(ISC)² CISSP Certified Information Systems Security Professional Official Study Guide

NOTE: The CISSP objectives this book covered were issued in 2018. For coverage of the most recent CISSP objectives effective in April 2021, please look for the latest edition of this guide: (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition (ISBN: 9781119786238).

CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:

• Six unique 150 question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.

• More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam

• A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam

Coverage of all of the exam topics in the book means you'll be ready for:

• Security and Risk Management

• Asset Security

• Security Engineering

• Communication and Network Security

• Identity and Access Management

• Security Assessment and Testing

• Security Operations

• Software Development Security

Auteur

ABOUT THE AUTHORS Mike Chapple, PhD, CISSP, Security+, CISA, CySA+ is Associate Teaching Professor of IT, Analytics and Operations at the University of Notre Dame. He is a leading expert on cybersecurity certification and runs CertMike.com. James Michael Stewart, CISSP, CEH, ECSA, CHFI, Security+, Network+, has focused on security, certification, networking, and various operating systems for more than 25 years. He teaches numerous job skill and certification focused courses. He has authored or coauthored more than 75 books. Darril Gibson, CISSP, Security+, CASP, is CEO of YCDA, LLC. He regularly writes and consults on a variety of technical and security topics, and has authored or coauthored more than 35 books.

Texte du rabat
Covers all of the 2018 updated exam objectives, including Asset Security, Software Development Security, Security Operations, and much more... Includes interactive online learning environment and study tools with:

• More than 1,300 practice questions
• More than 700 electronic flashcards

• Searchable key term glossary Your Complete Guide to Preparing for the CISSP Certification, Updated for the CISSP 2018 Exam The (ISC)2 CISSP Official Study Guide, 8th Edition is your one-stop resource for complete coverage of the 2018 CISSP exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to superior content including, assessment tests that check exam readiness, objective map, real-world scenarios, hands-on exercises, key topic exam essentials, and challenging chapter review questions. Reinforce what you have learned with the exclusive Sybex online learning environment and test bank, assessable across multiple devices. Get prepared for the CISSP exam with Sybex. Coverage of all exam objectives in this Study Guide means you'll be ready for:

• Security and Risk Management
• Asset Security
• Security Architecture and Engineering
• Communication and Network Security
• Identity and Access Management
• Security Assessment and Testing
• Security Operations

• Software Development Security Interactive learning environment Take your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/cissptestprep, register to receive your unique PIN, and instantly gain one year of FREE access to:

• Interactive test bank with 6 bonus practice exams, each with 150 questions. Practice exams help you identify areas where further review is needed. Get more than 90% of the answers correct, and you're ready to take the certification exam.
• More than 700 electronic flashcards to reinforce learning and last minute prep before the exam.
• Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared. ABOUT THE CISSP CERTIFICATION The CISSP is the most globally recognized certification in the information security market. This vendor neutral certification validates an information security professional's deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization (ISC)2 is a global nonprofit organization that maintains the Common Body of Knowledge for information security professionals. Candidates must have experience, subscribe to the (ISC)2 Code of Ethics, and maintain continuing education requirements or recertify every three years. Visit www.isc2.org to learn more.

Contenu
Introduction xxxiii

Assessment Test xlii

Chapter 1 Security Governance Through Principles and Policies 1

Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2

Evaluate and Apply Security Governance Principles 14

Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 26

Understand and Apply Threat Modeling Concepts and Methodologies 30

Apply Risk-Based Management Concepts to the Supply Chain 38

Summary 40

Exam Essentials 42

Written Lab 44

Review Questions 45

Chapter 2 Personnel Security and Risk Management Concepts 49

Personnel Security Policies and Procedures 51

Security Governance 62

Understand and Apply Risk Management Concepts 63

Establish and Maintain a Security Awareness, Education, and Training Program 86

Manage the Security Function 87

Summary 88

Exam Essentials 89

Written Lab 92

Review Questions 93

Chapter 3 Business Continuity Planning 97

Planning for Business Continuity 98

Project Scope and Planning 99

Business Impact Assessment 105

Continuity Planning 111

Plan Approval and Implementation 114

Summary 119

Exam Essentials 119

Written Lab 120

Review Questions 121

Chapter 4 Laws, Regulations, and Compliance 125

Categories of Laws 126

Laws 129

Compliance 149

Contracting and Procurement 150

Summary 151

Exam Essentials 152

Written Lab 153

Review Questions 154

Chapter 5 Protecting Security of Assets 159

Identify and Classify Assets 160

Determining Ownership 178

Using Security Baselines 186

Summary 187

Exam Essentials 188

Written Lab 189

Review Questions 190

Chapter 6 Cryptography and Symmetric Key Algorithms 195

Historical Milestones in Cryptography 196

Cryptographic Basics 198

Modern Cryptography 214

Symmetric Cryptography 219

Cryptographic Lifecycle 228

Summary 229

Exam Essentials 229

Written Lab 231

Review Questions 232

Chapter 7 PKI and Cryptographic Applications 237

Asymmetric Cryptography 238

Hash Functions 242

Digital Signatures 246

Public Key Infrastructure 249

Asymmetric Key Management 253

Applied Cryptography 254

Cryptographic Attacks 265

Summary 268

Exam Essentials 269

Written Lab 270

Review Questions 271

Chapter 8 Principles of Security Models, Design, and Capabilities 275

Implement and Manage Engineering Processes Using Secure Design Principles 276

Understand the Fundamental Concepts of Security Models 281

Select Controls Based On Systems Security R…