ISC2 CISSP Certified Information Systems Security Professional Official Study Guide / Mike Chapple, James Michael Stewart, and Darril Gibson.

Format:

Book

Author/Creator:

Chapple, Mike, 1975- author.

Stewart, James Michael, author.

Gibson, Darril, author.

Series:

SYBIDI document.

Sybex Study Guide Series

Language:

English

Subjects (All):

Computer networks--Security measures.

Computer networks.

Physical Description:

1 online resource (1251 pages)

Edition:

Tenth edition.

Place of Publication:

Hoboken, New Jersey : John Wiley & Sons, Inc., [2024]

Summary:

CISSP Study Guide - fully updated for the 2024 CISSP Body of Knowledge ISC2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 10th Edition has been completely updated based on the latest 2024 CISSP Detailed Content Outline. This bestselling Sybex Study Guide covers 100% of the CISSP objectives. You'll prepare smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic Study Essentials and chapter review questions. The book's co-authors bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully prove your CISSP mastery. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs. Along with the book, you also get access to Sybex's superior online interactive learning environment that includes: Over 900 practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. More than 1000 Electronic Flashcards to reinforce your learning and give you last-minute test prep A searchable glossary in PDF to give you instant access to the key terms you need to know Audio Review. Author Mike Chapple reads the Study Essentials for each chapter providing you with more than 2 hours of up-to-date audio review for yet another way to reinforce your knowledge as you prepare. Coverage of all of the CISSP topics in the book means you'll be ready for: Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management (IAM) Security Assessment and Testing Security Operations Software Development Security.

Contents:

Cover

Title Page

Copyright Page

Acknowledgments

About the Authors

About the Technical Editors

Contents at a Glance

Contents

Introduction

Overview of the CISSP Exam

The Elements of This Study Guide

Interactive Online Learning Environment and Test Bank

Study Guide Exam Objectives

Objective Map

How to Contact the Publisher

Assessment Test

Answers to Assessment Test

Chapter 1 Security Governance Through Principles and Policies

Security 101

Understand and Apply Security Concepts

Confidentiality

Integrity

Availability

DAD, Overprotection, Authenticity, Nonrepudiation, and AAA Services

Protection Mechanisms

Security Boundaries

Evaluate and Apply Security Governance Principles

Third-Party Governance

Documentation Review

Manage the Security Function

Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives

Organizational Processes

Organizational Roles and Responsibilities

Security Control Frameworks

Due Diligence and Due Care

Security Policy, Standards, Procedures, and Guidelines

Security Policies

Security Standards, Baselines, and Guidelines

Security Procedures

Threat Modeling

Identifying Threats

Determining and Diagramming Potential Attacks

Performing Reduction Analysis

Prioritization and Response

Supply Chain Risk Management

Summary

Study Essentials

Written Lab

Review Questions

Chapter 2 Personnel Security and Risk Management Concepts

Personnel Security Policies and Procedures

Job Descriptions and Responsibilities

Candidate Screening and Hiring

Onboarding: Employment Agreements and Policy-Driven Requirements

Employee Oversight

Offboarding, Transfers, and Termination Processes

Vendor, Consultant, and Contractor Agreements and Controls.

Understand and Apply Risk Management Concepts

Risk Terminology and Concepts

Asset Valuation

Identify Threats and Vulnerabilities

Risk Assessment/Analysis

Risk Responses

Cybersecurity Insurance

Cost vs. Benefit of Security Controls

Countermeasure Selection and Implementation

Applicable Types of Controls

Security Control Assessment

Monitoring and Measurement

Risk Reporting and Documentation

Continuous Improvement

Legacy Risk

Risk Frameworks

Social Engineering

Social Engineering Principles

Eliciting Information

Prepending

Phishing

Spear Phishing

Whaling

Spam

Shoulder Surfing

Invoice Scams

Hoax

Impersonation and Masquerading

Tailgating and Piggybacking

Dumpster Diving

Identity Fraud

Typosquatting

Influence Campaigns

Establish and Maintain a Security Awareness, Education, and Training Program

Awareness

Training

Education

Improvements

Effectiveness Evaluation

Chapter 3 Business Continuity Planning

Planning for Business Continuity

Project Scope and Planning

Organizational Review

BCP Team Selection

Resource Requirements

External Dependencies

Business Impact Analysis

Identifying Priorities

Risk Identification

Likelihood Assessment

Impact Analysis

Resource Prioritization

Continuity Planning

Strategy Development

Provisions and Processes

Plan Approval and Implementation

Plan Approval

Plan Implementation

Communication, Training and Education

BCP Documentation

Chapter 4 Laws, Regulations, and Compliance

Categories of Laws

Criminal Law

Civil Law

Administrative Law

Laws

Computer Crime

Intellectual Property (IP)

Software Licensing.

Import/Export

Privacy

State Privacy Laws

Compliance

Contracting and Procurement

Chapter 5 Protecting Security of Assets

Identifying and Classifying Information and Assets

Defining Sensitive Data

Defining Data Classifications

Defining Asset Classifications

Understanding Data States

Determining Compliance Requirements

Determining Data Security Controls

Establishing Information and Asset Handling Requirements

Data Maintenance

Data Loss Prevention

Labeling Sensitive Data and Assets

Handling Sensitive Information and Assets

Data Collection Limitation

Data Location

Storing Sensitive Data

Data Destruction

Ensuring Appropriate Data and Asset Retention

Data Protection Methods

Digital Rights Management

Cloud Access Security Broker

Pseudonymization

Tokenization

Anonymization

Understanding Data Roles

Data Owners

Data Controllers and Processors

Data Custodians

Users and Subjects

Using Security Baselines

Comparing Tailoring and Scoping

Standards Selection

Chapter 6 Cryptography and Symmetric Key Algorithms

Cryptographic Foundations

Goals of Cryptography

Cryptography Concepts

Cryptographic Mathematics

Ciphers

Modern Cryptography

Cryptographic Keys

Symmetric Key Algorithms

Asymmetric Key Algorithms

Hashing Algorithms

Symmetric Cryptography

Block Cipher Modes of Operation

Data Encryption Standard

Triple DES

International Data Encryption Algorithm

Blowfish

SKIPJACK

Rivest Ciphers

Advanced Encryption Standard

CAST

Comparison of Symmetric Encryption Algorithms

Symmetric Key Management

Cryptographic Life Cycle

Written Lab.

Review Questions

Chapter 7 PKI and Cryptographic Applications

Asymmetric Cryptography

Public and Private Keys

RSA

ElGamal

Elliptic Curve Cryptography

Diffie-Hellman Key Exchange

Quantum Cryptography

Hash Functions

SHA Family

MD5

RIPEMD

Comparison of Hash Function Value Lengths

Digital Signatures

HMAC

Digital Signature Standard

Public Key Infrastructure

Certificates

Certificate Authorities

Certificate Life Cycle

Certificate Formats

Asymmetric Key Management

Hybrid Cryptography

Applied Cryptography

Portable Devices

Email

Web Applications

Steganography and Watermarking

Networking

Emerging Applications

Cryptographic Attacks

Chapter 8 Principles of Security Models, Design, and Capabilities

Secure Design Principles

Objects and Subjects

Closed and Open Systems

Secure Defaults

Fail Securely

Keep It Simple and Small

Zero-Trust

Trust but Verify

Privacy by Design

Secure Access Service Edge (SASE)

Techniques for Ensuring CIA

Confinement

Bounds

Isolation

Access Controls

Trust and Assurance

Understand the Fundamental Concepts of Security Models

Trusted Computing Base

State Machine Model

Information Flow Model

Noninterference Model

Composition Theories

Take-Grant Model

Access Control Matrix

Bell-LaPadula Model

Biba Model

Clark-Wilson Model

Brewer and Nash Model

Select Controls Based on Systems Security Requirements

Common Criteria

Authorization to Operate

Understand Security Capabilities of Information Systems

Memory Protection

Virtualization

Trusted Platform Module (TPM)

Interfaces

Fault Tolerance

Encryption/Decryption

Manage the Information System Life Cycle

Study Essentials.

Written Lab

Chapter 9 Security Vulnerabilities, Threats, and Countermeasures

Shared Responsibility

Data Localization and Data Sovereignty

Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements

Hardware

Firmware

Client-Based Systems

Mobile Code

Local Caches

Server-Based Systems

Large-Scale Parallel Data Systems

Grid Computing

Peer to Peer

Industrial Control Systems

Distributed Systems

High-Performance Computing (HPC) Systems

Real-Time Operating Systems

Internet of Things

Edge and Fog Computing

Embedded Devices and Cyber-Physical Systems

Static Systems

Cyber-Physical Systems

Security Concerns of Embedded and Static Systems

Microservices

Infrastructure as Code

Immutable Architecture

Virtualized Systems

Virtual Software

Virtualized Networking

Software-Defined Everything

Virtualization Security Management

Containerization

Mobile Devices

Mobile Device Security Features

Mobile Device Deployment Policies

Essential Security Protection Mechanisms

Process Isolation

Hardware Segmentation

Root of Trust

System Security Policy

Common Security Architecture Flaws and Issues

Covert Channels

Attacks Based on Design or Coding Flaws

Rootkits

Incremental Attacks

Chapter 10 Physical Security Requirements

Apply Security Principles to Site and Facility Design

Secure Facility Plan

Site Selection

Facility Design

Implement Site and Facility Security Controls

Equipment Failure

Wiring Closets

Server Rooms/Data Centers

Intrusion Detection Systems

Cameras

Access Abuses

Media Storage Facilities

Evidence Storage

Work Area Security

Utility Considerations.

Fire Prevention, Detection, and Suppression.

Notes:

Description based on publisher supplied metadata and other sources.

Description based upon print version of record.

Planning for Business Continuity

Description based on print version record.

Includes bibliographical references and index.

ISBN:

1-394-25470-9

OCLC:

1436831603