Eleventh Hour CISSP Study Guide serves as a guide for those who want to be information security professionals. The main job of an information security professional is to evaluate the risks involved in securing assets and to find ways to mitigate those risks. Information security jobs include firewall engineers, penetration testers, auditors, and the like. The book is composed of 10 domains of the Common Body of Knowledge. In each section, it defines each domain. The first domain provides information about risk analysis and mitigation, and it discusses security governance. The second domain discusses techniques of access control, which is the basis for all security disciplines. The third domain explains the concepts behind cryptography, which is a secure way of communicating that is understood only by certain recipients. Domain 5 discusses security system design, which is fundamental in operating the system and software security components. Domain 6 is one of the critical domains in the Common Body of Knowledge, the Business Continuity Planning and Disaster Recovery Planning. It is the final control against extreme events such as injury, loss of life, or failure of an organization. Domain 7, Domain 8 and Domain 9 discuss telecommunications and network security, application development security, and the operations domain, respectively. Domain 10 focuses on the major legal systems that provide a framework for determining laws about information system.
Recenzijos
"Eleventh Hour CISSP Study Guide provides an effective and efficient review of the CISSP ten domains by eliminating the fluff that is in most CISSP study guides. For security professionals in a time crunch or those looking for a last-minute refresher, this is a must-read before taking the exam." --Tony Flick, CISSP, Author of Securing the Smart Grid and Principal at FYRM Associates
| About the Authors |
|
vii | |
|
Chapter 1 Domain 1: Information Security Governance and Risk Management |
|
|
1 | (18) |
|
Chapter 2 Domain 2: Access Control |
|
|
19 | (20) |
|
Chapter 3 Domain 3: Cryptography |
|
|
39 | (16) |
|
Chapter 4 Domain 4: Physical (Environmental) Security |
|
|
55 | (14) |
|
Chapter 5 Domain 5: Security Architecture and Design |
|
|
69 | (20) |
|
Chapter 6 Domain 6: Business Continuity and Disaster Recovery Planning |
|
|
89 | (20) |
|
Chapter 7 Domain 7: Telecommunications and Network Security |
|
|
109 | (20) |
|
Chapter 8 Domain 8: Application Development Security |
|
|
129 | (18) |
|
Chapter 9 Domain 9: Operations Security |
|
|
147 | (14) |
|
Chapter 10 Domain 10: Legal, Regulations, Investigations, and Compliance |
|
|
161 | (14) |
| Glossary |
|
175 | (8) |
| Index |
|
183 | |
Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GMON, GISP), is a SANS fellow and Chief Technology Officer of Backshore Communications, which provides threat hunting, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He is coauthor of MGT414: SANS Training Program for the CISSP Certification, SEC511: Continuous Monitoring and Security Operations, and SEC542: Web App Penetration Testing and Ethical Hacking. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering. Seth Misenar (CISSP®, GSE, GDSA, GDAT, GMON, GCDA, GCIH, GCIA, GCFA) is a Fellow with the SANS Institute and also serves as Principal Consultant for Jackson, Mississippi-based Context Security, LLC. His cyber security background includes research, host-based and network intrusion detection, architecture design, and general security consulting. Seth previously served as a physical and network security consultant for Fortune 100 companies and a state government agencys HIPAA and information security officer. He has partnered with the SANS Institute for over 15 years, teaching and authoring courseware and facilitating instructor development. Seth is pursuing a Master of Science degree in Information Security Engineering from the SANS Technology Institute and holds a Bachelor of Science degree from Millsaps College. Joshua Feldman (CISSP) is Senior Vice President for Security Technology at the Radian Group a real estate and mortgage insurance conglomerate. His mission is focused on protecting over 10M US consumer financial records. He is the executive responsible for all aspects of Radians technical security program. Previous security roles included work at Moodys Credit Ratings, Corning Inc, and the US Department of Defense and Department of State.
In 2008, Joshua was Eric's student when studying for the CISSP exam and was so impressed with Erics mastery of the materials that he invited Eric to work with him at the DoD. Quickly after starting work, Eric invited Seth. That project ran successfully for over eight years a testament to the value brought for US military cyber professionals.
Joshua got his start in the cyber security field when he left his public-school science teaching position in 1997 and began working for Network Flight Recorder (NFR, Inc.), a small Washington, DC based startup making the first generation of Network Intrusion Detection Systems. He has a Bachelors of Science from the University of Maryland and a Masters in Cyber Operations from National Defense University. He currently resides in Philadelphia with his little dog, Jacky-boy.
Daugiau apie elektronines knygas