Atnaujinkite slapukų nuostatas

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle 2nd edition [Minkštas viršelis]

4.48/5 (96 ratings by Goodreads)
(University of Notre Dame), , (Lan Wrights, Inc., Austin, Texas),
  • Formatas: Paperback / softback, 1616 pages, aukštis x plotis x storis: 234x185x86 mm, weight: 2404 g
  • Išleidimo metai: 10-Aug-2018
  • Leidėjas: Sybex Inc.,U.S.
  • ISBN-10: 1119523265
  • ISBN-13: 9781119523260
Kitos knygos pagal šią temą:
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle 2nd editionDidesnis paveikslėlis
  • Formatas: Paperback / softback, 1616 pages, aukštis x plotis x storis: 234x185x86 mm, weight: 2404 g
  • Išleidimo metai: 10-Aug-2018
  • Leidėjas: Sybex Inc.,U.S.
  • ISBN-10: 1119523265
  • ISBN-13: 9781119523260
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9781119523260.html
Raktažodžiai:
NOTE: The CISSP objectives the books in this set covered were issued in 2018. For coverage of the most recent CISSP objectives effective in April 2021, please look for the latest edition of this set: (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle, 3rd Edition (ISBN: 9781119790020).

This value-packed packed set for the serious CISSP certification candidate combines the bestselling (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide, 8th Edition with an all new collection of Practice Exams to give you the best preparation ever for the high-stakes CISSP Exam.

(ISC)² CISSP Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes four unique 250 question practice exams to help you identify where you need to study more, more than 650 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam, a searchable glossary in PDF to give you instant access to the key terms you need to know for the exam.

Add to that the all-new (ISC)² CISSP Certified Information Systems Security Professional Official Practice Tests, 2nd edition with 2 more complete 250-question exams and another 100 questions for each of the 8 domains and you'll be as ready as you can be for the CISSP exam.

Coverage of all of the exam topics in each book means you'll be ready for:





Security and Risk Management Asset Security Security Engineering Communication and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security
Certified Information Systems Security Professional: Official Study Guide
Introduction
xxxiii
Assessment Test
xlii
Chapter 1 Security Governance Through Principles and Policies
1(48)
Understand and Apply Concepts of Confidentiality, Integrity, and Availability
2(12)
Confidentiality
3(1)
Integrity
4(2)
Availability
6(2)
Other Security Concepts
8(4)
Protection Mechanisms
12(1)
Layering
12(1)
Abstraction
13(1)
Data Hiding
13(1)
Encryption
14(1)
Evaluate and Apply Security Governance Principles
14(12)
Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives
15(2)
Organizational Processes
17(6)
Organizational Roles and Responsibilities
23(2)
Security Control Frameworks
25(1)
Due Care and Due Diligence
26(1)
Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
26(4)
Security Policies
26(2)
Security Standards, Baselines, and Guidelines
28(1)
Security Procedures
28(2)
Understand and Apply Threat Modeling Concepts and Methodologies
30(8)
Identifying Threats
31(4)
Determining and Diagramming Potential Attacks
35(1)
Performing Reduction Analysis
36(1)
Prioritization and Response
37(1)
Apply Risk-Based Management Concepts to the Supply Chain
38(2)
Summary
40(2)
Exam Essentials
42(2)
Written Lab
44(1)
Review Questions
45(4)
Chapter 2 Personnel Security and Risk Management Concepts
49(48)
Personnel Security Policies and Procedures
51(11)
Candidate Screening and Hiring
55(1)
Employment Agreements and Policies
55(2)
Onboarding and Termination Processes
57(3)
Vendor, Consultant, and Contractor Agreements and Controls
60(1)
Compliance Policy Requirements
60(1)
Privacy Policy Requirements
61(1)
Security Governance
62(1)
Understand and Apply Risk Management Concepts
63(23)
Risk Terminology
64(3)
Identify Threats and Vulnerabilities
67(1)
Risk Assessment/Analysis
68(8)
Risk Responses
76(1)
Countermeasure Selection and Implementation
77(2)
Applicable Types of Controls
79(2)
Security Control Assessment
81(1)
Monitoring and Measurement
81(1)
Asset Valuation and Reporting
82(1)
Continuous Improvement
83(1)
Risk Frameworks
83(3)
Establish and Maintain a Security Awareness, Education, and Training Program
86(1)
Manage the Security Function
87(1)
Summary
88(1)
Exam Essentials
89(3)
Written Lab
92(1)
Review Questions
93(4)
Chapter 3 Business Continuity Planning
97(28)
Planning for Business Continuity
98(1)
Project Scope and Planning
99(6)
Business Organization Analysis
100(1)
BCP Team Selection
101(2)
Resource Requirements
103(1)
Legal and Regulatory Requirements
104(1)
Business Impact Assessment
105(6)
Identify Priorities
106(1)
Risk Identification
107(1)
Likelihood Assessment
108(2)
Impact Assessment
110(1)
Resource Prioritization
111(1)
Continuity Planning
111(3)
Strategy Development
112(1)
Provisions and Processes
112(2)
Plan Approval and Implementation
114(5)
Plan Approval
114(1)
Plan Implementation
114(1)
Training and Education
115(1)
BCP Documentation
115(4)
Summary
119(1)
Exam Essentials
119(1)
Written Lab
120(1)
Review Questions
121(4)
Chapter 4 Laws, Regulations, and Compliance
125(34)
Categories of Laws
126(3)
Criminal Law
126(2)
Civil Law
128(1)
Administrative Law
128(1)
Laws
129(20)
Computer Crime
129(5)
Intellectual Property
134(5)
Licensing
139(1)
Import/Export
140(1)
Privacy
141(8)
Compliance
149(1)
Contracting and Procurement
150(1)
Summary
151(1)
Exam Essentials
152(1)
Written Lab
153(1)
Review Questions
154(5)
Chapter 5 Protecting Security of Assets
159(36)
Identify and Classify Assets
160(18)
Defining Sensitive Data
160(2)
Defining Data Classifications
162(3)
Defining Asset Classifications
165(1)
Determining Data Security Controls
165(3)
Understanding Data States
168(1)
Handling Information and Assets
169(7)
Data Protection Methods
176(2)
Determining Ownership
178(8)
Data Owners
179(1)
Asset Owners
179(1)
Business/Mission Owners
180(1)
Data Processors
181(3)
Administrators
184(1)
Custodians
184(1)
Users
185(1)
Protecting Privacy
185(1)
Using Security Baselines
186(1)
Scoping and Tailoring
187(1)
Selecting Standards
187(1)
Summary
187(1)
Exam Essentials
188(1)
Written Lab
189(1)
Review Questions
190(5)
Chapter 6 Cryptography and Symmetric Key Algorithms
195(42)
Historical Milestones in Cryptography
196(2)
Caesar Cipher
196(1)
American Civil War
197(1)
Ultra vs. Enigma
198(1)
Cryptographic Basics
198(16)
Goals of Cryptography
198(2)
Cryptography Concepts
200(2)
Cryptographic Mathematics
202(5)
Ciphers
207(7)
Modern Cryptography
214(5)
Cryptographic Keys
214(1)
Symmetric Key Algorithms
215(1)
Asymmetric Key Algorithms
216(3)
Hashing Algorithms
219(1)
Symmetric Cryptography
219(9)
Data Encryption Standard
220(2)
Triple DES
222(1)
International Data Encryption Algorithm
223(1)
Blowfish
223(1)
Skipjack
223(1)
Advanced Encryption Standard
224(2)
Symmetric Key Management
226(2)
Cryptographic Lifecycle
228(1)
Summary
229(1)
Exam Essentials
229(2)
Written Lab
231(1)
Review Questions
232(5)
Chapter 7 PKI and Cryptographic Applications
237(38)
Asymmetric Cryptography
238(4)
Public and Private Keys
238(1)
RSA
239(2)
El Gamal
241(1)
Elliptic Curve
242(1)
Hash Functions
242(4)
SHA
244(1)
MD2
244(1)
MD4
245(1)
MD5
245(1)
Digital Signatures
246(3)
HMAC
247(1)
Digital Signature Standard
248(1)
Public Key Infrastructure
249(4)
Certificates
249(1)
Certificate Authorities
250(1)
Certificate Generation and Destruction
251(2)
Asymmetric Key Management
253(1)
Applied Cryptography
254(11)
Portable Devices
254(1)
Email
255(1)
Web Applications
256(3)
Digital Rights Management
259(3)
Networking
262(3)
Cryptographic Attacks
265(3)
Summary
268(1)
Exam Essentials
269(1)
Written Lab
270(1)
Review Questions
271(4)
Chapter 8 Principles of Security Models, Design, and Capabilities
275(44)
Implement and Manage Engineering Processes Using Secure Design Principles
276(5)
Objects and Subjects
277(1)
Closed and Open Systems
277(2)
Techniques for Ensuring Confidentiality, Integrity, and Availability
279(1)
Controls
280(1)
Trust and Assurance
281(1)
Understand the Fundamental Concepts of Security Models
281(14)
Trusted Computing Base
282(2)
State Machine Model
284(1)
Information Flow Model
285(1)
Noninterference Model
285(1)
Take-Grant Model
286(1)
Access Control Matrix
286(2)
Bell-LaPadula Model
288(2)
Biba Model
290(2)
Clark-Wilson Model
292(1)
Brewer and Nash Model (aka Chinese Wall)
293(1)
Goguen-Meseguer Model
294(1)
Sutherland Model
294(1)
Graham-Denning Model
294(1)
Select Controls Based On Systems Security Requirements
295(14)
Rainbow Series
296(5)
ITSEC Classes and Required Assurance and Functionality
301(1)
Common Criteria
302(3)
Industry and International Security Implementation Guidelines
305(1)
Certification and Accreditation
306(3)
Understand Security Capabilities of Information Systems
309(2)
Memory Protection
309(1)
Virtualization
310(1)
Trusted Platform Module
310(1)
Interfaces
311(1)
Fault Tolerance
311(1)
Summary
311(1)
Exam Essentials
312(1)
Written Lab
313(1)
Review Questions
314(5)
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures
319(80)
Assess and Mitigate Security Vulnerabilities
320(22)
Hardware
321(20)
Firmware
341(1)
Client-Based Systems
342(4)
Applets
342(2)
Local Caches
344(2)
Server-Based Systems
346(1)
Database Systems Security
347(3)
Aggregation
347(1)
Inference
348(1)
Data Mining and Data Warehousing
348(1)
Data Analytics
349(1)
Large-Scale Parallel Data Systems
350(8)
Distributed Systems and Endpoint Security
350(3)
Cloud-Based Systems and Cloud Computing
353(4)
Grid Computing
357(1)
Peer to Peer
358(1)
Internet of Things
358(1)
Industrial Control Systems
359(1)
Assess and Mitigate Vulnerabilities in Web-Based Systems
360(5)
Assess and Mitigate Vulnerabilities in Mobile Systems
365(10)
Device Security
366(4)
Application Security
370(2)
BYOD Concerns
372(3)
Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
375(4)
Examples of Embedded and Static Systems
376(1)
Methods of Securing Embedded and Static Systems
377(2)
Essential Security Protection Mechanisms
379(5)
Technical Mechanisms
380(3)
Security Policy and Computer Architecture
383(1)
Policy Mechanisms
383(1)
Common Architecture Flaws and Security Issues
384(6)
Covert Channels
385(1)
Attacks Based on Design or Coding Flaws and Security Issues
385(3)
Programming
388(1)
Timing, State Changes, and Communication Disconnects
389(1)
Technology and Process Integration
389(1)
Electromagnetic Radiation
389(1)
Summary
390(1)
Exam Essentials
391(3)
Written Lab
394(1)
Review Questions
395(4)
Chapter 10 Physical Security Requirements
399(40)
Apply Security Principles to Site and Facility Design
400(3)
Secure Facility Plan
401(1)
Site Selection
401(1)
Visibility
402(1)
Natural Disasters
402(1)
Facility Design
402(1)
Implement Site and Facility Security Controls
403(19)
Equipment Failure
404(1)
Wiring Closets
405(2)
Server Rooms/Data Centers
407(5)
Media Storage Facilities
412(1)
Evidence Storage
413(1)
Restricted and Work Area Security
413(1)
Utilities and HVAC Considerations
414(3)
Fire Prevention, Detection, and Suppression
417(5)
Implement and Manage Physical Security
422(9)
Perimeter Security Controls
422(3)
Internal Security Controls
425(6)
Summary
431(1)
Exam Essentials
432(2)
Written Lab
434(1)
Review Questions
435(4)
Chapter 11 Secure Network Architecture and Securing Network Components
439(82)
OSI Model
440(11)
History of the OSI Model
441(1)
OSI Functionality
441(1)
Encapsulation/Deencapsulation
442(2)
OSI Layers
444(7)
TCP/IP Model
451(19)
TCP/IP Protocol Suite Overview
452(18)
Converged Protocols
470(2)
Content Distribution Networks
472(1)
Wireless Networks
472(14)
Securing Wireless Access Points
473(2)
Securing the SSID
475(1)
Conducting a Site Survey
476(1)
Using Secure Encryption Protocols
476(3)
Determining Antenna Placement
479(1)
Antenna Types
480(1)
Adjusting Power Level Controls
480(1)
WPS
481(1)
Using Captive Portals
481(1)
General Wi-Fi Security Procedure
481(1)
Wireless Attacks
482(4)
Secure Network Components
486(9)
Network Access Control
487(1)
Firewalls
487(4)
Endpoint Security
491(1)
Secure Operation of Hardware
492(3)
Cabling, Wireless, Topology, Communications, and Transmission Media Technology
495(18)
Transmission Media
496(4)
Network Topologies
500(3)
Wireless Communications and Security
503(6)
LAN Technologies
509(4)
Summary
513(1)
Exam Essentials
514(2)
Written Lab
516(1)
Review Questions
517(4)
Chapter 12 Secure Communications and Network Attacks
521(58)
Network and Protocol Security Mechanisms
522(3)
Secure Communications Protocols
523(1)
Authentication Protocols
524(1)
Secure Voice Communications
525(4)
Voice over Internet Protocol (VoIP)
525(1)
Social Engineering
526(1)
Fraud and Abuse
527(2)
Multimedia Collaboration
529(1)
Remote Meeting
529(1)
Instant Messaging
530(1)
Manage Email Security
530(6)
Email Security Goals
531(1)
Understand Email Security Issues
532(1)
Email Security Solutions
533(3)
Remote Access Security Management
536(4)
Plan Remote Access Security
538(1)
Dial-Up Protocols
539(1)
Centralized Remote Authentication Services
540(1)
Virtual Private Network
540(6)
Tunneling
541(1)
How VPNs Work
542(1)
Common VPN Protocols
543(2)
Virtual LAN
545(1)
Virtualization
546(3)
Virtual Software
547(1)
Virtual Networking
548(1)
Network Address Translation
549(4)
Private IP Addresses
550(1)
Stateful NAT
551(1)
Static and Dynamic NAT
552(1)
Automatic Private IP Addressing
552(1)
Switching Technologies
553(3)
Circuit Switching
554(1)
Packet Switching
554(1)
Virtual Circuits
555(1)
WAN Technologies
556(5)
WAN Connection Technologies
558(3)
Dial-Up Encapsulation Protocols
561(1)
Miscellaneous Security Control Characteristics
561(2)
Transparency
561(1)
Verify Integrity
562(1)
Transmission Mechanisms
562(1)
Security Boundaries
563(1)
Prevent or Mitigate Network Attacks
564(5)
DoS and DDoS
564(1)
Eavesdropping
565(1)
Impersonation/Masquerading
566(1)
Replay Attacks
567(1)
Modification Attacks
567(1)
Address Resolution Protocol Spoofing
567(1)
DNS Poisoning, Spoofing, and Hijacking
568(1)
Hyperlink Spoofing
568(1)
Summary
569(2)
Exam Essentials
571(2)
Written Lab
573(1)
Review Questions
574(5)
Chapter 13 Managing Identity and Authentication
579(44)
Controlling Access to Assets
580(4)
Comparing Subjects and Objects
581(1)
The CIA Triad and Access Controls
581(1)
Types of Access Control
582(2)
Comparing Identification and Authentication
584(18)
Registration and Proofing of Identity
585(1)
Authorization and Accountability
586(1)
Authentication Factors
587(1)
Passwords
588(4)
Smartcards and Tokens
592(3)
Biometrics
595(4)
Multifactor Authentication
599(1)
Device Authentication
600(1)
Service Authentication
601(1)
Implementing Identity Management
602(9)
Single Sign-On
602(5)
Credential Management Systems
607(1)
Integrating Identity Services
608(1)
Managing Sessions
608(1)
AAA Protocols
609(2)
Managing the Identity and Access Provisioning Lifecycle
611(3)
Provisioning
611(1)
Account Review
612(1)
Account Revocation
613(1)
Summary
614(1)
Exam Essentials
615(2)
Written Lab
617(1)
Review Questions
618(5)
Chapter 14 Controlling and Monitoring Access
623(38)
Comparing Access Control Models
624(11)
Comparing Permissions, Rights, and Privileges
624(1)
Understanding Authorization Mechanisms
625(1)
Defining Requirements with a Security Policy
626(1)
Implementing Defense in Depth
627(1)
Summarizing Access Control Models
628(1)
Discretionary Access Controls
629(1)
Nondiscretionary Access Controls
630(5)
Understanding Access Control Attacks
635(17)
Risk Elements
636(1)
Identifying Assets
637(1)
Identifying Threats
638(2)
Identifying Vulnerabilities
640(1)
Common Access Control Attacks
641(11)
Summary of Protection Methods
652(1)
Summary
653(1)
Exam Essentials
654(2)
Written Lab
656(1)
Review Questions
657(4)
Chapter 15 Security Assessment and Testing
661(36)
Building a Security Assessment and Testing Program
662(6)
Security Testing
662(2)
Security Assessments
664(1)
Security Audits
665(3)
Performing Vulnerability Assessments
668(13)
Describing Vulnerabilities
668(1)
Vulnerability Scans
668(11)
Penetration Testing
679(2)
Testing Your Software
681(7)
Code Review and Testing
682(4)
Interface Testing
686(1)
Misuse Case Testing
686(1)
Test Coverage Analysis
686(1)
Website Monitoring
687(1)
Implementing Security Management Processes
688(2)
Log Reviews
688(1)
Account Management
689(1)
Backup Verification
689(1)
Key Performance and Risk Indicators
690(1)
Summary
690(1)
Exam Essentials
691(1)
Written Lab
692(1)
Review Questions
693(4)
Chapter 16 Managing Security Operations
697(40)
Applying Security Operations Concepts
698(12)
Need-to-Know and Least Privilege
698(2)
Separation of Duties and Responsibilities
700(3)
Job Rotation
703(1)
Mandatory Vacations
703(1)
Privileged Account Management
704(2)
Managing the Information Lifecycle
706(1)
Service-Level Agreements
707(1)
Addressing Personnel Safety and Security
708(2)
Securely Provisioning Resources
710(8)
Managing Hardware and Software Assets
710(1)
Protecting Physical Assets
711(1)
Managing Virtual Assets
712(1)
Managing Cloud-Based Assets
713(1)
Media Management
714(4)
Managing Configuration
718(1)
Baselining
718(1)
Using Images for Baselining
718(1)
Managing Change
719(4)
Security Impact Analysis
721(1)
Versioning
722(1)
Configuration Documentation
723(1)
Managing Patches and Reducing Vulnerabilities
723(5)
Systems to Manage
723(1)
Patch Management
724(1)
Vulnerability Management
725(3)
Common Vulnerabilities and Exposures
728(1)
Summary
728(1)
Exam Essentials
729(2)
Written Lab
731(1)
Review Questions
732(5)
Chapter 17 Preventing and Responding to Incidents
737(64)
Managing Incident Response
738(7)
Defining an Incident
738(1)
Incident Response Steps
739(6)
Implementing Detective and Preventive Measures
745(28)
Basic Preventive Measures
745(1)
Understanding Attacks
746(10)
Intrusion Detection and Prevention Systems
756(7)
Specific Preventive Measures
763(10)
Logging, Monitoring, and Auditing
773(17)
Logging and Monitoring
773(8)
Egress Monitoring
781(2)
Auditing to Assess Effectiveness
783(4)
Security Audits and Reviews
787(1)
Reporting Audit Results
788(2)
Summary
790(2)
Exam Essentials
792(3)
Written Lab
795(1)
Review Questions
796(5)
Chapter 18 Disaster Recovery Planning
801(44)
The Nature of Disaster
802(10)
Natural Disasters
803(4)
Man-Made Disasters
807(5)
Understand System Resilience and Fault Tolerance
812(6)
Protecting Hard Drives
813(1)
Protecting Servers
814(1)
Protecting Power Sources
815(1)
Trusted Recovery
816(1)
Quality of Service
817(1)
Recovery Strategy
818(9)
Business Unit and Functional Priorities
818(1)
Crisis Management
819(1)
Emergency Communications
820(1)
Workgroup Recovery
820(1)
Alternate Processing Sites
820(5)
Mutual Assistance Agreements
825(1)
Database Recovery
825(2)
Recovery Plan Development
827(8)
Emergency Response
828(1)
Personnel and Communications
828(1)
Assessment
829(1)
Backups and Offsite Storage
829(4)
Software Escrow Arrangements
833(1)
External Communications
833(1)
Utilities
834(1)
Logistics and Supplies
834(1)
Recovery vs. Restoration
834(1)
Training, Awareness, and Documentation
835(1)
Testing and Maintenance
836(2)
Read-Through Test
836(1)
Structured Walk-Through
837(1)
Simulation Test
837(1)
Parallel Test
837(1)
Full-Interruption Test
837(1)
Maintenance
837(1)
Summary
838(1)
Exam Essentials
838(1)
Written Lab
839(1)
Review Questions
840(5)
Chapter 19 Investigations and Ethics
845(26)
Investigations
846(11)
Investigation Types
846(3)
Evidence
849(4)
Investigation Process
853(4)
Major Categories of Computer Crime
857(4)
Military and Intelligence Attacks
857(1)
Business Attacks
858(1)
Financial Attacks
859(1)
Terrorist Attacks
859(1)
Grudge Attacks
859(2)
Thrill Attacks
861(1)
Ethics
861(3)
(ISC)2 Code of Ethics
862(1)
Ethics and the Internet
862(2)
Summary
864(1)
Exam Essentials
864(1)
Written Lab
865(1)
Review Questions
866(5)
Chapter 20 Software Development Security
871(44)
Introducing Systems Development Controls
872(23)
Software Development
872(6)
Systems Development Lifecycle
878(3)
Lifecycle Models
881(6)
Gantt Charts and PERT
887(1)
Change and Configuration Management
888(1)
The DevOps Approach
889(1)
Application Programming Interfaces
890(1)
Software Testing
891(2)
Code Repositories
893(1)
Service-Level Agreements
894(1)
Software Acquisition
894(1)
Establishing Databases and Data Warehousing
895(9)
Database Management System Architecture
896(3)
Database Transactions
899(2)
Security for Multilevel Databases
901(2)
Open Database Connectivity
903(1)
NoSQL
904(1)
Storing Data and Information
904(2)
Types of Storage
905(1)
Storage Threats
905(1)
Understanding Knowledge-Based Systems
906(3)
Expert Systems
907(1)
Machine Learning
908(1)
Neural Networks
908(1)
Security Applications
909(1)
Summary
909(1)
Exam Essentials
909(1)
Written Lab
910(1)
Review Questions
911(4)
Chapter 21 Malicious Code and Application Attacks
915(34)
Malicious Code
916(13)
Sources of Malicious Code
916(1)
Viruses
917(6)
Logic Bombs
923(1)
Trojan Horses
924(1)
Worms
925(3)
Spyware and Adware
928(1)
Zero-Day Attacks
928(1)
Password Attacks
929(4)
Password Guessing
929(1)
Dictionary Attacks
930(1)
Social Engineering
931(1)
Countermeasures
932(1)
Application Attacks
933(2)
Buffer Overflows
933(1)
Time of Check to Time of Use
934(1)
Back Doors
934(1)
Escalation of Privilege and Rootkits
935(1)
Web Application Security
935(5)
Cross-Site Scripting
935(1)
Cross-Site Request Forgery
936(1)
SQL Injection
937(3)
Reconnaissance Attacks
940(1)
IP Probes
940(1)
Port Scans
940(1)
Vulnerability Scans
941(1)
Masquerading Attacks
941(1)
IP Spoofing
942(1)
Session Hijacking
942(1)
Summary
942(1)
Exam Essentials
943(1)
Written Lab
944(1)
Review Questions
945(4)
Appendix A Answers to Review Questions
949(38)
Chapter 1 Security Governance Through Principles and Policies
950(1)
Chapter 2 Personnel Security and Risk Management Concepts
951(1)
Chapter 3 Business Continuity Planning
952(2)
Chapter 4 Laws, Regulations, and Compliance
954(2)
Chapter 5 Protecting Security of Assets
956(2)
Chapter 6 Cryptography and Symmetric Key Algorithms
958(2)
Chapter 7 PKI and Cryptographic Applications
960(1)
Chapter 8 Principles of Security Models, Design, and Capabilities
961(2)
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures
963(2)
Chapter 10 Physical Security Requirements
965(1)
Chapter 11 Secure Network Architecture and Securing Network Components
966(2)
Chapter 12 Secure Communications and Network Attacks
968(1)
Chapter 13 Managing Identity and Authentication
969(2)
Chapter 14 Controlling and Monitoring Access
971(2)
Chapter 15 Security Assessment and Testing
973(2)
Chapter 16 Managing Security Operations
975(2)
Chapter 17 Preventing and Responding to Incidents
977(3)
Chapter 18 Disaster Recovery Planning
980(1)
Chapter 19 Investigations and Ethics
981(2)
Chapter 20 Software Development Security
983(1)
Chapter 21 Malicious Code and Application Attacks
984(3)
Appendix B Answers to Written Labs
987(14)
Chapter 1 Security Governance Through Principles and Policies
988(1)
Chapter 2 Personnel Security and Risk Management Concepts
988(1)
Chapter 3 Business Continuity Planning
989(1)
Chapter 4 Laws, Regulations, and Compliance
990(1)
Chapter 5 Protecting Security of Assets
991(1)
Chapter 6 Cryptography and Symmetric Key Algorithms
991(1)
Chapter 7 PKI and Cryptographic Applications
992(1)
Chapter 8 Principles of Security Models, Design, and Capabilities
992(1)
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures
993(1)
Chapter 10 Physical Security Requirements
994(1)
Chapter 11 Secure Network Architecture and Securing Network Components
994(1)
Chapter 12 Secure Communications and Network Attacks
995(1)
Chapter 13 Managing Identity and Authentication
996(1)
Chapter 14 Controlling and Monitoring Access
996(1)
Chapter 15 Security Assessment and Testing
997(1)
Chapter 16 Managing Security Operations
997(1)
Chapter 17 Preventing and Responding to Incidents
998(1)
Chapter 18 Disaster Recovery Planning
999(1)
Chapter 19 Investigations and Ethics
999(1)
Chapter 20 Software Development Security
1000(1)
Chapter 21 Malicious Code and Application Attacks
1000(1)
Index
1001
Certified Information Systems Security Professional: Official Practice Tests
Introduction
xvii
Chapter 1 Security and Risk Management (Domain 1)
1(26)
Chapter 2 Asset Security (Domain 2)
27(24)
Chapter 3 Security Architecture and Engineering (Domain 3)
51(28)
Chapter 4 Communication and Network Security (Domain 4)
79(24)
Chapter 5 Identity and Access Management (Domain 5)
103(24)
Chapter 6 Security Assessment and Testing (Domain 6)
127(24)
Chapter 7 Security Operations (Domain 7)
151(24)
Chapter 8 Software Development Security (Domain 8)
175(26)
Chapter 9 Practice Test 1
201(30)
Chapter 10 Practice Test 2
231(28)
Chapter 11 Practice Test 3
259(28)
Chapter 12 Practice Test 4
287(30)
Appendix Answers
317(142)
Chapter 1 Security and Risk Management (Domain 1)
318(9)
Chapter 2 Asset Security (Domain 2)
327(11)
Chapter 3 Security Architecture and Engineering (Domain 3)
338(9)
Chapter 4 Communication and Network Security (Domain 4)
347(11)
Chapter 5 Identity and Access Management (Domain 5)
358(11)
Chapter 6 Security Assessment and Testing (Domain 6)
369(12)
Chapter 7 Security Operations (Domain 7)
381(12)
Chapter 8 Software Development Security (Domain 8)
393(11)
Chapter 9 Practice Test 1
404(14)
Chapter 10 Practice Test 2
418(13)
Chapter 11 Practice Test 3
431(14)
Chapter 12 Practice Test 4
445(14)
Index
459
9781433154300
Contributors xi
Foreword xvii
R. Albert Mohler Jr
Preface xxi
Ayman S. Ibrahim
Ant Greenham
Part I
1 The Patriarch and the Insider Movement: Debating Timothy I, Muhammad, and the Qur'an
3(78)
Brent Neely
Part II
2 Building a Missiological Foundation: Modality and Sodality
81(24)
Bill Nikides
3 Why the Church Cannot Accept Muhammad as a Prophet
105(18)
James Walker
4 Muslim Followers of Jesus, Muhammad and the Qur'an
123(16)
Harley Talman
5 Who Makes the Qur'an Valid and Valuable for Insiders? Critical Reflections on Harley Talman's Views on the Qur'an
139(20)
Ayman S. Ibrahim
6 Biblical Salvation in Islam? The Pitfalls of Using the Qur'an as a Bridge to the Gospel
159(20)
Al Fadi
7 Insider Movements: Sociologically and Theologically Incoherent
179(30)
Joshua Fletcher
8 The Biblical Basis for Insider Movements: Asking the Right Question, in the Right Way
209(18)
Kevin Higgins
9 The New Testament Record: No Sign of Zeus Insiders, Artemis Insiders, or Unknown-God Insiders
227(20)
Fred Farrokh
10 Communal Solidarity versus Brotherhood in the New Testament
247(18)
Ant Greenham
11 Messianic Judaism and Deliverance from the Two Covenants of Islam
265(18)
Mark Durie
12 Word Games in Asici Minor
283(16)
Duane Alexander Miller
13 "Son Of God" In Muslim Idiom Translations Of Scripture
299(28)
Donald Lowe
14 Tawbid: Implications for Discipleship in the Muslim Context
327(18)
Mike Kuhn
15 A Practical Look at Discipleship and the Qur'an
345(20)
M. Barrett Fisher
Part III
16 Essential Inside Information on the Insider Movement
365(10)
Paige Patterson
17 A Response to Insider Movement Methodology
375(12)
M. David Sills
18 Silver Bullets, Ducks, and the Gospel Ministry: Should We Seek One Best Solution for Winning People to Christ?
387(8)
George H. Martin
19 Radical Discipleship and Faithful Witness
395(2)
Timothy K. Beougher
20 Watching the Insider Movement Unfold
397(12)
Georges Houssney
21 The Great Commission and the Greatest Commandment
409(4)
James Cha
22 Opening the Door: Moving from the Qur'an to New Testament Anointing
413(2)
Don McCurry
23 The Insider Movement: Is This What Christ Requires?
415(8)
Carol B. Ghattas
24 Our Believing Community Is a Cultural Insider but Theological Outsider (CITO)
423(8)
Abu Jaz
25 Question Marks on Contextualization!
431(4)
Weam Iskander
26 A BMB's Identity Is in Christ, Not Islam
435(2)
Ahmad Abdo
27 Let Their Voice Be Heard
437(2)
Azar Ajaj
28 A Former Muslim Comments on the Insider Movement
439(2)
Ali Boualou
29 The Insider Movement and Iranian Muslims
441(6)
Mohammad Sanavi
30 A Disturbing Field Report
447(4)
Richard Morgan
31 The Insider Movement and Life in a Local Body of Believers: An Impossible Union from the Start
451(4)
Daniel L. Akin
Epilogue: Force Majeure: Ethics and Encounters in an Era of Extreme Contextualization
455(46)
David Harriman
Appendix: Do Muslim Idiom Translations Islamize the Bible? A Glimpse behind the Veil
501(24)
Adam Simnowitz
Index 525
James Michael Stewart, CISSP, CEH, CHFI, and Security+ has been working with technology for nearly thirty years. His work focuses on security, certification, and various operating systems. Recently, Michael has been teaching job skill and certification courses, such as CISSP, ethical hacking/penetration testing, computer forensics, and Security+. He is the author of numerous publications, books, and courseware.

Mike Chapple Ph.D., CISSP, is Senior Director for IT Service Delivery at Notre Dame overseeing information security, data governance, IT architecture, project management, strategic planning and product management functions and teaches undergraduate courses on Information Security. Mike spent 4 years in the information security research group at NSA and served as an  intelligence officer in the U.S. Air Force. He is a technical editor for Information Security Magazine and has written several books.

Darril Gibson is the CEO of YCDA, LLC and regularly writes and consults on a wide variety of technical and security topics and holds numerous certifications including MCSE, MCDBA, MCSD, MCITP, ITIL v3, Security+, and CISSP. He has authored or coauthored more than 30 books.

David Seidl CISSP, GPEN, GCIH is the Senior Director for Campus Technology Services at the University of Notre Dame. As the Senior Director for CTS, David is responsible for central platform and operating system support, database administration and services, identity and access management, application services, and email and digital signage. During his 18 year IT career, he has served in a variety of technical and information security roles including leading Notre Dame's information security team as Notre Dame's Director of Information Security. He currently teaches a popular course on networking and security for Notre Dame's Mendoza College of Business.