CISSP Cert Guide

Read more

In this comprehensive study guide, two leading experts help you master all the topics you need to know to succeed on the latest CISSP exam and advance your career in IT security. Their concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know.
Every feature of this book supports both efficient exam preparation and long-term mastery:

• Opening Topics Lists identify the topics you need to learn in each chapter and list (ISC)²s official exam objectives
• Key Topic figures, tables, and lists call attention to the information thats most crucial for exam success
• Exam Preparation Tasks enable you to review key topics, complete memory tables, define key terms, work through scenarios, and answer review questionsgoing beyond mere facts to master the concepts that are crucial to passing the exam and enhancing your career
• Key Terms are listed in each chapter and defined in a complete glossary, explaining all the fields essential terminology

This study guide helps you master all the topics on the latest CISSP exam, deepening your knowledge of:

• Security and Risk Management
• Asset Security
• Security Architecture and Engineering
• Communication and Network Security
• Identity and Access Management (IAM)
• Security Assessment and Testing
• Security Operations
• Software Development Security

List of contents

    Introduction xlix
Chapter 1 Security and Risk Management 5
    Foundation Topics 6
    Security Terms 6
    Security Governance Principles 11
    Compliance 40
    Legal and Regulatory Issues 42
    Investigation Types 65
    Professional Ethics 70
    Security Documentation 72
    Business Continuity 76
    Personnel Security Policies and Procedures 89
    Risk Management Concepts 95
    Geographical Threats 133
    Threat Modeling 142
    Security Risks in the Supply Chain 148
    Security Education, Training, and Awareness 153
    Exam Preparation Tasks 155
    Review All Key Topics 155
    Complete the Tables and Lists from Memory 157
    Define Key Terms 157
    Answer Review Questions 158
    Answers and Explanations 164
Chapter 2 Asset Security 171
    Foundation Topics 172
    Asset Security Concepts 172
    Identify and Classify Information and Assets 175
    Information and Asset Handling Requirements 183
    Provision Resources Securely 185
    Data Life Cycle 186
    Asset Retention 201
    Data Security Controls 203
    Exam Preparation Tasks 211
    Review All Key Topics 211
    Define Key Terms 211
    Answer Review Questions 212
    Answers and Explanations 213
Chapter 3 Security Architecture and Engineering 219
    Foundation Topics 220
    Information Systems Life Cycle 220
    Engineering Processes Using Secure Design Principles 223
    Security Model Concepts 231
    System Security Evaluation Models 255
    Certification and Accreditation 267
    Control Selection Based on Systems Security Requirements 268
    Security Capabilities of Information Systems 269
    Security Architecture Maintenance 272
    Vulnerabilities of Security Architectures, Designs, and Solution Elements 273
    Vulnerabilities in Web-Based Systems 296
    Vulnerabilities in Mobile Systems 299
    Vulnerabilities in Embedded Systems 304
    Cryptographic Solutions 305
    Cryptographic Types 317
    Symmetric Algorithms 325
    Asymmetric Algorithms 332
    Public Key Infrastructure and Digital Certificates 335
    Key Management Practices 343
    Message Integrity 347
    Digital Signatures and Non-repudiation 354
    Applied Cryptography 354
    Cryptanalytic Attacks 355
    Digital Rights Management 360
    Site and Facility Design 362
    Site and Facility Security Controls 368
    Exam Preparation Tasks 379
    Review All Key Topics 379
    Complete the Tables and Lists from Memory 381
    Define Key Terms 381
    Answer Review Questions 382
    Answers and Explanations 387
Chapter 4 Communication and Network Security 391
    Foundation Topics 392
    Secure Network Design Principles 392
    IP Networking 403
    Protocols and Services 435
    Converged Protocols 443
    Wireless Networks 448
    Communications Cryptography 468
    Secure Network Components 473
    Secure Communication Channels 520
    Network Attacks 535
    Exam Preparation Tasks 547
    Review All Key Topics 547
    Define Key Terms 548
    Answer Review Questions 550
    Answers and Explanations 555
Chapter 5 Identity and Access Management (IAM) 561
    Foundation Topics 562
    Access Control Process 562
    Physical and Logical Access to Assets 563
    Identification and Authentication Concepts 568
    Identification and Authentication Implementation 588
    Identity as a Service (IDaaS) Implementation 602
    Third-Party Identity Services Integration 602
    Authorization Mechanisms 603
    Provisioning Life Cycle 612
    Access Control Threats 618
    Prevent or Mitigate Access Control Threats 625
    Exam Preparation Tasks 625
    Review All Key Topics 625
    Define Key Terms 626
    Answer Review Questions 627
    Answers and Explanations 630
Chapter 6 Security Assessment and Testing 635
    Foundation Topics 636
    Design and Validate Assessment and Testing Strategies 636
    Conduct Security Control Testing 639
    Collect Security Process Data 655
    Analyze Test Outputs and Generate a Report 659
    Conduct or Facilitate Security Audits 659
    Exam Preparation Tasks 661
    Review All Key Topics 661
    Define Key Terms 662
    Answer Review Questions 662
    Answers and Explanations 665
Chapter 7 Security Operations 673
    Foundation Topics 674
    Investigations 674
    Logging and Monitoring Activities 690
    Configuration and Change Management 697
    Security Operations Concepts 702
    Resource Protection 707
    Incident Management 719
    Detective and Preventive Measures 724
    Patch and Vulnerability Management 729
    Recovery Strategies 729
    Disaster Recovery 747
    Testing Disaster Recovery Plans 751
    Business Continuity Planning and Exercises 753
    Physical Security 754
    Personnel Safety and Security 760
    Exam Preparation Tasks 763
    Review All Key Topics 763
    Define Key Terms 764
    Answer Review Questions 764
    Answers and Explanations 768
Chapter 8 Software Development Security 773
    Foundation Topics 774
    Software Development Concepts 774
    Security in the System and Software Development Life Cycle 783
    Security Controls in Development 806
    Assess Software Security Effectiveness 815
    Security Impact of Acquired Software 817
    Exam Preparation Tasks 825
    Review All Key Topics 825
    Define Key Terms 825
    Answer Review Questions 826
    Answers and Explanations 830
Chapter 9 Final Preparation 835
    Tools for Final Preparation 835
    Suggested Plan for Final Review/Study 839
    Summary 840
 
Online Elements
Appendix A Memory Tables
Appendix B Memory Tables Answer Key
Glossary
9780135343999, TOC, 7/24/24

About the author

Robin M. Abernathy has been working in the IT certification preparation industry for more than 20 years. She has written and edited certification preparation materials for many (ISC)2, Microsoft, CompTIA, PMI, ITIL, ISACA, and GIAC certifications and holds multiple IT certifications from these vendors. Robin provides training on computer hardware and software, networking, security, and project management. Over the past decade, she has ventured into the traditional publishing industry by technically editing several publications and co-authoring Pearsons CISSP Cert Guide and CASP+ Cert Guide and authoring Pearsons Project+ Cert Guide. She presents at technical conferences and hosts webinars on IT certification topics.
 
Dr. Darren R. Hayes has close to 20 years of academic and professional experience in computer security and digital forensics. He has authored numerous publications in these fields, including A Practical Guide to Digital Forensics Investigations, which is published by Pearson. He is Associate Professor at Pace University, where he is the founder and director of the Seidenberg Digital Forensics Research Lab. He holds numerous IT certifications in security and digital forensics and holds a PhD from Sapienza University in Italy and a doctorate from Pace University. Darren is also a professional digital forensics examiner and has supported both criminal and civil investigations over the past decade and a half. He has also been declared an expert witness in federal court.

Summary

In this comprehensive study guide, two leading experts help you master all the topics you need to know to succeed on the latest CISSP exam and advance your career in IT security. Their concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know.
Every feature of this book supports both efficient exam preparation and long-term mastery:

• Opening Topics Lists identify the topics you need to learn in each chapter and list (ISC)²s official exam objectives
• Key Topic figures, tables, and lists call attention to the information thats most crucial for exam success
• Exam Preparation Tasks enable you to review key topics, complete memory tables, define key terms, work through scenarios, and answer review questionsgoing beyond mere facts to master the concepts that are crucial to passing the exam and enhancing your career
• Key Terms are listed in each chapter and defined in a complete glossary, explaining all the fields essential terminology

This study guide helps you master all the topics on the latest CISSP exam, deepening your knowledge of:

• Security and Risk Management
• Asset Security
• Security Architecture and Engineering
• Communication and Network Security
• Identity and Access Management (IAM)
• Security Assessment and Testing
• Security Operations
• Software Development Security