Atnaujinkite slapukų nuostatas

CISSP All-in-One Exam Guide, Seventh Edition 7th edition [Knyga]

4.10/5 (970 ratings by Goodreads)
,
  • Formatas: Book, 1456 pages, aukštis x plotis x storis: 239x216x58 mm, weight: 2218 g, 200 Illustrations
  • Serija: All-in-One
  • Išleidimo metai: 16-Jul-2016
  • Leidėjas: McGraw-Hill Professional
  • ISBN-10: 0071849270
  • ISBN-13: 9780071849272
Kitos knygos pagal šią temą:
CISSP All-in-One Exam Guide, Seventh Edition 7th editionDidesnis paveikslėlis
  • Formatas: Book, 1456 pages, aukštis x plotis x storis: 239x216x58 mm, weight: 2218 g, 200 Illustrations
  • Serija: All-in-One
  • Išleidimo metai: 16-Jul-2016
  • Leidėjas: McGraw-Hill Professional
  • ISBN-10: 0071849270
  • ISBN-13: 9780071849272
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9780071849272.html
Raktažodžiai:
A fully revised edition of the #1 CISSP training resource

Thoroughly updated for the latest release of the Certified Information Systems Security Professional exam, this comprehensive resource covers all exam domains, as well as the new 2015 CISSP Common Body of Knowledge developed by the International Information Systems Security Certification Consortium (ISC)2®. CISSP All-in-One Exam Guide, Seventh Edition features learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. Written by leading experts in IT security certification and training, this completely up-to-date self-study system helps you pass the exam with ease and also serves as an essential on-the-job reference.

Covers all 8 CISSP domains:





Security and risk managementAsset securitySecurity engineeringCommunication and network securityIdentity and access managementSecurity assessment and testingSecurity operationsSoftware development security

Electronic content includes:





1400+ practice questions, including new hot spot and drag-and-drop questionsComplete PDF copy of the book





ABOUT THE AUTHORS:

Shon Harris, CISSP, was the founder and CEO of Logical Security LLC, an information security consultant, a former engineer in the Air Forces Information Warfare unit, an instructor, and an author. She authored several international bestselling books on information security which have sold over a million copies and have been translated into six languages.

Fernando Maymķ, Ph.D., CISSP, is a security practitioner with over 25 years experience in the field. He is the author of over a dozen publications and holds three patents. His awards include the U.S. Department of the Army Research and Development Achivement Award and he was recognized as a HENAAC Luminary.
In Memory of Shon Harris xxi
Foreword xxiii
Acknowledgments xxv
From the Author xxvii
Why Become a CISSP? xxix
Chapter 1 Security and Risk Management 1(188)
Fundamental Principles of Security
3(3)
Availability
3(1)
Integrity
4(1)
Confidentiality
5(1)
Balanced Security
5(1)
Security Definitions
6(2)
Control Types
8(5)
Security Frameworks
13(32)
ISO/IEC 27000 Series
16(3)
Enterprise Architecture Development
19(14)
Security Controls Development
33(4)
Process Management Development
37(8)
Functionality vs. Security
45(1)
The Crux of Computer Crime Laws
45(3)
Complexities in Cybercrime
48(14)
Electronic Assets
49(1)
The Evolution of Attacks
50(4)
International Issues
54(4)
Types of Legal Systems
58(4)
Intellectual Property Laws
62(8)
Trade Secret
63(1)
Copyright
64(1)
Trademark
65(1)
Patent
65(2)
Internal Protection of Intellectual Property
67(1)
Software Piracy
68(2)
Privacy
70(14)
The Increasing Need for Privacy Laws
72(1)
Laws, Directives, and Regulations
73(8)
Employee Privacy Issues
81(3)
Data Breaches
84(2)
U.S. Laws Pertaining to Data Breaches
84(1)
Other Nations' Laws Pertaining to Data Breaches
85(1)
Policies, Standards, Baselines, Guidelines, and Procedures
86(8)
Security Policy
87(3)
Standards
90(1)
Baselines
91(1)
Guidelines
92(1)
Procedures
93(1)
Implementation
93(1)
Risk Management
94(4)
Holistic Risk Management
95(1)
Information Systems Risk Management Policy
95(1)
The Risk Management Team
96(1)
The Risk Management Process
97(1)
Threat Modeling
98(4)
Vulnerabilities
98(2)
Threats
100(1)
Attacks
100(1)
Reduction Analysis
101(1)
Risk Assessment and Analysis
102(24)
Risk Analysis Team
103(1)
The Value of Information and Assets
104(1)
Costs That Make Up the Value
105(1)
Identifying Vulnerabilities and Threats
106(1)
Methodologies for Risk Assessment
107(5)
Risk Analysis Approaches
112(4)
Qualitative Risk Analysis
116(3)
Protection Mechanisms
119(4)
Putting It Together
123(1)
Total Risk vs. Residual Risk
123(1)
Handling Risk
124(2)
Outsourcing
126(1)
Risk Management Frameworks
126(4)
Categorize Information System
128(1)
Select Security Controls
128(1)
Implement Security Controls
129(1)
Assess Security Controls
129(1)
Authorize Information System
130(1)
Monitor Security Controls
130(1)
Business Continuity and Disaster Recovery
130(24)
Standards and Best Practices
133(3)
Making BCM Part of the Enterprise Security Program
136(3)
BCP Project Components
139(15)
Personnel Security
154(3)
Hiring Practices
155(2)
Termination
157(1)
Security-Awareness Training
157(2)
Degree or Certification?
159(1)
Security Governance
159(9)
Metrics
160(5)
Ethics
165(1)
The Computer Ethics Institute
166(1)
The Internet Architecture Board
166(2)
Corporate Ethics Programs
168(1)
Summary
168(2)
Quick Tips
170(19)
Questions
175(9)
Answers
184(5)
Chapter 2 Asset Security 189(58)
Information Life Cycle
190(3)
Acquisition
190(1)
Use
191(1)
Archival
191(1)
Disposal
192(1)
Information Classification
193(6)
Classifications Levels
194(3)
Classification Controls
197(2)
Layers of Responsibility
199(7)
Executive Management
199(4)
Data Owner
203(1)
Data Custodian
204(1)
System Owner
204(1)
Security Administrator
205(1)
Supervisor
205(1)
Change Control Analyst
205(1)
Data Analyst
205(1)
User
206(1)
Auditor
206(1)
Why So Many Roles?
206(1)
Retention Policies
206(4)
Developing a Retention Policy
207(3)
Protecting Privacy
210(5)
Data Owners
210(1)
Data Processers
211(1)
Data Remanence
211(3)
Limits on Collection
214(1)
Protecting Assets
215(10)
Data Security Controls
216(3)
Media Controls
219(6)
Data Leakage
225(9)
Data Leak Prevention
226(8)
Protecting Other Assets
234(2)
Protecting Mobile Devices
234(1)
Paper Records
235(1)
Safes
236(1)
Summary
236(1)
Quick Tips
237(10)
Questions
239(4)
Answers
243(4)
Chapter 3 Security Engineering 247(230)
System Architecture
248(4)
Computer Architecture
252(19)
The Central Processing Unit
252(5)
Multiprocessing
257(1)
Memory Types
258(13)
Operating Systems
271(30)
Process Management
271(9)
Memory Management
280(5)
Input/Output Device Management
285(2)
CPU Architecture Integration
287(4)
Operating System Architectures
291(7)
Virtual Machines
298(3)
System Security Architecture
301(6)
Security Policy
301(1)
Security Architecture Requirements
302(5)
Security Models
307(6)
Bell-LaPadula Model
307(1)
Biba Model
308(1)
Clark-Wilson Model
309(1)
Noninterference Model
310(1)
Brewer and Nash Model
311(1)
Graham-Denning Model
311(1)
Harrison-Ruzzo-Ullman Model
312(1)
Systems Evaluation
313(5)
Common Criteria
313(4)
Why Put a Product Through Evaluation?
317(1)
Certification vs. Accreditation
318(2)
Certification
318(1)
Accreditation
319(1)
Open vs. Closed Systems
320(1)
Open Systems
320(1)
Closed Systems
320(1)
Distributed System Security
321(11)
Cloud Computing
322(1)
Parallel Computing
323(1)
Databases
324(2)
Web Applications
326(1)
Mobile Devices
327(1)
Cyber-Physical Systems
328(4)
A Few Threats to Review
332(3)
Maintenance Hooks
333(1)
Time-of-Check/Time-of-Use Attacks
333(2)
Cryptography in Context
335(5)
The History of Cryptography
335(5)
Cryptography Definitions and Concepts
340(10)
Kerckhoffs' Principle
342(1)
The Strength of the Cryptosystem
343(1)
Services of Cryptosystems
344(1)
One-Time Pad
345(2)
Running and Concealment Ciphers
347(1)
Steganography
348(2)
Types of Ciphers
350(3)
Substitution Ciphers
351(1)
Transposition Ciphers
351(2)
Methods of Encryption
353(16)
Symmetric vs. Asymmetric Algorithms
353(1)
Symmetric Cryptography
354(5)
Block and Stream Ciphers
359(5)
Hybrid Encryption Methods
364(5)
Types of Symmetric Systems
369(11)
Data Encryption Standard
370(7)
Triple-DES
377(1)
Advanced Encryption Standard
378(1)
International Data Encryption Algorithm
378(1)
Blowfish
379(1)
RC4
379(1)
RC5
379(1)
RC6
379(1)
Types of Asymmetric Systems
380(8)
Diffie-Hellman Algorithm
380(3)
RSA
383(3)
El Gamal
386(1)
Elliptic Curve Cryptosystems
386(1)
Knapsack
387(1)
Zero Knowledge Proof
387(1)
Message Integrity
388(11)
The One-Way Hash
388(5)
Various Hashing Algorithms
393(1)
MD4
394(1)
MD5
394(1)
SHA
395(1)
Attacks Against One-Way Hash Functions
395(1)
Digital Signatures
396(2)
Digital Signature Standard
398(1)
Public Key Infrastructure
399(5)
Certificate Authorities
399(3)
Certificates
402(1)
The Registration Authority
402(1)
PKI Steps
403(1)
Key Management
404(3)
Key Management Principles
406(1)
Rules for Keys and Key Management
407(1)
Trusted Platform Module
407(2)
TPM Uses
408(1)
Attacks on Cryptography
409(5)
Ciphertext-Only Attacks
410(1)
Known-Plaintext Attacks
410(1)
Chosen-Plaintext Attacks
410(1)
Chosen-Ciphertext Attacks
410(1)
Differential Cryptanalysis
411(1)
Linear Cryptanalysis
412(1)
Side-Channel Attacks
412(1)
Replay Attacks
413(1)
Algebraic Attacks
413(1)
Analytic Attacks
413(1)
Statistical Attacks
413(1)
Social Engineering Attacks
413(1)
Meet-in-the-Middle Attacks
414(1)
Site and Facility Security
414(1)
The Site Planning Process
415(24)
Crime Prevention Through Environmental Design
420(6)
Designing a Physical Security Program
426(13)
Protecting Assets
439(1)
Protecting Mobile Devices
439(1)
Using Safes
440(1)
Internal Support Systems
440(15)
Electric Power
441(5)
Environmental Issues
446(2)
Fire Prevention, Detection, and Suppression
448(7)
Summary
455(1)
Quick Tips
455(22)
Questions
461(10)
Answers
471(6)
Chapter 4 Communication and Network Security 477(244)
Telecommunications
479(1)
Open Systems Interconnection Reference Model
479(18)
Protocol
480(3)
Application Layer
483(1)
Presentation Layer
484(1)
Session Layer
485(2)
Transport Layer
487(2)
Network Layer
489(1)
Data Link Layer
490(1)
Physical Layer
491(1)
Functions and Protocols in the OSI Model
492(2)
Tying the Layers Together
494(1)
Multilayer Protocols
495(2)
TCP/IP Model
497(15)
TCP
498(5)
IP Addressing
503(3)
IPv6
506(3)
Layer 2 Security Standards
509(2)
Converged Protocols
511(1)
Types of Transmission
512(5)
Analog and Digital
512(2)
Asynchronous and Synchronous
514(2)
Broadband and Baseband
516(1)
Cabling
517(5)
Coaxial Cable
517(1)
Twisted-Pair Cable
518(1)
Fiber-Optic Cable
519(1)
Cabling Problems
520(2)
Networking Foundations
522(45)
Network Topology
523(3)
Media Access Technologies
526(10)
Transmission Methods
536(2)
Network Protocols and Services
538(9)
Domain Name Service
547(8)
E-mail Services
555(5)
Network Address Translation
560(2)
Routing Protocols
562(5)
Networking Devices
567(45)
Repeaters
567(1)
Bridges
567(3)
Routers
570(1)
Switches
571(5)
Gateways
576(1)
PBXs
577(4)
Firewalls
581(24)
Proxy Servers
605(2)
Honeypot
607(1)
Unified Threat Management
607(1)
Content Distribution Networks
608(1)
Software Defined Networking
609(3)
Intranets and Extranets
612(2)
Metropolitan Area Networks
614(3)
Metro Ethernet
615(2)
Wide Area Networks
617(27)
Telecommunications Evolution
617(3)
Dedicated Links
620(4)
WAN Technologies
624(20)
Remote Connectivity
644(16)
Dial-up Connections
644(1)
ISDN
645(2)
DSL
647(1)
Cable Modems
648(1)
VPN
649(8)
Authentication Protocols
657(2)
Wireless Networks
659(1)
Wireless Communications Techniques
660(25)
WLAN Components
664(1)
Evolution of WLAN Security
665(7)
Wireless Standards
672(5)
Best Practices for Securing WLANs
677(1)
Satellites
678(1)
Mobile Wireless Communication
678(7)
Network Encryption
685(11)
Link Encryption vs. End-to-End Encryption
685(2)
E-mail Encryption Standards
687(3)
Internet Security
690(6)
Network Attacks
696(4)
Denial of Service
696(2)
Sniffing
698(1)
DNS Hijacking
699(1)
Drive-by Download
700(1)
Summary
700(1)
Quick Tips
701(20)
Questions
706(9)
Answers
715(6)
Chapter 5 Identity and Access Management 721(138)
Security Principles
723(1)
Availability
723(1)
Integrity
723(1)
Confidentiality
724(1)
Identification, Authentication, Authorization, and Accountability
724(63)
Identification and Authentication
727(12)
Authentication
739(23)
Authorization
762(14)
Federation
776(9)
Identity as a Service
785(1)
Integrating Identity Services
786(1)
Access Control Models
787(9)
Discretionary Access Control
787(2)
Mandatory Access Control
789(2)
Role-Based Access Control
791(3)
Rule-Based Access Control
794(2)
Access Control Techniques and Technologies
796(3)
Constrained User Interfaces
796(1)
Access Control Matrix
797(1)
Content-Dependent Access Control
798(1)
Context-Dependent Access Control
799(1)
Access Control Administration
799(8)
Centralized Access Control Administration
800(7)
Decentralized Access Control Administration
807(1)
Access Control Methods
807(7)
Access Control Layers
808(1)
Administrative Controls
809(1)
Physical Controls
810(1)
Technical Controls
811(3)
Accountability
814(5)
Review of Audit Information
816(2)
Protecting Audit Data and Log Information
818(1)
Keystroke Monitoring
818(1)
Access Control Practices
819(3)
Unauthorized Disclosure of Information
819(3)
Access Control Monitoring
822(12)
Intrusion Detection Systems
822(8)
Intrusion Prevention Systems
830(4)
Threats to Access Control
834(6)
Dictionary Attack
835(1)
Brute-Force Attacks
835(1)
Spoofing at Logon
836(1)
Phishing and Pharming
836(4)
Summary
840(1)
Quick Tips
840(19)
Questions
845(9)
Answers
854(5)
Chapter 6 Security Assessment and Testing 859(64)
Audit Strategies
860(5)
Internal Audits
862(1)
Third-Party Audits
863(2)
Auditing Technical Controls
865(21)
Vulnerability Testing
866(3)
Penetration Testing
869(5)
War Dialing
874(1)
Other Vulnerability Types
875(1)
Postmortem
876(2)
Log Reviews
878(3)
Synthetic Transactions
881(1)
Misuse Case Testing
882(2)
Code Reviews
884(2)
Interface Testing
886(1)
Auditing Administrative Controls
886(19)
Account Management
886(3)
Backup Verification
889(3)
Disaster Recovery and Business Continuity
892(7)
Security Training and Security Awareness Training
899(4)
Key Performance and Risk Indicators
903(2)
Reporting
905(3)
Technical Reporting
906(1)
Executive Summaries
907(1)
Management Review
908(3)
Before the Management Review
909(1)
Reviewing Inputs
909(2)
Management Actions
911(1)
Summary
911(1)
Quick Tips
911(12)
Questions
914(5)
Answers
919(4)
Chapter 7 Security Operations 923(154)
The Role of the Operations Department
924(1)
Administrative Management
925(5)
Security and Network Personnel
928(1)
Accountability
929(1)
Clipping Levels
930(1)
Assurance Levels
930(1)
Operational Responsibilities
931(2)
Unusual or Unexplained Occurrences
931(1)
Deviations from Standards
932(1)
Unscheduled Initial Program Loads (aka Rebooting)
932(1)
Configuration Management
933(7)
Trusted Recovery
933(3)
Input and Output Controls
936(1)
System Hardening
937(2)
Remote Access Security
939(1)
Physical Security
940(24)
Facility Access Control
941(8)
Personnel Access Controls
949(1)
External Boundary Protection Mechanisms
950(10)
Intrusion Detection Systems
960(2)
Patrol Force and Guards
962(1)
Dogs
963(1)
Auditing Physical Access
963(1)
Secure Resource Provisioning
964(6)
Asset Inventory
964(2)
Configuration Management
966(3)
Provisioning Cloud Assets
969(1)
Network and Resource Availability
970(14)
Mean Time Between Failures
971(1)
Mean Time to Repair
972(1)
Single Points of Failure
973(8)
Backups
981(2)
Contingency Planning
983(1)
Preventative Measures
984(9)
Firewalls
985(1)
Intrusion Detection and Prevention Systems
986(2)
Antimalware
988(1)
Patch Management
988(3)
Honeypots
991(2)
The Incident Management Process
993(9)
Detection
998(1)
Response
998(1)
Mitigation
999(1)
Reporting
1000(1)
Recovery
1001(1)
Remediation
1001(1)
Disaster Recovery
1002(28)
Business Process Recovery
1006(1)
Facility Recovery
1006(7)
Supply and Technology Recovery
1013(5)
Choosing a Software Backup Facility
1018(3)
End-User Environment
1021(1)
Data Backup Alternatives
1021(4)
Electronic Backup Solutions
1025(3)
High Availability
1028(2)
Insurance
1030(1)
Recovery and Restoration
1031(7)
Developing Goals for the Plans
1034(2)
Implementing Strategies
1036(2)
Investigations
1038(15)
Computer Forensics and Proper Collection of Evidence
1039(2)
Motive, Opportunity, and Means
1041(1)
Computer Criminal Behavior
1042(1)
Incident Investigators
1042(1)
The Forensic Investigation Process
1043(6)
What Is Admissible in Court?
1049(2)
Surveillance, Search, and Seizure
1051(1)
Interviewing Suspects
1052(1)
Liability and Its Ramifications
1053(7)
Liability Scenarios
1056(2)
Third-Party Risk
1058(1)
Contractual Agreements
1058(1)
Procurement and Vendor Processes
1059(1)
Compliance
1060(3)
Personal Safety Concerns
1063(1)
Summary
1064(1)
Quick Tips
1064(13)
Questions
1067(5)
Answers
1072(5)
Chapter 8 Software Development Security 1077(136)
Building Good Code
1077(1)
Where Do We Place Security?
1078(6)
Different Environments Demand Different Security
1080(1)
Environment vs. Application
1081(1)
Functionality vs. Security
1082(1)
Implementation and Default Issues
1082(2)
Software Development Life Cycle
1084(13)
Project Management
1084(1)
Requirements Gathering Phase
1085(1)
Design Phase
1086(3)
Development Phase
1089(4)
Testing/Validation Phase
1093(2)
Release/Maintenance Phase
1095(2)
Secure Software Development Best Practices
1097(1)
Software Development Models
1098(11)
Build and Fix Model
1099(1)
Waterfall Model
1099(1)
V-Shaped Model (V-Model)
1100(1)
Prototyping
1101(1)
Incremental Model
1101(1)
Spiral Model
1102(2)
Rapid Application Development
1104(1)
Agile Models
1105(4)
Integrated Product Team
1109(2)
DevOps
1109(2)
Capability Maturity Model Integration
1111(2)
Change Control
1113(3)
Software Configuration Management
1114(2)
Security of Code Repositories
1116(1)
Programming Languages and Concepts
1116(16)
Assemblers, Compilers, Interpreters
1119(2)
Object-Oriented Concepts
1121(8)
Other Software Development Concepts
1129(2)
Application Programming Interfaces
1131(1)
Distributed Computing
1132(10)
Distributed Computing Environment
1132(2)
CORBA and ORBS
1134(2)
COM and DCOM
1136(2)
Java Platform, Enterprise Edition
1138(1)
Service-Oriented Architecture
1138(4)
Mobile Code
1142(4)
Java Applets
1142(2)
ActiveX Controls
1144(2)
Web Security
1146(9)
Specific Threats for Web Environments
1146(8)
Web Application Security Principles
1154(1)
Database Management
1155(23)
Database Management Software
1155(2)
Database Models
1157(4)
Database Programming Interfaces
1161(3)
Relational Database Components
1164(2)
Integrity
1166(3)
Database Security Issues
1169(5)
Data Warehousing and Data Mining
1174(4)
Malicious Software (Malware)
1178(15)
Viruses
1179(3)
Worms
1182(1)
Rootkit
1182(2)
Spyware and Adware
1184(1)
Botnets
1184(2)
Logic Bombs
1186(1)
Trojan Horses
1186(1)
Antimalware Software
1187(3)
Spam Detection
1190(2)
Antimalware Programs
1192(1)
Assessing the Security of Acquired Software
1193(1)
Summary
1194(1)
Quick Tips
1194(19)
Questions
1199(8)
Answers
1207(6)
Appendix A Comprehensive Questions 1213(56)
Answers
1249(20)
Appendix B About the CD-ROM 1269(1)
System Requirements 1269(4)
Total Tester Premium Practice Exam Software
1269(1)
Installing and Running Total Tester
Premium Practice Exam Software
1270(1)
Hotspot and Drag-and-Drop Questions
1270(1)
PDF Copy of the Book
1270(1)
Technical Support
1271(1)
Total Seminars Technical Support
1271(1)
McGraw-Hill Education Content Support
1271(2)
Glossary 1273(18)
Index 1291
Shon Harris is the founder and CEO of Logical Security LLC, an information security consultant, a former engineer in the Air Forces Information Warfare unit, an instructor and an author. She has authored several international bestselling books on information security published by McGraw-Hill and Pearson which has sold over a million copies and have been translated into six languages. Ms. Harris authors academic textbooks, security articles for publication and is a technical editor for Information Security Magazine. Ms. Harris has consulted for a large number of organizations in every business sector (financial, medical, retail, entertainment, utility) and several U.S. government agencies over the last 18 years. Ms. Harris provides high-end, advanced and specialized consulting for organizations globally. She also works directly with law firms as a technical and expert witness on cases that range from patent infringement, criminal investigations, civil lawsuits and she specializes in cryptographic technologies. Ms. Harris has taught information security to a wide range of clients over the last 18 years, some of which have included; West Point, Microsoft, DHS, DoD, DoE, NSA, FBI, NASA, CDC, PWC, DISA, RSA, Visa, Intel, Cisco, Oracle, HP, Boeing, Northrop Grumman, Shell, Verizon, Citi, BoA, HSBC, Morgan Stanley, Symantec, Warner Brothers, Bridgestone, American Express, etc. Ms. Harris was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.