Atnaujinkite slapukų nuostatas

CISSP For Dummies 7th edition [Minkštas viršelis]

3.90/5 (217 ratings by Goodreads)
(Indianapolis, Indiana), (AT&T Wireless Services, Woodinville, Washington)
  • Formatas: Paperback / softback, 608 pages, aukštis x plotis x storis: 236x188x38 mm, weight: 794 g
  • Išleidimo metai: 02-May-2022
  • Leidėjas: For Dummies
  • ISBN-10: 1119806828
  • ISBN-13: 9781119806820
Kitos knygos pagal šią temą:
CISSP For Dummies 7th editionDidesnis paveikslėlis
  • Formatas: Paperback / softback, 608 pages, aukštis x plotis x storis: 236x188x38 mm, weight: 794 g
  • Išleidimo metai: 02-May-2022
  • Leidėjas: For Dummies
  • ISBN-10: 1119806828
  • ISBN-13: 9781119806820
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9781119806820.html
Raktažodžiai:
Get CISSP certified, with this comprehensive study plan! 

Revised for the updated 2021 exam, CISSP For Dummies is packed with everything you need to succeed on test day. With deep content review on every domain, plenty of practice questions, and online study tools, this book helps aspiring security professionals unlock the door to success on this high-stakes exam. This book, written by CISSP experts, goes beyond the exam material and includes tips on setting up a 60-day study plan, exam-day advice, and access to an online test bank of questions. 

Make your test day stress-free with CISSP For Dummies!  





Review every last detail you need to pass the CISSP certification exam  Master all 8 test domains, from Security and Risk Management through Software Development Security  Get familiar with the 2021 test outline   Boost your performance with an online test bank, digital flash cards, and test-day tips 

If youre a security professional seeking your CISSP certification, this book is your secret weapon as you prepare for the exam. 
Introduction 1(1)
About This Book 2(1)
Foolish Assumptions 3(1)
Icons Used in This Book 3(1)
Beyond the Book 4(1)
Where to Go from Here 5(2)
PART 1 GETTING STARTED WITH CISSP CERTIFICATION
7(36)
Chapter 1 (ISC)2 and the CISSP Certification
9(14)
About (ISC)2 and the CISSP Certification
9(1)
You Must Be This Tall to Ride This Ride (And Other Requirements)
10(2)
Preparing for the Exam
12(4)
Studying on your own
13(1)
Getting hands-on experience
14(1)
Getting official (ISC)2 CISSP training
14(1)
Attending other training courses or study groups
15(1)
Taking practice exams
15(1)
Are you ready for the exam?
16(1)
Registering for the Exam
16(1)
About the CISSP Examination
17(3)
After the Examination
20(3)
Chapter 2 Putting Your Certification to Good Use
23(20)
Networking with Other Security Professionals
24(1)
Being an Active (ISC)2 Member
25(1)
Considering (ISC)2 Volunteer Opportunities
26(4)
Writing certification exam questions
27(1)
Speaking at events
27(1)
Helping at (ISC)2 conferences
27(1)
Reading and contributing to (ISC)2 publications
27(1)
Supporting the (ISC)2 Center for Cyber Safety and Education
28(1)
Participating in bug-bounty programs
28(1)
Participating in (ISC)2 focus groups
28(1)
Joining the (ISC)2 community
28(1)
Getting involved with a CISSP study group
28(1)
Helping others learn more about data security
29(1)
Becoming an Active Member of Your Local Security
Chapter
30(1)
Spreading the Good Word about CISSP Certification
31(1)
Leading by example
32(1)
Using Your CISSP Certification to Be an Agent of Change
32(1)
Earning Other Certifications
33(7)
Other (ISC)2 certifications
33(1)
CISSP concentrations
34(1)
Non-(ISC)2 certifications
34(4)
Choosing the right certifications
38(1)
Finding a mentor, being a mentor
39(1)
Building your professional brand
39(1)
Pursuing Security Excellence
40(3)
PART 2 CERTIFICATION DOMAINS
43(454)
Chapter 3 Security and Risk Management
45(108)
Understand, Adhere to, and Promote Professional Ethics
45(4)
(ISC)2 Code of Professional Ethics
46(1)
Organizational code of ethics
47(2)
Understand and Apply Security Concepts
49(4)
Confidentiality
50(1)
Integrity
51(1)
Availability
51(1)
Authenticity
52(1)
Nonrepudiation
52(1)
Evaluate and Apply Security Governance Principles
53(8)
Alignment of security function to business strategy, goals, mission, and objectives
53(1)
Organizational processes
54(2)
Organizational roles and responsibilities
56(1)
Security control frameworks
57(3)
Due care and due diligence
60(1)
Determine Compliance and Other Requirements
61(6)
Contractual, legal, industry standards, and regulatory requirements
61(5)
Privacy requirements
66(1)
Understand Legal and Regulatory Issues That Pertain to Information Security
67(26)
Cybercrimes and data breaches
67(15)
Licensing and intellectual property requirements
82(3)
Import/export controls
85(1)
Transborder data flow
85(1)
Privacy
86(7)
Understand Requirements for Investigation Types
93(1)
Develop, Document, and Implement Security Policies, Standards, Procedures, and Guidelines
94(2)
Policies
95(1)
Standards (and baselines)
95(1)
Procedures
96(1)
Guidelines
96(1)
Identify, Analyze, and Prioritize Business Continuity (BC) Requirements
96(24)
Business impact analysis
99(8)
Develop and document the scope and the plan
107(13)
Contribute to and Enforce Personnel Security Policies and Procedures
120(5)
Candidate screening and hiring
120(3)
Employment agreements and policies
123(1)
Onboarding, transfers, and termination processes
123(1)
Vendor, consultant, and contractor agreements and controls
124(1)
Compliance policy requirements
125(1)
Privacy policy requirements
125(1)
Understand and Apply Risk Management Concepts
125(18)
Identify threats and vulnerabilities
126(1)
Risk assessment/analysis
126(6)
Risk appetite and risk tolerance
132(1)
Risk treatment
133(1)
Countermeasure selection and implementation
133(2)
Applicable types of controls
135(2)
Control assessments (security and privacy)
137(2)
Monitoring and measurement
139(1)
Reporting
140(1)
Continuous improvement
141(1)
Risk frameworks
141(2)
Understand and Apply Threat Modeling Concepts and Methodologies
143(3)
Identifying threats
143(1)
Determining and diagramming potential attacks
144(1)
Performing reduction analysis
145(1)
Remediating threats
145(1)
Apply Supply Chain Risk Management (SCRM) Concepts
146(2)
Risks associated with hardware, software, and services
147(1)
Third-party assessment and monitoring
147(1)
Fourth-party risk
147(1)
Minimum security requirements
147(1)
Service-level agreement requirements
147(1)
Establish and Maintain a Security Awareness, Education, and Training Program
148(5)
Methods and techniques to present awareness and training
148(3)
Periodic content reviews
151(1)
Program effectiveness evaluation
151(2)
Chapter 4 Asset Security
153(26)
Identify and Classify Information and Assets
153(9)
Data classification
157(4)
Asset classification
161(1)
Establish Information and Asset Handling Requirements
162(2)
Provision Resources Securely
164(3)
Information and asset ownership
164(1)
Asset inventory
165(1)
Asset management
166(1)
Manage Data Life Cycle
167(4)
Data roles
168(1)
Data collection
168(1)
Data location
169(1)
Data maintenance
169(1)
Data retention
169(1)
Data remanence
170(1)
Data destruction
171(1)
Ensure Appropriate Asset Retention
171(1)
End of life
171(1)
End of support
172(1)
Determine Data Security Controls and Compliance Requirements
172(7)
Data states
173(1)
Scoping and tailoring
174(1)
Standards selection
175(1)
Data protection methods
176(3)
Chapter 5 Security Architecture and Engineering
179(96)
Research, Implement, and Manage Engineering Processes Using Secure Design Principles
180(16)
Threat modeling
182(4)
Least privilege (and need to know)
186(1)
Defense in depth
187(1)
Secure defaults
188(1)
Fail securely
188(1)
Separation of duties
189(1)
Keep it simple
189(1)
Zero trust
189(2)
Privacy by design
191(1)
Trust but verify
192(2)
Shared responsibility
194(2)
Understand the Fundamental Concepts of Security Models
196(3)
Select Controls Based Upon Systems Security Requirements
199(9)
Evaluation criteria
200(5)
System certification and accreditation
205(3)
Understand Security Capabilities of Information Systems
208(5)
Trusted Computing Base
208(1)
Trusted Platform Module
209(1)
Secure modes of operation
209(1)
Open and closed systems
210(1)
Memory protection
210(1)
Encryption and decryption
210(1)
Protection rings
211(1)
Security modes
211(1)
Recovery procedures
212(1)
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
213(15)
Client-based systems
214(1)
Server-based systems
215(1)
Database systems
215(1)
Cryptographic systems
216(1)
Industrial control systems
217(1)
Cloud-based systems
218(2)
Distributed systems
220(1)
Internet of Things
221(1)
Microservices
221(1)
Containerization
222(1)
Serverless
223(1)
Embedded systems
224(1)
High-performance computing systems
225(1)
Edge computing systems
225(1)
Virtualized systems
226(1)
Web-based systems
226(2)
Mobile systems
228(1)
Select and Determine Cryptographic Solutions'
228(25)
Plaintext and ciphettext
230(1)
Encryption and decryption
230(1)
End-to-end encryption
230(1)
Link encryption
231(1)
Putting it all together: The cryptosystem
232(1)
Classes of ciphers
233(1)
Types of ciphers
234(3)
Cryptographic life cycle
237(1)
Cryptographic methods
238(10)
Public key infrastructure
248(1)
Key management practices
248(2)
Digital signatures and digital certificates
250(1)
Nonrepudiation
250(1)
Integrity (hashing)
251(2)
Understand Methods of Cryptanalytic Attacks
253(6)
Brute force
254(1)
Ciphertext only
254(1)
Known plaintext
255(1)
Frequency analysis
255(1)
Chosen ciphertext
255(1)
Implementation attacks
255(1)
Side channel
255(1)
Fault injection
256(1)
Timing
256(1)
Man in the middle
256(1)
Pass the hash
257(1)
Kerberos exploitation
257(1)
Ransomware
257(2)
Apply Security Principles to Site and Facility Design
259(2)
Design Site and Facility Security Controls
261(14)
Wiring closets, server rooms, and more
264(1)
Restricted and work area security
265(1)
Utilities and heating, ventilation, and air conditioning
266(1)
Environmental issues
267(1)
Fire prevention, detection, and suppression
268(4)
Power
272(3)
Chapter 6 Communication and Network Security
275(64)
Assess and Implement Secure Design Principles in Network Architectures
275(41)
OSI and TCP/IP models
277(1)
The OSI Reference Model
278(37)
The TCP/IP Model
315(1)
Secure Network Components
316(15)
Operation of hardware
316(1)
Transmission media
317(1)
Network access control devices
318(10)
Endpoint security
328(3)
Implement Secure Communication Channels According to Design
331(8)
Voice
331(1)
Multimedia collaboration
332(1)
Remote access
332(4)
Data communications
336(1)
Virtualized networks
336(2)
Third-party connectivity
338(1)
Chapter 7 Identity and Access Management
339(40)
Control Physical and Logical Access to Assets
340(3)
Information
340(1)
Systems and devices
340(2)
Facilities
342(1)
Applications
342(1)
Manage Identification and Authentication of People, Devices, and Services
343(20)
Identity management implementation
343(1)
Single-/multifactor authentication
343(15)
Accountability
358(1)
Session management
359(1)
Registration, proofing, and establishment of identity
360(1)
Federated identity management
361(1)
Credential management systems
361(1)
Single sign-on
362(1)
Just-in-Time
363(1)
Federated Identity with a Third-Party Service
363(2)
On-premises
365(1)
Cloud
365(1)
Hybrid
365(1)
Implement and Manage Authorization Mechanisms
365(5)
Role-based access control
366(1)
Rule-based access control
367(1)
Mandatory access control
367(1)
Discretionary access control
368(1)
Attribute-based access control
369(1)
Risk-based access control
370(1)
Manage the Identity and Access Provisioning Life Cycle
370(2)
Implement Authentication Systems
372(7)
OpenID Connect/Open Authorization
372(1)
Security Assertion Markup Language
372(1)
Kerberos
373(3)
RADIUS and TACACS+
376(3)
Chapter 8 Security Assessment and Testing
379(28)
Design and Validate Assessment, Test, and Audit Strategies
379(2)
Conduct Security Control Testing
381(12)
Vulnerability assessment
381(2)
Penetration testing
383(5)
Log reviews
388(1)
Synthetic transactions
389(1)
Code review and testing
390(1)
Misuse case testing
391(1)
Test coverage analysis
392(1)
Interface testing
392(1)
Breach attack simulations
393(1)
Compliance checks
393(1)
Collect Security Process Data
393(7)
Account management
395(1)
Management review and approval
395(1)
Key performance and risk indicators
396(1)
Backup verification data
397(2)
Training and awareness
399(1)
Disaster recovery and business continuity
400(1)
Analyze Test Output and Generate Reports
400(4)
Remediation
401(1)
Exception handling
402(1)
Ethical disclosure
403(1)
Conduct or Facilitate Security Audits
404(3)
Chapter 9 Security Operations
407(56)
Understand and Comply with Investigations
408(11)
Evidence collection and handling
408(7)
Reporting and documentation
415(1)
Investigative techniques
416(2)
Digital forensics tools, tactics, and procedures
418(1)
Artifacts
419(1)
Conduct Logging and Monitoring Activities
419(5)
Intrusion detection and prevention
419(2)
Security information and event management
421(1)
Security orchestration, automation, and response
421(1)
Continuous monitoring
422(1)
Egress monitoring
422(1)
Log management
423(1)
Threat intelligence
423(1)
User and entity behavior analysis
424(1)
Perform Configuration Management
424(2)
Apply Foundational Security Operations Concepts
426(10)
Need-to-know and least privilege
427(1)
Separation of duties and responsibilities
428(1)
Privileged account management
429(2)
Job rotation
431(2)
Service-level agreements
433(3)
Apply Resource Protection
436(2)
Media management
436(2)
Media protection techniques
438(1)
Conduct Incident Management
438(2)
Operate and Maintain Detective and Preventative Measures
440(2)
Implement and Support Patch and Vulnerability Management
442(1)
Understand and Participate in Change Management Processes
443(1)
Implement Recovery Strategies
444(4)
Backup storage strategies
444(1)
Recovery site strategies
445(1)
Multiple processing sites
445(1)
System resilience, high availability, quality of service, and fault tolerance
445(3)
Implement Disaster Recovery Processes
448(8)
Response
451(2)
Personnel
453(1)
Communications
454(1)
Assessment
455(1)
Restoration
455(1)
Training and awareness
456(1)
Lessons learned
456(1)
Test Disaster Recovery Plans
456(4)
Read-through or tabletop
457(1)
Walkthrough
457(1)
Simulation
458(1)
Parallel
459(1)
Full interruption (or cutover)
459(1)
Participate in Business Continuity Planning and Exercises
460(1)
Implement and Manage Physical Security
460(1)
Address Personnel Safety and Security Concerns
461(2)
Chapter 10 Software Development Security
463(34)
Understand and Integrate Security in the Software Development Life Cycle
464(12)
Development methodologies
464(9)
Maturity models
473(1)
Operation and maintenance
474(1)
Change management
475(1)
Integrated product team
476(1)
Identify and Apply Security Controls in Software Development Ecosystems
476(10)
Programming languages
477(1)
Libraries
478(1)
Tool sets
478(2)
Integrated development environment
480(1)
Runtime
480(1)
Continuous integration/continuous delivery
481(1)
Security orchestration, automation, and response
481(1)
Software configuration management
482(1)
Code repositories
483(1)
Application security testing
484(2)
Assess the Effectiveness of Software Security
486(3)
Auditing and logging of changes
486(1)
Risk analysis and mitigation
487(2)
Assess Security Impact of Acquired Software
489(1)
Define and Apply Secure Coding Guidelines and Standards
490(2)
Security weaknesses and vulnerabilities at the source-code level
491(1)
Security of application programming interfaces
492(1)
Secure coding practices
493(2)
Software-defined security
495(2)
PART 3 THE PART OF TENS
497(12)
Chapter 11 Ten Ways to Prepare for the Exam
499(6)
Know Your Learning Style
499(1)
Get a Networking Certification First
500(1)
Register Now
500(1)
Make a 60-Day Study Plan
500(1)
Get Organized and Read
501(1)
Join a Study Group
501(1)
Take Practice Exams
502(1)
Take a CISSP Training Seminar
502(1)
Adopt an Exam-Taking Strategy
502(1)
Take a Breather
503(2)
Chapter 12 Ten Test-Day Tips
505(4)
Get a Good Nighfs Rest
505(1)
Dress Comfortably
506(1)
Eat a Good Meal
506(1)
Arrive Early
506(1)
Bring Approved Identification
506(1)
Bring Snacks and Drinks
507(1)
Bring Prescription and Over-the-Counter Medications
507(1)
Leave Your Mobile Devices Behind
507(1)
Take Frequent Breaks
507(1)
Guess -- As a Last Resort
508(1)
Glossary 509(56)
Index 565
Lawrence C. Miller, CISSP, is a veteran information security professional. He has served as a consultant for multinational corporations and holds many networking certifications.

Peter H. Gregory, CISSP, is a security, risk, and technology director with experience in SAAS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond. Larry and Peter have been coauthors of CISSP For Dummies for more than 20 years.