Atnaujinkite slapukų nuostatas

El. knyga: Eleventh Hour CISSP(R): Study Guide

4.25/5 (570 ratings by Goodreads)
(Senior Vice President for Security Technology, Radian Group, Wayne, PA, USA), (Fellow, SANS Institute, Bethesda, MD, USA; Chie), (Fellow, SANS Institute, Bethesda, MD, USA; Principal Consultant, Context Security, LLC., Jackson, MI, USA)
  • Formatas: EPUB+DRM
  • Išleidimo metai: 03-Sep-2016
  • Leidėjas: Syngress Media,U.S.
  • Kalba: eng
  • ISBN-13: 9780128113776
Kitos knygos pagal šią temą:
Eleventh Hour CISSP(R): Study GuideDidesnis paveikslėlis
  • Formatas: EPUB+DRM
  • Išleidimo metai: 03-Sep-2016
  • Leidėjas: Syngress Media,U.S.
  • Kalba: eng
  • ISBN-13: 9780128113776
Kitos knygos pagal šią temą:

DRM apribojimai

  • Kopijuoti:

    neleidžiama

  • Spausdinti:

    neleidžiama

  • El. knygos naudojimas:

    Skaitmeninių teisių valdymas (DRM)
    Leidykla pateikė šią knygą šifruota forma, o tai reiškia, kad norint ją atrakinti ir perskaityti reikia įdiegti nemokamą programinę įrangą. Norint skaityti šią el. knygą, turite susikurti Adobe ID . Daugiau informacijos  čia. El. knygą galima atsisiųsti į 6 įrenginius (vienas vartotojas su tuo pačiu Adobe ID).

    Reikalinga programinė įranga
    Norint skaityti šią el. knygą mobiliajame įrenginyje (telefone ar planšetiniame kompiuteryje), turite įdiegti šią nemokamą programėlę: PocketBook Reader (iOS / Android)

    Norint skaityti šią el. knygą asmeniniame arba „Mac“ kompiuteryje, Jums reikalinga  Adobe Digital Editions “ (tai nemokama programa, specialiai sukurta el. knygoms. Tai nėra tas pats, kas „Adobe Reader“, kurią tikriausiai jau turite savo kompiuteryje.)

    Negalite skaityti šios el. knygos naudodami „Amazon Kindle“.

Eleventh Hour CISSP® provides you with a study guide keyed directly to the most current version of the Certified Information Systems Security Professional exam. This book is streamlined to include only core certification information and is presented for ease of last-minute studying. Main objectives of the exam are covered concisely with key concepts highlighted. The CISSP® certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. Over 100,000 professionals are certified worldwide with many more joining their ranks. This new Third Edition is aligned to cover all of the material in the most current version of the exam’s Common Body of Knowledge. All the domains are covered completely and as concisely as possible, giving you the best possible chance of acing the exam.All new Third Edition updated for the most current version of the exam’s Common Body of KnowledgeThe only guide you need for last-minute studyingAnswers the toughest questions and highlights core topicsStreamlined for maximum efficiency of study – perfect for professionals who are updating their certification or taking the test for the first time

Daugiau informacijos

This third edition of the all-inclusive guide to the CISSP(R) certification exam provides readers with an updated study guide
Author biography xv
Chapter 1 Domain 1: Security Risk Management
1(32)
Introduction
2(1)
Cornerstone Information Security Concepts
3(1)
Confidentiality, Integrity, and Availability
3(1)
Identity and Authentication, Authorization, and Accountability
4(1)
Nonrepudiation
5(1)
Least Privilege and Need to Know
5(1)
Subjects and Objects
5(1)
Defense in Depth
5(1)
Legal and Regulatory Issues
5(1)
Compliance With Laws and Regulations
6(1)
Major Legal Systems
6(1)
Criminal, Civil, and Administrative Law
7(1)
Liability
7(1)
Due Care and Due Diligence
8(1)
Legal Aspects of Investigations
8(1)
Computer Crime
9(1)
Intellectual Property
10(1)
Privacy
11(1)
International Cooperation
12(1)
Import/Export Restrictions
13(1)
Security and Third Parties
13(1)
Service Provider Contractual Security
13(1)
Procurement
14(1)
Vendor Governance
14(1)
Acquisitions
14(1)
Divestitures
14(1)
Ethics
15(1)
The (ISC)2® Code of Ethics
15(1)
Computer Ethics Institute
16(1)
IAB's Ethics and the Internet
16(1)
Information Security Governance
17(1)
Security Policy and Related Documents
17(2)
Personnel Security
19(1)
Access Control Defensive Categories and Types
20(1)
Preventive
21(1)
Detective
21(1)
Corrective
21(1)
Recovery
21(1)
Deterrent
21(1)
Compensating
22(1)
Risk Analysis
22(1)
Assets
22(1)
Threats and Vulnerabilities
22(1)
Risk = Threat X Vulnerability
22(1)
Impact
23(1)
Risk Analysis Matrix
23(1)
Calculating Annualized Loss Expectancy
24(1)
Total Cost of Ownership
25(1)
Return on Investment
25(1)
Budget and Metrics
26(1)
Risk Choices
26(1)
Quantitative and Qualitative Risk Analysis
27(1)
The Risk Management Process
28(1)
Types of Attackers
28(1)
Hackers
28(1)
Outsiders
28(1)
Insiders
29(1)
Bots and BotNets
29(1)
Phishers and Spear Phishers
29(1)
Summary of Exam Objectives
29(1)
Top Five Toughest Questions
30(1)
Answers
31(1)
Endnotes
32(1)
Chapter 2 Domain 2: Asset Security
33(14)
Introduction
34(1)
Classifying Data
34(1)
Labels
34(1)
Clearance
34(1)
Formal Access Approval
35(1)
Need to Know
35(1)
Sensitive Information/Media Security
35(1)
Ownership
36(1)
Business or Mission Owners
36(1)
Data Owners
36(1)
System Owner
36(1)
Custodian
36(1)
Users
36(1)
Data Controllers and Data Processors
37(1)
Data Collection Limitation
37(1)
Memory and Remanence
37(1)
Data Remanence
37(1)
Memory
37(2)
Data Destruction
39(1)
Overwriting
39(1)
Degaussing
40(1)
Destruction
40(1)
Shredding
40(1)
Determining Data Security Controls
40(1)
Certification and Accreditation
40(1)
Standards and Control Frameworks
40(3)
Scoping and Tailoring
43(1)
Protecting Data in Motion and Data at Rest
43(1)
Summary of Exam Objectives
44(1)
Top Five Toughest Questions
44(1)
Answers
45(1)
Endnotes
46(1)
Chapter 3 Domain 3: Security Engineering
47(48)
Introduction
49(1)
Security Models
49(1)
Reading Down and Writing Up
50(1)
Bell-LaPadula Model
50(1)
Lattice-Based Access Controls
50(1)
Integrity Models
50(1)
Chinese Wall Model
51(1)
Access Control Matrix
52(1)
Secure System Design Concepts
52(1)
Layering
52(1)
Abstraction
52(1)
Security Domains
52(1)
The Ring Model
53(1)
Open and Closed Systems
54(1)
Secure Hardware Architecture
54(1)
The System Unit and Motherboard
54(1)
The Computer Bus
54(1)
The CPU
54(2)
Memory Protection
56(2)
Trusted Platform Module
58(1)
Data Execution Prevention and Address Space Layout Randomization
58(1)
Secure Operating System and Software Architecture
58(1)
The Kernel
58(1)
Virtualization and Distributed Computing
59(1)
Virtualization
59(1)
Cloud Computing
59(1)
Grid Computing
60(1)
Large-Scale Parallel Data Systems
60(1)
Peer-to-Peer Networks
61(1)
Thin Clients
61(1)
System Vulnerabilities, Threats, and Countermeasures
61(1)
Covert Channels
61(1)
Backdoors
61(1)
Malicious Code (Malware)
62(1)
Server-Side Attacks
63(1)
Client-Side Attacks
63(1)
Web Architecture and Attacks
63(2)
Database Security
65(1)
Mobile Device Attacks
66(1)
Cornerstone Cryptographic Concepts
66(1)
Key Terms
66(1)
Confidentiality, Integrity, Authentication, and Nonrepudiation
67(1)
Confusion, Diffusion, Substitution, and Permutation
67(1)
Cryptographic Strength
67(1)
Monoalphabetic and Polyalphabetic Ciphers
67(1)
Exclusive OR
68(1)
Data at Rest and Data in Motion
68(1)
Protocol Governance
68(1)
Types of Cryptography
68(1)
Symmetric Encryption
69(3)
Asymmetric Encryption
72(1)
Hash Functions
73(1)
Cryptographic Attacks
74(1)
Brute Force
74(1)
Social Engineering
74(1)
Known Plaintext
74(1)
Chosen Plaintext and Adaptive Chosen Plaintext
75(1)
Chosen Ciphertext and Adaptive Chosen Ciphertext
75(1)
Known Key
75(1)
Differential Cryptanalysis
75(1)
Linear Cryptanalysis
75(1)
Side-Channel Attacks
75(1)
Implementing Cryptography
76(1)
Digital Signatures
76(1)
Public Key Infrastructure
77(1)
SSL and TLS
78(1)
IPsec
78(1)
PGP
79(1)
S/MIME
79(1)
Escrowed Encryption
79(1)
Perimeter Defenses
79(1)
Fences
80(1)
Gates
80(1)
Lights
80(1)
CCTV
80(1)
Locks
81(1)
Smart Cards and Magnetic Stripe Cards
81(1)
Tailgating/Piggybacking
81(1)
Mantraps and Turnstiles
82(1)
Contraband Checks
82(1)
Motion Detectors and Other Perimeter Alarms
82(1)
Doors and Windows
82(1)
Walls, Floors, and Ceilings
83(1)
Guards
83(1)
Dogs
83(1)
Site Selection, Design, and Configuration
83(1)
Site Selection Issues
83(1)
Site Design and Configuration Issues
84(1)
System Defenses
85(1)
Asset Tracking
85(1)
Port Controls
85(1)
Environmental Controls
85(1)
Electricity
85(1)
Heating, Ventilation, and Air Conditioning
86(1)
Heat, Flame, and Smoke Detectors
87(1)
Personnel Safety, Training, and Awareness
87(1)
ABCDK Fires and Suppression
88(1)
Types of Fire Suppression Agents
88(3)
Summary of Exam Objectives
91(1)
Top Five Toughest Questions
91(1)
Answers
92(1)
Endnotes
93(2)
Chapter 4 Domain 4: Communication and Network Security
95(22)
Introduction
95(1)
Network Architecture and Design
96(1)
Fundamental Network Concepts
96(1)
The OSI Model
97(2)
The TCP/IP Model
99(2)
Application-Layer TCP/IP Protocols and Concepts
101(2)
LAN Technologies and Protocols
103(1)
WAN Technologies and Protocols
103(1)
Converged Protocols
104(1)
Software-Defined Networks
105(1)
Wireless Local-Area Networks
105(2)
RFID
107(1)
Secure Network Devices and Protocols
107(1)
Repeaters and Hubs
108(1)
Bridges
108(1)
Switches
108(1)
Routers
109(1)
Firewalls
109(2)
Modem
111(1)
Secure Communications
111(1)
Authentication Protocols and Frameworks
111(1)
VPN
112(1)
Remote Access
112(3)
Summary of Exam Objectives
115(1)
Top Five Toughest Questions
115(1)
Answers
116(1)
Endnote
116(1)
Chapter 5 Domain 5: Identity and Access Management (controlling access and managing identity)
117(18)
Introduction
117(1)
Authentication Methods
118(1)
Type 1 Authentication: Something You Know
118(2)
Type 2 Authentication: Something You Have
120(1)
Type 3 Authentication: Something You Are
120(4)
Someplace You Are
124(1)
Access Control Technologies
124(1)
Centralized Access Control
125(1)
Decentralized Access Control
125(1)
Single Sign-On
125(1)
User Entitlement, Access Review, and Audit
125(1)
Federated Identity Management
126(1)
Identity as a Service
126(1)
LDAP
127(1)
Kerberos
127(1)
SESAME
128(1)
Access Control Protocols and Frameworks
128(2)
Access Control Models
130(1)
Discretionary Access Controls
130(1)
Mandatory Access Controls
130(1)
Nondiscretionary Access Control
130(1)
Rule-Based Access Controls
131(1)
Content-Dependent and Context-Dependent Access Controls
131(1)
Summary of Exam Objectives
131(1)
Top Five Toughest Questions
132(1)
Answers
133(1)
Endnotes
133(2)
Chapter 6 Domain 6: Security Assessment and Testing
135(10)
Introduction
135(1)
Assessing Access Control
136(1)
Penetration Testing
136(1)
Vulnerability Testing
137(1)
Security Audits
138(1)
Security Assessments
138(1)
Log Reviews
138(1)
Software Testing Methods
138(1)
Static and Dynamic Testing
139(1)
Traceability Matrix
139(1)
Synthetic Transactions
140(1)
Software Testing Levels
140(1)
Fuzzing
140(1)
Combinatorial Software Testing
140(1)
Misuse Case Testing
141(1)
Test Coverage Analysis
141(1)
Interface Testing
141(1)
Summary of Exam Objectives
141(1)
Top Five Toughest Questions
142(1)
Answers
143(1)
Endnote
144(1)
Chapter 7 Domain 7: Security Operations
145(40)
Introduction
146(1)
Administrative Security
146(1)
Administrative Personnel Controls
146(2)
Forensics
148(1)
Forensic Media Analysis
148(1)
Network Forensics
149(1)
Embedded Device Forensics
149(1)
Electronic Discovery (eDiscovery)
149(1)
Incident Response Management
150(1)
Methodology
150(3)
Root-Cause Analysis
153(1)
Operational Preventive and Detective Controls
153(1)
Intrusion Detection Systems and Intrusion Prevention Systems
153(2)
Security Information and Event Management
155(1)
Data Loss Prevention
155(1)
Endpoint Security
156(1)
Asset Management
157(1)
Configuration Management
157(1)
Change Management
157(1)
Continuity of Operations
158(1)
Service Level Agreements
158(1)
Fault Tolerance
158(4)
BCP and DRP overview and process
162(1)
Business Continuity Planning
162(1)
Disaster Recovery Planning
163(1)
Relationship Between BCP and DRP
163(1)
Disasters or Disruptive Events
164(1)
The Disaster Recovery Process
165(1)
Developing a BCP/DRP
166(1)
Project Initiation
166(1)
Assessing the Critical State
167(1)
Conduct BIA
167(2)
Identify Preventive Controls
169(1)
Recovery Strategy
169(2)
Related Plans
171(2)
Call Trees
173(1)
Emergency Operations Center
173(1)
Backups and Availability
173(1)
Hardcopy Data
174(1)
Electronic Backups
174(2)
DRP Testing, Training, and Awareness
176(1)
DRP Testing
176(2)
Continued BCP/DRP Maintenance
178(1)
Change Management
178(1)
BCP/DRP Mistakes
179(1)
Specific BCP/DRP Frameworks
179(1)
NIST SP 800-34
179(1)
ISO/IEC-27031
179(1)
BS-25999 and ISO 22301
180(1)
BCI
180(1)
Summary of Exam Objectives
181(1)
Top Five Toughest Questions
181(1)
Answers
182(1)
Endnotes
183(2)
Chapter 8 Domain 8: Software Development Security
185(22)
Introduction
186(1)
Programming Concepts
186(1)
Machine Code, Source Code, and Assemblers
186(1)
Compilers, Interpreters, and Bytecode
187(1)
Computer-Aided Software Engineering
187(1)
Types of Publicly Released Software
187(1)
Application Development Methods
188(1)
Waterfall Model
188(1)
Sashimi Model
188(1)
Agile Software Development
189(1)
Spiral
190(1)
Rapid Application Development
190(1)
SDLC
191(1)
Integrated Product Teams
192(1)
Software Escrow
192(1)
Code Repository Security
192(1)
Security of Application Programming Interfaces
193(1)
Software Change and Configuration Management
193(1)
DevOps
193(1)
Databases
194(1)
Relational Databases
194(2)
Database Normalization
196(1)
Database Views
196(1)
Database Query Languages
196(1)
Hierarchical Databases
196(1)
Object-Oriented Databases
197(1)
Database Integrity
197(1)
Database Replication and Shadowing
197(1)
Data Warehousing and Data Mining
197(1)
Object-Oriented Programming
198(1)
Cornerstone Object-Oriented Programming Concepts
198(2)
Object Request Brokers
200(1)
Assessing the Effectiveness of Software Security
200(1)
Software Vulnerabilities
200(2)
Disclosure
202(1)
Software Capability Maturity Model
202(1)
Acceptance Testing
202(1)
Commercial Off-the-Shelf Software
203(1)
Custom-Developed Third-Party Products
203(1)
Summary of Exam Objectives
204(1)
Top Five Toughest Questions
204(1)
Answers
205(1)
Endnotes
205(2)
Index 207
Joshua Feldman (CISSP) is Senior Vice President for Security Technology at the Radian Group a real estate and mortgage insurance conglomerate. His mission is focused on protecting over 10M US consumer financial records. He is the executive responsible for all aspects of Radians technical security program. Previous security roles included work at Moodys Credit Ratings, Corning Inc, and the US Department of Defense and Department of State.

In 2008, Joshua was Eric's student when studying for the CISSP exam and was so impressed with Erics mastery of the materials that he invited Eric to work with him at the DoD. Quickly after starting work, Eric invited Seth. That project ran successfully for over eight years a testament to the value brought for US military cyber professionals.

Joshua got his start in the cyber security field when he left his public-school science teaching position in 1997 and began working for Network Flight Recorder (NFR, Inc.), a small Washington, DC based startup making the first generation of Network Intrusion Detection Systems. He has a Bachelors of Science from the University of Maryland and a Masters in Cyber Operations from National Defense University. He currently resides in Philadelphia with his little dog, Jacky-boy. Seth Misenar (CISSP®, GSE, GDSA, GDAT, GMON, GCDA, GCIH, GCIA, GCFA) is a Fellow with the SANS Institute and also serves as Principal Consultant for Jackson, Mississippi-based Context Security, LLC. His cyber security background includes research, host-based and network intrusion detection, architecture design, and general security consulting. Seth previously served as a physical and network security consultant for Fortune 100 companies and a state government agencys HIPAA and information security officer. He has partnered with the SANS Institute for over 15 years, teaching and authoring courseware and facilitating instructor development. Seth is pursuing a Master of Science degree in Information Security Engineering from the SANS Technology Institute and holds a Bachelor of Science degree from Millsaps College. Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GMON, GISP), is a SANS fellow and Chief Technology Officer of Backshore Communications, which provides threat hunting, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He is coauthor of MGT414: SANS Training Program for the CISSP Certification, SEC511: Continuous Monitoring and Security Operations, and SEC542: Web App Penetration Testing and Ethical Hacking. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering.
Daugiau apie elektronines knygas Daugiau apie elektronines knygas
Pastovi nuoroda: https://www.kriso.lt/db/97801281137766e.html
Raktažodžiai: