Book description
Assess your readiness for the CISSP Exam—and quickly identify where you need to focus and practice. This practical, streamlined guide provides objective overviews, exam tips, "need-to-know" checklists, review questions, and a list of valuable resources—all designed to help evaluate and reinforce your preparation.
Bolster your exam prep with a Rapid Review of these objectives:
Information Security Governance and Risk Management
Access Control
Cryptography
Physical (Environmental) Security
Security Architecture and Design
Legal, Regulations, Investigations and Compliance
Telecommunications and Network Security
Business Continuity and Disaster Recovery Planning
Software Development Security
Security Operations
This book is an ideal complement to the in-depth training of the Microsoft Press 2-in-1 Training Kit for the CISSP Exam and other exam-prep resources.
Table of contents
- Introduction
-
1. Access Control
-
Objective 1.1: Control access by applying the following concepts/methodologies/techniques
- Exam need to know…
- Policies
- Types of controls (preventive, detective, corrective, and so on)
- Techniques (non-discretionary, discretionary, and mandatory)
- Identification and authentication
- Decentralized/distributed access control techniques
- Authorization mechanisms
- Logging and monitoring
- Can you answer these questions?
- Objective 1.2: Understand access control attacks
- Objective 1.3: Assess effectiveness of access controls
- Objective 1.4: Identity and access provisioning lifecycle (e.g., provisioning, review, revocation)
- Answers
-
Objective 1.1: Control access by applying the following concepts/methodologies/techniques
-
2. Telecommunications and Network Security
- Objective 2.1: Understand secure network architecture and design (e.g., IP & non-IP protocols, segmentation)
- Objective 2.2: Securing network components
- Objective 2.3: Establish secure communication channels (e.g., VPN, TLS/SSL, VLAN)
- Objective 2.4: Understand network attacks (e.g., DDoS, spoofing)
- Answers
-
3. Information Security Governance & Risk Management
- Objective 3.1: Understand and align security function to goals, mission, and objectives of the organization
- Objective 3.2: Understand and apply security governance
- Objective 3.3: Understand and apply concepts of confidentiality, integrity, and availability
- Objective 3.4: Develop and implement security policy
- Objective 3.5: Manage the information lifecycle (e.g., classification, categorization, and ownership)
- Objective 3.6: Manage third-party governance (e.g., on-site assessment, document exchange and review, process/policy review)
- Objective 3.7: Understand and apply risk management concepts
- Objective 3.8: Manage personnel security
- Objective 3.9: Develop and manage security education, training, and awareness
- Objective 3.10: Manage the security function
-
Answers
- Objective 3.1: Understand and align security function to goals, mission, and objectives of the organization
- Objective 3.2: Understand and apply security governance
- Objective 3.3: Understand and apply concepts of confidentiality, integrity, and availability
- Objective 3.4: Develop and implement security policy
- Objective 3.5: Manage the information lifecycle (e.g., classification, categorization, and ownership)
- Objective 3.6: Manage third-party governance (e.g., on-site assessment, document exchange and review, process/policy review)
- Objective 3.7: Understand and apply risk management concepts
- Objective 3.8: Manage personnel security
- Objective 3.9: Develop and manage security education, training, and awareness
- Objective 3.10: Manage the Security Function
- 4. Software Development Security
-
5. Cryptography
- Objective 5.1: Understand the application and use of cryptography
- Objective 5.2: Understand the cryptographic lifecycle (e.g., cryptographic limitations, algorithm/protocol governance)
- Objective 5.3: Understand encryption concepts
- Objective 5.4: Understand key management processes
- Objective 5.5: Understand digital signatures
- Objective 5.6: Understand non-repudiation
- Objective 5.7: Understand methods of cryptanalytic attacks
- Objective 5.8: Use cryptography to maintain network security
- Objective 5.9: Use cryptography to maintain application security
- Objective 5.10: Understand Public Key Infrastructure (PKI)
- Objective 5.11: Understand certificate related issues
- Objective 5.12: Understand information hiding alternatives (e.g., steganography, watermarking)
-
Answers
- Objective 5.1: Understand the application and use of cryptography.
- Objective 5.2: Understand the cryptographic lifecycle (e.g., cryptographic limitations, algorithm/protocol governance)
- Objective 5.3: Understand encryption concepts
- Objective 5.4: Understand key management processes
- Objective 5.5: Understand digital signatures
- Objective 5.6: Understand non-repudiation
- Objective 5.7: Understand methods of cryptanalytic attacks
- Objective 5.8: Use cryptography to maintain network security
- Objective 5.9: Use cryptography to maintain application security
- Objective 5.10: Understand Public Key Infrastructure (PKI)
- Objective 5.11: Understand certificate related issues
- Objective 5.12: Understand information hiding alternatives (e.g., steganography, watermarking)
-
6. Security Architecture & Design
- Objective 6.1: Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)
- Objective 6.2: Understand the components of information systems security evaluation models
- Objective 6.3: Understand security capabilities of information systems (e.g., memory protection, virtualization, Trusted Platform Module)
- Objective 6.4: Understand the vulnerabilities of security architectures
-
Objective 6.5: Understand software and system vulnerabilities and threats
- Exam need to know…
- Web-based (e.g., XML, SAML, OWASP)
- Client-based (e.g., applets)
- Server-based (e.g., data flow control)
- Database security (e.g., inference, aggregation, data mining, warehousing)
- Distributed systems (e.g., cloud computing, grid computing, peer to peer)
- Can you answer these questions?
- Objective 6.6: Understand countermeasure principles (e.g., defense in depth)
-
Answers
- Objective 6.1: Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)
- Objective 6.2: Understand the components of information systems security evaluation models
- Objective 6.3: Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module)
- Objective 6.4: Understand the vulnerabilities of security architectures
- Objective 6.5: Understand software and system vulnerabilities and threats
- Objective 6.6: Understand countermeasure principles (e.g., defense in depth)
-
7. Operations Security
- Objective 7.1: Understand security operations concepts
- Objective 7.2: Employ resource protection
- Objective 7.3: Manage incident response
- Objective 7.4: Implement preventative measures against attacks (e.g., malicious code, zero-day exploit, denial of service)
- Objective 7.5: Implement and support patch and vulnerability management
- Objective 7.6: Understand change and configuration management (e.g., versioning, base lining)
- Objective 7.7: Understand system resilience and fault tolerance requirements
-
Answers
- Objective 7.1: Understand security operations concepts
- Objective 7.2: Employ resource protection
- Objective 7.3: Manage incident response
- Objective 7.4: Implement preventative measures against attacks (e.g., malicious code, zero-day exploit, denial of service)
- Objective 7.5: Implement and support patch and vulnerability management
- Objective 7.6: Understand change and configuration management (e.g., versioning, base lining)
- Objective 7.7: Understand system resilience and fault tolerance requirements
-
8. Business Continuity & Disaster Recovery Planning
- Objective 8.1: Understand business continuity requirements
- Objective 8.2: Conduct business impact analysis
- Objective 8.3: Develop a recovery strategy
- Objective 8.4: Understand disaster recovery process
- Objective 8.5: Exercise, assess, and maintain the plan (e.g., version control, distribution)
- Answers
-
9. Legal, Regulations, Investigations, and Compliance
- Objective 9.1: Understand legal issues that pertain to information security internationally
- Objective 9.2: Understand professional ethics
- Objective 9.3: Understand and support investigations
- Objective 9.4: Understand forensic procedures
- Objective 9.5: Understand compliance requirements and procedures
- Objective 9.6: Ensure security in contractual agreements and procurement processes (e.g., cloud computing, outsourcing, vendor governance)
-
Answers
- Objective 9.1: Understand legal issues that pertain to information security internationally
- Objective 9.2: Understand professional ethics
- Objective 9.3: Understand and support investigations
- Objective 9.4: Understand forensic procedures
- Objective 9.5: Understand compliance requirements and procedures
- Objective 9.6: Ensure security in contractual agreements and procurement processes (e.g., cloud computing, outsourcing, vendor governance)
-
10. Physical (Environmental) Security
- Objective 10.1: Understand site and facility design considerations
- Objective 10.2: Support the implementation and operation of perimeter security (e.g., physical access control and monitoring, audit trails/access logs)
- Objective 10.3: Support the implementation and operation of internal security (e.g., escort requirements/visitor control, keys and locks)
- Objective 10.4: Support the implementation and operation of facilities security (e.g., technology convergence)
- Objective 10.5: Support the protection and securing of equipment
- Objective 10.6: Understand personnel privacy and safety (e.g., duress, travel, monitoring)
-
Answers
- Objective 10.1: Understand site and facility design considerations
- Objective 10.2: Support the implementation and operation of perimeter security (e.g., physical access control and monitoring, audit trails/access logs)
- Objective 10.3: Support the implementation and operation of internal security (e.g., escort requirements/visitor control, keys and locks)
- Objective 10.4: Support the implementation and operation of facilities security (e.g., technology convergence)
- Objective 10.5: Support the protection and securing of equipment
- Objective 10.6: Understand personnel privacy and safety (e.g., duress, travel, monitoring)
- Index
- About the Author
- Copyright
Product information
- Title: CISSP Rapid Review
- Author(s):
- Release date: December 2012
- Publisher(s): Microsoft Press
- ISBN: 9780735668386
You might also like
book
Cybersecurity Blue Team Toolkit
A practical handbook to cybersecurity for both tech and non-tech professionals As reports of major data …
book
Enterprise Cloud Security and Governance
Build a resilient cloud architecture to tackle data disasters with ease About This Book Get a …
book
Information Security Handbook
Implement information security effectively as per your organization's needs. About This Book Learn to build your …
book
Threat Modeling: Designing for Security
Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of …
