All-In-One CISSP Exam Guide, 4e

DESCRIPTION

Synopsis

Prepare to pass the CISSP certification exam

Get complete coverage of all the material?including the latest revisions?included on the Certified Information Systems Security Professional (CISSP) exam inside this comprehensive, up-to-date resource. With full treatment of all the exam topics, as developed by the International Information Systems Security Certification Consortium (ISC)2, this definitive, dual-purpose tool contains learning objectives at the beginning of each chapter, helpful exam tips, sample questions, and real-world scenarios. Authoritative and detailed, this volume serves as both a complete certification study guide and an indispensable on-the-job reference.

Get complete details on all ten subject areas covered on the exam:

Access control systems and methodology
Applications and systems development
Business continuity planning
Cryptography
Law, investigation, and ethics
Operations security
Physical security
Security architecture and models
Security management practices
Telecommunications and networking
Included on the CD-ROM

Simulated exam with 850+ practice questions and answers
Live cryptography video training by Shon Harris

More Reviews and Recommendations
Biography

Shon Harris, CISSP, MCSE, is the president of Logical Security, an IT security consulting and training company. She is the bestselling author of the previous three editions of this book.
Table of Contents
Foreword xxv
Acknowledgments xxvii
Introduction xxix
Chapter 1 Reasons to Become a CISSP 1
Why Become a CISSP? 1
The CISSP Exam 2
CISSP: A Brief History 6
How Do You Become a CISSP? 7
Recertification Requirements 7
What Does this Book Cover? 8
Tips for Taking the CISSP Exam 9
How to Use this Book 10
Chapter 2 Security Trends 17
Security Trends 17
Areas of Security 20
Information Warfare 21
Hacking and Attacking 28
Management 30
Internet and Web Activities 31
A Layered Approach 39
An Architectural View 40
Politics and Laws 44
Education 46
Summary 46
Chapter 3 Security Management Practices 49
Security Management 49
Security Management Responsibilities 50
Security Administration and Supporting Controls 51
Fundamental Principles of Security 53
Security Definitions 56
The Top-Down Approach 58
Organizational Security Model 59
Business Requirements: Private Industry versus Military Organizations 61
Risk Management 61
Risk Analysis 62
Policies, Procedures, Standards, Baselines, and Guidelines 79
Information Classification 85
Layers of Responsibility 89
Hiring Practices 92
Security Awareness 94
Summary 95
Quick Tips 96
Chapter 4 Access Control 107
Access Control 107
Security Principles 108
Identification, Authentication, Authorization, and Accountability 110
Access Control Models 135
Access Control Techniques and Technologies 140
Access Control Administration 143
Access Control Methods 147
Access Control Types 156
Access Control Practices 165
Access Control Monitoring 168
A Few Threats to Access Control 172
Summary 176
Quick Tips 176
Chapter 5 Security Models and Architecture 185
Security Models and Architecture 186
Computer Architecture 187
System Architecture 200
Security Models 210
Security Modes of Operation 220
Systems Evaluation Methods 222
The Orange Book 222
Rainbow Series 227
Information Technology Security Evaluation Criteria 229
Common Criteria 231
Certification versus Accreditation 234
Open versus Closed Systems 236
A Few Threats to Security Models and Architectures 236
Summary 240
Quick Tips 241
Chapter 6 Physical Security 253
Physical Security 253
Planning Process 255
Facilities Management 255
Physical Security Risks 264
Physical Security Component Selection Process 265
Environmental Issues 273
Administrative Controls 284
Perimeter Security 286
Summary 298
Quick Tips 299
Chapter 7 Telecommunications and Networking Security 311
Telecommunications and Network Security 312
Open System Interconnect Model 313
Tying the Layers Together 324
TCP/IP 325
Types of Transmission 332
Networking 334
Network Topology 335
LAN Media Access Technologies 352
Protocols 355
Networking Devices 358
Network Segregation and Isolation 388
Networking Services 388
Intranets and Extranets 395
Metropolitan Area Network 397
Wide Area Network 398
Remote Access 416
Network and Resource Availability 429
Wireless Technologies 432
Summary 444
Quick Tips 444
Chapter 8 Cryptography 457
Cryptography 457
History of Cryptography 458
Cryptography Definitions 462
Strength of the Cryptosystem 464
Goals of Cryptosystems 465
Types of Ciphers 466
Steganography 469
The Government\'s Involvement with Cryptography 470
Methods of Encryption 474
Public Key Infrastructure (PKI) 496
Message Integrity 501
Key Management 511
Link versus End-to-End Encryption 514
E-mail Standards 517
Internet Security 521
Attacks 531
Summary 536
Quick Tips 536
Chapter 9 Business Continuity Planning 549
Business Continuity and Disaster Recovery 550
Make It Part of the Security Policy and Program 552
Business Impact Analysis 553
Business Continuity Planning Requirements 558
End-User Environment 567
Backup Alternatives 568
Choosing a Software Backup Facility 577
Recovery and Restoration 578
Testing and Drills 579
Emergency Response 582
Summary 584
Quick Tips 584
Chapter 10 Law, Investigation, and Ethics 595
The Many Facets of Cyberlaw 596
Ethics 596
Hackers and Crackers 601
Well-Known Computer Crimes 608
Identification, Protection, and Prosecution 612
Liability and Its Ramifications 614
Types of Laws 618
Discarding Equipment and Software Issues 624
Computer Crime Investigations 625
Import and Export Laws 636
Privacy 637
Laws, Directives, and Regulations 639
International Cooperation Efforts 644
Summary 645
Quick Tips 646
Chapter 11 Application and System Development 657
Software\'s Importance 657
Device versus Software Security 658
Different Environments Demand Different Security 660
Environment versus Application Controls 661
Complexity of Functionality 662
Data Types, Format, and Length 663
Implementation and Default Issues 663
Failure States 665
Database Management 665
System Development 682
Application Development Methodology 701
Summary 739
Quick Tips 740
Chapter 12 Operations Security 753
Operational Security 754
Electronic Mail Security 763
Summary 782
Quick Tips 783
Appendix A Security Policies 793
Types of Security Policies 793
Policy Samples 795
Writing Security Policies 797
Appendix B British Standard 7799 799
Section Overview 799
Appendix C Who\'s Who? 801
NSA 801
NIST 802
NCSC 803
ISO 803
ANSI 804
IEEE 804
Appendix D Gramm-Leach-Bliley Act 805
Security Program Components 806
Summary 807
Appendix E Various Networking Components 809
Ethernet 809
Appendix F Wireless Technologies 813
The New Wireless Standard 813
Appendix G HIPAA 823
Are You HIPAA Compliant? 823
Oh, How It\'s Changed 824
What Do I Have to Do? 824
How Do We Implement Our Changes? 827
What Is This All For? 828
HIPAA Regulation Expectations 829
HIPAA Security Requirements Matrix 837
IEEE Standards 860
Appendix H About the CD-ROM 863
Running the QuickTime Cryptography Video Sample 863
Installing Total Seminars\' Test Software 864
Glossary 867
Index 887