CISSP all-in-one exam guide
A new edition of Shon Harris' bestselling exam prep guide--fully updated for the 2021 version of the CISSP exam Thoroughly updated for the latest release of the Certified Information Systems Security Professional exam, this comprehensive resource covers all objectives in the 2021 CISSP exam dev...
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
New York :
McGraw Hill
[2022]
|
| Edición: | Ninth edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009711795506719 |
Tabla de Contenidos:
- Intro
- Cover
- About The Authors
- Title Page
- Copyright Page
- Dedication
- Contents at a Glance
- Contents
- From the Author
- Acknowledgments
- Why Become a CISSP?
- Part I Security and Risk Management
- Chapter 1 Cybersecurity Governance
- Fundamental Cybersecurity Concepts and Terms
- Confidentiality
- Integrity
- Availability
- Authenticity
- Nonrepudiation
- Balanced Security
- Other Security Terms
- Security Governance Principles
- Aligning Security to Business Strategy
- Organizational Processes
- Organizational Roles and Responsibilities
- Security Policies, Standards, Procedures, and Guidelines
- Security Policy
- Standards
- Baselines
- Guidelines
- Procedures
- Implementation
- Personnel Security
- Candidate Screening and Hiring
- Employment Agreements and Policies
- Onboarding, Transfers, and Termination Processes
- Vendors, Consultants, and Contractors
- Compliance Policies
- Privacy Policies
- Security Awareness, Education, and Training Programs
- Degree or Certification?
- Methods and Techniques to Present Awareness and Training
- Periodic Content Reviews
- Program Effectiveness Evaluation
- Professional Ethics
- (ISC)2 Code of Professional Ethics
- Organizational Code of Ethics
- The Computer Ethics Institute
- Chapter Review
- Quick Review
- Questions
- Answers
- Chapter 2 Risk Management
- Risk Management Concepts
- Holistic Risk Management
- Information Systems Risk Management Policy
- The Risk Management Team
- The Risk Management Process
- Overview of Vulnerabilities and Threats
- Identifying Threats and Vulnerabilities
- Assessing Risks
- Asset Valuation
- Risk Assessment Teams
- Methodologies for Risk Assessment
- Risk Analysis Approaches
- Qualitative Risk Analysis
- Responding to Risks
- Total Risk vs. Residual Risk.
- Countermeasure Selection and Implementation
- Types of Controls
- Control Assessments
- Monitoring Risks
- Effectiveness Monitoring
- Change Monitoring
- Compliance Monitoring
- Risk Reporting
- Continuous Improvement
- Supply Chain Risk Management
- Upstream and Downstream Suppliers
- Risks Associated with Hardware, Software, and Services
- Other Third-Party Risks
- Minimum Security Requirements
- Service Level Agreements
- Business Continuity
- Standards and Best Practices
- Making BCM Part of the Enterprise Security Program
- Business Impact Analysis
- Chapter Review
- Quick Review
- Questions
- Answers
- Chapter 3 Compliance
- Laws and Regulations
- Types of Legal Systems
- Common Law Revisited
- Cybercrimes and Data Breaches
- Complexities in Cybercrime
- The Evolution of Attacks
- International Issues
- Data Breaches
- Import/Export Controls
- Transborder Data Flow
- Privacy
- Licensing and Intellectual Property Requirements
- Trade Secret
- Copyright
- Trademark
- Patent
- Internal Protection of Intellectual Property
- Software Piracy
- Compliance Requirements
- Contractual, Legal, Industry Standards, and Regulatory Requirements
- Privacy Requirements
- Liability and Its Ramifications
- Requirements for Investigations
- Administrative
- Criminal
- Civil
- Regulatory
- Chapter Review
- Quick Review
- Questions
- Answers
- Chapter 4 Frameworks
- Overview of Frameworks
- Risk Frameworks
- NIST RMF
- ISO/IEC 27005
- OCTAVE
- FAIR
- Information Security Frameworks
- Security Program Frameworks
- Security Control Frameworks
- Enterprise Architecture Frameworks
- Why Do We Need Enterprise Architecture Frameworks?
- Zachman Framework
- The Open Group Architecture Framework
- Military-Oriented Architecture Frameworks
- Other Frameworks
- ITIL
- Six Sigma.
- Capability Maturity Model
- Putting It All Together
- Chapter Review
- Quick Review
- Questions
- Answers
- Part II Asset Security
- Chapter 5 Assets
- Information and Assets
- Identification
- Classification
- Physical Security Considerations
- Protecting Mobile Devices
- Paper Records
- Safes
- Managing the Life Cycle of Assets
- Ownership
- Inventories
- Secure Provisioning
- Asset Retention
- Data Life Cycle
- Data Acquisition
- Data Storage
- Data Use
- Data Sharing
- Data Archival
- Data Destruction
- Data Roles
- Chapter Review
- Quick Review
- Questions
- Answers
- Chapter 6 Data Security
- Data Security Controls
- Data States
- Standards
- Scoping and Tailoring
- Data Protection Methods
- Digital Asset Management
- Digital Rights Management
- Data Loss Prevention
- Cloud Access Security Broker
- Chapter Review
- Quick Review
- Questions
- Answers
- Part III Security Architecture and Engineering
- Chapter 7 System Architectures
- General System Architectures
- Client-Based Systems
- Server-Based Systems
- Database Systems
- High-Performance Computing Systems
- Industrial Control Systems
- Devices
- Distributed Control System
- Supervisory Control and Data Acquisition
- ICS Security
- Virtualized Systems
- Virtual Machines
- Containerization
- Microservices
- Serverless
- Cloud-Based Systems
- Software as a Service
- Platform as a Service
- Infrastructure as a Service
- Everything as a Service
- Cloud Deployment Models
- Pervasive Systems
- Embedded Systems
- Internet of Things
- Distributed Systems
- Edge Computing Systems
- Chapter Review
- Quick Review
- Questions
- Answers
- Chapter 8 Cryptology
- The History of Cryptography
- Cryptography Definitions and Concepts
- Cryptosystems
- Kerckhoffs' Principle
- The Strength of the Cryptosystem
- One-Time Pad.
- Cryptographic Life Cycle
- Cryptographic Methods
- Symmetric Key Cryptography
- Asymmetric Key Cryptography
- Elliptic Curve Cryptography
- Quantum Cryptography
- Hybrid Encryption Methods
- Integrity
- Hashing Functions
- Message Integrity Verification
- Public Key Infrastructure
- Digital Certificates
- Certificate Authorities
- Registration Authorities
- PKI Steps
- Key Management
- Attacks Against Cryptography
- Key and Algorithm Attacks
- Implementation Attacks
- Other Attacks
- Chapter Review
- Quick Review
- Questions
- Answers
- Chapter 9 Security Architectures
- Threat Modeling
- Attack Trees
- STRIDE
- The Lockheed Martin Cyber Kill Chain
- The MITRE ATT&
- CK Framework
- Why Bother with Threat Modeling
- Secure Design Principles
- Defense in Depth
- Zero Trust
- Trust But Verify
- Shared Responsibility
- Separation of Duties
- Least Privilege
- Keep It Simple
- Secure Defaults
- Fail Securely
- Privacy by Design
- Security Models
- Bell-LaPadula Model
- Biba Model
- Clark-Wilson Model
- Noninterference Model
- Brewer and Nash Model
- Graham-Denning Model
- Harrison-Ruzzo-Ullman Model
- Security Requirements
- Security Capabilities of Information Systems
- Trusted Platform Module
- Hardware Security Module
- Self-Encrypting Drive
- Bus Encryption
- Secure Processing
- Chapter Review
- Quick Review
- Questions
- Answers
- Chapter 10 Site and Facility Security
- Site and Facility Design
- Security Principles
- The Site Planning Process
- Crime Prevention Through Environmental Design
- Designing a Physical Security Program
- Site and Facility Controls
- Work Area Security
- Data Processing Facilities
- Distribution Facilities
- Storage Facilities
- Utilities
- Fire Safety
- Environmental Issues
- Chapter Review
- Quick Review
- Questions
- Answers.
- Part IV Communication and Network Security
- Chapter 11 Networking Fundamentals
- Data Communications Foundations
- Network Reference Models
- Protocols
- Application Layer
- Presentation Layer
- Session Layer
- Transport Layer
- Network Layer
- Data Link Layer
- Physical Layer
- Functions and Protocols in the OSI Model
- Tying the Layers Together
- Local Area Networks
- Network Topology
- Medium Access Control Mechanisms
- Layer 2 Protocols
- Transmission Methods
- Layer 2 Security Standards
- Internet Protocol Networking
- TCP
- IP Addressing
- IPv6
- Address Resolution Protocol
- Dynamic Host Configuration Protocol
- Internet Control Message Protocol
- Simple Network Management Protocol
- Domain Name Service
- Network Address Translation
- Routing Protocols
- Intranets and Extranets
- Metropolitan Area Networks
- Metro Ethernet
- Wide Area Networks
- Dedicated Links
- WAN Technologies
- Chapter Review
- Quick Review
- Questions
- Answers
- Chapter 12 Wireless Networking
- Wireless Communications Techniques
- Spread Spectrum
- Orthogonal Frequency Division Multiplexing
- Wireless Networking Fundamentals
- WLAN Components
- WLAN Standards
- Other Wireless Network Standards
- Other Important Standards
- Evolution of WLAN Security
- 802.11
- 802.11i
- 802.11w
- WPA3
- 802.1X
- Best Practices for Securing WLANs
- Mobile Wireless Communication
- Multiple Access Technologies
- Generations of Mobile Wireless
- Satellites
- Chapter Review
- Quick Review
- Questions
- Answers
- Chapter 13 Securing the Network
- Applying Secure Design Principles to Network Architectures
- Secure Networking
- Link Encryption vs. End-to-End Encryption
- TLS
- VPN
- Secure Protocols
- Web Services
- Domain Name System
- Electronic Mail
- Multilayer Protocols
- Distributed Network Protocol 3.
- Controller Area Network Bus.
