You are previewing CISSP®: Certified Information Systems Security Professional Study Guide, Fifth Edition.
O'Reilly logo
CISSP®: Certified Information Systems Security Professional Study Guide, Fifth Edition

Book Description

Totally updated for 2011, here's the ultimate study guide for the CISSP exam

Considered the most desired certification for IT security professionals, the Certified Information Systems Security Professional designation is also a career-booster. This comprehensive study guide covers every aspect of the 2011 exam and the latest revision of the CISSP body of knowledge. It offers advice on how to pass each section of the exam and features expanded coverage of biometrics, auditing and accountability, software security testing, and other key topics. Included is a CD with two full-length, 250-question sample exams to test your progress.

  • CISSP certification identifies the ultimate IT security professional; this complete study guide is fully updated to cover all the objectives of the 2011 CISSP exam

  • Provides in-depth knowledge of access control, application development security, business continuity and disaster recovery planning, cryptography, Information Security governance and risk management, operations security, physical (environmental) security, security architecture and design, and telecommunications and network security

  • Also covers legal and regulatory investigation and compliance

  • Includes two practice exams and challenging review questions on the CD

Professionals seeking the CISSP certification will boost their chances of success with CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition.

Table of Contents

  1. Cover
  2. Title
  3. Copyright
  4. Dedication
  5. Acknowledgments
  6. About the Authors
  7. Contents
  8. Introduction
  9. Chapter 1: Accountability and Access Control
    1. Access Control Overview
    2. Identification and Authentication Techniques
    3. Access Control Techniques
    4. Access Control Methodologies and Implementation
    5. Access Control Administration
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Answers to Written Lab
    10. Review Questions
    11. Answers to Review Questions
  10. Chapter 2: Attacks and Monitoring
    1. Monitoring
    2. Intrusion Detection
    3. IDS-Related Tools
    4. Penetration Testing
    5. Methods of Attack
    6. Access Control Compensations
    7. Summary
    8. Exam Essentials
    9. Written Lab
    10. Answers to Written Lab
    11. Review Questions
    12. Answers to Review Questions
  11. Chapter 3: ISO Model, Protocols, Network Security, and Network Infrastructure
    1. OSI Model
    2. Communications and Network Security
    3. Internet/Intranet/Extranet Components
    4. Remote Access Security Management
    5. Network and Protocol Security Mechanisms
    6. Avoiding Single Points of Failure
    7. Summary
    8. Exam Essentials
    9. Written Lab
    10. Answers to Written Lab
    11. Review Questions
    12. Answers to Review Questions
  12. Chapter 4: Communications Security and Countermeasures
    1. Virtual Private Network (VPN)
    2. Network Address Translation
    3. Switching Technologies
    4. WAN Technologies
    5. Miscellaneous Security Control Characteristics
    6. Managing Email Security
    7. Securing Voice Communications
    8. Security Boundaries
    9. Network Attacks and Countermeasures
    10. Summary
    11. Exam Essentials
    12. Written Lab
    13. Answers to Written Lab
    14. Review Questions
    15. Answers to Review Questions
  13. Chapter 5: Security Management Concepts and Principles
    1. Security Management Concepts and Principles
    2. Protection Mechanisms
    3. Change Control/Management
    4. Data Classification
    5. Planning to Plan
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Answers to Written Lab
    10. Review Questions
    11. Answers to Review Questions
  14. Chapter 6: Asset Value, Policies, and Roles
    1. Employment Policies and Practices
    2. Security Roles
    3. Security Management Planning
    4. Policies, Standards, Baselines, Guidelines, and Procedures
    5. Risk Management
    6. Security Awareness Training
    7. Summary
    8. Exam Essentials
    9. Written Lab
    10. Answers to Written Lab
    11. Review Questions
    12. Answers to Review Questions
  15. Chapter 7: Data and Application Security Issues
    1. Application Issues
    2. Databases and Data Warehousing
    3. Data/Information Storage
    4. Knowledge-Based Systems
    5. Systems Development Controls
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Answers to Written Lab
    10. Review Questions
    11. Answers to Review Questions
  16. Chapter 8: Malicious Code and Application Attacks
    1. Malicious Code
    2. Password Attacks
    3. Denial-of-Service Attacks
    4. Application Attacks
    5. Web Application Security
    6. Reconnaissance Attacks
    7. Masquerading Attacks
    8. Decoy Techniques
    9. Summary
    10. Exam Essentials
    11. Written Lab
    12. Answers to Written Lab
    13. Review Questions
    14. Answers to Review Questions
  17. Chapter 9: Cryptography and Symmetric Key Algorithms
    1. Historical Milestones in Cryptography
    2. Cryptographic Basics
    3. Modern Cryptography
    4. Symmetric Cryptography
    5. Summary
    6. Exam Essentials
    7. Written Lab
    8. Answers to Written Lab
    9. Review Questions
    10. Answers to Review Questions
  18. Chapter 10: PKI and Cryptographic Applications
    1. Asymmetric Cryptography
    2. Hash Functions
    3. Digital Signatures
    4. Public Key Infrastructure
    5. Applied Cryptography
    6. Cryptographic Attacks
    7. Summary
    8. Exam Essentials
    9. Written Lab
    10. Answers to Written Lab
    11. Review Questions
    12. Answers to Review Questions
  19. Chapter 11: Principles of Computer Design
    1. Computer Architecture
    2. Security Protection Mechanisms
    3. Summary
    4. Exam Essentials
    5. Written Lab
    6. Answers to Written Lab
    7. Review Questions
    8. Answers to Review Questions
  20. Chapter 12: Principles of Security Models
    1. Security Models
    2. Objects and Subjects
    3. Understanding System Security Evaluation
    4. Common Flaws and Security Issues
    5. Summary
    6. Exam Essentials
    7. Written Lab
    8. Answers to Written Lab
    9. Review Questions
    10. Answers to Review Questions
  21. Chapter 13: Administrative Management
    1. Operations Security Concepts
    2. Personnel Controls
    3. Summary
    4. Exam Essentials
    5. Written Lab
    6. Answers to Written Lab
    7. Review Questions
    8. Answers to Review Questions
  22. Chapter 14: Auditing and Monitoring
    1. Auditing
    2. Monitoring
    3. Monitoring Tools and Techniques
    4. Penetration-Testing Techniques
    5. Inappropriate Activities
    6. Indistinct Threats and Countermeasures
    7. Summary
    8. Exam Essentials
    9. Written Lab
    10. Answers to Written Lab
    11. Review Questions
    12. Answers to Review Questions
  23. Chapter 15: Business Continuity Planning
    1. Business Continuity Planning
    2. Project Scope and Planning
    3. Business Impact Assessment
    4. Continuity Planning
    5. BCP Documentation
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Answers to Written Lab
    10. Review Questions
    11. Answers to Review Questions
  24. Chapter 16: Disaster Recovery Planning
    1. The Nature of Disaster
    2. Recovery Strategy
    3. Recovery Plan Development
    4. Training and Documentation
    5. Testing and Maintenance
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Answers to Written Lab
    10. Review Questions
    11. Answers to Review Questions
  25. Chapter 17: Law and Investigations
    1. Categories of Laws
    2. Laws
    3. Investigations
    4. Summary
    5. Exam Essentials
    6. Written Lab
    7. Answers to Written Lab
    8. Review Questions
    9. Answers to Review Questions
  26. Chapter 18: Incidents and Ethics
    1. Major Categories of Computer Crime
    2. Incident Handling
    3. Ethics
    4. Summary
    5. Exam Essentials
    6. Written Lab
    7. Answers to Written Lab
    8. Review Questions
    9. Answers to Review Questions
  27. Chapter 19: Physical Security Requirements
    1. Facility Requirements
    2. Forms of Physical Access Controls
    3. Technical Controls
    4. Environment and Life Safety
    5. Equipment Failure
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Answers to Written Lab
    10. Review Questions
    11. Answers to Review Questions
  28. Appendix: About the Companion CD
  29. Index
  30. Glossary