Official (ISC)2 Guide to the CISSP CBK, Second Edition

CISSP Hernandez Steven (Herausgeber)

Buch | Hardcover

968 Seiten

2009 | 2nd New edition
Taylor & Francis Inc (Verlag)
978-1-4398-0959-4 (ISBN)

Titel erscheint in neuer Auflage

Artikel merken

Zu diesem Artikel existiert eine Nachauflage

Official (ISC)2 Guide to the CISSP CBK, Third Edition

Hernandez, CISSP, Steven

2013

Buch | Hardcover

73, ⁵⁵ €

zur Neuauflage

(ISC)2 created the information security industry's first CBK[registered], a global compendium of information security topics. The CBK serves as the basis for (ISC)2's education and certification programs. This book provides an understanding of the CISSP CBK - a collection of topics relevant to information security professionals.

With each new advance in connectivity and convenience comes a new wave of threats to privacy and security capable of destroying a company’s reputation, violating a consumer’s privacy, compromising intellectual property, and in some cases endangering personal safety. This is why it is essential for information security professionals to stay up to date with the latest advances in technology and the new security threats they create.

Recognized as one of the best tools available for the information security professional and especially for candidates studying for the (ISC)2 CISSP examination, the Official (ISC)2® Guide to the CISSP® CBK®, Second Edition has been updated and revised to reflect the latest developments in this ever-changing field. Endorsed by the (ISC)2, this book provides unrivaled preparation for the certification exam that is both up to date and authoritative. Compiled and reviewed by CISSPs and (ISC)2 members, the text provides an exhaustive review of the 10 current domains of the CBK—and the high-level topics contained in each domain.

Earning your CISSP is a deserving achievement that makes you a member of an elite network of professionals. This book not only provides you with the tools to effectively study for the exam, but also supplies you with ready access to best practices for implementing new technologies, dealing with current threats, incorporating new security tools, and managing the human factor of security—that will serve you well into your career.

Harold F. Tipton, HFT Associates, Villa Park, California, USA

INFORMATION SECURITY AND RISK MANAGEMENT
Introduction
The Business Case for Information Security Management
Core Information Security Principles: Availability, Integrity,
Information Security Management Governance
Organizational Behavior
Security Awareness, Training, and Education
Risk Management
Ethics
Data Classification Policy
Data Handling Policy
References
Other References
Sample Questions
ACCESS CONTROL
Introduction
Definitions and Key Concepts
Access Control Categories and Types
Access Control Threats
Access to Systems
Access to Data
Intrusion Detection and Prevention Systems
Access Control Assurance
References.
Sample Questions
CRYPTOGRAPHY
Introduction
Key Concepts and Definitions
Encryption Systems
Message Integrity Controls
Digital Signatures
Encryption Management
Cryptanalysis and Attacks
Encryption Usage
References
Sample Questions
PHYSICAL (ENVIRONMENTAL) SECURITY
Introduction
Site Location
The Layered Defense Model
Information Protection and Management Services
Summary
References
Sample Questions
SECURITY ARCHITECTURE AND DESIGN
Introduction
Security Architecture and Design Components and Principles
Security Models and Architecture Theory
Security Product Evaluation Methods and Criteria
Sample Questions
BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING
Introduction
Organization of the BCP/DRP Domain Chapter
Terminology
Appendix A: Addressing Legislative Compliance within Business Continuity Plans
TELECOMMUNICATIONS AND NETWORK SECURITY
Introduction
Basic Concepts
Layer 1: Physical Layer
Layer 2: Data-Link Layer
Layer 3: Network Layer
Layer 4: Transport Layer
Layer 5: Session Layer
Layer 6: Presentation Layer
Layer 7: Application Layer
Trivial File Transfer Protocol (TFTP)
General References
Sample Questions
Endnotes
APPLICATION SECURITY
Domain Description and Introduction
Applications Development and Programming Concepts and Protection
Audit and Assurance Mechanisms
Malicious Software (Malware)
The Database and Data Warehousing Environment
Web Application Environment
Summary
References
OPERATIONS SECURITY
Introduction
Privileged Entity Controls
Resource Protection
Continuity of Operations
Change Control Management
Summary
References
Sample Questions
LEGAL, REGULATIONS, COMPLIANCE AND INVESTIGATIONS
Introduction
Major Legal Systems
Information Technology Laws and Regulations
Incident Response
Computer Forensics
Conclusions
References
Sample Questions
ANSWERS TO SAMPLE QUESTIONS
CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP®) CANDIDATE INFORMATION BULLETIN
GLOSSARY
INDEX

Erscheint lt. Verlag	12.1.2010
Reihe/Serie	ISC2 Press
Zusatzinfo	1/12 - REPLACED ALL TEXT FILES; MANY CORREX FOR PRINTING (5TH); 32 Tables, black and white; 74 Illustrations, black and white
Verlagsort	Washington
Sprache	englisch
Maße	156 x 235 mm
Gewicht	1474 g
Themenwelt	Informatik ► Netzwerke ► Sicherheit / Firewall
Themenwelt	Informatik ► Weitere Themen ► Zertifizierung
ISBN-10	1-4398-0959-3 / 1439809593
ISBN-13	978-1-4398-0959-4 / 9781439809594
Zustand	Neuware