O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CISSP For Dummies, 5th Edition

Book Description

The fast and easy way to secure your CISSP certification

Are you a security professional seeking the valuable CISSP certification? Good for you! CISSP For Dummies is the ideal starting point on your journey, providing you with a friendly and accessible framework for studying for this highly sought-after certification. Fully updated to reflect the latest iterations of all eight domains covered by the test, it offers helpful study tips, guidance on making a 60-day study plan, 'instant answers' to help you recall key information, practice tests, and much more.

Packed with key information needed to pass the exam—and hints on how to remember it all on test day—this new edition of CISSP For Dummies takes the intimidation out of preparing for getting your certification. Every chapter includes a 'Quick Assessment' test at the beginning and a 'Test Prep' section at the end to help you gauge your progress, while access to randomly generated test questions online gives you the freedom to practice and test your knowledge whenever it's convenient for you.

  • Review the eight domains of security found in the CISSP Common Body of Knowledge
  • Explore security websites and supplementary books
  • Get a feel for the real thing with 250 practice exam questions
  • Learn about exam requirements and find out how to register

If you're a CISSP hopeful or an existing certification-holder looking to renew your certification, CISSP For Dummies is the down-to-earth roadmap to get you there.

Table of Contents

    1. Cover
    2. Foreword
    3. Introduction
      1. About This Book
      2. How This Book Is Organized
      3. Icons Used in This Book
      4. Beyond the Book
      5. Getting Started
    4. Part I: Getting Started With CISSP Certification
      1. Chapter 1: (ISC)2 and the CISSP Certification
        1. About (ISC)2 and the CISSP Certification
        2. You Must Be This Tall to Ride This Ride (and Other Requirements)
        3. Preparing for the Exam
        4. Registering for the Exam
        5. About the CISSP Examination
        6. After the Examination
      2. Chapter 2: Putting Your Certification to Good Use
        1. Being an Active (ISC)2 Member
        2. Considering (ISC)2 Volunteer Opportunities
        3. Becoming an Active Member of Your Local Security Chapter
        4. Spreading the Good Word about CISSP Certification
        5. Using Your CISSP Certification to Be an Agent of Change
        6. Earning Other Certifications
        7. Pursue Security Excellence
    5. Part II: Certification Domains
      1. Chapter 3: Security and Risk Management
        1. Understand and Apply Concepts of Confidentiality, Integrity, and Availability
        2. Apply Security Governance Principles
        3. Compliance
        4. Understand Legal and Regulatory Issues that Pertain to Information Security in a Global Context
        5. Understand Professional Ethics
        6. Develop and Implement Documented Security Policies, Standards, Procedures, and Guidelines
        7. Understand Business Continuity Requirements
        8. Contribute to Personnel Security Policies
        9. Understand and Apply Risk Management Concepts
        10. Understand and Apply Threat Modeling
        11. Integrate Security Risk Considerations into Acquisition Strategy and Practice
        12. Establish and Manage Information Security Education, Training, and Awareness
      2. Chapter 4: Asset Security
        1. Classify Information and Supporting Assets
        2. Determine and Maintain Ownership
        3. Protect Privacy
        4. Ensure Appropriate Retention
        5. Determine Data Security Controls
        6. Establish Handling Requirements
      3. Chapter 5: Security Engineering
        1. Implement and Manage Engineering Processes Using Secure Design Principles
        2. Understand the Fundamental Concepts of Security Models
        3. Select Controls and Countermeasures based upon Systems Security Evaluation Models
        4. Understand Security Capabilities of Information Systems
        5. Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
        6. Assess and Mitigate Vulnerabilities in Web-Based Systems
        7. Assess and Mitigate Vulnerabilities in Mobile Systems
        8. Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
        9. Apply Cryptography
        10. Apply Secure Principles to Site and Facility Design
        11. Design and Implement Physical Security
      4. Chapter 6: Communication and Network Security
        1. Apply Secure Design Principles to Network Architecture
        2. Secure Network Components
        3. Design and Establish Secure Communication Channels
        4. Prevent or Mitigate Network Attacks
      5. Chapter 7: Identity and Access Management
        1. Control Physical and Logical Access to Assets
        2. Manage Identification and Authentication of People and Devices
        3. Integrate Identity-as-a-Service
        4. Integrate Third-Party Identity Services
        5. Implement and Manage Authorization Mechanisms
        6. Prevent or Mitigate Access Control Attacks
        7. Manage the Identity and Access Provisioning Lifecycle
      6. Chapter 8: Security Assessment and Testing
        1. Design and Validate Assessment and Test Strategies
        2. Conduct Security Control Testing
        3. Collect Security Process Data
        4. Analyze and Report Test Outputs
        5. Conduct or Facilitate Internal and Third Party Audits
      7. Chapter 9: Security Operations
        1. Understand and Support Investigations
        2. Understand Requirements for Investigation Types
        3. Conduct Logging and Monitoring Activities
        4. Secure the Provisioning of Resources
        5. Understand and Apply Foundational Security Operations Concepts
        6. Employ Resource Protection Techniques
        7. Conduct Incident Management
        8. Operate and Maintain Preventative Measures
        9. Implement and Support Patch and Vulnerability Management
        10. Participate in and Understand Change Management Processes
        11. Implement Recovery Strategies
        12. Implement Disaster Recovery Processes
        13. Test Disaster Recovery Plans
        14. Participate in Business Continuity Planning and Exercises
        15. Implement and Manage Physical Security
        16. Participate in Addressing Personnel Safety Concerns
      8. Chapter 10: Software Development Security
        1. Understand and Apply Security in the Software Development Lifecycle
        2. Enforce Security Controls in Development Environments
        3. Assess the Effectiveness of Software Security
        4. Assess Security Impact of Acquired Software
    6. Part III: The Part of Tens
      1. Chapter 11: Ten (Okay, Nine) Test-Planning Tips
        1. Know Your Learning Style
        2. Get a Networking Certification First
        3. Register NOW!
        4. Make a 60-Day Study Plan
        5. Get Organized and READ!
        6. Join a Study Group
        7. Take Practice Exams
        8. Take a CISSP Review Seminar
        9. Take a Breather
      2. Chapter 12: Ten Test-Day Tips
        1. Get a Good Night’s Rest
        2. Dress Comfortably
        3. Eat a Good Breakfast
        4. Arrive Early
        5. Bring a Photo ID
        6. Bring Snacks and Drinks
        7. Bring Prescription and Over-the-Counter Medications
        8. Leave Your Electronic Devices Behind
        9. Take Frequent Breaks
        10. Guess — as a Last Resort
    7. Glossary
    8. About the Authors
    9. Cheat Sheet
    10. Advertisement Page
    11. Connect with Dummies
    12. End User License Agreement