(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide
CISSP Study Guide - fully updated for the 2018 CISSP Body of Knowledge CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions. Along with the book, you also get access to Sybex's superior online interactive learning environment that includes: Six unique 150 question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam. More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam Coverage of all of the exam topics in the book means you'll be ready for: Security and Risk Management Asset Security Security Engineering Communication and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security
Introduction xxxiii Assessment Test xlii Chapter 1 Security Governance Through Principles and Policies 1 Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2 Evaluate and Apply Security Governance Principles 14 Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 26 Understand and Apply Threat Modeling Concepts and Methodologies 30 Apply Risk-Based Management Concepts to the Supply Chain 38 Summary 40 Exam Essentials 42 Written Lab 44 Review Questions 45 Chapter 2 Personnel Security and Risk Management Concepts 49 Personnel Security Policies and Procedures 51 Security Governance 62 Understand and Apply Risk Management Concepts 63 Establish and Maintain a Security Awareness, Education, and Training Program 86 Manage the Security Function 87 Summary 88 Exam Essentials 89 Written Lab 92 Review Questions 93 Chapter 3 Business Continuity Planning 97 Planning for Business Continuity 98 Project Scope and Planning 99 Business Impact Assessment 105 Continuity Planning 111 Plan Approval and Implementation 114 Summary 119 Exam Essentials 119 Written Lab 120 Review Questions 121 Chapter 4 Laws, Regulations, and Compliance 125 Categories of Laws 126 Laws 129 Compliance 149 Contracting and Procurement 150 Summary 151 Exam Essentials 152 Written Lab 153 Review Questions 154 Chapter 5 Protecting Security of Assets 159 Identify and Classify Assets 160 Determining Ownership 178 Using Security Baselines 186 Summary 187 Exam Essentials 188 Written Lab 189 Review Questions 190 Chapter 6 Cryptography and Symmetric Key Algorithms 195 Historical Milestones in Cryptography 196 Cryptographic Basics 198 Modern Cryptography 214 Symmetric Cryptography 219 Cryptographic Lifecycle 228 Summary 229 Exam Essentials 229 Written Lab 231 Review Questions 232 Chapter 7 PKI and Cryptographic Applications 237 Asymmetric Cryptography 238 Hash Functions 242 Digital Signatures 246 Public Key Infrastructure 249 Asymmetric Key Management 253 Applied Cryptography 254 Cryptographic Attacks 265 Summary 268 Exam Essentials 269 Written Lab 270 Review Questions 271 Chapter 8 Principles of Security Models, Design, and Capabilities 275 Implement and Manage Engineering Processes Using Secure Design Principles 276 Understand the Fundamental Concepts of Security Models 281 Select Controls Based On Systems Security Requirements 295 Understand Security Capabilities of Information Systems 309 Summary 311 Exam Essentials 312 Written Lab 313 Review Questions 314 Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 319 Assess and Mitigate Security Vulnerabilities 320 Client-Based Systems 342 Server-Based Systems 346 Database Systems Security 347 Distributed Systems and Endpoint Security 350 Internet of Things 358 Industrial Control Systems 359 Assess and Mitigate Vulnerabilities in Web-Based Systems 360 Assess and Mitigate Vulnerabilities in Mobile Systems 365 Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems 375 Essential Security Protection Mechanisms 379 Common Architecture Flaws and Security Issues 384 Summary 390 Exam Essentials 391 Written Lab 394 Review Questions 395 Chapter 10 Physical Security Requirements 399 Apply Security Principles to Site and Facility Design 400 Implement Site and Facility Security Controls 403 Implement and Manage Physical Security 422 Summary 431 Exam Essentials 432 Written Lab 434 Review Questions 435 Chapter 11 Secure Network Architecture and Securing Network Components 439 OSI Model 440 TCP/IP Model 451 Converged Protocols 470 Wireless Networks 472 Secure Network Components 486 Cabling, Wireless, Topology, Communications, and Transmission Media Technology 495 Summary 513 Exam Essentials 514 Written Lab 516 Review Questions 517 Chapter 12 Secure Communications and Network Attacks 521 Network and Protocol Security Mechanisms 522 Secure Voice Communications 525 Multimedia Collaboration 529 Manage Email Security 530 Remote Access Security Management 536 Virtual Private Network 540 Virtualization 546 Network Address Translation 549 Switching Technologies 553 WAN Technologies 556 Miscellaneous Security Control Characteristics 561 Security Boundaries 563 Prevent or Mitigate Network Attacks 564 Summary 569 Exam Essentials 571 Written Lab 573 Review Questions 574 Chapter 13 Managing Identity and Authentication 579 Controlling Access to Assets 580 Comparing Identification and Authentication 584 Implementing Identity Management 602 Managing the Identity and Access Provisioning Lifecycle 611 Summary 614 Exam Essentials 615 Written Lab 617 Review Questions 618 Chapter 14 Controlling and Monitoring Access 623 Comparing Access Control Models 624 Understanding Access Control Attacks 635 Summary 653 Exam Essentials 654 Written Lab 656 Review Questions 657 Chapter 15 Security Assessment and Testing 661 Building a Security Assessment and Testing Program 662 Performing Vulnerability Assessments 668 Testing Your Software 681 Implementing Security Management Processes 688 Summary 690 Exam Essentials 691 Written Lab 692 Review Questions 693 Chapter 16 Managing Security Operations 697 Applying Security Operations Concepts 698 Securely Provisioning Resources 710 Managing Configuration 718 Managing Change 719 Managing Patches and Reducing Vulnerabilities 723 Summary 728 Exam Essentials 729 Written Lab 731 Review Questions 732 Chapter 17 Preventing and Responding to Incidents 737 Managing Incident Response 738 Implementing Detective and Preventive Measures 745 Logging, Monitoring, and Auditing 773 Summary 790 Exam Essentials 792 Written Lab 795 Review Questions 796 Chapter 18 Disaster Recovery Planning 801 The Nature of Disaster 802 Understand System Resilience and Fault Tolerance 812 Recovery Strategy 818 Recovery Plan Development 827 Training, Awareness, and Documentation 835 Testing and Maintenance 836 Summary 838 Exam Essentials 838 Written Lab 839 Review Questions 840 Chapter 19 Investigations and Ethics 845 Investigations 846 Major Categories of Computer Crime 857 Ethics 861 Summary 864 Exam Essentials 864 Written Lab 865 Review Questions 866 Chapter 20 Software Development Security 871 Introducing Systems Development Controls 872 Establishing Databases and Data Warehousing 895 Storing Data and Information 904 Understanding Knowledge-Based Systems 906 Summary 909 Exam Essentials 909 Written Lab 910 Review Questions 911 Chapter 21 Malicious Code and Application Attacks 915 Malicious Code 916 Password Attacks 929 Application Attacks 933 Web Application Security 935 Reconnaissance Attacks 940 Masquerading Attacks 941 Summary 942 Exam Essentials 943 Written Lab 944 Review Questions 945 Appendix A Answers to Review Questions 949 Chapter 1: Security Governance Through Principles and Policies 950 Chapter 2: Personnel Security and Risk Management Concepts 951 Chapter 3: Business Continuity Planning 952 Chapter 4: Laws, Regulations, and Compliance 954 Chapter 5: Protecting Security of Assets 956 Chapter 6: Cryptography and Symmetric Key Algorithms 958 Chapter 7: PKI and Cryptographic Applications 960 Chapter 8: Principles of Security Models, Design, and Capabilities 961 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 963 Chapter 10: Physical Security Requirements 965 Chapter 11: Secure Network Architecture and Securing Network Components 966 Chapter 12: Secure Communications and Network Attacks 968 Chapter 13: Managing Identity and Authentication 969 Chapter 14: Controlling and Monitoring Access 971 Chapter 15: Security Assessment and Testing 973 Chapter 16: Managing Security Operations 975 Chapter 17: Preventing and Responding to Incidents 977 Chapter 18: Disaster Recovery Planning 980 Chapter 19: Investigations and Ethics 981 Chapter 20: Software Development Security 983 Chapter 21: Malicious Code and Application Attacks 984 Appendix B Answers to Written Labs 987 Chapter 1: Security Governance Through Principles and Policies 988 Chapter 2: Personnel Security and Risk Management Concepts 988 Chapter 3: Business Continuity Planning 989 Chapter 4: Laws, Regulations, and Compliance 990 Chapter 5: Protecting Security of Assets 991 Chapter 6: Cryptography and Symmetric Key Algorithms 991 Chapter 7: PKI and Cryptographic Applications 992 Chapter 8: Principles of Security Models, Design, and Capabilities 992 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 993 Chapter 10: Physical Security Requirements 994 Chapter 11: Secure Network Architecture and Securing Network Components 994 Chapter 12: Secure Communications and Network Attacks 995 Chapter 13: Managing Identity and Authentication 996 Chapter 14: Controlling and Monitoring Access 996 Chapter 15: Security Assessment and Testing 997 Chapter 16: Managing Security Operations 997 Chapter 17: Preventing and Responding to Incidents 998 Chapter 18: Disaster Recovery Planning 999 Chapter 19: Investigations and Ethics 999 Chapter 20: Software Development Security 1000 Chapter 21: Malicious Code and Application Attacks 1000 Index 1001
ABOUT THE AUTHORS Mike Chapple, PhD, CISSP, Security+, CISA, CySA+ is Associate Teaching Professor of IT, Analytics and Operations at the University of Notre Dame. He is a leading expert on cybersecurity certification and runs CertMike.com. James Michael Stewart, CISSP, CEH, ECSA, CHFI, Security+, Network+, has focused on security, certification, networking, and various operating systems for more than 25 years. He teaches numerous job skill and certification focused courses. He has authored or coauthored more than 75 books. Darril Gibson, CISSP, Security+, CASP, is CEO of YCDA, LLC. He regularly writes and consults on a variety of technical and security topics, and has authored or coauthored more than 35 books.
Covers all of the 2018 updated exam objectives, including Asset Security, Software Development Security, Security Operations, and much more... Includes interactive online learning environment and study tools with: More than 1,300 practice questions More than 700 electronic flashcards Searchable key term glossary Your Complete Guide to Preparing for the CISSP Certification, Updated for the CISSP 2018 Exam The (ISC)2 CISSP Official Study Guide, 8th Edition is your one-stop resource for complete coverage of the 2018 CISSP exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to superior content including, assessment tests that check exam readiness, objective map, real-world scenarios, hands-on exercises, key topic exam essentials, and challenging chapter review questions. Reinforce what you have learned with the exclusive Sybex online learning environment and test bank, assessable across multiple devices. Get prepared for the CISSP exam with Sybex. Coverage of all exam objectives in this Study Guide means you'll be ready for: Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security Interactive learning environment Take your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/cissptestprep, register to receive your unique PIN, and instantly gain one year of FREE access to: Interactive test bank with 6 bonus practice exams, each with 150 questions. Practice exams help you identify areas where further review is needed. Get more than 90% of the answers correct, and you're ready to take the certification exam. More than 700 electronic flashcards to reinforce learning and last minute prep before the exam. Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared. ABOUT THE CISSP CERTIFICATION The CISSP is the most globally recognized certification in the information security market. This vendor neutral certification validates an information security professional's deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization (ISC)2 is a global nonprofit organization that maintains the Common Body of Knowledge for information security professionals. Candidates must have experience, subscribe to the (ISC)2 Code of Ethics, and maintain continuing education requirements or recertify every three years. Visit www.isc2.org to learn more.
NeuheitenProblem that Affect the Developemen... 14,99 €
Peter Pan 12,99 €
Monday or Tuesday 9,99 €
How to Become a Star 10,49 €
Hypnose: Jugendliche Kraft und Energie 9,99 €