Normal view MARC view ISBD view

(ISC)² CISSP certified information systems security professional : official study guide / Mike Chapple, James Michael Stewart, Darril Gibson.

By: Chapple, Mike, 1975- [author.]

Contributor(s): Stewart, James Michael [author.] | Gibson, Darril [author.]

Publisher: Indianapolis, Indiana : John Wiley & Sons, [2018]Copyright date: ©2018Edition: Eighth editionDescription: 1 online resource (li, 1050 pages) : illustrationsContent type: text | still image Media type: computer Carrier type: online resourceISBN: 9781119475934; 9781119549567; 1119475937Other title: CISSP certified information systems security professional official study guide | Certified information systems security professional official study guide | CISSO official study guideSubject(s): Computer security -- Examinations -- Study guides | Computer networks -- Security measures -- Examinations -- Study guides | Electronic data processing personnel -- Certification | Telecommunications engineers -- Certification | Computer networks -- Security measures -- Examinations | Computer security -- Examinations | Electronic data processing personnel -- Certification | Telecommunications engineers -- CertificationGenre/Form: Study guides. | Study guides.DDC classification: 005.8076 LOC classification: QA76.3 | .C4255 2018Online resources: Full text available at Wiley Online Library Click here to view

Contents:

TABLE OF CONTENTS Introduction xxxiii Assessment Test xlii Chapter 1 Security Governance Through Principles and Policies 1 Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2 Evaluate and Apply Security Governance Principles 14 Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 26 Understand and Apply Threat Modeling Concepts and Methodologies 30 Apply Risk-Based Management Concepts to the Supply Chain 38 Summary 40 Exam Essentials 42 Written Lab 44 Review Questions 45 Chapter 2 Personnel Security and Risk Management Concepts 49 Personnel Security Policies and Procedures 51 Security Governance 62 Understand and Apply Risk Management Concepts 63 Establish and Maintain a Security Awareness, Education, and Training Program 86 Manage the Security Function 87 Summary 88 Exam Essentials 89 Written Lab 92 Review Questions 93 Chapter 3 Business Continuity Planning 97 Planning for Business Continuity 98 Project Scope and Planning 99 Business Impact Assessment 105 Continuity Planning 111 Plan Approval and Implementation 114 Summary 119 Exam Essentials 119 Written Lab 120 Review Questions 121 Chapter 4 Laws, Regulations, and Compliance 125 Categories of Laws 126 Laws 129 Compliance 149 Contracting and Procurement 150 Summary 151 Exam Essentials 152 Written Lab 153 Review Questions 154 Chapter 5 Protecting Security of Assets 159 Identify and Classify Assets 160 Determining Ownership 178 Using Security Baselines 186 Summary 187 Exam Essentials 188 Written Lab 189 Review Questions 190 Chapter 6 Cryptography and Symmetric Key Algorithms 195 Historical Milestones in Cryptography 196 Cryptographic Basics 198 Modern Cryptography 214 Symmetric Cryptography 219 Cryptographic Lifecycle 228 Summary 229 Exam Essentials 229 Written Lab 231 Review Questions 232 Chapter 7 PKI and Cryptographic Applications 237 Asymmetric Cryptography 238 Hash Functions 242 Digital Signatures 246 Public Key Infrastructure 249 Asymmetric Key Management 253 Applied Cryptography 254 Cryptographic Attacks 265 Summary 268 Exam Essentials 269 Written Lab 270 Review Questions 271 Chapter 8 Principles of Security Models, Design, and Capabilities 275 Implement and Manage Engineering Processes Using Secure Design Principles 276 Understand the Fundamental Concepts of Security Models 281 Select Controls Based On Systems Security Requirements 295 Understand Security Capabilities of Information Systems 309 Summary 311 Exam Essentials 312 Written Lab 313 Review Questions 314 Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 319 Assess and Mitigate Security Vulnerabilities 320 Client-Based Systems 342 Server-Based Systems 346 Database Systems Security 347 Distributed Systems and Endpoint Security 350 Internet of Things 358 Industrial Control Systems 359 Assess and Mitigate Vulnerabilities in Web-Based Systems 360 Assess and Mitigate Vulnerabilities in Mobile Systems 365 Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems 375 Essential Security Protection Mechanisms 379 Common Architecture Flaws and Security Issues 384 Summary 390 Exam Essentials 391 Written Lab 394 Review Questions 395 Chapter 10 Physical Security Requirements 399 Apply Security Principles to Site and Facility Design 400 Implement Site and Facility Security Controls 403 Implement and Manage Physical Security 422 Summary 431 Exam Essentials 432 Written Lab 434 Review Questions 435 Chapter 11 Secure Network Architecture and Securing Network Components 439 OSI Model 440 TCP/IP Model 451 Converged Protocols 470 Wireless Networks 472 Secure Network Components 486 Cabling, Wireless, Topology, Communications, and Transmission Media Technology 495 Summary 513 Exam Essentials 514 Written Lab 516 Review Questions 517 Chapter 12 Secure Communications and Network Attacks 521 Network and Protocol Security Mechanisms 522 Secure Voice Communications 525 Multimedia Collaboration 529 Manage Email Security 530 Remote Access Security Management 536 Virtual Private Network 540 Virtualization 546 Network Address Translation 549 Switching Technologies 553 WAN Technologies 556 Miscellaneous Security Control Characteristics 561 Security Boundaries 563 Prevent or Mitigate Network Attacks 564 Summary 569 Exam Essentials 571 Written Lab 573 Review Questions 574 Chapter 13 Managing Identity and Authentication 579 Controlling Access to Assets 580 Comparing Identification and Authentication 584 Implementing Identity Management 602 Managing the Identity and Access Provisioning Lifecycle 611 Summary 614 Exam Essentials 615 Written Lab 617 Review Questions 618 Chapter 14 Controlling and Monitoring Access 623 Comparing Access Control Models 624 Understanding Access Control Attacks 635 Summary 653 Exam Essentials 654 Written Lab 656 Review Questions 657 Chapter 15 Security Assessment and Testing 661 Building a Security Assessment and Testing Program 662 Performing Vulnerability Assessments 668 Testing Your Software 681 Implementing Security Management Processes 688 Summary 690 Exam Essentials 691 Written Lab 692 Review Questions 693 Chapter 16 Managing Security Operations 697 Applying Security Operations Concepts 698 Securely Provisioning Resources 710 Managing Configuration 718 Managing Change 719 Managing Patches and Reducing Vulnerabilities 723 Summary 728 Exam Essentials 729 Written Lab 731 Review Questions 732 Chapter 17 Preventing and Responding to Incidents 737 Managing Incident Response 738 Implementing Detective and Preventive Measures 745 Logging, Monitoring, and Auditing 773 Summary 790 Exam Essentials 792 Written Lab 795 Review Questions 796 Chapter 18 Disaster Recovery Planning 801 The Nature of Disaster 802 Understand System Resilience and Fault Tolerance 812 Recovery Strategy 818 Recovery Plan Development 827 Training, Awareness, and Documentation 835 Testing and Maintenance 836 Summary 838 Exam Essentials 838 Written Lab 839 Review Questions 840 Chapter 19 Investigations and Ethics 845 Investigations 846 Major Categories of Computer Crime 857 Ethics 861 Summary 864 Exam Essentials 864 Written Lab 865 Review Questions 866 Chapter 20 Software Development Security 871 Introducing Systems Development Controls 872 Establishing Databases and Data Warehousing 895 Storing Data and Information 904 Understanding Knowledge-Based Systems 906 Summary 909 Exam Essentials 909 Written Lab 910 Review Questions 911 Chapter 21 Malicious Code and Application Attacks 915 Malicious Code 916 Password Attacks 929 Application Attacks 933 Web Application Security 935 Reconnaissance Attacks 940 Masquerading Attacks 941 Summary 942 Exam Essentials 943 Written Lab 944 Review Questions 945 Appendix A Answers to Review Questions 949 Chapter 1: Security Governance Through Principles and Policies 950 Chapter 2: Personnel Security and Risk Management Concepts 951 Chapter 3: Business Continuity Planning 952 Chapter 4: Laws, Regulations, and Compliance 954 Chapter 5: Protecting Security of Assets 956 Chapter 6: Cryptography and Symmetric Key Algorithms 958 Chapter 7: PKI and Cryptographic Applications 960 Chapter 8: Principles of Security Models, Design, and Capabilities 961 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 963 Chapter 10: Physical Security Requirements 965 Chapter 11: Secure Network Architecture and Securing Network Components 966 Chapter 12: Secure Communications and Network Attacks 968 Chapter 13: Managing Identity and Authentication 969 Chapter 14: Controlling and Monitoring Access 971 Chapter 15: Security Assessment and Testing 973 Chapter 16: Managing Security Operations 975 Chapter 17: Preventing and Responding to Incidents 977 Chapter 18: Disaster Recovery Planning 980 Chapter 19: Investigations and Ethics 981 Chapter 20: Software Development Security 983 Chapter 21: Malicious Code and Application Attacks 984 Appendix B Answers to Written Labs 987 Chapter 1: Security Governance Through Principles and Policies 988 Chapter 2: Personnel Security and Risk Management Concepts 988 Chapter 3: Business Continuity Planning 989 Chapter 4: Laws, Regulations, and Compliance 990 Chapter 5: Protecting Security of Assets 991 Chapter 6: Cryptography and Symmetric Key Algorithms 991 Chapter 7: PKI and Cryptographic Applications 992 Chapter 8: Principles of Security Models, Design, and Capabilities 992 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 993 Chapter 10: Physical Security Requirements 994 Chapter 11: Secure Network Architecture and Securing Network Components 994 Chapter 12: Secure Communications and Network Attacks 995 Chapter 13: Managing Identity and Authentication 996 Chapter 14: Controlling and Monitoring Access 996 Chapter 15: Security Assessment and Testing 997 Chapter 16: Managing Security Operations 997 Chapter 17: Preventing and Responding to Incidents 998 Chapter 18: Disaster Recovery Planning 999 Chapter 19: Investigations and Ethics 999 Chapter 20: Software Development Security 1000 Chapter 21: Malicious Code and Application Attacks 1000 Index 1001

Summary: CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions -- Provided by the publisher.

Tags from this library: No tags from this library for this title. Log in to add tags.

Average rating: 0.0 (0 votes)

Holdings ( 1 )
Title notes
Comments ( 0 )

Item type	Current location	Home library	Call number	Status	Date due	Barcode	Item holds
EBOOK	COLLEGE LIBRARY	COLLEGE LIBRARY	005.8076 C3688 2018 (Browse shelf)	Available		CL-50964

Total holds: 0

Includes index.

ABOUT THE AUTHOR
ABOUT THE AUTHORS

Mike Chapple, PhD, CISSP, Security+, CISA, CySA+ is Associate Teaching Professor of IT, Analytics and Operations at the University of Notre Dame. He is a leading expert on cybersecurity certification and runs CertMike.com.

James Michael Stewart, CISSP, CEH, ECSA, CHFI, Security+, Network+, has focused on security, certification, networking, and various operating systems for more than 25 years. He teaches numerous job skill and certification focused courses. He has authored or coauthored more than 75 books.

Darril Gibson, CISSP, Security+, CASP, is CEO of YCDA, LLC. He regularly writes and consults on a variety of technical and security topics, and has authored or coauthored more than 35 books.

TABLE OF CONTENTS
Introduction xxxiii

Assessment Test xlii

Chapter 1 Security Governance Through Principles and Policies 1

Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2

Evaluate and Apply Security Governance Principles 14

Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 26

Understand and Apply Threat Modeling Concepts and Methodologies 30

Apply Risk-Based Management Concepts to the Supply Chain 38

Summary 40

Exam Essentials 42

Written Lab 44

Review Questions 45

Chapter 2 Personnel Security and Risk Management Concepts 49

Personnel Security Policies and Procedures 51

Security Governance 62

Understand and Apply Risk Management Concepts 63

Establish and Maintain a Security Awareness, Education, and Training Program 86

Manage the Security Function 87

Summary 88

Exam Essentials 89

Written Lab 92

Review Questions 93

Chapter 3 Business Continuity Planning 97

Planning for Business Continuity 98

Project Scope and Planning 99

Business Impact Assessment 105

Continuity Planning 111

Plan Approval and Implementation 114

Summary 119

Exam Essentials 119

Written Lab 120

Review Questions 121

Chapter 4 Laws, Regulations, and Compliance 125

Categories of Laws 126

Laws 129

Compliance 149

Contracting and Procurement 150

Summary 151

Exam Essentials 152

Written Lab 153

Review Questions 154

Chapter 5 Protecting Security of Assets 159

Identify and Classify Assets 160

Determining Ownership 178

Using Security Baselines 186

Summary 187

Exam Essentials 188

Written Lab 189

Review Questions 190

Chapter 6 Cryptography and Symmetric Key Algorithms 195

Historical Milestones in Cryptography 196

Cryptographic Basics 198

Modern Cryptography 214

Symmetric Cryptography 219

Cryptographic Lifecycle 228

Summary 229

Exam Essentials 229

Written Lab 231

Review Questions 232

Chapter 7 PKI and Cryptographic Applications 237

Asymmetric Cryptography 238

Hash Functions 242

Digital Signatures 246

Public Key Infrastructure 249

Asymmetric Key Management 253

Applied Cryptography 254

Cryptographic Attacks 265

Summary 268

Exam Essentials 269

Written Lab 270

Review Questions 271

Chapter 8 Principles of Security Models, Design, and Capabilities 275

Implement and Manage Engineering Processes Using Secure Design Principles 276

Understand the Fundamental Concepts of Security Models 281

Select Controls Based On Systems Security Requirements 295

Understand Security Capabilities of Information Systems 309

Summary 311

Exam Essentials 312

Written Lab 313

Review Questions 314

Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 319

Assess and Mitigate Security Vulnerabilities 320

Client-Based Systems 342

Server-Based Systems 346

Database Systems Security 347

Distributed Systems and Endpoint Security 350

Internet of Things 358

Industrial Control Systems 359

Assess and Mitigate Vulnerabilities in Web-Based Systems 360

Assess and Mitigate Vulnerabilities in Mobile Systems 365

Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems 375

Essential Security Protection Mechanisms 379

Common Architecture Flaws and Security Issues 384

Summary 390

Exam Essentials 391

Written Lab 394

Review Questions 395

Chapter 10 Physical Security Requirements 399

Apply Security Principles to Site and Facility Design 400

Implement Site and Facility Security Controls 403

Implement and Manage Physical Security 422

Summary 431

Exam Essentials 432

Written Lab 434

Review Questions 435

Chapter 11 Secure Network Architecture and Securing Network Components 439

OSI Model 440

TCP/IP Model 451

Converged Protocols 470

Wireless Networks 472

Secure Network Components 486

Cabling, Wireless, Topology, Communications, and Transmission Media Technology 495

Summary 513

Exam Essentials 514

Written Lab 516

Review Questions 517

Chapter 12 Secure Communications and Network Attacks 521

Network and Protocol Security Mechanisms 522

Secure Voice Communications 525

Multimedia Collaboration 529

Manage Email Security 530

Remote Access Security Management 536

Virtual Private Network 540

Virtualization 546

Network Address Translation 549

Switching Technologies 553

WAN Technologies 556

Miscellaneous Security Control Characteristics 561

Security Boundaries 563

Prevent or Mitigate Network Attacks 564

Summary 569

Exam Essentials 571

Written Lab 573

Review Questions 574

Chapter 13 Managing Identity and Authentication 579

Controlling Access to Assets 580

Comparing Identification and Authentication 584

Implementing Identity Management 602

Managing the Identity and Access Provisioning Lifecycle 611

Summary 614

Exam Essentials 615

Written Lab 617

Review Questions 618

Chapter 14 Controlling and Monitoring Access 623

Comparing Access Control Models 624

Understanding Access Control Attacks 635

Summary 653

Exam Essentials 654

Written Lab 656

Review Questions 657

Chapter 15 Security Assessment and Testing 661

Building a Security Assessment and Testing Program 662

Performing Vulnerability Assessments 668

Testing Your Software 681

Implementing Security Management Processes 688

Summary 690

Exam Essentials 691

Written Lab 692

Review Questions 693

Chapter 16 Managing Security Operations 697

Applying Security Operations Concepts 698

Securely Provisioning Resources 710

Managing Configuration 718

Managing Change 719

Managing Patches and Reducing Vulnerabilities 723

Summary 728

Exam Essentials 729

Written Lab 731

Review Questions 732

Chapter 17 Preventing and Responding to Incidents 737

Managing Incident Response 738

Implementing Detective and Preventive Measures 745

Logging, Monitoring, and Auditing 773

Summary 790

Exam Essentials 792

Written Lab 795

Review Questions 796

Chapter 18 Disaster Recovery Planning 801

The Nature of Disaster 802

Understand System Resilience and Fault Tolerance 812

Recovery Strategy 818

Recovery Plan Development 827

Training, Awareness, and Documentation 835

Testing and Maintenance 836

Summary 838

Exam Essentials 838

Written Lab 839

Review Questions 840

Chapter 19 Investigations and Ethics 845

Investigations 846

Major Categories of Computer Crime 857

Ethics 861

Summary 864

Exam Essentials 864

Written Lab 865

Review Questions 866

Chapter 20 Software Development Security 871

Introducing Systems Development Controls 872

Establishing Databases and Data Warehousing 895

Storing Data and Information 904

Understanding Knowledge-Based Systems 906

Summary 909

Exam Essentials 909

Written Lab 910

Review Questions 911

Chapter 21 Malicious Code and Application Attacks 915

Malicious Code 916

Password Attacks 929

Application Attacks 933

Web Application Security 935

Reconnaissance Attacks 940

Masquerading Attacks 941

Summary 942

Exam Essentials 943

Written Lab 944

Review Questions 945

Appendix A Answers to Review Questions 949

Chapter 1: Security Governance Through Principles and Policies 950

Chapter 2: Personnel Security and Risk Management Concepts 951

Chapter 3: Business Continuity Planning 952

Chapter 4: Laws, Regulations, and Compliance 954

Chapter 5: Protecting Security of Assets 956

Chapter 6: Cryptography and Symmetric Key Algorithms 958

Chapter 7: PKI and Cryptographic Applications 960

Chapter 8: Principles of Security Models, Design, and Capabilities 961

Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 963

Chapter 10: Physical Security Requirements 965

Chapter 11: Secure Network Architecture and Securing Network Components 966

Chapter 12: Secure Communications and Network Attacks 968

Chapter 13: Managing Identity and Authentication 969

Chapter 14: Controlling and Monitoring Access 971

Chapter 15: Security Assessment and Testing 973

Chapter 16: Managing Security Operations 975

Chapter 17: Preventing and Responding to Incidents 977

Chapter 18: Disaster Recovery Planning 980

Chapter 19: Investigations and Ethics 981

Chapter 20: Software Development Security 983

Chapter 21: Malicious Code and Application Attacks 984

Appendix B Answers to Written Labs 987

Chapter 1: Security Governance Through Principles and Policies 988

Chapter 2: Personnel Security and Risk Management Concepts 988

Chapter 3: Business Continuity Planning 989

Chapter 4: Laws, Regulations, and Compliance 990

Chapter 5: Protecting Security of Assets 991

Chapter 6: Cryptography and Symmetric Key Algorithms 991

Chapter 7: PKI and Cryptographic Applications 992

Chapter 8: Principles of Security Models, Design, and Capabilities 992

Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 993

Chapter 10: Physical Security Requirements 994

Chapter 11: Secure Network Architecture and Securing Network Components 994

Chapter 12: Secure Communications and Network Attacks 995

Chapter 13: Managing Identity and Authentication 996

Chapter 14: Controlling and Monitoring Access 996

Chapter 15: Security Assessment and Testing 997

Chapter 16: Managing Security Operations 997

Chapter 17: Preventing and Responding to Incidents 998

Chapter 18: Disaster Recovery Planning 999

Chapter 19: Investigations and Ethics 999

Chapter 20: Software Development Security 1000

Chapter 21: Malicious Code and Application Attacks 1000

Index 1001

CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions -- Provided by the publisher.

There are no comments for this item.

to post a comment.