TIENE EN SU CESTA DE LA COMPRA
en total 0,00 €
CISSP Study Guide - fully updated for the 2015 CISSP Body of Knowledge
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition has been completely updated for the latest 2015 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You´ll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you´ve learned with key topic exam essentials and chapter review questions.
Along with the book, you also get access to Sybex´s superior online interactive learning environment that includes:
Four unique 250 question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you´re ready to take the certification exam.
More than 1,000 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
Coverage of all of the exam topics in the book means you´ll be ready for:
Security and Risk Management
Asset Security
Security Engineering
Communication and Network Security
Identity and Access Management
Security Assessment and Testing
Security Operations
Software Development Security
Table of Contents
Introduction xxxiii
Assessment Test xlii
Chapter 1 Security Governance Through Principles and Policies 1
Understand and Apply Concepts of Confidentiality, Integrity, and Availability 3
Confidentiality 4
Integrity 5
Availability 6
Other Security Concepts 8
Protection Mechanisms 12
Layering 12
Abstraction 12
Data Hiding 13
Encryption 13
Apply Security Governance Principles 13
Alignment of Security Function to Strategy, Goals, Mission, and Objectives 14
Organizational Processes 16
Security Roles and Responsibilities 22
Control Frameworks 23
Due Care and Due Diligence 24
Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines 25
Security Policies 25
Security Standards, Baselines, and Guidelines 26
Security Procedures 27
Understand and Apply Threat Modeling 28
Identifying Threats 30
Determining and Diagramming Potential Attacks 32
Performing Reduction Analysis 33
Prioritization and Response 34
Integrate Security Risk Considerations into Acquisition Strategy and Practice 35
Summary 36
Exam Essentials 38
Written Lab 41
Review Questions 42
Chapter 2 Personnel Security and Risk Management Concepts 47
Contribute to Personnel Security Policies 49
Employment Candidate Screening 52
Employment Agreements and Policies 53
Employment Termination Processes 54
Vendor, Consultant, and Contractor Controls 56
Compliance 57
Privacy 57
Security Governance 59
Understand and Apply Risk Management Concepts 60
Risk Terminology 61
Identify Threats and Vulnerabilities 63
Risk Assessment/Analysis 64
Risk Assignment/Acceptance 72
Countermeasure Selection and Assessment 73
Implementation 74
Types of Controls 75
Monitoring and Measurement 76
Asset Valuation 77
Continuous Improvement 78
Risk Frameworks 78
Establish and Manage Information Security Education, Training, and Awareness 81
Manage the Security Function 82
Summary 83
Exam Essentials 84
Written Lab 88
Review Questions 89
Chapter 3 Business Continuity Planning 93
Planning for Business Continuity 94
Project Scope and Planning 95
Business Organization Analysis 96
BCP Team Selection 96
Resource Requirements 98
Legal and Regulatory Requirements 100
Business Impact Assessment 101
Identify Priorities 101
Risk Identification 102
Likelihood Assessment 104
Impact Assessment 104
Resource Prioritization 106
Continuity Planning 107
Strategy Development 107
Provisions and Processes 108
Plan Approval 109
Plan Implementation 110
Training and Education 110
BCP Documentation 110
Continuity Planning Goals 111
Statement of Importance 111
Statement of Priorities 111
Statement of Organizational Responsibility 111
Statement of Urgency and Timing 112
Risk Assessment 112
Risk Acceptance/Mitigation 112
Vital Records Program 113
Emergency-Response Guidelines 113
Maintenance 114
Testing and Exercises 114
Summary 114
Exam Essentials 115
Written Lab 117
Review Questions 118
Chapter 4 Laws, Regulations, and Compliance 123
Categories of Laws 124
Criminal Law 124
Civil Law 126
Administrative Law 126
Laws 127
Computer Crime 127
Intellectual Property 132
Licensing 138
Import/Export 139
Privacy 139
Compliance 146
Contracting and Procurement 147
Summary 148
Exam Essentials 149
Written Lab 151
Review Questions 152
Chapter 5 Protecting Security of Assets 157
Classifying and Labeling Assets 158
Defining Sensitive Data 158
Defining Classifications 160
Defining Data Security Requirements 163
Understanding Data States 164
Managing Sensitive Data 165
Protecting Confidentiality with Cryptography 172
Identifying Data Roles 174
Data Owners 174
System Owners 175
Business/Mission Owners 176
Data Processors 176
Administrators 177
Custodians 178
Users 178
Protecting Privacy 178
Using Security Baselines 179
Scoping and Tailoring 180
Selecting Standards 180
Summary 181
Exam Essentials 182
Written Lab 183
Review Questions 184
Chapter 6 Cryptography and Symmetric Key Algorithms 189
Historical Milestones in Cryptography 190
Caesar Cipher 190
American Civil War 191
Ultra vs. Enigma 192
Cryptographic Basics 192
Goals of Cryptography 192
Cryptography Concepts 194
Cryptographic Mathematics 196
Ciphers 201
Modern Cryptography 208
Cryptographic Keys 208
Symmetric Key Algorithms 209
Asymmetric Key Algorithms 210
Hashing Algorithms 213
Symmetric Cryptography 214
Data Encryption Standard 214
Triple DES 216
International Data Encryption Algorithm 217
Blowfish 217
Skipjack 217
Advanced Encryption Standard 218
Symmetric Key Management 219
Cryptographic Life Cycle 222
Summary 222
Exam Essentials 223
Written Lab 225
Review Questions 226
Chapter 7 PKI and Cryptographic Applications 231
Asymmetric Cryptography 232
Public and Private Keys 232
RSA 233
El Gamal 235
Elliptic Curve 235
Hash Functions 236
SHA 237
MD2 238
MD4 238
MD5 239
Digital Signatures 240
HMAC 241
Digital Signature Standard 242
Public Key Infrastructure 242
Certificates 243
Certificate Authorities 243
Certificate Generation and Destruction 245
Asymmetric Key Management 246
Applied Cryptography 247
Portable Devices 247