| Description |
1 online resource |
| Note |
Includes index. |
| Summary |
CISSP Study Guide - fully updated for the 2021 CISSP Body of Knowledge (ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions. The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully pass the CISSP exam. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs. Along with the book, you also get access to Sybex's superior online interactive learning environment that includes: Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam. More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam New for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare. Coverage of all of the exam topics in the book means you'll be ready for: Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management (IAM) Security Assessment and Testing Security Operations Software Development Security. |
| Contents |
Introduction xxxvii -- Assessment Test lix -- Chapter 1 Security Governance Through Principles and Policies 1 -- Security 101 3 -- Understand and Apply Security Concepts 4 -- Confidentiality 5 -- Integrity 6 -- Availability 7 -- DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7 -- Protection Mechanisms 11 -- Security Boundaries 13 -- Evaluate and Apply Security Governance Principles 14 -- Third-Party Governance 15 -- Documentation Review 15 -- Manage the Security Function 16 -- Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17 -- Organizational Processes 19 -- Organizational Roles and Responsibilities 21 -- Security Control Frameworks 22 -- Due Diligence and Due Care 23 -- Security Policy, Standards, Procedures, and Guidelines 23 -- Security Policies 24 -- Security Standards, Baselines, and Guidelines 24 -- Security Procedures 25 -- Threat Modeling 26 -- Identifying Threats 26 -- Determining and Diagramming Potential Attacks 28 -- Performing Reduction Analysis 28 -- Prioritization and Response 30 -- Supply Chain Risk Management 31 -- Summary 33 -- Exam Essentials 33 -- Written Lab 36 -- Review Questions 37 -- Chapter 2 Personnel Security and Risk Management Concepts 43 -- Personnel Security Policies and Procedures 45 -- Job Descriptions and Responsibilities 45 -- Candidate Screening and Hiring 46 -- Onboarding: Employment Agreements and Policies 47 -- Employee Oversight 48 -- Offboarding, Transfers, and Termination Processes 49 -- Vendor, Consultant, and Contractor Agreements and Controls 52 -- Compliance Policy Requirements 53 -- Privacy Policy Requirements 54 -- Understand and Apply Risk Management Concepts 55 -- Risk Terminology and Concepts 56 -- Asset Valuation 58 -- Identify Threats and Vulnerabilities 60 -- Risk Assessment/Analysis 60 -- Risk Responses 66 -- Cost vs. Benefit of Security Controls 69 -- Countermeasure Selection and Implementation 72 -- Applicable Types of Controls 74 -- Security Control Assessment 76 -- Monitoring and Measurement 76 -- Risk Reporting and Documentation 77 -- Continuous Improvement 77 -- Risk Frameworks 79 -- Social Engineering 81 -- Social Engineering Principles 83 -- Eliciting Information 85 -- Prepending 85 -- Phishing 85 -- Spear Phishing 87 -- Whaling 87 -- Smishing 88 -- Vishing 88 -- Spam 89 -- Shoulder Surfing 90 -- Invoice Scams 90 -- Hoax 90 -- Impersonation and Masquerading 91 -- Tailgating and Piggybacking 91 -- Dumpster Diving 92 -- Identity Fraud 93 -- Typo Squatting 94 -- Influence Campaigns 94 -- Establish and Maintain a Security Awareness, Education, and Training Program 96 -- Awareness 97 -- Training 97 -- Education 98 -- Improvements 98 -- Effectiveness Evaluation 99 -- Summary 100 -- Exam Essentials 101 -- Written Lab 106 -- Review Questions 107 -- Chapter 3 Business Continuity Planning 113 -- Planning for Business Continuity 114 -- Project Scope and Planning 115 -- Organizational Review 116 -- BCP Team Selection 117 -- Resource Requirements 119 -- Legal and Regulatory Requirements 120 -- Business Impact Analysis 121 -- Identifying Priorities 122 -- Risk Identification 123 -- Likelihood Assessment 125 -- Impact Analysis 126 -- Resource Prioritization 128 -- Continuity Planning 128 -- Strategy Development 129 -- Provisions and Processes 129 -- Plan Approval and Implementation 131 -- Plan Approval 131 -- Plan Implementation 132 -- Training and Education 132 -- BCP Documentation 132 -- Summary 136 -- Exam Essentials 137 -- Written Lab 138 -- Review Questions 139 -- Chapter 4 Laws, Regulations, and Compliance 143 -- Categories of Laws 144 -- Criminal Law 144 -- Civil Law 146 -- Administrative Law 146 -- Laws 147 -- Computer Crime 147 -- Intellectual Property (IP) 152 -- Licensing 158 -- Import/Export 158 -- Privacy 160 -- State Privacy Laws 168 -- Compliance 169 -- Contracting and Procurement 171 -- Summary 171 -- Exam Essentials 172 -- Written Lab 173 -- Review Questions 174 -- Chapter 5 Protecting Security of Assets 179 -- Identifying and Classifying Information and Assets 180 -- Defining Sensitive Data 180 -- Defining Data Classifications 182 -- Defining Asset Classifications 185 -- Understanding Data States 185 -- Determining Compliance Requirements 186 -- Determining Data Security Controls 186 -- Establishing Information and Asset Handling Requirements 188 -- Data Maintenance 189 -- Data Loss Prevention 189 -- Marking Sensitive Data and Assets 190 -- Handling Sensitive Information and Assets 192 -- Data Collection Limitation 192 -- Data Location 193 -- Storing Sensitive Data 193 -- Data Destruction 194 -- Ensuring Appropriate Data and Asset Retention 197 -- Data Protection Methods 199 -- Digital Rights Management 199 -- Cloud Access Security Broker 200 -- Pseudonymization 200 -- Tokenization 201 -- Anonymization 202 -- Understanding Data Roles 204 -- Data Owners 204 -- Asset Owners 205 -- Business/Mission Owners 206 -- Data Processors and Data Controllers 206 -- Data Custodians 207 -- Administrators 207 -- Users and Subjects 208 -- Using Security Baselines 208 -- Comparing Tailoring and Scoping 209 -- Standards Selection 210 -- Summary 211 -- Exam Essentials 211 -- Written Lab 213 -- Review Questions 214 -- Chapter 6 Cryptography and Symmetric Key Algorithms 219 -- Cryptographic Foundations 220 -- Goals of Cryptography 220 -- Cryptography Concepts 223 -- Cryptographic Mathematics 224 -- Ciphers 230 -- Modern Cryptography 238 -- Cryptographic Keys 238 -- Symmetric Key Algorithms 239 -- Asymmetric Key Algorithms 241 -- Hashing Algorithms 244 -- Symmetric Cryptography 244 -- Cryptographic Modes of Operation 245 -- Data Encryption Standard 247 -- Triple DES 247 -- International Data Encryption Algorithm 248 -- Blowfish 249 -- Skipjack 249 -- Rivest Ciphers 249 -- Advanced Encryption Standard 250 -- CAST 250 -- Comparison of Symmetric Encryption Algorithms 251 -- Symmetric Key Management 252 -- Cryptographic Lifecycle 255 -- Summary 255 -- Exam Essentials 256 -- Written Lab 257 -- Review Questions 258 -- Chapter 7 PKI and Cryptographic Applications 263 -- Asymmetric Cryptography 264 -- Public and Private Keys 264 -- RSA 265 -- ElGamal 267 -- Elliptic Curve 268 -- Diffie-Hellman Key Exchange 269 -- Quantum Cryptography 270 -- Hash Functions 271 -- SHA 272 -- MD5 273 -- RIPEMD 273 -- Comparison of Hash Algorithm Value Lengths 274 -- Digital Signatures 275 -- HMAC 276 -- Digital Signature Standard 277 -- Public Key Infrastructure 277 -- Certificates 278 -- Certificate Authorities 279 -- Certificate Lifecycle 280 -- Certificate Formats 283 -- Asymmetric Key Management 284 -- Hybrid Cryptography 285 -- Applied Cryptography 285 -- Portable Devices 285 -- Email 286 -- Web Applications 290 -- Steganography and Watermarking 292 -- Networking 294 -- Emerging Applications 295 -- Cryptographic Attacks 297 -- Summary 301 -- Exam Essentials 302 -- Written Lab 303 -- Review Questions 304 -- Chapter 8 Principles of Security Models, Design, and Capabilities 309 -- Secure Design Principles 310 -- Objects and Subjects 311 -- Closed and Open Systems 312 -- Secure Defaults 314 -- Fail Securely 314 -- Keep It Simple 316 -- Zero Trust 317 -- Privacy by Design 319 -- Trust but Verify 319 -- Techniques for Ensuring CIA 320 -- Confinement 320 -- Bounds 320 -- Isolation 321 -- Access Controls 321 -- Trust and Assurance 321 -- Understand the Fundamental Concepts of Security Models 322 -- Trusted Computing Base 323 -- State Machine Model 325 -- Information Flow Model 325 -- Noninterference Model 326 -- Take-Grant Model 326 -- Access Control Matrix 327 -- Bell-LaPadula Model 328 -- Biba Model 330 -- Clark-Wilson Model 333 -- Brewer and Nash Model 334 -- Goguen-Meseguer Model 335 -- Sutherland Model 335 -- Graham-Denning Model 335 -- Harrison-Ruzzo-Ullman Model 336 -- Select Controls Based on Systems Security Requirements 337 -- Common Criteria 337 -- Authorization to Operate 340 -- Understand Security Capabilities of Information Systems 341 -- Memory Protection 341 -- Virtualization 342 -- Trusted Platform Module 342 -- Interfaces 343 -- Fault Tolerance 343 -- Encryption/Decryption 343 -- Summary 343 -- Exam Essentials 344 -- Written Lab 347 -- Review Questions 348 -- Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 353 -- Shared Responsibility 354 -- Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 355 -- Hardware 356 -- Firmware 370 -- Client-Based Systems 372 -- Mobile Code 372 -- |
|
Local Caches 375 -- Server-Based Systems 375 -- Large-Scale Parallel Data Systems 376 -- Grid Computing 377 -- Peer to Peer 378 -- Industrial Control Systems 378 -- Distributed Systems 380 -- High-Performance Computing (HPC) Systems 382 -- Internet of Things 383 -- Edge and Fog Computing 385 -- Embedded Devices and Cyber-Physical Systems 386 -- Static Systems 387 -- Network-Enabled Devices 388 -- Cyber-Physical Systems 389 -- Elements Related to Embedded and Static Systems 389 -- Security Concerns of Embedded and Static Systems 390 -- Specialized Devices 393 -- Microservices 394 -- Infrastructure as Code 395 -- Virtualized Systems 397 -- Virtual Software 399 -- Virtualized Networking 400 -- Software-Defined Everything 400 -- Virtualization Security Management 403 -- Containerization 405 -- Serverless Architecture 406 -- Mobile Devices 406 -- Mobile Device Security Features 408 -- Mobile Device Deployment Policies 420 -- Essential Security Protection Mechanisms 426 -- Process Isolation 426 -- Hardware Segmentation 427 -- System Security Policy 427 -- Common Security Architecture Flaws and Issues 428 -- Covert Channels 428 -- Attacks Based on Design or Coding Flaws 430 -- Rootkits 431 -- Incremental Attacks 431 -- Summary 432 -- Exam Essentials 433 -- Written Lab 440 -- Review Questions 441 - ... |
| Subject |
Computer security -- Examinations -- Study guides.
|
|
Computer networks -- Security measures -- Examinations -- Study guides.
|
|
Electronic data processing personnel -- Certification.
|
|
Telecommunications engineers -- Certification.
|
|
Sécurité informatique -- Examens -- Guides de l'étudiant. |
|
Réseaux d'ordinateurs -- Sécurité -- Mesures -- Examens -- Guides de l'étudiant. |
|
Computer networks -- Security measures -- Examinations |
|
Computer security -- Examinations |
|
Electronic data processing personnel -- Certification |
|
Telecommunications engineers -- Certification |
| Genre |
examination study guides.
|
|
Study guides
|
|
Study guides.
|
|
Guides de l'étudiant.
|
| Added Author |
Stewart, James Michael, author.
|
|
Gibson, Darril, author.
|
| Added Title |
CISSP certified information systems security professional official study guide |
| ISBN |
9781119786245 (electronic bk.) |
|
111978624X (electronic bk.) |
|
9781119786337 (electronic bk.) |
|
1119786339 (electronic bk.) |
|
9781394177530 (electronic bk.) |
|
1394177534 (electronic bk.) |
| Standard No. |
10.1002/9781394177530 doi |
|
More Resources