Atnaujinkite slapukų nuostatas

CISSP Boxed Set, Second Edition 2nd edition [Knyga]

4.08/5 (161 ratings by Goodreads)
  • Formatas: Book, 1488 pages, weight: 3320 g, 245 Illustrations
  • Serija: All-in-One
  • Išleidimo metai: 16-Mar-2013
  • Leidėjas: McGraw-Hill Professional
  • ISBN-10: 0071793089
  • ISBN-13: 9780071793087
Kitos knygos pagal šią temą:
CISSP Boxed Set, Second Edition 2nd editionDidesnis paveikslėlis
  • Formatas: Book, 1488 pages, weight: 3320 g, 245 Illustrations
  • Serija: All-in-One
  • Išleidimo metai: 16-Mar-2013
  • Leidėjas: McGraw-Hill Professional
  • ISBN-10: 0071793089
  • ISBN-13: 9780071793087
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9780071793087.html

A money-saving CISSP boxed set from the #1 name in IT security certification and training

CISSP Boxed Set, Second Edition provides you with a variety of self-study resources to use in preparation for the new CISSP exam. The set includes two books and two CDs. CISSP All-in-One Exam Guide, Sixth Edition offers a comprehensive and in-depth exam review and self-study system covering all ten CISSP domains. The book includes exam tips that highlight actual exam topics, technical discussion sidebars, and hands-on examples and exercises that support practical learning for real-world situations. The CD-ROM contains practice exam questions, a video training excerpt, and a PDF copy of the book. CISSP Practice Exams, Second Edition reinforces what is taught in the Exam Guide with review questions accompanied by in-depth answer explanations. More than 1000 additional review questions are hosted on the Logical Security website. The set also includes a bonus CD-ROM with additional practice exam plus audio and video training by Shon Harris.

CISSP Boxed Set, Second Edition features:

  • A significant discount on two books and two CD-ROMs
  • Total electronic content of 1500+ review questions and more than 30 hours of audio and video training featuring Shon Harris teaching and reviewing key CISSP concepts
  • Valuable on-the-job information for use after certification

Complete CISSP coverage:
Information Security and Risk Management; Access Control; Security Architecture and Design; Physical and Environmental Security; Telecommunications and Network Security; Cryptography; Business Continuity and Disaster Recovery; Legal, Regulations, Compliance, and Investigations; Application Security; Operations Security

Foreword xx
Acknowledgments xxiii
Chapter 1 Becoming a CISSP
1(20)
Why Become a CISSP?
1(1)
The CISSP Exam
2(4)
CISSP: A Brief History
6(1)
How Do You Sign Up for the Exam?
7(1)
What Does This Book Cover?
7(1)
Tips for Taking the CISSP Exam
8(1)
How to Use This Book
9(12)
Questions
10(9)
Answers
19(2)
Chapter 2 Information Security Governance and Risk Management
21(136)
Fundamental Principles of Security
22(4)
Availability
23(1)
Integrity
23(1)
Confidentiality
24(1)
Balanced Security
24(2)
Security Definitions
26(2)
Control Types
28(6)
Security Frameworks
34(35)
ISO/IEC 27000 Series
36(5)
Enterprise Architecture Development
41(14)
Security Controls Development
55(4)
COSO
59(1)
Process Management Development
60(8)
Functionality vs. Security
68(1)
Security Management
69(1)
Risk Management
70(4)
Who Really Understands Risk Management?
71(1)
Information Risk Management Policy
72(1)
The Risk Management Team
73(1)
Risk Assessment and Analysis
74(27)
Risk Analysis Team
75(1)
The Value of Information and Assets
76(1)
Costs That Make Up the Value
76(1)
Identifying Vulnerabilities and Threats
77(1)
Methodologies for Risk Assessment
78(7)
Risk Analysis Approaches
85(4)
Qualitative Risk Analysis
89(3)
Protection Mechanisms
92(4)
Putting It Together
96(1)
Total Risk vs. Residual Risk
96(1)
Handling Risk
97(3)
Outsourcing
100(1)
Policies, Standards, Baselines, Guidelines, and Procedures
101(8)
Security Policy
102(3)
Standards
105(1)
Baselines
106(1)
Guidelines
106(1)
Procedures
107(1)
Implementation
108(1)
Information Classification
109(5)
Classifications Levels
110(3)
Classification Controls
113(1)
Layers of Responsibility
114(6)
Board of Directors
115(1)
Executive Management
116(2)
Chief Information Officer
118(1)
Chief Privacy Officer
118(1)
Chief Security Officer
119(1)
Security Steering Committee
120(12)
Audit Committee
121(1)
Data Owner
121(1)
Data Custodian
122(1)
System Owner
122(1)
Security Administrator
122(1)
Security Analyst
123(1)
Application Owner
123(1)
Supervisor
123(1)
Change Control Analyst
124(1)
Data Analyst
124(1)
Process Owner
124(1)
Solution Provider
124(1)
User
125(1)
Product Line Manager
125(1)
Auditor
125(1)
Why So Many Roles?
126(1)
Personnel Security
126(2)
Hiring Practices
128(1)
Termination
129(1)
Security-Awareness Training
130(1)
Degree or Certification?
131(1)
Security Governance
132(5)
Metrics
132(5)
Summary
137(1)
Quick Tips
138(19)
Questions
141(9)
Answers
150(7)
Chapter 3 Access Control
157(140)
Access Controls Overview
157(1)
Security Principles
158(2)
Availability
159(1)
Integrity
159(1)
Confidentiality
160(1)
Identification, Authentication, Authorization, and Accountability
160(59)
Identification and Authentication
162(12)
Password Management
174(29)
Authorization
203(16)
Access Control Models
219(8)
Discretionary Access Control
220(1)
Mandatory Access Control
221(3)
Role-Based Access Control
224(3)
Access Control Techniques and Technologies
227(5)
Rule-Based Access Control
227(1)
Constrained User Interfaces
228(1)
Access Control Matrix
229(2)
Content-Dependent Access Control
231(1)
Context-Dependent Access Control
231(1)
Access Control Administration
232(9)
Centralized Access Control Administration
233(7)
Decentralized Access Control Administration
240(1)
Access Control Methods
241(7)
Access Control Layers
241(1)
Administrative Controls
242(1)
Physical Controls
243(2)
Technical Controls
245(3)
Accountability
248(4)
Review of Audit Information
250(1)
Protecting Audit Data and Log Information
251(1)
Keystroke Monitoring
251(1)
Access Control Practices
252(3)
Unauthorized Disclosure of Information
253(2)
Access Control Monitoring
255(13)
Intrusion Detection
255(10)
Intrusion Prevention Systems
265(3)
Threats to Access Control
268(9)
Dictionary Attack
269(1)
Brute Force Attacks
270(1)
Spoofing at Logon
270(1)
Phishing and Pharming
271(2)
Threat Modeling
273(4)
Summary
277(1)
Quick Tips
277(20)
Questions
282(9)
Answers
291(6)
Chapter 4 Security Architecture and Design
297(130)
Computer Security
298(2)
System Architecture
300(3)
Computer Architecture
303(44)
The Central Processing Unit
304(5)
Multiprocessing
309(3)
Operating System Components
312(13)
Memory Types
325(12)
Virtual Memory
337(3)
Input/Output Device Management
340(2)
CPU Architecture
342(5)
Operating System Architectures
347(10)
Virtual Machines
355(2)
System Security Architecture
357(8)
Security Policy
357(2)
Security Architecture Requirements
359(6)
Security Models
365(21)
State Machine Models
367(2)
Bell-LaPadula Model
369(3)
Biba Model
372(2)
Clark-Wilson Model
374(3)
Information Flow Model
377(3)
Noninterference Model
380(1)
Lattice Model
381(2)
Brewer and Nash Model
383(1)
Graham-Denning Model
384(1)
Harrison-Ruzzo-Ullman Model
385(1)
Security Modes of Operation
386(5)
Dedicated Security Mode
387(1)
System High-Security Mode
387(1)
Compartmented Security Mode
387(1)
Multilevel Security Mode
388(2)
Trust and Assurance
390(1)
Systems Evaluation Methods
391(6)
Why Put a Product Through Evaluation?
391(1)
The Orange Book
392(5)
The Orange Book and the Rainbow Series
397(2)
The Red Book
398(1)
Information Technology Security Evaluation Criteria
399(3)
Common Criteria
402(4)
Certification vs. Accreditation
406(2)
Certification
406(1)
Accreditation
406(2)
Open vs. Closed Systems
408(1)
Open Systems
408(1)
Closed Systems
408(1)
A Few Threats to Review
409(3)
Maintenance Hooks
409(1)
Time-of-Check/Time-of-Use Attacks
410(2)
Summary
412(1)
Quick Tips
413(14)
Questions
416(7)
Answers
423(4)
Chapter 5 Physical and Environmental Security
427(88)
Introduction to Physical Security
427(3)
The Planning Process
430(27)
Crime Prevention Through Environmental Design
435(7)
Designing a Physical Security Program
442(15)
Protecting Assets
457(1)
Internal Support Systems
458(17)
Electric Power
459(6)
Environmental Issues
465(2)
Ventilation
467(1)
Fire Prevention, Detection, and Suppression
467(8)
Perimeter Security
475(24)
Facility Access Control
476(7)
Personnel Access Controls
483(1)
External Boundary Protection Mechanisms
484(9)
Intrusion Detection Systems
493(4)
Patrol Force and Guards
497(1)
Dogs
497(1)
Auditing Physical Access
498(1)
Testing and Drills
498(1)
Summary
499(1)
Quick Tips
499(16)
Questions
502(7)
Answers
509(6)
Chapter 6 Telecommunications and Network Security
515(244)
Telecommunications
517(1)
Open Systems Interconnection Reference Model
517(17)
Protocol
518(3)
Application Layer
521(1)
Presentation Layer
522(1)
Session Layer
523(2)
Transport Layer
525(2)
Network Layer
527(1)
Data Link Layer
528(2)
Physical Layer
530(1)
Functions and Protocols in the OSI Model
530(2)
Tying the Layers Together
532(2)
TCP/IP Model
534(16)
TCP
535(6)
IP Addressing
541(3)
IPv6
544(3)
Layer 2 Security Standards
547(3)
Types of Transmission
550(6)
Analog and Digital
550(2)
Asynchronous and Synchronous
552(2)
Broadband and Baseband
554(2)
Cabling
556(6)
Coaxial Cable
557(1)
Twisted-Pair Cable
557(1)
Fiber-Optic Cable
558(2)
Cabling Problems
560(2)
Networking Foundations
562(50)
Network Topology
563(2)
Media Access Technologies
565(15)
Network Protocols and Services
580(10)
Domain Name Service
590(9)
E-mail Services
599(5)
Network Address Translation
604(4)
Routing Protocols
608(4)
Networking Devices
612(48)
Repeaters
612(1)
Bridges
613(2)
Routers
615(2)
Switches
617(4)
Gateways
621(3)
PBXs
624(4)
Firewalls
628(25)
Proxy Servers
653(2)
Honeypot
655(1)
Unified Threat Management
656(1)
Cloud Computing
657(3)
Intranets and Extranets
660(3)
Metropolitan Area Networks
663(2)
Wide Area Networks
665(30)
Telecommunications Evolution
666(3)
Dedicated Links
669(4)
WAN Technologies
673(22)
Remote Connectivity
695(17)
Dial-up Connections
695(2)
ISDN
697(1)
DSL
698(2)
Cable Modems
700(2)
VPN
702(7)
Authentication Protocols
709(3)
Wireless Technologies
712(27)
Wireless Communications
712(4)
WLAN Components
716(7)
Wireless Standards
723(5)
War Driving for WLANs
728(1)
Satellites
729(1)
Mobile Wireless Communication
730(6)
Mobile Phone Security
736(3)
Summary
739(1)
Quick Tips
740(19)
Questions
744(9)
Answers
753(6)
Chapter 7 Cryptography
759(126)
The History of Cryptography
760(5)
Cryptography Definitions and Concepts
765(12)
Kerckhoffs' Principle
767(1)
The Strength of the Cryptosystem
768(1)
Services of Cryptosystems
769(2)
One-Time Pad
771(2)
Running and Concealment Ciphers
773(1)
Steganography
774(3)
Types of Ciphers
777(4)
Substitution Ciphers
778(1)
Transposition Ciphers
778(3)
Methods of Encryption
781(19)
Symmetric vs. Asymmetric Algorithms
782(1)
Symmetric Cryptography
782(5)
Block and Stream Ciphers
787(5)
Hybrid Encryption Methods
792(8)
Types of Symmetric Systems
800(12)
Data Encryption Standard
800(8)
Triple-DES
808(1)
The Advanced Encryption Standard
809(1)
International Data Encryption Algorithm
809(1)
Blowfish
810(1)
RC4
810(1)
RC5
810(1)
RC6
810(2)
Types of Asymmetric Systems
812(8)
The Diffie-Hellman Algorithm
812(3)
RSA
815(3)
El Gamal
818(1)
Elliptic Curve Cryptosystems
818(1)
Knapsack
819(1)
Zero Knowledge Proof
819(1)
Message Integrity
820(13)
The One-Way Hash
820(6)
Various Hashing Algorithms
826(1)
MD2
826(1)
MD4
826(1)
MD5
827(1)
Attacks Against One-Way Hash Functions
827(2)
Digital Signatures
829(3)
Digital Signature Standard
832(1)
Public Key Infrastructure
833(7)
Certificate Authorities
834(3)
Certificates
837(1)
The Registration Authority
837(1)
PKI Steps
838(2)
Key Management
840(3)
Key Management Principles
841(1)
Rules for Keys and Key Management
842(1)
Trusted Platform Module
843(2)
TPM Uses
843(2)
Link Encryption vs. End-to-End Encryption
845(4)
E-mail Standards
849(4)
Multipurpose Internet Mail Extension
849(1)
Pretty Good Privacy
850(3)
Internet Security
853(12)
Start with the Basics
854(11)
Attacks
865(5)
Ciphertext-Only Attacks
865(1)
Known-Plaintext Attacks
865(1)
Chosen-Plaintext Attacks
866(1)
Chosen-Ciphertext Attacks
866(1)
Differential Cryptanalysis
866(1)
Linear Cryptanalysis
867(1)
Side-Channel Attacks
867(1)
Replay Attacks
868(1)
Algebraic Attacks
868(1)
Analytic Attacks
868(1)
Statistical Attacks
869(1)
Social Engineering Attacks
869(1)
Meet-in-the-Middle Attacks
869(1)
Summary
870(1)
Quick Tips
871(14)
Questions
874(6)
Answers
880(5)
Chapter 8 Business Continuity and Disaster Recovery Planning
885(94)
Business Continuity and Disaster Recovery
887(10)
Standards and Best Practices
890(3)
Making BCM Part of the Enterprise Security Program
893(4)
BCP Project Components
897(16)
Scope of the Project
899(2)
BCP Policy
901(1)
Project Management
901(3)
Business Continuity Planning Requirements
904(1)
Business Impact Analysis (BIA)
905(7)
Interdependencies
912(1)
Preventive Measures
913(1)
Recovery Strategies
914(30)
Business Process Recovery
918(1)
Facility Recovery
919(7)
Supply and Technology Recovery
926(4)
Choosing a Software Backup Facility
930(3)
End-User Environment
933(1)
Data Backup Alternatives
934(4)
Electronic Backup Solutions
938(3)
High Availability
941(3)
Insurance
944(1)
Recovery and Restoration
945(8)
Developing Goals for the Plans
949(2)
Implementing Strategies
951(2)
Testing and Revising the Plan
953(8)
Checklist Test
955(1)
Structured Walk-Through Test
955(1)
Simulation Test
955(1)
Parallel Test
955(1)
Full-Interruption Test
956(1)
Other Types of Training
956(1)
Emergency Response
956(2)
Maintaining the Plan
958(3)
Summary
961(1)
Quick Tips
961(18)
Questions
964(8)
Answers
972(7)
Chapter 9 Legal, Regulations, Investigations, and Compliance
979(102)
The Many Facets of Cyberlaw
980(1)
The Crux of Computer Crime Laws
981(2)
Complexities in Cybercrime
983(15)
Electronic Assets
985(1)
The Evolution of Attacks
986(4)
International Issues
990(4)
Types of Legal Systems
994(4)
Intellectual Property Laws
998(8)
Trade Secret
999(1)
Copyright
1000(1)
Trademark
1001(1)
Patent
1001(2)
Internal Protection of Intellectual Property
1003(1)
Software Piracy
1004(2)
Privacy
1006(16)
The Increasing Need for Privacy Laws
1008(1)
Laws, Directives, and Regulations
1009(13)
Liability and Its Ramifications
1022(8)
Personal Information
1027(1)
Hacker Intrusion
1027(1)
Third-Party Risk
1028(1)
Contractual Agreements
1029(1)
Procurement and Vendor Processes
1029(1)
Compliance
1030(2)
Investigations
1032(29)
Incident Management
1033(4)
Incident Response Procedures
1037(5)
Computer Forensics and Proper Collection of Evidence
1042(1)
International Organization on Computer Evidence
1043(1)
Motive, Opportunity, and Means
1044(1)
Computer Criminal Behavior
1044(1)
Incident Investigators
1045(1)
The Forensics Investigation Process
1046(7)
What Is Admissible in Court?
1053(4)
Surveillance, Search, and Seizure
1057(1)
Interviewing and Interrogating
1058(1)
A Few Different Attack Types
1058(3)
Cybersquatting
1061(1)
Ethics
1061(4)
The Computer Ethics Institute
1062(1)
The Internet Architecture Board
1063(1)
Corporate Ethics Programs
1064(1)
Summary
1065(1)
Quick Tips
1065(16)
Questions
1069(7)
Answers
1076(5)
Chapter 10 Software Development Security
1081(152)
Software's Importance
1081(1)
Where Do We Place Security?
1082(5)
Different Environments Demand Different Security
1083(1)
Environment versus Application
1084(1)
Functionality versus Security
1085(1)
Implementation and Default Issues
1086(1)
System Development Life Cycle
1087(8)
Initiation
1089(2)
Acquisition/Development
1091(1)
Implementation
1092(1)
Operations/Maintenance
1092(1)
Disposal
1093(2)
Software Development Life Cycle
1095(13)
Project Management
1096(1)
Requirements Gathering Phase
1096(2)
Design Phase
1098(4)
Development Phase
1102(2)
Testing/Validation Phase
1104(2)
Release/Maintenance Phase
1106(2)
Secure Software Development Best Practices
1108(3)
Software Development Models
1111(9)
Build and Fix Model
1111(1)
Waterfall Model
1112(1)
V-Shaped Model (V-Model)
1112(1)
Prototyping
1113(1)
Incremental Model
1114(1)
Spiral Model
1115(1)
Rapid Application Development
1116(2)
Agile Model
1118(2)
Capability Maturity Model Integration
1120(2)
Change Control
1122(3)
Software Configuration Management
1124(1)
Programming Languages and Concepts
1125(17)
Assemblers, Compilers, Interpreters
1128(2)
Object-Oriented Concepts
1130(12)
Distributed Computing
1142(11)
Distributed Computing Environment
1142(1)
CORBA and ORBs
1143(3)
COM and DCOM
1146(2)
Java Platform, Enterprise Edition
1148(1)
Service-Oriented Architecture
1148(5)
Mobile Code
1153(4)
Java Applets
1154(2)
ActiveX Controls
1156(1)
Web Security
1157(11)
Specific Threats for Web Environments
1158(9)
Web Application Security Principles
1167(1)
Database Management
1168(24)
Database Management Software
1170(1)
Database Models
1170(6)
Database Programming Interfaces
1176(1)
Relational Database Components
1177(3)
Integrity
1180(3)
Database Security Issues
1183(5)
Data Warehousing and Data Mining
1188(4)
Expert Systems/Knowledge-Based Systems
1192(3)
Artificial Neural Networks
1195(2)
Malicious Software (Malware)
1197(17)
Viruses
1199(3)
Worms
1202(1)
Rootkit
1202(2)
Spyware and Adware
1204(1)
Botnets
1204(2)
Logic Bombs
1206(1)
Trojan Horses
1206(1)
Antivirus Software
1207(3)
Spam Detection
1210(2)
Antimalware Programs
1212(2)
Summary
1214(1)
Quick Tips
1215(18)
Questions
1220(7)
Answers
1227(6)
Chapter 11 Security Operations
1233(86)
The Role of the Operations Department
1234(1)
Administrative Management
1235(5)
Security and Network Personnel
1237(2)
Accountability
1239(1)
Clipping Levels
1239(1)
Assurance Levels
1240(1)
Operational Responsibilities
1240(11)
Unusual or Unexplained Occurrences
1241(1)
Deviations from Standards
1241(1)
Unscheduled Initial Program Loads (aka Rebooting)
1242(1)
Asset Identification and Management
1242(1)
System Controls
1243(1)
Trusted Recovery
1244(2)
Input and Output Controls
1246(2)
System Hardening
1248(2)
Remote Access Security
1250(1)
Configuration Management
1251(3)
Change Control Process
1252(1)
Change Control Documentation
1253(1)
Media Controls
1254(8)
Data Leakage
1262(1)
Network and Resource Availability
1263(14)
Mean Time Between Failures
1264(1)
Mean Time to Repair
1264(1)
Single Points of Failure
1265(8)
Backups
1273(3)
Contingency Planning
1276(1)
Mainframes
1277(2)
E-mail Security
1279(16)
How E-mail Works
1281(2)
Facsimile Security
1283(2)
Hack and Attack Methods
1285(10)
Vulnerability Testing
1295(12)
Penetration Testing
1298(4)
Wardialing
1302(1)
Other Vulnerability Types
1303(2)
Postmortem
1305(2)
Summary
1307(1)
Quick Tips
1307(12)
Questions
1309(6)
Answers
1315(4)
Appendix A Comprehensive Questions
1319(60)
Answers
1357(22)
Appendix B About the CD-ROM
1379(6)
Running the QuickTime Cryptography Video Sample
1380(1)
Troubleshooting
1380(1)
Total Tester CISSP Practice Exam Software
1381(1)
Total Tester System Requirements
1381(1)
Installing and Running Total Tester
1381(1)
Adobe Digital Edition eBook
1381
Technical Support
1383
Index 1385
Preface ix
Introduction xi
Chapter 1 Information Security Governance and Risk Management
1(44)
Chapter 2 Access Control
45(46)
Chapter 3 Security Architecture and Design
91(48)
Chapter 4 Physical and Environmental Security
139(44)
Chapter 5 Telecommunications and Network Security
183(44)
Chapter 6 Cryptography
227(44)
Chapter 7 Business Continuity and Disaster Recovery
271(48)
Chapter 8 Legal, Regulations, Investigations, and Compliance
319(40)
Chapter 9 Software Development Security
359(44)
Chapter 10 Security Operations
403(40)
Appendix About the Free Online Practice Questions and Audio Lectures 443(2)
Index 445
Shon Harris is the founder and CEO of Logical Security LLC, an information security consultant, a former engineer in the Air Forces Information Warfare unit, an instructor and an author. She has authored several international bestselling books on information security published by McGraw-Hill and Pearson which has sold over a million copies and have been translated into six languages. Ms. Harris authors academic textbooks, security articles for publication and is a technical editor for Information Security Magazine. Ms. Harris has consulted for a large number of organizations in every business sector (financial, medical, retail, entertainment, utility) and several U.S. government agencies over the last 18 years. Ms. Harris provides high-end, advanced and specialized consulting for organizations globally. She also works directly with law firms as a technical and expert witness on cases that range from patent infringement, criminal investigations, civil lawsuits and she specializes in cryptographic technologies. Ms. Harris has taught information security to a wide range of clients over the last 18 years, some of which have included; West Point, Microsoft, DHS, DoD, DoE, NSA, FBI, NASA, CDC, PWC, DISA, RSA, Visa, Intel, Cisco, Oracle, HP, Boeing, Northrop Grumman, Shell, Verizon, Citi, BoA, HSBC, Morgan Stanley, Symantec, Warner Brothers, Bridgestone, American Express, etc. Ms. Harris was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.