Book description
The only official, comprehensive reference guide to the CISSP
All new for 2019 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)2, the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024.
This CBK covers the new eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Written by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with:
• Common and good practices for each objective
• Common vocabulary and definitions
• References to widely accepted computing standards
• Highlights of successful approaches through case studies
Whether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.
Table of contents
- Cover
- Lead Author and Lead Technical Reviewer
- Contributing Authors
- Technical Reviewers
- Foreword
- Introduction
-
DOMAIN 1 Security and Risk Management
- Understand and Apply Concepts of Confidentiality, Integrity, and Availability
- Evaluate and Apply Security Governance Principles
- Determine Compliance Requirements
- Understand Legal and Regulatory Issues That Pertain to Information Security in a Global Context
- Understand, Adhere to, and Promote Professional Ethics
- Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
- Identify, Analyze, and Prioritize Business Continuity Requirements
- Contribute to and Enforce Personnel Security Policies and Procedures
- Understand and Apply Risk Management Concepts
- Understand and Apply Threat Modeling Concepts and Methodologies
- Apply Risk-Based Management Concepts to the Supply Chain
- Establish and Maintain a Security Awareness, Education, and Training Program
- Summary
- DOMAIN 2 Asset Security
-
DOMAIN 3 Security Architecture and Engineering
- Implement and Manage Engineering Processes Using Secure Design Principles
- Understand the Fundamental Concepts of Security Models
- Select Controls Based upon Systems Security Requirements
- Understand Security Capabilities of Information Systems
- Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
- Assess and Mitigate Vulnerabilities in Web-based Systems
- Assess and Mitigate Vulnerabilities in Mobile Systems
- Assess and Mitigate Vulnerabilities in Embedded Devices
- Apply Cryptography
- Apply Security Principles to Site and Facility Design
- Implement Site and Facility Security Controls
- Summary
- DOMAIN 4 Communication and Network Security
- DOMAIN 5 Identity and Access Management
- DOMAIN 6 Security Assessment and Testing
-
DOMAIN 7 Security Operations
- Understand and Support Investigations
- Understand Requirements for Investigation Types
- Conduct Logging and Monitoring Activities
- Securely Provision Resources
- Understand and Apply Foundational Security Operations Concepts
- Apply Resource Protection Techniques to Media
- Conduct Incident Management
- Operate and Maintain Detective and Preventative Measures
- Implement and Support Patch and Vulnerability Management
- Understand and Participate in Change Management Processes
- Implement Recovery Strategies
- Implement Disaster Recovery Processes
- Test Disaster Recovery Plans
- Participate in Business Continuity Planning and Exercises
- Implement and Manage Physical Security
- Address Personnel Safety and Security Concerns
- Summary
- DOMAIN 8 Domain 8 Software Development Security
- Index
- End User License Agreement
Product information
- Title: The Official (ISC)2 Guide to the CISSP CBK Reference, 5th Edition
- Author(s):
- Release date: May 2019
- Publisher(s): Wiley
- ISBN: 9781119423348
You might also like
book
CISSP® Practice: 2,250 Questions, Answers, and Explanations for Passing the Test
A must-have prep guide for taking the CISSP certification exam If practice does, indeed, make perfect, …
book
Official (ISC)2 Guide to the CISSP CBK, 4th Edition
As a result of a rigorous, methodical process that (ISC) follows to routinely update its credential …
video
CISSP Video Course
The fast, powerful way to prepare for your CISSP exam! 30+ hours of personal video training …
book
Cybersecurity Blue Team Toolkit
A practical handbook to cybersecurity for both tech and non-tech professionals As reports of major data …