SKIP THE SHIPPING
Use code NOSHIP during checkout to save 40% on eligible eBooks, now through January 5. Shop now.
Also available in other formats.
Register your product to gain access to bonus material or receive a coupon.
In this comprehensive study guide, two leading experts help you master all the topics you need to know to succeed on the latest CISSP exam and advance your career in IT security. Their concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know.
Every feature of this book supports both efficient exam preparation and long-term mastery:
This study guide helps you master all the topics on the latest CISSP exam, deepening your knowledge of:
Introduction xlix
Chapter 1 Security and Risk Management 5
Foundation Topics 6
Security Terms 6
Security Governance Principles 11
Compliance 40
Legal and Regulatory Issues 42
Investigation Types 65
Professional Ethics 70
Security Documentation 72
Business Continuity 76
Personnel Security Policies and Procedures 89
Risk Management Concepts 95
Geographical Threats 133
Threat Modeling 142
Security Risks in the Supply Chain 148
Security Education, Training, and Awareness 153
Exam Preparation Tasks 155
Review All Key Topics 155
Complete the Tables and Lists from Memory 157
Define Key Terms 157
Answer Review Questions 158
Answers and Explanations 164
Chapter 2 Asset Security 171
Foundation Topics 172
Asset Security Concepts 172
Identify and Classify Information and Assets 175
Information and Asset Handling Requirements 183
Provision Resources Securely 185
Data Life Cycle 186
Asset Retention 201
Data Security Controls 203
Exam Preparation Tasks 211
Review All Key Topics 211
Define Key Terms 211
Answer Review Questions 212
Answers and Explanations 213
Chapter 3 Security Architecture and Engineering 219
Foundation Topics 220
Information Systems Life Cycle 220
Engineering Processes Using Secure Design Principles 223
Security Model Concepts 231
System Security Evaluation Models 255
Certification and Accreditation 267
Control Selection Based on Systems Security Requirements 268
Security Capabilities of Information Systems 269
Security Architecture Maintenance 272
Vulnerabilities of Security Architectures, Designs, and Solution Elements 273
Vulnerabilities in Web-Based Systems 296
Vulnerabilities in Mobile Systems 299
Vulnerabilities in Embedded Systems 304
Cryptographic Solutions 305
Cryptographic Types 317
Symmetric Algorithms 325
Asymmetric Algorithms 332
Public Key Infrastructure and Digital Certificates 335
Key Management Practices 343
Message Integrity 347
Digital Signatures and Non-repudiation 354
Applied Cryptography 354
Cryptanalytic Attacks 355
Digital Rights Management 360
Site and Facility Design 362
Site and Facility Security Controls 368
Exam Preparation Tasks 379
Review All Key Topics 379
Complete the Tables and Lists from Memory 381
Define Key Terms 381
Answer Review Questions 382
Answers and Explanations 387
Chapter 4 Communication and Network Security 391
Foundation Topics 392
Secure Network Design Principles 392
IP Networking 403
Protocols and Services 435
Converged Protocols 443
Wireless Networks 448
Communications Cryptography 468
Secure Network Components 473
Secure Communication Channels 520
Network Attacks 535
Exam Preparation Tasks 547
Review All Key Topics 547
Define Key Terms 548
Answer Review Questions 550
Answers and Explanations 555
Chapter 5 Identity and Access Management (IAM) 561
Foundation Topics 562
Access Control Process 562
Physical and Logical Access to Assets 563
Identification and Authentication Concepts 568
Identification and Authentication Implementation 588
Identity as a Service (IDaaS) Implementation 602
Third-Party Identity Services Integration 602
Authorization Mechanisms 603
Provisioning Life Cycle 612
Access Control Threats 618
Prevent or Mitigate Access Control Threats 625
Exam Preparation Tasks 625
Review All Key Topics 625
Define Key Terms 626
Answer Review Questions 627
Answers and Explanations 630
Chapter 6 Security Assessment and Testing 635
Foundation Topics 636
Design and Validate Assessment and Testing Strategies 636
Conduct Security Control Testing 639
Collect Security Process Data 655
Analyze Test Outputs and Generate a Report 659
Conduct or Facilitate Security Audits 659
Exam Preparation Tasks 661
Review All Key Topics 661
Define Key Terms 662
Answer Review Questions 662
Answers and Explanations 665
Chapter 7 Security Operations 673
Foundation Topics 674
Investigations 674
Logging and Monitoring Activities 690
Configuration and Change Management 697
Security Operations Concepts 702
Resource Protection 707
Incident Management 719
Detective and Preventive Measures 724
Patch and Vulnerability Management 729
Recovery Strategies 729
Disaster Recovery 747
Testing Disaster Recovery Plans 751
Business Continuity Planning and Exercises 753
Physical Security 754
Personnel Safety and Security 760
Exam Preparation Tasks 763
Review All Key Topics 763
Define Key Terms 764
Answer Review Questions 764
Answers and Explanations 768
Chapter 8 Software Development Security 773
Foundation Topics 774
Software Development Concepts 774
Security in the System and Software Development Life Cycle 783
Security Controls in Development 806
Assess Software Security Effectiveness 815
Security Impact of Acquired Software 817
Exam Preparation Tasks 825
Review All Key Topics 825
Define Key Terms 825
Answer Review Questions 826
Answers and Explanations 830
Chapter 9 Final Preparation 835
Tools for Final Preparation 835
Suggested Plan for Final Review/Study 839
Summary 840
Online Elements
Appendix A Memory Tables
Appendix B Memory Tables Answer Key
Glossary
9780135343999, TOC, 7/24/24