book

CISSP Cert Guide, 5th Edition

Name: CISSP Cert Guide, 5th Edition
ISBN: 9780135343869

by Robin Abernathy, Darren R. Hayes

September 2024

Intermediate to advanced

1046 pages

27h 23m

English

Pearson IT Certification

Read now

Unlock full access

Cover Page
About This eBook
Title Page
Copyright Page
Contents at a Glance
Table of Contents
About the Authors
Dedications
Acknowledgments
About the Technical Reviewers

We Want to Hear from You!
Reader Services
Introduction
The Goals of the CISSP CertificationThe Value of the CISSP CertificationThe Common Body of KnowledgeSteps to Becoming a CISSPFacts About the CISSP ExamAbout the CISSP Cert Guide, Fifth EditionHow to Access the Companion WebsitePearson Test Prep Practice Test Software
Figure Credits
Chapter 1. Security and Risk Management
Foundation TopicsSecurity TermsSecurity Governance PrinciplesComplianceLegal and Regulatory IssuesInvestigation TypesProfessional EthicsSecurity DocumentationBusiness ContinuityPersonnel Security Policies and ProceduresRisk Management ConceptsGeographical ThreatsThreat ModelingSecurity Risks in the Supply ChainSecurity Education, Training, and AwarenessExam Preparation TasksReview All Key TopicsComplete the Tables and Lists from MemoryDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Chapter 2. Asset Security
Foundation TopicsAsset Security ConceptsIdentify and Classify Information and AssetsInformation and Asset Handling RequirementsProvision Resources SecurelyData Life CycleAsset RetentionData Security ControlsExam Preparation TasksReview All Key TopicsDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Chapter 3. Security Architecture and Engineering
Foundation TopicsInformation Systems Life CycleEngineering Processes Using Secure Design PrinciplesSecurity Model ConceptsSystem Security Evaluation ModelsCertification and AccreditationControl Selection Based on Systems Security RequirementsSecurity Capabilities of Information SystemsSecurity Architecture MaintenanceVulnerabilities of Security Architectures, Designs, and Solution ElementsVulnerabilities in Web-Based SystemsVulnerabilities in Mobile SystemsVulnerabilities in Embedded SystemsCryptographic SolutionsCryptographic TypesSymmetric AlgorithmsAsymmetric AlgorithmsPublic Key Infrastructure and Digital CertificatesKey Management PracticesMessage IntegrityDigital Signatures and Non-repudiationApplied CryptographyCryptanalytic AttacksDigital Rights ManagementSite and Facility DesignSite and Facility Security ControlsExam Preparation TasksReview All Key TopicsComplete the Tables and Lists from MemoryDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Chapter 4. Communication and Network Security
Foundation TopicsSecure Network Design PrinciplesIP NetworkingProtocols and ServicesConverged ProtocolsWireless NetworksCommunications CryptographySecure Network ComponentsSecure Communication ChannelsNetwork AttacksExam Preparation TasksReview All Key TopicsDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Chapter 5. Identity and Access Management (IAM)
Foundation TopicsAccess Control ProcessPhysical and Logical Access to AssetsIdentification and Authentication ConceptsIdentification and Authentication ImplementationIdentity as a Service (IDaaS) ImplementationThird-Party Identity Services IntegrationAuthorization MechanismsProvisioning Life CycleAccess Control ThreatsPrevent or Mitigate Access Control ThreatsExam Preparation TasksReview All Key TopicsDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Chapter 6. Security Assessment and Testing
Foundation TopicsDesign and Validate Assessment and Testing StrategiesConduct Security Control TestingCollect Security Process DataAnalyze Test Outputs and Generate a ReportConduct or Facilitate Security AuditsExam Preparation TasksReview All Key TopicsDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Chapter 7. Security Operations
Foundation TopicsInvestigationsLogging and Monitoring ActivitiesConfiguration and Change ManagementSecurity Operations ConceptsResource ProtectionIncident ManagementDetective and Preventive MeasuresPatch and Vulnerability ManagementRecovery StrategiesDisaster RecoveryTesting Disaster Recovery PlansBusiness Continuity Planning and ExercisesPhysical SecurityPersonnel Safety and SecurityExam Preparation TasksReview All Key TopicsDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Chapter 8. Software Development Security
Foundation TopicsSoftware Development ConceptsSecurity in the System and Software Development Life CycleSecurity Controls in DevelopmentAssess Software Security EffectivenessSecurity Impact of Acquired SoftwareSecure Coding Guidelines and StandardsExam Preparation TasksReview All Key TopicsDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Chapter 9. Final Preparation
Tools for Final PreparationSuggested Plan for Final Review/StudySummary
Index
Appendix A. Memory Tables
Appendix B. Memory Tables Answer Key
Glossary
Code Snippets

Content preview from CISSP Cert Guide, 5th Edition

Chapter 6 Security Assessment and Testing

This chapter covers the following topics:

Design and Validate Assessment and Testing Strategies: Concepts discussed include the use of assessment, test, and audit strategies, including internal, external, and third-party strategies, and the effect location has on the testing.
Conduct Security Control Testing: Concepts discussed include the security control testing process, including vulnerability assessments, penetration testing, log reviews, synthetic transactions, code review and testing, misuse case testing, test coverage analysis, and interface testing.
Collect Security Process Data: Concepts discussed include NIST SP 800-137, account management, management review and approval, key performance and ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

CompTIA Network+ N10-009 Cert Guide, 2nd Edition

Publisher Resources

ISBN: 9780135343869

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

CISSP Cert Guide, 5th Edition

by Robin Abernathy, Darren R. Hayes

Chapter 6

Security Assessment and Testing

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.