(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition
- Length: 1248 pages
- Edition: 9
- Language: English
- Publisher: Sybex
- Publication Date: 2021-06-22
- ISBN-10: 1119786231
- ISBN-13: 9781119786238
- Sales Rank: #5780 (See Top 100 Books)
CISSP Study Guide – fully updated for the 2021 CISSP Body of Knowledge
(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You’ll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you’ve learned with key topic exam essentials and chapter review questions.
The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you’ll need to successfully pass the CISSP exam. Combined, they’ve taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.
Along with the book, you also get access to Sybex’s superior online interactive learning environment that includes:
- Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you’re ready to take the certification exam.
- More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
- A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
- New for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare.
Coverage of all of the exam topics in the book means you’ll be ready for:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
Cover Title Page Copyright Page Acknowledgments About the Authors About the Technical Editors Contents at a Glance Contents Foreword Introduction Overview of the CISSP Exam The Elements of This Study Guide Interactive Online Learning Environment and TestBank Study Guide Exam Objectives Objective Map Reader Support for This Book Assessment Test Answers to Assessment Test Chapter 1 Security Governance Through Principles and Policies Security 101 Understand and Apply Security Concepts Confidentiality Integrity Availability DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services Protection Mechanisms Security Boundaries Evaluate and Apply Security Governance Principles Third-Party Governance Documentation Review Manage the Security Function Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives Organizational Processes Organizational Roles and Responsibilities Security Control Frameworks Due Diligence and Due Care Security Policy, Standards, Procedures, and Guidelines Security Policies Security Standards, Baselines, and Guidelines Security Procedures Threat Modeling Identifying Threats Determining and Diagramming Potential Attacks Performing Reduction Analysis Prioritization and Response Supply Chain Risk Management Summary Exam Essentials Written Lab Review Questions Chapter 2 Personnel Security and Risk Management Concepts Personnel Security Policies and Procedures Job Descriptions and Responsibilities Candidate Screening and Hiring Onboarding: Employment Agreements and Policies Employee Oversight Offboarding, Transfers, and Termination Processes Vendor, Consultant, and Contractor Agreements and Controls Compliance Policy Requirements Privacy Policy Requirements Understand and Apply Risk Management Concepts Risk Terminology and Concepts Asset Valuation Identify Threats and Vulnerabilities Risk Assessment/Analysis Risk Responses Cost vs. Benefit of Security Controls Countermeasure Selection and Implementation Applicable Types of Controls Security Control Assessment Monitoring and Measurement Risk Reporting and Documentation Continuous Improvement Risk Frameworks Social Engineering Social Engineering Principles Eliciting Information Prepending Phishing Spear Phishing Whaling Smishing Vishing Spam Shoulder Surfing Invoice Scams Hoax Impersonation and Masquerading Tailgating and Piggybacking Dumpster Diving Identity Fraud Typo Squatting Influence Campaigns Establish and Maintain a Security Awareness, Education, and Training Program Awareness Training Education Improvements Effectiveness Evaluation Summary Exam Essentials Written Lab Review Questions Chapter 3 Business Continuity Planning Planning for Business Continuity Project Scope and Planning Organizational Review BCP Team Selection Resource Requirements Legal and Regulatory Requirements Business Impact Analysis Identifying Priorities Risk Identification Likelihood Assessment Impact Analysis Resource Prioritization Continuity Planning Strategy Development Provisions and Processes Plan Approval and Implementation Plan Approval Plan Implementation Training and Education BCP Documentation Summary Exam Essentials Written Lab Review Questions Chapter 4 Laws, Regulations, and Compliance Categories of Laws Criminal Law Civil Law Administrative Law Laws Computer Crime Intellectual Property (IP) Licensing Import/Export Privacy State Privacy Laws Compliance Contracting and Procurement Summary Exam Essentials Written Lab Review Questions Chapter 5 Protecting Security of Assets Identifying and Classifying Information and Assets Defining Sensitive Data Defining Data Classifications Defining Asset Classifications Understanding Data States Determining Compliance Requirements Determining Data Security Controls Establishing Information and Asset Handling Requirements Data Maintenance Data Loss Prevention Marking Sensitive Data and Assets Handling Sensitive Information and Assets Data Collection Limitation Data Location Storing Sensitive Data Data Destruction Ensuring Appropriate Data and Asset Retention Data Protection Methods Digital Rights Management Cloud Access Security Broker Pseudonymization Tokenization Anonymization Understanding Data Roles Data Owners Asset Owners Business/Mission Owners Data Processors and Data Controllers Data Custodians Administrators Users and Subjects Using Security Baselines Comparing Tailoring and Scoping Standards Selection Summary Exam Essentials Written Lab Review Questions Chapter 6 Cryptography and Symmetric Key Algorithms Cryptographic Foundations Goals of Cryptography Cryptography Concepts Cryptographic Mathematics Ciphers Modern Cryptography Cryptographic Keys Symmetric Key Algorithms Asymmetric Key Algorithms Hashing Algorithms Symmetric Cryptography Cryptographic Modes of Operation Data Encryption Standard Triple DES International Data Encryption Algorithm Blowfish Skipjack Rivest Ciphers Advanced Encryption Standard CAST Comparison of Symmetric Encryption Algorithms Symmetric Key Management Cryptographic Lifecycle Summary Exam Essentials Written Lab Review Questions Chapter 7 PKI and Cryptographic Applications Asymmetric Cryptography Public and Private Keys RSA ElGamal Elliptic Curve Diffie–Hellman Key Exchange Quantum Cryptography Hash Functions SHA MD5 RIPEMD Comparison of Hash Algorithm Value Lengths Digital Signatures HMAC Digital Signature Standard Public Key Infrastructure Certificates Certificate Authorities Certificate Lifecycle Certificate Formats Asymmetric Key Management Hybrid Cryptography Applied Cryptography Portable Devices Email Web Applications Steganography and Watermarking Networking Emerging Applications Cryptographic Attacks Salting Saves Passwords Ultra vs. Enigma Summary Exam Essentials Written Lab Review Questions Chapter 8 Principles of Security Models, Design, and Capabilities Secure Design Principles Objects and Subjects Closed and Open Systems Secure Defaults Fail Securely Keep It Simple Zero Trust Privacy by Design Trust but Verify Techniques for Ensuring CIA Confinement Bounds Isolation Access Controls Trust and Assurance Understand the Fundamental Concepts of Security Models Trusted Computing Base State Machine Model Information Flow Model Noninterference Model Take-Grant Model Access Control Matrix Bell–LaPadula Model Biba Model Clark–Wilson Model Brewer and Nash Model Goguen–Meseguer Model Sutherland Model Graham–Denning Model Harrison–Ruzzo–Ullman Model Select Controls Based on Systems Security Requirements Common Criteria Authorization to Operate Understand Security Capabilities of Information Systems Memory Protection Virtualization Trusted Platform Module Interfaces Fault Tolerance Encryption/Decryption Summary Exam Essentials Written Lab Review Questions Chapter 9 Security Vulnerabilities, Threats, and Countermeasures Shared Responsibility Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements Hardware Firmware Client-Based Systems Mobile Code Local Caches Server-Based Systems Large-Scale Parallel Data Systems Grid Computing Peer to Peer Industrial Control Systems Distributed Systems High-Performance Computing (HPC) Systems Internet of Things Edge and Fog Computing Embedded Devices and Cyber-Physical Systems Static Systems Network-Enabled Devices Cyber-Physical Systems Elements Related to Embedded and Static Systems Security Concerns of Embedded and Static Systems Specialized Devices Microservices Infrastructure as Code Virtualized Systems Virtual Software Virtualized Networking Software-Defined Everything Virtualization Security Management Containerization Serverless Architecture Mobile Devices Mobile Device Security Features Mobile Device Deployment Policies Essential Security Protection Mechanisms Process Isolation Hardware Segmentation System Security Policy Common Security Architecture Flaws and Issues Covert Channels Attacks Based on Design or Coding Flaws Rootkits Incremental Attacks Summary Exam Essentials Written Lab Review Questions Chapter 10 Physical Security Requirements Apply Security Principles to Site and Facility Design Secure Facility Plan Site Selection Facility Design Implement Site and Facility Security Controls Equipment Failure Wiring Closets Server Rooms/Data Centers Intrusion Detection Systems Cameras Access Abuses Media Storage Facilities Evidence Storage Restricted and Work Area Security Utility Considerations Fire Prevention, Detection, and Suppression Implement and Manage Physical Security Perimeter Security Controls Internal Security Controls Key Performance Indicators of Physical Security Summary Exam Essentials Written Lab Review Questions Chapter 11 Secure Network Architecture and Components OSI Model History of the OSI Model OSI Functionality Encapsulation/Deencapsulation OSI Layers TCP/IP Model Analyzing Network Traffic Common Application Layer Protocols SNMPv3 Transport Layer Protocols Domain Name System DNS Poisoning Domain Hijacking Internet Protocol (IP) Networking IPv4 vs. IPv6 IP Classes ICMP IGMP ARP Concerns Secure Communication Protocols Implications of Multilayer Protocols Converged Protocols Voice over Internet Protocol (VoIP) Software-Defined Networking Microsegmentation Wireless Networks Securing the SSID Wireless Channels Conducting a Site Survey Wireless Security Wi-Fi Protected Setup (WPS) Wireless MAC Filter Wireless Antenna Management Using Captive Portals General Wi-Fi Security Procedure Wireless Communications Wireless Attacks Other Communication Protocols Cellular Networks Content Distribution Networks (CDNs) Secure Network Components Secure Operation of Hardware Common Network Equipment Network Access Control Firewalls Endpoint Security Cabling, Topology, and Transmission Media Technology Transmission Media Network Topologies Ethernet Sub-Technologies Summary Exam Essentials Written Lab Review Questions Chapter 12 Secure Communications and Network Attacks Protocol Security Mechanisms Authentication Protocols Port Security Quality of Service (QoS) Secure Voice Communications Public Switched Telephone Network Voice over Internet Protocol (VoIP) Vishing and Phreaking PBX Fraud and Abuse Remote Access Security Management Remote Access and Telecommuting Techniques Remote Connection Security Plan a Remote Access Security Policy Multimedia Collaboration Remote Meeting Instant Messaging and Chat Load Balancing Virtual IPs and Load Persistence Active-Active vs. Active-Passive Manage Email Security Email Security Goals Understand Email Security Issues Email Security Solutions Virtual Private Network Tunneling How VPNs Work Always-On Split Tunnel vs. Full Tunnel Common VPN Protocols Switching and Virtual LANs Switch Eavesdropping Network Address Translation Are You Using NAT? Private IP Addresses Stateful NAT Automatic Private IP Addressing Third-Party Connectivity Switching Technologies Circuit Switching Packet Switching Virtual Circuits WAN Technologies Fiber-Optic Links Security Control Characteristics Transparency Transmission Management Mechanisms Prevent or Mitigate Network Attacks Eavesdropping Modification Attacks Summary Exam Essentials Written Lab Review Questions Chapter 13 Managing Identity and Authentication Controlling Access to Assets Controlling Physical and Logical Access The CIA Triad and Access Controls Managing Identification and Authentication Comparing Subjects and Objects Registration, Proofing, and Establishment of Identity Authorization and Accountability Authentication Factors Overview Something You Know Something You Have Something You Are Multifactor Authentication (MFA) Two-Factor Authentication with Authenticator Apps Passwordless Authentication Device Authentication Service Authentication Mutual Authentication Implementing Identity Management Single Sign-On SSO and Federated Identities Credential Management Systems Credential Manager Apps Scripted Access Session Management Managing the Identity and Access Provisioning Lifecycle Provisioning and Onboarding Deprovisioning and Offboarding Defining New Roles Account Maintenance Account Access Review Summary Exam Essentials Written Lab Review Questions Chapter 14 Controlling and Monitoring Access Comparing Access Control Models Comparing Permissions, Rights, and Privileges Understanding Authorization Mechanisms Defining Requirements with a Security Policy Introducing Access Control Models Discretionary Access Control Nondiscretionary Access Control Implementing Authentication Systems Implementing SSO on the Internet Implementing SSO on Internal Networks Understanding Access Control Attacks Crackers, Hackers, and Attackers Risk Elements Common Access Control Attacks Core Protection Methods Summary Exam Essentials Written Lab Review Questions Chapter 15 Security Assessment and Testing Building a Security Assessment and Testing Program Security Testing Security Assessments Security Audits Performing Vulnerability Assessments Describing Vulnerabilities Vulnerability Scans Penetration Testing Compliance Checks Testing Your Software Code Review and Testing Interface Testing Misuse Case Testing Test Coverage Analysis Website Monitoring Implementing Security Management Processes Log Reviews Account Management Disaster Recovery and Business Continuity Training and Awareness Key Performance and Risk Indicators Summary Exam Essentials Written Lab Review Questions Chapter 16 Managing Security Operations Apply Foundational Security Operations Concepts Need to Know and Least Privilege Separation of Duties (SoD) and Responsibilities Two-Person Control Job Rotation Mandatory Vacations Privileged Account Management Service Level Agreements (SLAs) Addressing Personnel Safety and Security Duress Travel Emergency Management Security Training and Awareness Provision Resources Securely Information and Asset Ownership Asset Management Apply Resource Protection Media Management Media Protection Techniques Managed Services in the Cloud Shared Responsibility with Cloud Service Models Scalability and Elasticity Perform Configuration Management (CM) Provisioning Baselining Using Images for Baselining Automation Managing Change Change Management Versioning Configuration Documentation Managing Patches and Reducing Vulnerabilities Systems to Manage Patch Management Vulnerability Management Vulnerability Scans Common Vulnerabilities and Exposures Summary Exam Essentials Written Lab Review Questions Chapter 17 Preventing and Responding to Incidents Conducting Incident Management Defining an Incident Incident Management Steps Implementing Detective and Preventive Measures Basic Preventive Measures Understanding Attacks Intrusion Detection and Prevention Systems Specific Preventive Measures Logging and Monitoring Logging Techniques The Role of Monitoring Monitoring Techniques Log Management Egress Monitoring Automating Incident Response Understanding SOAR Machine Learning and AI Tools Threat Intelligence The Intersection of SOAR, Machine Learning, AI, and Threat Feeds Summary Exam Essentials Written Lab Review Questions Chapter 18 Disaster Recovery Planning The Nature of Disaster Natural Disasters Human-Made Disasters Understand System Resilience, High Availability, and Fault Tolerance Protecting Hard Drives Protecting Servers Protecting Power Sources Trusted Recovery Quality of Service Recovery Strategy Business Unit and Functional Priorities Crisis Management Emergency Communications Workgroup Recovery Alternate Processing Sites Database Recovery Recovery Plan Development Emergency Response Personnel and Communications Assessment Backups and Off-site Storage Software Escrow Arrangements Utilities Logistics and Supplies Recovery vs. Restoration Training, Awareness, and Documentation Testing and Maintenance Read-Through Test Structured Walk-Through Simulation Test Parallel Test Full-Interruption Test Lessons Learned Maintenance Summary Exam Essentials Written Lab Review Questions Chapter 19 Investigations and Ethics Investigations Investigation Types Evidence Investigation Process Major Categories of Computer Crime Military and Intelligence Attacks Business Attacks Financial Attacks Terrorist Attacks Grudge Attacks Thrill Attacks Hacktivists Ethics Organizational Code of Ethics (ISC)2 Code of Ethics Ethics and the Internet Summary Exam Essentials Written Lab Review Questions Chapter 20 Software Development Security Introducing Systems Development Controls Software Development Systems Development Lifecycle Lifecycle Models Gantt Charts and PERT Change and Configuration Management The DevOps Approach Application Programming Interfaces Software Testing Code Repositories Service-Level Agreements Third-Party Software Acquisition Establishing Databases and Data Warehousing Database Management System Architecture Database Transactions Security for Multilevel Databases Open Database Connectivity NoSQL Storage Threats Understanding Knowledge-Based Systems Expert Systems Machine Learning Neural Networks Summary Exam Essentials Written Lab Review Questions Chapter 21 Malicious Code and Application Attacks Malware Sources of Malicious Code Viruses Logic Bombs Trojan Horses Worms Spyware and Adware Ransomware Malicious Scripts Zero-Day Attacks Malware Prevention Platforms Vulnerable to Malware Antimalware Software Integrity Monitoring Advanced Threat Protection Application Attacks Buffer Overflows Time of Check to Time of Use Backdoors Privilege Escalation and Rootkits Injection Vulnerabilities SQL Injection Attacks Code Injection Attacks Command Injection Attacks Exploiting Authorization Vulnerabilities Insecure Direct Object References Directory Traversal File Inclusion Exploiting Web Application Vulnerabilities Cross-Site Scripting (XSS) Request Forgery Session Hijacking Application Security Controls Input Validation Web Application Firewalls Database Security Code Security Secure Coding Practices Source Code Comments Error Handling Hard-Coded Credentials Memory Management Summary Exam Essentials Written Lab Review Questions Appendix A Answers to Review Questions Chapter 1: Security Governance Through Principles and Policies Chapter 2: Personnel Security and Risk Management Concepts Chapter 3: Business Continuity Planning Chapter 4: Laws, Regulations, and Compliance Chapter 5: Protecting Security of Assets Chapter 6: Cryptography and Symmetric Key Algorithms Chapter 7: PKI and Cryptographic Applications Chapter 8: Principles of Security Models, Design, and Capabilities Chapter 9: Security Vulnerabilities, Threats, and Countermeasures Chapter 10: Physical Security Requirements Chapter 11: Secure Network Architecture and Components Chapter 12: Secure Communications and Network Attacks Chapter 13: Managing Identity and Authentication Chapter 14: Controlling and Monitoring Access Chapter 15: Security Assessment and Testing Chapter 16: Managing Security Operations Chapter 17: Preventing and Responding to Incidents Chapter 18: Disaster Recovery Planning Chapter 19: Investigations and Ethics Chapter 20: Software Development Security Chapter 21: Malicious Code and Application Attacks Appendix B Answers to Written Labs Chapter 1: Security Governance Through Principles and Policies Chapter 2: Personnel Security and Risk Management Concepts Chapter 3: Business Continuity Planning Chapter 4: Laws, Regulations, and Compliance Chapter 5: Protecting Security of Assets Chapter 6: Cryptography and Symmetric Key Algorithms Chapter 7: PKI and Cryptographic Applications Chapter 8: Principles of Security Models, Design, and Capabilities Chapter 9: Security Vulnerabilities, Threats, and Countermeasures Chapter 10: Physical Security Requirements Chapter 11: Secure Network Architecture and Components Chapter 12: Secure Communications and Network Attacks Chapter 13: Managing Identity and Authentication Chapter 14: Controlling and Monitoring Access Chapter 15: Security Assessment and Testing Chapter 16: Managing Security Operations Chapter 17: Preventing and Responding to Incidents Chapter 18: Disaster Recovery Planning Chapter 19: Investigations and Ethics Chapter 20: Software Development Security Chapter 21: Malicious Code and Application Attacks Index EULA
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.