ISC2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple, James Michael Stewart, Darril Gibson

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide

Buch | Softcover
1248 Seiten
2024 | 10th edition
Sybex Inc.,U.S. (Verlag)
978-1-394-25469-9 (ISBN)
68,55 inkl. MwSt
CISSP Study Guide - fully updated for the 2024 CISSP Body of Knowledge

ISC2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 10th Edition has been completely updated based on the latest 2024 CISSP Detailed Content Outline. This bestselling Sybex Study Guide covers 100% of the CISSP objectives. You'll prepare smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic Study Essentials and chapter review questions.

The book’s co-authors bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully prove your CISSP mastery. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:



Over 900 practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more.
More than 1000 Electronic Flashcards to reinforce your learning and give you last-minute test prep 
A searchable glossary in PDF to give you instant access to the key terms you need to know 
Audio Review. Author Mike Chapple reads the Study Essentials for each chapter providing you with more than 2 hours of up-to-date audio review for yet another way to reinforce your knowledge as you prepare.

Coverage of all of the CISSP topics in the book means you'll be ready for:



Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security

 

Introduction xxxv

Assessment Test lx

Chapter 1 Security Governance Through Principles and Policies 1

Security 101 3

Understand and Apply Security Concepts 4

Security Boundaries 13

Evaluate and Apply Security Governance Principles 14

Manage the Security Function 16

Security Policy, Standards, Procedures, and Guidelines 27

Threat Modeling 29

Supply Chain Risk Management 35

Summary 38

Study Essentials 39

Written Lab 41

Review Questions 42

Chapter 2 Personnel Security and Risk Management Concepts 49

Personnel Security Policies and Procedures 51

Understand and Apply Risk Management Concepts 60

Social Engineering 90

Establish and Maintain a Security Awareness, Education, and Training Program 106

Summary 110

Study Essentials 111

Written Lab 114

Review Questions 115

Chapter 3 Business Continuity Planning 121

Planning for Business Continuity 122

Project Scope and Planning 123

Business Impact Analysis 131

Continuity Planning 137

Plan Approval and Implementation 140

Summary 145

Study Essentials 145

Written Lab 146

Review Questions 147

Chapter 4 Laws, Regulations, and Compliance 151

Categories of Laws 152

Laws 155

State Privacy Laws 179

Compliance 179

Contracting and Procurement 181

Summary 182

Study Essentials 182

Written Lab 184

Review Questions 185

Chapter 5 Protecting Security of Assets 189

Identifying and Classifying Information and Assets 190

Establishing Information and Asset Handling Requirements 198

Data Protection Methods 208

Understanding Data Roles 214

Using Security Baselines 216

Summary 219

Study Essentials 220

Written Lab 221

Review Questions 222

Chapter 6 Cryptography and Symmetric Key Algorithms 227

Cryptographic Foundations 228

Modern Cryptography 246

Symmetric Cryptography 253

Cryptographic Life Cycle 263

Summary 264

Study Essentials 264

Written Lab 266

Review Questions 267

Chapter 7 PKI and Cryptographic Applications 271

Asymmetric Cryptography 272

Hash Functions 279

Digital Signatures 283

Public Key Infrastructure 286

Asymmetric Key Management 292

Hybrid Cryptography 293

Applied Cryptography 294

Cryptographic Attacks 306

Summary 309

Study Essentials 310

Written Lab 311

Review Questions 312

Chapter 8 Principles of Security Models, Design, and Capabilities 317

Secure Design Principles 319

Techniques for Ensuring CIA 330

Understand the Fundamental Concepts of Security Models 332

Select Controls Based on Systems Security Requirements 345

Understand Security Capabilities of Information Systems 349

Summary 352

Study Essentials 353

Written Lab 354

Review Questions 355

Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 359

Shared Responsibility 360

Data Localization and Data Sovereignty 362

Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 363

Client‐Based Systems 378

Server‐Based Systems 381

Industrial Control Systems 384

Distributed Systems 386

High‐Performance Computing (HPC) Systems 387

Real‐Time Operating Systems 388

Internet of Things 389

Edge and Fog Computing 390

Embedded Devices and Cyber‐Physical Systems 391

Microservices 396

Infrastructure as Code 397

Immutable Architecture 398

Virtualized Systems 399

Containerization 406

Mobile Devices 407

Essential Security Protection Mechanisms 424

Common Security Architecture Flaws and Issues 427

Summary 431

Study Essentials 432

Written Lab 436

Review Questions 437

Chapter 10 Physical Security Requirements 443

Apply Security Principles to Site and Facility Design 444

Implement Site and Facility Security Controls 449

Implement and Manage Physical Security 473

Summary 480

Study Essentials 481

Written Lab 484

Review Questions 485

Chapter 11 Secure Network Architecture and Components 491

OSI Model 493

TCP/IP Model 501

Analyzing Network Traffic 502

Common Application Layer Protocols 503

Transport Layer Protocols 504

Domain Name System 506

Internet Protocol (IP) Networking 512

ARP Concerns 516

Secure Communication Protocols 517

Implications of Multilayer Protocols 518

Segmentation 523

Edge Networks 526

Wireless Networks 527

Satellite Communications 543

Cellular Networks 544

Content Distribution Networks (CDNs) 544

Secure Network Components 545

Summary 572

Study Essentials 573

Written Lab 575

Review Questions 576

Chapter 12 Secure Communications and Network Attacks 581

Protocol Security Mechanisms 582

Secure Voice Communications 587

Remote Access Security Management 591

Multimedia Collaboration 595

Monitoring and Management 597

Load Balancing 597

Manage Email Security 600

Virtual Private Network 606

Switching and Virtual LANs 613

Network Address Translation 617

Third‐Party Connectivity 622

Switching Technologies 624

WAN Technologies 626

Fiber‐Optic Links 629

Prevent or Mitigate Network Attacks 630

Summary 631

Study Essentials 632

Written Lab 635

Review Questions 636

Chapter 13 Managing Identity and Authentication 641

Controlling Access to Assets 643

The AAA Model 645

Implementing Identity Management 662

Managing the Identity and Access Provisioning Life Cycle 668

Summary 672

Study Essentials 672

Written Lab 675

Review Questions 676

Chapter 14 Controlling and Monitoring Access 681

Comparing Access Control Models 682

Implementing Authentication Systems 694

Zero‐Trust Access Policy Enforcement 702

Understanding Access Control Attacks 703

Summary 719

Study Essentials 720

Written Lab 721

Review Questions 722

Chapter 15 Security Assessment and Testing 727

Building a Security Assessment and Testing Program 729

Performing Vulnerability Assessments 735

Testing Your Software 750

Training and Exercises 758

Implementing Security Management Processes and Collecting Security Process Data 759

Summary 762

Exam Essentials 763

Written Lab 764

Review Questions 765

Chapter 16 Managing Security Operations 769

Apply Foundational Security Operations Concepts 771

Address Personnel Safety and Security 778

Provision Information and Assets Securely 780

Managed Services in the Cloud 786

Perform Configuration Management (CM) 790

Manage Change 793

Manage Patches and Reduce Vulnerabilities 797

Summary 801

Study Essentials 802

Written Lab 804

Review Questions 805

Chapter 17 Preventing and Responding to Incidents 809

Conducting Incident Management 811

Implementing Detection and Preventive Measures 818

Logging and Monitoring 842

Automating Incident Response 854

Summary 860

Study Essentials 860

Written Lab 863

Review Questions 864

Chapter 18 Disaster Recovery Planning 869

The Nature of Disaster 871

Understand System Resilience, High Availability, and Fault Tolerance 883

Recovery Strategy 888

Recovery Plan Development 898

Training, Awareness, and Documentation 906

Testing and Maintenance 907

Summary 911

Study Essentials 912

Written Lab 913

Review Questions 914

Chapter 19 Investigations and Ethics 919

Investigations 920

Major Categories of Computer Crime 934

Ethics 940

Summary 944

Study Essentials 945

Written Lab 946

Review Questions 947

Chapter 20 Software Development Security 951

Introducing Systems Development Controls 953

Establishing Databases and Data Warehousing 984

Storage Threats 994

Understanding Knowledge‐ Based Systems 995

Summary 998

Study Essentials 998

Written Lab 1000

Review Questions 1001

Chapter 21 Malicious Code and Application Attacks 1005

Malware 1006

Malware Prevention 1018

Application Attacks 1021

Injection Vulnerabilities 1024

Exploiting Authorization Vulnerabilities 1030

Exploiting Web Application Vulnerabilities 1033

Application Security Controls 1038

Secure Coding Practices 1044

Summary 1048

Study Essentials 1048

Written Lab 1049

Review Questions 1050

Appendix A Answers to Review Questions 1055

Chapter 1: Security Governance Through Principles and Policies 1056

Chapter 2: Personnel Security and Risk Management Concepts 1059

Chapter 3: Business Continuity Planning 1063

Chapter 4: Laws, Regulations, and Compliance 1065

Chapter 5: Protecting Security of Assets 1068

Chapter 6: Cryptography and Symmetric Key Algorithms 1070

Chapter 7: PKI and Cryptographic Applications 1072

Chapter 8: Principles of Security Models, Design, and Capabilities 1074

Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 1077

Chapter 10: Physical Security Requirements 1082

Chapter 11: Secure Network Architecture and Components 1085

Chapter 12: Secure Communications and Network Attacks 1089

Chapter 13: Managing Identity and Authentication 1092

Chapter 14: Controlling and Monitoring Access 1095

Chapter 15: Security Assessment and Testing 1097

Chapter 16: Managing Security Operations 1099

Chapter 17: Preventing and Responding to Incidents 1102

Chapter 18: Disaster Recovery Planning 1104

Chapter 19: Investigations and Ethics 1106

Chapter 20: Software Development Security 1108

Chapter 21: Malicious Code and Application Attacks 1111

Appendix B Answers to Written Labs 1115

Chapter 1: Security Governance Through Principles and Policies 1116

Chapter 2: Personnel Security and Risk Management Concepts 1116

Chapter 3: Business Continuity Planning 1117

Chapter 4: Laws, Regulations, and Compliance 1118

Chapter 5: Protecting Security of Assets 1119

Chapter 6: Cryptography and Symmetric Key Algorithms 1119

Chapter 7: PKI and Cryptographic Applications 1120

Chapter 8: Principles of Security Models, Design, and Capabilities 1121

Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 1121

Chapter 10: Physical Security Requirements 1123

Chapter 11: Secure Network Architecture and Components 1124

Chapter 12: Secure Communications and Network Attacks 1125

Chapter 13: Managing Identity and Authentication 1126

Chapter 14: Controlling and Monitoring Access 1127

Chapter 15: Security Assessment and Testing 1127

Chapter 16: Managing Security Operations 1128

Chapter 17: Preventing and Responding to Incidents 1129

Chapter 18: Disaster Recovery Planning 1130

Chapter 19: Investigations and Ethics 1131

Chapter 20: Software Development Security 1131

Chapter 21: Malicious Code and Application Attacks 1131

Index 1133

Erscheinungsdatum
Reihe/Serie Sybex Study Guide
Verlagsort New York
Sprache englisch
Maße 188 x 234 mm
Gewicht 1610 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Weitere Themen Zertifizierung
ISBN-10 1-394-25469-5 / 1394254695
ISBN-13 978-1-394-25469-9 / 9781394254699
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00