E-Book, Englisch, 968 Seiten
Reihe: (ISC)2 Press
Hernandez, CISSP Official (ISC)2 Guide to the CISSP CBK, Second Edition
2. Auflage 2009
ISBN: 978-1-4398-0960-0
Verlag: Taylor & Francis
Format: PDF
Kopierschutz: 0 - No protection
E-Book, Englisch, 968 Seiten
Reihe: (ISC)2 Press
ISBN: 978-1-4398-0960-0
Verlag: Taylor & Francis
Format: PDF
Kopierschutz: 0 - No protection
With each new advance in connectivity and convenience comes a new wave of threats to privacy and security capable of destroying a company’s reputation, violating a consumer’s privacy, compromising intellectual property, and in some cases endangering personal safety. This is why it is essential for information security professionals to stay up to date with the latest advances in technology and the new security threats they create.
Recognized as one of the best tools available for the information security professional and especially for candidates studying for the (ISC)2 CISSP examination, the Official (ISC)2® Guide to the CISSP® CBK®, Second Edition has been updated and revised to reflect the latest developments in this ever-changing field. Endorsed by the (ISC)2, this book provides unrivaled preparation for the certification exam that is both up to date and authoritative. Compiled and reviewed by CISSPs and (ISC)2 members, the text provides an exhaustive review of the 10 current domains of the CBK—and the high-level topics contained in each domain.
Earning your CISSP is a deserving achievement that makes you a member of an elite network of professionals. This book not only provides you with the tools to effectively study for the exam, but also supplies you with ready access to best practices for implementing new technologies, dealing with current threats, incorporating new security tools, and managing the human factor of security—that will serve you well into your career.
Zielgruppe
Information security professionals, information security managers, and candidates for the CISSP certification
Autoren/Hrsg.
Fachgebiete
Weitere Infos & Material
INFORMATION SECURITY AND RISK MANAGEMENT
Introduction
The Business Case for Information Security Management
Core Information Security Principles: Availability, Integrity,
Information Security Management Governance
Organizational Behavior
Security Awareness, Training, and Education
Risk Management
Ethics
Data Classification Policy
Data Handling Policy
References
Other References
Sample Questions
ACCESS CONTROL
Introduction
Definitions and Key Concepts
Access Control Categories and Types
Access Control Threats
Access to Systems
Access to Data
Intrusion Detection and Prevention Systems
Access Control Assurance
References.
Sample Questions
CRYPTOGRAPHY
Introduction
Key Concepts and Definitions
Encryption Systems
Message Integrity Controls
Digital Signatures
Encryption Management
Cryptanalysis and Attacks
Encryption Usage
References
Sample Questions
PHYSICAL (ENVIRONMENTAL) SECURITY
Introduction
Site Location
The Layered Defense Model
Information Protection and Management Services
Summary
References
Sample Questions
SECURITY ARCHITECTURE AND DESIGN
Introduction
Security Architecture and Design Components and Principles
Security Models and Architecture Theory
Security Product Evaluation Methods and Criteria
Sample Questions
BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING
Introduction
Organization of the BCP/DRP Domain Chapter
Terminology
Appendix A: Addressing Legislative Compliance within Business Continuity Plans
TELECOMMUNICATIONS AND NETWORK SECURITY
Introduction
Basic Concepts
Layer 1: Physical Layer
Layer 2: Data-Link Layer
Layer 3: Network Layer
Layer 4: Transport Layer
Layer 5: Session Layer
Layer 6: Presentation Layer
Layer 7: Application Layer
Trivial File Transfer Protocol (TFTP)
General References
Sample Questions
Endnotes
APPLICATION SECURITY
Domain Description and Introduction
Applications Development and Programming Concepts and Protection
Audit and Assurance Mechanisms
Malicious Software (Malware)
The Database and Data Warehousing Environment
Web Application Environment
Summary
References
OPERATIONS SECURITY
Introduction
Privileged Entity Controls
Resource Protection
Continuity of Operations
Change Control Management
Summary
References
Sample Questions
LEGAL, REGULATIONS, COMPLIANCE AND INVESTIGATIONS
Introduction
Major Legal Systems
Information Technology Laws and Regulations
Incident Response
Computer Forensics
Conclusions
References
Sample Questions
ANSWERS TO SAMPLE QUESTIONS
CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP®) CANDIDATE INFORMATION BULLETIN
GLOSSARY
INDEX
