Free Sample
+ Collection
Code Files

CISSP in 21 Days

Starting
M. L. Srinivasan

Boost your confidence and get a competitive edge to crack the exam
$23.99
$39.99
RRP $23.99
RRP $39.99
eBook
Print + eBook

Want this title & more?

$21.99 p/month

Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781847194503
Paperback320 pages

About This Book

  • A concise quick revision guide for CISSP exam preparation
  • Disciplined study approach a month before exam
  • Complete coverage of the prescribed syllabus
  • Lot of questions on each topic for practice; an extra question bank with the latest questions

Who This Book Is For

This book is for all aspirants who are planning to take the CISSP examination and obtain the coveted CISSP certification that is considered as the 'Gold Standard' in Information Security personal certification.

This book assumes that the candidate has already sufficient knowledge in all the 10 domains of the CISSP CBK by way of experience from work and knowledge gained from other study books. This book provides concise explanations to the core concepts that are essentially covered in the exam.

Besides being an Information Security-focused guide, this book will also be useful as a quick reference and revision guide for System and Network Administrators, Database Administrators, System Analysts, Software Developers, Application Designers, System Architects, Legal Professionals, Security Officers, Business Continuity professionals, IT Auditors, IS Auditors, Vulnerability Assessors, Penetration Testers, and Ethical Hackers.

Table of Contents

Chapter 1: Introduction to CISSP
Eligibility requirements for the CISSP exam and certification
The (ISC)² CBK security domains
Approach
Summary
Chapter 2: Day1: Information Security and Risk Management
Knowledge requirements
The approach
Security management practices
Control environment
Standards and guidelines
Security posture
Asset classification and control
Summary
Practice questions
Chapter 3: Day 2: Information Security and Risk Management
Security awareness and training
Risk assessment and management
Summary
Practice questions
Chapter 4: Day 3: Physical (Environmental) Security
Knowledge requirements
The approach
Threats, vulnerabilities, and countermeasures for physical security
Physical security design
Perimeter security
Interior security
Summary
Practice questions
Chapter 5: Day 4: Physical (Environmental) Security
Operations/Facility security
Protecting and securing equipments
Summary
Practice questions
Chapter 6: Day 5: Access Control
Knowledge requirements
The approach
Access control concepts, methodologies, and techniques
Access control and authentication
Access control attacks and countermeasures
Summary
Practice questions
Chapter 7: Day 6: Access Control
Vulnerability assessment
Penetration testing
Common myths about vulnerability assessment and penetration testing
CVE and CVSS
Summary
Practice questions
Chapter 8: Day 7: Cryptography
Key areas of knowledge
The approach
Methods of encryption
Types of encryption
Key length and security
Summary of encryption types
Application and use of cryptography
Summary
Practice questions
Chapter 9: Day 8: Cryptography
Public key infrastructure
Methods of cryptanalytic attacks
Cryptographic standards
Summary
Practice questions
Chapter 10: Day 9: Operations Security
Knowledge requirements
The approach
Operations procedure and responsibilities
Incident management and reporting
Summary
Practice questions
Chapter 11: Day 10: Operations Security
Administrative management and control
Other controls
System evaluation standards
Summary
Practice questions
Chapter 12: Day 11: Application Security
Knowledge requirements
The approach
Systems engineering
Software Development Life Cycle
Summary
Practice questions
Chapter 13: Day 12: Application Security
Introduction to Information Technology systems
Threats and vulnerabilities to application systems
Web application security
Application controls
Summary
Practice questions
Chapter 14: Day 13: Telecommunications and Network Security
Knowledge requirements
The approach
Network architecture, protocols, and technologies
Summary
Practice questions
Chapter 15: Day 14: Telecommunications and Network Security
Transport layer
Network or Internet layer
Link layer
Summary
Practice questions
Chapter 16: Day 15: Security Architecture and Design
Knowledge requirements
The approach
Computer architecture
Summary
Practice questions
Chapter 17: Day 16: Security Architecture and Design
Assurance
Certification and accreditation
Information security models
Summary
Practice questions
Chapter 18: Day 17: Business Continuity and Disaster Recovery Planning
Knowledge requirements
The approach
Business Continuity Planning (BCP)
Summary
Practice questions
Chapter 19: Day 18: Business Continuity and Disaster Recovery Planning
Disaster Recovery Planning (DRP)
Summary
Practice questions
Chapter 20: Day 19: Legal, Regulations, Compliance, and Investigations
Knowledge requirements
The approach
Computer crimes
Cyber crime
Computer crime related incidents
Summary
Practice questions
Chapter 21: Day 20: Legal, Regulations, Compliance, and Investigations
Legal and regulatory frameworks
Computer investigations
Ethical usage of information systems
Summary
Practice questions
Chapter 22: Day 21: Mock Test Paper
Questions
Answers
Chapter 23: References

What You Will Learn

  • Get to know the requirements of the CISSP examination and structure your preparation accordingly
  • Build your understanding of myriad concepts in the Information Security domain
  • Integrate your existing knowledge, experience, and prior learning to easily remember the concepts
  • Approach the exam confidently with the help of step-by-step preparation and practice questions
  • Practice the full-blown mock-up test to evaluate your knowledge and exam preparation

Introduction
This chapter introduces the organization of the guide, expectations, and the approach adopted.

Day 1: Information Security and Risk Management – Part 1
This chapter covers various concepts that are related to "Security Management Practices; Control Environment and Asset Classification and Controls".

Day 2: Information Security and Risk Management – Part 2
The important requirements of "security awareness and training" and "Risk Assessment and Management" are discussed in this chapter.

Day 3: Physical (Environmental) Security – Part 1
This chapter deals with the threats, vulnerabilities and countermeasures for physical security and physical security design that includes perimeter and interior security.

Day 4: Physical (Environmental) Security – Part 2
This chapter addresses the concepts in Operations / Facility Security and Protecting and Securing equipment.

Day 5: Access Control – Part 1
Access Control-related concepts, methodologies and techniques; Authentication; and Access-related attacks and countermeasures are covered in this chapter.

Day 6:  Access Control – Part 2
Vulnerability Assessment and Penetration Testing-related concepts are covered in this chapter.

Day 7: Cryptography – Part 1
In this chapter, various concepts related to cryptography such as methods and types of encryption as well as application and the use of cryptography are covered.

Day 8: Cryptography – Part 2
In this chapter, core concepts in Public Key Infrastructure, Key management techniques, methods of cryptanalytic attacks as well as various Cryptographic Standards are covered.

Day 9: Operations Security – Part 1
Various concepts in the areas of Operations Procedures and Responsibilities, Incident Management, and Reporting are covered in this chapter.

Day 10: Operations Security – Part 2
Control environment related to operations security as well as evaluation criteria such as TCSEC are covered in this chapter.

Day 11: Application Security – Part 1
This chapter covers Systems Engineering concepts and Software Development Life Cycle models.

Day 12: Application Security – Part 2
IT systems, Threats and Vulnerabilities of application systems, and Application Control concepts are covered in this chapter

Day 13: Telecommunications and Network Security – Part 1
This chapter covers various concepts in network architecture, Open System Interconnect (OSI) and TCP/IP models; various protocols in the TCP/IP model related to the application and transport layers; and threats, vulnerabilities, attacks and countermeasures for TCP/IP protocols and services.

Day 14: Telecommunications and Network Security – Part 2
This chapter covers different protocols that are in the network/internet layer, data link layer and physical layer in the TCP/IP model, some of the threats and vulnerabilities that are prevalent to such protocols and common attacks and possible countermeasures.

Day 15: Security Architecture and Design – Part 1
This chapter covers concepts in Computer Architecture, Trusted Computing Base, and Protection Domain and its related mechanisms.

Day 16: Security Architecture and Design – Part 2
This chapter addresses the concepts in Assurance-related standards, various Certification and Accreditation schemes and various Computer Security models.

Day 17: Business Continuity and Disaster Recovery Planning – Part 1
Various concepts in the Business Continuity Planning domain, its Goals and objectives as well as the concepts in Business Impact Analysis are covered in this chapter.

Day 18: Business Continuity and Disaster Recovery Planning – Part 2
This chapter covers the Disaster Recovery Planning process, various Backup concepts, and the process of Resuming Business from alternative sites.

Day 19: Legal, Regulations, Compliance and Investigations – Part 1
Various Computer Crimes, Cyber Crimes as well as different types of Attacks are covered in this chapter.

Day 20: Legal, Regulations, Compliance, and Investigations – Part 2
This chapter covers various Information Systems-related laws and regulations across the world; concepts related to Computer Investigations and Ethical Usage of information systems as prescribed by international bodies including (ISC)2.

Day 21: Mock Test Paper
This chapter contains a full-blown mock test paper containing a total of 250 questions from all the 10 domains.

References
This chapter provides various references and books that are relevant to CISSP exam preparation.

Guidelines to CISSP Examination
This chapter provides detailed guidelines for exam registration, eligibility criteria, and other important details that are relevant to the CISSP examination. This chapter contains many useful tips to achieve success in the examination.

In Detail

Certified Information Systems Security Professional (CISSP) is an internationally recognized security qualification. Success in this respected exam opens the door to your dream job as a security expert as well as an eye catching salary. But passing the final exam is challenging. Every year a lot of candidates do not prepare sufficiently for the examination, and fail at the final stage. This happens when they cover everything but do not revise properly and hence lack in confidence.

This book will take you through the final weeks before the exam with a day-by-day plan covering all of the exam topics. It will help you to enter the exam room with confidence, knowing that you have done all you can to prepare for the big day.

This small and concise CISSP exam quick-revision guide provides a disciplined approach to be adopted for reviewing and revising the core concepts a month before the exam. This book provides concise explanation of important concepts in all the 10 domains of the CISSP Common Body of Knowledge (CBK). Each domain is covered in two chapters that are represented as days. Each chapter contains some practice questions.  A full-blown mock test is included for practice. This book is not a replacement to full study guides and tries to build on and reemphasize the concepts learned from such guides.

Authors

Read More