Table of Contents
Preface
Chapter 1: Introduction to CISSP
Chapter 2: Day1: Information Security and Risk Management
Chapter 3: Day 2: Information Security and Risk Management
Chapter 4: Day 3: Physical (Environmental) Security
Chapter 5: Day 4: Physical (Environmental) Security
Chapter 6: Day 5: Access Control
Chapter 7: Day 6: Access Control
Chapter 8: Day 7: Cryptography
Chapter 9: Day 8: Cryptography
Chapter 10: Day 9: Operations Security
Chapter 11: Day 10: Operations Security
Chapter 12: Day 11: Application Security
Chapter 13: Day 12: Application Security
Chapter 14: Day 13: Telecommunications and Network Security
Chapter 15: Day 14: Telecommunications and Network Security
Chapter 16: Day 15: Security Architecture and Design
Chapter 17: Day 16: Security Architecture and Design
Chapter 18: Day 17: Business Continuity and Disaster Recovery Planning
Chapter 19: Day 18: Business Continuity and Disaster Recovery Planning
Chapter 20: Day 19: Legal, Regulations, Compliance, and Investigations
Chapter 21: Day 20: Legal, Regulations, Compliance, and Investigations
Chapter 22: Day 21: Mock Test Paper
Appendix: References
Index
- Chapter 1: Introduction to CISSP
- Eligibility requirements for the CISSP exam and certification
- The (ISC)² CBK security domains
- Approach
- Summary
- Chapter 2: Day1: Information Security and Risk Management
- Knowledge requirements
- The approach
- Security management practices
- Control environment
- Management controls
- Administrative controls
- Technical controls
- Standards and guidelines
- NIST special publication 800-14
- ISO/IEC 27000
- Security posture
- Asset classification and control
- Classification types in government
- Classification types in private sector
- Summary
- Practice questions
- Chapter 3: Day 2: Information Security and Risk Management
- Security awareness and training
- Security awareness requirements in national and international standards
- NIST publication 800-14
- ISO/IEC 27002:2005 information technology—security techniques—code of practice for information security management
- Identifying security awareness needs
- Coverage of security awareness training
- Awareness training on incidents
- Measuring security awareness maturity in terms of benefit/value
- Security awareness requirements in national and international standards
- Risk assessment and management
- Assets
- Threat
- Vulnerability
- Risk
- Risk definitions
- Risk scenarios
- Risk assessment
- Quantitative risk assessment
- Qualitative risk assessment
- Summary
- Practice questions
- Security awareness and training
- Chapter 4: Day 3: Physical (Environmental) Security
- Knowledge requirements
- The approach
- Threats, vulnerabilities, and countermeasures for physical security
- Common threats
- Common vulnerabilities
- Physical security design
- Physical facility
- Geographic operating location
- Supporting facilities
- Physical security controls
- Perimeter security
- Interior security
- Unauthorized intrusions
- Motion detectors
- Fire
- Fire classes
- Fire detectors
- Fire suppression mediums
- Water sprinklers
- Gas dischargers
- Electrical power
- Unauthorized intrusions
- Summary
- Practice questions
- Chapter 5: Day 4: Physical (Environmental) Security
- Operations/Facility security
- Auditing
- Emergency procedures
- Startup and shutdown procedures
- Evacuation procedures
- Training and awareness
- Protecting and securing equipments
- Equipment security
- Media security
- Summary
- Practice questions
- Operations/Facility security
- Chapter 6: Day 5: Access Control
- Knowledge requirements
- The approach
- Access control concepts, methodologies, and techniques
- Basic concepts
- Access control models
- Discretionary access control
- Non-discretionary access control
- Access control and authentication
- Access control attacks and countermeasures
- Port scanning and compromise
- Hijacking
- Malicious code
- Password attacks
- Vulnerability compromises
- Summary
- Practice questions
- Chapter 7: Day 6: Access Control
- Vulnerability assessment
- Penetration testing
- Common myths about vulnerability assessment and penetration testing
- CVE and CVSS
- Summary
- Practice questions
- Chapter 8: Day 7: Cryptography
- Key areas of knowledge
- The approach
- Methods of encryption
- Basic concepts
- Types of encryption
- Symmetric key encryption
- Asymmetric key encryption
- Hashing
- Key length and security
- Summary of encryption types
- Application and use of cryptography
- Summary
- Practice questions
- Chapter 9: Day 8: Cryptography
- Public key infrastructure
- Secure messaging
- Message digest
- Digital signature
- Digital certificate
- Key management procedures
- Type of keys
- Key management best practices
- Key states
- Key management phases
- Methods of cryptanalytic attacks
- Cryptographic standards
- Wireless cryptographic standards
- Federal information processing standard
- Summary
- Practice questions
- Public key infrastructure
- Chapter 10: Day 9: Operations Security
- Knowledge requirements
- The approach
- Operations procedure and responsibilities
- Roles and responsibilities
- System administrators
- Security administrators
- Operators
- Users
- Roles and responsibilities
- Incident management and reporting
- Incidents
- Incident management objective and goals
- Incident management controls
- Intrusion detection system
- Vulnerability assessment and penetration testing
- Patch management
- Configuration management
- Business continuity planning
- Summary
- Practice questions
- Chapter 11: Day 10: Operations Security
- Administrative management and control
- Preventive controls
- Detective controls
- Corrective controls
- Other controls
- Recovery controls
- Deterrent controls
- Compensating controls
- System controls
- System evaluation standards
- Trusted Computer System Evaluation Criteria (TCSEC)
- Common Criteria (CC)
- Summary
- Practice questions
- Administrative management and control
- Chapter 12: Day 11: Application Security
- Knowledge requirements
- The approach
- Systems engineering
- System Development Life Cycle
- System development phases
- System Development Life Cycle
- Software Development Life Cycle
- Security standards for software development processes
- Systems Security Engineering—Capability Maturity Model (SSE-CMM)
- ISO/IEC 27002
- Security standards for software development processes
- Summary
- Practice questions
- Chapter 13: Day 12: Application Security
- Introduction to Information Technology systems
- Object-oriented systems
- Object-oriented programming (OOP)
- Artificial Intelligence (AI) systems
- Database systems
- Object-oriented systems
- Threats and vulnerabilities to application systems
- Application vulnerabilities
- Common weakness enumeration
- Web application security
- Common web application vulnerabilities
- Common web application attacks
- Application controls
- Summary
- Practice questions
- Introduction to Information Technology systems
- Chapter 14: Day 13: Telecommunications and Network Security
- Knowledge requirements
- The approach
- Network architecture, protocols, and technologies
- Layered architecture
- Open Systems Interconnect (OSI) Model
- OSI by illustration
- Transmission Control Protocol/Internet Protocol (TCP/IP)
- TCP/IP Protocols
- Summary
- Practice questions
- Chapter 15: Day 14: Telecommunications and Network Security
- Transport layer
- Transport layer protocols
- Transmission Control Protocol (TCP)
- User Datagram Protocol (UDP)
- Transport layer protocols
- Network or Internet layer
- Network/Internet layer protocols
- Internet Protocol (IP)
- IPsec protocols
- Network/Internet layer protocols
- Link layer
- Link layer protocols
- Address Resolution Protocol (ARP)
- Border Gateway Protocol (BGP)
- Ethernet
- Link layer protocols
- Summary
- Practice questions
- Transport layer
- Chapter 16: Day 15: Security Architecture and Design
- Knowledge requirements
- The approach
- Computer architecture
- Elements of computer architecture
- Computer systems
- Computing principles
- Information security in computer architecture
- Trusted computing
- Elements of computer architecture
- Summary
- Practice questions
- Chapter 17: Day 16: Security Architecture and Design
- Assurance
- Common Criteria (CC)
- Certification and accreditation
- DITSCAP
- NIACAP
- DIACAP
- SSE-CMM
- Security engineering practices
- Security organizational processes
- Information security models
- Take-Grant model
- Bell-LaPadula model
- Biba model
- Clark-Wilson Model
- Summary
- Practice questions
- Assurance
- Chapter 18: Day 17: Business Continuity and Disaster Recovery Planning
- Knowledge requirements
- The approach
- Business Continuity Planning (BCP)
- The BCP goals and objectives
- The BCP process
- BCP best practices
- Summary
- Practice questions
- Chapter 19: Day 18: Business Continuity and Disaster Recovery Planning
- Disaster Recovery Planning (DRP)
- Goals and objectives
- Components of disaster recovery planning
- Recovery teams
- Recovery sites
- Business resumption from alternative sites
- Backup terminologies
- Testing procedures
- Summary
- Practice questions
- Disaster Recovery Planning (DRP)
- Chapter 20: Day 19: Legal, Regulations, Compliance, and Investigations
- Knowledge requirements
- The approach
- Computer crimes
- Fraud
- Theft
- Malware or Malicious code
- Cyber crime
- Computer crime related incidents
- Summary
- Practice questions
- Chapter 21: Day 20: Legal, Regulations, Compliance, and Investigations
- Legal and regulatory frameworks
- Law terminologies
- Intellectual property laws
- Privacy
- Act
- Computer investigations
- Ethical usage of information systems
- (ISC)2 Code of ethics
- Summary
- Practice questions
- Legal and regulatory frameworks
- Chapter 22: Day 21: Mock Test Paper
- Questions
- Answers
