The CISSP (Certified Information Systems Security Professionals) exam is a six-hour, monitored paper-based exam covering 10 domains of information system security knowledge, each representing a specific area of expertise. The CISSP examination consists of 250 multiple choice questions, covering topics such as Access Control Systems, Cryptography, and Security Management Practices, and is administered by the International Information Systems Security Certification Consortium or (ISC)2. (ISC)2 promotes the CISSP exam as an aid to evaluating personnel performing information security functions. Candidates for this exam are typically network security professionals and system administrators with at least 3 years of direct work experience in one or more of the 10 test domains. This book maps to the exam objectives and offers numerous features such as exam tips, case studies, and practice exams. In addition, the CD includes PrepLogic Practice Tests, Preview Edition, making it the ultimate guide for those studying for the CISSP exam.
I. Exam Preparation.1. Access Control Systems and Methodology.
Introduction. Accountability. Access Control Techniques. Access Control Administration. Access Control Models. Identification and Authentication Techniques. Access Control Methodologies. Methods of Attacks. Monitoring. Penetration Testing.2. Telecommunications and Network Security.
Introduction. The Open Systems Interconnection Model. Network Characteristics and Topologies. Network Topologies. LAN Devices. WAN Technologies. Providing Remote Access Capabilities. Networking Protocols. Protecting the Integrity, Availability, and Confidentiality of Network Data. Fault Tolerance and Data Restoration.3. Security Management and Practices.
Introduction. Defining Security Principles. Security Management Planning. Risk Management and Analysis. Policies, Standards, Guidelines, and Procedures. Examining Roles and Responsibility. Management Responsibility. Understanding Protection Mechanisms. Classifying Data. Employment Policies and Practices. Managing Change Control. Security Awareness Training.4. Applications and Systems Development Security.
Introduction. Software Applications and Issues. Attacking Software. Understanding Malicious Code. Implementing System Development Controls. Using Coding Practices That Reduce System Vulnerability.5. Cryptography.
Introduction. Uses of Cryptography. Cryptographic Concepts, Methodologies, and Practices. PKI and Key Management. Methods of Attack.6. Security Architecture and Models.
Introduction. Requirements for Security Architecture and Models. Security Models. Security System Architecture. Information System Security Standards. Common Criteria. IPSec.7. Operations Security.
Introduction. Examining the Key Roles of Operations Security. The Roles of Auditing and Monitoring. Developing Countermeasures to Threats. The Role of Administrative Management. Concepts and Best Practices.8. Business Continuity Planning and Disaster Recovery Planning.
Introduction. What Are the Disasters That Interrupt Business Operation? Quantifying the Difference Between DRP and BCP. Examining the Business Continuity Planning Process. Defining Disaster Recovery Planning. Developing a Backup Strategy.9. Law, Investigation, and Ethics.
Introduction. Fundamentals of Law. Criminal Law and Computer Crime. Computer Security Incidents. Legal Evidence. Computer Forensics. Computer Ethics.10. Physical Security.
Introduction. Classifying Assets to Simplify Physical Security Discussions. Vulnerabilities. Selecting, Designing, Constructing, and Maintaining a Secure Site. Tape and Media Library Retention Policies. Document (Hard-Copy) Libraries. Waste Disposal. Physical Intrusion Detection.
II. Final Review.Fast Facts.
Domain 1, "Access Control". Domain 2, "Network Security and Telecommunications". Domain 3, "Security Management and Practices". Domain 4, "Applications and Systems Development Security". Domain 5, "Cryptography". Domain 6, "Security Architecture and Models". Domain 7, "Operations Security". Domain 8, "Business Continuity Planning and Disaster Recovery Planning". Domain 9, "Law, Investigation, and Ethics". Domain 10, "Physical Security".Study and Exam Prep Tips.
Learning As a Process. Study Tips. Exam Prep Tips.Practice Exam.
III. Appendixes.Appendix A. Glossary.
Description of the Path to Certification. About the Certification Program.Appendix C. What's on the CD-ROM.
PrepLogic Practice Tests, Preview Edition. Exclusive Electronic Version of Text.Appendix D. Using the PrepLogic Practice Tests, Preview Edition Software.
Exam Simulation. Software Requirements. Contacting PrepLogic. License Agreement.Index.
The errata for the book is available here in Adobe Portable Document Format (PDF) format. You will need Adobe's Acrobat Reader to view these files. If you do not have the Acrobat Reader installed, you may go to Adobe Systems' web site to download this free reader.
Click on the links below to display the PDF file in a new window. Right-click on the link and select Save As if you want to download it to your hard drive.Errata for the book - 19 KB -- 078972801Xerrata.pdf