Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword or section
Like this
12Activity

Table Of Contents

1 Foreword
3 Certified Information Systems Security Professional
4 Exam Specifics
5 Exam Prerequisites
6 Information Security and Risk Management
6.1 Core Security Principles
6.1.1 Security Governance
6.1.2 Confidentiality
6.1.3 Integrity
6.1.4 Availability
6.1.5 Security Policy
6.1.6 Standards
6.1.7 Procedures
6.1.8 Baselines
6.1.9 Guidelines
6.1.10 Audit Frameworks
6.2 Security Organization
6.2.1 Best Security Practices
6.2.2 Information Security Officer
6.2.3 Reporting
6.2.4 Security Council
6.2.5 Planning for Security
6.2.6 Personnel
6.3 Education, Training, and Awareness
6.4 Risk Management
6.4.1 Qualitative Risk Assessments
6.4.2 Quantitative Risk Assessments
6.4.3 Common Security Measurements
6.4.4 Assessment Methodologies
6.4.5 Principles of Risk Management
6.5 Ethics
6.5.1 Fallacies in Computer Ethics
6.5.2 Ethic Codes and Organizations
7.1.3 Information Classification
7.2 Access Control Architecture
7.2.1 Control Categories
7.2.2 Types of Controls
7.2.3 Administrative Controls
7.2.4 Technical Controls
7.3 Threats to Access Control
7.3.1 Denial of Service (DoS)
7.3.2 Buffer Overflows
7.3.3 Mobile Code
7.3.4 Malicious Software
7.3.5 Password Crackers
7.3.6 Spoofing/Masquerading
7.3.7 Sniffers, Eavesdropping, and Tapping
7.3.8 Emanations
7.3.9 Shoulder Surfing
7.3.10 Object Reuse
7.3.11 Data Remanence
7.3.12 Unauthorized Targeted Data Mining
7.3.13 Dumpster Diving
7.3.14 Backdoors and Trapdoors
7.3.15 Theft
7.3.16 Social Engineering
7.4 Control System Access
7.4.1 Identification and Authentication
7.4.2 Authentication Devices
7.4.3 Integrated Circuit Cards
7.4.4 Biometrics
7.5 Identity and Access Management
7.5.1 Identity Management
7.5.2 Technologies of Identity Management
7.5.3 Access Control Technologies
7.6 Access Controls
7.6.1 Discretionary and Mandatory Controls
7.6.2 Access Control Lists
7.6.3 Types of Access Control
7.7 Intrusion Detection and Prevention
7.7.1 Intrusion Detection Systems
7.7.2 Analysis Engine Methods
7.7.3 Intrusion Responses
7.8 Auditing
7.9 Penetration Testing
7.9.1 Levels of Penetration Testing
7.9.2 Testing Method
7.9.3 Testing Strategies
7.9.4 Types of Testing
8 Cryptography
8.1 Basic Concepts
8.1.1 History of Cryptography
8.1.2 Purpose of Cryptography
8.1.3 Uses for Cryptography
8.1.4 Cryptography Methods
8.2 Ciphers
8.2.1 Playfair Cipher
8.2.2 Transposition Ciphers
8.2.3 Monoalphabetic and Polyalphabetic Ciphers
8.2.4 Modular Mathematics and Running-Key Ciphers
8.2.5 One-time Pads
8.2.6 Other Ciphers
8.3 Cryptography Forms
8.3.1 Symmetric Ciphers
8.3.2 Data Encryption Standard
8.3.3 Advanced Encryption Standard
8.3.4 Other Encryption Methods
8.4 Asymmetric Algorithms
8.4.1 RSA
8.4.2 Diffie-Hellmann Algorithm
8.4.3 Other Asymmetric Algorithms
8.5 Hybrid Cryptography
8.6 Message Integrity Controls
8.6.1 Checksums
8.6.2 Hash Functions
8.6.3 Message Authentication Code (MAC)
8.6.4 Digital Signatures
8.7 Key Management
8.7.1 Key Recovery
8.7.2 Key Distribution
8.7.3 ANSI X9.17
8.7.4 Public Key Infrastructure (PKI)
8.8 Cryptanalysis and Attacks
8.9 Protocols and Standards
9 Physical Security
9.1 Site Location
9.1.1 Fabric and Infrastructure
9.1.2 Layered Defense Model
9.1.3 Considerations
9.1.4 Procedural Controls
9.1.5 Infrastructure Support Systems
9.2 Entry Points
9.2.1 Keys and Locking Systems
9.2.2 Walls, Doors and Windows
9.2.3 Access Controls
9.2.4 Electronic Security
9.3 Protection and Management Services
10 Security Architecture and Design
10.1 Security Components and Principles
10.1.1 Security Frameworks
10.1.2 Design Principles
10.2 Hardware Concepts
10.2.1 Central Process Unit (CPU)
10.2.2 Storage
10.2.3 Input/Output Devices
10.2.4 Networks
10.3 Software
10.3.1 Operating Systems
10.3.2 Application Programs
10.3.3 Other Software
10.4 Security Models
10.4.1 Access Control Models
10.4.2 Integrity Models
10.4.3 Rainbow Series
10.4.5 Common Criteria
10.4.6 Certification and Accreditation
11.1.3 Design and Development Phase
11.1.4 Implementation Phase
11.1.5 Management Phase
11.2 Legislation Related to Business Continuity
12 Telecommunications and Network Security
12.1 Basic Concepts
12.1.1 OSI Reference Model
12.1.2 TCP/IP Model
12.1.3 General Concepts
12.1.4 Network Attacks
12.2 Layer 1: Physical Layer
12.2.1 Topology
12.2.2 Network Technology
12.3 Layer 2: Data Link Layer
12.3.1 Basic Concepts
12.3.2 Transmission Technologies
12.3.3 Ethernet Technology
12.3.4 Bridges
12.3.5 Switches
12.3.6 Wireless LANs
12.3.7 Wireless Encryption
12.3.8 Wireless Standards
12.3.9 Protocols
12.4 Layer 3 – Network Layer
12.4.1 Local Area Networks (LANs)
12.4.2 Wide Area Networks
12.4.3 WAN Types
12.4.4 Global Area Networks (GANs)
12.4.5 Network Devices
12.4.6 Internet Protocol (IP)
12.4.7 Virtual Private Network (VPN)
12.4.8 Protocols
12.5 Layer 4 – Transport Layer
12.5.1 Basic Concepts
12.5.2 Technology
12.6 Layer 5 – Session Layer
12.6.1 Remote Procedure Calls (RPC)
12.6.2 Directory Services
12.6.3 Port Designations
12.7 Layer 6 – Presentation Layer
12.7.1 Technology
12.7.2 Port Designations
12.8 Layer 7 - Application Layer
12.8.1 E-mail Technology
12.8.2 Instant Messaging Technology
12.8.3 Data Transfers
12.8.4 Peer-to-peer Application
12.8.5 Administrative Services
12.8.6 Remote Access Services
12.8.7 Information Services
12.8.8 Voice-over-IP
12.8.9 Port Designations
13 Application Security
13.1 Application Development
13.1.1 Development Lifecycle
13.1.2 Open Source
13.1.3 Development and Operational Processes
13.1.4 SEI-CMM and Other Models
13.1.5 Programming
13.2 Databases
13.2.1 Keys
13.2.2 Database Threats
13.2.3 Database Controls
13.3 Expert Systems
13.4 Vulnerabilities and Threats
13.4.1 Threats in the Environment
13.4.2 Malicious Attacks
13.4.3 Protective Measures
14 Operations Security
14.1 Personnel
14.1.1 Multiple Roles
14.2 Controls
14.2.1 Control Categories
14.2.2 Operational Assurance
14.2.3 Lifecycle Assurance
14.2.4 Change Control
14.2.5 Auditing
15 Legal, Regulations, and Compliance
15.1 Legal Terms
15.1.1 Categories of Law
15.1.2 Evidence
15.1.3 Intellectual Property Laws
15.2 Ethics
Code of Ethics
15.2.2 RFC 1087
16 Practice Exam
16.1 Refresher “Warm up Questions”
17 Answer Guide
17.1 Answers to Questions
18 References
P. 1
CISSP Certified Information Systems Security Professional Certification Exam Preparation Course in a Book for Passing the CISSP Certified Information Systems Security Professional Exam - The How To Pass on Your First Try Certification Study Guide

CISSP Certified Information Systems Security Professional Certification Exam Preparation Course in a Book for Passing the CISSP Certified Information Systems Security Professional Exam - The How To Pass on Your First Try Certification Study Guide

Ratings: (0)|Views: 627 |Likes:
Published by Emereo Publishing
This self-study exam preparation guide for the CISSP Certified Information Systems Security Professional certification exam contains everything you need to test yourself and pass the Exam. All Exam topics are covered and insider secrets, complete explanations of all CISSP Certified Information Systems Security Professional subjects, test tricks and tips, numerous highly realistic sample questions, and exercises designed to strengthen understanding of CISSP Certified Information Systems Security Professional concepts and prepare you for exam success on the first attempt are provided.

CISSP certification reflects the qualifications of information systems security practitioners. The CISSP examination consists of 250 multiple choice questions, covering 10 domains of information security and is administered by the International Information Systems Security Certification Consortium.

Can you imagine valuing a book so much that you send the author a "Thank You" letter?

Tens of thousands of people understand why this is a worldwide best-seller. Is it the authors years of experience? The endless hours of ongoing research? The interviews with those who failed the exam, to identify gaps in their knowledge? Or is it the razor-sharp focus on making sure you don't waste a single minute of your time studying any more than you absolutely have to? Actually, it's all of the above.

This book includes new exercises and sample questions never before in print. Offering numerous sample questions, critical time-saving tips plus information available nowhere else, this book will help you pass the CISSP Certified Information Systems Security Professional exam on your FIRST try.

Up to speed with the theory? Buy this. Read it. And Pass the CISSP Certified Information Systems Security Professional Exam.
This self-study exam preparation guide for the CISSP Certified Information Systems Security Professional certification exam contains everything you need to test yourself and pass the Exam. All Exam topics are covered and insider secrets, complete explanations of all CISSP Certified Information Systems Security Professional subjects, test tricks and tips, numerous highly realistic sample questions, and exercises designed to strengthen understanding of CISSP Certified Information Systems Security Professional concepts and prepare you for exam success on the first attempt are provided.

CISSP certification reflects the qualifications of information systems security practitioners. The CISSP examination consists of 250 multiple choice questions, covering 10 domains of information security and is administered by the International Information Systems Security Certification Consortium.

Can you imagine valuing a book so much that you send the author a "Thank You" letter?

Tens of thousands of people understand why this is a worldwide best-seller. Is it the authors years of experience? The endless hours of ongoing research? The interviews with those who failed the exam, to identify gaps in their knowledge? Or is it the razor-sharp focus on making sure you don't waste a single minute of your time studying any more than you absolutely have to? Actually, it's all of the above.

This book includes new exercises and sample questions never before in print. Offering numerous sample questions, critical time-saving tips plus information available nowhere else, this book will help you pass the CISSP Certified Information Systems Security Professional exam on your FIRST try.

Up to speed with the theory? Buy this. Read it. And Pass the CISSP Certified Information Systems Security Professional Exam.

More info:

Published by: Emereo Publishing on Aug 22, 2010
Copyright:Traditional Copyright: All rights reserved
List Price: $29.95

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
This book can be read on up to 6 mobile devices.
Full version available to subscribers
See more
See less

10/31/2014

You're Reading a Free Preview
Pages 4 to 29 are not shown in this preview.
You're Reading a Free Preview
Pages 33 to 108 are not shown in this preview.
You're Reading a Free Preview
Pages 112 to 200 are not shown in this preview.

Activity (12)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Dinesh Sharma liked this
akbisoi1 liked this
akbisoi1 liked this
Karl Neo liked this
cheenu liked this
mattoh1 liked this
matthewlui liked this

You're Reading a Free Preview

Download
scribd