CISSP Cert Guide

Name: CISSP Cert Guide
Price: 559 SEK
Availability: InStock

AvRobin Abernathy,Darren Hayes

2022

Del i serien Certification Guide

559 kr

Beställningsvara. Skickas inom 7-10 vardagar. Fri frakt över 249 kr.

Fler format och utgåvor

Häftad

582 kr

Beskrivning

Learn, prepare, and practice for CISSP exam success with this Cert Guide from Pearson IT Certification, a leader in IT certification learning.

Master the latest CISSP exam topics
Assess your knowledge with chapter-ending quizzes
Review key concepts with exam preparation tasks
Practice with realistic exam questions

Get practical guidance for test taking strategies

CISSP Cert Guide, Fourth Edition is a comprehensive exam study guide. Leading IT certification experts Robin Abernathy and Darren Hayes share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The companion website contains the powerful Pearson Test Prep practice test software engine, complete with hundreds of exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this CISSP study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

This study guide helps you master all the topics on the CISSP exam, including

Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security

Produktinformation

Utgivningsdatum:2022-11-09
Höjd:195 x 239 x 53 mm
Vikt:1 700 g
Språk:Engelska
Serie:Certification Guide
Antal sidor:928
Upplaga:4
Förlag:Pearson Education
EAN:9780137507474

Utforska kategorier

It-certifieringar inom Data och IT

Mer om författaren

Robin M. Abernathy has been working in the IT certification preparation industry for more than 20 years. She has written and edited certification preparation materials for many (ISC)2, Microsoft, CompTIA, PMI, ITIL, ISACA, and GIAC certifications and holds multiple IT certifications from these vendors.Robin provides training on computer hardware and software, networking, security, and project management. Over the past decade, she has ventured into the traditional publishing industry by technically editing several publications and co-authoring Pearson's CISSP Cert Guide and CASP+ Cert Guide and authoring Pearson's Project+ Cert Guide. She presents at technical conferences and hosts webinars on IT certification topics.Dr. Darren R. Hayes has close to 20 years of academic and professional experience in computer security and digital forensics. He has authored numerous publications in these fields, including A Practical Guide to Digital Forensics Investigations, which is published by Pearson. He is Associate Professor at Pace University, where he is the founder and director of the Seidenberg Digital Forensics Research Lab. He holds numerous IT certifications in security and digital forensics and holds a PhD from Sapienza University in Italy and a doctorate from Pace University.Darren is also a professional digital forensics examiner and has supported both criminal and civil investigations over the past decade and a half. He has also been declared an expert witness in federal court.

Innehållsförteckning

Introduction xlviiChapter 1 Security and Risk Management 5Security Terms 6CIA 6Auditing and Accounting 7Non-repudiation 8Default Security Posture 8Defense in Depth 9Abstraction 10Data Hiding 10Encryption 10Security Governance Principles 10Security Function Alignment 12Organizational Processes 14Organizational Roles and Responsibilities 16Security Control Frameworks 20Due Care and Due Diligence 38Compliance 38Contractual, Legal, Industry Standards, and Regulatory Compliance 40Privacy Requirements Compliance 40Legal and Regulatory Issues 41Computer Crime Concepts 41Major Legal Systems 43Licensing and Intellectual Property 46Cyber Crimes and Data Breaches 50Import/Export Controls 51Trans-Border Data Flow 51Privacy 52Investigation Types 62Operations/Administrative 63Criminal 63Civil 64Regulatory 64Industry Standards 64eDiscovery 67Professional Ethics 67(ISC)2 Code of Ethics 67Computer Ethics Institute 68Internet Architecture Board 68Organizational Code of Ethics 69Security Documentation 69Policies 70Processes 72Procedures 72Standards 73Guidelines 73Baselines 73Business Continuity 73Business Continuity and Disaster Recovery Concepts 73Scope and Plan 77BIA Development 81Personnel Security Policies and Procedures 85Candidate Screening and Hiring 85Employment Agreements and Policies 87Employee Onboarding and Offboarding Policies 88Vendor, Consultant, and Contractor Agreements and Controls 88Compliance Policy Requirements 89Privacy Policy Requirements 89Job Rotation 89Separation of Duties 89Risk Management Concepts 90Asset and Asset Valuation 90Vulnerability 91Threat 91Threat Agent 91Exploit 91Risk 91Exposure 92Countermeasure 92Risk Appetite 92Attack 93Breach 93Risk Management Policy 94Risk Management Team 94Risk Analysis Team 94Risk Assessment 95Implementation 100Control Categories 100Control Types 102Controls Assessment, Monitoring, and Measurement 108Reporting and Continuous Improvement 108Risk Frameworks 109A Risk Management Standard by the Federation of European Risk Management Associations (FERMA) 128Geographical Threats 129Internal Versus External Threats 129Natural Threats 130System Threats 131Human-Caused Threats 133Politically Motivated Threats 135Threat Modeling 137Threat Modeling Concepts 138Threat Modeling Methodologies 138Identifying Threats 141Potential Attacks 142Remediation Technologies and Processes 143Security Risks in the Supply Chain 143Risks Associated with Hardware, Software, and Services 144Third-Party Assessment and Monitoring 144Minimum Service-Level and Security Requirements 145Service-Level Requirements 146Security Education, Training, and Awareness 147Levels Required 147Methods and Techniques 148Periodic Content Reviews 148Review All Key Topics 148Complete the Tables and Lists from Memory 150Define Key Terms 150Answers and Explanations 157Chapter 2 Asset Security 165Asset Security Concepts 166Asset and Data Policies 166Data Quality 167Data Documentation and Organization 168Identify and Classify Information and Assets 169Data and Asset Classification 170Sensitivity and Criticality 170Private Sector Data Classifications 175Military and Government Data Classifications 176Information and Asset Handling Requirements 177Marking, Labeling, and Storing 178Destruction 178Provision Resources Securely 179Asset Inventory and Asset Management 179Data Life Cycle 180Databases 182Roles and Responsibilities 188Data Collection and Limitation 191Data Location 192Data Maintenance 192Data Retention 193Data Remanence and Destruction 193Data Audit 194Asset Retention 195Data Security Controls 197Data Security 197Data States 197Data Access and Sharing 198Data Storage and Archiving 199Baselines 200Scoping and Tailoring 201Standards Selection 201Data Protection Methods 202Review All Key Topics 205Define Key Terms 205Answers and Explanations 207Chapter 3 Security Architecture and Engineering 213Engineering Processes Using Secure Design Principles 214Objects and Subjects 215Closed Versus Open Systems 215Threat Modeling 215Least Privilege 216Defense in Depth 216Secure Defaults 216Fail Securely 217Separation of Duties (SoD) 217Keep It Simple 218Zero Trust 218Privacy by Design 218Trust but Verify 219Shared Responsibility 219Security Model Concepts 220Confidentiality, Integrity, and Availability 220Confinement 220Bounds 221Isolation 221Security Modes 221Security Model Types 222Security Models 226System Architecture Steps 230ISO/IEC 42010:2011 231Computing Platforms 231Security Services 234System Components 235System Security Evaluation Models 244TCSEC 245ITSEC 248Common Criteria 250Security Implementation Standards 252Controls and Countermeasures 255Certification and Accreditation 256Control Selection Based on Systems Security Requirements 256Security Capabilities of Information Systems 257Memory Protection 257Trusted Platform Module 258Interfaces 259Fault Tolerance 259Policy Mechanisms 260Encryption/Decryption 260Security Architecture Maintenance 261Vulnerabilities of Security Architectures, Designs, and Solution Elements 261Client-Based Systems 262Server-Based Systems 263Database Systems 264Cryptographic Systems 265Industrial Control Systems 265Cloud-Based Systems 268Large-Scale Parallel Data Systems 274Distributed Systems 275Grid Computing 275Peer-to-Peer Computing 275Internet of Things 276Microservices 280Containerization 281Serverless Systems 281High-Performance Computing Systems 282Edge Computing Systems 282Virtualized Systems 283Vulnerabilities in Web-Based Systems 283Maintenance Hooks 284Time-of-Check/Time-of-Use Attacks 284Web-Based Attacks 285XML 285SAML 285OWASP 286Vulnerabilities in Mobile Systems 286Device Security 287Application Security 287Mobile Device Concerns 287NIST SP 800-164 290Vulnerabilities in Embedded Systems 291Cryptographic Solutions 292Cryptography Concepts 292Cryptography History 294Cryptosystem Features 298NIST SP 800-175A and B 299Cryptographic Mathematics 300Cryptographic Life Cycle 302Cryptographic Types 304Running Key and Concealment Ciphers 305Substitution Ciphers 305Transposition Ciphers 307Symmetric Algorithms 308Asymmetric Algorithms 310Hybrid Ciphers 311Elliptic Curves 312Quantum Cryptography 312Symmetric Algorithms 312DES and 3DES 313AES 316IDEA 317Skipjack 317Blowfish 317Twofish 318RC4/RC5/RC6/RC7 318CAST 318Asymmetric Algorithms 319Diffie-Hellman 320RSA 320El Gamal 321ECC 321Knapsack 322Zero-Knowledge Proof 322Public Key Infrastructure and Digital Certificates 322Certificate Authority and Registration Authority 323Certificates 323Certificate Life Cycle 324Certificate Revocation List 327OCSP 327PKI Steps 327Cross-Certification 328Key Management Practices 328Message Integrity 332Hashing 333Message Authentication Code 337Salting 339Digital Signatures and Non-repudiation 339DSS 340Non-repudiation 340Applied Cryptography 340Link Encryption Versus End-to-End Encryption 340Email Security 340Internet Security 341Cryptanalytic Attacks 341Ciphertext-Only Attack 342Known Plaintext Attack 342Chosen Plaintext Attack 342Chosen Ciphertext Attack 342Social Engineering 342Brute Force 343Differential Cryptanalysis 343Linear Cryptanalysis 343Algebraic Attack 343Frequency Analysis 343Birthday Attack 344Dictionary Attack 344Replay Attack 344Analytic Attack 344Statistical Attack 344Factoring Attack 344Reverse Engineering 344Meet-in-the-Middle Attack 345Ransomware Attack 345Side-Channel Attack 345Implementation Attack 345Fault Injection 345Timing Attack 346Pass-the-Hash Attack 346Digital Rights Management 346Document DRM 347Music DRM 347Movie DRM 347Video Game DRM 348E-book DRM 348Site and Facility Design 348Layered Defense Model 348CPTED 348Physical Security Plan 350Facility Selection Issues 351Site and Facility Security Controls 353Doors 353Locks 355Biometrics 356Type of Glass Used for Entrances 356Visitor Control 357Wiring Closets/Intermediate Distribution Facilities 357Restricted and Work Areas 357Environmental Security and Issues 358Equipment Physical Security 362Review All Key Topics 364Complete the Tables and Lists from Memory 366Define Key Terms 366Answers and Explanations 372Chapter 4 Communication and Network Security 377Secure Network Design Principles 378OSI Model 378TCP/IP Model 383IP Networking 389Common TCP/UDP Ports 389Logical and Physical Addressing 391IPv4 392Network Transmission 399IPv6 403Network Types 416Protocols and Services 421ARP/RARP 422DHCP/BOOTP 423DNS 424FTP, FTPS, SFTP, and TFTP 424HTTP, HTTPS, and S-HTTP 425ICMP 425IGMP 426IMAP 426LDAP 426LDP 426NAT 426NetBIOS 426NFS 427PAT 427POP 427CIFS/SMB 427SMTP 427SNMP 427SSL/TLS 428Multilayer Protocols 428Converged Protocols 429FCoE 429MPLS 430VoIP 431iSCSI 431Wireless Networks 431FHSS, DSSS, OFDM, VOFDM, FDMA, TDMA, CDMA, OFDMA, and GSM 432WLAN Structure 435WLAN Standards 436WLAN Security 439Communications Cryptography 445Link Encryption 445End-to-End Encryption 446Email Security 446Internet Security 448Secure Network Components 450Hardware 450Transmission Media 471Network Access Control Devices 491Endpoint Security 493Content-Distribution Networks 494Secure Communication Channels 495Voice 495Multimedia Collaboration 495Remote Access 497Data Communications 507Virtualized Networks 507Network Attacks 509Cabling 509Network Component Attacks 510ICMP Attacks 512DNS Attacks 514Email Attacks 516Wireless Attacks 518Remote Attacks 519Other Attacks 519Review All Key Topics 521Define Key Terms 522Answers and Explanations 529Chapter 5 Identity and Access Management (IAM) 535Access Control Process 536Identify Resources 536Identify Users 536Identify the Relationships Between Resources and Users 537Physical and Logical Access to Assets 537Access Control Administration 538Information 539Systems 539Devices 540Facilities 540Applications 541Identification and Authentication Concepts 541NIST SP 800-63 542Five Factors for Authentication 546Single-Factor Versus Multifactor Authentication 557Device Authentication 557Identification and Authentication Implementation 558Separation of Duties 558Least Privilege/Need-to-Know 559Default to No Access 560Directory Services 560Single Sign-on 561Session Management 566Registration, Proof, and Establishment of Identity 566Credential Management Systems 567Remote Authentication Dial-In User Service (RADIUS)/Terminal Access Controller Access Control System Plus (TACACS+) 568Accountability 568Just-In-Time (JIT) 570Identity as a Service (IDaaS) Implementation 571Third-Party Identity Services Integration 571Authorization Mechanisms 572Permissions, Rights, and Privileges 572Access Control Models 572Access Control Policies 580Provisioning Life Cycle 580Provisioning 581User, System, and Service Account Access Review 582Account Transfers 582Account Revocation 583Role Definition 583Privilege Escalation 583Access Control Threats 584Password Threats 585Social Engineering Threats 586DoS/DDoS 588Buffer Overflow 588Mobile Code 588Malicious Software 589Spoofing 589Sniffing and Eavesdropping 589Emanating 590Backdoor/Trapdoor 590Access Aggregation 590Advanced Persistent Threat 591Prevent or Mitigate Access Control Threats 591Review All Key Topics 592Define Key Terms 593Answers and Explanations 596Chapter 6 Security Assessment and Testing 601Design and Validate Assessment and Testing Strategies 602Security Testing 602Security Assessments 603Red Team versus Blue Team 603Security Auditing 604Internal, External, and Third-party Security Assessment, Testing, and Auditing 604Conduct Security Control Testing 605Vulnerability Assessment 605Penetration Testing 609Log Reviews 611Synthetic Transactions 616Code Review and Testing 616Misuse Case Testing 619Test Coverage Analysis 619Interface Testing 620Collect Security Process Data 620NIST SP 800-137 620Account Management 621Management Review and Approval 622Key Performance and Risk Indicators 622Backup Verification Data 623Training and Awareness 623Disaster Recovery and Business Continuity 624Analyze Test Outputs and Generate a Report 624Conduct or Facilitate Security Audits 624Review All Key Topics 626Define Key Terms 627Answers and Explanations 630Chapter 7 Security Operations 637Investigations 638Forensic and Digital Investigations 638Evidence Collection and Handling 646Digital Forensic Tools, Tactics, and Procedures 651Logging and Monitoring Activities 654Audit and Review 654Log Types 655Intrusion Detection and Prevention 656Security Information and Event Management (SIEM) 656Continuous Monitoring 657Egress Monitoring 657Log Management 658Threat Intelligence 658User and Entity Behavior Analytics (UEBA) 659Configuration and Change Management 659Resource Provisioning 661Baselining 664Automation 664Security Operations Concepts 664Need to Know/Least Privilege 664Managing Accounts, Groups, and Roles 665Separation of Duties and Responsibilities 666Privilege Account Management 666Job Rotation and Mandatory Vacation 666Two-Person Control 667Sensitive Information Procedures 667Record Retention 667Information Life Cycle 668Service-Level Agreements 668Resource Protection 669Protecting Tangible and Intangible Assets 669Asset Management 671Incident Management 680Event Versus Incident 680Incident Response Team and Incident Investigations 681Rules of Engagement, Authorization, and Scope 681Incident Response Procedures 682Incident Response Management 682Detect 683Respond 683Mitigate 683Report 684Recover 684Remediate 684Review and Lessons Learned 684Detective and Preventive Measures 684IDS/IPS 685Firewalls 685Whitelisting/Blacklisting 685Third-Party Security Services 686Sandboxing 686Honeypots/Honeynets 686Anti-malware/Antivirus 686Clipping Levels 686Deviations from Standards 687Unusual or Unexplained Events 687Unscheduled Reboots 687Unauthorized Disclosure 687Trusted Recovery 688Trusted Paths 688Input/Output Controls 688System Hardening 688Vulnerability Management Systems 689Machine Learning and Artificial Intelligence (AI)-Based Tools 689Patch and Vulnerability Management 689Recovery Strategies 690Create Recovery Strategies 691Backup Storage Strategies 699Recovery and Multiple Site Strategies 700Redundant Systems, Facilities, and Power 703Fault-Tolerance Technologies 704Insurance 704Data Backup 705Fire Detection and Suppression 705High Availability 705Quality of Service 706System Resilience 706Disaster Recovery 706Response 707Personnel 707Communications 709Assessment 710Restoration 710Training and Awareness 710Lessons Learned 710Testing Disaster Recovery Plans 711Read-Through Test 711Checklist Test 712Table-Top Exercise 712Structured Walk-Through Test 712Simulation Test 712Parallel Test 712Full-Interruption Test 712Functional Drill 713Evacuation Drill 713Business Continuity Planning and Exercises 713Physical Security 713Perimeter Security Controls 713Building and Internal Security Controls 719Personnel Safety and Security 719Duress 720Travel 720Monitoring 720Emergency Management 721Security Training and Awareness 721Review All Key Topics 722Define Key Terms 723Answers and Explanations 727Chapter 8 Software Development Security 733Software Development Concepts 734Machine Languages 734Assembly Languages and Assemblers 734High-Level Languages, Compilers, and Interpreters 734Object-Oriented Programming 735Distributed Object-Oriented Systems 737Mobile Code 739Security in the System and Software Development Life Cycle 743System Development Life Cycle 743Software Development Life Cycle 746DevSecOps 750Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) 750Security Orchestration and Automated Response (SOAR) 751Software Development Methods and Maturity Models 751Operation and Maintenance 762Integrated Product Team 763Security Controls in Development 764Software Development Security Best Practices 764Software Environment Security 765Source Code Analysis Tools 766Code Repository Security 766Software Threats 766Software Protection Mechanisms 772Assess Software Security Effectiveness 774Auditing and Logging 774Risk Analysis and Mitigation 774Regression and Acceptance Testing 775Security Impact of Acquired Software 775Secure Coding Guidelines and Standards 776Security Weaknesses and Vulnerabilities at the Source Code Level 776Security of Application Programming Interfaces 780Secure Coding Practices 780Review All Key Topics 782Define Key Terms 782Answers and Explanations 786Chapter 9 Final Preparation 791Tools for Final Preparation 791Pearson Test Prep Practice Test Engine and Questions on the Website 791Customizing Your Exams 793Updating Your Exams 794Memory Tables 795Chapter-Ending Review Tools 795Suggested Plan for Final Review/Study 795Summary 796Online ElementsAppendix A Memory TablesAppendix B Memory Tables Answer KeyGlossary 9780137507474 TOC 9/19/2022