Atnaujinkite slapukų nuostatas

El. knyga: CISSP Study Guide

4.13/5 (326 ratings by Goodreads)
(Fellow, SANS Institute, Bethesda, MD, USA; Principal Consultant, Context Security, LLC., Jackson, MI, USA), (Fellow, SANS Institute, Bethesda, MD, USA; Chie), (Senior Vice President for Security Technology, Radian Group, Wayne, PA, USA)
  • Formatas: PDF+DRM
  • Išleidimo metai: 16-Sep-2010
  • Leidėjas: Syngress Media,U.S.
  • Kalba: eng
  • ISBN-13: 9781597495646
Kitos knygos pagal šią temą:
CISSP Study GuideDidesnis paveikslėlis
  • Formatas: PDF+DRM
  • Išleidimo metai: 16-Sep-2010
  • Leidėjas: Syngress Media,U.S.
  • Kalba: eng
  • ISBN-13: 9781597495646
Kitos knygos pagal šią temą:

DRM apribojimai

  • Kopijuoti:

    neleidžiama

  • Spausdinti:

    neleidžiama

  • El. knygos naudojimas:

    Skaitmeninių teisių valdymas (DRM)
    Leidykla pateikė šią knygą šifruota forma, o tai reiškia, kad norint ją atrakinti ir perskaityti reikia įdiegti nemokamą programinę įrangą. Norint skaityti šią el. knygą, turite susikurti Adobe ID . Daugiau informacijos  čia. El. knygą galima atsisiųsti į 6 įrenginius (vienas vartotojas su tuo pačiu Adobe ID).

    Reikalinga programinė įranga
    Norint skaityti šią el. knygą mobiliajame įrenginyje (telefone ar planšetiniame kompiuteryje), turite įdiegti šią nemokamą programėlę: PocketBook Reader (iOS / Android)

    Norint skaityti šią el. knygą asmeniniame arba „Mac“ kompiuteryje, Jums reikalinga  Adobe Digital Editions “ (tai nemokama programa, specialiai sukurta el. knygoms. Tai nėra tas pats, kas „Adobe Reader“, kurią tikriausiai jau turite savo kompiuteryje.)

    Negalite skaityti šios el. knygos naudodami „Amazon Kindle“.

CISSP Study Guide serves as a review for those who want to take the Certified Information Systems Security Professional (CISSP) exam and obtain CISSP certification. The exam is designed to ensure that someone who is handling computer security in a company has a standardized body of knowledge. The book is composed of 10 domains of the Common Body of Knowledge. In each section, it defines each domain. It also provides tips on how to prepare for the exam and take the exam. It also contains CISSP practice quizzes to test ones knowledge. The first domain provides information about risk analysis and mitigation. It also discusses security governance. The second domain discusses different techniques for access control, which is the basis for all the security disciplines. The third domain explains the concepts behind cryptography, which is a secure way of communicating that is understood only by certain recipients. Domain 5 discusses security system design, which is fundamental for operating the system and software security components. Domain 6 is a critical domain in the Common Body of Knowledge, the Business Continuity Planning, and Disaster Recovery Planning. It is the final control against extreme events such as injury, loss of life, or failure of an organization. Domains 7, 8, and 9 discuss telecommunications and network security, application development security, and the operations domain, respectively. Domain 10 focuses on the major legal systems that provide a framework in determining the laws about information system.

Recenzijos

"Ideal preparation tool for the CISSP exam; gives you exactly what you need to know in an accurate, concentrated, no frills, no fluff manner. The exam warnings, clear explanations about common misconceptions, are priceless and I learned a lot from them." --Stephen Northcutt, President, SANS Technology Institute

"For anyone serious about passing the exam I would recommend this book to be one of their guides and award the book nine out of ten in terms of its approach, coverage of the material and applicability to the task of preparing a student for the CISSP exam overall." --Jim McGhie, MBCS, CEng CITP

"The CISSP certification is the very first and most prestigious, globally-recognized, vendor-neutral exam for information security professionals. This new study guide is aligned to cover all of the material included in the exam complete with special attention to recent updates." --Dierdre Blake on Dr. Dobbs Journal

"[ T]he book contains all the necessary topics that you will need to know to review for the exam. Overall the book is more concise than the majority of the other CISSP study guides available. It uses techniques such as "Learn By Example" and "Exam Warning" boxes to illustrate and highlight key points. Well written by technically competent authors, I found the book easy to read. Significantly cheaper than many of its peers, this is all that the more experienced prospective CISSP candidate requires." --InfoSecReviews.com

Acknowledgments xvii
About the authors xix
Chapter 1 Introduction
1(6)
How to Prepare for the Exam
2(1)
The Notes Card Approach
2(1)
Practice Tests
2(1)
Read the Glossary
3(1)
Readiness Checklist
3(1)
How to Take the Exam
3(3)
Steps to Becoming a CISSP®
3(1)
Exam Logistics
4(1)
How to Take the Exam
5(1)
After the Exam
6(1)
Good Luck!
6(1)
Chapter 2 Domain 1: Information security governance and risk management
7(30)
Unique Terms and Definitions
7(1)
Introduction
7(1)
Cornerstone Information Security Concepts
8(5)
Confidentiality, Integrity, and Availability
8(2)
Identity and Authentication, Authorization, and Accountability
10(3)
Risk Analysis
13(9)
Assets
13(1)
Threats and Vulnerabilities
13(1)
Risk = Threat x Vulnerability
14(1)
Impact
15(1)
Risk Analysis Matrix
15(1)
Calculating Annualized Loss Expectancy
16(1)
Total Cost of Ownership
17(1)
Return on Investment
18(1)
Risk Choices
19(1)
Qualitative and Quantitative Risk Analysis
20(1)
The Risk Management Process
21(1)
Information Security Governance
22(9)
Security Policy and Related Documents
22(2)
Security Awareness and Training
24(1)
Roles and Responsibilities
25(1)
Compliance with Laws and Regulations
26(1)
Privacy
26(1)
Due Care and Due Diligence
26(1)
Best Practice
27(1)
Outsourcing and Offshoring
27(1)
Auditing and Control Frameworks
28(2)
Certification and Accreditation
30(1)
Ethics
31(1)
The (ISC)2 © Code of Ethics
31(1)
Summary of Exam Objectives
32(1)
Self Test
32(2)
Self Test Quick Answer Key
34(3)
Chapter 3 Domain 2: Access control
37(54)
Unique Terms and Definitions
37(1)
Introduction
37(1)
Cornerstone Access Control Concepts
38(3)
The CIA triad
38(2)
Identification and AAA
40(1)
Subjects and objects
41(1)
Access Control Models
41(6)
Discretionary Access Controls (DAC)
42(1)
Mandatory Access Controls (MAC)
42(1)
Non-Discretionary Access Control
42(2)
Content and Context-Dependent Access Controls
44(1)
Centralized Access Control
44(1)
Decentralized Access Control
44(1)
Access Control Protocols and Frameworks
45(2)
Procedural Issues for Access Control
47(3)
Labels, Clearance, Formal Access Approval, and Need to Know
48(2)
Rule-Based Access Controls
50(1)
Access Control Lists
50(1)
Access Control Defensive Categories and Types
50(3)
Preventive
51(1)
Detective
51(1)
Corrective
51(1)
Recovery
52(1)
Deterrent
52(1)
Compensating
52(1)
Comparing Access Controls
52(1)
Authentication Methods
53(14)
Type 1 Authentication Something You Know
53(6)
Type 2 Authentication Something You Have
59(2)
Type 3 Authentication Something You Are
61(6)
Someplace You Are
67(1)
Access Control Technologies
67(6)
Single Sign-On (SSO)
67(1)
Kerberos
68(4)
Sesame
72(1)
Security Audit Logs
72(1)
Types of Attackers
73(6)
Hackers
73(1)
Black Hats and White Hats
74(1)
Script Kiddies
74(1)
Outsiders
75(1)
Insiders
76(1)
Hacktivist
77(1)
Bots and BotNets
77(2)
Phishers and Spear Phishers
79(1)
Assessing Access Control
79(6)
Penetration Testing
82(2)
Vulnerability Testing
84(1)
Security Audits
84(1)
Security Assessments
84(1)
Summary of Exam Objectives
85(1)
Self Test
85(3)
Self Test Quick Answer Key
88(3)
Chapter 4 Domain 3: Cryptography
91(40)
Unique Terms and Definitions
91(1)
Introduction
91(1)
Cornerstone Cryptographic Concepts
91(4)
Key Terms
92(1)
Confidentiality, Integrity, Authentication, and Non-Repudiation
92(1)
Confusion, Diffusion, Substitution, and Permutation
92(1)
Cryptographic Strength
93(1)
Monoalphabetic and Polyalphabetic Ciphers
93(1)
Modular Math
93(1)
Exclusive Or (XOR)
93(2)
Types of Cryptography
95(1)
History of Cryptography
95(10)
Egyptian Hieroglyphics
95(1)
Spartan Scytale
96(1)
Caesar Cipher and other Rotation Ciphers
96(1)
Vigenere Cipher
97(1)
Cipher Disk
97(1)
Jefferson Disks
98(2)
Book Cipher and Running-Key Cipher
100(1)
Codebooks
100(1)
One-Time Pad
100(2)
Hebern Machines and Purple
102(3)
Cryptography Laws
105(1)
Symmetric Encryption
105(8)
Stream and Block Ciphers
106(1)
Initialization Vectors and Chaining
106(1)
Data Encryption Standard
106(4)
International Data Encryption Algorithm (IDEA)
110(1)
Advanced Encryption Standard (AES)
110(3)
Blowfish and Twofish
113(1)
RC5 and RC6
113(1)
Asymmetric Encryption
113(3)
Asymmetric Methods
114(2)
Hash Functions
116(1)
Collisions
116(1)
MD5
116(1)
Secure Hash Algorithm
116(1)
Haval
117(1)
Cryptographic Attacks
117(3)
Brute Force
117(1)
Known Plaintext
117(1)
Chosen Plaintext and Adaptive Chosen Plaintext
118(1)
Chosen Ciphertext and Adaptive Chosen Ciphertext
118(1)
Meet-in-the-middle Attack
118(1)
Known Key
119(1)
Differential Cryptanalysis
119(1)
Linear Cryptanalysis
119(1)
Side-channel Attacks
119(1)
Birthday Attack
119(1)
Key Clustering
120(1)
Implementing Cryptography
120(7)
Digital Signatures
120(1)
HMAC
121(1)
CBC-MAC
122(1)
Public Key Infrastructure
122(1)
IPsec
122(2)
SSL and TLS
124(1)
PGP
124(1)
S/MIME
125(1)
Escrowed Encryption
125(1)
Steganography
125(1)
Digital Watermarks
126(1)
Summary of Exam Objectives
127(1)
Self Test
127(2)
Self Test Quick Answer Key
129(2)
Chapter 5 Domain 4: Physical (Environmental) security
131(34)
Unique Terms and Definitions
131(1)
Introduction
131(1)
Perimeter Defenses
132(12)
Fences
132(1)
Gates
132(1)
Bollards
132(1)
Lights
133(1)
CCTV
133(2)
Locks
135(3)
Smart Cards and Magnetic Stripe Cards
138(1)
Tailgating/piggybacking
138(2)
Mantraps and Turnstiles
140(1)
Contraband Checks
140(1)
Motion Detectors and Other Perimeter Alarms
140(1)
Doors and Windows
141(1)
Walls, floors, and ceilings
142(1)
Guards
142(1)
Dogs
143(1)
Restricted Areas and Escorts
143(1)
Site Selection, Design, and Configuration
144(2)
Site Selection Issues
144(1)
Site Design and Configuration Issues
144(2)
System Defenses
146(3)
Asset Tracking
146(1)
Port Controls
146(1)
Drive and Tape Encryption
146(1)
Media Storage and Transportation
147(1)
Media Cleaning and Destruction
147(2)
Environmental Controls
149(11)
Electricity
149(2)
HVAC
151(1)
Heat, Flame, and Smoke Detectors
152(1)
Safety Training and Awareness
153(1)
ABCD Fires and Suppression
154(2)
Types of Fire Suppression Agents
156(4)
Summary of Exam Objectives
160(1)
Self Test
160(3)
Self Test Quick Answer Key
163(2)
Chapter 6 Domain 5: Security architecture and design
165(46)
Unique Terms and Definitions
165(1)
Introduction
165(1)
Secure System Design Concepts
166(2)
Layering
166(1)
Abstraction
166(1)
Security Domains
167(1)
The Ring Model
167(1)
Open and Closed Systems
168(1)
Secure Hardware Architecture
168(9)
The System Unit and Motherboard
168(1)
The Computer Bus
169(1)
The CPU
170(2)
Memory
172(2)
Memory Protection
174(3)
Secure Operating System and Software Architecture
177(6)
The Kernel
178(1)
Users and File Permissions
178(3)
Virtualization
181(1)
Thin Clients
182(1)
System Vulnerabilities, Threats, and Countermeasures
183(10)
Emanations
183(1)
Covert Channels
183(1)
Buffer Overflows
184(1)
TOCTOU/Race Conditions
185(1)
Backdoors
185(1)
Malicious Code (Malware)
186(1)
Server-Side Attacks
187(1)
Client-Side Attacks
188(1)
Web Application Attacks
189(1)
Mobile Device Attacks
190(1)
Database Security
191(2)
Countermeasures
193(1)
Security Models
193(9)
Reading Down and Writing Up
193(2)
State Machine model
195(1)
Bell-LaPadula model
195(1)
Lattice-Based Access Controls
196(1)
Integrity Models
197(1)
Information Flow Model
198(1)
Chinese Wall Model
199(1)
Noninterference
199(1)
Take-Grant
199(1)
Access Control Matrix
200(1)
Zachman Framework for Enterprise Architecture
200(1)
Graham-Denning Model
200(1)
Harrison-Ruzzo-Ullman Model
201(1)
Modes of Operation
202(1)
Evaluation Methods, Certification, and Accreditation
202(4)
The Orange Book
203(1)
ITSEC
204(1)
The International Common Criteria
205(1)
PCI-DSS
206(1)
Certification and Accreditation
206(1)
Summary of Exam Objectives
206(1)
Self Test
207(2)
Self Test Quick Answer Key
209(2)
Chapter 7 Domain 6: Business continuity and disaster recovery planning
211(44)
Unique Terms and Definitions
211(1)
Introduction
211(1)
BCP and DRP Overview and Process
212(11)
Business Continuity Planning (BCP)
212(1)
Disaster Recovery Planning (DRP)
213(1)
Relationship between BCP and DRP
213(1)
Disasters or disruptive Events
214(7)
The Disaster Recovery Process
221(2)
Developing a BCP/DRP
223(18)
Project Initiation
224(3)
Scoping the Project
227(1)
Assessing the Critical State
227(1)
Conduct Business Impact Analysis (BIA)
228(4)
Identify Preventive Controls
232(1)
Recovery Strategy
232(4)
Related Plans
236(5)
Plan Approval
241(1)
Backups and Availability
241(4)
Hardcopy Data
242(1)
Electronic Backups
243(2)
Software Escrow
245(1)
DRP Testing, Training, and Awareness
245(3)
DRP Testing
246(2)
Training
248(1)
Awareness
248(1)
Continued BCP/DRP Maintenance
248(1)
Change Management
248(1)
BCP/DRP Mistakes
249(1)
Specific BCP/DRP Frameworks
249(2)
NIST SP 800-34
249(1)
ISO/IEC-27031
250(1)
BS-25999
250(1)
BCI
251(1)
Summary of Exam Objectives
251(1)
Self Test
251(2)
Self Test Quick Answer Key
253(2)
Chapter 8 Domain 7: Telecommunications and network security
255(74)
Unique Terms and Definitions
255(1)
Introduction
255(1)
Network Architecture and Design
256(35)
Network Defense-in-Depth
256(1)
Fundamental Network Concepts
256(3)
The OSI Model
259(2)
The TCP/IP Model
261(1)
Encapsulation
262(1)
Network Access, Internet and Transport Layer Protocols and Concepts
263(13)
Application Layer TCP/IP Protocols and Concepts
276(5)
Layer 1 Network Cabling
281(2)
LAN Technologies and Protocols
283(2)
LAN Physical Network Topologies
285(3)
WAN Technologies and Protocols
288(3)
Network Devices and Protocols
291(21)
Repeaters and Hubs
291(1)
Bridges
292(1)
Switches
293(1)
TAPs
294(1)
Routers
295(4)
Firewalls
299(7)
Modern
306(1)
DTE/DCE and CSU/DSU
306(1)
Intrusion Detection Systems and Intrusion Prevention Systems
306(3)
Honeypots
309(1)
Network Attacks
310(1)
Network Scanning Tools
311(1)
Secure Communications
312(12)
Authentication Protocols and Frameworks
312(2)
VPN
314(2)
VoIP
316(1)
Wireless Local Area Networks
317(4)
RFID
321(1)
Remote Access
322(2)
Summary of Exam Objectives
324(1)
Self Test
325(2)
Self Test Quick Answer Key
327(2)
Chapter 9 Domain 8: Application development security
329(42)
Unique Terms and Definitions
329(1)
Introduction
329(1)
Programming Concepts
330(5)
Machine Code, Source Code, and Assemblers
330(1)
Compilers, Interpreters, and Bytecode
330(1)
Procedural and Object-Oriented Languages
331(2)
Fourth-generation Programming Language
333(1)
Computer-Aided Software Engineering (CASE)
333(1)
Top-Down versus Bottom-Up Programming
333(1)
Types of Publicly Released Software
334(1)
Application Development Methods
335(11)
Waterfall Model
336(1)
Sashimi Model
337(2)
Agile Software Development
339(1)
Spiral
340(1)
Rapid Application Development (RAD)
341(1)
Prototyping
341(1)
SDLC
342(4)
Software Escrow
346(1)
Object-Orientated Design and Programming
346(6)
Object-Oriented Programming (OOP)
346(3)
Object Request Brokers
349(2)
Object-Oriented Analysis (OOA) and Object-Oriented Design (OOD)
351(1)
Software Vulnerabilities, Testing, and Assurance
351(1)
Software Vulnerabilities
352(4)
Software Testing Methods
353(2)
Disclosure
355(1)
Software Capability Maturity Model (CMM)
356(1)
Databases
356(6)
Types of Databases
357(4)
Database Integrity
361(1)
Database Replication and Shadowing
361(1)
Data Warehousing and Data Mining
362(1)
Artificial Intelligence
362(3)
Expert Systems
362(1)
Artificial Neural Networks
363(1)
Bayesian Filtering
364(1)
Genetic Algorithms and Programming
365(1)
Summary of Exam Objectives
365(1)
Self Test
366(2)
Self Test Quick Answer Key
368(3)
Chapter 10 Domain 9: Operations security
371(34)
Unique Terms and Definitions
371(1)
Introduction
371(1)
Administrative Security
372(4)
Administrative Personnel Controls
372(3)
Privilege Monitoring
375(1)
Sensitive Information/Media Security
376(2)
Sensitive Information
376(2)
Asset Management
378(5)
Configuration Management
379(2)
Change Management
381(2)
Continuity of Operations
383(7)
Service Level Agreements (SLA)
383(1)
Fault Tolerance
384(6)
Incident Response Management
390(8)
Methodology
391(2)
Types of attacks
393(5)
Summary of Exam Objectives
398(2)
Self Test
400(3)
Self Test Quick Answer Key
403(2)
Chapter 11 Domain 10: Legal regulations, investigations, and compliance
405(36)
Unique Terms and Definitions
405(1)
Introduction
406(1)
Major Legal Systems
406(1)
Civil Law (legal system)
406(1)
Common Law
406(1)
Religious Law
407(1)
Other Systems
407(1)
Criminal, Civil, and Administrative Law
407(2)
Criminal Law
408(1)
Civil Law
408(1)
Administrative Law
409(1)
Information Security Aspects of Law
409(11)
Computer Crime
410(1)
Intellectual Property
411(4)
Import/export Restrictions
415(1)
Privacy
416(3)
Liability
419(1)
Legal Aspects of Investigations
420(9)
Digital Forensics
420(3)
Incident Response
423(1)
Evidence
423(2)
Evidence Integrity
425(1)
Chain of Custody
426(1)
Reasonable Searches
426(2)
Entrapment and enticement
428(1)
Important Laws and Regulations
429(4)
U.S. Computer Fraud and Abuse Act
430(1)
USA PATRIOT Act
431(1)
HIPAA
431(1)
United States Breach Notification Laws
432(1)
Ethics
433(2)
Computer Ethics Institute
433(1)
IAB's Ethics and the Internet
434(1)
The (ISC)2 © Code of Ethics
434(1)
Summary of Exam Objectives
435(1)
Self Test
436(2)
Self Test Quick Answer Key
438(3)
Appendix: Self test 441(48)
Glossary 489(36)
Index 525
Joshua Feldman (CISSP) is Senior Vice President for Security Technology at the Radian Group a real estate and mortgage insurance conglomerate. His mission is focused on protecting over 10M US consumer financial records. He is the executive responsible for all aspects of Radians technical security program. Previous security roles included work at Moodys Credit Ratings, Corning Inc, and the US Department of Defense and Department of State.

In 2008, Joshua was Eric's student when studying for the CISSP exam and was so impressed with Erics mastery of the materials that he invited Eric to work with him at the DoD. Quickly after starting work, Eric invited Seth. That project ran successfully for over eight years a testament to the value brought for US military cyber professionals.

Joshua got his start in the cyber security field when he left his public-school science teaching position in 1997 and began working for Network Flight Recorder (NFR, Inc.), a small Washington, DC based startup making the first generation of Network Intrusion Detection Systems. He has a Bachelors of Science from the University of Maryland and a Masters in Cyber Operations from National Defense University. He currently resides in Philadelphia with his little dog, Jacky-boy. Seth Misenar (CISSP®, GSE, GDSA, GDAT, GMON, GCDA, GCIH, GCIA, GCFA) is a Fellow with the SANS Institute and also serves as Principal Consultant for Jackson, Mississippi-based Context Security, LLC. His cyber security background includes research, host-based and network intrusion detection, architecture design, and general security consulting. Seth previously served as a physical and network security consultant for Fortune 100 companies and a state government agencys HIPAA and information security officer. He has partnered with the SANS Institute for over 15 years, teaching and authoring courseware and facilitating instructor development. Seth is pursuing a Master of Science degree in Information Security Engineering from the SANS Technology Institute and holds a Bachelor of Science degree from Millsaps College. Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GMON, GISP), is a SANS fellow and Chief Technology Officer of Backshore Communications, which provides threat hunting, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He is coauthor of MGT414: SANS Training Program for the CISSP Certification, SEC511: Continuous Monitoring and Security Operations, and SEC542: Web App Penetration Testing and Ethical Hacking. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering.
Daugiau apie elektronines knygas Daugiau apie elektronines knygas
Pastovi nuoroda: https://www.kriso.lt/db/97815974956462e.html
Raktažodžiai: