CISSP All-in-One Exam Guide, Eighth Edition
1st Edition
Published on 26. October 2018
1376 pages
978-1-260-14264-8 (ISBN)
Available for download
Description
A new edition of Shon Harris' bestselling exam prep guide-fully updated for the new CISSP 2018 Common Body of KnowledgeThis effective self-study guide fully prepares you for the challenging CISSP exam and offers 100% coverage of all exam domains. This edition has been thoroughly revised to cover the new CISSP 2018 Common Body of Knowledge, hot spot and drag and drop question formats, and more.CISSP All-in-One Exam Guide, Eighth Edition features hands-on exercises as well as "e,Notes,"e, "e,Tips,"e, and "e,Cautions"e, that provide real-world insight and call out potentially harmful situations. Each chapter features learning objectives, exam tips, and practice questions with in-depth answer explanations. Beyond exam prep, the guide also serves as an ideal on-the-job reference for IT security professionals.*Fully updated to cover 2018 exam objectives and question formats*Digital content includes access to the Total Tester test engine with 1500 practice questions, and flashcards*Serves as an essential on-the-job-reference
More details
Other editions
Additional editions
Shon Harris | Fernando Maymi
CISSP All-in-One Exam Guide, Eighth Edition
Book
10/2018
8th Edition
McGraw-Hill Education
€63.13
Article exhausted; check for reprint
Content
- Cover
- Title Page
- Copyright Page
- Dedication
- About the Authors
- Contents at a Glance
- Contents
- In Memory of Shon Harris
- Foreword
- From the Author
- Acknowledgments
- Why Become a CISSP?
- Chapter 1 Security and Risk Management
- Fundamental Principles of Security
- Availability
- Integrity
- Confidentiality
- Balanced Security
- Security Definitions
- Control Types
- Security Frameworks
- ISO/IEC 27000 Series
- Enterprise Architecture Development
- Security Controls Development
- Process Management Development
- Functionality vs. Security
- The Crux of Computer Crime Laws
- Complexities in Cybercrime
- Electronic Assets
- The Evolution of Attacks
- International Issues
- Types of Legal Systems
- Intellectual Property Laws
- Trade Secret
- Copyright
- Trademark
- Patent
- Internal Protection of Intellectual Property
- Software Piracy
- Privacy
- The Increasing Need for Privacy Laws
- Laws, Directives, and Regulations
- Employee Privacy Issues
- Data Breaches
- U.S. Laws Pertaining to Data Breaches
- Other Nations' Laws Pertaining to Data Breaches
- Policies, Standards, Baselines, Guidelines, and Procedures
- Security Policy
- Standards
- Baselines
- Guidelines
- Procedures
- Implementation
- Risk Management
- Holistic Risk Management
- Information Systems Risk Management Policy
- The Risk Management Team
- The Risk Management Process
- Threat Modeling
- Threat Modeling Concepts
- Threat Modeling Methodologies
- Risk Assessment and Analysis
- Risk Assessment Team
- The Value of Information and Assets
- Costs That Make Up the Value
- Identifying Vulnerabilities and Threats
- Methodologies for Risk Assessment
- Risk Analysis Approaches
- Qualitative Risk Analysis
- Protection Mechanisms
- Total Risk vs. Residual Risk
- Handling Risk
- Supply Chain Risk Management
- Upstream and Downstream Suppliers
- Service Level Agreements
- Risk Management Frameworks
- Categorize Information System
- Select Security Controls
- Implement Security Controls
- Assess Security Controls
- Authorize Information System
- Monitor Security Controls
- Business Continuity and Disaster Recovery
- Standards and Best Practices
- Making BCM Part of the Enterprise Security Program
- BCP Project Components
- Personnel Security
- Hiring Practices
- Onboarding
- Termination
- Security Awareness Training
- Degree or Certification?
- Security Governance
- Metrics
- Ethics
- The Computer Ethics Institute
- The Internet Architecture Board
- Corporate Ethics Programs
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 2 Asset Security
- Information Life Cycle
- Acquisition
- Use
- Archival
- Disposal
- Classification
- Classifications Levels
- Classification Controls
- Layers of Responsibility
- Executive Management
- Data Owner
- Data Custodian
- System Owner
- Security Administrator
- Supervisor
- Change Control Analyst
- Data Analyst
- User
- Auditor
- Why So Many Roles?
- Retention Policies
- Developing a Retention Policy
- Protecting Privacy
- Data Owners
- Data Processers
- Data Remanence
- Limits on Collection
- Protecting Assets
- Data Security Controls
- Media Controls
- Protecting Mobile Devices
- Paper Records
- Safes
- Selecting Standards
- Data Leakage
- Data Leak Prevention
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 3 Security Architecture and Engineering
- System Architecture
- Computer Architecture
- The Central Processing Unit
- Multiprocessing
- Memory Types
- Operating Systems
- Process Management
- Memory Management
- Input/Output Device Management
- CPU Architecture Integration
- Operating System Architectures
- Virtual Machines
- System Security Architecture
- Security Policy
- Security Architecture Requirements
- Security Models
- Bell-LaPadula Model
- Biba Model
- Clark-Wilson Model
- Noninterference Model
- Brewer and Nash Model
- Graham-Denning Model
- Harrison-Ruzzo-Ullman Model
- Systems Evaluation
- Common Criteria
- Why Put a Product Through Evaluation?
- Certification vs. Accreditation
- Certification
- Accreditation
- Open vs. Closed Systems
- Open Systems
- Closed Systems
- Systems Security
- Client-Based Systems
- Client-Server Systems
- Distributed Systems
- Cloud Computing
- Parallel Computing
- Database Systems
- Web-Based Systems
- Mobile Systems
- Cyber-Physical Systems
- A Few Threats to Review
- Maintenance Hooks
- Time-of-Check/Time-of-Use Attacks
- Cryptography in Context
- The History of Cryptography
- Cryptography Definitions and Concepts
- Kerckhoffs' Principle
- The Strength of the Cryptosystem
- One-Time Pad
- Running and Concealment Ciphers
- Steganography
- Types of Ciphers
- Substitution Ciphers
- Transposition Ciphers
- Methods of Encryption
- Symmetric vs. Asymmetric Algorithms
- Symmetric Cryptography
- Block and Stream Ciphers
- Hybrid Encryption Methods
- Types of Symmetric Systems
- Data Encryption Standard
- Triple-DES
- Advanced Encryption Standard
- International Data Encryption Algorithm
- Blowfish
- RC4
- RC5
- RC6
- Types of Asymmetric Systems
- Diffie-Hellman Algorithm
- RSA
- El Gamal
- Elliptic Curve Cryptosystems
- Knapsack
- Zero Knowledge Proof
- Message Integrity
- The One-Way Hash
- Various Hashing Algorithms
- MD4
- MD5
- SHA
- Attacks Against One-Way Hash Functions
- Public Key Infrastructure
- Certificate Authorities
- Certificates
- The Registration Authority
- PKI Steps
- Applying Cryptography
- Services of Cryptosystems
- Digital Signatures
- Digital Signature Standard
- Key Management
- Trusted Platform Module
- Digital Rights Management
- Attacks on Cryptography
- Ciphertext-Only Attacks
- Known-Plaintext Attacks
- Chosen-Plaintext Attacks
- Chosen-Ciphertext Attacks
- Differential Cryptanalysis
- Linear Cryptanalysis
- Side-Channel Attacks
- Replay Attacks
- Algebraic Attacks
- Analytic Attacks
- Statistical Attacks
- Social Engineering Attacks
- Meet-in-the-Middle Attacks
- Site and Facility Security
- The Site Planning Process
- Crime Prevention Through Environmental Design
- Designing a Physical Security Program
- Internal Support Systems
- Electric Power
- Environmental Issues
- Fire Prevention, Detection, and Suppression
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 4 Communication and Network Security
- Principles of Network Architectures
- Open Systems Interconnection Reference Model
- Protocol
- Application Layer
- Presentation Layer
- Session Layer
- Transport Layer
- Network Layer
- Data Link Layer
- Physical Layer
- Functions and Protocols in the OSI Model
- Tying the Layers Together
- Multilayer Protocols
- TCP/IP Model
- TCP
- IP Addressing
- IPv6
- Layer 2 Security Standards
- Converged Protocols
- Transmission Media
- Types of Transmission
- Cabling
- Wireless Networks
- Wireless Communications Techniques
- WLAN Components
- Evolution of WLAN Security
- Wireless Standards
- Best Practices for Securing WLANs
- Satellites
- Mobile Wireless Communication
- Networking Foundations
- Network Topology
- Media Access Technologies
- Transmission Methods
- Network Protocols and Services
- Address Resolution Protocol
- Dynamic Host Configuration Protocol
- Internet Control Message Protocol
- Simple Network Management Protocol
- Domain Name Service
- E-mail Services
- Network Address Translation
- Routing Protocols
- Network Components
- Repeaters
- Bridges
- Routers
- Switches
- Gateways
- PBXs
- Firewalls
- Proxy Servers
- Unified Threat Management
- Content Distribution Networks
- Software Defined Networking
- Endpoints
- Honeypot
- Network Access Control
- Virtualized Networks
- Intranets and Extranets
- Metropolitan Area Networks
- Metro Ethernet
- Wide Area Networks
- Telecommunications Evolution
- Dedicated Links
- WAN Technologies
- Communications Channels
- Multiservice Access Technologies
- H.323 Gateways
- Digging Deeper into SIP
- IP Telephony Issues
- Remote Access
- Dial-up Connections
- ISDN
- DSL
- Cable Modems
- VPN
- Authentication Protocols
- Network Encryption
- Link Encryption vs. End-to-End Encryption
- E-mail Encryption Standards
- Internet Security
- Network Attacks
- Denial of Service
- Sniffing
- DNS Hijacking
- Drive-by Download
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 5 Identity and Access Management
- Access Controls Overview
- Security Principles
- Availability
- Integrity
- Confidentiality
- Identification, Authentication, Authorization, and Accountability
- Identification and Authentication
- Authentication Methods
- Authorization
- Accountability
- Session Management
- Federation
- Integrating Identity as a Service
- On-premise
- Cloud
- Integration Issues
- Access Control Mechanisms
- Discretionary Access Control
- Mandatory Access Control
- Role-Based Access Control
- Rule-Based Access Control
- Attribute-Based Access Control
- Access Control Techniques and Technologies
- Constrained User Interfaces
- Remote Access Control Technologies
- Access Control Matrix
- Content-Dependent Access Control
- Context-Dependent Access Control
- Managing the Identity and Access Provisioning Life Cycle
- Provisioning
- User Access Review
- System Account Access Review
- Deprovisioning
- Controlling Physical and Logical Access
- Access Control Layers
- Administrative Controls
- Physical Controls
- Technical Controls
- Access Control Practices
- Unauthorized Disclosure of Information
- Access Control Monitoring
- Intrusion Detection Systems
- Intrusion Prevention Systems
- Threats to Access Control
- Dictionary Attack
- Brute-Force Attacks
- Spoofing at Logon
- Phishing and Pharming
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 6 Security Assessment and Testing
- Assessment, Test, and Audit Strategies
- Internal Audits
- External Audits
- Third-Party Audits
- Test Coverage
- Auditing Technical Controls
- Vulnerability Testing
- Penetration Testing
- War Dialing
- Other Vulnerability Types
- Postmortem
- Log Reviews
- Synthetic Transactions
- Misuse Case Testing
- Code Reviews
- Code Testing
- Interface Testing
- Auditing Administrative Controls
- Account Management
- Backup Verification
- Disaster Recovery and Business Continuity
- Security Training and Security Awareness Training
- Key Performance and Risk Indicators
- Reporting
- Analyzing Results
- Writing Technical Reports
- Executive Summaries
- Management Review and Approval
- Before the Management Review
- Reviewing Inputs
- Management Approval
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 7 Security Operations
- The Role of the Operations Department
- Administrative Management
- Security and Network Personnel
- Accountability
- Clipping Levels
- Physical Security
- Facility Access Control
- Personnel Access Controls
- External Boundary Protection Mechanisms
- Intrusion Detection Systems
- Patrol Force and Guards
- Dogs
- Auditing Physical Access
- Internal Security Controls
- Secure Resource Provisioning
- Asset Inventory
- Asset Management
- Configuration Management
- Trusted Recovery
- Input and Output Controls
- System Hardening
- Remote Access Security
- Provisioning Cloud Assets
- Network and Resource Availability
- Mean Time Between Failures
- Mean Time to Repair
- Single Points of Failure
- Backups
- Contingency Planning
- Preventing and Detecting
- Continuous Monitoring
- Firewalls
- Intrusion Detection and Prevention Systems
- Whitelisting and Blacklisting
- Antimalware
- Vulnerability Management
- Patch Management
- Sandboxing
- Honeypots and Honeynets
- Egress Monitoring
- Security Information and Event Management
- Outsourced Services
- The Incident Management Process
- Detection
- Response
- Mitigation
- Reporting
- Recovery
- Remediation
- Investigations
- Computer Forensics and Proper Collection of Evidence
- Motive, Opportunity, and Means
- Computer Criminal Behavior
- Incident Investigators
- Types of Investigations
- The Forensic Investigation Process
- What Is Admissible in Court?
- Surveillance, Search, and Seizure
- Disaster Recovery
- Business Process Recovery
- Recovery Site Strategies
- Supply and Technology Recovery
- Backup Storage Strategies
- End-User Environment
- Availability
- Liability and Its Ramifications
- Liability Scenarios
- Third-Party Risk
- Contractual Agreements
- Procurement and Vendor Processes
- Insurance
- Implementing Disaster Recovery
- Personnel
- Assessment
- Restoration
- Communications
- Training
- Personal Safety Concerns
- Emergency Management
- Duress
- Travel
- Training
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 8 Software Development Security
- Building Good Code
- Where Do We Place Security?
- Different Environments Demand Different Security
- Environment vs. Application
- Functionality vs. Security
- Implementation and Default Issues
- Software Development Life Cycle
- Project Management
- Requirements Gathering Phase
- Design Phase
- Development Phase
- Testing Phase
- Operations and Maintenance Phase
- Software Development Methodologies
- Waterfall Methodology
- V-Shaped Methodology
- Prototyping
- Incremental Methodology
- Spiral Methodology
- Rapid Application Development
- Agile Methodologies
- Integrated Product Team
- DevOps
- Capability Maturity Model Integration
- Change Management
- Change Control
- Security of Development Environments
- Security of Development Platforms
- Security of Code Repositories
- Software Configuration Management
- Secure Coding
- Source Code Vulnerabilities
- Secure Coding Practices
- Programming Languages and Concepts
- Assemblers, Compilers, Interpreters
- Object-Oriented Concepts
- Other Software Development Concepts
- Application Programming Interfaces
- Distributed Computing
- Distributed Computing Environment
- CORBA and ORBs
- COM and DCOM
- Java Platform, Enterprise Edition
- Service-Oriented Architecture
- Mobile Code
- Java Applets
- ActiveX Controls
- Web Security
- Specific Threats for Web Environments
- Web Application Security Principles
- Database Management
- Database Management Software
- Database Models
- Database Programming Interfaces
- Relational Database Components
- Integrity
- Database Security Issues
- Data Warehousing and Data Mining
- Malicious Software (Malware)
- Viruses
- Worms
- Rootkit
- Spyware and Adware
- Botnets
- Logic Bombs
- Trojan Horses
- Antimalware Software
- Spam Detection
- Antimalware Programs
- Assessing the Security of Acquired Software
- Summary
- Quick Tips
- Questions
- Answers
- Appendix A Comprehensive Questions
- Answers
- Appendix B About the Online Content
- System Requirements
- Your Total Seminars Training Hub Account
- Single User License Terms and Conditions
- TotalTester Online
- Hotspot and Drag-and-Drop Questions
- Online Flash Cards
- Single User License Terms and Conditions
- Technical Support
- Glossary
- Index
