(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.

The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully pass the CISSP exam. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:

Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.
More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
New for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare.

Coverage of all of the exam topics in the book means you'll be ready for:

Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security

Autorentext
ABOUT THE AUTHORS Mike Chapple, PhD, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame's Mendoza College of Business. He is a cybersecurity professional and educator with over 25 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com. James Michael Stewart, CISSP, CEH, CHFI, ECSA, CND, ECIH, CySA+, PenTest+, CASP+, Security+, Network+, A+, CISM, and CFR, has been writing and training for more than 25 years, with a current focus on security. He has been writing and teaching CISSP materials since 2002. He is the author of and contributor to more than 75 books on security certifications. Darril Gibson, CISSP, Security+, CASP, is the CEO of YCDA (short for You Can Do Anything), and he has authored or coauthored more than 40 books. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications.

Klappentext

CISSP Study Guide - fully updated for the 2021 CISSP Body of Knowledge (ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions. The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully pass the CISSP exam. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs. Along with the book, you also get access to Sybex's superior online interactive learning environment that includes: Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam. More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam New for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare. Coverage of all of the exam topics in the book means you'll be ready for: Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management (IAM) Security Assessment and Testing Security Operations Software Development Security

Inhalt
Introduction xxxvii Assessment Test lix Chapter 1 Security Governance Through Principles and Policies 1 Security 101 3 Understand and Apply Security Concepts 4 Confidentiality 5 Integrity 6 Availability 7 DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7 Protection Mechanisms 11 Security Boundaries 13 Evaluate and Apply Security Governance Principles 14 Third-Party Governance 15 Documentation Review 15 Manage the Security Function 16 Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17 Organizational Processes 19 Organizational Roles and Responsibilities 21 Security Control Frameworks 22 Due Diligence and Due Care 23 Security Policy, Standards, Procedures, and Guidelines 23 Security Policies 24 Security Standards, Baselines, and Guidelines 24 Security Procedures 25 Threat Modeling 26 Identifying Threats 26 Determining and Diagramming Potential Attacks 28 Performing Reduction Analysis 28 Prioritization and Response 30 Supply Chain Risk Management 31 Summary 33 Exam Essentials 33 Written Lab 36 Review Questions 37 Chapter 2 Personnel Security and Risk Management Concepts 43 Personnel Security Policies and Procedures 45 Job Descriptions and Responsibilities 45 Candidate Screening and Hiring 46 Onboarding: Employment Agreements and Policies 47 Employee Oversight 48 Offboarding, Transfers, and Termination Processes 49 Vendor, Consultant, and Contractor Agreements and Controls 52 Compliance Policy Requirements 53 Privacy Policy Requirements 54 Understand and Apply Risk Management Concepts 55 Risk Terminology and Concepts 56 Asset Valuation 58 Identify Threats and Vulnerabilities 60 Risk Assessment/Analysis 60 Risk Responses 66 Cost vs. Benefit of Security Controls 69 Countermeasure Selection and Implementation 72 Applicable Types of Controls 74 Security Control Assessment 76 Monitoring and Measurement 76 Risk Reporting and Documentation 77 Continuous Improvement 77 Risk Frameworks 79 Social Engineering 81 Social Engineering Principles 83 Eliciting Information 85 Prepending 85 Phishing 85 Spear Phishing 87 Whaling 87 Smishing 88 Vishing 88 Spam 89 Shoulder Surfing 90 Invoice Scams 90 Hoax 90 Imperson…