Official (ISC)2 Guide to the CISSP CBK
Features
Summary
The urgency for a global standard of excellence for those who protect the networked world has never been greater. (ISC)2 created the information security industry’s first and only CBK®, a global compendium of information security topics. Continually updated to incorporate rapidly changing technologies and threats, the CBK continues to serve as the basis for (ISC)2’s education and certification programs.
Unique and exceptionally thorough, the Official (ISC)2® Guide to the CISSP®CBK®provides a better understanding of the CISSP CBK — a collection of topics relevant to information security professionals around the world. Although the book still contains the ten domains of the CISSP, some of the domain titles have been revised to reflect evolving terminology and changing emphasis in the security professional’s day-to-day environment. The ten domains include information security and risk management, access control, cryptography, physical (environmental) security, security architecture and design, business continuity (BCP) and disaster recovery planning (DRP), telecommunications and network security, application security, operations security, legal, regulations, and compliance and investigations.
Endorsed by the (ISC)2, this valuable resource follows the newly revised CISSP CBK, providing reliable, current, and thorough information. Moreover, the Official (ISC)2® Guide to the CISSP® CBK® helps information security professionals gain awareness of the requirements of their profession and acquire knowledge validated by the CISSP certification.
The book is packaged with a CD that is an invaluable tool for those seeking certification. It includes sample exams that simulate the actual exam, providing the same number and types of questions with the same allotment of time allowed. It even grades the exam, provides correct answers, and identifies areas where more study is needed.
Table of Contents
INFORMATION SECURITY AND RISK MANAGEMENT
Introduction
The Business Case for Information Security Management
Core Information Security Principles: Availability, Integrity,
Information Security Management Governance
Organizational Behavior
Security Awareness, Training, and Education
Risk Management
Ethics
Data Classification Policy
Data Handling Policy
References
Other References
Sample Questions
ACCESS CONTROL
Introduction
Definitions and Key Concepts
Access Control Categories and Types
Access Control Threats
Access to Systems
Access to Data
Intrusion Detection and Prevention Systems
Access Control Assurance
References.
Sample Questions
CRYPTOGRAPHY
Introduction
Key Concepts and Definitions
Encryption Systems
Message Integrity Controls
Digital Signatures
Encryption Management
Cryptanalysis and Attacks
Encryption Usage
References
Sample Questions
PHYSICAL (ENVIRONMENTAL) SECURITY
Introduction
Site Location
The Layered Defense Model
Information Protection and Management Services
Summary
References
Sample Questions
SECURITY ARCHITECTURE AND DESIGN
Introduction
Security Architecture and Design Components and Principles
Security Models and Architecture Theory
Security Product Evaluation Methods and Criteria
Sample Questions
BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING
Introduction
Organization of the BCP/DRP Domain Chapter
Terminology
Appendix A: Addressing Legislative Compliance within Business Continuity Plans
TELECOMMUNICATIONS AND NETWORK SECURITY
Introduction
Basic Concepts
Layer 1: Physical Layer
Layer 2: Data-Link Layer
Layer 3: Network Layer
Layer 4: Transport Layer
Layer 5: Session Layer
Layer 6: Presentation Layer
Layer 7: Application Layer
Trivial File Transfer Protocol (TFTP)
General References
Sample Questions
Endnotes
APPLICATION SECURITY
Domain Description and Introduction
Applications Development and Programming Concepts and Protection
Audit and Assurance Mechanisms
Malicious Software (Malware)
The Database and Data Warehousing Environment
Web Application Environment
Summary
References
OPERATIONS SECURITY
Introduction
Privileged Entity Controls
Resource Protection
Continuity of Operations
Change Control Management
Summary
References
Sample Questions
LEGAL, REGULATIONS, COMPLIANCE AND INVESTIGATIONS
Introduction
Major Legal Systems
Information Technology Laws and Regulations
Incident Response
Computer Forensics
Conclusions
References
Sample Questions
ANSWERS TO SAMPLE QUESTIONS
CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP®) CANDIDATE INFORMATION BULLETIN
GLOSSARY
INDEX
Editorial Reviews
“The Official (ISC)² Guide to the CISSP CBK is ideal not only for information security professionals attempting to achieve CISSP certification but also for those who are trying to decide which, if any, certification to pursue. Executives and organizational managers who want a more complete understanding of all the elements that are required in effectively protecting their enterprise will also find this guide extremely useful.”
—Tony Baratta, CISSP-ISSAP, ISSMP, SSCP, Director of Professional Programs, (ISC)2, from the Foreword
