CISSP® Study Guide
- 4th Edition - January 25, 2023
- Authors: Joshua Feldman, Seth Misenar, Eric Conrad
- Language: English
- Paperback ISBN:9 7 8 - 0 - 4 4 3 - 1 8 7 3 4 - 6
- eBook ISBN:9 7 8 - 0 - 4 4 3 - 1 8 7 3 5 - 3
CISSP® Study Guide, Fourth Edition provides the latest updates on CISSP® certification, the most prestigious, globally-recognized, vendor neutral exam for information security… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteCISSP® Study Guide, Fourth Edition provides the latest updates on CISSP® certification, the most prestigious, globally-recognized, vendor neutral exam for information security professionals. In this new edition, readers will learn about what's included in the newest version of the exam’s Common Body of Knowledge. The eight domains are covered completely and as concisely as possible. Each domain has its own chapter, including specially designed pedagogy to help readers pass the exam. Clearly stated exam objectives, unique terms/definitions, exam warnings, learning by example, hands-on exercises, and chapter ending questions help readers fully comprehend the material.
- Provides the most complete and effective study guide to prepare you for passing the CISSP® exam--contains only what you need to pass the test, with no fluff!
- Eric Conrad has prepared hundreds of professionals for passing the CISSP® exam through SANS, a popular and well-known organization for information security professionals
- Covers all of the new information in the Common Body of Knowledge updated in May 2021, and also provides tiered end-of-chapter questions for a gradual learning curve, and a complete self-test appendix
Information Security Professionals, IT Professionals, Computer and Information Systems Managers, Systems Administrators, Application Developers, Network Administrators, Security Managers, Security Analysts, Directors of Security, Security Auditors, Security Engineers, Compliance Specialists
- Cover image
- Title page
- Table of Contents
- Copyright
- About the authors
- Chapter 1: Introduction
- Abstract
- How to Prepare for the Exam
- How to Take the Exam
- Good Luck!
- References
- Chapter 2: Domain 1: Security and Risk Management
- Abstract
- Unique Terms and Definitions
- Introduction
- Cornerstone Information Security Concepts
- Legal and Regulatory Issues
- Ethics
- Information Security Governance
- Access Control Defensive Categories and Types
- Risk Analysis
- Security and Third Parties
- Types of Attackers
- Summary of Exam Objectives
- Self-Test
- Self-Test Quick Answer Key
- References
- Chapter 3: Domain 2: Asset Security
- Abstract
- Unique Terms and Definitions
- Introduction
- Classifying Data
- Ownership and Inventory
- Memory and Remanence
- Data Destruction
- Determining Data Security Controls
- Summary of Exam Objectives
- Self-Test
- Self-Test Quick Answer Key
- References
- Chapter 4: Domain 3: Security Architecture and Engineering
- Abstract
- Unique Terms and Definitions
- Introduction
- Secure Design Principles
- Security Models
- Evaluation Methods, Certification, and Accreditation
- Secure System Design Concepts
- Secure Hardware Architecture
- Secure Operating System and Software Architecture
- Virtualization, Cloud, and Distributed Computing
- System Vulnerabilities, Threats, and Countermeasures
- Cornerstone Cryptographic Concepts
- Types of Cryptography
- Cryptographic Attacks
- Implementing Cryptography
- Perimeter Defenses
- Site Selection, Design, and Configuration
- System Defenses
- Environmental Controls
- Summary of Exam Objectives
- Self-Test
- Self-Test Quick Answer Key
- References
- Chapter 5: Domain 4: Communication and Network Security
- Abstract
- Unique Terms and Definitions
- Introduction
- Network Architecture and Design
- Secure Network Devices and Protocols
- Secure Communications
- Summary of Exam Objectives
- Self-Test
- Self-Test Quick Answer Key
- References
- Chapter 6: Domain 5: Identity and Access Management (IAM)
- Abstract
- Unique Terms and Definitions
- Introduction
- Authentication Methods
- Access Control Technologies
- Access Control Models
- Identity and Access Provisioning Lifecycle
- Summary of Exam Objectives
- Self-Test
- Self-Test Quick Answer Key
- References
- Chapter 7: Domain 6: Security Assessment and Testing
- Abstract
- Unique Terms and Definitions
- Introduction
- Security Control Testing
- Collecting Security Process Data
- Summary of Exam Objectives
- Self-Test
- Self-Test Quick Answer Key
- References
- Chapter 8: Domain 7: Security Operations
- Abstract
- Unique Terms and Definitions
- Introduction
- Administrative Security
- Forensics
- Incident Management
- Operational Preventive and Detective Controls
- Asset Management
- Continuity of Operations
- BCP and DRP Overview and Process
- Developing a BCP/DRP
- Backups and Availability
- DRP Testing, Training, and Awareness
- Continued BCP/DRP Maintenance
- Specific BCP/DRP Frameworks
- Summary of Exam Objectives
- Self-Test
- Self-Test Quick Answer Key
- References
- Chapter 9: Domain 8: Software Development Security
- Abstract
- Unique Terms and Definitions
- Introduction
- Programming Concepts
- Application Development Methods
- Databases
- Object-Oriented Design and Programming
- Assessing the Effectiveness of Software Security
- Artificial Intelligence
- Summary of Exam Objectives
- Self-Test
- Self-Test Quick Answer Key
- References
- Appendix: Self-Test
- Chapter 2: Domain 1: Security and Risk Management
- Chapter 3: Domain 2: Asset Security
- Chapter 4: Domain 3: Security Architecture and Engineering
- Chapter 5: Domain 4: Communication and Network Security
- Chapter 6: Domain 5: Identity and Access Management
- Chapter 7: Domain 6: Security Assessment and Testing
- Chapter 8: Domain 7: Security Operations
- Chapter 9: Domain 8: Software Development Security
- Glossary
- Index
- No. of pages: 640
- Language: English
- Edition: 4
- Published: January 25, 2023
- Imprint: Syngress
- Paperback ISBN: 9780443187346
- eBook ISBN: 9780443187353
JF
Joshua Feldman
Joshua Feldman (CISSP) is Senior Vice President for Security Technology at the Radian Group – a real estate and mortgage insurance conglomerate. His mission is focused on protecting over 10M US consumer financial records. He is the executive responsible for all aspects of Radian’s technical security program. Previous security roles included work at Moody’s Credit Ratings, Corning Inc, and the US Department of Defense and Department of State.
In 2008, Joshua was Eric's student when studying for the CISSP exam and was so impressed with Eric’s mastery of the materials that he invited Eric to work with him at the DoD. Quickly after starting work, Eric invited Seth. That project ran successfully for over eight years – a testament to the value brought for US military cyber professionals.
Joshua got his start in the cyber security field when he left his public-school science teaching position in 1997 and began working for Network Flight Recorder (NFR, Inc.), a small Washington, DC based startup making the first generation of Network Intrusion Detection Systems. He has a Bachelor’s of Science from the University of Maryland and a Master’s in Cyber Operations from National Defense University. He currently resides in Philadelphia with his little dog, Jacky-boy.
Affiliations and expertise
Senior Vice President for Security Technology, Radian Group, Wayne, PA, USASM
Seth Misenar
Seth Misenar (CISSP®, GSE, GDSA, GDAT, GMON, GCDA, GCIH, GCIA, GCFA) is a Fellow with the SANS Institute and also serves as Principal Consultant for Jackson, Mississippi-based Context Security, LLC. His cyber security background includes research, host-based and network intrusion detection, architecture design, and general security consulting. Seth previously served as a physical and network security consultant for Fortune 100 companies and a state government agency’s HIPAA and information security officer. He has partnered with the SANS Institute for over 15 years, teaching and authoring courseware and facilitating instructor development. Seth is pursuing a Master of Science degree in Information Security Engineering from the SANS Technology Institute and holds a Bachelor of Science degree from Millsaps College.
Affiliations and expertise
Fellow, SANS Institute, Bethesda, MD, USA; Principal Consultant, Context Security, LLC., Jackson, MI, USAEC
Eric Conrad
Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GMON, GISP), is a SANS fellow and Chief Technology Officer of Backshore Communications, which provides threat hunting, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He is coauthor of MGT414: SANS Training Program for the CISSP Certification, SEC511: Continuous Monitoring and Security Operations, and SEC542: Web App Penetration Testing and Ethical Hacking. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering.
Affiliations and expertise
Fellow, SANS Institute, Bethesda, MD, USA; Chief Technology Officer, Backshore Communications LLC., Peaks Island, ME, USARead CISSP® Study Guide on ScienceDirect