| 000 -LEADER |
|---|
| fixed length control field |
13659cam a22006017i 4500 |
| 001 - CONTROL NUMBER |
|---|
| control field |
20332781 |
| 003 - CONTROL NUMBER IDENTIFIER |
|---|
| control field |
CITU |
| 005 - DATE AND TIME OF LATEST TRANSACTION |
|---|
| control field |
20221025111333.0 |
| 007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION |
|---|
| fixed length control field |
cr an aaaaa |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION |
|---|
| fixed length control field |
180201t20182018inua 001 0 eng d |
| 010 ## - LIBRARY OF CONGRESS CONTROL NUMBER |
|---|
| LC control number |
2018933561 |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
9781119475934 |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
9781119549567 |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
1119475937 |
| 035 ## - SYSTEM CONTROL NUMBER |
|---|
| System control number |
(OCoLC)on1008766929 |
| 042 ## - AUTHENTICATION CODE |
|---|
| Authentication code |
lccopycat |
| 050 00 - LIBRARY OF CONGRESS CALL NUMBER |
|---|
| Classification number |
QA76.3 |
| Item number |
.C4255 2018 |
| 082 04 - DEWEY DECIMAL CLASSIFICATION NUMBER |
|---|
| Classification number |
005.8076 |
| Edition number |
23 |
| 100 1# - MAIN ENTRY--PERSONAL NAME |
|---|
| Preferred name for the person |
Chapple, Mike, |
| Dates associated with a name |
1975- |
| Relator term |
author. |
| 245 10 - TITLE STATEMENT |
|---|
| Title |
(ISC)² CISSP certified information systems security professional : |
| Remainder of title |
official study guide / |
| Statement of responsibility, etc |
Mike Chapple, James Michael Stewart, Darril Gibson. |
| 246 30 - VARYING FORM OF TITLE |
|---|
| Title proper/short title |
CISSP certified information systems security professional official study guide |
| 246 30 - VARYING FORM OF TITLE |
|---|
| Title proper/short title |
Certified information systems security professional official study guide |
| 246 3# - VARYING FORM OF TITLE |
|---|
| Title proper/short title |
CISSO official study guide |
| 250 ## - EDITION STATEMENT |
|---|
| Edition statement |
Eighth edition. |
| 264 #1 - PUBLICATION, DISTRIBUTION, ETC. (IMPRINT) |
|---|
| Place of publication, distribution, etc |
Indianapolis, Indiana : |
| Name of publisher, distributor, etc |
John Wiley & Sons, |
| Date of publication, distribution, etc |
[2018] |
| 264 #4 - PUBLICATION, DISTRIBUTION, ETC. (IMPRINT) |
|---|
| Date of publication, distribution, etc |
©2018 |
| 300 ## - PHYSICAL DESCRIPTION |
|---|
| Extent |
1 online resource (li, 1050 pages) : |
| Other physical details |
illustrations |
| 336 ## - CONTENT TYPE |
|---|
| Content type term |
text |
| Content type code |
txt |
| Source |
rdacontent |
| 336 ## - CONTENT TYPE |
|---|
| Content type term |
still image |
| Content type code |
sti |
| Source |
rdacontent |
| 337 ## - MEDIA TYPE |
|---|
| Media type term |
computer |
| Media type code |
c |
| Source |
rdamedia |
| 338 ## - CARRIER TYPE |
|---|
| Carrier type term |
online resource |
| Carrier type code |
cr |
| Source |
rdacarrier |
| 500 ## - GENERAL NOTE |
|---|
| General note |
Includes index. |
| 500 ## - GENERAL NOTE |
|---|
| General note |
ABOUT THE AUTHOR<br/>ABOUT THE AUTHORS<br/><br/>Mike Chapple, PhD, CISSP, Security+, CISA, CySA+ is Associate Teaching Professor of IT, Analytics and Operations at the University of Notre Dame. He is a leading expert on cybersecurity certification and runs CertMike.com.<br/><br/>James Michael Stewart, CISSP, CEH, ECSA, CHFI, Security+, Network+, has focused on security, certification, networking, and various operating systems for more than 25 years. He teaches numerous job skill and certification focused courses. He has authored or coauthored more than 75 books.<br/><br/>Darril Gibson, CISSP, Security+, CASP, is CEO of YCDA, LLC. He regularly writes and consults on a variety of technical and security topics, and has authored or coauthored more than 35 books. |
| 505 0# - CONTENTS |
|---|
| Formatted contents note |
TABLE OF CONTENTS<br/>Introduction xxxiii<br/><br/>Assessment Test xlii<br/><br/>Chapter 1 Security Governance Through Principles and Policies 1<br/><br/>Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2<br/><br/>Evaluate and Apply Security Governance Principles 14<br/><br/>Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 26<br/><br/>Understand and Apply Threat Modeling Concepts and Methodologies 30<br/><br/>Apply Risk-Based Management Concepts to the Supply Chain 38<br/><br/>Summary 40<br/><br/>Exam Essentials 42<br/><br/>Written Lab 44<br/><br/>Review Questions 45<br/><br/>Chapter 2 Personnel Security and Risk Management Concepts 49<br/><br/>Personnel Security Policies and Procedures 51<br/><br/>Security Governance 62<br/><br/>Understand and Apply Risk Management Concepts 63<br/><br/>Establish and Maintain a Security Awareness, Education, and Training Program 86<br/><br/>Manage the Security Function 87<br/><br/>Summary 88<br/><br/>Exam Essentials 89<br/><br/>Written Lab 92<br/><br/>Review Questions 93<br/><br/>Chapter 3 Business Continuity Planning 97<br/><br/>Planning for Business Continuity 98<br/><br/>Project Scope and Planning 99<br/><br/>Business Impact Assessment 105<br/><br/>Continuity Planning 111<br/><br/>Plan Approval and Implementation 114<br/><br/>Summary 119<br/><br/>Exam Essentials 119<br/><br/>Written Lab 120<br/><br/>Review Questions 121<br/><br/>Chapter 4 Laws, Regulations, and Compliance 125<br/><br/>Categories of Laws 126<br/><br/>Laws 129<br/><br/>Compliance 149<br/><br/>Contracting and Procurement 150<br/><br/>Summary 151<br/><br/>Exam Essentials 152<br/><br/>Written Lab 153<br/><br/>Review Questions 154<br/><br/>Chapter 5 Protecting Security of Assets 159<br/><br/>Identify and Classify Assets 160<br/><br/>Determining Ownership 178<br/><br/>Using Security Baselines 186<br/><br/>Summary 187<br/><br/>Exam Essentials 188<br/><br/>Written Lab 189<br/><br/>Review Questions 190<br/><br/>Chapter 6 Cryptography and Symmetric Key Algorithms 195<br/><br/>Historical Milestones in Cryptography 196<br/><br/>Cryptographic Basics 198<br/><br/>Modern Cryptography 214<br/><br/>Symmetric Cryptography 219<br/><br/>Cryptographic Lifecycle 228<br/><br/>Summary 229<br/><br/>Exam Essentials 229<br/><br/>Written Lab 231<br/><br/>Review Questions 232<br/><br/>Chapter 7 PKI and Cryptographic Applications 237<br/><br/>Asymmetric Cryptography 238<br/><br/>Hash Functions 242<br/><br/>Digital Signatures 246<br/><br/>Public Key Infrastructure 249<br/><br/>Asymmetric Key Management 253<br/><br/>Applied Cryptography 254<br/><br/>Cryptographic Attacks 265<br/><br/>Summary 268<br/><br/>Exam Essentials 269<br/><br/>Written Lab 270<br/><br/>Review Questions 271<br/><br/>Chapter 8 Principles of Security Models, Design, and Capabilities 275<br/><br/>Implement and Manage Engineering Processes Using Secure Design Principles 276<br/><br/>Understand the Fundamental Concepts of Security Models 281<br/><br/>Select Controls Based On Systems Security Requirements 295<br/><br/>Understand Security Capabilities of Information Systems 309<br/><br/>Summary 311<br/><br/>Exam Essentials 312<br/><br/>Written Lab 313<br/><br/>Review Questions 314<br/><br/>Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 319<br/><br/>Assess and Mitigate Security Vulnerabilities 320<br/><br/>Client-Based Systems 342<br/><br/>Server-Based Systems 346<br/><br/>Database Systems Security 347<br/><br/>Distributed Systems and Endpoint Security 350<br/><br/>Internet of Things 358<br/><br/>Industrial Control Systems 359<br/><br/>Assess and Mitigate Vulnerabilities in Web-Based Systems 360<br/><br/>Assess and Mitigate Vulnerabilities in Mobile Systems 365<br/><br/>Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems 375<br/><br/>Essential Security Protection Mechanisms 379<br/><br/>Common Architecture Flaws and Security Issues 384<br/><br/>Summary 390<br/><br/>Exam Essentials 391<br/><br/>Written Lab 394<br/><br/>Review Questions 395<br/><br/>Chapter 10 Physical Security Requirements 399<br/><br/>Apply Security Principles to Site and Facility Design 400<br/><br/>Implement Site and Facility Security Controls 403<br/><br/>Implement and Manage Physical Security 422<br/><br/>Summary 431<br/><br/>Exam Essentials 432<br/><br/>Written Lab 434<br/><br/>Review Questions 435<br/><br/>Chapter 11 Secure Network Architecture and Securing Network Components 439<br/><br/>OSI Model 440<br/><br/>TCP/IP Model 451<br/><br/>Converged Protocols 470<br/><br/>Wireless Networks 472<br/><br/>Secure Network Components 486<br/><br/>Cabling, Wireless, Topology, Communications, and Transmission Media Technology 495<br/><br/>Summary 513<br/><br/>Exam Essentials 514<br/><br/>Written Lab 516<br/><br/>Review Questions 517<br/><br/>Chapter 12 Secure Communications and Network Attacks 521<br/><br/>Network and Protocol Security Mechanisms 522<br/><br/>Secure Voice Communications 525<br/><br/>Multimedia Collaboration 529<br/><br/>Manage Email Security 530<br/><br/>Remote Access Security Management 536<br/><br/>Virtual Private Network 540<br/><br/>Virtualization 546<br/><br/>Network Address Translation 549<br/><br/>Switching Technologies 553<br/><br/>WAN Technologies 556<br/><br/>Miscellaneous Security Control Characteristics 561<br/><br/>Security Boundaries 563<br/><br/>Prevent or Mitigate Network Attacks 564<br/><br/>Summary 569<br/><br/>Exam Essentials 571<br/><br/>Written Lab 573<br/><br/>Review Questions 574<br/><br/>Chapter 13 Managing Identity and Authentication 579<br/><br/>Controlling Access to Assets 580<br/><br/>Comparing Identification and Authentication 584<br/><br/>Implementing Identity Management 602<br/><br/>Managing the Identity and Access Provisioning Lifecycle 611<br/><br/>Summary 614<br/><br/>Exam Essentials 615<br/><br/>Written Lab 617<br/><br/>Review Questions 618<br/><br/>Chapter 14 Controlling and Monitoring Access 623<br/><br/>Comparing Access Control Models 624<br/><br/>Understanding Access Control Attacks 635<br/><br/>Summary 653<br/><br/>Exam Essentials 654<br/><br/>Written Lab 656<br/><br/>Review Questions 657<br/><br/>Chapter 15 Security Assessment and Testing 661<br/><br/>Building a Security Assessment and Testing Program 662<br/><br/>Performing Vulnerability Assessments 668<br/><br/>Testing Your Software 681<br/><br/>Implementing Security Management Processes 688<br/><br/>Summary 690<br/><br/>Exam Essentials 691<br/><br/>Written Lab 692<br/><br/>Review Questions 693<br/><br/>Chapter 16 Managing Security Operations 697<br/><br/>Applying Security Operations Concepts 698<br/><br/>Securely Provisioning Resources 710<br/><br/>Managing Configuration 718<br/><br/>Managing Change 719<br/><br/>Managing Patches and Reducing Vulnerabilities 723<br/><br/>Summary 728<br/><br/>Exam Essentials 729<br/><br/>Written Lab 731<br/><br/>Review Questions 732<br/><br/>Chapter 17 Preventing and Responding to Incidents 737<br/><br/>Managing Incident Response 738<br/><br/>Implementing Detective and Preventive Measures 745<br/><br/>Logging, Monitoring, and Auditing 773<br/><br/>Summary 790<br/><br/>Exam Essentials 792<br/><br/>Written Lab 795<br/><br/>Review Questions 796<br/><br/>Chapter 18 Disaster Recovery Planning 801<br/><br/>The Nature of Disaster 802<br/><br/>Understand System Resilience and Fault Tolerance 812<br/><br/>Recovery Strategy 818<br/><br/>Recovery Plan Development 827<br/><br/>Training, Awareness, and Documentation 835<br/><br/>Testing and Maintenance 836<br/><br/>Summary 838<br/><br/>Exam Essentials 838<br/><br/>Written Lab 839<br/><br/>Review Questions 840<br/><br/>Chapter 19 Investigations and Ethics 845<br/><br/>Investigations 846<br/><br/>Major Categories of Computer Crime 857<br/><br/>Ethics 861<br/><br/>Summary 864<br/><br/>Exam Essentials 864<br/><br/>Written Lab 865<br/><br/>Review Questions 866<br/><br/>Chapter 20 Software Development Security 871<br/><br/>Introducing Systems Development Controls 872<br/><br/>Establishing Databases and Data Warehousing 895<br/><br/>Storing Data and Information 904<br/><br/>Understanding Knowledge-Based Systems 906<br/><br/>Summary 909<br/><br/>Exam Essentials 909<br/><br/>Written Lab 910<br/><br/>Review Questions 911<br/><br/>Chapter 21 Malicious Code and Application Attacks 915<br/><br/>Malicious Code 916<br/><br/>Password Attacks 929<br/><br/>Application Attacks 933<br/><br/>Web Application Security 935<br/><br/>Reconnaissance Attacks 940<br/><br/>Masquerading Attacks 941<br/><br/>Summary 942<br/><br/>Exam Essentials 943<br/><br/>Written Lab 944<br/><br/>Review Questions 945<br/><br/>Appendix A Answers to Review Questions 949<br/><br/>Chapter 1: Security Governance Through Principles and Policies 950<br/><br/>Chapter 2: Personnel Security and Risk Management Concepts 951<br/><br/>Chapter 3: Business Continuity Planning 952<br/><br/>Chapter 4: Laws, Regulations, and Compliance 954<br/><br/>Chapter 5: Protecting Security of Assets 956<br/><br/>Chapter 6: Cryptography and Symmetric Key Algorithms 958<br/><br/>Chapter 7: PKI and Cryptographic Applications 960<br/><br/>Chapter 8: Principles of Security Models, Design, and Capabilities 961<br/><br/>Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 963<br/><br/>Chapter 10: Physical Security Requirements 965<br/><br/>Chapter 11: Secure Network Architecture and Securing Network Components 966<br/><br/>Chapter 12: Secure Communications and Network Attacks 968<br/><br/>Chapter 13: Managing Identity and Authentication 969<br/><br/>Chapter 14: Controlling and Monitoring Access 971<br/><br/>Chapter 15: Security Assessment and Testing 973<br/><br/>Chapter 16: Managing Security Operations 975<br/><br/>Chapter 17: Preventing and Responding to Incidents 977<br/><br/>Chapter 18: Disaster Recovery Planning 980<br/><br/>Chapter 19: Investigations and Ethics 981<br/><br/>Chapter 20: Software Development Security 983<br/><br/>Chapter 21: Malicious Code and Application Attacks 984<br/><br/>Appendix B Answers to Written Labs 987<br/><br/>Chapter 1: Security Governance Through Principles and Policies 988<br/><br/>Chapter 2: Personnel Security and Risk Management Concepts 988<br/><br/>Chapter 3: Business Continuity Planning 989<br/><br/>Chapter 4: Laws, Regulations, and Compliance 990<br/><br/>Chapter 5: Protecting Security of Assets 991<br/><br/>Chapter 6: Cryptography and Symmetric Key Algorithms 991<br/><br/>Chapter 7: PKI and Cryptographic Applications 992<br/><br/>Chapter 8: Principles of Security Models, Design, and Capabilities 992<br/><br/>Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 993<br/><br/>Chapter 10: Physical Security Requirements 994<br/><br/>Chapter 11: Secure Network Architecture and Securing Network Components 994<br/><br/>Chapter 12: Secure Communications and Network Attacks 995<br/><br/>Chapter 13: Managing Identity and Authentication 996<br/><br/>Chapter 14: Controlling and Monitoring Access 996<br/><br/>Chapter 15: Security Assessment and Testing 997<br/><br/>Chapter 16: Managing Security Operations 997<br/><br/>Chapter 17: Preventing and Responding to Incidents 998<br/><br/>Chapter 18: Disaster Recovery Planning 999<br/><br/>Chapter 19: Investigations and Ethics 999<br/><br/>Chapter 20: Software Development Security 1000<br/><br/>Chapter 21: Malicious Code and Application Attacks 1000<br/><br/>Index 1001 |
| 520 ## - SUMMARY, ETC. |
|---|
| Summary, etc |
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions -- Provided by the publisher. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Computer security |
| General subdivision |
Examinations |
| Form subdivision |
Study guides. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Computer networks |
| General subdivision |
Security measures |
| -- |
Examinations |
| Form subdivision |
Study guides. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Electronic data processing personnel |
| General subdivision |
Certification. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Telecommunications engineers |
| General subdivision |
Certification. |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Computer networks |
| General subdivision |
Security measures |
| -- |
Examinations. |
| Source of heading or term |
fast |
| Authority record control number |
(OCoLC)fst00872343 |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Computer security |
| General subdivision |
Examinations. |
| Source of heading or term |
fast |
| Authority record control number |
(OCoLC)fst00872489 |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Electronic data processing personnel |
| General subdivision |
Certification. |
| Source of heading or term |
fast |
| Authority record control number |
(OCoLC)fst00907100 |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Telecommunications engineers |
| General subdivision |
Certification. |
| Source of heading or term |
fast |
| Authority record control number |
(OCoLC)fst01146096 |
| 655 #7 - INDEX TERM--GENRE/FORM |
|---|
| Genre/form data or focus term |
Study guides. |
| Source of term |
fast |
| Authority record control number |
(OCoLC)fst01423888 |
| 655 #7 - INDEX TERM--GENRE/FORM |
|---|
| Genre/form data or focus term |
Study guides. |
| Source of term |
lcgft |
| 700 1# - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Stewart, James Michael, |
| Relator term |
author. |
| 700 1# - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Gibson, Darril, |
| Relator term |
author. |
| 856 ## - ELECTRONIC LOCATION AND ACCESS |
|---|
| Link text |
Full text available at Wiley Online Library Click here to view |
| Uniform Resource Identifier |
https://onlinelibrary.wiley.com/doi/book/10.1002/9781119549567 |
| 906 ## - LOCAL DATA ELEMENT F, LDF (RLIN) |
|---|
| a |
7 |
| b |
cbc |
| c |
copycat |
| d |
2 |
| e |
ncip |
| f |
20 |
| g |
y-gencatlg |
| 942 ## - ADDED ENTRY ELEMENTS |
|---|
| Source of classification or shelving scheme |
|
| Item type |
EBOOK |