About This Book

Some say that the Certified Information Systems Security Professional (CISSP) candidate requires a breadth of knowledge many miles across but only a few inches deep. To embellish on this statement, we believe that the CISSP candidate is more like the Great Wall of China, with a knowledge base extending over 3,500 miles — maybe a few holes here and there, stronger in some areas than others, but nonetheless one of the Seven Wonders of the Modern World.

The problem with lots of currently available CISSP preparation materials is in defining how high (or deep) the Great Wall actually is: Some material overwhelms and intimidates CISSP candidates, leading them to believe that the wall is as high as it is long. Other study materials are perilously brief and shallow, giving the unsuspecting candidate a false sense of confidence while he or she merely attempts to step over the Great Wall, careful not to stub a toe. To help you avoid either misstep, CISSP For Dummies answers the question, “What level of knowledge must a CISSP candidate possess to succeed on the CISSP exam?”

Our goal in this book is simple: To help you prepare for and pass the CISSP examination so that you can join the ranks of respected certified security professionals who dutifully serve and protect organizations and industries around the world. Although we’ve stuffed it chock-full of good information, we don’t expect that this book will be a weighty desktop reference on the shelf of every security professional — although we certainly wouldn’t object.

And we don’t intend for this book to be an all-purpose, be-all-and-end-all, one-stop shop that has all the answers to life’s great mysteries. Given the broad base of knowledge required for the CISSP certification, we strongly recommend that you use multiple resources to prepare for the exam and study as much relevant information as your time and resources allow. CISSP For Dummies, 6th Edition, provides the framework and the blueprint for your study effort and sufficient information to help you pass the exam, but by itself, it won’t make you an information security expert. That takes knowledge, skills, and experience!

Finally, as a security professional, earning your CISSP certification is only the beginning. Business and technology, which have associated risks and vulnerabilities, require that each of us — as security professionals — constantly press forward, consuming vast volumes of knowledge and information in a constant tug-of-war against the bad guys.

Foolish Assumptions

It’s been said that most assumptions have outlived their uselessness, but we assume a few things nonetheless! Mainly, we assume the following:

• You have at least five years of professional experience in two or more of the eight domains covered on the CISSP exam (corresponding to Chapters 3 through 10 of this book). Actually, this is more than an assumption, it’s a requirement for CISSP certification. However, even if you don’t yet have the minimum experience, some experience waivers are available for certain certifications and college education (we cover the specifics in Chapter 1), and you can still take the CISSP exam and then apply for certification after you meet the experience requirement.
• You have general IT experience, perhaps even many years of experience. Passing the CISSP exam requires not only considerable knowledge of information security, but also underlying IT technologies and fundamentals such as networks, operating systems, and programming.
• You have access to the Internet. Throughout this book, we provide lots of URLs for websites about technologies, standards, laws, tools, security associations, and other certifications that you’ll find helpful as you prepare for the CISSP exam.
• You are a “white hat” security professional. By this, we mean that you act lawfully and will have no problem abiding by the (ISC)² Code of Ethics (which is a requirement for CISSP certification).

If these assumptions describe you, then this book is for you! If none of these assumptions describes you, keep reading anyway. It’s a great book and when you finish reading it, you’ll know quite a bit about information security and the CISSP certification!

Icons Used in This Book

Throughout this book, you occasionally see icons in the left margin that call attention to important information that’s particularly worth noting. No smiley faces winking at you or any other cute little emoticons, but you’ll definitely want to take note! Here’s what to look for and what to expect:

This icon identifies general information and core concepts that are well worth committing to your non-volatile memory, your gray matter, or your noggin — along with anniversaries, birthdays, and other important stuff! You should certainly understand and review this information before taking your CISSP exam.

Tips are never expected but always appreciated, and we sure hope you’ll appreciate these tips! This icon includes helpful suggestions and tidbits of useful information that may save you some time and headaches.

This is the stuff your mother warned you about … well, okay — probably not, but you should take heed nonetheless. These helpful alerts point out easily confused or difficult-to-understand terms and concepts.

You won’t find a map of the human genome or the secret to cold fusion in this book (or maybe you will, hmm), but if you’re an insufferable insomniac, take note. This icon explains the jargon beneath the jargon and is the stuff legends — well, at least nerds — are made of. So, if you’re seeking to attain the seventh level of NERD-vana, keep an eye out for these icons!

Beyond the Book

In addition to what you’re reading right now, this book also comes with a free access-anywhere Cheat Sheet that includes tips to help you prepare for the CISSP exam and your date with destiny — well, your exam day. To get this Cheat Sheet, simply go to www.dummies.com and type CISSP For Dummies Cheat Sheet in the Search box.

You also get access to hundreds of practice CISSP exam questions, as well as dozens of flash cards. Use the exam questions to help you identify specific topics and domains in which you may need to spend a little more time studying, and to get familiar with the types of questions you’ll encounter on the CISSP exam (including multiple choice, drag and drop, and hotspot). To gain access to the online practice, all you have to do is register. Just follow these simple steps:

1. Find your PIN access code.
   • Print book users: If you purchased a hard copy of this book, turn to the inside front cover to find your PIN.
   • E-book users: If you purchased this book as an e-book, you can get your PIN by registering your e-book at www.dummies.com/go/getaccess. Go to this website, find your book and click it, and answer the validation questions to verify your purchase. Then you’ll receive an email with your PIN.
2. Go to www.dummies.com and click Activate Now.
3. Find your product (CISSP For Dummies, 6th Edition), and then follow the onscreen prompts to activate your PIN.

Now you’re ready to go! You can come back to the program as often as you want — simply log on with the username and password you created during your initial login. No need to enter the access code a second time.

For technical support, please visit http://wiley.custhelp.com or call Wiley at 800-762-2974 (U.S.) or +1-317-572-3994 (international).

Your registration is good for one year from the day you activate your PIN. After that time frame has passed, you can renew your registration for a fee. The website gives you all the details about how to do so.

Where to Go from Here

If you don’t know where you’re going, any chapter will get you there — but Chapter 1 may be a good place to start! However, if you see a particular topic that piques your interest, feel free to jump ahead to that chapter. Each chapter is individually wrapped (but not packaged for individual sale) and written to stand on its own, so feel free to start reading anywhere and skip around! Read this book in any order that suits you (though we don’t recommend upside down or backwards).