You are previewing CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition.
O'Reilly logo
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition

Book Description

CISSP Study Guide - fully updated for the 2015 CISSP Body of Knowledge

CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition has been completely updated for the latest 2015 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:

  • Four unique 250 question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.

  • More than 1,000 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam

  • A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam

  • Coverage of all of the exam topics in the book means you'll be ready for:

  • Security and Risk Management

  • Asset Security

  • Security Engineering

  • Communication and Network Security

  • Identity and Access Management

  • Security Assessment and Testing

  • Security Operations

  • Software Development Security

  • Table of Contents

    1. Introduction
    2. Assessment Test
    3. Chapter 1 Security Governance Through Principles and Policies
      1. Understand and Apply Concepts of Confidentiality, Integrity, and Availability
      2. Apply Security Governance Principles
      3. Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines
      4. Understand and Apply Threat Modeling
      5. Integrate Security Risk Considerations into Acquisition Strategy and Practice
      6. Summary
      7. Exam Essentials
      8. Written Lab
      9. Review Questions
    4. Chapter 2 Personnel Security and Risk Management Concepts
      1. Contribute to Personnel Security Policies
      2. Security Governance
      3. Understand and Apply Risk Management Concepts
      4. Establish and Manage Information Security Education, Training, and Awareness
      5. Manage the Security Function
      6. Summary
      7. Exam Essentials
      8. Written Lab
      9. Review Questions
    5. Chapter 3 Business Continuity Planning
      1. Planning for Business Continuity
      2. Project Scope and Planning
      3. Business Impact Assessment
      4. Continuity Planning
      5. BCP Documentation
      6. Summary
      7. Exam Essentials
      8. Written Lab
      9. Review Questions
    6. Chapter 4 Laws, Regulations, and Compliance
      1. Categories of Laws
      2. Laws
      3. Compliance
      4. Contracting and Procurement
      5. Summary
      6. Exam Essentials
      7. Written Lab
      8. Review Questions
    7. Chapter 5 Protecting Security of Assets
      1. Classifying and Labeling Assets
      2. Identifying Data Roles
      3. Protecting Privacy
      4. Summary
      5. Exam Essentials
      6. Written Lab
      7. Review Questions
    8. Chapter 6 Cryptography and Symmetric Key Algorithms
      1. Historical Milestones in Cryptography
      2. Cryptographic Basics
      3. Modern Cryptography
      4. Symmetric Cryptography
      5. Cryptographic Life Cycle
      6. Summary
      7. Exam Essentials
      8. Written Lab
      9. Review Questions
    9. Chapter 7 PKI and Cryptographic Applications
      1. Asymmetric Cryptography
      2. Hash Functions
      3. Digital Signatures
      4. Public Key Infrastructure
      5. Asymmetric Key Management
      6. Applied Cryptography
      7. Cryptographic Attacks
      8. Summary
      9. Exam Essentials
      10. Written Lab
      11. Review Questions
    10. Chapter 8 Principles of Security Models, Design, and Capabilities
      1. Implement and Manage Engineering Processes Using Secure Design Principles
      2. Understand the Fundamental Concepts of Security Models
      3. Select Controls and Countermeasures Based on Systems Security Evaluation Models
      4. Understand Security Capabilities of Information Systems
      5. Summary
      6. Exam Essentials
      7. Written Lab
      8. Review Questions
    11. Chapter 9 Security Vulnerabilities, Threats, and Countermeasures
      1. Assess and Mitigate Security Vulnerabilities
      2. Client-Based
      3. Server-Based
      4. Database Security
      5. Distributed Systems
      6. Industrial Control Systems
      7. Assess and Mitigate Vulnerabilities in Web-Based Systems
      8. Assess and Mitigate Vulnerabilities in Mobile Systems
      9. Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
      10. Essential Security Protection Mechanisms
      11. Common Architecture Flaws and Security Issues
      12. Summary
      13. Exam Essentials
      14. Written Lab
      15. Review Questions
    12. Chapter 10 Physical Security Requirements
      1. Apply Secure Principles to Site and Facility Design
      2. Design and Implement Physical Security
      3. Implement and Manage Physical Security
      4. Summary
      5. Exam Essentials
      6. Written Lab
      7. Review Questions
    13. Chapter 11 Secure Network Architecture and Securing Network Components
      1. OSI Model
      2. TCP/IP Model
      3. Converged Protocols
      4. Wireless Networks
      5. General Wi-Fi Security Procedure
      6. Cabling, Wireless, Topology, and Communications Technology
      7. Summary
      8. Exam Essentials
      9. Written Lab
      10. Review Questions
    14. Chapter 12 Secure Communications and Network Attacks
      1. Network and Protocol Security Mechanisms
      2. Secure Voice Communications
      3. Multimedia Collaboration
      4. Manage Email Security
      5. Remote Access Security Management
      6. Virtual Private Network
      7. Virtualization
      8. Network Address Translation
      9. Switching Technologies
      10. WAN Technologies
      11. Miscellaneous Security Control Characteristics
      12. Security Boundaries
      13. Prevent or Mitigate Network Attacks
      14. Summary
      15. Exam Essentials
      16. Written Lab
      17. Review Questions
    15. Chapter 13 Managing Identity and Authentication
      1. Controlling Access to Assets
      2. Comparing Identification and Authentication
      3. Implementing Identity Management
      4. Managing the Identity and Access Provisioning Life Cycle
      5. Summary
      6. Exam Essentials
      7. Written Lab
      8. Review Questions
    16. Chapter 14 Controlling and Monitoring Access
      1. Comparing Access Control Models
      2. Understanding Access Control Attacks
      3. Summary
      4. Exam Essentials
      5. Written Lab
      6. Review Questions
    17. Chapter 15 Security Assessment and Testing
      1. Building a Security Assessment and Testing Program
      2. Performing Vulnerability Assessments
      3. Testing Your Software
      4. Implementing Security Management Processes
      5. Summary
      6. Exam Essentials
      7. Written Lab
      8. Review Questions
    18. Chapter 16 Managing Security Operations
      1. Applying Security Operations Concepts
      2. Provisioning and Managing Resources
      3. Managing Configuration
      4. Managing Change
      5. Managing Patches and Reducing Vulnerabilities
      6. Summary
      7. Exam Essentials
      8. Written Lab
      9. Review Questions
    19. Chapter 17 Preventing and Responding to Incidents
      1. Managing Incident Response
      2. Implementing Preventive Measures
      3. Logging, Monitoring, and Auditing
      4. Summary
      5. Exam Essentials
      6. Written Lab
      7. Review Questions
    20. Chapter 18 Disaster Recovery Planning
      1. The Nature of Disaster
      2. Understand System Resilience and Fault Tolerance
      3. Recovery Strategy
      4. Recovery Plan Development
      5. Training, Awareness, and Documentation
      6. Testing and Maintenance
      7. Summary
      8. Exam Essentials
      9. Written Lab
      10. Review Questions
    21. Chapter 19 Incidents and Ethics
      1. Investigations
      2. Major Categories of Computer Crime
      3. Incident Handling
      4. Ethics
      5. Summary
      6. Exam Essentials
      7. Written Lab
      8. Review Questions
    22. Chapter 20 Software Development Security
      1. Introducing Systems Development Controls
      2. Establishing Databases and Data Warehousing
      3. Storing Data and Information
      4. Understanding Knowledge-Based Systems
      5. Summary
      6. Exam Essentials
      7. Written Lab
      8. Review Questions
    23. Chapter 21 Malicious Code and Application Attacks
      1. Malicious Code
      2. Password Attacks
      3. Application Attacks
      4. Web Application Security
      5. Reconnaissance Attacks
      6. Masquerading Attacks
      7. Summary
      8. Exam Essentials
      9. Written Lab
      10. Review Questions
    24. Appendix A Answers to Review Questions
      1. Chapter 1: Security Governance Through Principles and Policies
      2. Chapter 2: Personnel Security and Risk Management Concepts
      3. Chapter 3: Business Continuity Planning
      4. Chapter 4: Laws, Regulations, and Compliance
      5. Chapter 5: Protecting Security of Assets
      6. Chapter 6: Cryptography and Symmetric Key Algorithms
      7. Chapter 7: PKI and Cryptographic Applications
      8. Chapter 8: Principles of Security Models, Design, and Capabilities
      9. Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
      10. Chapter 10: Physical Security Requirements
      11. Chapter 11: Secure Network Architecture and Securing Network Components
      12. Chapter 12: Secure Communications and Network Attacks
      13. Chapter 13: Managing Identity and Authentication
      14. Chapter 14: Controlling and Monitoring Access
      15. Chapter 15: Security Assessment and Testing
      16. Chapter 16: Managing Security Operations
      17. Chapter 17: Preventing and Responding to Incidents
      18. Chapter 18: Disaster Recovery Planning
      19. Chapter 19: Incidents and Ethics
      20. Chapter 20: Software Development Security
      21. Chapter 21: Malicious Code and Application Attacks
    25. Appendix B Answers to Written Labs
      1. Chapter 1: Security Governance Through Principles and Policies
      2. Chapter 2: Personnel Security and Risk Management Concepts
      3. Chapter 3: Business Continuity Planning
      4. Chapter 4: Laws, Regulations, and Compliance
      5. Chapter 5: Protecting Security of Assets
      6. Chapter 6: Cryptography and Symmetric Key Algorithms
      7. Chapter 7: PKI and Cryptographic Applications
      8. Chapter 8: Principles of Security Models, Design, and Capabilities
      9. Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
      10. Chapter 10: Physical Security Requirements
      11. Chapter 11: Secure Network Architecture and Securing Network Components
      12. Chapter 12: Secure Communications and Network Attacks
      13. Chapter 13: Managing Identity and Authentication
      14. Chapter 14: Controlling and Monitoring Access
      15. Chapter 15: Security Assessment and Testing
      16. Chapter 16: Managing Security Operations
      17. Chapter 17: Preventing and Responding to Incidents
      18. Chapter 18: Disaster Recovery Planning
      19. Chapter 19: Incidents and Ethics
      20. Chapter 20: Software Development Security
      21. Chapter 21: Malicious Code and Application Attacks
    26. Appendix C About the Additional Study Tools
      1. Additional Study Tools
      2. System Requirements
      3. Using the Study Tools
      4. Troubleshooting
    27. Comprehensive Online Learning Environment
    28. EULA