Introduction

Since 1994, security practitioners around the world have been pursuing a well-known and highly regarded professional credential: the Certified Information Systems Security Professional (CISSP) certification. At 30 years of age, CISSP is one of the oldest and most respected cybersecurity certifications in existence. And since 2001, CISSP For Dummies has been helping security practitioners enhance their security knowledge and earn the coveted CISSP certification.

Today, there are approximately 156,000 CISSPs worldwide. Ironically, some skeptics might argue that the CISSP certification is becoming less relevant because so many people have earned it. But the CISSP certification isn’t less relevant because more people are attaining it; more people are attaining it because it’s more relevant now than ever. Information security is far more important than ever, with extremely large-scale data security breaches and highly sophisticated cyberattacks becoming all too frequent in our modern era. And many countries are passing more laws and regulations concerning information security and security breaches.

Many excellent and reputable information security training and education programs are available. In addition to technical and industry certifications, many fully accredited postsecondary degrees, certificates, and apprenticeship programs are available for information security practitioners. And certainly, plenty of self-taught, highly skilled people are working in the information security field who have a strong understanding of core security concepts, techniques, and technologies. But inevitably, too many charlatans are all too willing to overstate their security qualifications, preying on the obliviousness of business and other leaders to pursue a fulfilling career in the information security field (or for other, more dubious purposes).

The CISSP certification is widely regarded as the professional standard for information security professionals. It enables security professionals to distinguish themselves from others by validating both their knowledge and experience. Likewise, it enables businesses and other organizations to identify qualified information security professionals and verify the knowledge and experience of candidates for critical information security roles in their organizations. Thus, the CISSP certification is more relevant and important than ever.

About This Book

Some say that a CISSP candidate requires a breadth of knowledge many miles across but only a few inches deep. To embellish on this statement, we believe that a CISSP candidate is more like the Great Wall of China, with a knowledge base extending over 3,500 miles — with maybe a few holes here and there, stronger in some areas than others, but nonetheless one of the Seven Wonders of the Modern World.

The problem with lots of CISSP preparation materials is defining how high (or deep) the Great Wall is. Some material overwhelms and intimidates CISSP candidates, leading them to believe that the wall is as high as it is long. Other study materials are perilously brief and shallow, giving the unsuspecting candidate a false sense of confidence while attempting to step over the Great Wall, careful not to stub a toe. To help you avoid either misstep, CISSP For Dummies, 8th Edition, answers the question “What level of knowledge and experience must a CISSP candidate possess to succeed on the CISSP exam?”

Our goal in this book is simple: to help you prepare for and pass the CISSP examination so that you can join the ranks of respected certified security professionals who dutifully serve and protect organizations and industries around the world. Although we’ve stuffed this book chock-full of good information, we don’t expect it to be a weighty desktop reference on the shelf of every security professional — although we certainly wouldn’t object.

Also, we don’t intend this book to be an all-purpose, be-all-and-end-all, one-stop shop with all the answers to life’s great mysteries. Given the broad base of knowledge required for the CISSP certification, we strongly recommend that you use multiple resources to prepare for the exam and study as much relevant information as your time and resources allow. CISSP For Dummies, 8th Edition, provides the framework and the blueprint for your study effort and sufficient information to help you pass the exam, but by itself, it won’t make you an information security expert. That takes knowledge, skills, and on-the-job experience!

Finally, as a security professional, earning your CISSP certification is only the beginning. Business and technology, which have associated risks and vulnerabilities, require us, as security professionals, to press forward constantly, consuming vast volumes of knowledge and information in a constant tug-of-war against our adversaries — lone wolves, cybercriminal organizations, and well-funded nation-states. Earning your CISSP is an outstanding achievement and an essential hallmark in a lifetime of continuous learning.

Foolish Assumptions

It’s been said that most assumptions have outlived their uselessness, but we assume a few things nonetheless! Mainly, we assume that

• You have at least five years of professional experience in two or more of the eight domains covered on the CISSP exam (corresponding to Chapters 3 through 10 of this book). Actually, this is more than an assumption; it’s a requirement for CISSP certification. Even if you lack the minimum experience, however, some experience waivers are available for certain certifications and college education (we cover the specifics in Chapter 1), and you can still take the CISSP exam and apply for certification after you meet the experience requirement.
• You have general IT experience — perhaps even many years of experience. Passing the CISSP exam requires considerable knowledge of information security and underlying IT technologies and fundamentals such as networks, operating systems, and programming.
• You have access to the Internet. Throughout this book, we provide lots of URLs for websites about technologies, standards, laws, tools, security associations, and other certifications that you’ll find helpful as you prepare for the CISSP exam. And chances are, you’ll be curious about the topics we discuss and go online to learn even more.
• You are a white hat security professional. By white hat, we mean that you act lawfully and will have no problem abiding by the ISC2 Code of Ethics (which is a requirement for CISSP certification).

Icons Used in This Book

Throughout this book, you occasionally see icons in the margin that call attention to important information that’s particularly worth noting. You won’t see smiley faces winking at you or any other cute little emoticons, but you’ll definitely want to take note! Here’s what to look for and what to expect.

This icon identifies the CISSP Common Body of Knowledge (CBK) objective covered in each section.

This icon identifies general information and core concepts that are well worth committing to your nonvolatile memory, your gray matter, or your noggin — along with anniversaries, birthdays, and other important events. You should certainly understand and review this information before taking the CISSP exam.

Tips are never expected but always appreciated, and we sure hope you’ll appreciate these tips! This icon flags helpful suggestions and tidbits of useful information that may save you time and headaches.

This icon marks the stuff your mother warned you about. Well, okay, probably not, but you should take heed nonetheless. These helpful alerts point out confusing or difficult-to-understand terms and concepts.

You won’t find a map of the human genome or the secret to cold fusion in this book (or maybe you will), but if you’re an insufferable insomniac, take note. This icon explains the jargon beneath the jargon and is the stuff that legends — or at least nerds — are made of. So, if you’re seeking to attain the seventh level of nerd-vana, keep an eye out for these icons!

Beyond the Book

In addition to what you’re reading right now, this book comes with a free, access-anywhere Cheat Sheet that includes tips to help you prepare for the CISSP exam and your date with destiny (your exam day). To get this Cheat Sheet, simply go to www.dummies.com and type CISSP For Dummies Cheat Sheet in the Search box.

You also get access to hundreds of practice CISSP exam questions and dozens of flash cards. Use the exam questions to identify specific topics and domains that you may need to spend a little more time studying and to become familiar with the types of questions you’ll encounter on the CISSP exam (including multiple-choice, drag-and-drop, and hotspot). To gain access to the online practice material, all you have to do is register. Just follow these simple steps:

1. Register your book or e-book at Dummies.com to get your personal identification number (PIN).

   Go to www.dummies.com/go/getaccess.

2. Choose your product from the drop-down list on that page.
3. Follow the prompts to validate your product.

4. Check your email for a confirmation message that includes your...