
Eleventh Hour CISSP®
Study Guide
- 4th Edition - January 1, 2026
- Imprint: Syngress
- Authors: Eric Conrad, Seth Misenar, Joshua Feldman
- Language: English
- Paperback ISBN:9 7 8 - 0 - 4 4 3 - 1 8 6 8 8 - 2
- eBook ISBN:9 7 8 - 0 - 4 4 3 - 1 8 6 8 9 - 9
Eleventh Hour CISSP®: Study Guide, Fourth Edition provides a study guide keyed directly to the most current version of the CISSP exam. This streamlined book includes only core c… Read more
Purchase options

Eleventh Hour CISSP®: Study Guide, Fourth Edition provides a study guide keyed directly to the most current version of the CISSP exam. This streamlined book includes only core certification information, making it ideal for last-minute studying. The main objectives of the exam are covered concisely, with key concepts highlighted. The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. Over 100,000 professionals are certified worldwide with many more joining their ranks. All eight domains are covered completely and concisely, giving readers the best possible chance of acing the exam.
This new edition is aligned to cover all of the material in the most current version of the exam’s Common Body of Knowledge.
This new edition is aligned to cover all of the material in the most current version of the exam’s Common Body of Knowledge.
- Updated edition includes the most current version of the exam’s Common Body of Knowledge
- Provides the only guide readers need for last-minute studying
- Answers the toughest questions and highlights core topics
- Streamlined for maximum efficiency of study, making it perfect for professionals who are updating their certification or taking the test for the first time
Information Security Professionals, IT Professionals, Computer and Information Systems Managers, Systems Administrators, Application Developers, Network Administrators, Security Managers, Security Analysts, Directors of Security, Security Auditors, Security Engineers, Compliance Specialists
1. Introduction
2. How to take the CISSP Exam
3. Domain 1: Access Control
Confidentiality, integrity, and availability
Identity, authentication, authorization, and accountability
Categories and Controls
Types of authentication
Access control attacks
Access provisioning lifecycle
4. Domain 2: Telecommunications and Network Security
Network Security Concepts
The OSI and TCP/IP models
Network devices
End-point security
Network attacks, detection, and mitigation
Defense in depth
Protocols
Remote access
5. Domain 3: Information Security Governance and Risk Management
Policies, Procedures, Standards, Guidelines and Baselines
Defense-in-depth
Risk Management formulas
Quantitative and Qualitative Risk Analysis
Total cost of ownership and return on investment
Outsourcing and offshoring
Certification and accreditation
Control frameworks
Managing 3rd-party governance
6. Domain 4: Software Development Security
Software-based Controls
The Software Development Lifecycle
Object oriented systems
Artificial intelligence
7. Domain 5: Cryptography
Crypto history
Cryptography Concepts and Algorithms
Symmetric encryption, Asymmetric encryption, and hashes
Digital Signatures
Cryptanalysis
Steganography and watermarking
Non-repudiation
8. Domain 6: Security Architecture and Design
Security architecture principles
Trusted Computing Base
The security kernel and reference monitor
Secure hardware
Covert channels
XML, SAML and OWASP
9. Domain 7: Security Operations
Backups and Media
Change Control
Controls Categories
Object marking, handling, an storage
Separation of duties and rotation of duties
Operational attacks
Incident response
10. Domain 8: Business Continuity and Disaster Recovery Planning
The BCP process
Business Impact Analysis and Maximum Allowable Downtime
Hot, warm, and cold sites
BCP/DRP testing
Site restoration Activities
Databases and data warehousing
11. Domain 9: Legal, Regulations, Investigations, and Compliance
Professional Ethics
Major Legal Systems
Criminal, Civil, and Regulatory Law
Laws and Information Security
Forensic investigations
Cloud computing
12. Domain 10: Physical (Environmental) Security
Physical controls
Environmental controls
Perimeter security
Locks, alarms and cameras
Guards and dogs
Site Location
2. How to take the CISSP Exam
3. Domain 1: Access Control
Confidentiality, integrity, and availability
Identity, authentication, authorization, and accountability
Categories and Controls
Types of authentication
Access control attacks
Access provisioning lifecycle
4. Domain 2: Telecommunications and Network Security
Network Security Concepts
The OSI and TCP/IP models
Network devices
End-point security
Network attacks, detection, and mitigation
Defense in depth
Protocols
Remote access
5. Domain 3: Information Security Governance and Risk Management
Policies, Procedures, Standards, Guidelines and Baselines
Defense-in-depth
Risk Management formulas
Quantitative and Qualitative Risk Analysis
Total cost of ownership and return on investment
Outsourcing and offshoring
Certification and accreditation
Control frameworks
Managing 3rd-party governance
6. Domain 4: Software Development Security
Software-based Controls
The Software Development Lifecycle
Object oriented systems
Artificial intelligence
7. Domain 5: Cryptography
Crypto history
Cryptography Concepts and Algorithms
Symmetric encryption, Asymmetric encryption, and hashes
Digital Signatures
Cryptanalysis
Steganography and watermarking
Non-repudiation
8. Domain 6: Security Architecture and Design
Security architecture principles
Trusted Computing Base
The security kernel and reference monitor
Secure hardware
Covert channels
XML, SAML and OWASP
9. Domain 7: Security Operations
Backups and Media
Change Control
Controls Categories
Object marking, handling, an storage
Separation of duties and rotation of duties
Operational attacks
Incident response
10. Domain 8: Business Continuity and Disaster Recovery Planning
The BCP process
Business Impact Analysis and Maximum Allowable Downtime
Hot, warm, and cold sites
BCP/DRP testing
Site restoration Activities
Databases and data warehousing
11. Domain 9: Legal, Regulations, Investigations, and Compliance
Professional Ethics
Major Legal Systems
Criminal, Civil, and Regulatory Law
Laws and Information Security
Forensic investigations
Cloud computing
12. Domain 10: Physical (Environmental) Security
Physical controls
Environmental controls
Perimeter security
Locks, alarms and cameras
Guards and dogs
Site Location
- Edition: 4
- Published: January 1, 2026
- Imprint: Syngress
- Language: English
EC
Eric Conrad
Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GMON, GISP), is a SANS fellow and Chief Technology Officer of Backshore Communications, which provides threat hunting, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He is coauthor of MGT414: SANS Training Program for the CISSP Certification, SEC511: Continuous Monitoring and Security Operations, and SEC542: Web App Penetration Testing and Ethical Hacking. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering.
Affiliations and expertise
Fellow, SANS Institute, Bethesda, MD, USA; Chief Technology Officer, Backshore Communications LLC., Peaks Island, ME, USASM
Seth Misenar
Seth Misenar (CISSP®, GSE, GDSA, GDAT, GMON, GCDA, GCIH, GCIA, GCFA) is a Fellow with the SANS Institute and also serves as Principal Consultant for Jackson, Mississippi-based Context Security, LLC. His cyber security background includes research, host-based and network intrusion detection, architecture design, and general security consulting. Seth previously served as a physical and network security consultant for Fortune 100 companies and a state government agency’s HIPAA and information security officer. He has partnered with the SANS Institute for over 15 years, teaching and authoring courseware and facilitating instructor development. Seth is pursuing a Master of Science degree in Information Security Engineering from the SANS Technology Institute and holds a Bachelor of Science degree from Millsaps College.
Affiliations and expertise
Fellow, SANS Institute, Bethesda, MD, USA; Principal Consultant, Context Security, LLC., Jackson, MI, USAJF
Joshua Feldman
Joshua Feldman (CISSP) is Senior Vice President for Security Technology at the Radian Group – a real estate and mortgage insurance conglomerate. His mission is focused on protecting over 10M US consumer financial records. He is the executive responsible for all aspects of Radian’s technical security program. Previous security roles included work at Moody’s Credit Ratings, Corning Inc, and the US Department of Defense and Department of State.
In 2008, Joshua was Eric's student when studying for the CISSP exam and was so impressed with Eric’s mastery of the materials that he invited Eric to work with him at the DoD. Quickly after starting work, Eric invited Seth. That project ran successfully for over eight years – a testament to the value brought for US military cyber professionals.
Joshua got his start in the cyber security field when he left his public-school science teaching position in 1997 and began working for Network Flight Recorder (NFR, Inc.), a small Washington, DC based startup making the first generation of Network Intrusion Detection Systems. He has a Bachelor’s of Science from the University of Maryland and a Master’s in Cyber Operations from National Defense University. He currently resides in Philadelphia with his little dog, Jacky-boy.
Affiliations and expertise
Senior Vice President for Security Technology, Radian Group, Wayne, PA, USA