CISSP : certified information systems security professional : the official (ISC)2 CICCP CBK reference / John Warsinkse [and ten others].

By: Warsinske, John [author.]
Contributor(s): Graff, Mark [author.] | Henry, Kevin [author.] | Hoover, Christopher [author.] | Malisow, Ben [author.] | Murphy, Sean [author.] | Oakes, C. Paul [author.] | Pajari, George [author.] | Parker, Jeff T [author.] | Seidl, David [author.] | Vasquez, Mike [author.]
Language: English Publisher: Hoboken, NJ : Sybex, 2019Edition: Fifth EditionDescription: 1 online resource (xxx, 899 pages)Content type: text Media type: computer Carrier type: online resourceISBN: 9781119423300Subject(s): Administrative agencies | Computer networks | Computer networks -- Security measures | Computers | Political scienceGenre/Form: Electronic books.DDC classification: 005.8 Online resources: Full text is available at Wiley Online Library Click here to view.
Contents:
Table of Contents Foreword xxv Introduction xxvii Domain 1: Security and Risk Management 1 Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2 Information Security 3 Evaluate and Apply Security Governance Principles 6 Alignment of Security Functions to Business Strategy, Goals, Mission, and Objectives 6 Vision, Mission, and Strategy 6 Governance 7 Due Care 10 Determine Compliance Requirements 11 Legal Compliance 12 Jurisdiction 12 Legal Tradition 12 Legal Compliance Expectations 13 Understand Legal and Regulatory Issues That Pertain to Information Security in a Global Context 13 Cyber Crimes and Data Breaches 14 Privacy 36 Understand, Adhere to, and Promote Professional Ethics 49 Ethical Decision-Making 49 Established Standards of Ethical Conduct 51 (ISC)² Ethical Practices 56 Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 57 Organizational Documents 58 Policy Development 61 Policy Review Process 61 Identify, Analyze, and Prioritize Business Continuity Requirements 62 Develop and Document Scope and Plan 62 Risk Assessment 70 Business Impact Analysis 71 Develop the Business Continuity Plan 73 Contribute to and Enforce Personnel Security Policies and Procedures 80 Key Control Principles 80 Candidate Screening and Hiring 82 Onboarding and Termination Processes 91 Vendor, Consultant, and Contractor Agreements and Controls 96 Privacy in the Workplace 97 Understand and Apply Risk Management Concepts 99 Risk 99 Risk Management Frameworks 99 Risk Assessment Methodologies 108 Understand and Apply Threat Modeling Concepts and Methodologies 111 Threat Modeling Concepts 111 Threat Modeling Methodologies 112 Apply Risk-Based Management Concepts to the Supply Chain 116 Supply Chain Risks 116 Supply Chain Risk Management 119 Establish and Maintain a Security Awareness, Education, and Training Program 121 Security Awareness Overview 122 Developing an Awareness Program 123 Training 127 Summary 128 Domain 2: Asset Security 131 Asset Security Concepts 131 Data Policy 132 Data Governance 132 Data Quality 133 Data Documentation 134 Data Organization 136 Identify and Classify Information and Assets 139 Asset Classification 141 Determine and Maintain Information and Asset Ownership 145 Asset Management Lifecycle 146 Software Asset Management 148 Protect Privacy 152 Cross-Border Privacy and Data Flow Protection 153 Data Owners 161 Data Controllers 162 Data Processors 163 Data Stewards 164 Data Custodians 164 Data Remanence 164 Data Sovereignty 168 Data Localization or Residency 169 Government and Law Enforcement Access to Data 171 Collection Limitation 172 Understanding Data States 173 Data Issues with Emerging Technologies 173 Ensure Appropriate Asset Retention 175 Retention of Records 178 Determining Appropriate Records Retention 178 Retention of Records in Data Lifecycle 179 Records Retention Best Practices 180 Determine Data Security Controls 181 Technical, Administrative, and Physical Controls 183 Establishing the Baseline Security 185 Scoping and Tailoring 186 Standards Selection 189 Data Protection Methods 198 Establish Information and Asset Handling Requirements 208 Marking and Labeling 208 Handling 209 Declassifying Data 210 Storage 211 Summary 212 Domain 3: Security Architecture and Engineering 213 Implement and Manage Engineering Processes Using Secure Design Principles 215 Saltzer and Schroeder’s Principles 216 ISO/IEC 19249 221 Defense in Depth 229 Using Security Principles 230 Understand the Fundamental Concepts of Security Models 230 Bell-LaPadula Model 232 The Biba Integrity Model 234 The Clark-Wilson Model 235 The Brewer-Nash Model 235 Select Controls Based upon Systems Security Requirements 237 Understand Security Capabilities of Information Systems 241 Memory Protection 241 Virtualization 244 Secure Cryptoprocessor 247 Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 253 Client-Based Systems 254 Server-Based Systems 255 Database Systems 257 Cryptographic Systems 260 Industrial Control Systems 267 Cloud-Based Systems 271 Distributed Systems 274 Internet of Things 275 Assess and Mitigate Vulnerabilities in Web-Based Systems 278 Injection Vulnerabilities 279 Broken Authentication 280 Sensitive Data Exposure 283 XML External Entities 284 Broken Access Control 284 Security Misconfiguration 285 Cross-Site Scripting 285 Using Components with Known Vulnerabilities 286 Insufficient Logging and Monitoring 286 Cross-Site Request Forgery 287 Assess and Mitigate Vulnerabilities in Mobile Systems 287 Passwords 288 Multifactor Authentication 288 Session Lifetime 289 Wireless Vulnerabilities 290 Mobile Malware 290 Unpatched Operating System or Browser 290 Insecure Devices 291 Mobile Device Management 291 Assess and Mitigate Vulnerabilities in Embedded Devices 292 Apply Cryptography 295 Cryptographic Lifecycle 295 Cryptographic Methods 298 Public Key Infrastructure 311 Key Management Practices 315 Digital Signatures 318 Non-Repudiation 320 Integrity 321 Understand Methods of Cryptanalytic Attacks 325 Digital Rights Management 339 Apply Security Principles to Site and Facility Design 342 Implement Site and Facility Security Controls 343 Physical Access Controls 343 Wiring Closets/Intermediate Distribution Facilities 345 Server Rooms/Data Centers 346 Media Storage Facilities 348 Evidence Storage 349 Restricted and Work Area Security 349 Utilities and Heating, Ventilation, and Air Conditioning 351 Environmental Issues 355 Fire Prevention, Detection, and Suppression 358 Summary 362 Domain 4: Communication and Network Security 363 Implement Secure Design Principles in Network Architectures 364 Open Systems Interconnection and Transmission Control Protocol/Internet Protocol Models 365 Internet Protocol Networking 382 Implications of Multilayer Protocols 392 Converged Protocols 394 Software-Defined Networks 395 Wireless Networks 396 Internet, Intranets, and Extranets 409 Demilitarized Zones 410 Virtual LANs 410 Secure Network Components 411 Firewalls 412 Network Address Translation 418 Intrusion Detection System 421 Security Information and Event Management 422 Network Security from Hardware Devices 423 Transmission Media 429 Endpoint Security 442 Implementing Defense in Depth 447 Content Distribution Networks 448 Implement Secure Communication Channels According to Design 449 Secure Voice Communications 449 Multimedia Collaboration 452 Remote Access 458 Data Communications 466 Virtualized Networks 470 Summary 481 Domain 5: Identity and Access Management 483 Control Physical and Logical Access to Assets 484 Information 485 Systems 486 Devices 487 Facilities 488 Manage Identification and Authentication of People, Devices, and Services 492 Identity Management Implementation 494 Single Factor/Multifactor Authentication 496 Accountability 511 Session Management 511 Registration and Proofing of Identity 513 Federated Identity Management 520 Credential Management Systems 524 Integrate Identity as a Third-Party Service 525 On-Premise 526 Cloud 527 Federated 527 Implement and Manage Authorization Mechanisms 528 Role-Based Access Control 528 Rule-Based Access Control 529 Mandatory Access Control 530 Discretionary Access Control 531 Attribute-Based Access Control 531 Manage the Identity and Access Provisioning Lifecycle 533 User Access Review 534 System Account Access Review 535 Provisioning and Deprovisioning 535 Auditing and Enforcement 536 Summary 537 Domain 6: Security Assessment and Testing 539 Design and Validate Assessment, Test, and Audit Strategies 540 Assessment Standards 543 Conduct Security Control Testing 545 Vulnerability Assessment 546 Penetration Testing 554 Log Reviews 564 Synthetic Transactions 565 Code Review and Testing 567 Misuse Case Testing 571 Test Coverage Analysis 573 Interface Testing 574 Collect Security Process Data 575 Account Management 577 Management Review and Approval 579 Key Performance and Risk Indicators 580 Backup Verification Data 583 Training and Awareness 584 Disaster Recovery and Business Continuity 585 Analyze Test Output and Generate Report 587 Conduct or Facilitate Security Audits 590 Internal Audits 591 External Audits 591 Third-Party Audits 592 Integrating Internal and External Audits 593 Auditing Principles 593 Audit Programs 594 Summary 596 Domain 7: Security Operations 597 Understand and Support Investigations 598 Evidence Collection and Handling 599 Reporting and Documentation 601 Investigative Techniques 602 Digital Forensics Tools, Techniques, and Procedures 604 Understand Requirements for Investigation Types 610 Administrative 611 Criminal 613 Civil 614 Regulatory 616 Industry Standards 616 Conduct Logging and Monitoring Activities 617 Define Auditable Events 618 Time 619 Protect Logs 620 Intrusion Detection and Prevention 621 Security Information and Event Management 623 Continuous Monitoring 625 Ingress Monitoring 629 Egress Monitoring 631 Securely Provision Resources 632 Asset Inventory 632 Asset Management 634 Configuration Management 635 Understand and Apply Foundational Security Operations Concepts 637 Need to Know/Least Privilege 637 Separation of Duties and Responsibilities 638 Privileged Account Management 640 Job Rotation 642 Information Lifecycle 643 Service Level Agreements 644 Apply Resource Protection Techniques to Media 647 Marking 647 Protecting 647 Transport 648 Sanitization and Disposal 649 Conduct Incident Management 650 An Incident Management Program 651 Detection 653 Response 656 Mitigation 657 Reporting 658 Recovery 661 Remediation 661 Lessons Learned 661 Third-Party Considerations 662 Operate and Maintain Detective and Preventative Measures 663 White-listing/Black-listing 665 Third-Party Security Services 665 Honeypots/Honeynets 667 Anti-Malware 667 Implement and Support Patch and Vulnerability Management 670 Understand and Participate in Change Management Processes 672 Implement Recovery Strategies 673 Backup Storage Strategies 673 Recovery Site Strategies 676 Multiple Processing Sites 678 System Resilience, High Availability, Quality of Service, and Fault Tolerance 679 Implement Disaster Recovery Processes 679 Response 680 Personnel 680 Communications 682 Assessment 682 Restoration 683 Training and Awareness 684 Test Disaster Recovery Plans 685 Read-Through/Tabletop 686 Walk-Through 687 Simulation 687 Parallel 687 Full Interruption 688 Participate in Business Continuity Planning and Exercises 688 Implement and Manage Physical Security 689 Physical Access Control 689 The Data Center 692 Address Personnel Safety and Security Concerns 693 Travel 693 Duress 693 Summary 694 Domain 8: Software Development Security 695 Understand and Integrate Security in the Software Development Lifecycle 696 Development Methodologies 696 Maturity Models 753 Operations and Maintenance 768 Change Management 770 Integrated Product Team 773 Identify and Apply Security Controls in Development Environments 776 Security of the Software Environment 777 Configuration Management as an Aspect of Secure Coding 796 Security of Code Repositories 798 Assess the Effectiveness of Software Security 802 Logging and Auditing of Changes 802 Risk Analysis and Mitigation 817 Assess the Security Impact of Acquired Software 835 Acquired Software Types 835 Software Acquisition Process 842 Relevant Standards 845 Software Assurance 848 Certification and Accreditation 852 Define and Apply Secure Coding Standards and Guidelines 853 Security Weaknesses and Vulnerabilities at the Source-Code Level 854 Security of Application Programming Interfaces 859 Secure Coding Practices 868 Summary 874 Index 875
Summary: Description The only official, comprehensive reference guide to the CISSP All new for 2019 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)2, the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024. This CBK covers the new eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Written by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with: Common and good practices for each objective Common vocabulary and definitions References to widely accepted computing standards Highlights of successful approaches through case studies Whether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.
Tags from this library: No tags from this library for this title. Log in to add tags.
    Average rating: 0.0 (0 votes)
Item type Current location Home library Call number Status Date due Barcode Item holds
EBOOK EBOOK COLLEGE LIBRARY
COLLEGE LIBRARY
005.8 W261 2019 (Browse shelf) Available CL-52214
Total holds: 0

Include index.

Table of Contents
Foreword xxv

Introduction xxvii

Domain 1: Security and Risk Management 1

Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2

Information Security 3

Evaluate and Apply Security Governance Principles 6

Alignment of Security Functions to Business Strategy, Goals, Mission, and Objectives 6

Vision, Mission, and Strategy 6

Governance 7

Due Care 10

Determine Compliance Requirements 11

Legal Compliance 12

Jurisdiction 12

Legal Tradition 12

Legal Compliance Expectations 13

Understand Legal and Regulatory Issues That Pertain to Information Security in a Global Context 13

Cyber Crimes and Data Breaches 14

Privacy 36

Understand, Adhere to, and Promote Professional Ethics 49

Ethical Decision-Making 49

Established Standards of Ethical Conduct 51

(ISC)² Ethical Practices 56

Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 57

Organizational Documents 58

Policy Development 61

Policy Review Process 61

Identify, Analyze, and Prioritize Business Continuity Requirements 62

Develop and Document Scope and Plan 62

Risk Assessment 70

Business Impact Analysis 71

Develop the Business Continuity Plan 73

Contribute to and Enforce Personnel Security Policies and Procedures 80

Key Control Principles 80

Candidate Screening and Hiring 82

Onboarding and Termination Processes 91

Vendor, Consultant, and Contractor Agreements and Controls 96

Privacy in the Workplace 97

Understand and Apply Risk Management Concepts 99

Risk 99

Risk Management Frameworks 99

Risk Assessment Methodologies 108

Understand and Apply Threat Modeling Concepts and Methodologies 111

Threat Modeling Concepts 111

Threat Modeling Methodologies 112

Apply Risk-Based Management Concepts to the Supply Chain 116

Supply Chain Risks 116

Supply Chain Risk Management 119

Establish and Maintain a Security Awareness, Education, and Training Program 121

Security Awareness Overview 122

Developing an Awareness Program 123

Training 127

Summary 128

Domain 2: Asset Security 131

Asset Security Concepts 131

Data Policy 132

Data Governance 132

Data Quality 133

Data Documentation 134

Data Organization 136

Identify and Classify Information and Assets 139

Asset Classification 141

Determine and Maintain Information and Asset Ownership 145

Asset Management Lifecycle 146

Software Asset Management 148

Protect Privacy 152

Cross-Border Privacy and Data Flow Protection 153

Data Owners 161

Data Controllers 162

Data Processors 163

Data Stewards 164

Data Custodians 164

Data Remanence 164

Data Sovereignty 168

Data Localization or Residency 169

Government and Law Enforcement Access to Data 171

Collection Limitation 172

Understanding Data States 173

Data Issues with Emerging Technologies 173

Ensure Appropriate Asset Retention 175

Retention of Records 178

Determining Appropriate Records Retention 178

Retention of Records in Data Lifecycle 179

Records Retention Best Practices 180

Determine Data Security Controls 181

Technical, Administrative, and Physical Controls 183

Establishing the Baseline Security 185

Scoping and Tailoring 186

Standards Selection 189

Data Protection Methods 198

Establish Information and Asset Handling Requirements 208

Marking and Labeling 208

Handling 209

Declassifying Data 210

Storage 211

Summary 212

Domain 3: Security Architecture and Engineering 213

Implement and Manage Engineering Processes Using Secure Design Principles 215

Saltzer and Schroeder’s Principles 216

ISO/IEC 19249 221

Defense in Depth 229

Using Security Principles 230

Understand the Fundamental Concepts of Security Models 230

Bell-LaPadula Model 232

The Biba Integrity Model 234

The Clark-Wilson Model 235

The Brewer-Nash Model 235

Select Controls Based upon Systems Security Requirements 237

Understand Security Capabilities of Information Systems 241

Memory Protection 241

Virtualization 244

Secure Cryptoprocessor 247

Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 253

Client-Based Systems 254

Server-Based Systems 255

Database Systems 257

Cryptographic Systems 260

Industrial Control Systems 267

Cloud-Based Systems 271

Distributed Systems 274

Internet of Things 275

Assess and Mitigate Vulnerabilities in Web-Based Systems 278

Injection Vulnerabilities 279

Broken Authentication 280

Sensitive Data Exposure 283

XML External Entities 284

Broken Access Control 284

Security Misconfiguration 285

Cross-Site Scripting 285

Using Components with Known Vulnerabilities 286

Insufficient Logging and Monitoring 286

Cross-Site Request Forgery 287

Assess and Mitigate Vulnerabilities in Mobile Systems 287

Passwords 288

Multifactor Authentication 288

Session Lifetime 289

Wireless Vulnerabilities 290

Mobile Malware 290

Unpatched Operating System or Browser 290

Insecure Devices 291

Mobile Device Management 291

Assess and Mitigate Vulnerabilities in Embedded Devices 292

Apply Cryptography 295

Cryptographic Lifecycle 295

Cryptographic Methods 298

Public Key Infrastructure 311

Key Management Practices 315

Digital Signatures 318

Non-Repudiation 320

Integrity 321

Understand Methods of Cryptanalytic Attacks 325

Digital Rights Management 339

Apply Security Principles to Site and Facility Design 342

Implement Site and Facility Security Controls 343

Physical Access Controls 343

Wiring Closets/Intermediate Distribution Facilities 345

Server Rooms/Data Centers 346

Media Storage Facilities 348

Evidence Storage 349

Restricted and Work Area Security 349

Utilities and Heating, Ventilation, and Air Conditioning 351

Environmental Issues 355

Fire Prevention, Detection, and Suppression 358

Summary 362

Domain 4: Communication and Network Security 363

Implement Secure Design Principles in Network Architectures 364

Open Systems Interconnection and Transmission Control Protocol/Internet Protocol Models 365

Internet Protocol Networking 382

Implications of Multilayer Protocols 392

Converged Protocols 394

Software-Defined Networks 395

Wireless Networks 396

Internet, Intranets, and Extranets 409

Demilitarized Zones 410

Virtual LANs 410

Secure Network Components 411

Firewalls 412

Network Address Translation 418

Intrusion Detection System 421

Security Information and Event Management 422

Network Security from Hardware Devices 423

Transmission Media 429

Endpoint Security 442

Implementing Defense in Depth 447

Content Distribution Networks 448

Implement Secure Communication Channels According to Design 449

Secure Voice Communications 449

Multimedia Collaboration 452

Remote Access 458

Data Communications 466

Virtualized Networks 470

Summary 481

Domain 5: Identity and Access Management 483

Control Physical and Logical Access to Assets 484

Information 485

Systems 486

Devices 487

Facilities 488

Manage Identification and Authentication of People, Devices, and Services 492

Identity Management Implementation 494

Single Factor/Multifactor Authentication 496

Accountability 511

Session Management 511

Registration and Proofing of Identity 513

Federated Identity Management 520

Credential Management Systems 524

Integrate Identity as a Third-Party Service 525

On-Premise 526

Cloud 527

Federated 527

Implement and Manage Authorization Mechanisms 528

Role-Based Access Control 528

Rule-Based Access Control 529

Mandatory Access Control 530

Discretionary Access Control 531

Attribute-Based Access Control 531

Manage the Identity and Access Provisioning Lifecycle 533

User Access Review 534

System Account Access Review 535

Provisioning and Deprovisioning 535

Auditing and Enforcement 536

Summary 537

Domain 6: Security Assessment and Testing 539

Design and Validate Assessment, Test, and Audit Strategies 540

Assessment Standards 543

Conduct Security Control Testing 545

Vulnerability Assessment 546

Penetration Testing 554

Log Reviews 564

Synthetic Transactions 565

Code Review and Testing 567

Misuse Case Testing 571

Test Coverage Analysis 573

Interface Testing 574

Collect Security Process Data 575

Account Management 577

Management Review and Approval 579

Key Performance and Risk Indicators 580

Backup Verification Data 583

Training and Awareness 584

Disaster Recovery and Business Continuity 585

Analyze Test Output and Generate Report 587

Conduct or Facilitate Security Audits 590

Internal Audits 591

External Audits 591

Third-Party Audits 592

Integrating Internal and External Audits 593

Auditing Principles 593

Audit Programs 594

Summary 596

Domain 7: Security Operations 597

Understand and Support Investigations 598

Evidence Collection and Handling 599

Reporting and Documentation 601

Investigative Techniques 602

Digital Forensics Tools, Techniques, and Procedures 604

Understand Requirements for Investigation Types 610

Administrative 611

Criminal 613

Civil 614

Regulatory 616

Industry Standards 616

Conduct Logging and Monitoring Activities 617

Define Auditable Events 618

Time 619

Protect Logs 620

Intrusion Detection and Prevention 621

Security Information and Event Management 623

Continuous Monitoring 625

Ingress Monitoring 629

Egress Monitoring 631

Securely Provision Resources 632

Asset Inventory 632

Asset Management 634

Configuration Management 635

Understand and Apply Foundational Security Operations Concepts 637

Need to Know/Least Privilege 637

Separation of Duties and Responsibilities 638

Privileged Account Management 640

Job Rotation 642

Information Lifecycle 643

Service Level Agreements 644

Apply Resource Protection Techniques to Media 647

Marking 647

Protecting 647

Transport 648

Sanitization and Disposal 649

Conduct Incident Management 650

An Incident Management Program 651

Detection 653

Response 656

Mitigation 657

Reporting 658

Recovery 661

Remediation 661

Lessons Learned 661

Third-Party Considerations 662

Operate and Maintain Detective and Preventative Measures 663

White-listing/Black-listing 665

Third-Party Security Services 665

Honeypots/Honeynets 667

Anti-Malware 667

Implement and Support Patch and Vulnerability Management 670

Understand and Participate in Change Management Processes 672

Implement Recovery Strategies 673

Backup Storage Strategies 673

Recovery Site Strategies 676

Multiple Processing Sites 678

System Resilience, High Availability, Quality of Service, and Fault Tolerance 679

Implement Disaster Recovery Processes 679

Response 680

Personnel 680

Communications 682

Assessment 682

Restoration 683

Training and Awareness 684

Test Disaster Recovery Plans 685

Read-Through/Tabletop 686

Walk-Through 687

Simulation 687

Parallel 687

Full Interruption 688

Participate in Business Continuity Planning and Exercises 688

Implement and Manage Physical Security 689

Physical Access Control 689

The Data Center 692

Address Personnel Safety and Security Concerns 693

Travel 693

Duress 693

Summary 694

Domain 8: Software Development Security 695

Understand and Integrate Security in the Software Development Lifecycle 696

Development Methodologies 696

Maturity Models 753

Operations and Maintenance 768

Change Management 770

Integrated Product Team 773

Identify and Apply Security Controls in Development Environments 776

Security of the Software Environment 777

Configuration Management as an Aspect of Secure Coding 796

Security of Code Repositories 798

Assess the Effectiveness of Software Security 802

Logging and Auditing of Changes 802

Risk Analysis and Mitigation 817

Assess the Security Impact of Acquired Software 835

Acquired Software Types 835

Software Acquisition Process 842

Relevant Standards 845

Software Assurance 848

Certification and Accreditation 852

Define and Apply Secure Coding Standards and Guidelines 853

Security Weaknesses and Vulnerabilities at the Source-Code Level 854

Security of Application Programming Interfaces 859

Secure Coding Practices 868

Summary 874

Index 875

Description
The only official, comprehensive reference guide to the CISSP

All new for 2019 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)2, the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024.

This CBK covers the new eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Written by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with:

Common and good practices for each objective
Common vocabulary and definitions
References to widely accepted computing standards
Highlights of successful approaches through case studies
Whether you've earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.

There are no comments for this item.

to post a comment.