You are previewing CISSP For Dummies, 4th Edition.
O'Reilly logo
CISSP For Dummies, 4th Edition

Book Description

A fully updated guide to CISSP certification

CISSP certification is the most prestigious and highly valued of the security certifications. This is the book you need to approach the exam with confidence and become CISSP certified! The CISSP Body of Knowledge underwent many changes in 2012, and this book covers them all. With a down-to-earth approach, it provides all the information covered in the exam plus numerous self-assessment tools, Quick Assessment and Prep tests to give you practice, a sample exam, and hundreds of randomly generated review questions on the Dummies Test Engine, available on the companion website.

  • The coveted CISSP certification is the most prestigious of the security certifications; this popular guide covers all the latest updates to prepare you for the exam

  • Includes various self-assessment tools to help you gauge your progress, including Quick Assessment tests at the beginning of every chapter, a Prep Test at the end of every chapter, a sample exam, and hundreds of randomly generated test questions

  • Features the popular Dummies Test Engine on the companion website

  • Offers test-taking tips and plenty of resources for further study

CISSP For Dummies, 4th Edition gives you the tools to take the CISSP exam with confidence and earn your certification!

Note: The ebook version does not provide access to the companion files.

Table of Contents

  1. Cover
  2. Table of Contents
  3. Title Page
  4. Introduction
    1. About This Book
    2. How This Book Is Organized
    3. How the Chapters Are Organized
    4. Icons Used in This Book
    5. Where to Go from Here
  5. Part I: Certification Basics
    1. Chapter 1: (ISC)2 and the CISSP Certification
      1. About (ISC)2 and the CISSP Certification
      2. You Must Be This Tall to Ride (and Other Requirements)
      3. Registering for the Exam
      4. Preparing for the Exam
      5. About the CISSP Examination
      6. After the Examination
    2. Chapter 2: The Common Body of Knowledge (CBK)
      1. Access Control
      2. Telecommunications and Network Security
      3. Information Security Governance and Risk Management
      4. Software Development Security
      5. Cryptography
      6. Security Architecture and Design
      7. Security Operations
      8. Business Continuity and Disaster Recovery Planning
      9. Legal, Regulations, Investigations, and Compliance
      10. Physical (Environmental) Security
    3. Chapter 3: Putting Your Certification to Good Use
      1. Following the (ISC)² Code of Ethics
      2. Keeping Your Certification Current
      3. Remaining an Active (ISC)² Member
      4. Considering (ISC)² Volunteer Opportunities
      5. Becoming an Active Member of Your Local Security Chapter
      6. Spreading the Good Word about CISSP Certification
      7. Using Your CISSP Certification to Be an Agent of Change
      8. Earning Other Certifications
      9. Pursue Security Excellence
  6. Part II: Domains
    1. Chapter 4: Access Control
      1. Basic Concepts of Access Control
      2. Control Types and Purposes
      3. Access Control Services
      4. Categories of Access Control
      5. Access Control Attacks
      6. Evaluating and Testing Access Controls
      7. Identity and Access Provisioning Lifecycle
    2. Chapter 5: Telecommunications and Network Security
      1. Data Network Types
      2. The OSI Reference Model
      3. The TCP/IP Model
      4. Network Security
      5. Wireless Network (WLAN) Security
      6. E-mail, Web, Facsimile, and Telephone Security
      7. Network Attacks and Countermeasures
    3. Chapter 6: Information Security Governance and Risk Management
      1. Information Security Governance Concepts and Principles
      2. Data Classification
      3. Mission Statements, Goals, and Objectives
      4. Policies, Standards, Guidelines, and Procedures
      5. Information Security Governance Practices
      6. Personnel Security Policies and Practices
      7. Risk Management Concepts
      8. Security Education, Training, and Awareness Programs
    4. Chapter 7: Software Development Security
      1. Distributed Applications
      2. Object-Oriented Environments
      3. Databases
      4. Knowledge-Based Systems
      5. Operating Systems
      6. Systems Development Life Cycle
      7. Application Security Controls
      8. System Attack Methods
      9. Antivirus Software
      10. Perpetrators
    5. Chapter 8: Cryptography
      1. The Role of Cryptography in Information Security
      2. Cryptography Basics
      3. Cryptography Alternatives
      4. Not Quite the Metric System: Symmetric and Asymmetric Key Systems
      5. Message Authentication
      6. Public Key Infrastructure (PKI)
      7. Key Management Functions
      8. Key Escrow and Key Recovery
      9. E-Mail Security Applications
      10. Internet Security Applications
      11. Methods of Attack
    6. Chapter 9: Security Architecture and Design
      1. Computer Architecture
      2. Security Architecture
      3. Security Countermeasures
      4. Security Models
      5. Evaluation Criteria
      6. System Certification and Accreditation
    7. Chapter 10: Security Operations
      1. Administrative Management and Control
      2. Security Operations Concepts
      3. Threats and Countermeasures
      4. Security Controls
      5. Security Auditing and Due Care
      6. Audit Trails
      7. Monitoring
    8. Chapter 11: Business Continuity and Disaster Recovery Planning
      1. Defining Disastrous Events
      2. How BCP and DRP Work Together
      3. Understanding BCP Project Elements
      4. Determining BCP Scope
      5. Conducting the Business Impact Assessment
      6. Identifying the Elements of a Business Continuity Plan
      7. Developing the BC Plan
      8. Implementing the Business Continuity Plan
      9. Disaster Recovery Planning
      10. Developing a Disaster Recovery Plan
      11. Testing the Disaster Recovery Plan
      12. Creating competitive advantage
    9. Chapter 12: Legal, Regulations, Investigations, and Compliance
      1. Major Types and Classifications of Law
      2. Major Categories of Computer Crime
      3. Types of Laws Relevant to Computer Crimes
      4. Investigations
      5. Professional Ethics
    10. Chapter 13: Physical (Environmental) Security
      1. Physical Security Threats
      2. Site and Facility Design Considerations
      3. Physical (Environmental) Security Controls
      4. Bringing It All Together
  7. Part III: The Part of Tens
    1. Chapter 14: Ten (Okay, Eight) Test Preparation Tips
      1. Get a Networking Certification First
      2. Register NOW!
      3. Make a 60-Day Study Plan
      4. Get Organized and READ!
      5. Join a Study Group
      6. Take Practice Exams
      7. Take a CISSP Review Seminar
      8. Take a Breather
    2. Chapter 15: Ten Test-Day Tips
      1. Get a Good Night’s Rest
      2. Dress Comfortably
      3. Eat a Good Breakfast
      4. Arrive Early
      5. Bring a Photo ID
      6. Bring Snacks and Drinks
      7. Bring Prescription and Over-the-Counter Medications
      8. Leave Your Cell Phone and Pager Behind
      9. Take Frequent Breaks
      10. Guess — as a Last Resort
    3. Chapter 16: Ten More Sources for Security Certifications
      1. ASIS International
      2. Check Point
      3. Cisco
      4. CompTIA
      5. CWNP
      6. DRI International
      7. EC-Council
      8. ISACA
      9. (ISC)2
      10. SANS/GIAC
    4. Chapter 17: Ten Security Websites
      1. CISSP Open Study Guide
      2. Carnegie Mellon SEI CERT Coordination Center
      3. Common Vulnerabilities and Exposures
      4. Dark Reading
      5. (ISC)2
      6. INFOSYSSEC
      7. National Institute of Standards and Technology
      8. PCI Security Standards Council
      9. The SANS Institute
      10. WindowSecurity Network Security Library
    5. Chapter 18: Ten Essential Reference Books
  8. Part IV: Appendixes
    1. Appendix A: Practice CISSP Exam
    2. Appendix B: Glossary
  9. Cheat Sheet