CISSP in 21 Days


CISSP in 21 Days
eBook: $23.99
Formats: PDF, PacktLib, ePub and Mobi formats
$20.40
save 15%!
Print + free eBook + free PacktLib access to the book: $63.98    Print cover: $39.99
$60.39
save 6%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Reviews
Support
Sample Chapters
  • A concise quick revision guide for CISSP exam preparation
  • Disciplined study approach a month before exam
  • Complete coverage of the prescribed syllabus
  • Lot of questions on each topic for practice; an extra question bank with the latest questions

Book Details

Language : English
Paperback : 320 pages [ 235mm x 191mm ]
Release Date : December 2008
ISBN : 1847194508
ISBN 13 : 9781847194503
Author(s) : M. L. Srinivasan
Topics and Technologies : All Books, Networking and Servers, Networking & Telephony


Table of Contents

Preface
Chapter 1: Introduction to CISSP
Chapter 2: Day1: Information Security and Risk Management
Chapter 3: Day 2: Information Security and Risk Management
Chapter 4: Day 3: Physical (Environmental) Security
Chapter 5: Day 4: Physical (Environmental) Security
Chapter 6: Day 5: Access Control
Chapter 7: Day 6: Access Control
Chapter 8: Day 7: Cryptography
Chapter 9: Day 8: Cryptography
Chapter 10: Day 9: Operations Security
Chapter 11: Day 10: Operations Security
Chapter 12: Day 11: Application Security
Chapter 13: Day 12: Application Security
Chapter 14: Day 13: Telecommunications and Network Security
Chapter 15: Day 14: Telecommunications and Network Security
Chapter 16: Day 15: Security Architecture and Design
Chapter 17: Day 16: Security Architecture and Design
Chapter 18: Day 17: Business Continuity and Disaster Recovery Planning
Chapter 19: Day 18: Business Continuity and Disaster Recovery Planning
Chapter 20: Day 19: Legal, Regulations, Compliance, and Investigations
Chapter 21: Day 20: Legal, Regulations, Compliance, and Investigations
Chapter 22: Day 21: Mock Test Paper
Appendix: References
Index
  • Chapter 2: Day1: Information Security and Risk Management
    • Knowledge requirements
    • The approach
    • Security management practices
    • Control environment
      • Management controls
      • Administrative controls
      • Technical controls
    • Standards and guidelines
      • NIST special publication 800-14
      • ISO/IEC 27000
    • Security posture
    • Asset classification and control
      • Classification types in government
      • Classification types in private sector
    • Summary
    • Practice questions
  • Chapter 3: Day 2: Information Security and Risk Management
    • Security awareness and training
      • Security awareness requirements in national and international standards
        • NIST publication 800-14
        • ISO/IEC 27002:2005 information technology—security techniques—code of practice for information security management
        • Identifying security awareness needs
        • Coverage of security awareness training
        • Awareness training on incidents
        • Measuring security awareness maturity in terms of benefit/value
    • Risk assessment and management
      • Assets
      • Threat
      • Vulnerability
      • Risk
      • Risk definitions
      • Risk scenarios
      • Risk assessment
        • Quantitative risk assessment
        • Qualitative risk assessment
    • Summary
    • Practice questions
  • Chapter 4: Day 3: Physical (Environmental) Security
    • Knowledge requirements
    • The approach
    • Threats, vulnerabilities, and countermeasures for physical security
      • Common threats
      • Common vulnerabilities
    • Physical security design
      • Physical facility
      • Geographic operating location
      • Supporting facilities
      • Physical security controls
    • Perimeter security
    • Interior security
      • Unauthorized intrusions
        • Motion detectors
      • Fire
        • Fire classes
        • Fire detectors
        • Fire suppression mediums
        • Water sprinklers
        • Gas dischargers
      • Electrical power
    • Summary
    • Practice questions
  • Chapter 5: Day 4: Physical (Environmental) Security
    • Operations/Facility security
      • Auditing
      • Emergency procedures
        • Startup and shutdown procedures
        • Evacuation procedures
        • Training and awareness
    • Protecting and securing equipments
      • Equipment security
      • Media security
    • Summary
    • Practice questions
  • Chapter 6: Day 5: Access Control
    • Knowledge requirements
    • The approach
    • Access control concepts, methodologies, and techniques
      • Basic concepts
      • Access control models
        • Discretionary access control
        • Non-discretionary access control
    • Access control and authentication
    • Access control attacks and countermeasures
      • Port scanning and compromise
      • Hijacking
      • Malicious code
      • Password attacks
      • Vulnerability compromises
    • Summary
    • Practice questions
  • Chapter 7: Day 6: Access Control
    • Vulnerability assessment
    • Penetration testing
    • Common myths about vulnerability assessment and penetration testing
    • CVE and CVSS
    • Summary
    • Practice questions
  • Chapter 8: Day 7: Cryptography
    • Key areas of knowledge
    • The approach
    • Methods of encryption
      • Basic concepts
    • Types of encryption
      • Symmetric key encryption
      • Asymmetric key encryption
      • Hashing
    • Key length and security
    • Summary of encryption types
    • Application and use of cryptography
    • Summary
    • Practice questions
  • Chapter 9: Day 8: Cryptography
    • Public key infrastructure
      • Secure messaging
      • Message digest
      • Digital signature
      • Digital certificate
      • Key management procedures
      • Type of keys
      • Key management best practices
      • Key states
      • Key management phases
    • Methods of cryptanalytic attacks
    • Cryptographic standards
      • Wireless cryptographic standards
      • Federal information processing standard
    • Summary
    • Practice questions
  • Chapter 10: Day 9: Operations Security
    • Knowledge requirements
    • The approach
    • Operations procedure and responsibilities
      • Roles and responsibilities
        • System administrators
        • Security administrators
        • Operators
        • Users
    • Incident management and reporting
      • Incidents
      • Incident management objective and goals
      • Incident management controls
        • Intrusion detection system
        • Vulnerability assessment and penetration testing
        • Patch management
        • Configuration management
        • Business continuity planning
    • Summary
    • Practice questions
  • Chapter 11: Day 10: Operations Security
    • Administrative management and control
      • Preventive controls
      • Detective controls
      • Corrective controls
    • Other controls
      • Recovery controls
      • Deterrent controls
      • Compensating controls
      • System controls
    • System evaluation standards
      • Trusted Computer System Evaluation Criteria (TCSEC)
      • Common Criteria (CC)
    • Summary
    • Practice questions
  • Chapter 12: Day 11: Application Security
    • Knowledge requirements
    • The approach
    • Systems engineering
      • System Development Life Cycle
        • System development phases
    • Software Development Life Cycle
      • Security standards for software development processes
        • Systems Security Engineering—Capability Maturity Model (SSE-CMM)
        • ISO/IEC 27002
    • Summary
    • Practice questions
  • Chapter 13: Day 12: Application Security
    • Introduction to Information Technology systems
      • Object-oriented systems
        • Object-oriented programming (OOP)
      • Artificial Intelligence (AI) systems
      • Database systems
    • Threats and vulnerabilities to application systems
      • Application vulnerabilities
      • Common weakness enumeration
    • Web application security
      • Common web application vulnerabilities
      • Common web application attacks
    • Application controls
    • Summary
    • Practice questions
  • Chapter 14: Day 13: Telecommunications and Network Security
    • Knowledge requirements
    • The approach
    • Network architecture, protocols, and technologies
      • Layered architecture
      • Open Systems Interconnect (OSI) Model
        • OSI by illustration
      • Transmission Control Protocol/Internet Protocol (TCP/IP)
        • TCP/IP Protocols
    • Summary
    • Practice questions
  • Chapter 15: Day 14: Telecommunications and Network Security
    • Transport layer
      • Transport layer protocols
        • Transmission Control Protocol (TCP)
        • User Datagram Protocol (UDP)
    • Network or Internet layer
      • Network/Internet layer protocols
        • Internet Protocol (IP)
        • IPsec protocols
    • Link layer
      • Link layer protocols
        • Address Resolution Protocol (ARP)
        • Border Gateway Protocol (BGP)
        • Ethernet
    • Summary
    • Practice questions
  • Chapter 16: Day 15: Security Architecture and Design
    • Knowledge requirements
    • The approach
    • Computer architecture
      • Elements of computer architecture
        • Computer systems
        • Computing principles
      • Information security in computer architecture
        • Trusted computing
    • Summary
    • Practice questions
  • Chapter 17: Day 16: Security Architecture and Design
    • Assurance
      • Common Criteria (CC)
    • Certification and accreditation
      • DITSCAP
      • NIACAP
      • DIACAP
      • SSE-CMM
        • Security engineering practices
        • Security organizational processes
    • Information security models
      • Take-Grant model
      • Bell-LaPadula model
      • Biba model
      • Clark-Wilson Model
    • Summary
    • Practice questions

M. L. Srinivasan

Popularly known as MLS, the author is an Information Technology and Information Security professional and has about 18 years experience in various domains of IT such as Software Programming, Hardware Troubleshooting, Networking Technologies, Systems Administration, Security Administration; Information Security-related consulting, audit and training. MLS has been an avid trainer through out his career and has developed many short-term and long-term training programs. One such program is "Certified Vulnerability Assessor (cVa)", which is accredited by a leading ISO certifying agency. He's a prolific speaker and trainer and has presented many papers related to Network Security in International conventions and conferences.

He was the Technical Director of Secure Matrix, an India-based company that provides security consulting and audits. During his tenure in the last four years, he led the team of consultants to implement many ISO 27001-certification projects across India, the Middle East, and Africa.

He is a specialist IT and IS auditor with Det Norske Veritas (DNV), India region. He has performed many quality and information security audits to hundreds of medium and large organizations in the past 10 years.

He is at present the Chairman and CEO of ChennaiNet, a technology company focused on IT and IS-related product development, services, and training.




Contact M. L. Srinivasan

Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


Errata

- 7 submitted: last submission 10 Sep 2012

Errata type: Typo | Page number: 0

In the "About the Reviewer" section infromation should be information and oppurtunities should be opportunities.

Errata type: Other | Page number: 0

Here are the answers to the questions at the end of each chapter:
Chapter 2: 1.c; 2.b; 3.a; 4.c; 5.b
Chapter 3: 1.d; 2.c; 3.a; 4.b; 5.c
Chapter 4: 1.d; 2.d; 3.c; 4.c; 5.c
Chapter 5: 1.c; 2.c; 3.c; 4.c; 5.c
Chapter 6: 1.d; 2.b; 3.b; 4.c; 5.b
Chapter 7: 1.d; 2.a; 3.c; 4.a; 5.c
Chapter 8: 1.c; 2.d; 3.d; 4.d; 5.b
Chapter 9: 1.a; 2.c; 3.b; 4.b; 5.b
Chapter10: 1.d; 2.b; 3.c; 4.c; 5.a
Chapter11: 1.c; 2.d; 3.b; 4.b; 5.a
(please note in question three the word NOT has to be removed)
Chapter12: 1.c; 2.d; 3.d; 4.c; 5.a
Chapter13: 1.a; 2.c; 3.d; 4.c; 5.a
Chapter14: 1.c; 2.b; 3.c; 4.c; 5.a
Chapter15: 1.b; 2.c; 3.b; 4.d; 5.b
Chapter16: 1.d; 2.c; 3.b; 4.b; 5.a
Chapter17: 1.d; 2.c; 3.c; 4.a; 5.b
Chapter18: 1.c; 2.b; 3.d; 4.a; 5.b
Chapter19: 1.b; 2.a; 3.b; 4.a; 5.a
Chapter20: 1.c; 2.a; 3.b; 4.a; 5.d
Chapter21: 1.c; 2.d; 3.c; 4.b; 5.c

Errata type: Typo | Page number: 96

2nd paragraph after the note. "RSS and elliptic curve..." Here RSS should be RSA

Errata type: Typo | Page number: 103

Point number 4 on Adaptive chosen-plain text attack - "dynamic passion" should be "dynamic fashion".

Errata type: Typo | Page number: 104

In the para "WPA2 is an advanced protocol certified by the Wi-Fi alliance. This protocol fulfills the mandatory requirements of the IEE 822.11i standard and uses the AES algorithm for encryption"....... "IEE 822.11i "..... should be "IEEE 802.11i"

Errata type: Typo | Page number: 169

In the "Internet Protocol version 6 (IPv6)" para "2128" Should be "2 raised to 128"

Errata type: Typo | Page number: 169

In the "Internet Protocol version 4 (IPv4)" para "232" should be "2 raised to 32"

Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

CISSP in 21 Days +    Mastering Prezi for Business Presentations =
50% Off
the second eBook
Price for both: $34.95

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

  • Get to know the requirements of the CISSP examination and structure your preparation accordingly
  • Build your understanding of myriad concepts in the Information Security domain
  • Integrate your existing knowledge, experience, and prior learning to easily remember the concepts
  • Approach the exam confidently with the help of step-by-step preparation and practice questions
  • Practice the full-blown mock-up test to evaluate your knowledge and exam preparation

Introduction
This chapter introduces the organization of the guide, expectations, and the approach adopted.

Day 1: Information Security and Risk Management – Part 1
This chapter covers various concepts that are related to "Security Management Practices; Control Environment and Asset Classification and Controls".

Day 2: Information Security and Risk Management – Part 2
The important requirements of "security awareness and training" and "Risk Assessment and Management" are discussed in this chapter.

Day 3: Physical (Environmental) Security – Part 1
This chapter deals with the threats, vulnerabilities and countermeasures for physical security and physical security design that includes perimeter and interior security.

Day 4: Physical (Environmental) Security – Part 2
This chapter addresses the concepts in Operations / Facility Security and Protecting and Securing equipment.

Day 5: Access Control – Part 1
Access Control-related concepts, methodologies and techniques; Authentication; and Access-related attacks and countermeasures are covered in this chapter.

Day 6:  Access Control – Part 2
Vulnerability Assessment and Penetration Testing-related concepts are covered in this chapter.

Day 7: Cryptography – Part 1
In this chapter, various concepts related to cryptography such as methods and types of encryption as well as application and the use of cryptography are covered.

Day 8: Cryptography – Part 2
In this chapter, core concepts in Public Key Infrastructure, Key management techniques, methods of cryptanalytic attacks as well as various Cryptographic Standards are covered.

Day 9: Operations Security – Part 1
Various concepts in the areas of Operations Procedures and Responsibilities, Incident Management, and Reporting are covered in this chapter.

Day 10: Operations Security – Part 2
Control environment related to operations security as well as evaluation criteria such as TCSEC are covered in this chapter.

Day 11: Application Security – Part 1
This chapter covers Systems Engineering concepts and Software Development Life Cycle models.

Day 12: Application Security – Part 2
IT systems, Threats and Vulnerabilities of application systems, and Application Control concepts are covered in this chapter

Day 13: Telecommunications and Network Security – Part 1
This chapter covers various concepts in network architecture, Open System Interconnect (OSI) and TCP/IP models; various protocols in the TCP/IP model related to the application and transport layers; and threats, vulnerabilities, attacks and countermeasures for TCP/IP protocols and services.

Day 14: Telecommunications and Network Security – Part 2
This chapter covers different protocols that are in the network/internet layer, data link layer and physical layer in the TCP/IP model, some of the threats and vulnerabilities that are prevalent to such protocols and common attacks and possible countermeasures.

Day 15: Security Architecture and Design – Part 1
This chapter covers concepts in Computer Architecture, Trusted Computing Base, and Protection Domain and its related mechanisms.

Day 16: Security Architecture and Design – Part 2
This chapter addresses the concepts in Assurance-related standards, various Certification and Accreditation schemes and various Computer Security models.

Day 17: Business Continuity and Disaster Recovery Planning – Part 1
Various concepts in the Business Continuity Planning domain, its Goals and objectives as well as the concepts in Business Impact Analysis are covered in this chapter.

Day 18: Business Continuity and Disaster Recovery Planning – Part 2
This chapter covers the Disaster Recovery Planning process, various Backup concepts, and the process of Resuming Business from alternative sites.

Day 19: Legal, Regulations, Compliance and Investigations – Part 1
Various Computer Crimes, Cyber Crimes as well as different types of Attacks are covered in this chapter.

Day 20: Legal, Regulations, Compliance, and Investigations – Part 2
This chapter covers various Information Systems-related laws and regulations across the world; concepts related to Computer Investigations and Ethical Usage of information systems as prescribed by international bodies including (ISC)2.

Day 21: Mock Test Paper
This chapter contains a full-blown mock test paper containing a total of 250 questions from all the 10 domains.

References
This chapter provides various references and books that are relevant to CISSP exam preparation.

Guidelines to CISSP Examination
This chapter provides detailed guidelines for exam registration, eligibility criteria, and other important details that are relevant to the CISSP examination. This chapter contains many useful tips to achieve success in the examination.

In Detail

Certified Information Systems Security Professional (CISSP) is an internationally recognized security qualification. Success in this respected exam opens the door to your dream job as a security expert as well as an eye catching salary. But passing the final exam is challenging. Every year a lot of candidates do not prepare sufficiently for the examination, and fail at the final stage. This happens when they cover everything but do not revise properly and hence lack in confidence.

This book will take you through the final weeks before the exam with a day-by-day plan covering all of the exam topics. It will help you to enter the exam room with confidence, knowing that you have done all you can to prepare for the big day.

This small and concise CISSP exam quick-revision guide provides a disciplined approach to be adopted for reviewing and revising the core concepts a month before the exam. This book provides concise explanation of important concepts in all the 10 domains of the CISSP Common Body of Knowledge (CBK). Each domain is covered in two chapters that are represented as days. Each chapter contains some practice questions.  A full-blown mock test is included for practice. This book is not a replacement to full study guides and tries to build on and reemphasize the concepts learned from such guides.

A quick revision guide including study material and practice questions to prepare for the CISSP Exam

Approach

This book adopts a 'concise explanation' approach to describe the concepts in the 10 Information Security domains that are covered in the CISSP examination. Hence, this book is a 'quick revision guide' and as such is expected to be studied in the month prior to examination. By breaking down difficult concepts and theories to simple 2 to 4-line sentences the assimilation and most importantly 'recall' of a concept is improved. Hence, this approach helps a candidate to focus on the core concepts before the exams and to recall them and relate them with other concepts to aid in identifying the right answer during the exam.

Who this book is for

This book is for all aspirants who are planning to take the CISSP examination and obtain the coveted CISSP certification that is considered as the 'Gold Standard' in Information Security personal certification.

This book assumes that the candidate has already sufficient knowledge in all the 10 domains of the CISSP CBK by way of experience from work and knowledge gained from other study books. This book provides concise explanations to the core concepts that are essentially covered in the exam.

Besides being an Information Security-focused guide, this book will also be useful as a quick reference and revision guide for System and Network Administrators, Database Administrators, System Analysts, Software Developers, Application Designers, System Architects, Legal Professionals, Security Officers, Business Continuity professionals, IT Auditors, IS Auditors, Vulnerability Assessors, Penetration Testers, and Ethical Hackers.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software