You are previewing CISSP Certification All-in-One Exam Guide, Fourth Edition, 4th Edition.
O'Reilly logo
CISSP Certification All-in-One Exam Guide, Fourth Edition, 4th Edition

Book Description

All-in-One is All You Need

Fully revised for the latest exam release, this authoritative volume offers thorough coverage of all the material on the Certified Information Systems Security Professional (CISSP) exam. Written by a renowned security expert and CISSP, this guide features complete details on all 10 exam domains developed by the International Information Systems Security Certification Consortium (ISC²). Inside, you'll find learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. CISSP All-in-One Exam Guide, Fourth Edition will not only help you pass the test, but also be your essential on-the-job reference.

Covers all 10 subject areas on the exam:

  • Access control
  • Application security
  • Business continuity and disaster recovery planning
  • Cryptography
  • Information security and risk management
  • Legal, regulations, compliance, and investigations
  • Operations security
  • Physical (environmental) security
  • Security architecture and design
  • Telecommunications and network security

The CD-ROM features:

  • Simulated exam with practice questions and answers
  • Video training from the author
  • Complete electronic book

Table of Contents

  1. Copyright
  2. About the Author
  3. Foreword
  4. Acknowledgments
  5. Introduction
  6. Becoming a CISSP
    1. Why Become a CISSP?
    2. The CISSP Exam
    3. CISSP: A Brief History
    4. How Do You Become a CISSP?
    5. Recertification Requirements
    6. What Does This Book Cover?
    7. Tips for Taking the CISSP Exam
    8. How to Use This Book
  7. Security Trends
    1. How Security Became an Issue
    2. Areas of Security
    3. Benign to Scary
    4. Hacking and Attacking
    5. Management
    6. Internet and Web Activities
    7. A Layered Approach
    8. An Architectural View
    9. Politics and Laws
    10. Education
    11. Summary
  8. Information Security and Risk Management
    1. Security Management
    2. Security Administration and Supporting Controls
    3. Organizational Security Model
    4. Information Risk Management
    5. Risk Analysis
    6. Policies, Standards, Baselines, Guidelines, and Procedures
    7. Information Classification
    8. Layers of Responsibility
    9. Security-Awareness Training
    10. Summary
    11. Quick Tips
  9. Access Control
    1. Access Controls Overview
    2. Security Principles
    3. Identification, Authentication, Authorization, and Accountability
    4. Access Control Models
    5. Access Control Techniques and Technologies
    6. Access Control Administration
    7. Access Control Methods
    8. Access Control Types
    9. Accountability
    10. Access Control Practices
    11. Access Control Monitoring
    12. A Few Threats to Access Control
    13. Summary
    14. Quick Tips
  10. Security Architecture and Design
    1. Computer Architecture
    2. System Architecture
    3. Security Models
    4. Security Modes of Operation
    5. Systems Evaluation Methods
    6. The Orange Book and the Rainbow Series
    7. Information Technology Security Evaluation Criteria
    8. Common Criteria
    9. Certification vs. Accreditation
    10. Open vs. Closed Systems
    11. Enterprise Architecture
    12. A Few Threats to Review
    13. Summary
    14. Quick Tips
  11. Physical and Environmental Security
    1. Introduction to Physical Security
    2. The Planning Process
    3. Protecting Assets
    4. Internal Support Systems
    5. Perimeter Security
    6. Summary
    7. Quick Tips
  12. Telecommunications and Network Security
    1. Open Systems Interconnection Reference Model
    2. TCP/IP
    3. Types of Transmission
    4. LAN Networking
    5. Routing Protocols
    6. Networking Devices
    7. Networking Services and Protocols
    8. Intranets and Extranets
    9. Metropolitan Area Networks
    10. Wide Area Networks
    11. Remote Access
    12. Wireless Technologies
    13. Rootkits
    14. Summary
    15. Quick Tips
  13. Cryptography
    1. The History of Cryptography
    2. Cryptography Definitions and Concepts
    3. Governmental Involvement in Cryptography
    4. Types of Ciphers
    5. Methods of Encryption
    6. Types of Symmetric Systems
    7. Types of Asymmetric Systems
    8. Message Integrity
    9. Public Key Infrastructure
    10. Key Management
    11. Link Encryption vs. End-to-End Encryption
    12. E-mail Standards
    13. Internet Security
    14. Attacks
    15. Summary
    16. Quick Tips
  14. Business Continuity and Disaster Recovery
    1. Business Continuity and Disaster Recovery
    2. Business Continuity Planning Requirements
    3. Summary
    4. Quick Tips
  15. Legal, Regulations, Compliance, and Investigations
    1. The Many Facets of Cyberlaw
    2. The Crux of Computer Crime Laws
    3. Complexities in Cybercrime
    4. Intellectual Property Laws
    5. Privacy
    6. Liability and Its Ramifications
    7. Investigations
    8. Computer Forensics and Proper Collection of Evidence
    9. Ethics
    10. Summary
    11. Quick Tips
  16. Application Security
    1. Software’s Importance
    2. Where Do We Place the Security?
    3. Different Environments Demand Different Security
    4. Environment vs. Application
    5. Complexity of Functionality
    6. Data Types, Format, and Length
    7. Implementation and Default Issues
    8. Failure States
    9. Database Management
    10. System Development
    11. Application Development Methodology
    12. Distributed Computing
    13. Expert Systems and Knowledge-Based Systems
    14. Artificial Neural Networks
    15. Web Security
    16. Mobile Code
    17. Patch Management
    18. Summary
    19. Quick Tips
  17. Operations Security
    1. The Role of the Operations Department
    2. Administrative Management
    3. Assurance Levels
    4. Operational Responsibilities
    5. Configuration Management
    6. Media Controls
    7. Data Leakage
    8. Network and Resource Availability
    9. Mainframes
    10. E-mail Security
    11. Vulnerability Testing
    12. Summary
    13. Quick Tips
  18. About the CD-ROM
    1. Running the QuickTime Cryptography Video Sample
    2. Installing Total Seminars’ Test Software
  19. License Agreement