Australasia's Biggest Online Store

We won't be beaten by anyone. Guaranteed

Cissp for Dummies, 5th Edition


Product Description
Product Details

Table of Contents

Foreword xv Introduction 1 About This Book 2 How This Book Is Organized 2 Icons Used in This Book 3 Beyond the Book 4 Getting Started 4 Part I: Getting Started With CISSP Certification 5 Chapter 1: (ISC)2 and the CISSP Certification 7 About (ISC)2 and the CISSP Certification 7 You Must Be This Tall to Ride This Ride (and Other Requirements) 8 Preparing for the Exam 9 Studying on your own 10 Getting hands?on experience 11 Attending an (ISC)2 CISSP CBK Review or Live OnLine Seminar 11 Attending other training courses or study groups 12 Take the testing tutorial and practice exam 12 Are you ready for the exam? 13 Registering for the Exam 13 About the CISSP Examination 14 After the Examination 16 Chapter 2: Putting Your Certification to Good Use 19 Being an Active (ISC)2 Member 19 Considering (ISC)2 Volunteer Opportunities 20 Writing certification exam questions 20 Speaking at events 20 Read and contribute to (ISC)2 publications 21 Support the (ISC)2 Center for Cyber Safety and Education 21 Participating in (ISC)2 focus groups 22 Get involved with a CISSP study group 22 Help others learn more about data security 22 Becoming an Active Member of Your Local Security Chapter 23 Spreading the Good Word about CISSP Certification 24 Promoting other certifications 25 Wear the colors proudly 25 Lead by example 25 Using Your CISSP Certification to Be an Agent of Change 26 Earning Other Certifications 26 Other (ISC)2 certifications 27 CISSP concentrations 27 Non?(ISC)2 certifications 28 Choosing the right certifications 31 Pursue Security Excellence 32 Part II: Certification Domains 33 Chapter 3: Security and Risk Management 35 Understand and Apply Concepts of Confidentiality, Integrity, and Availability 35 Confidentiality 36 Integrity 37 Availability 37 Apply Security Governance Principles 37 Alignment of security function to business strategy, goals, mission and objectives 38 Organizational processes (security executive oversight) 39 Security roles and responsibilities 40 Control frameworks 41 Due care 43 Due diligence 44 Compliance 44 Legislative and regulatory compliance 44 Privacy requirements compliance 49 Understand Legal and Regulatory Issues that Pertain to Information Security in a Global Context 49 Computer crimes 50 Licensing and intellectual property 60 Import/export controls 63 Trans?border data flow 63 Privacy 63 Data breaches 69 Understand Professional Ethics 70 Exercise the (ISC)2 Code of Professional Ethics 71 Support your organization's code of ethics 72 Develop and Implement Documented Security Policies, Standards, Procedures, and Guidelines 73 Policies 74 Standards (and baselines) 75 Procedures 75 Guidelines 75 Understand Business Continuity Requirements 76 Develop and document project scope and plan 78 Conduct Business Impact Analysis 86 Developing the Business Continuity Plan 93 Implementing the BCP 96 Contribute to Personnel Security Policies 98 Employment candidate screening 98 Employment agreements and policies 100 Employment termination processes 101 Vendor, consultant and contractor controls 101 Compliance 102 Privacy 102 Understand and Apply Risk Management Concepts 102 Identify threats and vulnerabilities 103 Risk assessment/analysis (treatment) 103 Risk assignment/acceptance 108 Countermeasure selection 108 Implementation 110 Types of controls 110 Control assessment 112 Monitoring and measurement 114 Asset valuation 114 Reporting 115 Continuous improvement 115 Risk frameworks 116 Understand and Apply Threat Modeling 117 Identifying threats 117 Determining and diagramming potential attacks 118 Performing reduction analysis 119 Technologies and processes to remediate threats 119 Integrate Security Risk Considerations into Acquisition Strategy and Practice 120 Hardware, software, and services 121 Third?party assessment and monitoring 121 Minimum security requirements 121 Service?level requirements 122 Establish and Manage Information Security Education, Training, and Awareness 122 Appropriate levels of awareness, training and education required within organization 122 Periodic reviews for content relevancy 124 Chapter 4: Asset Security 125 Classify Information and Supporting Assets 125 Commercial data classification 126 Government data classification 126 Determine and Maintain Ownership 128 Protect Privacy 129 Ensure Appropriate Retention 131 Determine Data Security Controls 132 Baselines 133 Scoping and tailoring 134 Standards selection 134 Cryptography 135 Establish Handling Requirements 135 Chapter 5: Security Engineering 137 Implement and Manage Engineering Processes Using Secure Design Principles 137 Understand the Fundamental Concepts of Security Models 139 Confidentiality 139 Integrity 140 Availability 140 Access control models 141 Select Controls and Countermeasures based upon Systems Security Evaluation Models 144 Evaluation criteria 144 System certification and accreditation 149 Security controls and countermeasures 151 Understand Security Capabilities of Information Systems 154 Computer architecture 154 Trusted Computing Base (TCB) 161 Trusted Platform Module (TPM) 161 Secure modes of operation 162 Open and closed systems 163 Protection rings 163 Security modes 163 Recovery procedures 164 Vulnerabilities in security architectures 165 Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 166 Client?based 166 Server?based 167 Database security 167 Large?scale parallel data systems 168 Distributed systems 168 Cryptographic systems 169 Industrial control systems 170 Assess and Mitigate Vulnerabilities in Web?Based Systems 171 Assess and Mitigate Vulnerabilities in Mobile Systems 172 Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber?Physical Systems 173 Apply Cryptography 174 Cryptographic Life Cycle 176 Plaintext and ciphertext 177 Encryption and decryption 177 Cryptography alternatives 183 Not quite the metric system: Symmetric and asymmetric key systems 184 Message authentication 193 Public Key Infrastructure (PKI) 196 Key management functions 197 Key escrow and key recovery 198 Methods of attack 198 Apply Secure Principles to Site and Facility Design 201 Choosing a secure location 202 Designing a secure facility 203 Design and Implement Physical Security 205 Wiring closets, server rooms, media storage facilities, and evidence storage 206 Restricted and work area security 207 Utilities and HVAC considerations 207 Water issues 211 Fire prevention, detection and suppression 211 Chapter 6: Communication and Network Security 215 Apply Secure Design Principles to Network Architecture 215 OSI and TCP/IP models 219 Cryptography used to maintain communication security 251 Secure Network Components 251 Operation of hardware 252 Transmission media 252 Network access control devices 254 Endpoint security 262 Content distribution networks 264 Physical devices 265 Design and Establish Secure Communication Channels 265 Voice 266 Email 266 Web 270 Facsimile 271 Multimedia collaboration 272 Remote access 272 Data communications 277 Virtualized networks 277 Prevent or Mitigate Network Attacks 279 Bluejacking and bluesnarfing 279 Fraggle 279 Smurf 279 DNS Server Attacks 280 Man?in?the?Middle 280 ICMP flood 280 Session hijacking (spoofing) 280 Session hijacking (session token interception) 280 SYN flood 281 Teardrop 281 UDP flood 281 Chapter 7: Identity and Access Management 283 Control Physical and Logical Access to Assets 284 Information 284 Systems and devices 284 Facilities 285 Manage Identification and Authentication of People and Devices 285 Identity management implementation 286 Single/multi?factor authentication 295 Accountability 309 Session management 309 Registration and proofing of identity 310 Federated identity management 311 Credential management systems 312 Integrate Identity?as?a?Service 312 Integrate Third?Party Identity Services 314 Implement and Manage Authorization Mechanisms 314 Access control techniques 314 Prevent or Mitigate Access Control Attacks 318 Manage the Identity and Access Provisioning Lifecycle 320 Chapter 8: Security Assessment and Testing 323 Design and Validate Assessment and Test Strategies 323 Conduct Security Control Testing 324 Vulnerability assessment 324 Penetration testing 324 Log reviews 326 Synthetic transactions 328 Code review and testing 328 Misuse case testing 329 Test coverage analysis 329 Interface testing 329 Collect Security Process Data 330 Account management 330 Management review 331 Key performance and risk indicators 331 Backup verification data 331 Training and awareness 332 Disaster recovery and business continuity 332 Analyze and Report Test Outputs 332 Conduct or Facilitate Internal and Third Party Audits 332 Chapter 9: Security Operations 335 Understand and Support Investigations 335 Evidence collection and handling 335 Reporting and documenting 342 Investigative techniques 342 Digital forensics 344 Understand Requirements for Investigation Types 345 Conduct Logging and Monitoring Activities 346 Intrusion detection and prevention 347 Security information and event management 348 Continuous monitoring 348 Egress monitoring 349 Secure the Provisioning of Resources 349 Understand and Apply Foundational Security Operations Concepts 351 Need?to?know and least privilege 351 Separation of duties and responsibilities 352 Monitor special privileges 353 Job rotation 355 Information lifecycle 356 Service?level agreements 357 Employ Resource Protection Techniques 359 Media management 359 Hardware and software asset management 361 Conduct Incident Management 361 Operate and Maintain Preventative Measures 363 Implement and Support Patch and Vulnerability Management 364 Participate in and Understand Change Management Processes 365 Implement Recovery Strategies 366 Backup storage strategies 366 Recovery site strategies 366 Multiple processing sites 367 System resilience, high availability, and fault tolerance 367 Quality of Service (QoS) 367 Implement Disaster Recovery Processes 368 Response 372 Personnel 373 Communications 374 Assessment 375 Restoration 375 Training and awareness 376 Test Disaster Recovery Plans 376 Read?through 376 Walkthrough 377 Simulation 377 Parallel 378 Full interruption (or cutover) 379 Participate in Business Continuity Planning and Exercises 379 Implement and Manage Physical Security 380 Participate in Addressing Personnel Safety Concerns 380 Chapter 10: Software Development Security 381 Understand and Apply Security in the Software Development Lifecycle 381 Development methodologies 382 Maturity models 388 Operation and maintenance 389 Change management 390 Integrated product team 391 Enforce Security Controls in Development Environments 392 Security of the software environments 392 Configuration management as an aspect of secure coding 394 Security of code repositories 395 Security of application programming interfaces 395 Assess the Effectiveness of Software Security 396 Auditing and logging of changes 397 Risk analysis and mitigation 397 Acceptance testing 398 Assess Security Impact of Acquired Software 399 Part III: The Part of Tens 401 Chapter 11: Ten (Okay, Nine) Test-Planning Tips 403 Know Your Learning Style 403 Get a Networking Certification First 403 Register NOW! 404 Make a 60?Day Study Plan 404 Get Organized and READ! 405 Join a Study Group 405 Take Practice Exams 406 Take a CISSP Review Seminar 406 Take a Breather 406 Chapter 12: Ten Test?Day Tips 407 Get a Good Night's Rest 407 Dress Comfortably 407 Eat a Good Breakfast 407 Arrive Early 408 Bring a Photo ID 408 Bring Snacks and Drinks 408 Bring Prescription and Over?the?Counter Medications 408 Leave Your Electronic Devices Behind 409 Take Frequent Breaks 409 Guess as a Last Resort 409 Glossary 411 Index 455

About the Author

Lawrence C. Miller, CISSP, is a veteran systems administration and information security professional who has consulted for Coca-Cola and Goldman Sachs. Peter H. Gregory, CISSP, is a security, risk, and technology director and a widely published author.

Ask a Question About this Product More...
Write your question below:
Look for similar items by category
Home » Books » Computers » Security » Networking
How Fishpond Works
Fishpond works with suppliers all over the world to bring you a huge selection of products, really great prices, and delivery included on over 25 million products that we sell. We do our best every day to make Fishpond an awesome place for customers to shop and get what they want — all at the best prices online.
Webmasters, Bloggers & Website Owners
You can earn a 5% commission by selling Cissp for Dummies, 5th Edition on your website. It's easy to get started - we will give you example code. After you're set-up, your website can earn you money while you work, play or even sleep! You should start right now!
Authors / Publishers
Are you the Author or Publisher of a book? Or the manufacturer of one of the millions of products that we sell. You can improve sales and grow your revenue by submitting additional information on this title. The better the information we have about a product, the more we will sell!
Item ships from and is sold by, Inc.
Back to top