You are previewing CISSP: Certified Information Systems Security Professional Study Guide, 6th Edition.
O'Reilly logo
CISSP: Certified Information Systems Security Professional Study Guide, 6th Edition

Book Description

Fully updated Sybex Study Guide for the industry-leading security certification: CISSP

Security professionals consider the Certified Information Systems Security Professional (CISSP) to be the most desired certification to achieve. More than 200,000 have taken the exam, and there are more than 70,000 CISSPs worldwide. This highly respected guide is updated to cover changes made to the CISSP Body of Knowledge in 2012. It also provides additional advice on how to pass each section of the exam. With expanded coverage of key areas, it also includes a full-length, 250-question practice exam.

  • Fully updated for the 2012 CISSP Body of Knowledge, the industry-leading standard for IT professionals

  • Thoroughly covers exam topics, including access control, application development security, business continuity and disaster recovery planning, cryptography, operations security, and physical (environmental) security

  • Examines information security governance and risk management, legal regulations, investigations and compliance, and telecommunications and network security

  • Features expanded coverage of biometrics, auditing and accountability, software security testing, and many more key topics

CISSP: Certified Information Systems Security Professional Study Guide, 6th Edition prepares you with both the knowledge and the confidence to pass the CISSP exam.

Table of Contents

  1. Cover
  2. Contents
  3. Title
  4. Copyright
  5. Dedication
  6. Acknowledgments
  7. About the Authors
  8. Introduction
  9. Assessment Test
  10. Chapter 1: Access Control
    1. Access Control Overview
    2. Identification and Authentication Techniques
    3. Access Control Techniques
    4. Authorization Mechanisms
    5. Identity and Access Provisioning Life Cycle
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  11. Chapter 2: Access Control Attacks and Monitoring
    1. Understanding Access Control Attacks
    2. Preventing Access Control Attacks
    3. Summary
    4. Exam Essentials
    5. Written Lab
    6. Review Questions
  12. Chapter 3: Secure Network Architecture and Securing Network Components
    1. OSI Model
    2. Secure Network Components
    3. Cabling, Wireless, Topology, and Communications Technology
    4. Summary
    5. Exam Essentials
    6. Written Lab
    7. Review Questions
  13. Chapter 4: Secure Communications and Network Attacks
    1. Network and Protocol Security Mechanisms
    2. Virtual Private Network
    3. Remote Access Security Management
    4. Network Address Translation
    5. Switching Technologies
    6. WAN Technologies
    7. Virtualization
    8. Miscellaneous Security Control Characteristics
    9. Manage Email Security
    10. Secure Voice Communications
    11. Security Boundaries
    12. Network Attacks and Countermeasures
    13. Summary
    14. Exam Essentials
    15. Written Lab
    16. Review Questions
  14. Chapter 5: Security Governance Concepts, Principles, and Policies
    1. Security Management Planning
    2. Security Governance
    3. Security Roles and Responsibilities
    4. Protection Mechanisms
    5. Privacy Requirements Compliance
    6. Control Frameworks: Planning to Plan
    7. Security Management Concepts and Principles
    8. Develop and Implement Security Policy
    9. Change Control/Management
    10. Data Classification
    11. Summary
    12. Exam Essentials
    13. Written Lab
    14. Review Questions
  15. Chapter 6: Risk and Personnel Management
    1. Manage Third-Party Governance
    2. Risk Management
    3. Manage Personnel Security
    4. Develop and Manage Security Education, Training, and Awareness
    5. Manage the Security Function
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  16. Chapter 7: Software Development Security
    1. Application Issues
    2. Databases and Data Warehousing
    3. Data/Information Storage
    4. Knowledge-Based Systems
    5. Systems Development Controls
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  17. Chapter 8: Malicious Code and Application Attacks
    1. Malicious Code
    2. Password Attacks
    3. Application Attacks
    4. Web Application Security
    5. Reconnaissance Attacks
    6. Masquerading Attacks
    7. Summary
    8. Exam Essentials
    9. Written Lab
    10. Review Questions
  18. Chapter 9: Cryptography and Symmetric Key Algorithms
    1. Historical Milestones in Cryptography
    2. Cryptographic Basics
    3. Modern Cryptography
    4. Symmetric Cryptography
    5. Cryptographic Life Cycle
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  19. Chapter 10: PKI and Cryptographic Applications
    1. Asymmetric Cryptography
    2. Hash Functions
    3. Digital Signatures
    4. Public Key Infrastructure
    5. Asymmetric Key Management
    6. Applied Cryptography
    7. Cryptographic Attacks
    8. Summary
    9. Exam Essentials
    10. Written Lab
    11. Review Questions
  20. Chapter 11: Principles of Security Models, Design, and Capabilities
    1. Understand the Fundamental Concepts of Security Models
    2. Objects and Subjects
    3. Understand the Components of Information Systems Security Evaluation Models
    4. Understand Security Capabilities Of Information Systems
    5. Summary
    6. Exam Essentials
    7. Written Lab
    8. Review Questions
  21. Chapter 12: Security Architecture Vulnerabilities, Threats, and Countermeasures
    1. Computer Architecture
    2. Avoiding Single Points of Failure
    3. Distributed Architecture
    4. Security Protection Mechanisms
    5. Common Flaws and Security Issues
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  22. Chapter 13: Security Operations
    1. Security Operations Concepts
    2. Resource Protection
    3. Patch and Vulnerability Management
    4. Change and Configuration Management
    5. Security Audits and Reviews
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  23. Chapter 14: Incident Management
    1. Managing Incident Response
    2. Implement Preventive Measures Against Attacks
    3. Understand System Resilience and Fault Tolerance
    4. Summary
    5. Exam Essentials
    6. Written Lab
    7. Review Questions
  24. Chapter 15: Business Continuity Planning
    1. Planning for Business Continuity
    2. Project Scope and Planning
    3. Business Impact Assessment
    4. Continuity Planning
    5. BCP Documentation
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  25. Chapter 16: Disaster Recovery Planning
    1. The Nature of Disaster
    2. Recovery Strategy
    3. Recovery Plan Development
    4. Training and Documentation
    5. Testing and Maintenance
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  26. Chapter 17: Laws, Regulations, and Compliance
    1. Categories of Laws
    2. Laws
    3. Compliance
    4. Contracting and Procurement
    5. Summary
    6. Exam Essentials
    7. Written Lab
    8. Review Questions
  27. Chapter 18: Incidents and Ethics
    1. Investigations
    2. Major Categories of Computer Crime
    3. Incident Handling
    4. Ethics
    5. Summary
    6. Exam Essentials
    7. Written Lab
    8. Review Questions
  28. Chapter 19: Physical Security Requirements
    1. Site and Facility Design Considerations
    2. Forms of Physical Access Controls
    3. Technical Controls
    4. Environment and Life Safety
    5. Equipment Failure
    6. Privacy Responsibilities and Legal Requirements
    7. Summary
    8. Exam Essentials
    9. Written Lab
    10. Review Questions
  29. Appendix A: Answers to Review Questions
  30. Appendix B: Answers to Written Labs
  31. Appendix C: About the Additional Study Tools
  32. Index
  33. Free Online Study Tools