SØG - mellem flere end 8 millioner bøger:
Viser: CISSP Cert Guide
CISSP Cert Guide
Robin Abernathy og Darren Hayes
(2022)
Sprog: Engelsk
Cisco Press
478,00 kr.
ikke på lager, Bestil nu og få den leveret
om ca. 15 hverdage
om ca. 15 hverdage
Detaljer om varen
- 4. Udgave
- Hardback: 928 sider
- Udgiver: Cisco Press (November 2022)
- Forfattere: Robin Abernathy og Darren Hayes
- ISBN: 9780137507474
Learn, prepare, and practice for CISSP exam success with this Cert Guide from Pearson IT Certification, a leader in IT certification learning.
- Master the latest CISSP exam topics
- Assess your knowledge with chapter-ending quizzes
- Review key concepts with exam preparation tasks
- Practice with realistic exam questions
- Get practical guidance for test taking strategies
CISSP Cert Guide, Fourth Edition is a comprehensive exam study guide. Leading IT certification experts Robin Abernathy and Darren Hayes share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.
The companion website contains the powerful Pearson Test Prep practice test software engine, complete with hundreds of exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.
Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this CISSP study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.
This study guide helps you master all the topics on the CISSP exam, including
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
Introduction xlvii
Chapter 1 Security and Risk Management 5 Security Terms 6 CIA 6 Auditing and Accounting 7 Non-repudiation 8 Default Security Posture 8 Defense in Depth 9 Abstraction 10 Data Hiding 10 Encryption 10 Security Governance Principles 10 Security Function Alignment 12 Organizational Processes 14 Organizational Roles and Responsibilities 16 Security Control Frameworks 20 Due Care and Due Diligence 38 Compliance 38 Contractual, Legal, Industry Standards, and Regulatory Compliance 40 Privacy Requirements Compliance 40 Legal and Regulatory Issues 41 Computer Crime Concepts 41 Major Legal Systems 43 Licensing and Intellectual Property 46 Cyber Crimes and Data Breaches 50 Import/Export Controls 51 Trans-Border Data Flow 51 Privacy 52 Investigation Types 62 Operations/Administrative 63 Criminal 63 Civil 64 Regulatory 64 Industry Standards 64 eDiscovery 67 Professional Ethics 67 (ISC)2 Code of Ethics 67 Computer Ethics Institute 68 Internet Architecture Board 68 Organizational Code of Ethics 69 Security Documentation 69 Policies 70 Processes 72 Procedures 72 Standards 73 Guidelines 73 Baselines 73 Business Continuity 73 Business Continuity and Disaster Recovery Concepts 73 Scope and Plan 77 BIA Development 81 Personnel Security Policies and Procedures 85 Candidate Screening and Hiring 85 Employment Agreements and Policies 87 Employee Onboarding and Offboarding Policies 88 Vendor, Consultant, and Contractor Agreements and Controls 88 Compliance Policy Requirements 89 Privacy Policy Requirements 89 Job Rotation 89 Separation of Duties 89 Risk Management Concepts 90 Asset and Asset Valuation 90 Vulnerability 91 Threat 91 Threat Agent 91 Exploit 91 Risk 91 Exposure 92 Countermeasure 92 Risk Appetite 92 Attack 93 Breach 93 Risk Management Policy 94 Risk Management Team 94 Risk Analysis Team 94 Risk Assessment 95 Implementation 100 Control Categories 100 Control Types 102 Controls Assessment, Monitoring, and Measurement 108 Reporting and Continuous Improvement 108 Risk Frameworks 109 A Risk Management Standard by the Federation of European Risk Management Associations (FERMA) 128 Geographical Threats 129 Internal Versus External Threats 129 Natural Threats 130 System Threats 131 Human-Caused Threats 133 Politically Motivated Threats 135 Threat Modeling 137 Threat Modeling Concepts 138 Threat Modeling Methodologies 138 Identifying Threats 141 Potential Attacks 142 Remediation Technologies and Processes 143 Security Risks in the Supply Chain 143 Risks Associated with Hardware, Software, and Services 144 Third-Party Assessment and Monitoring 144 Minimum Service-Level and Security Requirements 145 Service-Level Requirements 146 Security Education, Training, and Awareness 147 Levels Required 147 Methods and Techniques 148 Periodic Content Reviews 148 Review All Key Topics 148 Complete the Tables and Lists from Memory 150 Define Key Terms 150 Answers and Explanations 157
Chapter 2 Asset Security 165 Asset Security Concepts 166 Asset and Data Policies 166 Data Quality 167 Data Documentation and Organization 168 Identify and Classify Information and Assets 169 Data and Asset Classification 170 Sensitivity and Criticality 170 Private Sector Data Classifications 175 Military and Government Data Classifications 176 Information and Asset Handling Requirements 177 Marking, Labeling, and Storing 178 Destruction 178 Provision Resources Securely 179 Asset Inventory and Asset Management 179 Data Life Cycle 180 Databases 182 Roles and Responsibilities 188 Data Collection and Limitation 191 Data Location 192 Data Maintenance 192 Data Retention 193 Data Remanence and Destruction 193 Data Audit 194 Asset Retention 195 Data Security Controls 197 Data Security 197 Data States 197 Data Access and Sharing 198 Data Storage and Archiving 199 Baselines 200 Scoping and Tailoring 201 Standards Selection 201 Data Protection Methods 202 Review All Key Topics 205 Define Key Terms 205 Answers and Explanations 207
Chapter 3 Security Architecture and Engineering 213 Engineering Processes Using Secure Design Principles 214 Objects and Subjects 215 Closed Versus Open Systems 215 Threat Modeling 215 Least Privilege 216 Defense in Depth 216 Secure Defaults 216 Fail Securely 217 Separation of Duties (SoD) 217 Keep It Simple 218 Zero Trust 218 Privacy by Design 218 Trust but Verify 219 Shared Responsibility 219 Security Model Concepts 220 Confidentiality, Integrity, and Availability 220 Confinement 220 Bounds 221 Isolation 221 Security Modes 221 Security Model Types 222 Security Models 226 System Architecture Steps 230 ISO/IEC
42010:2011 231 Computing Platforms 231 Security Services 234 System Components 235 System Security Evaluation Models 244 TCSEC 245 ITSEC 248 Common Criteria 250 Security Implementation Standards 252 Controls and Countermeasures 255 Certification and Accreditation 256 Control Selection Based on Systems Security Requirements 256 Security Capabilities of Information Systems 257 Memory Protection 257 Trusted Platform Module 258 Interfaces 259 Fault Tolerance 259 Policy Mechanisms 260 Encryption/Decryption 260 Security Architecture Maintenance 261 Vulnerabilities of Security Architectures, Designs, and Solution Elements 261 Client-Based Systems 262 Server-Based Systems 263 Database Systems 264 Cryptographic Systems 265 Industrial Control Systems 265 Cloud-Based Systems 268 Large-Scale Parallel Data Systems 274 Distributed Systems 275 Grid Computing 275 Peer-to-Peer Computing 275 Internet of Things 276 Microservices 280 Containerization 281 Serverless Systems 281 High-Performance Computing Systems 282 Edge Computing Systems 28
Chapter 1 Security and Risk Management 5 Security Terms 6 CIA 6 Auditing and Accounting 7 Non-repudiation 8 Default Security Posture 8 Defense in Depth 9 Abstraction 10 Data Hiding 10 Encryption 10 Security Governance Principles 10 Security Function Alignment 12 Organizational Processes 14 Organizational Roles and Responsibilities 16 Security Control Frameworks 20 Due Care and Due Diligence 38 Compliance 38 Contractual, Legal, Industry Standards, and Regulatory Compliance 40 Privacy Requirements Compliance 40 Legal and Regulatory Issues 41 Computer Crime Concepts 41 Major Legal Systems 43 Licensing and Intellectual Property 46 Cyber Crimes and Data Breaches 50 Import/Export Controls 51 Trans-Border Data Flow 51 Privacy 52 Investigation Types 62 Operations/Administrative 63 Criminal 63 Civil 64 Regulatory 64 Industry Standards 64 eDiscovery 67 Professional Ethics 67 (ISC)2 Code of Ethics 67 Computer Ethics Institute 68 Internet Architecture Board 68 Organizational Code of Ethics 69 Security Documentation 69 Policies 70 Processes 72 Procedures 72 Standards 73 Guidelines 73 Baselines 73 Business Continuity 73 Business Continuity and Disaster Recovery Concepts 73 Scope and Plan 77 BIA Development 81 Personnel Security Policies and Procedures 85 Candidate Screening and Hiring 85 Employment Agreements and Policies 87 Employee Onboarding and Offboarding Policies 88 Vendor, Consultant, and Contractor Agreements and Controls 88 Compliance Policy Requirements 89 Privacy Policy Requirements 89 Job Rotation 89 Separation of Duties 89 Risk Management Concepts 90 Asset and Asset Valuation 90 Vulnerability 91 Threat 91 Threat Agent 91 Exploit 91 Risk 91 Exposure 92 Countermeasure 92 Risk Appetite 92 Attack 93 Breach 93 Risk Management Policy 94 Risk Management Team 94 Risk Analysis Team 94 Risk Assessment 95 Implementation 100 Control Categories 100 Control Types 102 Controls Assessment, Monitoring, and Measurement 108 Reporting and Continuous Improvement 108 Risk Frameworks 109 A Risk Management Standard by the Federation of European Risk Management Associations (FERMA) 128 Geographical Threats 129 Internal Versus External Threats 129 Natural Threats 130 System Threats 131 Human-Caused Threats 133 Politically Motivated Threats 135 Threat Modeling 137 Threat Modeling Concepts 138 Threat Modeling Methodologies 138 Identifying Threats 141 Potential Attacks 142 Remediation Technologies and Processes 143 Security Risks in the Supply Chain 143 Risks Associated with Hardware, Software, and Services 144 Third-Party Assessment and Monitoring 144 Minimum Service-Level and Security Requirements 145 Service-Level Requirements 146 Security Education, Training, and Awareness 147 Levels Required 147 Methods and Techniques 148 Periodic Content Reviews 148 Review All Key Topics 148 Complete the Tables and Lists from Memory 150 Define Key Terms 150 Answers and Explanations 157
Chapter 2 Asset Security 165 Asset Security Concepts 166 Asset and Data Policies 166 Data Quality 167 Data Documentation and Organization 168 Identify and Classify Information and Assets 169 Data and Asset Classification 170 Sensitivity and Criticality 170 Private Sector Data Classifications 175 Military and Government Data Classifications 176 Information and Asset Handling Requirements 177 Marking, Labeling, and Storing 178 Destruction 178 Provision Resources Securely 179 Asset Inventory and Asset Management 179 Data Life Cycle 180 Databases 182 Roles and Responsibilities 188 Data Collection and Limitation 191 Data Location 192 Data Maintenance 192 Data Retention 193 Data Remanence and Destruction 193 Data Audit 194 Asset Retention 195 Data Security Controls 197 Data Security 197 Data States 197 Data Access and Sharing 198 Data Storage and Archiving 199 Baselines 200 Scoping and Tailoring 201 Standards Selection 201 Data Protection Methods 202 Review All Key Topics 205 Define Key Terms 205 Answers and Explanations 207
Chapter 3 Security Architecture and Engineering 213 Engineering Processes Using Secure Design Principles 214 Objects and Subjects 215 Closed Versus Open Systems 215 Threat Modeling 215 Least Privilege 216 Defense in Depth 216 Secure Defaults 216 Fail Securely 217 Separation of Duties (SoD) 217 Keep It Simple 218 Zero Trust 218 Privacy by Design 218 Trust but Verify 219 Shared Responsibility 219 Security Model Concepts 220 Confidentiality, Integrity, and Availability 220 Confinement 220 Bounds 221 Isolation 221 Security Modes 221 Security Model Types 222 Security Models 226 System Architecture Steps 230 ISO/IEC
42010:2011 231 Computing Platforms 231 Security Services 234 System Components 235 System Security Evaluation Models 244 TCSEC 245 ITSEC 248 Common Criteria 250 Security Implementation Standards 252 Controls and Countermeasures 255 Certification and Accreditation 256 Control Selection Based on Systems Security Requirements 256 Security Capabilities of Information Systems 257 Memory Protection 257 Trusted Platform Module 258 Interfaces 259 Fault Tolerance 259 Policy Mechanisms 260 Encryption/Decryption 260 Security Architecture Maintenance 261 Vulnerabilities of Security Architectures, Designs, and Solution Elements 261 Client-Based Systems 262 Server-Based Systems 263 Database Systems 264 Cryptographic Systems 265 Industrial Control Systems 265 Cloud-Based Systems 268 Large-Scale Parallel Data Systems 274 Distributed Systems 275 Grid Computing 275 Peer-to-Peer Computing 275 Internet of Things 276 Microservices 280 Containerization 281 Serverless Systems 281 High-Performance Computing Systems 282 Edge Computing Systems 28
De oplyste priser er inkl. moms
Butikker og åbningstid
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik
Find pensumliste
FAQ for studerende
Pensumlistegaranti
Sortiment og levering
Kompendier(for undervisere)
FAQ for studerende
Pensumlistegaranti
Sortiment og levering
Kompendier(for undervisere)
Polyteknisk Boghandel og Forlag A/S - Anker Engelundsvej 1 - 2800 Lyngby
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927