O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 8th Edition

Book Description

CISSP Study Guide -  fully updated for the 2018 CISSP Body of Knowledge

CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:

  • Four unique 250 question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.
  • More than 650 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
  • A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam

Coverage of all of the exam topics in the book means you'll be ready for:

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communication and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

Table of Contents

  1. Introduction
    1. Overview of the CISSP Exam
    2. Notes on This Book’s Organization
  2. Assessment Test
  3. Answers to Assessment Test
  4. Chapter 1 Security Governance Through Principles and Policies
    1. Understand and Apply Concepts of Confidentiality, Integrity, and Availability
    2. Evaluate and Apply Security Governance Principles
    3. Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
    4. Understand and Apply Threat Modeling Concepts and Methodologies
    5. Apply Risk-Based Management Concepts to the Supply Chain
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  5. Chapter 2 Personnel Security and Risk Management Concepts
    1. Personnel Security Policies and Procedures
    2. Security Governance
    3. Understand and Apply Risk Management Concepts
    4. Establish and Maintain a Security Awareness, Education, and Training Program
    5. Manage the Security Function
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  6. Chapter 3 Business Continuity Planning
    1. Planning for Business Continuity
    2. Project Scope and Planning
    3. Business Impact Assessment
    4. Continuity Planning
    5. Plan Approval and Implementation
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  7. Chapter 4 Laws, Regulations, and Compliance
    1. Categories of Laws
    2. Laws
    3. Compliance
    4. Contracting and Procurement
    5. Summary
    6. Exam Essentials
    7. Written Lab
    8. Review Questions
  8. Chapter 5 Protecting Security of Assets
    1. Identify and Classify Assets
    2. Determining Ownership
    3. Using Security Baselines
    4. Summary
    5. Exam Essentials
    6. Written Lab
    7. Review Questions
  9. Chapter 6 Cryptography and Symmetric Key Algorithms
    1. Historical Milestones in Cryptography
    2. Cryptographic Basics
    3. Modern Cryptography
    4. Symmetric Cryptography
    5. Cryptographic Lifecycle
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  10. Chapter 7 PKI and Cryptographic Applications
    1. Asymmetric Cryptography
    2. Hash Functions
    3. Digital Signatures
    4. Public Key Infrastructure
    5. Asymmetric Key Management
    6. Applied Cryptography
    7. Cryptographic Attacks
    8. Summary
    9. Exam Essentials
    10. Written Lab
    11. Review Questions
  11. Chapter 8 Principles of Security Models, Design, and Capabilities
    1. Implement and Manage Engineering Processes Using Secure Design Principles
    2. Understand the Fundamental Concepts of Security Models
    3. Select Controls Based On Systems Security Requirements
    4. Understand Security Capabilities of Information Systems
    5. Summary
    6. Exam Essentials
    7. Written Lab
    8. Review Questions
  12. Chapter 9 Security Vulnerabilities, Threats, and Countermeasures
    1. Assess and Mitigate Security Vulnerabilities
    2. Client-Based Systems
    3. Server-Based Systems
    4. Database Systems Security
    5. Distributed Systems and Endpoint Security
    6. Internet of Things
    7. Industrial Control Systems
    8. Assess and Mitigate Vulnerabilities in Web-Based Systems
    9. Assess and Mitigate Vulnerabilities in Mobile Systems
    10. Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
    11. Essential Security Protection Mechanisms
    12. Common Architecture Flaws and Security Issues
    13. Summary
    14. Exam Essentials
    15. Written Lab
    16. Review Questions
  13. Chapter 10 Physical Security Requirements
    1. Apply Security Principles to Site and Facility Design
    2. Implement Site and Facility Security Controls
    3. Implement and Manage Physical Security
    4. Summary
    5. Exam Essentials
    6. Written Lab
    7. Review Questions
  14. Chapter 11 Secure Network Architecture and Securing Network Components
    1. OSI Model
    2. TCP/IP Model
    3. Converged Protocols
    4. Wireless Networks
    5. Secure Network Components
    6. Cabling, Wireless, Topology, Communications, and Transmission Media Technology
    7. Summary
    8. Exam Essentials
    9. Written Lab
    10. Review Questions
  15. Chapter 12 Secure Communications and Network Attacks
    1. Network and Protocol Security Mechanisms
    2. Secure Voice Communications
    3. Multimedia Collaboration
    4. Manage Email Security
    5. Remote Access Security Management
    6. Virtual Private Network
    7. Virtualization
    8. Network Address Translation
    9. Switching Technologies
    10. WAN Technologies
    11. Miscellaneous Security Control Characteristics
    12. Security Boundaries
    13. Prevent or Mitigate Network Attacks
    14. Summary
    15. Exam Essentials
    16. Written Lab
    17. Review Questions
  16. Chapter 13 Managing Identity and Authentication
    1. Controlling Access to Assets
    2. Comparing Identification and Authentication
    3. Implementing Identity Management
    4. Managing the Identity and Access Provisioning Lifecycle
    5. Summary
    6. Exam Essentials
    7. Written Lab
    8. Review Questions
  17. Chapter 14 Controlling and Monitoring Access
    1. Comparing Access Control Models
    2. Understanding Access Control Attacks
    3. Summary
    4. Exam Essentials
    5. Written Lab
    6. Review Questions
  18. Chapter 15 Security Assessment and Testing
    1. Building a Security Assessment and Testing Program
    2. Performing Vulnerability Assessments
    3. Testing Your Software
    4. Implementing Security Management Processes
    5. Summary
    6. Exam Essentials
    7. Written Lab
    8. Review Questions
  19. Chapter 16 Managing Security Operations
    1. Applying Security Operations Concepts
    2. Securely Provisioning Resources
    3. Managing Configuration
    4. Managing Change
    5. Managing Patches and Reducing Vulnerabilities
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  20. Chapter 17 Preventing and Responding to Incidents
    1. Managing Incident Response
    2. Implementing Detective and Preventive Measures
    3. Logging, Monitoring, and Auditing
    4. Summary
    5. Exam Essentials
    6. Written Lab
    7. Review Questions
  21. Chapter 18 Disaster Recovery Planning
    1. The Nature of Disaster
    2. Understand System Resilience and Fault Tolerance
    3. Recovery Strategy
    4. Recovery Plan Development
    5. Training, Awareness, and Documentation
    6. Testing and Maintenance
    7. Summary
    8. Exam Essentials
    9. Written Lab
    10. Review Questions
  22. Chapter 19 Investigations and Ethics
    1. Investigations
    2. Major Categories of Computer Crime
    3. Ethics
    4. Summary
    5. Exam Essentials
    6. Written Lab
    7. Review Questions
  23. Chapter 20 Software Development Security
    1. Introducing Systems Development Controls
    2. Establishing Databases and Data Warehousing
    3. Storing Data and Information
    4. Understanding Knowledge-Based Systems
    5. Summary
    6. Exam Essentials
    7. Written Lab
    8. Review Questions
  24. Chapter 21 Malicious Code and Application Attacks
    1. Malicious Code
    2. Password Attacks
    3. Application Attacks
    4. Web Application Security
    5. Reconnaissance Attacks
    6. Masquerading Attacks
    7. Summary
    8. Exam Essentials
    9. Written Lab
    10. Review Questions
  25. Appendix A Answers to Review Questions
    1. Chapter 1: Security Governance Through Principles and Policies
    2. Chapter 2: Personnel Security and Risk Management Concepts
    3. Chapter 3: Business Continuity Planning
    4. Chapter 4: Laws, Regulations, and Compliance
    5. Chapter 5: Protecting Security of Assets
    6. Chapter 6: Cryptography and Symmetric Key Algorithms
    7. Chapter 7: PKI and Cryptographic Applications
    8. Chapter 8: Principles of Security Models, Design, and Capabilities
    9. Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
    10. Chapter 10: Physical Security Requirements
    11. Chapter 11: Secure Network Architecture and Securing Network Components
    12. Chapter 12: Secure Communications and Network Attacks
    13. Chapter 13: Managing Identity and Authentication
    14. Chapter 14: Controlling and Monitoring Access
    15. Chapter 15: Security Assessment and Testing
    16. Chapter 16: Managing Security Operations
    17. Chapter 17: Preventing and Responding to Incidents
    18. Chapter 18: Disaster Recovery Planning
    19. Chapter 19: Investigations and Ethics
    20. Chapter 20: Software Development Security
    21. Chapter 21: Malicious Code and Application Attacks
  26. Appendix B Answers to Written Labs
    1. Chapter 1: Security Governance Through Principles and Policies
    2. Chapter 2: Personnel Security and Risk Management Concepts
    3. Chapter 3: Business Continuity Planning
    4. Chapter 4: Laws, Regulations, and Compliance
    5. Chapter 5: Protecting Security of Assets
    6. Chapter 6: Cryptography and Symmetric Key Algorithms
    7. Chapter 7: PKI and Cryptographic Applications
    8. Chapter 8: Principles of Security Models, Design, and Capabilities
    9. Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
    10. Chapter 10: Physical Security Requirements
    11. Chapter 11: Secure Network Architecture and Securing Network Components
    12. Chapter 12: Secure Communications and Network Attacks
    13. Chapter 13: Managing Identity and Authentication
    14. Chapter 14: Controlling and Monitoring Access
    15. Chapter 15: Security Assessment and Testing
    16. Chapter 16: Managing Security Operations
    17. Chapter 17: Preventing and Responding to Incidents
    18. Chapter 18: Disaster Recovery Planning
    19. Chapter 19: Investigations and Ethics
    20. Chapter 20: Software Development Security
    21. Chapter 21: Malicious Code and Application Attacks
  27. Advert
  28. EULA