You are previewing CISSP®: Certified Information Systems Security Professional: Study Guide, Fourth Edition.
O'Reilly logo
CISSP®: Certified Information Systems Security Professional: Study Guide, Fourth Edition

Book Description

Building on the popular Sybex Study Guide approach, CISSP: Certified Information Systems Security Professional Study Guide, 4th Edition provides 100% coverage of the CISSP Body of Knowledge exam objectives. Find clear and concise information on crucial security topics, practical examples and insights drawn from real-world experience, and cutting-edge exam preparation software, including two full-length bonus exams and electronic flashcards. Prepare yourself by reviewing the key exam topics, including access control, application security, business continuity and disaster recovery planning, cryptography; information security and risk management, and security architecture and design telecommunications and network security.

Table of Contents

  1. Copyright
  2. Dear Reader
  3. Dedication
  4. Acknowledgments
  5. About the Authors
  6. Introduction
  7. Accountability and Access Control
    1. Access Control Overview
    2. Identification and Authentication Techniques
    3. Access Control Techniques
    4. Access Control Methodologies and Implementation
    5. Access Control Administration
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Answers to Written Lab
    10. Review Questions
    11. Answers to Review Questions
  8. Attacks and Monitoring
    1. Monitoring
    2. Intrusion Detection
    3. IDS-Related Tools
    4. Penetration Testing
    5. Methods of Attack
    6. Access Control Compensations
    7. Summary
    8. Exam Essentials
    9. Written Lab
    10. Answers to Written Lab
    11. Review Questions
    12. Answers to Review Questions
  9. ISO Model, Protocols, Network Security, and Network Infrastructure
    1. OSI Model
    2. Communications and Network Security
    3. Internet/Intranet/Extranet Components
    4. Remote Access Security Management
    5. Network and Protocol Security Mechanisms
    6. Avoiding Single Points of Failure
    7. Summary
    8. Exam Essentials
    9. Written Lab
    10. Answers to Written Lab
    11. Review Questions
    12. Answers to Review Questions
  10. Communications Security and Countermeasures
    1. Virtual Private Network (VPN)
    2. Network Address Translation
    3. Switching Technologies
    4. WAN Technologies
    5. Miscellaneous Security Control Characteristics
    6. Managing Email Security
    7. Securing Voice Communications
    8. Security Boundaries
    9. Network Attacks and Countermeasures
    10. Summary
    11. Exam Essentials
    12. Written Lab
    13. Answers to Written Lab
    14. Review Questions
    15. Answers to Review Questions
  11. Security Management Concepts and Principles
    1. Security Management Concepts and Principles
    2. Protection Mechanisms
    3. Change Control/Management
    4. Data Classification
    5. Planning to Plan
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Answers to Written Lab
    10. Review Questions
    11. Answers to Review Questions
  12. Asset Value, Policies, and Roles
    1. Employment Policies and Practices
    2. Security Roles
    3. Security Management Planning
    4. Policies, Standards, Baselines, Guidelines, and Procedures
    5. Risk Management
    6. Security Awareness Training
    7. Summary
    8. Exam Essentials
    9. Written Lab
    10. Answers to Written Lab
    11. Review Questions
    12. Answers to Review Questions
  13. Data and Application Security Issues
    1. Application Issues
    2. Databases and Data Warehousing
    3. Data/Information Storage
    4. Knowledge-Based Systems
    5. Systems Development Controls
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Answers to Written Lab
    10. Review Questions
    11. Answers to Review Questions
  14. Malicious Code and Application Attacks
    1. Malicious Code
    2. Password Attacks
    3. Denial-of-Service Attacks
    4. Application Attacks
    5. Web Application Security
    6. Reconnaissance Attacks
    7. Masquerading Attacks
    8. Decoy Techniques
    9. Summary
    10. Exam Essentials
    11. Written Lab
    12. Answers to Written Lab
    13. Review Questions
    14. Answers to Review Questions
  15. Cryptography and Private Key Algorithms
    1. Historical Milestones in Cryptography
    2. Cryptographic Basics
    3. Modern Cryptography
    4. Symmetric Cryptography
    5. Summary
    6. Exam Essentials
    7. Written Lab
    8. Answers to Written Lab
    9. Review Questions
    10. Answers to Review Questions
  16. PKI and Cryptographic Applications
    1. Asymmetric Cryptography
    2. Hash Functions
    3. Digital Signatures
    4. Public Key Infrastructure
    5. Applied Cryptography
    6. Cryptographic Attacks
    7. Summary
    8. Exam Essentials
    9. Written Labs
    10. Answers to Written Labs
    11. Review Questions
    12. Answers to Review Questions
  17. Principles of Computer Design
    1. Computer Architecture
    2. Security Protection Mechanisms
    3. Summary
    4. Exam Essentials
    5. Written Lab
    6. Answers to Written Lab
    7. Review Questions
    8. Answers to Review Questions
  18. Principles of Security Models
    1. Security Models
    2. Objects and Subjects
    3. Understanding System Security Evaluation
    4. Common Flaws and Security Issues
    5. Summary
    6. Exam Essentials
    7. Written Lab
    8. Answers to Written Lab
    9. Review Questions
    10. Answers to Review Questions
  19. Administrative Management
    1. Operations Security Concepts
    2. Personnel Controls
    3. Summary
    4. Exam Essentials
    5. Written Lab
    6. Answers to Written Lab
    7. Review Questions
    8. Answers to Review Questions
  20. Auditing and Monitoring
    1. Auditing
    2. Monitoring
    3. Penetration-Testing Techniques
    4. Inappropriate Activities
    5. Indistinct Threats and Countermeasures
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Answers to Written Lab
    10. Review Questions
    11. Answers to Review Questions
  21. Business Continuity Planning
    1. Business Continuity Planning
    2. Project Scope and Planning
    3. Business Impact Assessment
    4. Continuity Planning
    5. BCP Documentation
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Answers to Written Lab
    10. Review Questions
    11. Answers to Review Questions
  22. Disaster Recovery Planning
    1. The Nature of Disaster
    2. Recovery Strategy
    3. Recovery Plan Development
    4. Training and Documentation
    5. Testing and Maintenance
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Answers to Written Lab
    10. Review Questions
    11. Answers to Review Questions
  23. Law and Investigations
    1. Categories of Laws
    2. Laws
    3. Investigations
    4. Summary
    5. Exam Essentials
    6. Written Lab
    7. Answers to Written Lab
    8. Review Questions
    9. Answers to Review Questions
  24. Incidents and Ethics
    1. Major Categories of Computer Crime
    2. Incident Handling
    3. Ethics
    4. Summary
    5. Exam Essentials
    6. Written Lab
    7. Answers to Written Lab
    8. Review Questions
    9. Answers to Review Questions
  25. Physical Security Requirements
    1. Facility Requirements
    2. Forms of Physical Access Controls
    3. Technical Controls
    4. Environment and Life Safety
    5. Equipment Failure
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Answers to Written Lab
    10. Review Questions
    11. Answers to Review Questions
  26. About the Companion CD
    1. What You'll Find on the CD
    2. System Requirements
    3. Using the CD
    4. Troubleshooting
  27. Glossary
    1. Numbers and Symbols
    2. A
    3. B
    4. C
    5. D
    6. E
    7. F
    8. G
    9. H
    10. I
    11. J
    12. K
    13. L
    14. M
    15. N
    16. O
    17. P
    18. Q
    19. R
    20. S
    21. T
    22. U
    23. V
    24. W
    25. X
    26. Z