The CISSP Study Guide is aligned to cover all of the material included in the exam, complete with special attention to recent updates. The ,10 domains are covered completely and as concisely as possible with an eye to passing the exam thr first time. Each of the 10 domains has its own chapter that includes specially-designed pedagogy to aid you in passing the exam.
- Clearly Stated Exam Objectives
- Unique Terms / Definitions
- Exam Warnings
- Helpful Notes
- Learning By Example
- Stepped Chapter Ending Questions
- Self Test Appendix
- Detailed Glossary
- Web Site (http://booksite.syngress.com/companion/conrad) Contains Two Practice Exams and Ten Podcasts-One for Each Domain
,
CISSP Study Guide serves as a review for those who want to take the Certified Information Systems Security Professional (CISSP) exam and obtain CISSP certification. The exam is designed to ensure that someone who is handling computer security in a company has a standardized body of knowledge. The book is composed of 10 domains of the Common Body of Knowledge. In each section, it defines each domain. It also provides tips on how to prepare for the exam and take the exam. It also contains CISSP practice quizzes to test ones knowledge. The first domain provides information about risk analysis and mitigation. It also discusses security governance. The second domain discusses different techniques for access control, which is the basis for all the security disciplines. The third domain explains the concepts behind cryptography, which is a secure way of communicating that is understood only by certain recipients. Domain 5 discusses security system design, which is fundamental for operating the system and software security components. Domain 6 is a critical domain in the Common Body of Knowledge, the Business Continuity Planning, and Disaster Recovery Planning. It is the final control against extreme events such as injury, loss of life, or failure of an organization. Domains 7, 8, and 9 discuss telecommunications and network security, application development security, and the operations domain, respectively. Domain 10 focuses on the major legal systems that provide a framework in determining the laws about information system. Clearly Stated Exam Objectives Unique Terms / Definitions Exam Warnings Helpful Notes Learning By Example Stepped Chapter Ending Questions Self Test Appendix Detailed Glossary Web Site (http://booksite.syngress.com/companion/conrad) Contains Two Practice Exams and Ten Podcasts-One for Each Domain
Front Cover 1
CISSP® Study Guide 4
Copyright Page 5
Contents 6
Acknowledgments 18
About the authors 20
Lead Author 20
Contributing Authors 20
About the Technical Editor 21
Chapter 1: Introduction 22
How to prepare for the exam 23
How to take the exam 24
Good Luck! 27
Reference 27
Chapter 2: Domain 1: Informationsecurity governance andrisk management 28
Unique terms and definitions 28
Introduction 28
Cornerstone information security concepts 29
Risk analysis 34
Information security governance 43
Ethics 52
Summary of exam objectives 53
Self test 53
Self test quick answer key 55
References 56
Chapter 3: Domain 2: Access control 58
Unique terms and definitions 58
Introduction 58
Cornerstone access control concepts 59
Access control models 62
Procedural issues for access control 68
Access control defensive categories and types 71
Authentication methods 74
Access control technologies 88
Types of attackers 94
Assessing access control 100
Summary of exam objectives 106
Self test 106
Self test quick answer key 109
References 109
Chapter 4: Domain 3: Cryptography 112
Unique Terms and Definitions 112
Introduction 112
Cornerstone Cryptographic Concepts 112
History of Cryptography 116
Symmetric Encryption 126
Asymmetric Encryption 134
Hash Functions 137
Cryptographic Attacks 138
Implementing Cryptography 141
Summary of Exam Objectives 148
Self Test 148
Self Test Quick Answer Key 150
References 150
Chapter 5: Domain 4: Physical(Environmental) security 152
Unique terms and definitions 152
Introduction 152
Perimeter defenses 153
Site selection, design, and configuration 165
System defenses 167
Environmental controls 170
Summary of exam objectives 181
Self test 181
Self test quick answer key 184
References 184
Chapter 6: Domain 5: Security architecture and design 186
Unique Terms and Definitions 186
Introduction 186
Secure System Design Concepts 187
Secure Hardware Architecture 189
Secure Operating System and Software Architecture 198
System Vulnerabilities, Threats, and Countermeasures 204
Security Models 214
Evaluation Methods, Certification, and Accreditation 223
Summary of Exam Objectives 227
Self Test 228
Self Test Quick Answer Key 230
References 230
Chapter 7: Domain 6: Businesscontinuity and disasterrecovery planning 232
Unique terms and definitions 232
Introduction 232
BCP and DRP overview and process 233
Developing a BCP/DRP 244
Backups and availability 262
DRP testing, training, and awareness 266
Continued BCP/DRP maintenance 269
Specific BCP/DRP frameworks 270
Summary of exam objectives 272
Self test 272
Self test quick answer key 274
References 275
Chapter 8: Domain 7: Telecommunications and network security 276
Unique terms and definitions 276
Introduction 276
Network architecture and design 277
Network devices and protocols 312
Secure communications 333
Summary of exam objectives 345
Self test 346
Self test quick answer key 348
References 348
Chapter 9: Domain 8: Application development security 350
Unique Terms and Definitions 350
Introduction 350
Programming Concepts 351
Application Development Methods 356
Object-oriented Design and Programming 367
Software Vulnerabilities, Testing, and Assurance 372
Databases 377
Artificial Intelligence 383
Summary of Exam Objectives 386
Self Test 387
Self Test Quick Answer Key 389
References 389
Chapter 10: Domain 9: Operations security 392
Unique Terms and Definitions 392
Introduction 392
Administrative Security 393
Sensitive Information/Media Security 397
Asset Management 399
Continuity of Operations 404
Incident Response Management 411
Summary of Exam Objectives 419
Self Test 421
Self Test Quick Answer Key 424
References 424
Chapter 11: Domain 10: Legal, regulations, investigations, and compliance 426
Unique terms and definitions 426
Introduction 427
Major legal systems 427
Criminal, civil, and administrative law 428
Information security aspects of law 430
Legal aspects of investigations 441
Important laws and regulations 450
Ethics 454
Summary of exam objectives 456
Self test 457
Self test quick answer key 459
References 460
Appendix: Self test 462
Chapter 2 Domain 1: Information Securitygovernance and Risk Management 462
Chapter 3 Domain 2: Access Control 466
Chapter 4 Domain 3: Cryptography 471
Chapter 5 Domain 4: Physical (Environmental)Security 475
Chapter 6 Domain 5: Security Architecture Anddesign 480
Chapter 7 Domain 6: Business Continuity Anddisaster Recovery Planning 484
Chapter 8 Domain 7: Telecommunications Andnetwork Security 490
Chapter 9 Domain 8: Application Developmentsecurity 494
Chapter 10 Domain 9: Operations Security 499
Chapter 11 Domain 10: Legal, Regulations,Investigations, and Compliance 504
Glossary 510
Index 546
Add Page 590
| Erscheint lt. Verlag | 16.9.2010 |
|---|---|
| Sprache | englisch |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Informatik ► Weitere Themen ► Zertifizierung | |
| Wirtschaft ► Betriebswirtschaft / Management ► Unternehmensführung / Management | |
| ISBN-10 | 1-59749-564-6 / 1597495646 |
| ISBN-13 | 978-1-59749-564-6 / 9781597495646 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 14,0 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
EPUB (Adobe DRM)Größe: 5,2 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
