Eleventh Hour CISSP®

Eleventh Hour CISSP®

Study Guide

4th Edition - December 1, 2022

Write a review

  • Authors: Eric Conrad, Seth Misenar, Joshua Feldman
  • Paperback ISBN: 9780443186882

Purchase options

Purchase options
Available for Pre-Order
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

Eleventh Hour CISSP®: Study Guide provides you with a study guide keyed directly to the most current version of the CISSP exam. This book is streamlined to include only core certification information and is presented for ease of last-minute studying. Main objectives of the exam are covered concisely with key concepts highlighted.The CISSP certification is the most prestigious, globally-recognized, vendor neutral exams for information security professionals. Over 100,000 professionals are certified worldwide with many more joining their ranks. This new Fourth Edition is aligned to cover all of the material in the most current version of the exam’s Common Body of Knowledge. All eight domains are covered completely and as concisely as possible, giving you the best possible chance of acing the exam.

Key Features

  • All new Fourth Edition updated for the most current version of the exam’s Common Body of Knowledge
  • The only guide you need for last-minute studying
  • Answers the toughest questions and highlights core topics
  • No fluff - streamlined for maximum efficiency of study – perfect for professionals who are updating their certification or taking the test for the first time

Readership

Information Security Professionals, IT Professionals, Computer and Information Systems Managers, Systems Administrators, Application Developers, Network Administrators, Security Managers, Security Analysts, Directors of Security, Security Auditors, Security Engineers, Compliance Specialists

Table of Contents

  • 1. Introduction

    2. How to take the CISSP Exam

    3. Domain 1: Access Control
    Confidentiality, integrity, and availability
    Identity, authentication, authorization, and accountability
    Categories and Controls
    Types of authentication
    Access control attacks
    Access provisioning lifecycle

    4. Domain 2: Telecommunications and Network Security
    Network Security Concepts
    The OSI and TCP/IP models
    Network devices
    End-point security
    Network attacks, detection, and mitigation
    Defense in depth
    Protocols
    Remote access

    5. Domain 3: Information Security Governance and Risk Management
    Policies, Procedures, Standards, Guidelines and Baselines
    Defense-in-depth
    Risk Management formulas
    Quantitative and Qualitative Risk Analysis
    Total cost of ownership and return on investment
    Outsourcing and offshoring
    Certification and accreditation
    Control frameworks
    Managing 3rd-party governance

    6. Domain 4: Software Development Security
    Software-based Controls
    The Software Development Lifecycle
    Object oriented systems
    Artificial intelligence

    7. Domain 5: Cryptography
    Crypto history
    Cryptography Concepts and Algorithms
    Symmetric encryption, Asymmetric encryption, and hashes
    Digital Signatures
    Cryptanalysis
    Steganography and watermarking
    Non-repudiation

    8. Domain 6: Security Architecture and Design
    Security architecture principles
    Trusted Computing Base
    The security kernel and reference monitor
    Secure hardware
    Covert channels
    XML, SAML and OWASP

    9. Domain 7: Security Operations
    Backups and Media
    Change Control
    Controls Categories
    Object marking, handling, an storage
    Separation of duties and rotation of duties
    Operational attacks
    Incident response

    10. Domain 8: Business Continuity and Disaster Recovery Planning
    The BCP process
    Business Impact Analysis and Maximum Allowable Downtime
    Hot, warm, and cold sites
    BCP/DRP testing
    Site restoration Activities
    Databases and data warehousing

    11. Domain 9: Legal, Regulations, Investigations, and Compliance
    Professional Ethics
    Major Legal Systems
    Criminal, Civil, and Regulatory Law
    Laws and Information Security
    Forensic investigations
    Cloud computing

    12. Domain 10: Physical (Environmental) Security
    Physical controls
    Environmental controls
    Perimeter security
    Locks, alarms and cameras
    Guards and dogs
    Site Location

Product details

  • No. of pages: 260
  • Language: English
  • Copyright: © Syngress 2022
  • Published: December 1, 2022
  • Imprint: Syngress
  • Paperback ISBN: 9780443186882

About the Authors

Eric Conrad

Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, Security+), is a SANS-certified instructor and President of Backshore Communications, which provides information warfare, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He has taught more than a thousand students in courses such as SANS Management 414: CISSP, Security 560: Network Penetration Testing and Ethical Hacking, Security 504: Hacker Techniques, and Exploits and Incident Handling. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering.

Affiliations and Expertise

CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GISP, GCED, Senior SANS instructor and CTO, Backshore Communications

Seth Misenar

Seth Misenar (CISSP, GPEN, GCIH, GCIA, GCFA, GWAPT, GCWN, GSEC, MCSE, MCDBA), is a certified instructor with the SANS Institute and serves as lead consultant for Context Security, which is based in Jackson, Mississippi. His background includes security research, network and Web application penetration testing, vulnerability assessment, regulatory compliance, security architecture design, and general security consulting. Seth previously served as a physical and network security consultant for Fortune 100 companies and as the HIPAA and information security officer for a state government agency. He teaches a variety of courses for the SANS Institute, including Security Essentials, Web Application Penetration Testing, Hacker Techniques, and the CISSP course.

Seth is pursuing a Master of Science degree in Information Security Engineering from the SANS Technology Institute and holds a Bachelor of Science degree from Millsaps College, Jackson, Mississippi.

Affiliations and Expertise

CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GWAPT, GCWN, GSEC, Senior SANS instructor and Lead Consultant, Context Security, LLC.

Joshua Feldman

Joshua Feldman (CISSP), is currently employed by SAIC, Inc. He has been involved in the Department of Defense Information Systems Agency (DISA) Information Assurance Education, Training, and Awareness program since 2002, where he has contributed to a variety of DoD-wide Information Assurance and Cyber Security policies, specifically the 8500.2 and 8570 series. Joshua has taught more than a thousand DoD students through his "DoD IA Boot Camp" course. He is a subject matter expert for the Web-based DoD Information Assurance Awareness-yearly training of every DoD user is required as part of his or her security awareness curriculum. Also, he is a regular presenter and panel member at the annual Information Assurance Symposium hosted jointly by DISA and NSA. Before joining the support team at DoD/DISA, Joshua spent time as an IT security engineer at the Department of State's Bureau of Diplomatic Security. He got his start in the IT security field with NFR Security Software, a company that manufactures Intrusion Detection Systems. There, he worked as both a trainer and an engineer, implementing IDS technologies and instructing customers how in properly configuring them.

Affiliations and Expertise

CISSP, Vice President, IT Risk, Moody's Investments

Ratings and Reviews

Write a review

There are currently no reviews for "Eleventh Hour CISSP®"