CISSP Boxed Set, Second Edition
1st Edition
Published on 25. January 2013
2333 pages
978-0-07-182352-4 (ISBN)
Description
Save 12% on This CISSP Boxed Set—Plus Bonus DVD!This money-saving CISSP boxed set from the #1 name in IT security certification and training includes:CISSP All-in-One Exam Guide, Sixth EditionUp-to-date coverage of all 10 CISSP exam domainsElectronic content—1400+ practice exam questions, video training module, and a downloadable Adobe Digital Editions eBookCISSP Practice Exams, Second Edition250+ practice exam questions covering all 10 CISSP exam domainsRealistic questions with detailed answer explanationsElectronic content—audio lectures and additional practice questionsBonus DVD with three hours of audio and video training featuring Shon Harris: One hour of audio training reviewing key access control conceptsTwo hours of video training teaching core cryptography conceptsComplete CISSP coverage:Information Security Governance and Risk Management, Access Control, Security Architecture and Design, Physical (Environmental) Security, Telecommunications and Networking Security, Cryptography, Business Continuity and Disaster Recovery Planning, Legal, Regulations, Investigations, and Compliance, Software Development Security, Operations Security
More details
Other editions
Additional editions
Shon Harris
CISSP Boxed Set, Second Edition
Book
03/2013
2nd Edition
McGraw-Hill Professional
€96.55
Article exhausted; check different version
Content
- Cover
- Copyright Page
- Contents
- CISSP® All In One Exam Guide, Sixth Edition
- ABOUT THE AUTHOR
- CONTENTS AT A GLANCE
- CONTENTS
- From the Author
- Foreword
- Acknowledgments
- Chapter 1 Becoming a CISSP
- Why Become a CISSP?
- The CISSP Exam
- CISSP: A Brief History
- How Do You Sign Up for the Exam?
- What Does This Book Cover?
- Tips for Taking the CISSP Exam
- How to Use This Book
- Questions
- Answers
- Chapter 2 Information Security Governance and Risk Management
- Fundamental Principles of Security
- Availability
- Integrity
- Confidentiality
- Balanced Security
- Security Definitions
- Control Types
- Security Frameworks
- ISO/IEC 27000 Series
- Enterprise Architecture Development
- Security Controls Development
- COSO
- Process Management Development
- Functionality vs. Security
- Security Management
- Risk Management
- Who Really Understands Risk Management?
- Information Risk Management Policy
- The Risk Management Team
- Risk Assessment and Analysis
- Risk Analysis Team
- The Value of Information and Assets
- Costs That Make Up the Value
- Identifying Vulnerabilities and Threats
- Methodologies for Risk Assessment
- Risk Analysis Approaches
- Qualitative Risk Analysis
- Protection Mechanisms
- Putting It Together
- Total Risk vs. Residual Risk
- Handling Risk
- Outsourcing
- Policies, Standards, Baselines, Guidelines, and Procedures
- Security Policy
- Standards
- Baselines
- Guidelines
- Procedures
- Implementation
- Information Classification
- Classifications Levelss
- Classification Controls
- Layers of Responsibility
- Board of Directors
- Executive Management
- Chief Information Officer
- Chief Privacy Officer
- Chief Security Officer
- Security Steering Committee
- Audit Committee
- Data Owner
- Data Custodian
- System Owner
- Security Administrator
- Security Analyst
- Application Owner
- Supervisor
- Change Control Analyst
- Data Analyst
- Process Owner
- Solution Provider
- User
- Product Line Manager
- Auditor
- Why So Many Roles?
- Personnel Security
- Hiring Practices
- Termination
- Security-Awareness Training
- Degree or Certification?
- Security Governance
- Metrics
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 3 Access Control
- Access Controls Overview
- Security Principles
- Availability
- Integrity
- Confidentiality
- Identification, Authentication, Authorization, and Accountability
- Identification and Authentication
- Password Management
- Authorization
- Access Control Models
- Discretionary Access Control
- Mandatory Access Control
- Role-Based Access Control
- Access Control Techniques and Technologies
- Rule-Based Access Control
- Constrained User Interfaces
- Access Control Matrix
- Content-Dependent Access Control
- Context-Dependent Access Control
- Access Control Administration
- Centralized Access Control Administration
- Decentralized Access Control Administration
- Access Control Methods
- Access Control Layers
- Administrative Controls
- Physical Controls
- Technical Controls
- Accountability
- Review of Audit Information
- Protecting Audit Data and Log Information
- Keystroke Monitoring
- Access Control Practices
- Unauthorized Disclosure of Information
- Access Control Monitoring
- Intrusion Detection
- Intrusion Prevention Systems
- Threats to Access Control
- Dictionary Attack
- Brute Force Attacks
- Spoofing at Logon
- Phishing and Pharming
- Threat Modeling
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 4 Security Architecture and Design
- Computer Security
- System Architecture
- Computer Architecture
- The Central Processing Unit
- Multiprocessing
- Operating System Components
- Memory Types
- Virtual Memory
- Input/Output Device Management
- CPU Architecture
- Operating System Architectures
- Virtual Machines
- System Security Architecture
- Security Policy
- Security Architecture Requirements
- Security Models
- State Machine Models
- Bell-LaPadula Model
- Biba Model
- Clark-Wilson Model
- Information Flow Model
- Noninterference Model
- Lattice Model
- Brewer and Nash Model
- Graham-Denning Model
- Harrison-Ruzzo-Ullman Model
- Security Modes of Operation
- Dedicated Security Mode
- System High-Security Mode
- Compartmented Security Mode
- Multilevel Security Mode
- Trust and Assurance
- Systems Evaluation Methods
- Why Put a Product Through Evaluation?
- The Orange Book
- The Orange Book and the Rainbow Series
- The Red Book
- Information Technology Security Evaluation Criteria
- Common Criteria
- Certification vs. Accreditation
- Certification
- Accreditation
- Open vs. Closed Systems
- Open Systems
- Closed Systems
- A Few Threats to Review
- Maintenance Hooks
- Time-of-Check/Time-of-Use Attacks
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 5 Physical and Environmental Security
- Introduction to Physical Security
- The Planning Process
- Crime Prevention Through Environmental Design
- Designing a Physical Security Program
- Protecting Assets
- Internal Support Systems
- Electric Power
- Environmental Issues
- Ventilation
- Fire Prevention, Detection, and Suppression
- Perimeter Security
- Facility Access Control
- Personnel Access Controls
- External Boundary Protection Mechanisms
- Intrusion Detection Systems
- Patrol Force and Guards
- Dogs
- Auditing Physical Access
- Testing and Drills
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 6 Telecommunications and Network Security
- Telecommunications
- Open Systems Interconnection Reference Model
- Protocol
- Application Layer
- Presentation Layer
- Session Layer
- Transport Layer
- Network Layer
- Data Link Layer
- Physical Layer
- Functions and Protocols in the OSI Model
- Tying the Layers Together
- TCP/IP Model
- TCP
- IP Addressing
- IPv6
- Layer 2 Security Standards
- Types of Transmission
- Analog and Digital
- Asynchronous and Synchronous
- Broadband and Baseband
- Cabling
- Coaxial Cable
- Twisted-Pair Cable
- Fiber-Optic Cable
- Cabling Problems
- Networking Foundations
- Network Topology
- Media Access Technologies
- Network Protocols and Services
- Domain Name Service
- E-mail Services
- Network Address Translation
- Routing Protocols
- Networking Devices
- Repeaters
- Bridges
- Routers
- Switches
- Gateways
- PBXs
- Firewalls
- Proxy Servers
- Honeypot
- Unified Threat Management
- Cloud Computing
- Intranets and Extranets
- Metropolitan Area Networks
- Wide Area Networks
- Telecommunications Evolution
- Dedicated Links
- WAN Technologies
- Remote Connectivity
- Dial-up Connections
- ISDN
- DSL
- Cable Modems
- VPN
- Authentication Protocols
- Wireless Technologies
- Wireless Communications
- WLAN Components
- Wireless Standards
- War Driving for WLANs
- Satellites
- Mobile Wireless Communication
- Mobile Phone Security
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 7 Cryptography
- The History of Cryptography
- Cryptography Definitions and Concepts
- Kerckhoffs' Principle
- The Strength of the Cryptosystem
- Services of Cryptosystems
- One-Time Pad
- Running and Concealment Ciphers
- Steganography
- Types of Ciphers
- Substitution Ciphers
- Transposition Ciphers
- Methods of Encryption
- Symmetric vs. Asymmetric Algorithms
- Symmetric Cryptography
- Block and Stream Ciphers
- Hybrid Encryption Methods
- Types of Symmetric Systems
- Data Encryption Standard
- Triple-DES
- The Advanced Encryption Standard
- International Data Encryption Algorithm
- Blowfish
- RC4
- RC5
- RC6
- Types of Asymmetric Systems
- The Diffie-Hellman Algorithm
- RSA
- El Gamal
- Elliptic Curve Cryptosystems
- Knapsack
- Zero Knowledge Proof
- Message Integrity
- The One-Way Hash
- Various Hashing Algorithms
- MD2
- MD4
- MD5
- Attacks Against One-Way Hash Functions
- Digital Signatures
- Digital Signature Standard
- Public Key Infrastructure
- Certificate Authorities
- Certificates
- The Registration Authority
- PKI Steps
- Key Management
- Key Management Principles
- Rules for Keys and Key Management
- Trusted Platform Module
- TPM Uses
- Link Encryption vs. End-to-End Encryption
- E-mail Standards
- Multipurpose Internet Mail Extension
- Pretty Good Privacy
- Internet Security
- Start with the Basics
- Attacks
- Ciphertext-Only Attacks
- Known-Plaintext Attacks
- Chosen-Plaintext Attacks
- Chosen-Ciphertext Attacks
- Differential Cryptanalysis
- Linear Cryptanalysis
- Side-Channel Attacks
- Replay Attacks
- Algebraic Attacks
- Analytic Attacks
- Statistical Attacks
- Social Engineering Attacks
- Meet-in-the-Middle Attacks
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 8 Business Continuity and Disaster Recovery Planning
- Business Continuity and Disaster Recovery
- Standards and Best Practices
- Making BCM Part of the Enterprise Security Program
- BCP Project Components
- Scope of the Project
- BCP Policy
- Project Management
- Business Continuity Planning Requirements
- Business Impact Analysis (BIA)
- Interdependencies
- Preventive Measures
- Recovery Strategies
- Business Process Recovery
- Facility Recovery
- Supply and Technology Recovery
- Choosing a Software Backup Facility
- End-User Environment
- Data Backup Alternatives
- Electronic Backup Solutions
- High Availability
- Insurance
- Recovery and Restoration
- Developing Goals for the Plans
- Implementing Strategies
- Testing and Revising the Plan
- Checklist Test
- Structured Walk-Through Test
- Simulation Test
- Parallel Test
- Full-Interruption Test
- Other Types of Training
- Emergency Response
- Maintaining the Plan
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 9 Legal, Regulations, Investigations, and Compliance
- The Many Facets of Cyberlaw
- The Crux of Computer Crime Laws
- Complexities in Cybercrime
- Electronic Assets
- The Evolution of Attacks
- International Issues
- Types of Legal Systems
- Intellectual Property Laws
- Trade Secret
- Copyright
- Trademark
- Patent
- Internal Protection of Intellectual Property
- Software Piracy
- Privacy
- The Increasing Need for Privacy Laws
- Laws, Directives, and Regulations
- Liability and Its Ramifications
- Personal Information
- Hacker Intrusion
- Third-Party Risk
- Contractual Agreements
- Procurement and Vendor Processes
- Compliance
- Investigations
- Incident Management
- Incident Response Procedures
- Computer Forensics and Proper Collection of Evidence
- International Organization on Computer Evidence
- Motive, Opportunity, and Means
- Computer Criminal Behavior
- Incident Investigators
- The Forensics Investigation Process
- What Is Admissible in Court?
- Surveillance, Search, and Seizure
- Interviewing and Interrogating
- A Few Different Attack Types
- Cybersquatting
- Ethics
- The Computer Ethics Institute
- The Internet Architecture Board
- Corporate Ethics Programs
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 10 Software Development Security
- Software's Importance
- Where Do We Place Security?
- Different Environments Demand Different Security
- Environment versus Application
- Functionality versus Security
- Implementation and Default Issues
- System Development Life Cycle
- Initiation
- Acquisition/Development
- Implementation
- Operations/Maintenance
- Disposal
- Software Development Life Cycle
- Project Management
- Requirements Gathering Phase
- Design Phase
- Development Phase
- Testing/Validation Phase
- Release/Maintenance Phase
- Secure Software Development Best Practices
- Software Development Models
- Build and Fix Model
- Waterfall Model
- V-Shaped Model (V-Model)
- Prototyping
- Incremental Model
- Spiral Model
- Rapid Application Development
- Agile Model
- Capability Maturity Model Integration
- Change Control
- Software Configuration Management
- Programming Languages and Concepts
- Assemblers, Compilers, Interpreters
- Object-Oriented Concepts
- Distributed Computing
- Distributed Computing Environment
- CORBA and ORBs
- COM and DCOM
- Java Platform, Enterprise Edition
- Service-Oriented Architecture
- Mobile Code
- Java Applets
- ActiveX Controls
- Web Security
- Specific Threats for Web Environments
- Web Application Security Principles
- Database Management
- Database Management Software
- Database Models
- Database Programming Interfaces
- Relational Database Components
- Integrity
- Database Security Issues
- Data Warehousing and Data Mining
- Expert Systems/Knowledge-Based Systems
- Artificial Neural Networks
- Malicious Software (Malware)
- Viruses
- Worms
- Rootkit
- Spyware and Adware
- Botnets
- Logic Bombs
- Trojan Horses
- Antivirus Software
- Spam Detection
- Antimalware Programs
- Summary
- Quick Tips
- Questions
- Answers
- Chapter 11 Security Operations
- The Role of the Operations Department
- Administrative Management
- Security and Network Personnel
- Accountability
- Clipping Levels
- Assurance Levels
- Operational Responsibilities
- Unusual or Unexplained Occurrences
- Deviations from Standards
- Unscheduled Initial Program Loads (aka Rebooting)
- Asset Identification and Management
- System Controls
- Trusted Recovery
- Input and Output Controls
- System Hardening
- Remote Access Security
- Configuration Management
- Change Control Process
- Change Control Documentation
- Media Controls
- Data Leakage
- Network and Resource Availability
- Mean Time Between Failures
- Mean Time to Repair
- Single Points of Failure
- Backups
- Contingency Planning
- Mainframes
- E-mail Security
- How E-mail Works
- Facsimile Security
- Hack and Attack Methods
- Vulnerability Testing
- Penetration Testing
- Wardialing
- Other Vulnerability Types
- Postmortem
- Summary
- Quick Tips
- Questions
- Answers
- Appendix A Comprehensive Questions
- Answers
- Appendix B About the Download
- Downloading the Total Tester
- Total Tester System Requirements
- Installing and Running Total Tester
- About Total Tester CISSP Practice Exam Software
- Media Center Download
- Cryptography Video Sample
- Technical Support
- Total Seminars Technical Support
- McGraw-Hill Education Content Support
- Index
- CISSP® Practice Exams, Second Edition
- Dedication
- About the Author
- Acknowledgments
- Contents
- Preface
- Introduction
- Chapter 1 Information Security Governance and Risk Management
- QUESTIONS
- QUICK ANSWER KEY
- ANSWERS
- Chapter 2 Access Control
- QUESTIONS
- QUICK ANSWER KEY
- ANSWERS
- Chapter 3 Security Architecture and Design
- QUESTIONS
- QUICK ANSWER KEY
- ANSWERS
- Chapter 4 Physical and Environmental Security
- QUESTIONS
- QUICK ANSWER KEY
- ANSWERS
- Chapter 5 Telecommunications and Network Security
- QUESTIONS
- QUICK ANSWER KEY
- ANSWERS
- Chapter 6 Cryptography
- QUESTIONS
- QUICK ANSWER KEY
- ANSWERS
- Chapter 7 Business Continuity and Disaster Recovery
- QUESTIONS
- QUICK ANSWER KEY
- ANSWERS
- Chapter 8 Legal, Regulations, Investigations, and Compliance
- QUESTIONS
- QUICK ANSWER KEY
- ANSWERS
- Chapter 9 Software Development Security
- QUESTIONS
- QUICK ANSWER KEY
- ANSWERS
- Chapter 10 Security Operations
- QUESTIONS
- QUICK ANSWER KEY
- ANSWERS
- Appendix About the Free Online Practice Questions and Audio Lectures
- Accessing the Online Practice Questions and Audio Lectures
- System Requirements
- Technical Support
- Index
- eBundle Bonus Content: About the Download
