Skip to main content
Elsevier

CISSP Study Guide

  • 2nd Edition - August 29, 2012
  • Latest edition
  • Authors: Eric Conrad, Seth Misenar, Joshua Feldman
  • Language: English

The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. The newest edition of this acclaimed study guide i… Read more

Purchase options

Sorry, this title is not available for purchase in your country/region.

Data Mining & ML

Unlock the cutting edge

Up to 20% on trusted resources. Build expertise with data mining, ML methods.

Explore now

Description

The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. The newest edition of this acclaimed study guide is aligned to cover all of the material included in the newest version of the exam’s Common Body of Knowledge. The ten domains are covered completely and as concisely as possible with an eye to acing the exam.

Each of the ten domains has its own chapter that includes specially designed pedagogy to aid the test-taker in passing the exam, including: Clearly stated exam objectives; Unique terms/Definitions; Exam Warnings; Learning by Example; Hands-On Exercises; Chapter ending questions. Furthermore, special features include: Two practice exams; Tiered chapter ending questions that allow for a gradual learning curve; and a self-test appendix

Key features

  • Provides the most complete and effective study guide to prepare you for passing the CISSP exam—contains only what you need to pass the test, with no fluff!
  • Eric Conrad has prepared hundreds of professionals for passing the CISSP exam through SANS, a popular and well-known organization for information security professionals
  • Covers all of the new information in the Common Body of Knowledge updated in January 2012, and also provides two practice exams, tiered end-of-chapter questions for a gradual learning curve, and a complete self-test appendix

Readership

Computer and Information Systems Managers, Systems Administrators, Application Developers, Network Administrators, Security Managers, Security Analysts, Directors of Security, Security Auditors, Security Engineers, Compliance Specialists.

Table of contents

Acknowledgments

About the authors

Lead Author

Contributing Authors

About the Technical Editor

Chapter 1. Introduction

Exam objectives in this chapter

How to Prepare for the Exam

Taking the Exam

Good Luck!

REFERENCES

Chapter 2. Domain 1: Access Control

Exam objectives in this chapter

Unique Terms and Definitions

Introduction

Cornerstone Information Security Concepts

Access Control Models

Procedural Issues for Access Control

Access Control Defensive Categories and Types

Authentication Methods

Access Control Technologies

Types of Attackers

Assessing Access Control

Summary of Exam Objectives

Self Test

Self-test quick answer key

REFERENCES

Chapter 3. Domain 2: Telecommunications and Network Security

Exam objectives in this chapter

Unique Terms and Definitions

Introduction

Network Architecture and Design

Network Devices and Protocols

Secure Communications

Summary of Exam Objectives

Self Test

Self Test Quick Answer Key

REFERENCES

Chapter 4. Domain 3: Information Security Governance and Risk Management

Exam objectives in this chapter

Unique Terms and Definitions

Introduction

Risk Analysis

Information Security Governance

Summary of Exam Objectives

Self Test

Self Test Quick Answer Key

REFERENCES

Chapter 5. Domain 4: Software Development Security

Exam objectives in this chapter

Unique Terms and Definitions

Introduction

Programming Concepts

Application Development Methods

Object-Orientated Design and Programming

Software Vulnerabilities, Testing, and Assurance

Databases

Artificial Intelligence

Summary of Exam Objectives

Self Test

Self Test Quick Answer Key

REFERENCES

Chapter 6. Domain 5: Cryptography

Exam objectives in this chapter

Unique Terms and Definitions

Introduction

Cornerstone Cryptographic Concepts

History of Cryptography

Symmetric Encryption

Asymmetric Encryption

Hash Functions

Cryptographic Attacks

Implementing Cryptography

Summary of Exam Objectives

Self Test

Self Test Quick Answer Key

REFERENCES

Chapter 7. Domain 6: Security Architecture and Design

Exam objectives in this chapter

Unique Terms and Definitions

Introduction

Secure System Design Concepts

Secure Hardware Architecture

Secure Operating System and Software Architecture

Virtualization and Distributed Computing

System Vulnerabilities, Threats, and Countermeasures

Security Models

Evaluation Methods, Certification, and Accreditation

Summary of Exam Objectives

Self Test

Self Test Quick Answer Key

REFERENCES

Chapter 8. Domain 7: Operations Security

Exam objectives in this chapter

Unique Terms and Definitions

Introduction

Administrative Security

Sensitive Information and Media Security

Asset Management

Continuity of Operations

Incident Response Management

Summary of Exam Objectives

Self Test

Self Test Quick Answer Key

REFERENCES

Chapter 9. Domain 8: Business Continuity and Disaster Recovery Planning

Exam objectives in this chapter

Unique Terms and Definitions

Introduction

BCP and DRP Overview and Process

Developing a BCP/DRP

Backups and Availability

DRP Testing, Training, and Awareness

BCP/DRP Maintenance

Specific BCP/DRP Frameworks

Summary of Exam Objectives

Self Test

Self Test Quick Answer Key

REFERENCES

Chapter 10. Domain 9: Legal, Regulations, Investigations, and Compliance

Exam objectives in this chapter

Unique Terms and Definitions

Introduction

Major legal systems

Criminal, Civil, and Administrative Law

Information Security Aspects of Law

Forensics

Legal Aspects of Investigations

Important Laws and Regulations

Security and Third Parties

Ethics

Summary of Exam Objectives

Self Test

Self Test Quick Answer Key

REFERENCES

Chapter 11. Domain 10: Physical (Environmental) Security

Exam objectives in this chapter

Unique Terms and Definitions

Introduction

Perimeter Defenses

Site Selection, Design, and Configuration

System Defenses

Environmental Controls

Summary of Exam Objectives

Self Test

Self Test Quick Answer Key

REFERENCES

APPENDIX: Self Test

Chapter 2, Domain 1: Access Control

Chapter 3, Domain 2: Telecommunications and Network Security

Chapter 4, Domain 3: Information Security Governance and Risk Management

Chapter 5, Domain 4: Software Development Security

Chapter 6, Domain 5: Cryptography

Chapter 7, Domain 6: Security Architecture and Design

Chapter 8, Domain 7: Operations Security

Chapter 9, Domain 8: Business Continuity and Disaster Recovery Planning

Chapter 10, Domain 9: Legal, Regulations, Investigations, and Compliance

Chapter 11, Domain 10: Physical (Environmental) Security

Glossary

Index

Review quotes

"Gives you everything you need and nothing you don't. One of the temptations you face as an author of a certification prep book or course is to include information that you feel is important, but not related to preparation for the certification. Eric Conrad has shown incredible discipline in keeping this book focused on preparing you to take the CISSP."—Stephen Northcutt, President, The SANS Technology Institute 

Product details

  • Edition: 2
  • Latest edition
  • Published: August 29, 2012
  • Language: English

About the authors

EC

Eric Conrad

Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GMON, GISP), is a SANS fellow and Chief Technology Officer of Backshore Communications, which provides threat hunting, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He is coauthor of MGT414: SANS Training Program for the CISSP Certification, SEC511: Continuous Monitoring and Security Operations, and SEC542: Web App Penetration Testing and Ethical Hacking. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering.
Affiliations and expertise
Fellow, SANS Institute, Bethesda, MD, USA; Chief Technology Officer, Backshore Communications LLC., Peaks Island, ME, USA

SM

Seth Misenar

Seth Misenar (CISSP®, GSE, GDSA, GDAT, GMON, GCDA, GCIH, GCIA, GCFA) is a Fellow with the SANS Institute and also serves as Principal Consultant for Jackson, Mississippi-based Context Security, LLC. His cyber security background includes research, host-based and network intrusion detection, architecture design, and general security consulting. Seth previously served as a physical and network security consultant for Fortune 100 companies and a state government agency’s HIPAA and information security officer. He has partnered with the SANS Institute for over 15 years, teaching and authoring courseware and facilitating instructor development. Seth is pursuing a Master of Science degree in Information Security Engineering from the SANS Technology Institute and holds a Bachelor of Science degree from Millsaps College.
Affiliations and expertise
Fellow, SANS Institute, Bethesda, MD, USA; Principal Consultant, Context Security, LLC., Jackson, MI, USA

JF

Joshua Feldman

Joshua Feldman (CISSP) is Senior Vice President for Security Technology at the Radian Group – a real estate and mortgage insurance conglomerate. His mission is focused on protecting over 10M US consumer financial records. He is the executive responsible for all aspects of Radian’s technical security program. Previous security roles included work at Moody’s Credit Ratings, Corning Inc, and the US Department of Defense and Department of State. In 2008, Joshua was Eric's student when studying for the CISSP exam and was so impressed with Eric’s mastery of the materials that he invited Eric to work with him at the DoD. Quickly after starting work, Eric invited Seth. That project ran successfully for over eight years – a testament to the value brought for US military cyber professionals. Joshua got his start in the cyber security field when he left his public-school science teaching position in 1997 and began working for Network Flight Recorder (NFR, Inc.), a small Washington, DC based startup making the first generation of Network Intrusion Detection Systems. He has a Bachelor’s of Science from the University of Maryland and a Master’s in Cyber Operations from National Defense University. He currently resides in Philadelphia with his little dog, Jacky-boy.
Affiliations and expertise
Senior Vice President for Security Technology, Radian Group, Wayne, PA, USA

View book on ScienceDirect

Read CISSP Study Guide on ScienceDirect