CISSP Study Guide

1st Edition

Authors: Eric Conrad Seth Misenar Joshua Feldman
Print ISBN: 9781597495639
eBook ISBN: 9781597495646
Imprint: Syngress
Published Date: 26th July 2010
Page Count: 640
59.95 + applicable tax
36.99 + applicable tax
45.95 + applicable tax
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


CISSP Study Guide serves as a review for those who want to take the Certified Information Systems Security Professional (CISSP) exam and obtain CISSP certification. The exam is designed to ensure that someone who is handling computer security in a company has a standardized body of knowledge. The book is composed of 10 domains of the Common Body of Knowledge. In each section, it defines each domain. It also provides tips on how to prepare for the exam and take the exam. It also contains CISSP practice quizzes to test ones knowledge. The first domain provides information about risk analysis and mitigation. It also discusses security governance. The second domain discusses different techniques for access control, which is the basis for all the security disciplines. The third domain explains the concepts behind cryptography, which is a secure way of communicating that is understood only by certain recipients. Domain 5 discusses security system design, which is fundamental for operating the system and software security components. Domain 6 is a critical domain in the Common Body of Knowledge, the Business Continuity Planning, and Disaster Recovery Planning. It is the final control against extreme events such as injury, loss of life, or failure of an organization. Domains 7, 8, and 9 discuss telecommunications and network security, application development security, and the operations domain, respectively. Domain 10 focuses on the major legal systems that provide a framework in determining the laws about information system.

Key Features

  • Clearly Stated Exam Objectives
  • Unique Terms / Definitions
  • Exam Warnings
  • Helpful Notes
  • Learning By Example
  • Stepped Chapter Ending Questions
  • Self Test Appendix
  • Detailed Glossary
  • Web Site ( Contains Two Practice Exams and Ten Podcasts-One for Each Domain



This study guide and the CISSP certification are aimed at information security professionals with at least 5 years of relevant experience.

Table of Contents

Acknowledgments About the authors Chapter 1 Introduction How to Prepare for the Exam The Notes Card Approach Practice Tests Read the Glossary Readiness Checklist How to Take the Exam Steps to Becoming a CISSP Exam Logistics How to Take the Exam After the Exam Good Luck! Chapter 2 Domain 1: Information security governance and risk management Unique Terms and Definitions Introduction Cornerstone Information Security Concepts Confidentiality, Integrity, and Availability Identity and Authentication, Authorization, and Accountability Risk Analysis Assets Threats and Vulnerabilities Risk = Threat × Vulnerability Impact Risk Analysis Matrix Calculating Annualized Loss Expectancy Total Cost of Ownership Return on Investment Risk Choices Qualitative and Quantitative Risk Analysis The Risk Management Process Information Security Governance Security Policy and Related Documents Security Awareness and Training Roles and Responsibilities Compliance with Laws and Regulations Privacy Due Care and Due Diligence Best Practice Outsourcing and Offshoring Auditing and Control Frameworks Certification and Accreditation Ethics The (ISC)2 © Code of Ethics Summary of Exam Objectives Self Test Self Test Quick Answer Key Chapter 3 Domain 2: Access control Unique Terms and Definitions Introduction Cornerstone Access Control Concepts The CIA triad Identification and AAA Subjects and objects Access Control Models Discretionary Access Controls (DAC) Mandatory Access Controls (MAC) Non-Discretionary Access Control Content and Cont


No. of pages:
© Syngress 2010
eBook ISBN:
Paperback ISBN:

About the Author

Eric Conrad

Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, Security+), is a SANS-certified instructor and President of Backshore Communications, which provides information warfare, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He has taught more than a thousand students in courses such as SANS Management 414: CISSP, Security 560: Network Penetration Testing and Ethical Hacking, Security 504: Hacker Techniques, and Exploits and Incident Handling. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering.

Affiliations and Expertise

CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GISP, GCED, Senior SANS instructor and CTO, Backshore Communications

Seth Misenar

Seth Misenar (CISSP, GPEN, GCIH, GCIA, GCFA, GWAPT, GCWN, GSEC, MCSE, MCDBA), is a certified instructor with the SANS Institute and serves as lead consultant for Context Security, which is based in Jackson, Mississippi. His background includes security research, network and Web application penetration testing, vulnerability assessment, regulatory compliance, security architecture design, and general security consulting. Seth previously served as a physical and network security consultant for Fortune 100 companies and as the HIPAA and information security officer for a state government agency. He teaches a variety of courses for the SANS Institute, including Security Essentials, Web Application Penetration Testing, Hacker Techniques, and the CISSP course. Seth is pursuing a Master of Science degree in Information Security Engineering from the SANS Technology Institute and holds a Bachelor of Science degree from Millsaps College, Jackson, Mississippi.

Affiliations and Expertise

CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GWAPT, GCWN, GSEC, Senior SANS instructor and Lead Consultant, Context Security, LLC.

Joshua Feldman

Joshua Feldman (CISSP), is currently employed by SAIC, Inc. He has been involved in the Department of Defense Information Systems Agency (DISA) Information Assurance Education, Training, and Awareness program since 2002, where he has contributed to a variety of DoD-wide Information Assurance and Cyber Security policies, specifically the 8500.2 and 8570 series. Joshua has taught more than a thousand DoD students through his "DoD IA Boot Camp" course. He is a subject matter expert for the Web-based DoD Information Assurance Awareness-yearly training of every DoD user is required as part of his or her security awareness curriculum. Also, he is a regular presenter and panel member at the annual Information Assurance Symposium hosted jointly by DISA and NSA. Before joining the support team at DoD/DISA, Joshua spent time as an IT security engineer at the Department of State's Bureau of Diplomatic Security. He got his start in the IT security field with NFR Security Software, a company that manufactures Intrusion Detection Systems. There, he worked as both a trainer and an engineer, implementing IDS technologies and instructing customers how in properly configuring them.

Affiliations and Expertise

CISSP, Vice President, IT Risk, Moody's Investments


"Ideal preparation tool for the CISSP exam; gives you exactly what you need to know in an accurate, concentrated, no frills, no fluff manner. The exam warnings, clear explanations about common misconceptions, are priceless and I learned a lot from them."--Stephen Northcutt, President, SANS Technology Institute

"For anyone serious about passing the exam I would recommend this book to be one of their guides and award the book nine out of ten in terms of its approach, coverage of the material and applicability to the task of preparing a student for the CISSP exam overall."--Jim McGhie, MBCS, CEng CITP

"The CISSP certification is the very first and most prestigious, globally-recognized, vendor-neutral exam for information security professionals. This new study guide is aligned to cover all of the material included in the exam complete with special attention to recent updates."--Dierdre Blake on Dr. Dobb’s Journal

"[T]he book contains all the necessary topics that you will need to know to review for the exam…. Overall the book is more concise than the majority of the other CISSP study guides available. It uses techniques such as "Learn By Example" and "Exam Warning" boxes to illustrate and highlight key points. Well written by technically competent authors, I found the book easy to read. Significantly cheaper than many of its peers, this is all that the more experienced prospective CISSP candidate requires."