Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide
Taschenbuch von Mike Chapple (u. a.)
Sprache: Englisch

60,40 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

auf Lager, Lieferzeit 1-2 Werktage

Kategorien:
Beschreibung
CISSP Study Guide - fully updated for the 2021 CISSP Body of Knowledge

(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.

The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully pass the CISSP exam. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:
* Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.
* More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
* A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
* New for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare.

Coverage of all of the exam topics in the book means you'll be ready for:
* Security and Risk Management
* Asset Security
* Security Architecture and Engineering
* Communication and Network Security
* Identity and Access Management (IAM)
* Security Assessment and Testing
* Security Operations
* Software Development Security
CISSP Study Guide - fully updated for the 2021 CISSP Body of Knowledge

(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.

The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully pass the CISSP exam. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:
* Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.
* More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
* A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
* New for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare.

Coverage of all of the exam topics in the book means you'll be ready for:
* Security and Risk Management
* Asset Security
* Security Architecture and Engineering
* Communication and Network Security
* Identity and Access Management (IAM)
* Security Assessment and Testing
* Security Operations
* Software Development Security
Über den Autor

Mike Chapple, PhD, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame's Mendoza College of Business. He is a cybersecurity professional and educator with over 25 years of experience. Mike provides cybersecurity certification resources at his website, [...].

James Michael Stewart, CISSP, CEH, CHFI, ECSA, CND, ECIH, CySA+, PenTest+, CASP+, Security+, Network+, A+, CISM, and CFR, has been writing and training for more than 25 years, with a current focus on security. He has been writing and teaching CISSP materials since 2002. He is the author of and contributor to more than 75 books on security certifications.

Darril Gibson, CISSP, Security+, CASP, is the CEO of YCDA (short for You Can Do Anything), and he has authored or coauthored more than 40 books. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications.

Inhaltsverzeichnis

Introduction xxxvii

Assessment Test lix

Chapter 1 Security Governance Through Principles and Policies 1

Security 101 3

Understand and Apply Security Concepts 4

Confidentiality 5

Integrity 6

Availability 7

DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7

Protection Mechanisms 11

Security Boundaries 13

Evaluate and Apply Security Governance Principles 14

Third-Party Governance 15

Documentation Review 15

Manage the Security Function 16

Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17

Organizational Processes 19

Organizational Roles and Responsibilities 21

Security Control Frameworks 22

Due Diligence and Due Care 23

Security Policy, Standards, Procedures, and Guidelines 23

Security Policies 24

Security Standards, Baselines, and Guidelines 24

Security Procedures 25

Threat Modeling 26

Identifying Threats 26

Determining and Diagramming Potential Attacks 28

Performing Reduction Analysis 28

Prioritization and Response 30

Supply Chain Risk Management 31

Summary 33

Exam Essentials 33

Written Lab 36

Review Questions 37

Chapter 2 Personnel Security and Risk Management Concepts 43

Personnel Security Policies and Procedures 45

Job Descriptions and Responsibilities 45

Candidate Screening and Hiring 46

Onboarding: Employment Agreements and Policies 47

Employee Oversight 48

Offboarding, Transfers, and Termination Processes 49

Vendor, Consultant, and Contractor Agreements and Controls 52

Compliance Policy Requirements 53

Privacy Policy Requirements 54

Understand and Apply Risk Management Concepts 55

Risk Terminology and Concepts 56

Asset Valuation 58

Identify Threats and Vulnerabilities 60

Risk Assessment/Analysis 60

Risk Responses 66

Cost vs. Benefit of Security Controls 69

Countermeasure Selection and Implementation 72

Applicable Types of Controls 74

Security Control Assessment 76

Monitoring and Measurement 76

Risk Reporting and Documentation 77

Continuous Improvement 77

Risk Frameworks 79

Social Engineering 81

Social Engineering Principles 83

Eliciting Information 85

Prepending 85

Phishing 85

Spear Phishing 87

Whaling 87

Smishing 88

Vishing 88

Spam 89

Shoulder Surfing 90

Invoice Scams 90

Hoax 90

Impersonation and Masquerading 91

Tailgating and Piggybacking 91

Dumpster Diving 92

Identity Fraud 93

Typo Squatting 94

Influence Campaigns 94

Establish and Maintain a Security Awareness, Education, and Training Program 96

Awareness 97

Training 97

Education 98

Improvements 98

Effectiveness Evaluation 99

Summary 100

Exam Essentials 101

Written Lab 106

Review Questions 107

Chapter 3 Business Continuity Planning 113

Planning for Business Continuity 114

Project Scope and Planning 115

Organizational Review 116

BCP Team Selection 117

Resource Requirements 119

Legal and Regulatory Requirements 120

Business Impact Analysis 121

Identifying Priorities 122

Risk Identification 123

Likelihood Assessment 125

Impact Analysis 126

Resource Prioritization 128

Continuity Planning 128

Strategy Development 129

Provisions and Processes 129

Plan Approval and Implementation 131

Plan Approval 131

Plan Implementation 132

Training and Education 132

BCP Documentation 132

Summary 136

Exam Essentials 137

Written Lab 138

Review Questions 139

Chapter 4 Laws, Regulations, and Compliance 143

Categories of Laws 144

Criminal Law 144

Civil Law 146

Administrative Law 146

Laws 147

Computer Crime 147

Intellectual Property (IP) 152

Licensing 158

Import/Export 158

Privacy 160

State Privacy Laws 168

Compliance 169

Contracting and Procurement 171

Summary 171

Exam Essentials 172

Written Lab 173

Review Questions 174

Chapter 5 Protecting Security of Assets 179

Identifying and Classifying Information and Assets 180

Defining Sensitive Data 180

Defining Data Classifications 182

Defining Asset Classifications 185

Understanding Data States 185

Determining Compliance Requirements 186

Determining Data Security Controls 186

Establishing Information and Asset Handling Requirements 188

Data Maintenance 189

Data Loss Prevention 189

Marking Sensitive Data and Assets 190

Handling Sensitive Information and Assets 192

Data Collection Limitation 192

Data Location 193

Storing Sensitive Data 193

Data Destruction 194

Ensuring Appropriate Data and Asset Retention 197

Data Protection Methods 199

Digital Rights Management 199

Cloud Access Security Broker 200

Pseudonymization 200

Tokenization 201

Anonymization 202

Understanding Data Roles 204

Data Owners 204

Asset Owners 205

Business/Mission Owners 206

Data Processors and Data Controllers 206

Data Custodians 207

Administrators 207

Users and Subjects 208

Using Security Baselines 208

Comparing Tailoring and Scoping 209

Standards Selection 210

Summary 211

Exam Essentials 211

Written Lab 213

Review Questions 214

Chapter 6 Cryptography and Symmetric Key Algorithms 219

Cryptographic Foundations 220

Goals of Cryptography 220

Cryptography Concepts 223

Cryptographic Mathematics 224

Ciphers 230

Modern Cryptography 238

Cryptographic Keys 238

Symmetric Key Algorithms 239

Asymmetric Key Algorithms 241

Hashing Algorithms 244

Symmetric Cryptography 244

Cryptographic Modes of Operation 245

Data Encryption Standard 247

Triple DES 247

International Data Encryption Algorithm 248

Blowfish 249

Skipjack 249

Rivest Ciphers 249

Advanced Encryption Standard 250

CAST 250

Comparison of Symmetric Encryption Algorithms 251

Symmetric Key Management 252

Cryptographic Lifecycle 255

Summary 255

Exam Essentials 256

Written Lab 257

Review Questions 258

Chapter 7 PKI and Cryptographic Applications 263

Asymmetric Cryptography 264

Public and Private Keys 264

RSA 265

ElGamal 267

Elliptic Curve 268

Diffie-Hellman Key Exchange 269

Quantum Cryptography 270

Hash Functions 271

SHA 272

MD5 273

RIPEMD 273

Comparison of Hash Algorithm Value Lengths 274

Digital Signatures 275

HMAC 276

Digital Signature Standard 277

Public Key Infrastructure 277

Certificates 278

Certificate Authorities 279

Certificate Lifecycle 280

Certificate Formats 283

Asymmetric Key Management 284

Hybrid Cryptography 285

Applied Cryptography 285

Portable Devices 285

Email 286

Web Applications 290

Steganography and Watermarking 292

Networking 294

Emerging Applications 295

Cryptographic Attacks 297

Summary 301

Exam Essentials 302

Written Lab 303

Review Questions 304

Chapter 8 Principles of Security Models, Design, and Capabilities 309

Secure Design Principles 310

Objects and Subjects 311

Closed and Open Systems 312

Secure Defaults 314

Fail Securely 314

Keep It Simple 316

Zero Trust 317

Privacy by Design 319

Trust but Verify 319

Techniques for Ensuring CIA 320

Confinement 320

Bounds 320

Isolation 321

Access Controls 321

Trust and Assurance 321

Understand the Fundamental Concepts of Security Models 322

Trusted Computing Base 323

State Machine Model 325

Information Flow Model 325

Noninterference Model 326

Take-Grant Model 326

Access Control Matrix 327

Bell-LaPadula Model 328

Biba Model 330

Clark-Wilson Model 333

Brewer and Nash Model 334

Goguen-Meseguer Model 335

Sutherland Model 335

Graham-Denning Model 335

Harrison-Ruzzo-Ullman Model 336

Select Controls Based on Systems Security Requirements 337

Common Criteria 337

Authorization to Operate 340

Understand Security Capabilities of Information Systems 341

Memory Protection 341

Virtualization 342

Trusted Platform Module 342

Interfaces 343

Fault Tolerance 343

Encryption/Decryption 343

Summary 343

Exam Essentials 344

Written Lab 347

Review Questions 348

Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 353

Shared Responsibility 354

Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 355

Hardware 356

Firmware 370

Client-Based Systems 372

Mobile Code 372

Local Caches 375

Server-Based Systems 375

Large-Scale Parallel Data Systems 376

Grid Computing 377

Peer to Peer 378

Industrial Control Systems 378

Distributed Systems 380

High-Performance Computing (HPC) Systems 382

Internet of Things 383

Edge...

Details
Erscheinungsjahr: 2021
Fachbereich: Datenkommunikation, Netze & Mailboxen
Genre: Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Reihe: Sybex Study Guide
Inhalt: 1248 S.
ISBN-13: 9781119786238
ISBN-10: 1119786231
Sprache: Englisch
Herstellernummer: 1W119786230
Einband: Kartoniert / Broschiert
Autor: Chapple, Mike
Stewart, James Michael
Gibson, Darril
Auflage: 9. Auflage
Hersteller: Wiley John + Sons
Sybex
Maße: 236 x 188 x 48 mm
Von/Mit: Mike Chapple (u. a.)
Erscheinungsdatum: 28.06.2021
Gewicht: 1,88 kg
Artikel-ID: 119032491
Über den Autor

Mike Chapple, PhD, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame's Mendoza College of Business. He is a cybersecurity professional and educator with over 25 years of experience. Mike provides cybersecurity certification resources at his website, [...].

James Michael Stewart, CISSP, CEH, CHFI, ECSA, CND, ECIH, CySA+, PenTest+, CASP+, Security+, Network+, A+, CISM, and CFR, has been writing and training for more than 25 years, with a current focus on security. He has been writing and teaching CISSP materials since 2002. He is the author of and contributor to more than 75 books on security certifications.

Darril Gibson, CISSP, Security+, CASP, is the CEO of YCDA (short for You Can Do Anything), and he has authored or coauthored more than 40 books. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications.

Inhaltsverzeichnis

Introduction xxxvii

Assessment Test lix

Chapter 1 Security Governance Through Principles and Policies 1

Security 101 3

Understand and Apply Security Concepts 4

Confidentiality 5

Integrity 6

Availability 7

DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7

Protection Mechanisms 11

Security Boundaries 13

Evaluate and Apply Security Governance Principles 14

Third-Party Governance 15

Documentation Review 15

Manage the Security Function 16

Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17

Organizational Processes 19

Organizational Roles and Responsibilities 21

Security Control Frameworks 22

Due Diligence and Due Care 23

Security Policy, Standards, Procedures, and Guidelines 23

Security Policies 24

Security Standards, Baselines, and Guidelines 24

Security Procedures 25

Threat Modeling 26

Identifying Threats 26

Determining and Diagramming Potential Attacks 28

Performing Reduction Analysis 28

Prioritization and Response 30

Supply Chain Risk Management 31

Summary 33

Exam Essentials 33

Written Lab 36

Review Questions 37

Chapter 2 Personnel Security and Risk Management Concepts 43

Personnel Security Policies and Procedures 45

Job Descriptions and Responsibilities 45

Candidate Screening and Hiring 46

Onboarding: Employment Agreements and Policies 47

Employee Oversight 48

Offboarding, Transfers, and Termination Processes 49

Vendor, Consultant, and Contractor Agreements and Controls 52

Compliance Policy Requirements 53

Privacy Policy Requirements 54

Understand and Apply Risk Management Concepts 55

Risk Terminology and Concepts 56

Asset Valuation 58

Identify Threats and Vulnerabilities 60

Risk Assessment/Analysis 60

Risk Responses 66

Cost vs. Benefit of Security Controls 69

Countermeasure Selection and Implementation 72

Applicable Types of Controls 74

Security Control Assessment 76

Monitoring and Measurement 76

Risk Reporting and Documentation 77

Continuous Improvement 77

Risk Frameworks 79

Social Engineering 81

Social Engineering Principles 83

Eliciting Information 85

Prepending 85

Phishing 85

Spear Phishing 87

Whaling 87

Smishing 88

Vishing 88

Spam 89

Shoulder Surfing 90

Invoice Scams 90

Hoax 90

Impersonation and Masquerading 91

Tailgating and Piggybacking 91

Dumpster Diving 92

Identity Fraud 93

Typo Squatting 94

Influence Campaigns 94

Establish and Maintain a Security Awareness, Education, and Training Program 96

Awareness 97

Training 97

Education 98

Improvements 98

Effectiveness Evaluation 99

Summary 100

Exam Essentials 101

Written Lab 106

Review Questions 107

Chapter 3 Business Continuity Planning 113

Planning for Business Continuity 114

Project Scope and Planning 115

Organizational Review 116

BCP Team Selection 117

Resource Requirements 119

Legal and Regulatory Requirements 120

Business Impact Analysis 121

Identifying Priorities 122

Risk Identification 123

Likelihood Assessment 125

Impact Analysis 126

Resource Prioritization 128

Continuity Planning 128

Strategy Development 129

Provisions and Processes 129

Plan Approval and Implementation 131

Plan Approval 131

Plan Implementation 132

Training and Education 132

BCP Documentation 132

Summary 136

Exam Essentials 137

Written Lab 138

Review Questions 139

Chapter 4 Laws, Regulations, and Compliance 143

Categories of Laws 144

Criminal Law 144

Civil Law 146

Administrative Law 146

Laws 147

Computer Crime 147

Intellectual Property (IP) 152

Licensing 158

Import/Export 158

Privacy 160

State Privacy Laws 168

Compliance 169

Contracting and Procurement 171

Summary 171

Exam Essentials 172

Written Lab 173

Review Questions 174

Chapter 5 Protecting Security of Assets 179

Identifying and Classifying Information and Assets 180

Defining Sensitive Data 180

Defining Data Classifications 182

Defining Asset Classifications 185

Understanding Data States 185

Determining Compliance Requirements 186

Determining Data Security Controls 186

Establishing Information and Asset Handling Requirements 188

Data Maintenance 189

Data Loss Prevention 189

Marking Sensitive Data and Assets 190

Handling Sensitive Information and Assets 192

Data Collection Limitation 192

Data Location 193

Storing Sensitive Data 193

Data Destruction 194

Ensuring Appropriate Data and Asset Retention 197

Data Protection Methods 199

Digital Rights Management 199

Cloud Access Security Broker 200

Pseudonymization 200

Tokenization 201

Anonymization 202

Understanding Data Roles 204

Data Owners 204

Asset Owners 205

Business/Mission Owners 206

Data Processors and Data Controllers 206

Data Custodians 207

Administrators 207

Users and Subjects 208

Using Security Baselines 208

Comparing Tailoring and Scoping 209

Standards Selection 210

Summary 211

Exam Essentials 211

Written Lab 213

Review Questions 214

Chapter 6 Cryptography and Symmetric Key Algorithms 219

Cryptographic Foundations 220

Goals of Cryptography 220

Cryptography Concepts 223

Cryptographic Mathematics 224

Ciphers 230

Modern Cryptography 238

Cryptographic Keys 238

Symmetric Key Algorithms 239

Asymmetric Key Algorithms 241

Hashing Algorithms 244

Symmetric Cryptography 244

Cryptographic Modes of Operation 245

Data Encryption Standard 247

Triple DES 247

International Data Encryption Algorithm 248

Blowfish 249

Skipjack 249

Rivest Ciphers 249

Advanced Encryption Standard 250

CAST 250

Comparison of Symmetric Encryption Algorithms 251

Symmetric Key Management 252

Cryptographic Lifecycle 255

Summary 255

Exam Essentials 256

Written Lab 257

Review Questions 258

Chapter 7 PKI and Cryptographic Applications 263

Asymmetric Cryptography 264

Public and Private Keys 264

RSA 265

ElGamal 267

Elliptic Curve 268

Diffie-Hellman Key Exchange 269

Quantum Cryptography 270

Hash Functions 271

SHA 272

MD5 273

RIPEMD 273

Comparison of Hash Algorithm Value Lengths 274

Digital Signatures 275

HMAC 276

Digital Signature Standard 277

Public Key Infrastructure 277

Certificates 278

Certificate Authorities 279

Certificate Lifecycle 280

Certificate Formats 283

Asymmetric Key Management 284

Hybrid Cryptography 285

Applied Cryptography 285

Portable Devices 285

Email 286

Web Applications 290

Steganography and Watermarking 292

Networking 294

Emerging Applications 295

Cryptographic Attacks 297

Summary 301

Exam Essentials 302

Written Lab 303

Review Questions 304

Chapter 8 Principles of Security Models, Design, and Capabilities 309

Secure Design Principles 310

Objects and Subjects 311

Closed and Open Systems 312

Secure Defaults 314

Fail Securely 314

Keep It Simple 316

Zero Trust 317

Privacy by Design 319

Trust but Verify 319

Techniques for Ensuring CIA 320

Confinement 320

Bounds 320

Isolation 321

Access Controls 321

Trust and Assurance 321

Understand the Fundamental Concepts of Security Models 322

Trusted Computing Base 323

State Machine Model 325

Information Flow Model 325

Noninterference Model 326

Take-Grant Model 326

Access Control Matrix 327

Bell-LaPadula Model 328

Biba Model 330

Clark-Wilson Model 333

Brewer and Nash Model 334

Goguen-Meseguer Model 335

Sutherland Model 335

Graham-Denning Model 335

Harrison-Ruzzo-Ullman Model 336

Select Controls Based on Systems Security Requirements 337

Common Criteria 337

Authorization to Operate 340

Understand Security Capabilities of Information Systems 341

Memory Protection 341

Virtualization 342

Trusted Platform Module 342

Interfaces 343

Fault Tolerance 343

Encryption/Decryption 343

Summary 343

Exam Essentials 344

Written Lab 347

Review Questions 348

Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 353

Shared Responsibility 354

Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 355

Hardware 356

Firmware 370

Client-Based Systems 372

Mobile Code 372

Local Caches 375

Server-Based Systems 375

Large-Scale Parallel Data Systems 376

Grid Computing 377

Peer to Peer 378

Industrial Control Systems 378

Distributed Systems 380

High-Performance Computing (HPC) Systems 382

Internet of Things 383

Edge...

Details
Erscheinungsjahr: 2021
Fachbereich: Datenkommunikation, Netze & Mailboxen
Genre: Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Reihe: Sybex Study Guide
Inhalt: 1248 S.
ISBN-13: 9781119786238
ISBN-10: 1119786231
Sprache: Englisch
Herstellernummer: 1W119786230
Einband: Kartoniert / Broschiert
Autor: Chapple, Mike
Stewart, James Michael
Gibson, Darril
Auflage: 9. Auflage
Hersteller: Wiley John + Sons
Sybex
Maße: 236 x 188 x 48 mm
Von/Mit: Mike Chapple (u. a.)
Erscheinungsdatum: 28.06.2021
Gewicht: 1,88 kg
Artikel-ID: 119032491
Warnhinweis

Ähnliche Produkte

Ähnliche Produkte