CISSP: 3 in 1- Beginner’s Guide to Learn the Realms of Security and Risk Management from A-Z using CISSP Principles+ Simple and Effective Strategies+ Advanced Methods to Learn the CISSP CBK Reference

Length: 483 pages
Edition: 1
Language: English
Publication Date: 2021-07-25
ISBN-10: B09B92M8GT
Sales Rank: #0 (See Top 100 Books)

This book covers the first domain of the CISSP realm and is written with carefully structured content providing a step-by-step learning process so that the readers go through a well-structured learning path with scenarios and real-world examples. It includes the latest information and statistics and follows the most recent syllabus released by (ISC)2. Let’s look at the content at a glance.

Information about CISSP and the examination, everything you want to know.
Information security risks, threats, and vulnerabilities.
Information security concepts, confidentially, integrity, security.
Cryptography basics.
Security and governance principles in an organization.
Security policies, standards, procedures, guidelines, baselines, and more.
Organizations and information security laws, regulations, compliance, and standards.
Information security, compliance, and risk management.
Risk Management methodologies, frameworks, Business continuity.
Professional ethics.
Personal security policies and procedures.
Privacy and its role in customers, employees, and organizations.
Risk management in the supply chain.
Security awareness training and education.
And more!

The book includes additional information on difficult topics as the beginners should have a proper foundation. CISSP is a challenging topic, and therefore, the foundation topics must be well-understood; hence the reader can learn the rest of the domains with confidence. It includes extensive information on risk management, security, and global frameworks. The objective is to provide practical guidance with more hands-on. With all the content, this will provide a good starting point at your CISSP journey.

The purpose of this book is to provide you a solid understanding of fundamentals. Without knowing the basics, it is difficult to perceive the vast level of information that you are going to concentrate on through the CISSP journey. In fact, the book starts with the basics but it does not stop there. It takes you to more advanced topics once you are ready. In other words, it provides A-Z knowledge in all the 8 realms, nothing less.

The following areas are covered in this book.

Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security

Each chapter covers a complete CISSP domain in an easy to understand and a concise manner. The book also includes all the information required to register and prepare for the CISSP examination. Furthermore, the book includes tips and references to the required websites and courseware. If you’re looking for an all in one guide then they’ll want to click the BUY NOW button to get started!

CISSPA Comprehensive Beginner's Guide to Learn the Realms of Security and Risk Management from A-Z using CISSP Principles
CISSPA Comprehensive Beginner's Guide to Learn the Realms of Security and Risk Management from A-Z using CISSP Principles
Introduction
How to Use This Book
A Brief History, Requirements, and Future Prospects
CISSP Concentration, Education and Examination Options
Chapter One: Security and Risk Management – An Introduction
Chapter One: Security and Risk Management – An Introduction
    Measuring Vulnerabilities
    Threat Actors, Threats, and Threat Rates
    The Cost
Chapter Two: Understand and Apply Concepts of Confidentiality, Integrity, and Availability
Chapter Two: Understand and Apply Concepts of Confidentiality, Integrity, and Availability
    Confidentiality
    Integrity
    Confidentiality
Chapter Three: Evaluate and Apply Security Governance Principles
Chapter Three: Evaluate and Apply Security Governance Principles
    In this chapter, you will learn:
    Mission, Goals, and Objectives
    Organizational Processes (acquisitions, divestitures, governance committees)
    Acquisition and Divestitures
    Organizational Roles and Responsibilities
    COBIT
    ISO/IEC 27000
    OCTAVE
    NIST Framework
    Corrective Controls
    Due Care/Due Diligence
Chapter Four: Determining Compliance Requirements
Chapter Four: Determining Compliance Requirements
    Contractual, Legal, Industry Standards, and Regulatory Requirements
    Country-Wide Classification
    Federal Information Security Management Act (FISMA)
    Health Insurance Portability and Accountability Act (HIPAA)
    Payment Card Industry Data Security Standard (PCI DSS)
    Sarbanes–Oxley Act (SOX)
    Privacy Requirements
    General Data Protection Regulation (GDPR)
    GDPR – Array of Legal Terms
    The Key Regulatory Point
Chapter Five: Understanding Legal and Regulatory Issues
Chapter Five: Understanding Legal and Regulatory Issues
    Cybercrime
    Licensing and Intellectual Property Requirements
    Import/Export Controls
    Trans-Border Data Flow
Chapter Six: Understand, Adhere To, and Promote Professional Ethics
Chapter Six: Understand, Adhere To, and Promote Professional Ethics
    (ISC)² Code of Professional Ethics Cannons
    Organizational Code of Ethics
    Key Components of a Successful Code of Ethics Lineup
Chapter Seven: Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
Chapter Seven: Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
    Standards
    Procedures
    Guidelines
    Baselines
Chapter Eight: Identify, Analyze, and Prioritize Business Continuity (BC) Requirements
Chapter Eight: Identify, Analyze, and Prioritize Business Continuity (BC) Requirements
    Develop and Document Scope and Plan
    Planning for the Business Continuity Process
    Business Impact Analysis
    BIA Process
    Recovery Strategy
    Plan Development
    Testing and Exercises
Chapter Nine: Contribute To and Enforce Personnel Security Policies and Procedures
Chapter Nine: Contribute To and Enforce Personnel Security Policies and Procedures
    Candidate Screening and Hiring
    Employment Agreements and Policies
    Onboarding and Termination Processes
    Vendor, Consultant, and Contractor Agreements and Controls
    Compliance Policy Requirements
    Privacy Policy Requirements
Chapter Ten: Understand and Apply Risk Management Concepts
Chapter Ten: Understand and Apply Risk Management Concepts
    Identify Threats and Vulnerabilities
    Risk Analysis and Assessment
    Risk Response
    Countermeasure Selection and Implementation
    Applicable Types of Controls
    Security Control Assessment (SCA)
    Asset Valuation
    Reporting
    Continuous Improvements
    Risk Frameworks
Chapter Eleven: Understand and Apply Threat Modeling Concepts and Methodologies
Chapter Eleven: Understand and Apply Threat Modeling Concepts and Methodologies
    Why Threat Modeling and When?
    Threat Modeling Methodologies, Tools and Techniques
    Other Threat Modeling Tools
Chapter Twelve: Apply Risk-Based Management Concepts to the Supply Chain
Chapter Twelve: Apply Risk-Based Management Concepts to the Supply Chain
    Risks Associated with Hardware, Software, and Services
    Third-Party Assessment and Monitoring
    Minimum Security Requirements
    Service-Level Requirements
    Service Level Agreements
    Operational Level Agreements
    Underpinning Contracts
Chapter Thirteen: Establish and Maintain a Security Awareness, Education, and Training Program
Chapter Thirteen: Establish and Maintain a Security Awareness, Education, and Training Program
    Methods and Techniques to Present Awareness and Training
    Periodic Content Reviews
    Program Effectiveness Evaluation
Conclusion
References
CISSPSimple and Effective Strategies to Learn the Fundamentals of Information Security Systems for CISSP Exam
CISSPSimple and Effective Strategies to Learn the Fundamentals of Information Security Systems for CISSP Exam
Introduction
Chapter 1: Security and Risk Management
Chapter 1: Security and Risk Management
    Maintaining Confidentiality and Various Requirements
    System Integrity and Availability
    Enhancing Security and Designating the Roles
    Identifying and Assessing Threats and Risks
    Risk Terminology
    Risk Management
    Cost/Benefit Analysis
    Controls
    Risk Management Framework
    Business Continuity Management (BCM)
Chapter 2: Telecommunication and Network Security
Chapter 2: Telecommunication and Network Security
    Local Area Network (LAN)
    Wide Area Network (WAN)
    OSI Reference Model
    The First Layer: Physical Layer
    Network Topologies
    Cable and Connector Types
    Interface Types
    Networking Equipment
    The Second Layer: Data Link Layer
    Logical Link Control (LLC)
    Media Access Control (MAC)
    Protocols in Local Area Networks and the Transmission Methods
    Protocols in WLAN and WLAN Tech
    Different Protocols and Technologies of WAN
    Point to Point Links
    Circuit Switched Networks
    Packet-Switched Networks
    The Networking Equipment Found in the Data Link Layer
    The Fourth Layer: Transport Layer
    The Fifth Layer: Session Layer
    The Sixth Layer: Presentation Layer
    The Seventh Layer: Application Layer
Chapter 3: Security of Software Development
Chapter 3: Security of Software Development
    Security Workings in Distributed Software
    Working with Agents in Distributed Systems
    Object-Oriented Environments
    Databases
    Types of Databases
    Operating Systems
    Systems Development Life Cycle
    Controlling the Security of Applications
    AV Popping up Everywhere
Chapter 4: Cryptography
Chapter 4: Cryptography
    The Basics of Cryptography
    The Cryptosystem
    Classes of Ciphers
    The Different Types of Ciphers
    Symmetric and Asymmetric Key Systems
Chapter 5: Operating in a Secure Environment
Chapter 5: Operating in a Secure Environment
    Computer Architecture
    Virtualization
    Operating in a Secured Environment
    Recovery Procedures
    Vulnerabilities in Security Architecture
    Security Countermeasures
    Confidentiality
    Integrity
    Availability
    Access Control Models
    Trusted Network Interpretation (TNI)
    European Information Technology Security Evaluation Criteria (ITSEC)
Chapter 6: Business Continuity Planning and Disaster Recovery Planning
Chapter 6: Business Continuity Planning and Disaster Recovery Planning
    Setting Up a Business Continuity Plan
    Identifying the Elements of a BCP
    Developing the Business Continuity Plan
Conclusion
CISSPA Comprehensive Guide of Advanced Methods to Learn the CISSP CBK Reference
CISSPA Comprehensive Guide of Advanced Methods to Learn the CISSP CBK Reference
Introduction
    How to Use this Book
    CISSP Domains, Learning Options, and Examination
    CISSP Domains
Chapter 1: Domain 1 - Security and Risk Management
Chapter 1: Domain 1 - Security and Risk Management
    The Role of Information and Risk
    Risk, Threat, and Vulnerability
    1.1 Understand and Apply Concepts of Confidentiality, Integrity, and Availability
    1.2 Evaluate and Apply Security Governance Principles
    1.3 Determine Compliance Requirements
    1.4 Understand Legal and Regulatory Issues that pertain to Information Security in a Global Context
    1.5 Understand, Adhere To and Promote Professional Ethics
    1.6 Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
    1.7 Identify, Analyze, and Prioritize Business Continuity (BC) Requirements
    1.8 Contribute To and Enforce Personnel Security Policies and Procedures
    1.9 Understand and Apply Risk Management Concepts
    1.10 Understand and Apply Threat Modeling Concepts and Methodologies
    1.11 Apply Risk-Based Management Concepts to the Supply Chain
    1.12 Establish and Maintain a Security Awareness, Education, and Training Program
Chapter 2: Domain 2 - Asset Security
Chapter 2: Domain 2 - Asset Security
    2.1 Identify and Classify Information and Sssets
    2.2 Determine and Maintain Information and Asset Ownership
    2.3 Protect Privacy
    2.4 Ensure Appropriate Asset Retention
    2.5 Determine Data Security Controls
    2.6 Establish Information and Asset Handling Requirements
Chapter 3: Domain 3 - Security Architecture and Engineering
Chapter 3: Domain 3 - Security Architecture and Engineering
    3.1 Implement and Manage Engineering Processes using Secure Design Principles
    3.2 Understand the Fundamental Concepts of Security Models
    3.3 Select Controls Based Upon Systems Security Requirements
    3.4 Understand Security Capabilities of Information Systems (e.g., Memory Protection, Trusted Platform Module (TPM), Encryption/Decryption
    3.5 Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
    3.6 Assess and Mitigate Vulnerabilities in Web-Based Systems
    3.7 Assess and Mitigate Vulnerabilities in Mobile Systems
    3.8 Assess and Mitigate Vulnerabilities in Embedded Devices
    3.9 Apply Cryptography
    3.10 Apply Security Principles to Site and Facility Design
    3.11 Implement Site and Facility Security Controls
Chapter 4: Domain 4 - Communication and Network Security
Chapter 4: Domain 4 - Communication and Network Security
    4.1 Implement Secure Design Principles in Network Architecture
    4.2 Secure Network Components
    4.3 Implement Secure Communication Channels According to Design
Chapter 5: Domain 5 - Identity and Access Management (IAM)
Chapter 5: Domain 5 - Identity and Access Management (IAM)
    5.1 Control Physical and Logical Access to Assets
    5.2 Manage Identification and Authentication of People, Devices, and Services
    5.3 Integrated Identity as a Third-Party Service
    5.4 Implement and Manage Authorization Mechanisms
    5.5 Manage the Identity and Access Provisioning Lifecycle
Chapter 6: Domain 6 - Security Assessment and Testing
Chapter 6: Domain 6 - Security Assessment and Testing
    6.1 Design and Validate Assessment, Test, and Audit Strategies
    6.2 Conducting Security Control Tests
    6.3 Collect Security Process Data
    6.4 Analyze Test Output and Generate Reports
    6.5 Conduct or Facilitate Security Audits
Chapter 7: Domain 7 - Security Operations
Chapter 7: Domain 7 - Security Operations
    7.1 Understanding and Support Investigations
    7.2 Understanding Requirements for Investigation Types
    7.3 Conduct Logging and Monitoring Activities
    7.4 Secure Provision Resources
    7.5 Understand and Apply Foundational Security Operation Concepts
    7.6 Apply Resource Protection Techniques
    7.7 Conduct Incident Management
    7.8 Operate and Maintain Detective and Preventive Measures
    7.9 Implement and Support Patch and Vulnerability Management
    7.10 Understanding and Participating in Change Management
    7.11 Implement Recovery Strategies
    7.12 Implement Disaster Recovery Process
    7.13 Disaster Recovery Plans (DRP)
    7.14 Participate in Business Continuity Planning and Exercises
    7.15 Implement and Manage Physical Security
    7.16 Address Personal Safety and Security Concerns
Chapter 8: Domain 8 - Software Development Security
Chapter 8: Domain 8 - Software Development Security
    8.1 Understand and Integrate Security Throughout the Software Development Lifecycle (SDLC)
    8.2 Identify and Apply Security Controls in Development Environments
    8.3 Assess the Effectiveness of Software Security
    8.4 Assess Security Impact of Acquired Software
    8.5 Define and Apply Secure Coding Guidelines and Standards
Conclusion