book

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition

by Mike Chapple, James Michael Stewart, Darril Gibson

June 2024

Intermediate to advanced

1248 pages

40h 26m

English

Sybex

Read now

Unlock full access

Overview of the CISSP ExamThe Elements of This Study GuideInteractive Online Learning Environment and Test BankStudy Guide Exam ObjectivesObjective MapHow to Contact the PublisherAssessment TestAnswers to Assessment Test
Security 101Understand and Apply Security ConceptsSecurity BoundariesEvaluate and Apply Security Governance PrinciplesManage the Security FunctionSecurity Policy, Standards, Procedures, and GuidelinesThreat ModelingSupply Chain Risk ManagementSummaryStudy EssentialsWritten LabReview Questions

Personnel Security Policies and ProceduresUnderstand and Apply Risk Management ConceptsSocial EngineeringEstablish and Maintain a Security Awareness, Education, and Training ProgramSummaryStudy EssentialsWritten LabReview Questions
Planning for Business ContinuityProject Scope and PlanningBusiness Impact AnalysisContinuity PlanningPlan Approval and ImplementationSummaryStudy EssentialsWritten LabReview Questions
Categories of LawsLawsState Privacy LawsComplianceContracting and ProcurementSummaryStudy EssentialsWritten LabReview Questions
Identifying and Classifying Information and AssetsEstablishing Information and Asset Handling RequirementsData Protection MethodsUnderstanding Data RolesUsing Security BaselinesSummaryStudy EssentialsWritten LabReview Questions
Cryptographic FoundationsModern CryptographySymmetric CryptographyCryptographic Life CycleSummaryStudy EssentialsWritten LabReview Questions
Asymmetric CryptographyHash FunctionsDigital SignaturesPublic Key InfrastructureAsymmetric Key ManagementHybrid CryptographyApplied CryptographyCryptographic AttacksSummaryStudy EssentialsWritten LabReview Questions
Secure Design PrinciplesTechniques for Ensuring CIAUnderstand the Fundamental Concepts of Security ModelsSelect Controls Based on Systems Security RequirementsUnderstand Security Capabilities of Information SystemsSummaryStudy EssentialsWritten LabReview Questions
Shared ResponsibilityData Localization and Data SovereigntyAssess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution ElementsClient-Based SystemsServer-Based SystemsIndustrial Control SystemsDistributed SystemsHigh-Performance Computing (HPC) SystemsReal-Time Operating SystemsInternet of ThingsEdge and Fog ComputingEmbedded Devices and Cyber-Physical SystemsMicroservicesInfrastructure as CodeImmutable ArchitectureVirtualized SystemsContainerizationMobile DevicesEssential Security Protection MechanismsCommon Security Architecture Flaws and IssuesSummaryStudy EssentialsWritten LabReview Questions
Apply Security Principles to Site and Facility DesignImplement Site and Facility Security ControlsImplement and Manage Physical SecuritySummaryStudy EssentialsWritten LabReview Questions
OSI ModelTCP/IP ModelAnalyzing Network TrafficCommon Application Layer ProtocolsTransport Layer ProtocolsDomain Name SystemInternet Protocol (IP) NetworkingARP ConcernsSecure Communication ProtocolsImplications of Multilayer ProtocolsSegmentationEdge NetworksWireless NetworksSatellite CommunicationsCellular NetworksContent Distribution Networks (CDNs)Secure Network ComponentsSummaryStudy EssentialsWritten LabReview Questions
Protocol Security MechanismsSecure Voice CommunicationsRemote Access Security ManagementMultimedia CollaborationMonitoring and ManagementLoad BalancingManage Email SecurityVirtual Private NetworkSwitching and Virtual LANsNetwork Address TranslationThird-Party ConnectivitySwitching TechnologiesWAN TechnologiesFiber-Optic LinksPrevent or Mitigate Network AttacksSummaryStudy EssentialsWritten LabReview Questions
Controlling Access to AssetsThe AAA ModelImplementing Identity ManagementManaging the Identity and Access Provisioning Life CycleSummaryStudy EssentialsWritten LabReview Questions
Comparing Access Control ModelsImplementing Authentication SystemsZero-Trust Access Policy EnforcementUnderstanding Access Control AttacksSummaryStudy EssentialsWritten LabReview Questions
Building a Security Assessment and Testing ProgramPerforming Vulnerability AssessmentsTesting Your SoftwareTraining and ExercisesImplementing Security Management Processes and Collecting Security Process DataSummaryExam EssentialsWritten LabReview Questions
Apply Foundational Security Operations ConceptsAddress Personnel Safety and SecurityProvision Information and Assets SecurelyApply Resource ProtectionManaged Services in the CloudPerform Configuration Management (CM)Manage ChangeManage Patches and Reduce VulnerabilitiesSummaryStudy EssentialsWritten LabReview Questions
Conducting Incident ManagementImplementing Detection and Preventive MeasuresLogging and MonitoringAutomating Incident ResponseSummaryStudy EssentialsWritten LabReview Questions
The Nature of DisasterUnderstand System Resilience, High Availability, and Fault ToleranceRecovery StrategyRecovery Plan DevelopmentTraining, Awareness, and DocumentationTesting and MaintenanceSummaryStudy EssentialsWritten LabReview Questions
InvestigationsMajor Categories of Computer CrimeEthicsSummaryStudy EssentialsWritten LabReview Questions
Introducing Systems Development ControlsEstablishing Databases and Data WarehousingStorage ThreatsUnderstanding Knowledge-Based SystemsSummaryStudy EssentialsWritten LabReview Questions
MalwareMalware PreventionApplication AttacksInjection VulnerabilitiesExploiting Authorization VulnerabilitiesExploiting Web Application VulnerabilitiesApplication Security ControlsSecure Coding PracticesSummaryStudy EssentialsWritten LabReview Questions
Chapter 1: Security Governance Through Principles and PoliciesChapter 2: Personnel Security and Risk Management ConceptsChapter 3: Business Continuity PlanningChapter 4: Laws, Regulations, and ComplianceChapter 5: Protecting Security of AssetsChapter 6: Cryptography and Symmetric Key AlgorithmsChapter 7: PKI and Cryptographic ApplicationsChapter 8: Principles of Security Models, Design, and CapabilitiesChapter 9: Security Vulnerabilities, Threats, and CountermeasuresChapter 10: Physical Security RequirementsChapter 11: Secure Network Architecture and ComponentsChapter 12: Secure Communications and Network AttacksChapter 13: Managing Identity and AuthenticationChapter 14: Controlling and Monitoring AccessChapter 15: Security Assessment and TestingChapter 16: Managing Security OperationsChapter 17: Preventing and Responding to IncidentsChapter 18: Disaster Recovery PlanningChapter 19: Investigations and EthicsChapter 20: Software Development SecurityChapter 21: Malicious Code and Application Attacks
Chapter 1: Security Governance Through Principles and PoliciesChapter 2: Personnel Security and Risk Management ConceptsChapter 3: Business Continuity PlanningChapter 4: Laws, Regulations, and ComplianceChapter 5: Protecting Security of AssetsChapter 6: Cryptography and Symmetric Key AlgorithmsChapter 7: PKI and Cryptographic ApplicationsChapter 8: Principles of Security Models, Design, and CapabilitiesChapter 9: Security Vulnerabilities, Threats, and CountermeasuresChapter 10: Physical Security RequirementsChapter 11: Secure Network Architecture and ComponentsChapter 12: Secure Communications and Network AttacksChapter 13: Managing Identity and AuthenticationChapter 14: Controlling and Monitoring AccessChapter 15: Security Assessment and TestingChapter 16: Managing Security OperationsChapter 17: Preventing and Responding to IncidentsChapter 18: Disaster Recovery PlanningChapter 19: Investigations and EthicsChapter 20: Software Development SecurityChapter 21: Malicious Code and Application Attacks

Content preview from ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition

Index

2FA (two-factor authentication) fatigue, 780
3DES (Triple DES), 256–257
802.11 standards, 527

A

AAA model, access control
- accounting, 648, 649
- authentication, 645–646
  - device authenticators, 654–655, 661
  - factors, 649–650
  - mutual, 662
  - password policies, 652
  - passwordless, 660
  - passwords, 651–653
  - service authentication, 661–662
  - smartcards, 654
- authorization, 648, 649
- identification, 645–646
- identity establishment, 647–648
- MFA (multifactor authentication), 659
- objects, 646–647
- proofing, 647–648
- registration, 647–648
- subjects, 646–647
AAA services, 8–11
ABAC (attribute-based access control), 686, 690
abstraction, 12
abuse case testing, 756
access abuses, 459
access control, 447, 643–644. See also AAA model; remote access
- answers ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 9th Edition

Mike Chapple, James Michael Stewart, Darril Gibson

CISSP: Certified Information Systems Security Professional (2024)

ACI Learning, Robin Abernathy, Lauren Deal

CompTIA A+ Certification All-in-One Exam Guide, Eleventh Edition (Exams 220-1101 & 220-1102), 11th Edition

Mike Meyers

CompTIA Security+ SY0-701 Cert Guide

Lewis Heuermann

Publisher Resources

ISBN: 9781394254699Purchase Link

A