Bücher online kaufen
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide
-0 %
Artikel-Nr:
9781119786238
Veröffentl:
2021
Erscheinungsdatum:
28.06.2021
Seiten:
1171
Autor:
Mike Chapple
Gewicht:
1880 g
Format:
236x188x48 mm
Serie:
Sybex Study Guide
Sprache:
Englisch
Beschreibung:
ABOUT THE AUTHORS
Mike Chapple, PhD, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame's Mendoza College of Business. He is a cybersecurity professional and educator with over 25 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com.
James Michael Stewart, CISSP, CEH, CHFI, ECSA, CND, ECIH, CySA+, PenTest+, CASP+, Security+, Network+, A+, CISM, and CFR, has been writing and training for more than 25 years, with a current focus on security. He has been writing and teaching CISSP materials since 2002. He is the author of and contributor to more than 75 books on security certifications.
Darril Gibson, CISSP, Security+, CASP, is the CEO of YCDA (short for You Can Do Anything), and he has authored or coauthored more than 40 books. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications.
Mike Chapple, PhD, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame's Mendoza College of Business. He is a cybersecurity professional and educator with over 25 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com.
James Michael Stewart, CISSP, CEH, CHFI, ECSA, CND, ECIH, CySA+, PenTest+, CASP+, Security+, Network+, A+, CISM, and CFR, has been writing and training for more than 25 years, with a current focus on security. He has been writing and teaching CISSP materials since 2002. He is the author of and contributor to more than 75 books on security certifications.
Darril Gibson, CISSP, Security+, CASP, is the CEO of YCDA (short for You Can Do Anything), and he has authored or coauthored more than 40 books. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications.
CISSP Study Guide - fully updated for the 2021 CISSP Body of Knowledge
(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.
The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully pass the CISSP exam. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.
Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:
* Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.
* More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
* A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
* New for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare.
Coverage of all of the exam topics in the book means you'll be ready for:
* Security and Risk Management
* Asset Security
* Security Architecture and Engineering
* Communication and Network Security
* Identity and Access Management (IAM)
* Security Assessment and Testing
* Security Operations
* Software Development Security
(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.
The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully pass the CISSP exam. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.
Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:
* Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.
* More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
* A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
* New for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare.
Coverage of all of the exam topics in the book means you'll be ready for:
* Security and Risk Management
* Asset Security
* Security Architecture and Engineering
* Communication and Network Security
* Identity and Access Management (IAM)
* Security Assessment and Testing
* Security Operations
* Software Development Security
Introduction xxxvii
Assessment Test lix
Chapter 1 Security Governance Through Principles and Policies 1
Security 101 3
Understand and Apply Security Concepts 4
Confidentiality 5
Integrity 6
Availability 7
DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7
Protection Mechanisms 11
Security Boundaries 13
Evaluate and Apply Security Governance Principles 14
Third-Party Governance 15
Documentation Review 15
Manage the Security Function 16
Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17
Organizational Processes 19
Organizational Roles and Responsibilities 21
Security Control Frameworks 22
Due Diligence and Due Care 23
Security Policy, Standards, Procedures, and Guidelines 23
Security Policies 24
Security Standards, Baselines, and Guidelines 24
Security Procedures 25
Threat Modeling 26
Identifying Threats 26
Determining and Diagramming Potential Attacks 28
Performing Reduction Analysis 28
Prioritization and Response 30
Supply Chain Risk Management 31
Summary 33
Exam Essentials 33
Written Lab 36
Review Questions 37
Chapter 2 Personnel Security and Risk Management Concepts 43
Personnel Security Policies and Procedures 45
Job Descriptions and Responsibilities 45
Candidate Screening and Hiring 46
Onboarding: Employment Agreements and Policies 47
Employee Oversight 48
Offboarding, Transfers, and Termination Processes 49
Vendor, Consultant, and Contractor Agreements and Controls 52
Compliance Policy Requirements 53
Privacy Policy Requirements 54
Understand and Apply Risk Management Concepts 55
Risk Terminology and Concepts 56
Asset Valuation 58
Identify Threats and Vulnerabilities 60
Risk Assessment/Analysis 60
Risk Responses 66
Cost vs. Benefit of Security Controls 69
Countermeasure Selection and Implementation 72
Applicable Types of Controls 74
Security Control Assessment 76
Monitoring and Measurement 76
Risk Reporting and Documentation 77
Continuous Improvement 77
Risk Frameworks 79
Social Engineering 81
Social Engineering Principles 83
Eliciting Information 85
Prepending 85
Phishing 85
Spear Phishing 87
Whaling 87
Smishing 88
Vishing 88
Spam 89
Shoulder Surfing 90
Invoice Scams 90
Hoax 90
Impersonation and Masquerading 91
Tailgating and Piggybacking 91
Dumpster Diving 92
Identity Fraud 93
Typo Squatting 94
Influence Campaigns 94
Establish and Maintain a Security Awareness, Education, and Training Program 96
Awareness 97
Training 97
Education 98
Improvements 98
Effectiveness Evaluation 99
Summary 100
Exam Essentials 101
Written Lab 106
Review Questions 107
Chapter 3 Business Continuity Planning 113
Planning for Business Continuity 114
Project Scope and Planning 115
Organizational Review 116
BCP Team Selection 117
Resource Requirements 119
Legal and Regulatory Requirements 120
Bus
Assessment Test lix
Chapter 1 Security Governance Through Principles and Policies 1
Security 101 3
Understand and Apply Security Concepts 4
Confidentiality 5
Integrity 6
Availability 7
DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7
Protection Mechanisms 11
Security Boundaries 13
Evaluate and Apply Security Governance Principles 14
Third-Party Governance 15
Documentation Review 15
Manage the Security Function 16
Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17
Organizational Processes 19
Organizational Roles and Responsibilities 21
Security Control Frameworks 22
Due Diligence and Due Care 23
Security Policy, Standards, Procedures, and Guidelines 23
Security Policies 24
Security Standards, Baselines, and Guidelines 24
Security Procedures 25
Threat Modeling 26
Identifying Threats 26
Determining and Diagramming Potential Attacks 28
Performing Reduction Analysis 28
Prioritization and Response 30
Supply Chain Risk Management 31
Summary 33
Exam Essentials 33
Written Lab 36
Review Questions 37
Chapter 2 Personnel Security and Risk Management Concepts 43
Personnel Security Policies and Procedures 45
Job Descriptions and Responsibilities 45
Candidate Screening and Hiring 46
Onboarding: Employment Agreements and Policies 47
Employee Oversight 48
Offboarding, Transfers, and Termination Processes 49
Vendor, Consultant, and Contractor Agreements and Controls 52
Compliance Policy Requirements 53
Privacy Policy Requirements 54
Understand and Apply Risk Management Concepts 55
Risk Terminology and Concepts 56
Asset Valuation 58
Identify Threats and Vulnerabilities 60
Risk Assessment/Analysis 60
Risk Responses 66
Cost vs. Benefit of Security Controls 69
Countermeasure Selection and Implementation 72
Applicable Types of Controls 74
Security Control Assessment 76
Monitoring and Measurement 76
Risk Reporting and Documentation 77
Continuous Improvement 77
Risk Frameworks 79
Social Engineering 81
Social Engineering Principles 83
Eliciting Information 85
Prepending 85
Phishing 85
Spear Phishing 87
Whaling 87
Smishing 88
Vishing 88
Spam 89
Shoulder Surfing 90
Invoice Scams 90
Hoax 90
Impersonation and Masquerading 91
Tailgating and Piggybacking 91
Dumpster Diving 92
Identity Fraud 93
Typo Squatting 94
Influence Campaigns 94
Establish and Maintain a Security Awareness, Education, and Training Program 96
Awareness 97
Training 97
Education 98
Improvements 98
Effectiveness Evaluation 99
Summary 100
Exam Essentials 101
Written Lab 106
Review Questions 107
Chapter 3 Business Continuity Planning 113
Planning for Business Continuity 114
Project Scope and Planning 115
Organizational Review 116
BCP Team Selection 117
Resource Requirements 119
Legal and Regulatory Requirements 120
Bus