CISSP Study Guide
- 2nd Edition - August 29, 2012
- Latest edition
- Authors: Eric Conrad, Seth Misenar, Joshua Feldman
- Language: English
- Paperback ISBN:9 7 8 - 1 - 5 9 7 4 9 - 9 6 1 - 3
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 9 6 8 - 2
The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. The newest edition of this acclaimed study guide i… Read more
Purchase options
The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. The newest edition of this acclaimed study guide is aligned to cover all of the material included in the newest version of the exam’s Common Body of Knowledge. The ten domains are covered completely and as concisely as possible with an eye to acing the exam.
Each of the ten domains has its own chapter that includes specially designed pedagogy to aid the test-taker in passing the exam, including: Clearly stated exam objectives; Unique terms/Definitions; Exam Warnings; Learning by Example; Hands-On Exercises; Chapter ending questions. Furthermore, special features include: Two practice exams; Tiered chapter ending questions that allow for a gradual learning curve; and a self-test appendix
- Provides the most complete and effective study guide to prepare you for passing the CISSP exam—contains only what you need to pass the test, with no fluff!
- Eric Conrad has prepared hundreds of professionals for passing the CISSP exam through SANS, a popular and well-known organization for information security professionals
- Covers all of the new information in the Common Body of Knowledge updated in January 2012, and also provides two practice exams, tiered end-of-chapter questions for a gradual learning curve, and a complete self-test appendix
Computer and Information Systems Managers, Systems Administrators, Application Developers, Network Administrators, Security Managers, Security Analysts, Directors of Security, Security Auditors, Security Engineers, Compliance Specialists.
Acknowledgments
About the authors
Lead Author
Contributing Authors
About the Technical Editor
Chapter 1. Introduction
Exam objectives in this chapter
How to Prepare for the Exam
Taking the Exam
Good Luck!
REFERENCES
Chapter 2. Domain 1: Access Control
Exam objectives in this chapter
Unique Terms and Definitions
Introduction
Cornerstone Information Security Concepts
Access Control Models
Procedural Issues for Access Control
Access Control Defensive Categories and Types
Authentication Methods
Access Control Technologies
Types of Attackers
Assessing Access Control
Summary of Exam Objectives
Self Test
Self-test quick answer key
REFERENCES
Chapter 3. Domain 2: Telecommunications and Network Security
Exam objectives in this chapter
Unique Terms and Definitions
Introduction
Network Architecture and Design
Network Devices and Protocols
Secure Communications
Summary of Exam Objectives
Self Test
Self Test Quick Answer Key
REFERENCES
Chapter 4. Domain 3: Information Security Governance and Risk Management
Exam objectives in this chapter
Unique Terms and Definitions
Introduction
Risk Analysis
Information Security Governance
Summary of Exam Objectives
Self Test
Self Test Quick Answer Key
REFERENCES
Chapter 5. Domain 4: Software Development Security
Exam objectives in this chapter
Unique Terms and Definitions
Introduction
Programming Concepts
Application Development Methods
Object-Orientated Design and Programming
Software Vulnerabilities, Testing, and Assurance
Databases
Artificial Intelligence
Summary of Exam Objectives
Self Test
Self Test Quick Answer Key
REFERENCES
Chapter 6. Domain 5: Cryptography
Exam objectives in this chapter
Unique Terms and Definitions
Introduction
Cornerstone Cryptographic Concepts
History of Cryptography
Symmetric Encryption
Asymmetric Encryption
Hash Functions
Cryptographic Attacks
Implementing Cryptography
Summary of Exam Objectives
Self Test
Self Test Quick Answer Key
REFERENCES
Chapter 7. Domain 6: Security Architecture and Design
Exam objectives in this chapter
Unique Terms and Definitions
Introduction
Secure System Design Concepts
Secure Hardware Architecture
Secure Operating System and Software Architecture
Virtualization and Distributed Computing
System Vulnerabilities, Threats, and Countermeasures
Security Models
Evaluation Methods, Certification, and Accreditation
Summary of Exam Objectives
Self Test
Self Test Quick Answer Key
REFERENCES
Chapter 8. Domain 7: Operations Security
Exam objectives in this chapter
Unique Terms and Definitions
Introduction
Administrative Security
Sensitive Information and Media Security
Asset Management
Continuity of Operations
Incident Response Management
Summary of Exam Objectives
Self Test
Self Test Quick Answer Key
REFERENCES
Chapter 9. Domain 8: Business Continuity and Disaster Recovery Planning
Exam objectives in this chapter
Unique Terms and Definitions
Introduction
BCP and DRP Overview and Process
Developing a BCP/DRP
Backups and Availability
DRP Testing, Training, and Awareness
BCP/DRP Maintenance
Specific BCP/DRP Frameworks
Summary of Exam Objectives
Self Test
Self Test Quick Answer Key
REFERENCES
Chapter 10. Domain 9: Legal, Regulations, Investigations, and Compliance
Exam objectives in this chapter
Unique Terms and Definitions
Introduction
Major legal systems
Criminal, Civil, and Administrative Law
Information Security Aspects of Law
Forensics
Legal Aspects of Investigations
Important Laws and Regulations
Security and Third Parties
Ethics
Summary of Exam Objectives
Self Test
Self Test Quick Answer Key
REFERENCES
Chapter 11. Domain 10: Physical (Environmental) Security
Exam objectives in this chapter
Unique Terms and Definitions
Introduction
Perimeter Defenses
Site Selection, Design, and Configuration
System Defenses
Environmental Controls
Summary of Exam Objectives
Self Test
Self Test Quick Answer Key
REFERENCES
APPENDIX: Self Test
Chapter 2, Domain 1: Access Control
Chapter 3, Domain 2: Telecommunications and Network Security
Chapter 4, Domain 3: Information Security Governance and Risk Management
Chapter 5, Domain 4: Software Development Security
Chapter 6, Domain 5: Cryptography
Chapter 7, Domain 6: Security Architecture and Design
Chapter 8, Domain 7: Operations Security
Chapter 9, Domain 8: Business Continuity and Disaster Recovery Planning
Chapter 10, Domain 9: Legal, Regulations, Investigations, and Compliance
Chapter 11, Domain 10: Physical (Environmental) Security
Glossary
Index
- Edition: 2
- Latest edition
- Published: August 29, 2012
- Language: English
EC
Eric Conrad
Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GMON, GISP), is a SANS fellow and Chief Technology Officer of Backshore Communications, which provides threat hunting, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He is coauthor of MGT414: SANS Training Program for the CISSP Certification, SEC511: Continuous Monitoring and Security Operations, and SEC542: Web App Penetration Testing and Ethical Hacking. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering.
Affiliations and expertise
Fellow, SANS Institute, Bethesda, MD, USA; Chief Technology Officer, Backshore Communications LLC., Peaks Island, ME, USASM
Seth Misenar
Seth Misenar (CISSP®, GSE, GDSA, GDAT, GMON, GCDA, GCIH, GCIA, GCFA) is a Fellow with the SANS Institute and also serves as Principal Consultant for Jackson, Mississippi-based Context Security, LLC. His cyber security background includes research, host-based and network intrusion detection, architecture design, and general security consulting. Seth previously served as a physical and network security consultant for Fortune 100 companies and a state government agency’s HIPAA and information security officer. He has partnered with the SANS Institute for over 15 years, teaching and authoring courseware and facilitating instructor development. Seth is pursuing a Master of Science degree in Information Security Engineering from the SANS Technology Institute and holds a Bachelor of Science degree from Millsaps College.
Affiliations and expertise
Fellow, SANS Institute, Bethesda, MD, USA; Principal Consultant, Context Security, LLC., Jackson, MI, USAJF
Joshua Feldman
Joshua Feldman (CISSP) is Senior Vice President for Security Technology at the Radian Group – a real estate and mortgage insurance conglomerate. His mission is focused on protecting over 10M US consumer financial records. He is the executive responsible for all aspects of Radian’s technical security program. Previous security roles included work at Moody’s Credit Ratings, Corning Inc, and the US Department of Defense and Department of State.
In 2008, Joshua was Eric's student when studying for the CISSP exam and was so impressed with Eric’s mastery of the materials that he invited Eric to work with him at the DoD. Quickly after starting work, Eric invited Seth. That project ran successfully for over eight years – a testament to the value brought for US military cyber professionals.
Joshua got his start in the cyber security field when he left his public-school science teaching position in 1997 and began working for Network Flight Recorder (NFR, Inc.), a small Washington, DC based startup making the first generation of Network Intrusion Detection Systems. He has a Bachelor’s of Science from the University of Maryland and a Master’s in Cyber Operations from National Defense University. He currently resides in Philadelphia with his little dog, Jacky-boy.
Affiliations and expertise
Senior Vice President for Security Technology, Radian Group, Wayne, PA, USARead CISSP Study Guide on ScienceDirect