Atjaunināt sīkdatņu piekrišanu

Eleventh Hour CISSP: Study Guide 2nd edition [Mīkstie vāki]

4.25/5 (545 ratings by Goodreads)
(Senior Vice President for Security Technology, Radian Group, Wayne, PA, USA), (Fellow, SANS Institute, Bethesda, MD, USA; Chie), (Fellow, SANS Institute, Bethesda, MD, USA; Principal Consultant, Context Security, LLC., Jackson, MI, USA)
  • Formāts: Paperback / softback, 216 pages, height x width: 235x191 mm, weight: 450 g, Illustrated; Illustrations
  • Izdošanas datums: 29-Nov-2013
  • Izdevniecība: Syngress Media,U.S.
  • ISBN-10: 0124171427
  • ISBN-13: 9780124171428
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 38,24 €*
  • * Šī grāmata vairs netiek publicēta. Jums tiks paziņota lietotas grāmatas cena
  • Šī grāmata vairs netiek publicēta. Jums tiks paziņota lietotas grāmatas cena.
  • Daudzums:
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
Eleventh Hour CISSP: Study Guide 2nd editionPalielināt
  • Formāts: Paperback / softback, 216 pages, height x width: 235x191 mm, weight: 450 g, Illustrated; Illustrations
  • Izdošanas datums: 29-Nov-2013
  • Izdevniecība: Syngress Media,U.S.
  • ISBN-10: 0124171427
  • ISBN-13: 9780124171428
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9780124171428.html

Eleventh Hour CISSP provides you with a study guide keyed directly to the most current version of the CISSP exam. This book is streamlined to include only core certification information and is presented for ease of last minute studying. Main objectives of the exam are covered concisely with key concepts highlighted.

The CISSP certification is the most prestigious, globally recognized, vendor neutral exam for information security professionals. Over 67,000 professionals are certified worldwide with many more joining their ranks. This new Second Edition is aligned to cover all of the material in the most current version of the exam’s Common Body of Knowledge. All 10 domains are covered as completely and as concisely as possible, giving you the best possible chance of acing the exam.

  • All-new Second Edition updated for the most current version of the exam’s Common Body of Knowledge
  • The only guide you need for last minute studying
  • Answers the toughest questions and highlights core topics
  • No fluff - streamlined for maximum efficiency of study – perfect for professionals who are updating their certification or taking the test for the first time

Recenzijas

"Eleventh Hour CISSP Study Guide provides an effective and efficient review of the CISSP ten domains by eliminating the fluff that is in most CISSP study guides. For security professionals in a time crunch or those looking for a last-minute refresher, this is a must-read before taking the exam." --Tony Flick, CISSP, Author of Securing the Smart Grid and Principal at FYRM Associates

Papildus informācija

Streamlined, no fluff approach gives you all the information you need for last minute studying to pass the CISSP exam.
Author biography xv
Chapter 1 Domain 1: Access Control
1(22)
Introduction
1(1)
Cornerstone information security concepts
1(1)
Confidentiality, integrity, and availability
1(1)
Identity and authentication, authorization, and accountability
2(1)
Nonrepudiation
3(1)
Least privilege and need to know
3(1)
Subjects and objects
3(1)
Defense-in-depth
4(1)
Access control models
4(1)
Discretionary access controls
4(1)
Mandatory access controls
4(1)
Nondiscretionary access control
4(1)
Rule-based access controls
5(1)
Centralized access control
5(1)
Access control lists
5(1)
Access provisioning lifecycle
5(1)
Access control protocols and frameworks
6(1)
Access control defensive categories and types
7(1)
Preventive
7(1)
Detective
8(1)
Corrective
8(1)
Recovery
8(1)
Deterrent
8(1)
Compensating
8(1)
Authentication methods
8(7)
Type 1 Authentication: something you know
9(2)
Type 2 Authentication: something you have
11(1)
Type 3 Authentication: something you are
11(4)
Someplace you are
15(1)
Access control technologies
16(1)
Single sign-on
16(1)
Federated identity management
16(1)
Kerberos
16(1)
Sesame
17(1)
Assessing access control
17(1)
Penetration testing
17(1)
Vulnerability testing
18(1)
Security audits
18(1)
Security assessments
19(1)
Summary of exam objectives
19(1)
Top five toughest questions
19(1)
Self-Test quick answer key
20(1)
Endnotes
21(2)
Chapter 2 Domain 2: Telecommunications and Network Security
23(22)
Introduction
23(1)
Network architecture and design
23(1)
Fundamental network concepts
23(1)
The OSI model
24(2)
The TCP/IP model
26(2)
Application-Layer TCP/IP protocols and concepts
28(1)
LAN technologies and protocols
29(1)
WAN technologies and protocols
30(1)
Network devices and protocols
30(1)
Repeaters and hubs
30(1)
Bridges
31(1)
Switches
31(1)
Routers
32(1)
Firewalls
32(1)
Modem
33(1)
Intrusion Detection Systems and Intrusion Prevention Systems
34(1)
Endpoint security
34(1)
Secure communications
35(1)
Authentication protocols and frameworks
35(1)
VPN
36(1)
VoIP
37(1)
Wireless Local Area Networks
37(2)
RFID
39(1)
Remote access
39(2)
Summary of exam objectives
41(1)
Top five toughest questions
41(1)
Self-Test quick answer key
42(3)
Chapter 3 Domain 3: Information Security Governance and Risk Management
45(18)
Introduction
45(1)
Risk Analysis
45(1)
Assets
45(1)
Threats and vulnerabilities
46(1)
Risk = threat x vulnerability
46(1)
Impact
46(1)
Risk Analysis Matrix
46(1)
Calculating Annualized Loss Expectancy
47(1)
Total Cost of Ownership
48(1)
Return on Investment
49(1)
Budget and metrics
50(1)
Risk choices
50(1)
Qualitative and Quantitative Risk Analysis
51(1)
The Risk Management process
51(1)
Information Security Governance
52(1)
Security policy and related documents
52(2)
Roles and responsibilities
54(1)
Personnel security
55(1)
Privacy
56(1)
Due care and due diligence
57(1)
Best practice
57(1)
Auditing and control frameworks
57(2)
Certification and Accreditation
59(1)
Summary of exam objectives
59(1)
Top five toughest questions
60(1)
Answers
61(1)
Endnotes
61(2)
Chapter 4 Domain 4: Software Development Security
63(14)
Introduction
63(1)
Programming concepts
63(1)
Machine code, source code, and assemblers
63(1)
Compilers, interpreters, and bytecode
64(1)
Types of publicly released software
64(1)
Application development methods
64(1)
Waterfall Model
65(1)
Spiral
65(1)
Agile Software Development
65(1)
Rapid Application Development
65(1)
SDLC
65(1)
Object-Oriented Programming
66(2)
Object Request Brokers
68(1)
Software vulnerabilities, testing, and assurance
69(1)
Software vulnerabilities
69(1)
Disclosure
70(1)
Software Capability Maturity Model
70(1)
Databases
71(3)
Database integrity
74(1)
Database replication and shadowing
74(1)
Summary of exam objectives
74(1)
Top five toughest questions
75(1)
Self-Test quick answer key
75(1)
Endnotes
76(1)
Chapter 5 Domain 5: Cryptography
77(18)
Introduction
77(1)
Cornerstone cryptographic concepts
77(1)
Key terms
77(1)
Confidentiality, integrity, authentication, and nonrepudiation
78(1)
Substitution and permutation
78(1)
Cryptographic strength
78(1)
Monoalphabetic and polyalphabetic ciphers
78(1)
Exclusive Or (XOR)
79(1)
Types of cryptography
79(1)
Symmetric encryption
79(1)
Stream and block ciphers
80(1)
Initialization vectors and chaining
80(1)
DES
80(2)
International Data Encryption Algorithm
82(1)
Advanced Encryption Standard
83(1)
Blowfish and Twofish
83(1)
RC5 and RC6
83(1)
Asymmetric encryption
84(1)
Asymmetric methods
84(1)
Hash functions
85(1)
MD5
85(1)
Secure Hash Algorithm
85(1)
HAVAL
86(1)
Cryptographic attacks
86(1)
Brute force
86(1)
Known plaintext
86(1)
Chosen plaintext and adaptive-chosen plaintext
86(1)
Chosen ciphertext and adaptive-chosen ciphertext
86(1)
Meet-in-the-middle attack
87(1)
Known key
87(1)
Differential cryptanalysis
87(1)
Linear cryptanalysis
87(1)
Side-channel attacks
87(1)
Implementing cryptography
87(1)
Digital signatures
88(1)
Public Key Infrastructure
89(1)
SSL and TLS
89(1)
IPsec
90(1)
PGP
91(1)
S/MIME
91(1)
Escrowed encryption
91(1)
Summary of exam objectives
91(1)
Top five toughest questions
92(1)
Answers
92(1)
Endnotes
93(2)
Chapter 6 Domain 6: Security Architecture and Design
95(22)
Introduction
95(1)
Secure system design concepts
95(1)
Layering
95(1)
Abstraction
96(1)
Security domains
96(1)
The ring model
96(1)
Secure Hardware Architecture
97(1)
The system unit and motherboard
97(1)
The computer bus
97(1)
The CPU
98(2)
Memory
100(1)
Memory protection
101(1)
Secure operating system and software architecture
102(1)
The kernel
102(1)
Virtualization
103(1)
Cloud computing
103(1)
Grid computing
104(1)
Peer-to-peer
105(1)
Thin clients
105(1)
System vulnerabilities, threats, and countermeasures
105(1)
Covert channels
105(1)
Buffer overflows
105(1)
TOCTOU/race conditions
105(1)
Maintenance Hooks
106(1)
Malicious code (malware)
106(1)
Web architecture and attacks
107(1)
Mobile device attacks
108(1)
Database security
109(1)
Security models
109(1)
Bell-LaPadula model
109(1)
Lattice-based access controls
110(1)
Integrity models
110(1)
Chinese Wall model
111(1)
Access control matrix
111(1)
Evaluation methods, Certification, and Accreditation
111(1)
The Orange Book
112(1)
ITSEC
112(1)
The International Common Criteria
113(1)
PCI-DSS
113(1)
Certification and Accreditation
113(1)
Summary of exam objectives
114(1)
Top five toughest questions
114(1)
Answers
115(1)
Endnotes
116(1)
Chapter 7 Domain 7: Operations Security
117(18)
Introduction
117(1)
Administrative security
117(1)
Labels
117(1)
Clearance
118(1)
Separation of duties
118(1)
Rotation of duties
118(1)
Mandatory leave/forced vacation
118(1)
Nondisclosure agreement
119(1)
Background checks
119(1)
Sensitive information/media security
119(1)
Sensitive information
119(2)
Asset management
121(1)
Configuration management
121(1)
Change management
122(1)
Continuity of operations
123(1)
Service-Level Agreements
123(1)
Fault tolerance
123(4)
Incident response management
127(1)
Methodology
127(2)
Types of attacks
129(2)
Summary of exam objectives
131(1)
Top five toughest questions
131(1)
Answers
132(1)
Endnotes
133(2)
Chapter 8 Domain 8: Business Continuity and Disaster Recovery Planning
135(20)
Introduction
135(1)
BCP and DRP overview and process
135(1)
Business Continuity Planning
135(1)
Disaster Recovery Planning
136(1)
Relationship between BCP and DRP
136(1)
Disasters or disruptive events
137(1)
The Disaster Recovery Process
138(1)
Developing a BCP/DRP
139(1)
Project Initiation
140(1)
Assessing the critical state
140(1)
Conduct Business Impact Analysis
140(2)
Identify Preventive Controls
142(1)
Recovery strategy
143(1)
Related plans
144(1)
Call Trees
144(1)
DRP testing and training
145(1)
DRP testing
146(2)
Training
148(1)
Continued BCP/DRP maintenance
148(1)
Change management
148(1)
BCP/DRP mistakes
149(1)
Specific BCP/DRP frameworks
149(1)
NIST SP 800--34
149(1)
ISO/IEC 27031
149(1)
BCI
150(1)
Summary of exam objectives
150(1)
Top five toughest questions
151(1)
Answers
151(2)
Endnotes
153(2)
Chapter 9 Domain 9: Legal, Regulations, Investigations, and Compliance
155(16)
Introduction
155(1)
Major legal systems
155(1)
Civil law (legal system)
155(1)
Common law
156(1)
Religious and customary law
156(1)
Criminal, civil, and administrative law
156(1)
Criminal law
156(1)
Civil law
157(1)
Administrative law
157(1)
Information security aspects of law
158(1)
Computer crime
158(1)
Intellectual property
158(2)
Import/export restrictions
160(1)
Legal aspects of investigations
160(1)
Evidence
161(1)
Evidence integrity
161(1)
Entrapment and enticement
161(1)
Privacy, important laws, and regulations
162(1)
Privacy
162(1)
US Computer Fraud and Abuse Act
163(1)
USA PATRIOT Act
163(1)
Forensics
164(1)
Forensic media analysis
164(1)
Network forensics
164(1)
Embedded device forensics
165(1)
Security and third parties
165(1)
Service provider contractual security
165(1)
Vendor governance
166(1)
Ethics
166(1)
The (ISC)2 © Code of Ethics
166(1)
Computer Ethics Institute
167(1)
IAB's Ethics and the Internet
168(1)
Summary of exam objectives
168(1)
Top five toughest questions
168(1)
Answers
169(1)
Endnotes
170(1)
Chapter 10 Domain 10: Physical (Environmental) Security
171(16)
Introduction
171(1)
Perimeter defenses
171(1)
Fences
171(1)
Gates
171(1)
Bollards
172(1)
Lights
172(1)
CCTV
172(1)
Locks
172(1)
Smart cards and magnetic stripe cards
173(1)
Tailgating/piggybacking
173(1)
Mantraps and turnstiles
173(1)
Contraband checks
174(1)
Motion detectors and other perimeter alarms
174(1)
Doors and windows
174(1)
Walls, floors, and ceilings
174(1)
Guards
175(1)
Dogs
175(1)
Site selection, design, and configuration
175(1)
Site selection issues
175(1)
Site design and configuration issues
175(1)
System defenses
176(1)
Asset tracking
176(1)
Port controls
176(1)
Drive and tape encryption
177(1)
Media storage and transportation
177(1)
Media cleaning and destruction
177(1)
Environmental controls
178(1)
Electricity
178(1)
HVAC
178(1)
Heat, flame, and smoke detectors
179(1)
Personnel safety, training, and awareness
179(1)
ABCD fires and suppression
180(1)
Types of fire suppression agents
180(3)
Summary of Exam Objectives
183(1)
Top five toughest questions
183(1)
Answers
184(3)
Index 187
Joshua Feldman (CISSP) is Senior Vice President for Security Technology at the Radian Group a real estate and mortgage insurance conglomerate. His mission is focused on protecting over 10M US consumer financial records. He is the executive responsible for all aspects of Radians technical security program. Previous security roles included work at Moodys Credit Ratings, Corning Inc, and the US Department of Defense and Department of State.

In 2008, Joshua was Eric's student when studying for the CISSP exam and was so impressed with Erics mastery of the materials that he invited Eric to work with him at the DoD. Quickly after starting work, Eric invited Seth. That project ran successfully for over eight years a testament to the value brought for US military cyber professionals.

Joshua got his start in the cyber security field when he left his public-school science teaching position in 1997 and began working for Network Flight Recorder (NFR, Inc.), a small Washington, DC based startup making the first generation of Network Intrusion Detection Systems. He has a Bachelors of Science from the University of Maryland and a Masters in Cyber Operations from National Defense University. He currently resides in Philadelphia with his little dog, Jacky-boy. Seth Misenar (CISSP®, GSE, GDSA, GDAT, GMON, GCDA, GCIH, GCIA, GCFA) is a Fellow with the SANS Institute and also serves as Principal Consultant for Jackson, Mississippi-based Context Security, LLC. His cyber security background includes research, host-based and network intrusion detection, architecture design, and general security consulting. Seth previously served as a physical and network security consultant for Fortune 100 companies and a state government agencys HIPAA and information security officer. He has partnered with the SANS Institute for over 15 years, teaching and authoring courseware and facilitating instructor development. Seth is pursuing a Master of Science degree in Information Security Engineering from the SANS Technology Institute and holds a Bachelor of Science degree from Millsaps College. Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GMON, GISP), is a SANS fellow and Chief Technology Officer of Backshore Communications, which provides threat hunting, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He is coauthor of MGT414: SANS Training Program for the CISSP Certification, SEC511: Continuous Monitoring and Security Operations, and SEC542: Web App Penetration Testing and Ethical Hacking. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering.