Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition
Cover
Title Page
Copyright
Dedication
Acknowledgments
About the Authors
About the Technical Editors
Foreword
Introduction
Overview of the CISSP Exam
The Elements of This Study Guide
Interactive Online Learning Environment and TestBank
Study Guide Exam Objectives
Objective Map
Reader Support for This Book
Assessment Test
Answers to Assessment Test
Chapter 1: Security Governance Through Principles and Policies
Security 101
Understand and Apply Security Concepts
Security Boundaries
Evaluate and Apply Security Governance Principles
Manage the Security Function
Security Policy, Standards, Procedures, and Guidelines
Threat Modeling
Supply Chain Risk Management
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 2: Personnel Security and Risk Management Concepts
Personnel Security Policies and Procedures
Understand and Apply Risk Management Concepts
Social Engineering
Establish and Maintain a Security Awareness, Education, and Training Program
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 3: Business Continuity Planning
Planning for Business Continuity
Project Scope and Planning
Business Impact Analysis
Continuity Planning
Plan Approval and Implementation
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 4: Laws, Regulations, and Compliance
Categories of Laws
Laws
State Privacy Laws
Compliance
Contracting and Procurement
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 5: Protecting Security of Assets
Identifying and Classifying Information and Assets
Establishing Information and Asset Handling Requirements
Data Protection Methods
Understanding Data Roles
Using Security Baselines
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 6: Cryptography and Symmetric Key Algorithms
Cryptographic Foundations
Modern Cryptography
Symmetric Cryptography
Cryptographic Lifecycle
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 7: PKI and Cryptographic Applications
Asymmetric Cryptography
Hash Functions
Digital Signatures
Public Key Infrastructure
Asymmetric Key Management
Hybrid Cryptography
Applied Cryptography
Cryptographic Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 8: Principles of Security Models, Design, and Capabilities
Secure Design Principles
Techniques for Ensuring CIA
Understand the Fundamental Concepts of Security Models
Select Controls Based on Systems Security Requirements
Understand Security Capabilities of Information Systems
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
Shared Responsibility
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
Client-Based Systems
Server-Based Systems
Industrial Control Systems
Distributed Systems
High-Performance Computing (HPC) Systems
Internet of Things
Edge and Fog Computing
Embedded Devices and Cyber-Physical Systems
Specialized Devices
Microservices
Infrastructure as Code
Virtualized Systems
Containerization
Serverless Architecture
Mobile Devices
Essential Security Protection Mechanisms
Common Security Architecture Flaws and Issues
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 10: Physical Security Requirements
Apply Security Principles to Site and Facility Design
Implement Site and Facility Security Controls
Implement and Manage Physical Security
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 11: Secure Network Architecture and Components
OSI Model
TCP/IP Model
Analyzing Network Traffic
Common Application Layer Protocols
Transport Layer Protocols
Domain Name System
Internet Protocol (IP) Networking
ARP Concerns
Secure Communication Protocols
Implications of Multilayer Protocols
Microsegmentation
Wireless Networks
Other Communication Protocols
Cellular Networks
Content Distribution Networks (CDNs)
Secure Network Components
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 12: Secure Communications and Network Attacks
Protocol Security Mechanisms
Secure Voice Communications
Remote Access Security Management
Multimedia Collaboration
Load Balancing
Manage Email Security
Virtual Private Network
Switching and Virtual LANs
Network Address Translation
Third-Party Connectivity
Switching Technologies
WAN Technologies
Fiber-Optic Links
Security Control Characteristics
Prevent or Mitigate Network Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 13: Managing Identity and Authentication
Controlling Access to Assets
Managing Identification and Authentication
Implementing Identity Management
Managing the Identity and Access Provisioning Lifecycle
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 14: Controlling and Monitoring Access
Comparing Access Control Models
Implementing Authentication Systems
Understanding Access Control Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 15: Security Assessment and Testing
Building a Security Assessment and Testing Program
Performing Vulnerability Assessments
Testing Your Software
Implementing Security Management Processes
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 16: Managing Security Operations
Apply Foundational Security Operations Concepts
Addressing Personnel Safety and Security
Provision Resources Securely
Apply Resource Protection
Managed Services in the Cloud
Perform Configuration Management (CM)
Managing Change
Managing Patches and Reducing Vulnerabilities
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 17: Preventing and Responding to Incidents
Conducting Incident Management
Implementing Detective and Preventive Measures
Logging and Monitoring
Automating Incident Response
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 18: Disaster Recovery Planning
The Nature of Disaster
Understand System Resilience, High Availability, and Fault Tolerance
Recovery Strategy
Recovery Plan Development
Training, Awareness, and Documentation
Testing and Maintenance
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 19: Investigations and Ethics
Investigations
Major Categories of Computer Crime
Ethics
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 20: Software Development Security
Introducing Systems Development Controls
Establishing Databases and Data Warehousing
Storage Threats
Understanding Knowledge-Based Systems
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 21: Malicious Code and Application Attacks
Malware
Malware Prevention
Application Attacks
Injection Vulnerabilities
Exploiting Authorization Vulnerabilities
Exploiting Web Application Vulnerabilities
Application Security Controls
Secure Coding Practices
Summary
Exam Essentials
Written Lab
Review Questions
Appendix A: Answers to Review Questions
Chapter 1: Security Governance Through Principles and Policies
Chapter 2: Personnel Security and Risk Management Concepts
Chapter 3: Business Continuity Planning
Chapter 4: Laws, Regulations, and Compliance
Chapter 5: Protecting Security of Assets
Chapter 6: Cryptography and Symmetric Key Algorithms
Chapter 7: PKI and Cryptographic Applications
Chapter 8: Principles of Security Models, Design, and Capabilities
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
Chapter 10: Physical Security Requirements
Chapter 11: Secure Network Architecture and Components
Chapter 12: Secure Communications and Network Attacks
Chapter 13: Managing Identity and Authentication
Chapter 14: Controlling and Monitoring Access
Chapter 15: Security Assessment and Testing
Chapter 16: Managing Security Operations
Chapter 17: Preventing and Responding to Incidents
Chapter 18: Disaster Recovery Planning
Chapter 19: Investigations and Ethics
Chapter 20: Software Development Security
Chapter 21: Malicious Code and Application Attacks
Appendix B: Answers to Written Labs
Chapter 1: Security Governance Through Principles and Policies
Chapter 2: Personnel Security and Risk Management Concepts
Chapter 3: Business Continuity Planning
Chapter 4: Laws, Regulations, and Compliance
Chapter 5: Protecting Security of Assets
Chapter 6: Cryptography and Symmetric Key Algorithms
Chapter 7: PKI and Cryptographic Applications
Chapter 8: Principles of Security Models, Design, and Capabilities
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
Chapter 10: Physical Security Requirements
Chapter 11: Secure Network Architecture and Components
Chapter 12: Secure Communications and Network Attacks
Chapter 13: Managing Identity and Authentication
Chapter 14: Controlling and Monitoring Access
Chapter 15: Security Assessment and Testing
Chapter 16: Managing Security Operations
Chapter 17: Preventing and Responding to Incidents
Chapter 18: Disaster Recovery Planning
Chapter 19: Investigations and Ethics
Chapter 20: Software Development Security
Chapter 21: Malicious Code and Application Attacks
Index
End User License Agreement
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset