. Security Risks in Acquisitions
        12. Security Education, Training, and Awareness
      2. Exam Preparation Tasks
        1. Review All Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
      3. Answer Review Questions
        1. Answers and Explanations
    15. Chapter 2. Asset Security
      1. Foundation Topics
        1. Asset Security Concepts
        2. Classify Information and Assets
        3. Asset Ownership
        4. Asset Management
        5. Asset Privacy
        6. Data Retention
        7. Data Security and Controls
        8. Asset Handling Requirements
      2. Exam Preparation Tasks
        1. Review All Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
      3. Answer Review Questions
        1. Answers and Explanations
    16. Chapter 3. Security Engineering
      1. Foundation Topics
        1. Engineering Using Secure Design Principles
        2. Security Model Concepts
        3. System Security Evaluation Models
        4. Security Capabilities of Information Systems
        5. Certification and Accreditation
        6. Security Architecture Maintenance
        7. Vulnerabilities of Security Architectures, Designs, and Solution Elements
        8. Vulnerabilities in Web-Based Systems
        9. Vulnerabilities in Mobile Systems
        10. Vulnerabilities in Embedded Devices and Cyber-Physical Systems
        11. Cryptography
        12. Cryptographic Types
        13. Symmetric Algorithms
        14. Asymmetric Algorithms
        15. Public Key Infrastructure
        16. Key Management Practices
        17. Digital Signatures
        18. Digital Rights Management (DRM)
        19. Message Integrity
        20. Cryptanalytic Attacks
        21. Geographical Threats
        22. Site and Facility Design
        23. Building and Internal Security
        24. Environmental Security
        25. Equipment Security
      2. Exam Preparation Tasks
        1. Review All Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
      3. Answer Review Questions
        1. Answers and Explanations
    17. Chapter 4. Communication and Network Security
      1. Foundation Topics
        1. Secure Network Design Principles
        2. IP Networking
        3. IPv4
        4. Protocols and Services
        5. Converged Protocols
        6. Wireless Networks
        7. Communications Cryptography
        8. Secure Network Components
        9. Secure Communication Channels
        10. Network Attacks
      2. Exam Preparation Tasks
        1. Review All Key Topics
      3. Define Key Terms
      4. Answer Review Questions
        1. Answers and Explanations
    18. Chapter 5. Identity and Access Management
      1. Foundation Topics
        1. Access Control Process
        2. Physical and Logical Access to Assets
        3. Identification and Authentication Concepts
        4. Identification and Authentication Implementation
        5. Identity as a Service (IDaaS) Implementation
        6. Third-Party Identity Services Implementation
        7. Authorization Mechanisms
        8. Access Control Threats
        9. Prevent or Mitigate Access Control Threats
      2. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
        3. Review Questions
        4. Answers and Explanations
    19. Chapter 6. Security Assessment and Testing
      1. Foundation Topics
        1. Assessment and Testing Strategies
        2. Security Control Testing
        3. Collect Security Process Data
        4. Analyze and Report Test Outputs
        5. Internal and Third-Party Audits
      2. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
        3. Review Questions
        4. Answers and Explanations
    20. Chapter 7. Security Operations
      1. Foundation Topics
        1. Investigations
        2. Investigation Types
        3. Logging and Monitoring Activities
        4. Resource Provisioning
        5. Security Operations Concepts
        6. Resource Protection
        7. Incident Management
        8. Preventive Measures
        9. Patch Management
        10. Change Management Processes
        11. Recovery Strategies
        12. Disaster Recovery
        13. Testing Recovery Plans
        14. Business Continuity Planning and Exercises
        15. Physical Security
        16. Personnel Privacy and Safety
      2. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
      3. Answer Review Questions
        1. Answers and Explanations
    21. Chapter 8. Software Development Security
      1. Foundation Topics
        1. Software Development Concepts
        2. Security in the System and Software Development Life Cycle
        3. Security Controls in Development
        4. Assess Software Security Effectiveness
        5. Security Impact of Acquired Software
      2. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
        3. Answer Review Questions
        4. Answers and Explanations
    22. Glossary
    23. Appendix A. Memory Tables
      1. Chapter 1
      2. Chapter 2
      3. Chapter 3
      4. Chapter 4
    24. Appendix B. Memory Tables Answer Key
      1. Chapter 1
      2. Chapter 2
      3. Chapter 3
      4. Chapter 4
    25. Index
    26. Inside Front Cover
    27. Inside Back Cover
    28. Where are the Companion Content Files?
    29. Code Snippets