O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CISSP For Dummies, 6th Edition

Book Description

Secure your CISSP certification!

If you’re a security professional seeking your CISSP certification, this book is a perfect way to prepare for the exam. Covering in detail all eight domains, the expert advice inside gives you the key information you'll need to pass the exam. Plus, you'll get tips on setting up a 60-day study plan, tips for exam day, and access to an online test bank of questions. 

CISSP For Dummies is fully updated and reorganized to reflect upcoming changes (ISC)2 has made to the Common Body of Knowledge. Complete with access to an online test bank this book is the secret weapon you need to pass the exam and gain certification.

  • Get key information for all eight exam domains
  • Find test-taking and exam-day tips and tricks
  • Benefit from access to free online practice questions and flash cards
  • Prepare for the CISSP certification in 2018 and beyond

You’ve put in the time as a security professional—and now you can reach your long-term goal of CISSP certification.

Table of Contents

  1. Cover
  2. Introduction
    1. About This Book
    2. Foolish Assumptions
    3. Icons Used in This Book
    4. Beyond the Book
    5. Where to Go from Here
  3. Part 1: Getting Started with CISSP Certification
    1. Chapter 1: (ISC)2 and the CISSP Certification
      1. About (ISC)2 and the CISSP Certification
      2. You Must Be This Tall to Ride This Ride (and Other Requirements)
      3. Preparing for the Exam
      4. Registering for the Exam
      5. About the CISSP Examination
      6. After the Examination
    2. Chapter 2: Putting Your Certification to Good Use
      1. Networking with Other Security Professionals
      2. Being an Active (ISC)2 Member
      3. Considering (ISC)2 Volunteer Opportunities
      4. Becoming an Active Member of Your Local Security Chapter
      5. Spreading the Good Word about CISSP Certification
      6. Using Your CISSP Certification to Be an Agent of Change
      7. Earning Other Certifications
      8. Pursue Security Excellence
  4. Part 2: Certification Domains
    1. Chapter 3: Security and Risk Management
      1. Apply Security Governance Principles
      2. Understand and Apply Concepts of Confidentiality, Integrity, and Availability
      3. Compliance
      4. Understand Legal and Regulatory Issues that Pertain to Information Security in a Global Context
      5. Understand Professional Ethics
      6. Develop and Implement Documented Security Policies, Standards, Procedures, and Guidelines
      7. Understand Business Continuity Requirements
      8. Contribute to Personnel Security Policies
      9. Understand and Apply Risk Management Concepts
      10. Understand and Apply Threat Modeling
      11. Integrate Security Risk Considerations into Supply Chain Management, Mergers, and Acquisitions
      12. Establish and Manage Information Security Education, Training, and Awareness
    2. Chapter 4: Asset Security
      1. Classify Information and Supporting Assets
      2. Determine and Maintain Ownership
      3. Protect Privacy
      4. Ensure Appropriate Retention
      5. Determine Data Security Controls
      6. Establish Handling Requirements
    3. Chapter 5: Security Architecture and Engineering
      1. Implement and Manage Engineering Processes Using Secure Design Principles
      2. Understand the Fundamental Concepts of Security Models
      3. Select Controls Based upon Systems Security Requirements
      4. Understand Security Capabilities of Information Systems
      5. Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
      6. Assess and Mitigate Vulnerabilities in Web-Based Systems
      7. Assess and Mitigate Vulnerabilities in Mobile Systems
      8. Assess and Mitigate Vulnerabilities in Embedded Devices
      9. Apply Cryptography
      10. Apply Security Principles to Site and Facility Design
      11. Implement Site and Facility Security Controls
    4. Chapter 6: Communication and Network Security
      1. Implement Secure Design Principles in Network Architectures
      2. Secure Network Components
      3. Design and Establish Secure Communication Channels
      4. Prevent or Mitigate Network Attacks
    5. Chapter 7: Identity and Access Management
      1. Control Physical and Logical Access to Assets
      2. Manage Identification and Authentication of People, Devices, and Services
      3. Integrate Identity-as-a-Service
      4. Integrate Third-Party Identity Services
      5. Implement and Manage Authorization Mechanisms
      6. Prevent or Mitigate Access Control Attacks
      7. Manage the Identity and Access Provisioning Lifecycle
    6. Chapter 8: Security Assessment and Testing
      1. Design and Validate Assessment and Test Strategies
      2. Conduct Security Control Testing
      3. Collect Security Process Data
      4. Analyze Test Output and Generate Reports
      5. Conduct or Facilitate Security Audits
    7. Chapter 9: Security Operations
      1. Understand and Support Investigations
      2. Understand Requirements for Investigation Types
      3. Conduct Logging and Monitoring Activities
      4. Securely Provisioning Resources
      5. Understand and Apply Foundational Security Operations Concepts
      6. Apply Resource Protection Techniques
      7. Conduct Incident Management
      8. Operate and Maintain Detective and Preventive Measures
      9. Implement and Support Patch and Vulnerability Management
      10. Understand and Participate in Change Management Processes
      11. Implement Recovery Strategies
      12. Implement Disaster Recovery (DR) Processes
      13. Test Disaster Recovery Plans
      14. Participate in Business Continuity (BC) Planning and Exercises
      15. Implement and Manage Physical Security
      16. Address Personnel Safety and Security Concerns
    8. Chapter 10: Software Development Security
      1. Understand and Integrate Security in the Software Development Lifecycle
      2. Identify and Apply Security Controls in Development Environments
      3. Assess the Effectiveness of Software Security
      4. Assess Security Impact of Acquired Software
      5. Define and Apply Secure Coding Guidelines and Standards
  5. Part 3: The Part of Tens
    1. Chapter 11: Ten Test-Planning Tips
      1. Know Your Learning Style
      2. Get a Networking Certification First
      3. Register Now!
      4. Make a 60-Day Study Plan
      5. Get Organized and Read!
      6. Join a Study Group
      7. Take Practice Exams
      8. Take a CISSP Training Seminar
      9. Adopt an Exam-Taking Strategy
      10. Take a Breather
    2. Chapter 12: Ten Test-Day Tips
      1. Get a Good Night’s Rest
      2. Dress Comfortably
      3. Eat a Good Meal
      4. Arrive Early
      5. Bring a Photo ID
      6. Bring Snacks and Drinks
      7. Bring Prescription and Over-the-Counter Medications
      8. Leave Your Mobile Devices Behind
      9. Take Frequent Breaks
      10. Guess — as a Last Resort
  6. Glossary
  7. About the Authors
  8. Advertisement Page
  9. Connect with Dummies
  10. Index
  11. End User License Agreement