Eleventh Hour CISSP®
3rd Edition
Study Guide
Description
Eleventh Hour CISSP: Study Guide, Third Edition provides readers with a study guide on the most current version of the Certified Information Systems Security Professional exam. This book is streamlined to include only core certification information, and is presented for ease of last-minute studying. Main objectives of the exam are covered concisely with key concepts highlighted.
The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. Over 100,000 professionals are certified worldwide, with many more joining their ranks. This new third edition is aligned to cover all of the material in the most current version of the exam’s Common Body of Knowledge. All domains are covered as completely and concisely as possible, giving users the best possible chance of acing the exam.
Key Features
- Completely updated for the most current version of the exam’s Common Body of Knowledge
- Provides the only guide you need for last-minute studying
- Answers the toughest questions and highlights core topics
- Streamlined for maximum efficiency of study, making it ideal for professionals updating their certification or for those taking the test for the first time
Readership
Computer and Information Systems Managers, Systems Administrators, Application Developers, Network Administrators, Security Managers, Security Analysts, Directors of Security, Security Auditors, Security Engineers, Compliance Specialists
Table of Contents
- Author biography
- Chapter 1: Domain 1: Security risk management
- Abstract
- Introduction
- Cornerstone Information Security Concepts
- Legal and Regulatory Issues
- Security and Third Parties
- Ethics
- Information Security Governance
- Access Control Defensive Categories and Types
- Risk Analysis
- Types of Attackers
- Summary of Exam Objectives
- Top Five Toughest Questions
- Answers
- Chapter 2: Domain 2: Asset security
- Abstract
- Introduction
- Classifying Data
- Ownership
- Memory and Remanence
- Data Destruction
- Determining Data Security Controls
- Summary of Exam Objectives
- Top Five Toughest Questions
- Answers
- Chapter 3: Domain 3: Security engineering
- Abstract
- Introduction
- Security Models
- Secure System Design Concepts
- Secure Hardware Architecture
- Secure Operating System and Software Architecture
- Virtualization and Distributed Computing
- System Vulnerabilities, Threats, and Countermeasures
- Cornerstone Cryptographic Concepts
- Types of Cryptography
- Cryptographic Attacks
- Implementing Cryptography
- Perimeter Defenses
- Site Selection, Design, and Configuration
- System Defenses
- Environmental Controls
- Summary of Exam Objectives
- Top Five Toughest Questions
- Answers
- Chapter 4: Domain 4: Communication and network security
- Abstract
- Introduction
- Network Architecture and Design
- Secure Network Devices and Protocols
- Secure Communications
- Summary of Exam Objectives
- Top Five Toughest Questions
- Answers
- Chapter 5: Domain 5: Identity and access management (controlling access and managing identity)
- Abstract
- Introduction
- Authentication Methods
- Access Control Technologies
- Access Control Models
- Summary of Exam Objectives
- Top Five Toughest Questions
- Answers
- Chapter 6: Domain 6: Security assessment and testing
- Abstract
- Introduction
- Assessing Access Control
- Software Testing Methods
- Summary of Exam Objectives
- Top Five Toughest Questions
- Answers
- Chapter 7: Domain 7: Security operations
- Abstract
- Introduction
- Administrative Security
- Forensics
- Incident Response Management
- Operational Preventive and Detective Controls
- Asset Management
- Continuity of Operations
- BCP and DRP overview and process
- Developing a BCP/DRP
- Backups and Availability
- DRP Testing, Training, and Awareness
- Continued BCP/DRP Maintenance
- Specific BCP/DRP Frameworks
- Summary of Exam Objectives
- Top Five Toughest Questions
- Answers
- Chapter 8: Domain 8: Software development security
- Abstract
- Introduction
- Programming Concepts
- Application Development Methods
- Databases
- Object-Oriented Programming
- Assessing the Effectiveness of Software Security
- Summary of Exam Objectives
- Top Five Toughest Questions
- Answers
- Index
Details
- No. of pages:
- 238
- Language:
- English
- Copyright:
- © Syngress 2017
- Published:
- 23rd September 2016
- Imprint:
- Syngress
- eBook ISBN:
- 9780128113776
- Paperback ISBN:
- 9780128112489
About the Author
Eric Conrad
Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, Security+), is a SANS-certified instructor and President of Backshore Communications, which provides information warfare, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He has taught more than a thousand students in courses such as SANS Management 414: CISSP, Security 560: Network Penetration Testing and Ethical Hacking, Security 504: Hacker Techniques, and Exploits and Incident Handling. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering.
Affiliations and Expertise
CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GISP, GCED, Senior SANS instructor and CTO, Backshore Communications
Seth Misenar
Seth Misenar (CISSP, GPEN, GCIH, GCIA, GCFA, GWAPT, GCWN, GSEC, MCSE, MCDBA), is a certified instructor with the SANS Institute and serves as lead consultant for Context Security, which is based in Jackson, Mississippi. His background includes security research, network and Web application penetration testing, vulnerability assessment, regulatory compliance, security architecture design, and general security consulting. Seth previously served as a physical and network security consultant for Fortune 100 companies and as the HIPAA and information security officer for a state government agency. He teaches a variety of courses for the SANS Institute, including Security Essentials, Web Application Penetration Testing, Hacker Techniques, and the CISSP course.
Seth is pursuing a Master of Science degree in Information Security Engineering from the SANS Technology Institute and holds a Bachelor of Science degree from Millsaps College, Jackson, Mississippi.
Affiliations and Expertise
CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GWAPT, GCWN, GSEC, Senior SANS instructor and Lead Consultant, Context Security, LLC.
Joshua Feldman
Joshua Feldman (CISSP), is currently employed by SAIC, Inc. He has been involved in the Department of Defense Information Systems Agency (DISA) Information Assurance Education, Training, and Awareness program since 2002, where he has contributed to a variety of DoD-wide Information Assurance and Cyber Security policies, specifically the 8500.2 and 8570 series. Joshua has taught more than a thousand DoD students through his "DoD IA Boot Camp" course. He is a subject matter expert for the Web-based DoD Information Assurance Awareness-yearly training of every DoD user is required as part of his or her security awareness curriculum. Also, he is a regular presenter and panel member at the annual Information Assurance Symposium hosted jointly by DISA and NSA. Before joining the support team at DoD/DISA, Joshua spent time as an IT security engineer at the Department of State's Bureau of Diplomatic Security. He got his start in the IT security field with NFR Security Software, a company that manufactures Intrusion Detection Systems. There, he worked as both a trainer and an engineer, implementing IDS technologies and instructing customers how in properly configuring them.
Affiliations and Expertise
CISSP, Vice President, IT Risk, Moody's Investments