book

CISSP Cert Guide, 5th Edition

by Robin Abernathy, Darren R. Hayes

September 2024

Intermediate to advanced

1046 pages

27h 23m

English

Pearson IT Certification

Read now

Unlock full access

The Goals of the CISSP CertificationThe Value of the CISSP CertificationThe Common Body of KnowledgeSteps to Becoming a CISSPFacts About the CISSP ExamAbout the CISSP Cert Guide, Fifth EditionHow to Access the Companion WebsitePearson Test Prep Practice Test Software
Foundation TopicsSecurity TermsSecurity Governance PrinciplesComplianceLegal and Regulatory IssuesInvestigation TypesProfessional EthicsSecurity DocumentationBusiness ContinuityPersonnel Security Policies and ProceduresRisk Management ConceptsGeographical ThreatsThreat ModelingSecurity Risks in the Supply ChainSecurity Education, Training, and AwarenessExam Preparation TasksReview All Key TopicsComplete the Tables and Lists from MemoryDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Foundation TopicsAsset Security ConceptsIdentify and Classify Information and AssetsInformation and Asset Handling RequirementsProvision Resources SecurelyData Life CycleAsset RetentionData Security ControlsExam Preparation TasksReview All Key TopicsDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Foundation TopicsInformation Systems Life CycleEngineering Processes Using Secure Design PrinciplesSecurity Model ConceptsSystem Security Evaluation ModelsCertification and AccreditationControl Selection Based on Systems Security RequirementsSecurity Capabilities of Information SystemsSecurity Architecture MaintenanceVulnerabilities of Security Architectures, Designs, and Solution ElementsVulnerabilities in Web-Based SystemsVulnerabilities in Mobile SystemsVulnerabilities in Embedded SystemsCryptographic SolutionsCryptographic TypesSymmetric AlgorithmsAsymmetric AlgorithmsPublic Key Infrastructure and Digital CertificatesKey Management PracticesMessage IntegrityDigital Signatures and Non-repudiationApplied CryptographyCryptanalytic AttacksDigital Rights ManagementSite and Facility DesignSite and Facility Security ControlsExam Preparation TasksReview All Key TopicsComplete the Tables and Lists from MemoryDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Foundation TopicsSecure Network Design PrinciplesIP NetworkingProtocols and ServicesConverged ProtocolsWireless NetworksCommunications CryptographySecure Network ComponentsSecure Communication ChannelsNetwork AttacksExam Preparation TasksReview All Key TopicsDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Foundation TopicsAccess Control ProcessPhysical and Logical Access to AssetsIdentification and Authentication ConceptsIdentification and Authentication ImplementationIdentity as a Service (IDaaS) ImplementationThird-Party Identity Services IntegrationAuthorization MechanismsProvisioning Life CycleAccess Control ThreatsPrevent or Mitigate Access Control ThreatsExam Preparation TasksReview All Key TopicsDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Foundation TopicsDesign and Validate Assessment and Testing StrategiesConduct Security Control TestingCollect Security Process DataAnalyze Test Outputs and Generate a ReportConduct or Facilitate Security AuditsExam Preparation TasksReview All Key TopicsDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Foundation TopicsInvestigationsLogging and Monitoring ActivitiesConfiguration and Change ManagementSecurity Operations ConceptsResource ProtectionIncident ManagementDetective and Preventive MeasuresPatch and Vulnerability ManagementRecovery StrategiesDisaster RecoveryTesting Disaster Recovery PlansBusiness Continuity Planning and ExercisesPhysical SecurityPersonnel Safety and SecurityExam Preparation TasksReview All Key TopicsDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Foundation TopicsSoftware Development ConceptsSecurity in the System and Software Development Life CycleSecurity Controls in DevelopmentAssess Software Security EffectivenessSecurity Impact of Acquired SoftwareSecure Coding Guidelines and StandardsExam Preparation TasksReview All Key TopicsDefine Key TermsAnswer Review QuestionsAnswers and Explanations
Tools for Final PreparationSuggested Plan for Final Review/StudySummary

Content preview from CISSP Cert Guide, 5th Edition

Chapter 7 Security Operations

This chapter covers the following topics:

Investigations: Concepts discussed include forensic and digital investigations and procedures; reporting and documentation; investigative techniques; evidence collection and handling; digital forensics tools, tactics, and procedures; and artifacts.
Logging and Monitoring Activities: Concepts discussed include audit and review, intrusion detection and prevention, security information and event management, Security Orchestration and Automated Response, continuous monitoring and tuning, egress monitoring, log management, threat intelligence, and user and entity behavior analytics (UEBA).
Configuration and Change Management: Concepts discussed include configuration management ...