The CISSP Prep Guide
Gold Edition
1st Edition
Published on 31. October 2002
Book
Hardback
XXVIII, 948 pages
978-0-471-26802-4 (ISBN)
Description
More and more frequently, corporations are requiring that their employees provide professional certifications to prove that that they possess the core competencies to do their technical jobs. The Certified Information Systems Security Professional (CISSP) is the industry standard test for IT security professionals administered by ISC2.
More details
Edition
1., Auflage
Language
English
Place of publication
New York
United States
Publishing group
John Wiley and Sons Ltd
Target group
College/higher education
Professional and scholarly
Edition type
New edition
Illustrations
Illustrations
Dimensions
Height: 24.2 cm
Width: 19.6 cm
Weight
1908 gr
ISBN-13
978-0-471-26802-4 (9780471268024)
Schweitzer Classification
Other editions
New editions
Book
04/2004
2nd Edition
Hungry Minds Inc,U.S.
€62.90
Article exhausted; check for reprint
Previous edition
Ronald L. Krutz | Russell D. Vines
The CISSP Prep Guide
Mastering the Ten Domains of Computer Security
Book
09/2001
Wiley
€77.90
Article exhausted; check for reprint
Persons
RONALD L. KRUTZ is the Senior Information Security Consultant for Corbett Technologies, specializing in information assurance appraisal methodologies. He is a lead instructor for the CISSP CBK review seminars and former faculty R&D Director at Carnegie Mellon University Research Institute. He holds a PhD in computer engineering, is a registered professional engineer, and is a CISSP. He is the author of four previous Wiley books, including The CISSP Prep Guide.
RUSSELL DEAN VINES is President of The RDV Group, a New York-based security services firm. Previously, he was consulting manager, Security Services, Realtech Systems. Vines has been involved in computer security for fifteen years and has helped create the security design and architecture for Fortune 1000 companies worldwide, and consults regularly for the U.S. Government and the Department of Defense. He is a certified CISSP and CCNA, MCSE, MCNE, and NSA/IAM professional.
RUSSELL DEAN VINES is President of The RDV Group, a New York-based security services firm. Previously, he was consulting manager, Security Services, Realtech Systems. Vines has been involved in computer security for fifteen years and has helped create the security design and architecture for Fortune 1000 companies worldwide, and consults regularly for the U.S. Government and the Department of Defense. He is a certified CISSP and CCNA, MCSE, MCNE, and NSA/IAM professional.
Content
Acknowledgments
Foreword
Introduction
About the Authors
Chapter 1. Security Management Practices
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 2. Access Control Systems
Rationale
Controls
Identification and Authentication
Some Access Control Issues
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 3. Telecommunications and Network Security
Our Goals
Domain Definition
Management Concepts
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 4. Cryptography
Introduction
Cryptographic Technologies
Secret Key Cryptography (Symmetric Key)
Public (Asymmetric) Key Cryptosystems
Approaches to Escrowed Encryption
Internet Security Applications
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 5. Security Architecture and Models
Security Architecture
Assurance
Information Security Models
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 6. Operations Security
Our Goals
Domain Definition
Controls and Protections
Monitoring and Auditing
Threats and Vulnerabilities
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 7. Applications and Systems Development
The Software Life Cycle
Development Process
The Software Capability Maturity Model (CMM)
Object-Oriented Systems
Artificial Intelligence Systems
Database Systems
Application Controls
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 8. Business Continuity Planning and Disaster Recovery Planning
Our Goals
Domain Definition
Business Continuity Planning
Disaster Recovery Planning
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 9. Law, Investigation, and Ethics
Types of Computer Crime
Law
Investigation
Liability
Ethics
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 10. Physical Security
Our Goals
Domain Definition
Threats to Physical Security
Controls for Physical Security
Sample Questions
Bonus Questions
Advanced Sample Questions
Appendix A: A Process Approach to HIPAA Compliance through a HIPAA-CMM
Background
HIPAA Security Requirements Mappings to PAs
HPAs
Defining and Using the HIPAA-CMM
Conclusion
References
Appendix A: HIPAA-CMM PA Overview
Appendix B: Glossary (SSE-CMM v2.0)
Appendix C: The Ideal Approach to Process Improvement
Appendix D: SSE-CMM MAPPINGS and General Considerations
Appendix B: The NSA InfoSec Assessment Methodology
History of the NIPC
About the ISSO
The InfoSec Assessment Methodology
PDD#63
Appendix C: The Case for Ethical Hacking
Rationale
Roles and Responsibilities
Implementation
Summary
Appendix D: The Common Criteria
Common Criteria: Launching the International Standard
Glossary
For More Information
Appendix E: BS7799
Appendix F: HIPAA Updates
Scope
Title II Administrative Simplification
Conclusion
Appendix G: References for Further Study
Web Sites
Appendix H: Answers to Sample and Bonus Questions
Chapter 1-Security Management Practices
Chapter 2-Access Control Systems and Methodology
Chapter 3-Telecommunications and Network Security
Chapter 4-Cryptography
Chapter 5-Security Architecture and Models
Chapter 6-Operations Security
Chapter 7-Applications and Systems Development
Chapter 8-Business Continuity Planning-Disaster Recovery Planning
Chapter 9-Law, Investigation, and Ethics
Chapter 10-Physical Security
Appendix I: Answers to Advanced Sample Questions
Chapter 1-Security Management Practices
Chapter 2-Access Control Systems and Methodology
Chapter 3-Telecommunications and Network Security
Chapter 4-Cryptography
Chapter 5-Security Architecture and Models
Chapter 6-Operations Security
Chapter 7-Applications and Systems Development
Chapter 8-Business Continuity Planning-Disaster Recovery Planning
Chapter 9-Law, Investigation, and Ethics
Chapter 10-Physical Security
Notes
Appendix J: What's on the CD-ROM
Glossary of Terms and Acronyms
Index.
Foreword
Introduction
About the Authors
Chapter 1. Security Management Practices
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 2. Access Control Systems
Rationale
Controls
Identification and Authentication
Some Access Control Issues
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 3. Telecommunications and Network Security
Our Goals
Domain Definition
Management Concepts
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 4. Cryptography
Introduction
Cryptographic Technologies
Secret Key Cryptography (Symmetric Key)
Public (Asymmetric) Key Cryptosystems
Approaches to Escrowed Encryption
Internet Security Applications
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 5. Security Architecture and Models
Security Architecture
Assurance
Information Security Models
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 6. Operations Security
Our Goals
Domain Definition
Controls and Protections
Monitoring and Auditing
Threats and Vulnerabilities
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 7. Applications and Systems Development
The Software Life Cycle
Development Process
The Software Capability Maturity Model (CMM)
Object-Oriented Systems
Artificial Intelligence Systems
Database Systems
Application Controls
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 8. Business Continuity Planning and Disaster Recovery Planning
Our Goals
Domain Definition
Business Continuity Planning
Disaster Recovery Planning
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 9. Law, Investigation, and Ethics
Types of Computer Crime
Law
Investigation
Liability
Ethics
Sample Questions
Bonus Questions
Advanced Sample Questions
Chapter 10. Physical Security
Our Goals
Domain Definition
Threats to Physical Security
Controls for Physical Security
Sample Questions
Bonus Questions
Advanced Sample Questions
Appendix A: A Process Approach to HIPAA Compliance through a HIPAA-CMM
Background
HIPAA Security Requirements Mappings to PAs
HPAs
Defining and Using the HIPAA-CMM
Conclusion
References
Appendix A: HIPAA-CMM PA Overview
Appendix B: Glossary (SSE-CMM v2.0)
Appendix C: The Ideal Approach to Process Improvement
Appendix D: SSE-CMM MAPPINGS and General Considerations
Appendix B: The NSA InfoSec Assessment Methodology
History of the NIPC
About the ISSO
The InfoSec Assessment Methodology
PDD#63
Appendix C: The Case for Ethical Hacking
Rationale
Roles and Responsibilities
Implementation
Summary
Appendix D: The Common Criteria
Common Criteria: Launching the International Standard
Glossary
For More Information
Appendix E: BS7799
Appendix F: HIPAA Updates
Scope
Title II Administrative Simplification
Conclusion
Appendix G: References for Further Study
Web Sites
Appendix H: Answers to Sample and Bonus Questions
Chapter 1-Security Management Practices
Chapter 2-Access Control Systems and Methodology
Chapter 3-Telecommunications and Network Security
Chapter 4-Cryptography
Chapter 5-Security Architecture and Models
Chapter 6-Operations Security
Chapter 7-Applications and Systems Development
Chapter 8-Business Continuity Planning-Disaster Recovery Planning
Chapter 9-Law, Investigation, and Ethics
Chapter 10-Physical Security
Appendix I: Answers to Advanced Sample Questions
Chapter 1-Security Management Practices
Chapter 2-Access Control Systems and Methodology
Chapter 3-Telecommunications and Network Security
Chapter 4-Cryptography
Chapter 5-Security Architecture and Models
Chapter 6-Operations Security
Chapter 7-Applications and Systems Development
Chapter 8-Business Continuity Planning-Disaster Recovery Planning
Chapter 9-Law, Investigation, and Ethics
Chapter 10-Physical Security
Notes
Appendix J: What's on the CD-ROM
Glossary of Terms and Acronyms
Index.