Book description
Candidates for the CISSP-ISSAP professional certification need to not only demonstrate a thorough understanding of the six domains of the ISSAP CBK, but also need to have the ability to apply this in-depth knowledge to develop a detailed security architecture.
Supplying an authoritative review of the key concepts and requirements of the ISSAP CBK, the Official (ISC)2® Guide to the ISSAP® CBK®,Second Edition provides the practical understanding required to implement the latest security protocols to improve productivity, profitability, security, and efficiency. Encompassing all of the knowledge elements needed to create secure architectures, the text covers the six domains: Access Control Systems and Methodology, Communications and Network Security, Cryptology, Security Architecture Analysis, BCP/DRP, and Physical Security Considerations.
Newly Enhanced Design – This Guide Has It All!
- Only guide endorsed by (ISC)2
- Most up-to-date CISSP-ISSAP CBK
- Evolving terminology and changing requirements for security professionals
- Practical examples that illustrate how to apply concepts in real-life situations
- Chapter outlines and objectives
- Review questions and answers
- References to free study resources
Read It. Study It. Refer to It Often.
Table of contents
- Cover
- Half Title
- Title Page
- Copyright Page
- Table of Contents
- Foreword
- Introduction
- Editors
-
Domain 1 - Access Control Systems & Methodology
- Introduction
- Access Control Concepts
- Authentication, Authorization, and Accounting (AAA)
-
Access Control Administration and Management Concepts
- Access Control Administration
- Database Access
- Inherent Rights
- Granted Rights
- Change of Privilege Levels
- Groups
- Role Based
- Task Based
- Dual Control
- Location
- Topology
- Subnet
- Geographical Considerations
- Device Type
- Authentication
- Strengths and Weaknesses of Authentication Tools
- Token-Based Authentication Tools
- Common Issues with Token Management
- Biometric Authentication Tools
- Performance Characteristics
- Implementation Considerations
- Fingerprints
- Hand Geometry
- Iris
- Retina
- Facial Recognition
- Authentication Tool Considerations
- Design Validation
- Architecture Effectiveness Assurance
- Testing Strategies
- Testing Objectives
- Testing Paradigms
- Repeatability
- Methodology
- Developing Test Procedures
- Risk-Based Considerations
-
Domain 2 - Communications & Network Security
-
Voice and Facsimile Communications
- Pulse Code Modulation (PCM)
- Circuit-Switched versus Packet-Switched Networks
- VoIP Architecture Concerns
- End-to-End Delay
- Jitter
- Method of Voice Digitization Used
- Packet Loss Rate
- Security
- Voice Security Policies and Procedures
- Encryption
- Authentication
- Administrative Change Control
- Integrity
- Availability
- Voice Protocols
-
Network Architecture
- Redundancy and Availability
- Internet versus Intranet
- Extranet
- Network Types
- Perimeter Controls
- Security Modems
- Communications and Network Polices
- Overview of Firewalls
- Firewalls vs. Routers
- Demilitarized Zone’s Perimeter Controls
- IDS/IPS
- IDS Architecture
- Intrusion Prevention System
- Security Information & Event Management Considerations (SIEM)
- Wireless Considerations
- Architectures
- Security Issues
- WPA and WPA2
- IEEE 802.11i and 802.1X
- 802.1X
- Zones of Control
- Network Security
- Content Filtering
- Anti-malware
- Anti-spam
- Outbound Traffic Filtering
- Mobile Code
- Policy Enforcement Design
- Application and Transport Layer Security
- Social Media
- Secure E-Commerce Protocols
- SSL/TSL and the TCP/IP Protocol Stack
- Encryption
- Authentication
- Certificates and Certificate Authorities
- Data Integrity
- SSL/TLS Features
- Limitations of SSL/TLS
- Other Security Protocols
- Secure Remote Procedure Calls
- Network Layer Security and VPNs
- Types of VPN Tunneling
- VPN Tunneling Protocols
- Layer 2 Tunneling Protocol (L2TP)
- IPSec
- Authentication Header (AH)
- Encapsulating Security Payload (ESP)
- Cryptographic Algorithms
- L2TP/IPSec
- Authentication Using EAP
- TCP Wrapper
- SOCKS
- Comparing SOCKS and HTTP Proxies
- VPN Selection
- Topology Supported
- Authentication Supported
- Encryption Supported
- Scalability
- Management
- VPN Client Software
- Operating System and Browser Support
- Performance
- Endpoint Security
- Encryption
- Network Security Design Considerations
- Interoperability and Associated Risks
- Audits and Assessments
- Operating Environment
- Secure Sourcing Strategy
-
Voice and Facsimile Communications
-
Domain 3 - Cryptography
- Cryptographic Principles
-
Applications of Cryptography
- Benefits
- Uses
- Message Encryption
- Secure IP Communication
- Remote Access
- Secure Wireless Communication
- Other Types of Secure Communication
- Identification and Authentication
- Storage Encryption
- Electronic Commerce (E-Commerce)
- Software Code Signing
- Interoperability
- Methods of Cryptography
- Symmetric Cryptosystems
- Block Cipher Modes
- Stream Ciphers
- Asymmetric Cryptosystems
- Hash Functions and Message Authentication Codes
- Digital Signatures
- Vet Proprietary Cryptography & Design Testable Cryptographic Systems
- Computational Overhead & Useful Life
- Key Management
- Key Life Cycle
-
Public Key Infrastructure
- Key Distribution
- Certificate and Key Storage
- PKI Registration
- How the Subject Proves Its Organizational Entity
- How a Person, Acting on Behalf of the Subject, Authenticates to Request a Certificate (Case Studies)
- Certificate Issuance
- Trust Models
- Subordinate Hierarchy
- Cross-Certified Mesh
- Certificate Chains
- Certificate Revocation
- Traditional CRL Model
- Modified CRL-Based Models
- Cross-Certification
- How Applications Use Cross-Certification
- How Cross-Certification Is Set Up
- How Cross-Certification with a Bridge CA Is Implemented in Practice
-
Design Validation
- Review of Cryptanalytic Attacks
- Attack Models
- Symmetric Attacks
- Asymmetric Attacks
- Hash Function Attacks
- Network-Based Cryptanalytic Attacks
- Attacks against Keys
- Brute Force Attacks
- Side-Channel Cryptanalysis
- Risk-Based Cryptographic Architecture
- Identifying Risk and Requirements by Cryptographic Areas
- Case Study
- Cryptographic Compliance Monitoring
- Cryptographic Standards Compliance
- Industry- and Application-Specific Cryptographic Standards Compliance
-
Domain 4 - Security Architecture Analysis
-
Risk Analysis
- Quantitative Risk Analysis
- Qualitative Risk Analysis
- Risk Theory
- Attack Vectors
- Methods of “Vector” Attack
- Attack by E-Mail
- Attack by Deception
- Hoaxes
- Hackers
- Web Page Attack
- Attack of the Worms
- Malicious Macros
- Instant Messaging, IRC, and P2P File-Sharing Networks
- Viruses
- Asset and Data Valuation
- Context and Data Value
- Corporate versus Departmental: Valuation
- Business, Legal, and Regulatory Requirements
-
Product Assurance Evaluation Criteria
- Common Criteria (CC) Part 1
- Common Criteria (CC) Part 2
- The Target of Evaluation (TOE)
- Evaluation Assurance Level (EAL) Overview
- Evaluation Assurance Level 1 (EAL1) - Functionally Tested
- Evaluation Assurance Level 2 (EAL2) - Structurally Tested
- Evaluation Assurance Level 3 (EAL3) - Methodically Tested and Checked
- Evaluation Assurance Level 4 (EAL4) - Methodically Designed, Tested, and Reviewed
- Evaluation Assurance Level 5 (EAL5) - Semiformally Designed and Tested
- Evaluation Assurance Level 6 (EAL6) - Semiformally Verified Design and Tested
- Evaluation Assurance Level 7 (EAL7) - Formally Verified Design and Tested
- Common Criteria (CC) Part 3: Assurance Paradigm
- Significance of Vulnerabilities
- The Causes of Vulnerabilities
- Common Criteria Assurance
-
Assurance through Evaluation
- The Common Criteria Evaluation Assurance Scale
- ISO/IEC 27000 Series
- Software Engineering Institute - Capability Maturity Model (CMMI-DEV) Key Practices Version 1.3
- Introducing the Capability Maturity Model
- Sources of the Capability Maturity Model (CMM)
- Structure of the CMMI-DEV V1.3
- Intergroup Coordination
- Peer Reviews
- ISO 7498
- Concepts of a Layered Architecture
- Payment Card Industry Data Security Standard (PCI-DSS)
- Architectural Solutions
- Architecture Frameworks
- Design Process
-
Risk Analysis
- Domain 5 - Technology Related Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
- Domain 6 - Physical Security Considerations
- Appendix A
- Index
Product information
- Title: Official (ISC)2® Guide to the ISSAP® CBK, 2nd Edition
- Author(s):
- Release date: January 2017
- Publisher(s): Auerbach Publications
- ISBN: 9781466579019
You might also like
book
Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition
Providing an overview of certification and accreditation, the second edition of this officially sanctioned guide demonstrates …
book
Official (ISC)2® Guide to the ISSMP® CBK®
As the recognized leader in the field of information security education and certification, the (ISC)2® promotes …
article
Have ChatGPT Ask You Questions
ChatGPT Shortcuts shows future prompt engineers how to harness the full potential of the state-of-the-art AI …
video
GenAI Essentials for Everyone - Overview
Our team of experts has hand-selected and organized the most crucial concepts and practical applications of …