Atjaunināt sīkdatņu piekrišanu

E-grāmata: CISSP Study Guide

4.13/5 (252 ratings by Goodreads)
(Fellow, SANS Institute, Bethesda, MD, USA; Chief Technology Officer, Backshore Communications LLC., Peaks Island, ME, USA), (Fellow, SANS Institute, Bethesda, MD, USA; Principal Consultant, Context Security, LLC., Jackson, MI, USA),
  • Formāts: PDF+DRM
  • Izdošanas datums: 01-Sep-2012
  • Izdevniecība: Syngress Media,U.S.
  • Valoda: eng
  • ISBN-13: 9781597499682
Citas grāmatas par šo tēmu:
  • Formāts - PDF+DRM
  • Cena: 44,00 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
CISSP Study GuidePalielināt
  • Formāts: PDF+DRM
  • Izdošanas datums: 01-Sep-2012
  • Izdevniecība: Syngress Media,U.S.
  • Valoda: eng
  • ISBN-13: 9781597499682
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. The newest edition of this acclaimed study guide is aligned to cover all of the material included in the newest version of the exam’s Common Body of Knowledge. The ten domains are covered completely and as concisely as possible with an eye to acing the exam.

Each of the ten domains has its own chapter that includes specially designed pedagogy to aid the test-taker in passing the exam, including: Clearly stated exam objectives; Unique terms/Definitions; Exam Warnings; Learning by Example; Hands-On Exercises; Chapter ending questions. Furthermore, special features include: Two practice exams; Tiered chapter ending questions that allow for a gradual learning curve; and a self-test appendix

• Provides the most complete and effective study guide to prepare you for passing the CISSP exam-contains only what you need to pass the test, with no fluff!

• Eric Conrad has prepared hundreds of professionals for passing the CISSP exam through SANS, a popular and well-known organization for information security professionals.

• Covers all of the new information in the Common Body of Knowledge updated in January 2012, and also provides two practice exams, tiered end-of-chapter questions for a gradual learning curve, and a complete self-test appendix.



Recenzijas

"Gives you everything you need and nothing you don't. One of the temptations you face as an author of a certification prep book or course is to include information that you feel is important, but not related to preparation for the certification. Eric Conrad has shown incredible discipline in keeping this book focused on preparing you to take the CISSP." --Stephen Northcutt, President, The SANS Technology Institute 

Acknowledgments xvii
About the authors xix
Chapter 1 Introduction
1(8)
How to Prepare for the Exam
2(2)
The CISSP exam is a management exam
2(1)
The notes card approach
2(1)
Practice tests
3(1)
Read the glossary
3(1)
Readiness checklist
3(1)
Taking the Exam
4(3)
Steps to becoming a CISSP
4(1)
Computer-based testing (CBT)
4(1)
How to take the exam
5(1)
After the exam
6(1)
Good Luck!
7(2)
Chapter 2 Domain 1: Access Control
9(54)
Unique Terms and Definitions
9(1)
Introduction
9(1)
Cornerstone Information Security Concepts
10(7)
Confidentiality, integrity, and availability
11(2)
Identity and authentication, authorization, and accountability (AAA)
13(2)
Non-repudiation
15(1)
Least privilege and need to know
15(1)
Subjects and objects
16(1)
Defense in depth
16(1)
Access Control Models
17(7)
Discretionary Access Control (DAC)
17(1)
Mandatory Access Control (MAC)
18(1)
Non-discretionary access control
18(1)
Content- and context-dependent access controls
19(1)
Centralized access control
20(1)
Decentralized access control
20(1)
Access provisioning lifecycle
21(1)
Access control protocols and frameworks
22(2)
Procedural Issues for Access Control
24(3)
Labels, clearance, formal access approval, and need to know
24(2)
Rule-based access controls
26(1)
Access control lists
27(1)
Access Control Defensive Categories and Types
27(2)
Preventive
27(1)
Detective
28(1)
Corrective
28(1)
Recovery
28(1)
Deterrent
28(1)
Compensating
28(1)
Comparing access controls
29(1)
Authentication Methods
29(13)
Type 1 authentication: something you know
30(5)
Type 2 authentication: something you have
35(1)
Type 3 authentication: something you are
36(1)
Biometric fairness, psychological comfort, and safety
37(5)
Access Control Technologies
42(6)
Single sign-on (SSO)
42(1)
Federated identity management
43(1)
Kerberos
43(4)
Sesame
47(1)
Security audit logs
47(1)
Types of Attackers
48(6)
Hackers
48(1)
Black hats and white hats
49(1)
Script kiddies
49(1)
Outsiders
50(1)
Insiders
51(1)
Hacktivist
51(1)
Bots and botnets
52(1)
Phishers and spear phishers
53(1)
Assessing Access Control
54(3)
Penetration testing
54(2)
Vulnerability testing
56(1)
Security audits
57(1)
Security assessments
57(1)
Summary of Exam Objectives
57(1)
Self Test
58(2)
Self-Test Quick Answer Key
60(3)
Chapter 3 Domain 2: Telecommunications and Network Security
63(80)
Unique Terms and Definitions
63(1)
Introduction
63(1)
Network Architecture and Design
64(36)
Network defense-in-depth
64(1)
Fundamental network concepts
64(3)
The OSI Model
67(2)
TCP/IP model
69(1)
Encapsulation
70(1)
Network Access, Internet and Transport Layer Protocols, and Concepts
71(14)
Application layer TCP/IP protocols and concepts
85(4)
Layer
1. Network Cabling
89(3)
LAN technologies and protocols
92(2)
LAN Physical Network Topologies
94(2)
WAN technologies and protocols
96(4)
Network Devices and Protocols
100(23)
Repeaters and hubs
100(1)
Bridges
100(1)
Switches
101(2)
Network taps
103(1)
Routers
103(5)
Firewalls
108(6)
DTE/DCE and CSU/DSU
114(1)
Intrusion detection systems and intrusion prevention systems
115(3)
Endpoint security
118(2)
Honeypots
120(1)
Network attacks
121(1)
Network scanning tools
122(1)
Secure Communications
123(14)
Authentication protocols and frameworks
123(3)
VPN
126(2)
VoIP
128(1)
Wireless Local Area Networks
129(5)
Remote access
134(3)
Summary of Exam Objectives
137(1)
Self Test
138(2)
Self Test Quick Answer Key
140(3)
Chapter 4 Domain 3: Information Security Governance and Risk Management
143(26)
Unique Terms and Definitions
143(1)
Introduction
143(1)
Risk Analysis
144(10)
Assets
144(1)
Threats and vulnerabilities
144(1)
Risk = Threat × Vulnerability
145(2)
Calculating Annualized Loss Expectancy
147(1)
Total Cost of Ownership
148(1)
Return on Investment
149(1)
Budget and metrics
150(1)
Risk choices
151(2)
The Risk Management Process
153(1)
Information Security Governance
154(11)
Security policy and related documents
154(3)
Roles and responsibilities
157(1)
Personnel security
158(2)
Compliance with laws and regulations
160(1)
Due care and due diligence
161(1)
Best practice
161(1)
Auditing and control frameworks
162(2)
Certification and Accreditation
164(1)
Summary of Exam Objectives
165(1)
Self Test
165(2)
Self Test Quick Answer Key
167(2)
Chapter 5 Domain 4: Software Development Security
169(44)
Unique Terms and Definitions
169(1)
Introduction
169(1)
Programming Concepts
170(5)
Machine code, source code, and assemblers
170(1)
Compilers, interpreters, and bytecode
171(1)
Procedural and object-oriented languages
171(2)
Fourth-generation programming language
173(1)
Computer-aided software engineering (CASE)
173(1)
Top-down versus bottom-up programming
173(1)
Types of publicly released software
174(1)
Application Development Methods
175(11)
Waterfall model
176(1)
Sashimi model
177(2)
Agile software development
179(1)
Spiral
180(1)
Rapid application development (RAD)
181(1)
Prototyping
181(1)
SDLC
182(4)
Software escrow
186(1)
Object-Orientated Design and Programming
186(6)
Object-oriented programming (OOP)
186(5)
Object-oriented analysis (OOA) and object-oriented design (OOD)
191(1)
Software Vulnerabilities, Testing, and Assurance
192(5)
Software vulnerabilities
192(2)
Software testing methods
194(1)
Disclosure
195(1)
Software Capability Maturity Model (CMM)
196(1)
Software Change and Configuration Management
196(1)
Databases
197(6)
Types of databases
198(4)
Database integrity
202(1)
Database replication and shadowing
202(1)
Data warehousing and data mining
203(1)
Artificial Intelligence
203(3)
Expert systems
203(1)
Artificial neural networks
204(1)
Bayesian filtering
205(1)
Genetic algorithms and programming
206(1)
Summary of Exam Objectives
206(1)
Self Test
207(2)
Self Test Quick Answer Key
209(4)
Chapter 6 Domain 5: Cryptography
213(44)
Unique Terms and Definitions
213(1)
Introduction
213(1)
Cornerstone Cryptographic Concepts
213(5)
Key terms
214(1)
Confidentiality, integrity, authentication, and non-repudiation
214(1)
Confusion, diffusion, substitution, and permutation
214(1)
Cryptographic strength
215(1)
Monoalphabetic and polyalphabetic ciphers
215(1)
Modular math
216(1)
Exclusive Or (XOR)
216(1)
Types of cryptography
217(1)
Data at rest and data in motion
217(1)
History of Cryptography
218(10)
Egyptian hieroglyphics
218(1)
Spartan scytale
218(1)
Caesar cipher and other rotation ciphers
218(1)
Vigenere cipher
219(1)
Cipher disk
219(1)
Jefferson disks
220(2)
Book cipher and running-key cipher
222(1)
Codebooks
223(1)
One-time pad
224(3)
Cryptography laws
227(1)
Symmetric Encryption
228(8)
Stream and block ciphers
228(1)
Initialization vectors and chaining
228(1)
DES
229(4)
International Data Encryption Algorithm
233(1)
Advanced Encryption Standard
233(3)
Blowfish and Twofish
236(1)
RC5 and RC6
236(1)
Asymmetric Encryption
236(2)
Asymmetric methods
236(2)
Hash Functions
238(1)
Collisions
238(1)
MD5
239(1)
Secure Hash Algorithm
239(1)
Haval
239(1)
Cryptographic Attacks
239(5)
Brute force
239(1)
Social engineering
240(1)
Rainbow tables
240(1)
Known plaintext
241(1)
Chosen plaintext and adaptive chosen plaintext
241(1)
Chosen ciphertext and adaptive chosen ciphertext
242(1)
Meet-in-the-middle attack
242(1)
Known key
242(1)
Differential cryptanalysis
242(1)
Linear cryptanalysis
243(1)
Side-channel attacks
243(1)
Implementation attacks
243(1)
Birthday attack
243(1)
Key clustering
244(1)
Implementing Cryptography
244(7)
Digital signatures
244(1)
Message Authenticate Code
245(1)
Public key infrastructure
246(1)
SSL and TLS
247(1)
IPsec
247(1)
AH and ESP
248(1)
IKE
249(1)
PGP
249(1)
S/MIME
249(1)
Escrowed encryption
249(1)
Steganography
250(1)
Digital watermarks
251(1)
Summary of Exam Objectives
251(1)
Self Test
252(2)
Self Test Quick Answer Key
254(3)
Chapter 7 Domain 6: Security Architecture and Design
257(50)
Unique Terms and Definitions
257(1)
Introduction
257(1)
Secure System Design Concepts
258(3)
Layering
258(1)
Abstraction
258(1)
Security domains
259(1)
The ring model
259(1)
Open and closed systems
260(1)
Secure Hardware Architecture
261(9)
The system unit and motherboard
261(1)
The computer bus
261(1)
The CPU
261(3)
Memory
264(2)
Memory protection
266(4)
Secure Operating System and Software Architecture
270(3)
The kernel
270(1)
Users and file permissions
270(3)
Virtualization and Distributed Computing
273(5)
Virtualization
273(2)
Cloud computing
275(1)
Grid computing
276(1)
Peer to peer
276(1)
Thin clients
277(1)
System Vulnerabilities, Threats, and Countermeasures
278(12)
Emanations
278(1)
Covert channels
278(1)
Buffer overflows
279(1)
TOCTOU/Race conditions
280(1)
Backdoors
280(1)
Malicious code (malware)
281(1)
Server-side attacks
282(1)
Client-side attacks
283(1)
Web architecture and attacks
284(2)
Mobile device attacks
286(1)
Database security
287(2)
Countermeasures
289(1)
Security Models
290(9)
Reading down and writing up
290(1)
State machine model
291(1)
Bell-LaPadula model
291(1)
Lattice-based access controls
292(1)
Integrity models
292(2)
Information flow model
294(1)
Chinese Wall model
294(1)
Noninterference
295(1)
Take-grant
295(1)
Access control matrix
295(1)
Zachman Framework for Enterprise Architecture
296(1)
Graham-Denning Model
297(1)
Harrison-Ruzzo-Ullman Model
297(1)
Modes of Operation
298(1)
Evaluation Methods, Certification, and Accreditation
299(3)
The Orange Book
299(1)
ITSEC
300(1)
The International Common Criteria
301(1)
PCI-DSS
302(1)
Certification and accreditation
302(1)
Summary of Exam Objectives
302(1)
Self Test
303(2)
Self Test Quick Answer Key
305(2)
Chapter 8 Domain 7: Operations Security
307(36)
Unique Terms and Definitions
307(1)
Introduction
307(1)
Administrative Security
308(4)
Administrative Personnel Controls
308(3)
Privilege monitoring
311(1)
Sensitive Information and Media Security
312(2)
Sensitive information
312(2)
Asset Management
314(5)
Configuration management
315(3)
Change management
318(1)
Continuity of Operations
319(8)
Service Level Agreements (SLAs)
319(1)
Fault tolerance
320(7)
Incident Response Management
327(10)
Methodology
328(4)
Types of attacks
332(5)
Summary of Exam Objectives
337(3)
Self Test
340(2)
Self Test Quick Answer Key
342(1)
Chapter 9 Domain 8: Business Continuity and Disaster Recovery Planning
343(46)
Unique Terms and Definitions
343(1)
Introduction
343(1)
BCP and DRP Overview and Process
344(11)
Business continuity planning (BCP)
344(1)
Disaster recovery planning (DRP)
345(1)
Relationship between BCP and DRP
345(1)
Disasters or disruptive events
346(7)
The disaster recovery process
353(2)
Developing a BCP/DRP
355(18)
Project initiation
355(3)
Scoping the project
358(1)
Assessing the critical state
359(1)
Conduct Business Impact Analysis (BIA)
359(5)
Identify preventive controls
364(1)
Recovery strategy
364(4)
Related plans
368(5)
Plan approval
373(1)
Backups and Availability
373(4)
Hardcopy data
374(1)
Electronic backups
374(3)
Software escrow
377(1)
DRP Testing, Training, and Awareness
377(3)
DRP testing
377(2)
Training
379(1)
BCP/DRP Maintenance
380(1)
Change management
380(1)
BCP/DRP version control
380(1)
BCP/DRP mistakes
381(1)
Specific BCP/DRP Frameworks
381(2)
NIST SP 800-34
381(1)
ISO/IEC-27031
381(1)
BS-25999
382(1)
BCI
382(1)
Summary of Exam Objectives
383(1)
Self Test
383(2)
Self Test Quick Answer Key
385(4)
Chapter 10 Domain 9: Legal, Regulations, Investigations, and Compliance
389(40)
Unique Terms and Definitions
389(1)
Introduction
390(1)
Major legal systems
390(1)
Civil law (legal system)
390(1)
Common law
390(1)
Religious law
391(1)
Other systems
391(1)
Criminal, Civil, and Administrative Law
391(2)
Criminal Law
392(1)
Civil Law
392(1)
Administrative law
393(1)
Information Security Aspects of Law
393(11)
Computer crime
394(1)
Intellectual property
395(4)
Import and export restrictions
399(1)
Privacy
400(3)
Transborder data flow
403(1)
Liability
403(1)
Forensics
404(5)
Forensic Media Analysis
405(2)
Network forensics
407(1)
Forensic software analysis
408(1)
Embedded device forensics
408(1)
Incident response
408(1)
Legal Aspects of Investigations
409(5)
Evidence
409(2)
Evidence integrity
411(1)
Chain of custody
411(1)
Reasonable searches
412(2)
Entrapment and enticement
414(1)
Important Laws and Regulations
414(4)
U.S. Computer Fraud and Abuse Act
414(3)
USA Patriot Act
417(1)
HIPAA
417(1)
U.S. breach notification laws
418(1)
Security and Third Parties
418(2)
Service provider contractual security
418(1)
Procurement
419(1)
Vendor governance
420(1)
Ethics
420(3)
The (ISC)2® Code of Ethics
420(2)
Computer Ethics Institute
422(1)
IAB's Ethics and the Internet
422(1)
Summary of Exam Objectives
423(1)
Self Test
424(2)
Self Test Quick Answer Key
426(3)
Chapter 11 Domain 10: Physical (Environmental) Security
429(34)
Unique Terms and Definitions
429(1)
Introduction
429(1)
Perimeter Defenses
430(12)
Fences
430(1)
Gates
430(1)
Bollards
430(1)
Lights
431(1)
CCTV
432(1)
Locks
433(4)
Smart cards and magnetic stripe cards
437(1)
Tailgating/piggybacking
438(1)
Mantraps and turnstiles
439(1)
Contraband checks
439(1)
Motion detectors and other perimeter alarms
439(1)
Doors and windows
440(1)
Walls, floors, and ceilings
441(1)
Guards
441(1)
Dogs
442(1)
Restricted areas and escorts
442(1)
Site Selection, Design, and Configuration
442(2)
Site selection issues
443(1)
Site design and configuration issues
443(1)
System Defenses
444(4)
Asset tracking
445(1)
Port controls
445(1)
Drive and tape encryption
445(1)
Media storage and transportation
446(1)
Media cleaning and destruction
446(2)
Environmental Controls
448(11)
Electricity
448(2)
HVAC
450(1)
Heat, flame, and smoke detectors
451(1)
Personnel safety, training, and awareness
452(1)
ABCD fires and suppression
453(2)
Types of fire suppression agents
455(4)
Summary of Exam Objectives
459(1)
Self Test
460(2)
Self Test Quick Answer Key
462(1)
Appendix: Self Test 463(50)
Glossary 513(36)
Index 549
Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GMON, GISP), is a SANS fellow and Chief Technology Officer of Backshore Communications, which provides threat hunting, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He is coauthor of MGT414: SANS Training Program for the CISSP Certification, SEC511: Continuous Monitoring and Security Operations, and SEC542: Web App Penetration Testing and Ethical Hacking. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering. Seth Misenar (CISSP®, GSE, GDSA, GDAT, GMON, GCDA, GCIH, GCIA, GCFA) is a Fellow with the SANS Institute and also serves as Principal Consultant for Jackson, Mississippi-based Context Security, LLC. His cyber security background includes research, host-based and network intrusion detection, architecture design, and general security consulting. Seth previously served as a physical and network security consultant for Fortune 100 companies and a state government agencys HIPAA and information security officer. He has partnered with the SANS Institute for over 15 years, teaching and authoring courseware and facilitating instructor development. Seth is pursuing a Master of Science degree in Information Security Engineering from the SANS Technology Institute and holds a Bachelor of Science degree from Millsaps College. Joshua Feldman (CISSP) is Senior Vice President for Security Technology at the Radian Group a real estate and mortgage insurance conglomerate. His mission is focused on protecting over 10M US consumer financial records. He is the executive responsible for all aspects of Radians technical security program. Previous security roles included work at Moodys Credit Ratings, Corning Inc, and the US Department of Defense and Department of State.

In 2008, Joshua was Eric's student when studying for the CISSP exam and was so impressed with Erics mastery of the materials that he invited Eric to work with him at the DoD. Quickly after starting work, Eric invited Seth. That project ran successfully for over eight years a testament to the value brought for US military cyber professionals.

Joshua got his start in the cyber security field when he left his public-school science teaching position in 1997 and began working for Network Flight Recorder (NFR, Inc.), a small Washington, DC based startup making the first generation of Network Intrusion Detection Systems. He has a Bachelors of Science from the University of Maryland and a Masters in Cyber Operations from National Defense University. He currently resides in Philadelphia with his little dog, Jacky-boy.
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97815974996822e.html