Home Page Icon
Home Page
Table of Contents for
CISSP® Certified Information Systems Security Professional Official Study Guide Eighth Edition
Close
CISSP® Certified Information Systems Security Professional Official Study Guide Eighth Edition
by Darril Gibson, James M Stewart, Mike Chapple
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 8th Edition
Introduction
Overview of the CISSP Exam
Notes on This Book’s Organization
Assessment Test
Answers to Assessment Test
Chapter 1 Security Governance Through Principles and Policies
Understand and Apply Concepts of Confidentiality, Integrity, and Availability
Evaluate and Apply Security Governance Principles
Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
Understand and Apply Threat Modeling Concepts and Methodologies
Apply Risk-Based Management Concepts to the Supply Chain
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 2 Personnel Security and Risk Management Concepts
Personnel Security Policies and Procedures
Security Governance
Understand and Apply Risk Management Concepts
Establish and Maintain a Security Awareness, Education, and Training Program
Manage the Security Function
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 3 Business Continuity Planning
Planning for Business Continuity
Project Scope and Planning
Business Impact Assessment
Continuity Planning
Plan Approval and Implementation
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 4 Laws, Regulations, and Compliance
Categories of Laws
Laws
Compliance
Contracting and Procurement
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 5 Protecting Security of Assets
Identify and Classify Assets
Determining Ownership
Using Security Baselines
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 6 Cryptography and Symmetric Key Algorithms
Historical Milestones in Cryptography
Cryptographic Basics
Modern Cryptography
Symmetric Cryptography
Cryptographic Lifecycle
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 7 PKI and Cryptographic Applications
Asymmetric Cryptography
Hash Functions
Digital Signatures
Public Key Infrastructure
Asymmetric Key Management
Applied Cryptography
Cryptographic Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 8 Principles of Security Models, Design, and Capabilities
Implement and Manage Engineering Processes Using Secure Design Principles
Understand the Fundamental Concepts of Security Models
Select Controls Based On Systems Security Requirements
Understand Security Capabilities of Information Systems
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures
Assess and Mitigate Security Vulnerabilities
Client-Based Systems
Server-Based Systems
Database Systems Security
Distributed Systems and Endpoint Security
Internet of Things
Industrial Control Systems
Assess and Mitigate Vulnerabilities in Web-Based Systems
Assess and Mitigate Vulnerabilities in Mobile Systems
Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
Essential Security Protection Mechanisms
Common Architecture Flaws and Security Issues
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 10 Physical Security Requirements
Apply Security Principles to Site and Facility Design
Implement Site and Facility Security Controls
Implement and Manage Physical Security
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 11 Secure Network Architecture and Securing Network Components
OSI Model
TCP/IP Model
Converged Protocols
Wireless Networks
Secure Network Components
Cabling, Wireless, Topology, Communications, and Transmission Media Technology
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 12 Secure Communications and Network Attacks
Network and Protocol Security Mechanisms
Secure Voice Communications
Multimedia Collaboration
Manage Email Security
Remote Access Security Management
Virtual Private Network
Virtualization
Network Address Translation
Switching Technologies
WAN Technologies
Miscellaneous Security Control Characteristics
Security Boundaries
Prevent or Mitigate Network Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 13 Managing Identity and Authentication
Controlling Access to Assets
Comparing Identification and Authentication
Implementing Identity Management
Managing the Identity and Access Provisioning Lifecycle
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 14 Controlling and Monitoring Access
Comparing Access Control Models
Understanding Access Control Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 15 Security Assessment and Testing
Building a Security Assessment and Testing Program
Performing Vulnerability Assessments
Testing Your Software
Implementing Security Management Processes
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 16 Managing Security Operations
Applying Security Operations Concepts
Securely Provisioning Resources
Managing Configuration
Managing Change
Managing Patches and Reducing Vulnerabilities
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 17 Preventing and Responding to Incidents
Managing Incident Response
Implementing Detective and Preventive Measures
Logging, Monitoring, and Auditing
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 18 Disaster Recovery Planning
The Nature of Disaster
Understand System Resilience and Fault Tolerance
Recovery Strategy
Recovery Plan Development
Training, Awareness, and Documentation
Testing and Maintenance
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 19 Investigations and Ethics
Investigations
Major Categories of Computer Crime
Ethics
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 20 Software Development Security
Introducing Systems Development Controls
Establishing Databases and Data Warehousing
Storing Data and Information
Understanding Knowledge-Based Systems
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 21 Malicious Code and Application Attacks
Malicious Code
Password Attacks
Application Attacks
Web Application Security
Reconnaissance Attacks
Masquerading Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Appendix A Answers to Review Questions
Chapter 1: Security Governance Through Principles and Policies
Chapter 2: Personnel Security and Risk Management Concepts
Chapter 3: Business Continuity Planning
Chapter 4: Laws, Regulations, and Compliance
Chapter 5: Protecting Security of Assets
Chapter 6: Cryptography and Symmetric Key Algorithms
Chapter 7: PKI and Cryptographic Applications
Chapter 8: Principles of Security Models, Design, and Capabilities
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
Chapter 10: Physical Security Requirements
Chapter 11: Secure Network Architecture and Securing Network Components
Chapter 12: Secure Communications and Network Attacks
Chapter 13: Managing Identity and Authentication
Chapter 14: Controlling and Monitoring Access
Chapter 15: Security Assessment and Testing
Chapter 16: Managing Security Operations
Chapter 17: Preventing and Responding to Incidents
Chapter 18: Disaster Recovery Planning
Chapter 19: Investigations and Ethics
Chapter 20: Software Development Security
Chapter 21: Malicious Code and Application Attacks
Appendix B Answers to Written Labs
Chapter 1: Security Governance Through Principles and Policies
Chapter 2: Personnel Security and Risk Management Concepts
Chapter 3: Business Continuity Planning
Chapter 4: Laws, Regulations, and Compliance
Chapter 5: Protecting Security of Assets
Chapter 6: Cryptography and Symmetric Key Algorithms
Chapter 7: PKI and Cryptographic Applications
Chapter 8: Principles of Security Models, Design, and Capabilities
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
Chapter 10: Physical Security Requirements
Chapter 11: Secure Network Architecture and Securing Network Components
Chapter 12: Secure Communications and Network Attacks
Chapter 13: Managing Identity and Authentication
Chapter 14: Controlling and Monitoring Access
Chapter 15: Security Assessment and Testing
Chapter 16: Managing Security Operations
Chapter 17: Preventing and Responding to Incidents
Chapter 18: Disaster Recovery Planning
Chapter 19: Investigations and Ethics
Chapter 20: Software Development Security
Chapter 21: Malicious Code and Application Attacks
Advert
EULA
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
CISSP® Certified Information Systems Security Professional Official Study Guide Eighth Edition
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset