You are previewing CISSP Study Guide, 2nd Edition.
O'Reilly logo
CISSP Study Guide, 2nd Edition

Book Description

The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. The newest edition of this acclaimed study guide is aligned to cover all of the material included in the newest version of the exam’s Common Body of Knowledge. The ten domains are covered completely and as concisely as possible with an eye to acing the exam.

Each of the ten domains has its own chapter that includes specially designed pedagogy to aid the test-taker in passing the exam, including: Clearly stated exam objectives; Unique terms/Definitions; Exam Warnings; Learning by Example; Hands-On Exercises; Chapter ending questions. Furthermore, special features include: Two practice exams; Tiered chapter ending questions that allow for a gradual learning curve; and a self-test appendix



• Provides the most complete and effective study guide to prepare you for passing the CISSP exam—contains only what you need to pass the test, with no fluff!

• Eric Conrad has prepared hundreds of professionals for passing the CISSP exam through SANS, a popular and well-known organization for information security professionals.

• Covers all of the new information in the Common Body of Knowledge updated in January 2012, and also provides two practice exams, tiered end-of-chapter questions for a gradual learning curve, and a complete self-test appendix.

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Acknowledgments
  6. About the authors
    1. Lead Author
    2. Contributing Authors
    3. About the Technical Editor
  7. Chapter 1. Introduction
    1. Exam objectives in this chapter
    2. How to Prepare for the Exam
    3. Taking the Exam
    4. Good Luck!
    5. REFERENCES
  8. Chapter 2. Domain 1: Access Control
    1. Exam objectives in this chapter
    2. Unique Terms and Definitions
    3. Introduction
    4. Cornerstone Information Security Concepts
    5. Access Control Models
    6. Procedural Issues for Access Control
    7. Access Control Defensive Categories and Types
    8. Authentication Methods
    9. Access Control Technologies
    10. Types of Attackers
    11. Assessing Access Control
    12. Summary of Exam Objectives
    13. Self Test
    14. Self-test quick answer key
    15. REFERENCES
  9. Chapter 3. Domain 2: Telecommunications and Network Security
    1. Exam objectives in this chapter
    2. Unique Terms and Definitions
    3. Introduction
    4. Network Architecture and Design
    5. Network Devices and Protocols
    6. Secure Communications
    7. Summary of Exam Objectives
    8. Self Test
    9. Self Test Quick Answer Key
    10. REFERENCES
  10. Chapter 4. Domain 3: Information Security Governance and Risk Management
    1. Exam objectives in this chapter
    2. Unique Terms and Definitions
    3. Introduction
    4. Risk Analysis
    5. Information Security Governance
    6. Summary of Exam Objectives
    7. Self Test
    8. Self Test Quick Answer Key
    9. REFERENCES
  11. Chapter 5. Domain 4: Software Development Security
    1. Exam objectives in this chapter
    2. Unique Terms and Definitions
    3. Introduction
    4. Programming Concepts
    5. Application Development Methods
    6. Object-Orientated Design and Programming
    7. Software Vulnerabilities, Testing, and Assurance
    8. Databases
    9. Artificial Intelligence
    10. Summary of Exam Objectives
    11. Self Test
    12. Self Test Quick Answer Key
    13. REFERENCES
  12. Chapter 6. Domain 5: Cryptography
    1. Exam objectives in this chapter
    2. Unique Terms and Definitions
    3. Introduction
    4. Cornerstone Cryptographic Concepts
    5. History of Cryptography
    6. Symmetric Encryption
    7. Asymmetric Encryption
    8. Hash Functions
    9. Cryptographic Attacks
    10. Implementing Cryptography
    11. Summary of Exam Objectives
    12. Self Test
    13. Self Test Quick Answer Key
    14. REFERENCES
  13. Chapter 7. Domain 6: Security Architecture and Design
    1. Exam objectives in this chapter
    2. Unique Terms and Definitions
    3. Introduction
    4. Secure System Design Concepts
    5. Secure Hardware Architecture
    6. Secure Operating System and Software Architecture
    7. Virtualization and Distributed Computing
    8. System Vulnerabilities, Threats, and Countermeasures
    9. Security Models
    10. Evaluation Methods, Certification, and Accreditation
    11. Summary of Exam Objectives
    12. Self Test
    13. Self Test Quick Answer Key
    14. REFERENCES
  14. Chapter 8. Domain 7: Operations Security
    1. Exam objectives in this chapter
    2. Unique Terms and Definitions
    3. Introduction
    4. Administrative Security
    5. Sensitive Information and Media Security
    6. Asset Management
    7. Continuity of Operations
    8. Incident Response Management
    9. Summary of Exam Objectives
    10. Self Test
    11. Self Test Quick Answer Key
    12. REFERENCES
  15. Chapter 9. Domain 8: Business Continuity and Disaster Recovery Planning
    1. Exam objectives in this chapter
    2. Unique Terms and Definitions
    3. Introduction
    4. BCP and DRP Overview and Process
    5. Developing a BCP/DRP
    6. Backups and Availability
    7. DRP Testing, Training, and Awareness
    8. BCP/DRP Maintenance
    9. Specific BCP/DRP Frameworks
    10. Summary of Exam Objectives
    11. Self Test
    12. Self Test Quick Answer Key
    13. REFERENCES
  16. Chapter 10. Domain 9: Legal, Regulations, Investigations, and Compliance
    1. Exam objectives in this chapter
    2. Unique Terms and Definitions
    3. Introduction
    4. Major legal systems
    5. Criminal, Civil, and Administrative Law
    6. Information Security Aspects of Law
    7. Forensics
    8. Legal Aspects of Investigations
    9. Important Laws and Regulations
    10. Security and Third Parties
    11. Ethics
    12. Summary of Exam Objectives
    13. Self Test
    14. Self Test Quick Answer Key
    15. REFERENCES
  17. Chapter 11. Domain 10: Physical (Environmental) Security
    1. Exam objectives in this chapter
    2. Unique Terms and Definitions
    3. Introduction
    4. Perimeter Defenses
    5. Site Selection, Design, and Configuration
    6. System Defenses
    7. Environmental Controls
    8. Summary of Exam Objectives
    9. Self Test
    10. Self Test Quick Answer Key
    11. REFERENCES
  18. APPENDIX: Self Test
    1. Chapter 2, Domain 1: Access Control
    2. Chapter 3, Domain 2: Telecommunications and Network Security
    3. Chapter 4, Domain 3: Information Security Governance and Risk Management
    4. Chapter 5, Domain 4: Software Development Security
    5. Chapter 6, Domain 5: Cryptography
    6. Chapter 7, Domain 6: Security Architecture and Design
    7. Chapter 8, Domain 7: Operations Security
    8. Chapter 9, Domain 8: Business Continuity and Disaster Recovery Planning
    9. Chapter 10, Domain 9: Legal, Regulations, Investigations, and Compliance
    10. Chapter 11, Domain 10: Physical (Environmental) Security
  19. Glossary
  20. Index