CISSP -8th Edition- - Certified Information Systems Security Professional Study Guide

Read more

CISSP Study Guide - fully updated for the 2018 CISSP Body of KnowledgeCISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:* Six unique 150 question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.* More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam* A searchable glossary in PDF to give you instant access to the key terms you need to know for the examCoverage of all of the exam topics in the book means you'll be ready for:* Security and Risk Management* Asset Security* Security Engineering* Communication and Network Security* Identity and Access Management* Security Assessment and Testing* Security Operations* Software Development Security

List of contents

Introduction xxxiiiAssessment Test xliiChapter 1 Security Governance Through Principles and Policies 1Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2Evaluate and Apply Security Governance Principles 14Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 26Understand and Apply Threat Modeling Concepts and Methodologies 30Apply Risk-Based Management Concepts to the Supply Chain 38Summary 40Exam Essentials 42Written Lab 44Review Questions 45Chapter 2 Personnel Security and Risk Management Concepts 49Personnel Security Policies and Procedures 51Security Governance 62Understand and Apply Risk Management Concepts 63Establish and Maintain a Security Awareness, Education, and Training Program 86Manage the Security Function 87Summary 88Exam Essentials 89Written Lab 92Review Questions 93Chapter 3 Business Continuity Planning 97Planning for Business Continuity 98Project Scope and Planning 99Business Impact Assessment 105Continuity Planning 111Plan Approval and Implementation 114Summary 119Exam Essentials 119Written Lab 120Review Questions 121Chapter 4 Laws, Regulations, and Compliance 125Categories of Laws 126Laws 129Compliance 149Contracting and Procurement 150Summary 151Exam Essentials 152Written Lab 153Review Questions 154Chapter 5 Protecting Security of Assets 159Identify and Classify Assets 160Determining Ownership 178Using Security Baselines 186Summary 187Exam Essentials 188Written Lab 189Review Questions 190Chapter 6 Cryptography and Symmetric Key Algorithms 195Historical Milestones in Cryptography 196Cryptographic Basics 198Modern Cryptography 214Symmetric Cryptography 219Cryptographic Lifecycle 228Summary 229Exam Essentials 229Written Lab 231Review Questions 232Chapter 7 PKI and Cryptographic Applications 237Asymmetric Cryptography 238Hash Functions 242Digital Signatures 246Public Key Infrastructure 249Asymmetric Key Management 253Applied Cryptography 254Cryptographic Attacks 265Summary 268Exam Essentials 269Written Lab 270Review Questions 271Chapter 8 Principles of Security Models, Design, and Capabilities 275Implement and Manage Engineering Processes Using Secure Design Principles 276Understand the Fundamental Concepts of Security Models 281Select Controls Based On Systems Security Requirements 295Understand Security Capabilities of Information Systems 309Summary 311Exam Essentials 312Written Lab 313Review Questions 314Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 319Assess and Mitigate Security Vulnerabilities 320Client-Based Systems 342Server-Based Systems 346Database Systems Security 347Distributed Systems and Endpoint Security 350Internet of Things 358Industrial Control Systems 359Assess and Mitigate Vulnerabilities in Web-Based Systems 360Assess and Mitigate Vulnerabilities in Mobile Systems 365Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems 375Essential Security Protection Mechanisms 379Common Architecture Flaws and Security Issues 384Summary 390Exam Essentials 391Written Lab 394Review Questions 395Chapter 10 Physical Security Requirements 399Apply Security Principles to Site and Facility Design 400Implement Site and Facility Security Controls 403Implement and Manage Physical Security 422Summary 431Exam Essentials 432Written Lab 434Review Questions 435Chapter 11 Secure Network Architecture and Securing Network Components 439OSI Model 440TCP/IP Model 451Converged Protocols 470Wireless Networks 472Secure Network Components 486Cabling, Wireless, Topology, Communications, and Transmission Media Technology 495Summary 513Exam Essentials 514Written Lab 516Review Questions 517Chapter 12 Secure Communications and Network Attacks 521Network and Protocol Security Mechanisms 522Secure Voice Communications 525Multimedia Collaboration 529Manage Email Security 530Remote Access Security Management 536Virtual Private Network 540Virtualization 546Network Address Translation 549Switching Technologies 553WAN Technologies 556Miscellaneous Security Control Characteristics 561Security Boundaries 563Prevent or Mitigate Network Attacks 564Summary 569Exam Essentials 571Written Lab 573Review Questions 574Chapter 13 Managing Identity and Authentication 579Controlling Access to Assets 580Comparing Identification and Authentication 584Implementing Identity Management 602Managing the Identity and Access Provisioning Lifecycle 611Summary 614Exam Essentials 615Written Lab 617Review Questions 618Chapter 14 Controlling and Monitoring Access 623Comparing Access Control Models 624Understanding Access Control Attacks 635Summary 653Exam Essentials 654Written Lab 656Review Questions 657Chapter 15 Security Assessment and Testing 661Building a Security Assessment and Testing Program 662Performing Vulnerability Assessments 668Testing Your Software 681Implementing Security Management Processes 688Summary 690Exam Essentials 691Written Lab 692Review Questions 693Chapter 16 Managing Security Operations 697Applying Security Operations Concepts 698Securely Provisioning Resources 710Managing Configuration 718Managing Change 719Managing Patches and Reducing Vulnerabilities 723Summary 728Exam Essentials 729Written Lab 731Review Questions 732Chapter 17 Preventing and Responding to Incidents 737Managing Incident Response 738Implementing Detective and Preventive Measures 745Logging, Monitoring, and Auditing 773Summary 790Exam Essentials 792Written Lab 795Review Questions 796Chapter 18 Disaster Recovery Planning 801The Nature of Disaster 802Understand System Resilience and Fault Tolerance 812Recovery Strategy 818Recovery Plan Development 827Training, Awareness, and Documentation 835Testing and Maintenance 836Summary 838Exam Essentials 838Written Lab 839Review Questions 840Chapter 19 Investigations and Ethics 845Investigations 846Major Categories of Computer Crime 857Ethics 861Summary 864Exam Essentials 864Written Lab 865Review Questions 866Chapter 20 Software Development Security 871Introducing Systems Development Controls 872Establishing Databases and Data Warehousing 895Storing Data and Information 904Understanding Knowledge-Based Systems 906Summary 909Exam Essentials 909Written Lab 910Review Questions 911Chapter 21 Malicious Code and Application Attacks 915Malicious Code 916Password Attacks 929Application Attacks 933Web Application Security 935Reconnaissance Attacks 940Masquerading Attacks 941Summary 942Exam Essentials 943Written Lab 944Review Questions 945Appendix A Answers to Review Questions 949Chapter 1: Security Governance Through Principles and Policies 950Chapter 2: Personnel Security and Risk Management Concepts 951Chapter 3: Business Continuity Planning 952Chapter 4: Laws, Regulations, and Compliance 954Chapter 5: Protecting Security of Assets 956Chapter 6: Cryptography and Symmetric Key Algorithms 958Chapter 7: PKI and Cryptographic Applications 960Chapter 8: Principles of Security Models, Design, and Capabilities 961Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 963Chapter 10: Physical Security Requirements 965Chapter 11: Secure Network Architecture and Securing Network Components 966Chapter 12: Secure Communications and Network Attacks 968Chapter 13: Managing Identity and Authentication 969Chapter 14: Controlling and Monitoring Access 971Chapter 15: Security Assessment and Testing 973Chapter 16: Managing Security Operations 975Chapter 17: Preventing and Responding to Incidents 977Chapter 18: Disaster Recovery Planning 980Chapter 19: Investigations and Ethics 981Chapter 20: Software Development Security 983Chapter 21: Malicious Code and Application Attacks 984Appendix B Answers to Written Labs 987Chapter 1: Security Governance Through Principles and Policies 988Chapter 2: Personnel Security and Risk Management Concepts 988Chapter 3: Business Continuity Planning 989Chapter 4: Laws, Regulations, and Compliance 990Chapter 5: Protecting Security of Assets 991Chapter 6: Cryptography and Symmetric Key Algorithms 991Chapter 7: PKI and Cryptographic Applications 992Chapter 8: Principles of Security Models, Design, and Capabilities 992Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 993Chapter 10: Physical Security Requirements 994Chapter 11: Secure Network Architecture and Securing Network Components 994Chapter 12: Secure Communications and Network Attacks 995Chapter 13: Managing Identity and Authentication 996Chapter 14: Controlling and Monitoring Access 996Chapter 15: Security Assessment and Testing 997Chapter 16: Managing Security Operations 997Chapter 17: Preventing and Responding to Incidents 998Chapter 18: Disaster Recovery Planning 999Chapter 19: Investigations and Ethics 999Chapter 20: Software Development Security 1000Chapter 21: Malicious Code and Application Attacks 1000Index 1001

About the author

ABOUT THE AUTHORS

Mike Chapple, PhD, CISSP, Security+, CISA, CySA+ is Associate Teaching Professor of IT, Analytics and Operations at the University of Notre Dame. He is a leading expert on cybersecurity certification and runs CertMike.com.

James Michael Stewart, CISSP, CEH, ECSA, CHFI, Security+, Network+, has focused on security, certification, networking, and various operating systems for more than 25 years. He teaches numerous job skill and certification focused courses. He has authored or coauthored more than 75 books.

Darril Gibson, CISSP, Security+, CASP, is CEO of YCDA, LLC. He regularly writes and consults on a variety of technical and security topics, and has authored or coauthored more than 35 books.

Summary

CISSP Study Guide - fully updated for the 2018 CISSP Body of Knowledge

CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:
* Six unique 150 question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.
* More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
* A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam

Coverage of all of the exam topics in the book means you'll be ready for:
* Security and Risk Management
* Asset Security
* Security Engineering
* Communication and Network Security
* Identity and Access Management
* Security Assessment and Testing
* Security Operations
* Software Development Security