This EPUB will be accessible from your Account page after purchase.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
This is the eBook version of the print title. Note that the eBook does not provide access to the practice test software that accompanies the print book.
Learn, prepare, and practice for CISSP exam success with this Cert Guide from Pearson IT Certification, a leader in IT Certification learning.
CISSP Cert Guide, Third Edition is a best-of-breed exam study guide. Leading IT certification experts Robin Abernathy and Troy McMillan share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.
The companion website contains the powerful Pearson Test Prep practice test software engine, complete with hundreds of exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.
Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this CISSP study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.
The ISC 2 study guide helps you master all the topics on the CISSP exam, including
· Telecommunications and network security
· Information security governance and risk management
· Software development security
· Security architecture and design
· Business continuity and disaster recovery planning
· Legal, regulations, investigations, and compliance
· Physical (environmental) security
Chapter 1 Security and Risk Management 2
Security Terms 5
Auditing and Accounting 6
Default Security Posture 7
Defense in Depth 7
Security Governance Principles 8
Security Function Alignment 9
Organizational Processes 12
Organizational Roles and Responsibilities 14
Security Control Frameworks 17
Due Care and Due Diligence 32
Contractual, Legal, Industry Standards, and Regulatory Compliance 34
Privacy Requirements Compliance 35
Legal and Regulatory Issues 35
Computer Crime Concepts 36
Major Legal Systems 38
Licensing and Intellectual Property 40
Cyber Crimes and Data Breaches 44
Import/Export Controls 45
Trans-Border Data Flow 45
Professional Ethics 52
(ISC)2 Code of Ethics 52
Computer Ethics Institute 53
Internet Architecture Board 54
Organizational Code of Ethics 54
Security Documentation 54
Business Continuity 58
Business Continuity and Disaster Recovery Concepts 58
Scope and Plan 61
BIA Development 65
Personnel Security Policies and Procedures 68
Candidate Screening and Hiring 69
Employment Agreements and Policies 70
Employee Onboarding and Offboarding Policies 71
Vendor, Consultant, and Contractor Agreements and Controls 72
Compliance Policy Requirements 72
Privacy Policy Requirements 72
Job Rotation 73
Separation of Duties 73
Risk Management Concepts 73
Asset and Asset Valuation 73
Threat Agent 74
Risk Appetite 76
Risk Management Policy 77
Risk Management Team 77
Risk Analysis Team 77
Risk Assessment 78
Control Categories 83
Control Types 84
Controls Assessment, Monitoring, and Measurement 89
Reporting and Continuous Improvement 89
Risk Frameworks 90
Geographical Threats 108
Internal Versus External Threats 108
Natural Threats 109
System Threats 110
Human-Caused Threats 111
Politically Motivated Threats 114
Threat Modeling 115
Threat Modeling Concepts 116
Threat Modeling Methodologies 116
Identifying Threats 119
Potential Attacks 120
Remediation Technologies and Processes 121
Security Risks in the Supply Chain 121
Risks Associated with Hardware, Software, and Services 121
Third-party Assessment and Monitoring 122
Minimum Service-Level and Security Requirements 123
Service-Level Requirements 123
Security Education, Training, and Awareness 124
Levels Required 124
Methods and Techniques 125
Periodic Content Reviews 126
Exam Preparation Tasks 126
Chapter 2 Asset Security 140
Asset Security Concepts 141
Data Policy 141
Roles and Responsibilities 143
Data Quality 144
Data Documentation and Organization 145
Identify and Classify Information and Assets 146
Data and Asset Classification 146
Sensitivity and Criticality 146
Private Sector Classifications 151
Military and Government Classifications 152
Information Life Cycle 153
Information and Asset Ownership 160
Protect Privacy 161
Data Processors 162
Data Remanence 162
Collection Limitation 163
Asset Retention 164
Data Security Controls 166
Data Security 166
Data States 166
Data Access and Sharing 167
Data Storage and Archiving 168
Scoping and Tailoring 170
Standards Selection 170
Data Protection Methods 171
Information and Asset Handling Requirements 172
Marking, Labeling, and Storing 172
Exam Preparation Tasks 173
Chapter 3 Security Architecture and Engineering 178
Engineering Processes Using Secure Design Principles 180
Objects and Subjects 181
Closed Versus Open Systems 182
Confidentiality, Integrity, and Availability 182
Security Modes 183
Defense in Depth 185
Security Model Types 185
Security Models 188
System Architecture Steps 192
ISO/IEC 42010:2011 193
Computing Platforms 193
Security Services 196
System Components 196
System Security Evaluation Models 205
Common Criteria 211
Security Implementation Standards 213
Controls and Countermeasures 217
Certification and Accreditation 217
Control Selection Based upon Systems Security Requirements 218
Security Capabilities of Information Systems 219
Memory Protection 219
Trusted Platform Module 220
Fault Tolerance 221
Policy Mechanisms 222
Security Architecture Maintenance 223
Vulnerabilities of Security Architectures, Designs, and Solution Elements 224
Client-Based Systems 224
Server-Based Systems 225
Database Systems 226
Cryptographic Systems 227
Industrial Control Systems 227
Cloud-Based Systems 230
Large-Scale Parallel Data Systems 236
Distributed Systems 237
Grid Computing 237
Peer-to-Peer Computing 237
Internet of Things 238
Vulnerabilities in Web-Based Systems 242
Maintenance Hooks 242
Time-of-Check/Time-of-Use Attacks 243
Web-Based Attacks 243
Vulnerabilities in Mobile Systems 244
Device Security 245
Application Security 246
Mobile Device Concerns 246
NIST SP 800-164 248
Vulnerabilities in Embedded Devices 250
Cryptography Concepts 250
Cryptography History 253
Cryptosystem Features 256
NIST SP 800-175A and B 257
Cryptographic Mathematics 258
Cryptographic Life Cycle 261
Cryptographic Types 262
Running Key and Concealment Ciphers 263
Substitution Ciphers 263
Transposition Ciphers 265
Symmetric Algorithms 266
Asymmetric Algorithms 268
Hybrid Ciphers 269
Symmetric Algorithms 269
DES and 3DES 270
Asymmetric Algorithms 276
Zero-knowledge Proof 279
Public Key Infrastructure 279
Certification Authority and Registration Authority 279
Certificate Life Cycle 281
Certificate Revocation List 283
Key Management Practices 285
Message Integrity 293
Message Authentication Code 297
Digital Signatures 299
Applied Cryptography 300
Link Encryption Versus End-to-End Encryption 300
Email Security 300
Internet Security 300
Cryptanalytic Attacks 301
Ciphertext-Only Attack 302
Known Plaintext Attack 302
Chosen Plaintext Attack 302
Chosen Ciphertext Attack 302
Social Engineering 302
Brute Force 302
Differential Cryptanalysis 303
Linear Cryptanalysis 303
Algebraic Attack 303
Frequency Analysis 303
Birthday Attack 303
Dictionary Attack 303
Replay Attack 304
Analytic Attack 304
Statistical Attack 304
Factoring Attack 304
Reverse Engineering 304
Meet-in-the-Middle Attack 304
Ransomware Attack 304
Side-Channel Attack 305
Digital Rights Management 305
Document DRM 306
Video Game DRM 306
Site and Facility Design 307
Layered Defense Model 307
Physical Security Plan 308
Facility Selection Issues 309
Site and Facility Security Controls 312
Glass Entries 315
Visitor Control 315
Wiring Closets/Intermediate Distribution Facilities 316
Environmental Security 317
Equipment Security 321
Exam Preparation Tasks 323
Chapter 4 Communication and Network Security 334
Secure Network Design Principles 335
TCP/IP Model 340
IP Networking 345
Common TCP/UDP Ports 346
Logical and Physical Addressing 347
Network Transmission 353
Network Types 370
Protocols and Services 372
FTP, FTPS, SFTP, TFTP 374
HTTP, HTTPS, S-HTTP 375