O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CISSP Training Guide

Book Description

The CISSP (Certified Information Systems Security Professionals) exam is a six-hour, monitored paper-based exam covering 10 domains of information system security knowledge, each representing a specific area of expertise. The CISSP examination consists of 250 multiple choice questions, covering topics such as Access Control Systems, Cryptography, and Security Management Practices, and is administered by the International Information Systems Security Certification Consortium or (ISC)2. (ISC)2 promotes the CISSP exam as an aid to evaluating personnel performing information security functions. Candidates for this exam are typically network security professionals and system administrators with at least 3 years of direct work experience in one or more of the 10 test domains. This book maps to the exam objectives and offers numerous features such as exam tips, case studies, and practice exams. In addition, the CD includes PrepLogic Practice Tests, Preview Edition, making it the ultimate guide for those studying for the CISSP exam.

Table of Contents

  1. Copyright
  2. CramSession Approved Study Material
  3. Preface
  4. About the Authors
  5. About the Technical Reviewers
  6. Acknowledgments
  7. We Want to Hear from You!
  8. How to Use This Book
  9. Introduction
  10. Exam Preparation
    1. Access Control Systems and Methodology
      1. Introduction
      2. Accountability
      3. Access Control Techniques
      4. Access Control Administration
      5. Access Control Models
      6. Identification and Authentication Techniques
      7. Access Control Methodologies
      8. Methods of Attacks
      9. Monitoring
      10. Penetration Testing
      11. Case Study: The Smart Card Case
      12. Chapter Summary
      13. Apply Your Knowledge
    2. Telecommunications and Network Security
      1. Introduction
      2. The Open Systems Interconnection Model
      3. Network Characteristics and Topologies
      4. Network Topologies
      5. LAN Devices
      6. WAN Technologies
      7. Providing Remote Access Capabilities
      8. Networking Protocols
      9. Protecting the Integrity, Availability, and Confidentiality of Network Data
      10. Fault Tolerance and Data Restoration
      11. Case Study: CodeRed
      12. Chapter Summary
      13. Apply Your Knowledge
    3. Security Management and Practices
      1. Introduction
      2. Defining Security Principles
      3. Security Management Planning
      4. Risk Management and Analysis
      5. Policies, Standards, Guidelines, and Procedures
      6. Examining Roles and Responsibility
      7. Management Responsibility
      8. Understanding Protection Mechanisms
      9. Classifying Data
      10. Employment Policies and Practices
      11. Managing Change Control
      12. Security Awareness Training
      13. Chapter Summary
      14. Apply Your Knowledge
    4. Applications and Systems Development Security
      1. Introduction
      2. Software Applications and Issues
      3. Attacking Software
      4. Understanding Malicious Code
      5. Implementing System Development Controls
      6. Using Coding Practices That Reduce System Vulnerability
      7. Case Study: Trustworthy Computing
      8. Chapter Summary
      9. Apply Your Knowledge
    5. Cryptography
      1. Introduction
      2. Uses of Cryptography
      3. Cryptographic Concepts, Methodologies, and Practices
      4. PKI and Key Management
      5. Methods of Attack
      6. Case Study: Encryption Can Be a Double-Edged Sword
      7. Chapter Summary
      8. Apply Your Knowledge
    6. Security Architecture and Models
      1. Introduction
      2. Requirements for Security Architecture and Models
      3. Security Models
      4. Security System Architecture
      5. Information System Security Standards
      6. Common Criteria
      7. IPSec
      8. Case Study: C2 and Windows NT
      9. Chapter Summary
      10. Apply Your Knowledge
    7. Operations Security
      1. Introduction
      2. Examining the Key Roles of Operations Security
      3. The Roles of Auditing and Monitoring
      4. Developing Countermeasures to Threats
      5. The Role of Administrative Management
      6. Concepts and Best Practices
      7. Case Study: The Russian Hack Attack
      8. Chapter Summary
      9. Apply Your Knowledge
    8. Business Continuity Planning and Disaster Recovery Planning
      1. Introduction
      2. What Are the Disasters That Interrupt Business Operation?
      3. Quantifying the Difference Between DRP and BCP
      4. Examining the Business Continuity Planning Process
      5. Defining Disaster Recovery Planning
      6. Developing a Backup Strategy
      7. Case Study: Does Business Continuity Work?
      8. Chapter Summary
      9. Apply Your Knowledge
    9. Law, Investigation, and Ethics
      1. Introduction
      2. Fundamentals of Law
      3. Criminal Law and Computer Crime
      4. Computer Security Incidents
      5. Legal Evidence
      6. Computer Forensics
      7. Computer Ethics
      8. Case Study: Cross-Examining the Forensics Expert
      9. Case Study: Proving Copyright Infringement
      10. Chapter Summary
      11. Apply Your Knowledge
    10. Physical Security
      1. Introduction
      2. Classifying Assets to Simplify Physical Security Discussions
      3. Vulnerabilities
      4. Selecting, Designing, Constructing, and Maintaining a Secure Site
      5. Tape and Media Library Retention Policies
      6. Document (Hard-Copy) Libraries
      7. Waste Disposal
      8. Physical Intrusion Detection
      9. Case Study: Blowing Up Security—The Case of the Balloon
      10. Chapter Summary
      11. Apply Your Knowledge
  11. Final Review
    1. Fast Facts
      1. Domain 1, “Access Control”
      2. Domain 2, “Network Security and Telecommunications”
      3. Domain 3, “Security Management and Practices”
      4. Domain 4, “Applications and Systems Development Security”
      5. Domain 5, “Cryptography”
      6. Domain 6, “Security Architecture and Models”
      7. Domain 7, “Operations Security”
      8. Domain 8, “Business Continuity Planning and Disaster Recovery Planning”
      9. Domain 9, “Law, Investigation, and Ethics”
      10. Domain 10, “Physical Security”
    2. Study and Exam Prep Tips
      1. Learning As a Process
      2. Study Tips
      3. Exam Prep Tips
    3. Practice Exam
      1. Exam Questions
  12. Appendixes
    1. Glossary
    2. Overview of the Certification Process
      1. Description of the Path to Certification
      2. About the Certification Program
    3. What's on the CD-ROM
      1. PrepLogic Practice Tests, Preview Edition
      2. Exclusive Electronic Version of Text
    4. Using the PrepLogic Practice Tests, Preview Edition Software
      1. Exam Simulation
      2. Software Requirements
      3. Using PrepLogic Practice Tests, Preview Edition
      4. Contacting PrepLogic
      5. License Agreement
  13. Index