O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CISSP Cert Guide, 3rd Edition

Book Description

In this best-of-breed study guide, two leading experts help you master all the topics you need to know to succeed on your CISSP exam and advance your career in IT security. Their concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know.

Every feature of this book supports both efficient exam preparation and long-term mastery:

  • Opening Topics Lists identify the topics you'll need to learn in each chapter, and list (ISC)2's official exam objectives.
  • Key Topics feature figures, tables, and lists that call attention to the information that's most crucial for exam success.
  • Exam Preparation Tasks allow you to review key topics, complete memory tables, define key terms, work through scenarios, and answer review questions. All of these help you go beyond memorizing mere facts to master the concepts that are crucial to passing the exam and enhancing your career.
  • Key Terms are listed in each chapter and defined in a complete glossary, explaining all the field's essential terminology.

The companion website contains the powerful Pearson Test Prep Practice Test Software with two practice exams and access to a large library of exam-realistic questions. The companion website also includes memory tables, lists, and other resources, all in a searchable PDF format.

Table of Contents

  1. Cover
  2. About This E-Book
  3. Title Page
  4. Copyright Page
  5. Contents at a Glance
  6. Table of Contents
  7. About the Authors
  8. Dedication
  9. Acknowledgments
  10. About the Technical Reviewer
  11. We Want to Hear from You!
  12. Reader Services
  13. Introduction
    1. The Goals of the CISSP Certification
    2. The Value of the CISSP Certification
    3. The Common Body of Knowledge
    4. Steps to Becoming a CISSP
    5. Facts About the CISSP Exam
    6. About the CISSP Cert Guide, Third Edition
    7. Companion Website
    8. Pearson Test Prep Practice Test Software
  14. Chapter 1 Security and Risk Management
    1. Foundation Topics
    2. Security Terms
    3. Security Governance Principles
    4. Compliance
    5. Legal and Regulatory Issues
    6. Professional Ethics
    7. Security Documentation
    8. Business Continuity
    9. Personnel Security Policies and Procedures
    10. Risk Management Concepts
    11. Geographical Threats
    12. Threat Modeling
    13. Security Risks in the Supply Chain
    14. Security Education, Training, and Awareness
    15. Exam Preparation Tasks
    16. Review All Key Topics
    17. Complete the Tables and Lists from Memory
    18. Define Key Terms
    19. Answer Review Questions
    20. Answers and Explanations
  15. Chapter 2 Asset Security
    1. Foundation Topics
    2. Asset Security Concepts
    3. Identify and Classify Information and Assets
    4. Information and Asset Ownership
    5. Protect Privacy
    6. Asset Retention
    7. Data Security Controls
    8. Information and Asset Handling Requirements
    9. Exam Preparation Tasks
    10. Answer Review Questions
    11. Answers and Explanations
  16. Chapter 3 Security Architecture and Engineering
    1. Foundation Topics
    2. Engineering Processes Using Secure Design Principles
    3. Security Model Concepts
    4. System Security Evaluation Models
    5. Certification and Accreditation
    6. Control Selection Based upon Systems Security Requirements
    7. Security Capabilities of Information Systems
    8. Security Architecture Maintenance
    9. Vulnerabilities of Security Architectures, Designs, and Solution Elements
    10. Vulnerabilities in Web-Based Systems
    11. Vulnerabilities in Mobile Systems
    12. Vulnerabilities in Embedded Devices
    13. Cryptography
    14. Cryptographic Types
    15. Symmetric Algorithms
    16. Asymmetric Algorithms
    17. Public Key Infrastructure
    18. Key Management Practices
    19. Message Integrity
    20. Digital Signatures
    21. Applied Cryptography
    22. Cryptanalytic Attacks
    23. Digital Rights Management
    24. Site and Facility Design
    25. Site and Facility Security Controls
    26. Exam Preparation Tasks
    27. Complete the Tables and Lists from Memory
    28. Answer Review Questions
    29. Answers and Explanations
  17. Chapter 4 Communication and Network Security
    1. Foundation Topics
    2. Secure Network Design Principles
    3. IP Networking
    4. Protocols and Services
    5. Converged Protocols
    6. Wireless Networks
    7. Communications Cryptography
    8. Secure Network Components
    9. Secure Communication Channels
    10. Network Attacks
    11. Exam Preparation Tasks
    12. Answer Review Questions
    13. Answers and Explanations
  18. Chapter 5 Identity and Access Management (IAM)
    1. Foundation Topics
    2. Access Control Process
    3. Physical and Logical Access to Assets
    4. Identification and Authentication Concepts
    5. Identification and Authentication Implementation
    6. Identity as a Service (IDaaS) Implementation
    7. Third-Party Identity Services Integration
    8. Authorization Mechanisms
    9. Provisioning Life Cycle
    10. Access Control Threats
    11. Prevent or Mitigate Access Control Threats
    12. Exam Preparation Tasks
    13. Answer Review Questions
    14. Answers and Explanations
  19. Chapter 6 Security Assessment and Testing
    1. Foundation Topics
    2. Design and Validate Assessment and Testing Strategies
    3. Conduct Security Control Testing
    4. Collect Security Process Data
    5. Analyze and Report Test Outputs
    6. Conduct or Facilitate Security Audits
    7. Exam Preparation Tasks
    8. Answer Review Questions
    9. Answers and Explanations
  20. Chapter 7 Security Operations
    1. Foundation Topics
    2. Investigations
    3. Investigation Types
    4. Logging and Monitoring Activities
    5. Resource Provisioning
    6. Security Operations Concepts
    7. Resource Protection
    8. Incident Management
    9. Detective and Preventive Measures
    10. Patch and Vulnerability Management
    11. Change Management Processes
    12. Recovery Strategies
    13. Disaster Recovery
    14. Testing Disaster Recovery Plans
    15. Business Continuity Planning and Exercises
    16. Physical Security
    17. Personnel Safety and Security
    18. Exam Preparation Tasks
    19. Answer Review Questions
    20. Answers and Explanations
  21. Chapter 8 Software Development Security
    1. Foundation Topics
    2. Software Development Concepts
    3. Security in the System and Software Development Life Cycles
    4. Security Controls in Development
    5. Assess Software Security Effectiveness
    6. Security Impact of Acquired Software
    7. Secure Coding Guidelines and Standards
    8. Exam Preparation Tasks
    9. Review All Key Topics
    10. Define Key Terms
    11. Answer Review Questions
    12. Answers and Explanations
  22. Chapter 9 Final Preparation
    1. Tools for Final Preparation
    2. Suggested Plan for Final Review/Study
    3. Summary
  23. Glossary
  24. Index
  25. Online Elements
    1. Appendix A: Memory Tables
    2. Appendix B: Memory Tables Answer Key
    3. Glossary
  26. Code Snippets