You are previewing CISSP Study Guide, 3rd Edition.
O'Reilly logo
CISSP Study Guide, 3rd Edition

Book Description

CISSP Study Guide, Third Edition provides readers with information on the CISSP certification, the most prestigious, globally-recognized, vendor-neutral exam for information security professionals.

With over 100,000 professionals certified worldwide, and many more joining their ranks, this new third edition presents everything a reader needs to know on the newest version of the exam's Common Body of Knowledge.

The eight domains are covered completely and as concisely as possible, allowing users to ace the exam. Each domain has its own chapter that includes a specially-designed pedagogy to help users pass the exam, including clearly-stated exam objectives, unique terms and definitions, exam warnings, "learning by example" modules, hands-on exercises, and chapter ending questions.



  • Provides the most complete and effective study guide to prepare users for passing the CISSP exam, giving them exactly what they need to pass the test
  • Authored by Eric Conrad who has prepared hundreds of professionals for passing the CISSP exam through SANS, a popular and well-known organization for information security professionals
  • Covers all of the new information in the Common Body of Knowledge updated in January 2015, and also provides two exams, tiered end-of-chapter questions for a gradual learning curve, and a complete self-test appendix

Table of Contents

  1. Cover
  2. Title page
  3. Table of Contents
  4. Copyright
  5. About the Authors
  6. Acknowledgments
  7. Chapter 1: Introduction
    1. How to Prepare for the Exam
    2. How to Take the Exam
    3. Good Luck!
  8. Chapter 2: Domain 1: Security and Risk Management (e.g., Security, Risk, Compliance, Law, Regulations, Business Continuity)
    1. Abstract
    2. Unique Terms and Definitions
    3. Introduction
    4. Cornerstone Information Security Concepts
    5. Legal and Regulatory Issues
    6. Security and 3<sup xmlns="http://www.w3.org/1999/xhtml" xmlns:epub="http://www.idpf.org/2007/ops">rd</sup> Parties Parties
    7. Ethics
    8. Information Security Governance
    9. Access Control Defensive Categories and Types
    10. Risk Analysis
    11. Types of Attackers
    12. Summary of Exam Objectives
    13. Self Test
    14. Self Test Quick Answer Key
  9. Chapter 3: Domain 2: Asset Security (Protecting Security of Assets)
    1. Abstract
    2. Unique Terms and Definitions
    3. Introduction
    4. Classifying Data
    5. Ownership
    6. Memory and Remanence
    7. Data Destruction
    8. Determining Data Security Controls
    9. Summary of Exam Objectives
    10. Self Test
    11. Self Test Quick Answer Key
  10. Chapter 4: Domain 3: Security Engineering (Engineering and Management of Security)
    1. Abstract
    2. Unique Terms and Definitions
    3. Introduction
    4. Security Models
    5. Evaluation Methods, Certification and Accreditation
    6. Secure System Design Concepts
    7. Secure Hardware Architecture
    8. Secure Operating System and Software Architecture
    9. Virtualization and Distributed Computing
    10. System Vulnerabilities, Threats and Countermeasures
    11. Cornerstone Cryptographic Concepts
    12. History of Cryptography
    13. Types of Cryptography
    14. Cryptographic Attacks
    15. Implementing Cryptography
    16. Perimeter Defenses
    17. Site Selection, Design, and Configuration
    18. System Defenses
    19. Environmental Controls
    20. Summary of Exam Objectives
    21. Self Test
    22. Self Test Quick Answer Key
  11. Chapter 5: Domain 4: Communication and Network Security (Designing and Protecting Network Security)
    1. Abstract
    2. Unique Terms and Definitions
    3. Introduction
    4. Network Architecture and Design
    5. Secure Network Devices and Protocols
    6. Secure Communications
    7. Summary of Exam Objectives
    8. Self Test
    9. Self Test Quick Answer Key
  12. Chapter 6: Domain 5: Identity and Access Management (Controlling Access and Managing Identity)
    1. Abstract
    2. Unique Terms and Definitions
    3. Introduction
    4. Authentication Methods
    5. Access Control Technologies
    6. Access Control Models
    7. Summary of Exam Objectives
    8. Self Test
    9. Self Test Quick Answer Key
  13. Chapter 7: Domain 6: Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
    1. Abstract
    2. Unique Terms and Definitions
    3. Introduction
    4. Assessing Access Control
    5. Software Testing Methods
    6. Summary of Exam Objectives
    7. Self Test
    8. Self Test Quick Answer Key
  14. Chapter 8: Domain 7: Security Operations (e.g., Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
    1. Abstract
    2. Unique Terms and Definitions
    3. Introduction
    4. Administrative Security
    5. Forensics
    6. Incident Response Management
    7. Operational Preventive and Detective Controls
    8. Asset Management
    9. Continuity of Operations
    10. BCP and DRP Overview and Process
    11. Developing a BCP/DRP
    12. Backups and Availability
    13. DRP Testing, Training and Awareness
    14. Continued BCP/DRP Maintenance
    15. Specific BCP/DRP Frameworks
    16. Summary of Exam Objectives
    17. Self Test
    18. Self Test Quick Answer Key
  15. Chapter 9: Domain 8: Software Development Security (Understanding, Applying, and Enforcing Software Security)
    1. Abstract
    2. Unique Terms and Definitions
    3. Introduction
    4. Programming Concepts
    5. Application Development Methods
    6. Databases
    7. Object-Oriented Design and Programming
    8. Assessing the Effectiveness of Software Security
    9. Artificial Intelligence
    10. Summary of Exam Objectives
    11. Self Test
    12. Self Test Quick Answer Key
  16. Appendix: Self Test
  17. Glossary
  18. Index