(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 9th Edition, ISBN-13: 978-1119786238
[PDF eBook eTextbook] – Available Instantly
- Publisher: Sybex; 9th edition (June 22, 2021)
- Language: English
- 1248 pages
- ISBN-10: 1119786231
- ISBN-13: 978-1119786238
The only Official CISSP Study Guide – fully updated for the 2021 CISSP Body of Knowledge.
(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You’ll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, the interactive learning environment, and much more. Reinforce what you’ve learned with key topic exam essentials and chapter review questions.
The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you’ll need to successfully pass the CISSP exam. Combined, they’ve taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.
Coverage of all of the exam topics in the book means you’ll be ready for:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
Table of Contents:
Cover
Title Page
Copyright
Dedication
Acknowledgments
About the Authors
About the Technical Editors
Foreword
Introduction
Overview of the CISSP Exam
The Elements of This Study Guide
Interactive Online Learning Environment and TestBank
Study Guide Exam Objectives
Objective Map
Reader Support for This Book
Assessment Test
Answers to Assessment Test
Chapter 1: Security Governance Through Principles and Policies
Security 101
Understand and Apply Security Concepts
Security Boundaries
Evaluate and Apply Security Governance Principles
Manage the Security Function
Security Policy, Standards, Procedures, and Guidelines
Threat Modeling
Supply Chain Risk Management
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 2: Personnel Security and Risk Management Concepts
Personnel Security Policies and Procedures
Understand and Apply Risk Management Concepts
Social Engineering
Establish and Maintain a Security Awareness, Education, and Training Program
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 3: Business Continuity Planning
Planning for Business Continuity
Project Scope and Planning
Business Impact Analysis
Continuity Planning
Plan Approval and Implementation
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 4: Laws, Regulations, and Compliance
Categories of Laws
Laws
State Privacy Laws
Compliance
Contracting and Procurement
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 5: Protecting Security of Assets
Identifying and Classifying Information and Assets
Establishing Information and Asset Handling Requirements
Data Protection Methods
Understanding Data Roles
Using Security Baselines
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 6: Cryptography and Symmetric Key Algorithms
Cryptographic Foundations
Modern Cryptography
Symmetric Cryptography
Cryptographic Lifecycle
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 7: PKI and Cryptographic Applications
Asymmetric Cryptography
Hash Functions
Digital Signatures
Public Key Infrastructure
Asymmetric Key Management
Hybrid Cryptography
Applied Cryptography
Cryptographic Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 8: Principles of Security Models, Design, and Capabilities
Secure Design Principles
Techniques for Ensuring CIA
Understand the Fundamental Concepts of Security Models
Select Controls Based on Systems Security Requirements
Understand Security Capabilities of Information Systems
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
Shared Responsibility
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
Client-Based Systems
Server-Based Systems
Industrial Control Systems
Distributed Systems
High-Performance Computing (HPC) Systems
Internet of Things
Edge and Fog Computing
Embedded Devices and Cyber-Physical Systems
Specialized Devices
Microservices
Infrastructure as Code
Virtualized Systems
Containerization
Serverless Architecture
Mobile Devices
Essential Security Protection Mechanisms
Common Security Architecture Flaws and Issues
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 10: Physical Security Requirements
Apply Security Principles to Site and Facility Design
Implement Site and Facility Security Controls
Implement and Manage Physical Security
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 11: Secure Network Architecture and Components
OSI Model
TCP/IP Model
Analyzing Network Traffic
Common Application Layer Protocols
Transport Layer Protocols
Domain Name System
Internet Protocol (IP) Networking
ARP Concerns
Secure Communication Protocols
Implications of Multilayer Protocols
Microsegmentation
Wireless Networks
Other Communication Protocols
Cellular Networks
Content Distribution Networks (CDNs)
Secure Network Components
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 12: Secure Communications and Network Attacks
Protocol Security Mechanisms
Secure Voice Communications
Remote Access Security Management
Multimedia Collaboration
Load Balancing
Manage Email Security
Virtual Private Network
Switching and Virtual LANs
Network Address Translation
Third-Party Connectivity
Switching Technologies
WAN Technologies
Fiber-Optic Links
Security Control Characteristics
Prevent or Mitigate Network Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 13: Managing Identity and Authentication
Controlling Access to Assets
Managing Identification and Authentication
Implementing Identity Management
Managing the Identity and Access Provisioning Lifecycle
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 14: Controlling and Monitoring Access
Comparing Access Control Models
Implementing Authentication Systems
Understanding Access Control Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 15: Security Assessment and Testing
Building a Security Assessment and Testing Program
Performing Vulnerability Assessments
Testing Your Software
Implementing Security Management Processes
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 16: Managing Security Operations
Apply Foundational Security Operations Concepts
Addressing Personnel Safety and Security
Provision Resources Securely
Apply Resource Protection
Managed Services in the Cloud
Perform Configuration Management (CM)
Managing Change
Managing Patches and Reducing Vulnerabilities
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 17: Preventing and Responding to Incidents
Conducting Incident Management
Implementing Detective and Preventive Measures
Logging and Monitoring
Automating Incident Response
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 18: Disaster Recovery Planning
The Nature of Disaster
Understand System Resilience, High Availability, and Fault Tolerance
Recovery Strategy
Recovery Plan Development
Training, Awareness, and Documentation
Testing and Maintenance
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 19: Investigations and Ethics
Investigations
Major Categories of Computer Crime
Ethics
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 20: Software Development Security
Introducing Systems Development Controls
Establishing Databases and Data Warehousing
Storage Threats
Understanding Knowledge-Based Systems
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 21: Malicious Code and Application Attacks
Malware
Malware Prevention
Application Attacks
Injection Vulnerabilities
Exploiting Authorization Vulnerabilities
Exploiting Web Application Vulnerabilities
Application Security Controls
Secure Coding Practices
Summary
Exam Essentials
Written Lab
Review Questions
Appendix A: Answers to Review Questions
Chapter 1: Security Governance Through Principles and Policies
Chapter 2: Personnel Security and Risk Management Concepts
Chapter 3: Business Continuity Planning
Chapter 4: Laws, Regulations, and Compliance
Chapter 5: Protecting Security of Assets
Chapter 6: Cryptography and Symmetric Key Algorithms
Chapter 7: PKI and Cryptographic Applications
Chapter 8: Principles of Security Models, Design, and Capabilities
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
Chapter 10: Physical Security Requirements
Chapter 11: Secure Network Architecture and Components
Chapter 12: Secure Communications and Network Attacks
Chapter 13: Managing Identity and Authentication
Chapter 14: Controlling and Monitoring Access
Chapter 15: Security Assessment and Testing
Chapter 16: Managing Security Operations
Chapter 17: Preventing and Responding to Incidents
Chapter 18: Disaster Recovery Planning
Chapter 19: Investigations and Ethics
Chapter 20: Software Development Security
Chapter 21: Malicious Code and Application Attacks
Appendix B: Answers to Written Labs
Chapter 1: Security Governance Through Principles and Policies
Chapter 2: Personnel Security and Risk Management Concepts
Chapter 3: Business Continuity Planning
Chapter 4: Laws, Regulations, and Compliance
Chapter 5: Protecting Security of Assets
Chapter 6: Cryptography and Symmetric Key Algorithms
Chapter 7: PKI and Cryptographic Applications
Chapter 8: Principles of Security Models, Design, and Capabilities
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
Chapter 10: Physical Security Requirements
Chapter 11: Secure Network Architecture and Components
Chapter 12: Secure Communications and Network Attacks
Chapter 13: Managing Identity and Authentication
Chapter 14: Controlling and Monitoring Access
Chapter 15: Security Assessment and Testing
Chapter 16: Managing Security Operations
Chapter 17: Preventing and Responding to Incidents
Chapter 18: Disaster Recovery Planning
Chapter 19: Investigations and Ethics
Chapter 20: Software Development Security
Chapter 21: Malicious Code and Application Attacks
Index
End User License Agreement
Mike Chapple, PhD, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame’s Mendoza College of Business. He is a cybersecurity professional and educator with over 25 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com.
James Michael Stewart, CISSP, CEH, CHFI, ECSA, CND, ECIH, CySA+, PenTest+, CASP+, Security+, Network+, A+, CISM, and CFR, has been writing and training for more than 25 years, with a current focus on security. He has been writing and teaching CISSP materials since 2002. He is the author of and contributor to more than 75 books on security certifications.
Darril Gibson, CISSP, Security+, CASP, is the CEO of YCDA (short for You Can Do Anything), and he has authored or coauthored more than 40 books. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications.
What makes us different?
• Instant Download
• Always Competitive Pricing
• 100% Privacy
• FREE Sample Available
• 24-7 LIVE Customer Support
Reviews
There are no reviews yet.