62,80 €*
Versandkostenfrei per Post / DHL
auf Lager, Lieferzeit 1-2 Werktage
Your Complete Guide to Preparing for the CISSP Certification, Updated for the CISSP 2024 Objectives
The ISC2® CISSP® Certified Information Systems Security Professional Official Study Guide, 10th Edition is your one-stop resource for complete coverage of the 2024 CISSP objectives. You'll prepare for the exam smarter and faster with Sybex thanks to superior content including: an introductory assessment test that checks your readiness, objective map, written labs, key topic study essentials, and challenging chapter review questions. Reinforce what you have learned with the exclusive Sybex online learning environment and test bank. Get prepared to prove your CISSP knowledge with Sybex.
Coverage of all CISSP Detailed Content Outline objectives in this Study Guide means you'll be ready for:
Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management (IAM) Security Assessment and Testing Security Operations Software Development SecurityInteractive learning environment:
Take your certification prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, simply visit [...] register to receive your unique PIN, and instantly gain one year of FREE access to:
- Interactive test bank with four additional practice exams, each with 125 unique questions. Practice exams help you identify areas where further review is needed.
- More than 2 hours of audio review read by author Mike Chapple.
- More than 1,000 electronic flashcards to reinforce learning and last minute prep.
- Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared
ABOUT THE CISSP CERTIFICATION
The CISSP is the most globally recognized certification in the information security market. This vendor neutral certification validates an information security professional's deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization. ISC2 is a global nonprofit organization that maintains the Common Body of Knowledge for information security professionals. Candidates must have experience, subscribe to the ISC2 Code of Ethics, and maintain continuing education requirements or recertify every three years. Visit [...] to learn more.
Your Complete Guide to Preparing for the CISSP Certification, Updated for the CISSP 2024 Objectives
The ISC2® CISSP® Certified Information Systems Security Professional Official Study Guide, 10th Edition is your one-stop resource for complete coverage of the 2024 CISSP objectives. You'll prepare for the exam smarter and faster with Sybex thanks to superior content including: an introductory assessment test that checks your readiness, objective map, written labs, key topic study essentials, and challenging chapter review questions. Reinforce what you have learned with the exclusive Sybex online learning environment and test bank. Get prepared to prove your CISSP knowledge with Sybex.
Coverage of all CISSP Detailed Content Outline objectives in this Study Guide means you'll be ready for:
Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management (IAM) Security Assessment and Testing Security Operations Software Development SecurityInteractive learning environment:
Take your certification prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, simply visit [...] register to receive your unique PIN, and instantly gain one year of FREE access to:
- Interactive test bank with four additional practice exams, each with 125 unique questions. Practice exams help you identify areas where further review is needed.
- More than 2 hours of audio review read by author Mike Chapple.
- More than 1,000 electronic flashcards to reinforce learning and last minute prep.
- Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared
ABOUT THE CISSP CERTIFICATION
The CISSP is the most globally recognized certification in the information security market. This vendor neutral certification validates an information security professional's deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization. ISC2 is a global nonprofit organization that maintains the Common Body of Knowledge for information security professionals. Candidates must have experience, subscribe to the ISC2 Code of Ethics, and maintain continuing education requirements or recertify every three years. Visit [...] to learn more.
Mike Chapple, PhD, CISSP, CCSP, is a teaching professor of IT, analytics, and operations at the University of Notre Dame. He is a cybersecurity professional and educator with over 25 years experience including as chief information officer of Brand Institute and an information security researcher with the National Security Agency and the U.S. Air Force. Mike is the author of more than 200 books and video courses and provides cybersecurity certification resources at [...].
James Michael Stewart, CISSP, has been writing and training for more than 25 years, with a focus on security. He has been teaching CISSP training courses since 2002, not to mention other courses on Internet security and ethical hacking/penetration testing. He is the author of and contributor to more than 80 books on security certification.
Darril Gibson, CISSP, (1958-2022) was the CEO of YCDA, LLC and regularly wrote and consulted on a wide variety of technical and security topics and held numerous other security certifications. He authored or coauthored more than 30 books including multiple prior editions of the CISSP Study Guide.
Introduction xxxv
Assessment Test lx
Chapter 1 Security Governance Through Principles and Policies 1
Security 101 3
Understand and Apply Security Concepts 4
Security Boundaries 13
Evaluate and Apply Security Governance Principles 14
Manage the Security Function 16
Security Policy, Standards, Procedures, and Guidelines 27
Threat Modeling 29
Supply Chain Risk Management 35
Summary 38
Study Essentials 39
Written Lab 41
Review Questions 42
Chapter 2 Personnel Security and Risk Management Concepts 49
Personnel Security Policies and Procedures 51
Understand and Apply Risk Management Concepts 60
Social Engineering 90
Establish and Maintain a Security Awareness, Education, and Training Program 106
Summary 110
Study Essentials 111
Written Lab 114
Review Questions 115
Chapter 3 Business Continuity Planning 121
Planning for Business Continuity 122
Project Scope and Planning 123
Business Impact Analysis 131
Continuity Planning 137
Plan Approval and Implementation 140
Summary 145
Study Essentials 145
Written Lab 146
Review Questions 147
Chapter 4 Laws, Regulations, and Compliance 151
Categories of Laws 152
Laws 155
State Privacy Laws 179
Compliance 179
Contracting and Procurement 181
Summary 182
Study Essentials 182
Written Lab 184
Review Questions 185
Chapter 5 Protecting Security of Assets 189
Identifying and Classifying Information and Assets 190
Establishing Information and Asset Handling Requirements 198
Data Protection Methods 208
Understanding Data Roles 214
Using Security Baselines 216
Summary 219
Study Essentials 220
Written Lab 221
Review Questions 222
Chapter 6 Cryptography and Symmetric Key Algorithms 227
Cryptographic Foundations 228
Modern Cryptography 246
Symmetric Cryptography 253
Cryptographic Life Cycle 263
Summary 264
Study Essentials 264
Written Lab 266
Review Questions 267
Chapter 7 PKI and Cryptographic Applications 271
Asymmetric Cryptography 272
Hash Functions 279
Digital Signatures 283
Public Key Infrastructure 286
Asymmetric Key Management 292
Hybrid Cryptography 293
Applied Cryptography 294
Cryptographic Attacks 306
Summary 309
Study Essentials 310
Written Lab 311
Review Questions 312
Chapter 8 Principles of Security Models, Design, and Capabilities 317
Secure Design Principles 319
Techniques for Ensuring CIA 330
Understand the Fundamental Concepts of Security Models 332
Select Controls Based on Systems Security Requirements 345
Understand Security Capabilities of Information Systems 349
Summary 352
Study Essentials 353
Written Lab 354
Review Questions 355
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 359
Shared Responsibility 360
Data Localization and Data Sovereignty 362
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 363
Client¿Based Systems 378
Server¿Based Systems 381
Industrial Control Systems 384
Distributed Systems 386
High¿Performance Computing (HPC) Systems 387
Real¿Time Operating Systems 388
Internet of Things 389
Edge and Fog Computing 390
Embedded Devices and Cyber¿Physical Systems 391
Microservices 396
Infrastructure as Code 397
Immutable Architecture 398
Virtualized Systems 399
Containerization 406
Mobile Devices 407
Essential Security Protection Mechanisms 424
Common Security Architecture Flaws and Issues 427
Summary 431
Study Essentials 432
Written Lab 436
Review Questions 437
Chapter 10 Physical Security Requirements 443
Apply Security Principles to Site and Facility Design 444
Implement Site and Facility Security Controls 449
Implement and Manage Physical Security 473
Summary 480
Study Essentials 481
Written Lab 484
Review Questions 485
Chapter 11 Secure Network Architecture and Components 491
OSI Model 493
TCP/IP Model 501
Analyzing Network Traffic 502
Common Application Layer Protocols 503
Transport Layer Protocols 504
Domain Name System 506
Internet Protocol (IP) Networking 512
ARP Concerns 516
Secure Communication Protocols 517
Implications of Multilayer Protocols 518
Segmentation 523
Edge Networks 526
Wireless Networks 527
Satellite Communications 543
Cellular Networks 544
Content Distribution Networks (CDNs) 544
Secure Network Components 545
Summary 572
Study Essentials 573
Written Lab 575
Review Questions 576
Chapter 12 Secure Communications and Network Attacks 581
Protocol Security Mechanisms 582
Secure Voice Communications 587
Remote Access Security Management 591
Multimedia Collaboration 595
Monitoring and Management 597
Load Balancing 597
Manage Email Security 600
Virtual Private Network 606
Switching and Virtual LANs 613
Network Address Translation 617
Third¿Party Connectivity 622
Switching Technologies 624
WAN Technologies 626
Fiber¿Optic Links 629
Prevent or Mitigate Network Attacks 630
Summary 631
Study Essentials 632
Written Lab 635
Review Questions 636
Chapter 13 Managing Identity and Authentication 641
Controlling Access to Assets 643
The AAA Model 645
Implementing Identity Management 662
Managing the Identity and Access Provisioning Life Cycle 668
Summary 672
Study Essentials 672
Written Lab 675
Review Questions 676
Chapter 14 Controlling and Monitoring Access 681
Comparing Access Control Models 682
Implementing Authentication Systems 694
ZeröTrust Access Policy Enforcement 702
Understanding Access Control Attacks 703
Summary 719
Study Essentials 720
Written Lab 721
Review Questions 722
Chapter 15 Security Assessment and Testing 727
Building a Security Assessment and Testing Program 729
Performing Vulnerability Assessments 735
Testing Your Software 750
Training and Exercises 758
Implementing Security Management Processes and Collecting Security Process Data 759
Summary 762
Exam Essentials 763
Written Lab 764
Review Questions 765
Chapter 16 Managing Security Operations 769
Apply Foundational Security Operations Concepts 771
Address Personnel Safety and Security 778
Provision Information and Assets Securely 780
Managed Services in the Cloud 786
Perform Configuration Management (CM) 790
Manage Change 793
Manage Patches and Reduce Vulnerabilities 797
Summary 801
Study Essentials 802
Written Lab 804
Review Questions 805
Chapter 17 Preventing and Responding to Incidents 809
Conducting Incident Management 811
Implementing Detection and Preventive Measures 818
Logging and Monitoring 842
Automating Incident Response 854
Summary 860
Study Essentials 860
Written Lab 863
Review Questions 864
Chapter 18 Disaster Recovery Planning 869
The Nature of Disaster 871
Understand System Resilience, High Availability, and Fault Tolerance 883
Recovery Strategy 888
Recovery Plan Development 898
Training, Awareness, and Documentation 906
Testing and Maintenance 907
Summary 911
Study Essentials 912
Written Lab 913
Review Questions 914
Chapter 19 Investigations and Ethics 919
Investigations 920
Major Categories of Computer Crime 934
Ethics 940
Summary 944
Study Essentials 945
Written Lab 946
Review Questions 947
Chapter 20 Software Development Security 951
Introducing Systems Development Controls 953
Establishing Databases and Data Warehousing 984
Storage Threats 994
Understanding Knowledge¿ Based Systems 995
Summary 998
Study Essentials 998
Written Lab 1000
Review Questions 1001
Chapter 21 Malicious Code and Application Attacks 1005
Malware 1006
Malware Prevention 1018
Application Attacks 1021
Injection Vulnerabilities 1024
Exploiting Authorization Vulnerabilities 1030
Exploiting Web Application Vulnerabilities 1033
Application Security Controls 1038
Secure Coding Practices 1044
Summary 1048
Study Essentials 1048
Written Lab 1049
Review Questions 1050
Appendix A Answers to Review Questions 1055
Chapter 1: Security Governance Through Principles and Policies 1056
Chapter 2: Personnel Security and Risk Management Concepts 1059
Chapter 3: Business Continuity Planning 1063
Chapter 4: Laws, Regulations, and Compliance 1065
Chapter 5: Protecting Security of Assets 1068
Chapter 6: Cryptography and Symmetric Key Algorithms 1070
Chapter 7: PKI and Cryptographic Applications 1072
Chapter 8: Principles of Security Models, Design, and Capabilities 1074
Chapter 9: Security Vulnerabilities,...
| Erscheinungsjahr: | 2024 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Importe, Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Taschenbuch |
| Reihe: | Sybex Study Guide |
| Inhalt: | Einband - flex.(Paperback) |
| ISBN-13: | 9781394254699 |
| ISBN-10: | 1394254695 |
| Sprache: | Englisch |
| Einband: | Kartoniert / Broschiert |
| Autor: |
Chapple, Mike
Stewart, James Michael Gibson, Darril |
| Auflage: | 10th edition |
| Hersteller: |
Wiley John + Sons
Sybex |
| Verantwortliche Person für die EU: | Zeitfracht Medien GmbH, Ferdinand-Jühlke-Str. 7, D-99095 Erfurt, produktsicherheit@zeitfracht.de |
| Maße: | 234 x 187 x 49 mm |
| Von/Mit: | Mike Chapple (u. a.) |
| Erscheinungsdatum: | 04.06.2024 |
| Gewicht: | 1,906 kg |
Mike Chapple, PhD, CISSP, CCSP, is a teaching professor of IT, analytics, and operations at the University of Notre Dame. He is a cybersecurity professional and educator with over 25 years experience including as chief information officer of Brand Institute and an information security researcher with the National Security Agency and the U.S. Air Force. Mike is the author of more than 200 books and video courses and provides cybersecurity certification resources at [...].
James Michael Stewart, CISSP, has been writing and training for more than 25 years, with a focus on security. He has been teaching CISSP training courses since 2002, not to mention other courses on Internet security and ethical hacking/penetration testing. He is the author of and contributor to more than 80 books on security certification.
Darril Gibson, CISSP, (1958-2022) was the CEO of YCDA, LLC and regularly wrote and consulted on a wide variety of technical and security topics and held numerous other security certifications. He authored or coauthored more than 30 books including multiple prior editions of the CISSP Study Guide.
Introduction xxxv
Assessment Test lx
Chapter 1 Security Governance Through Principles and Policies 1
Security 101 3
Understand and Apply Security Concepts 4
Security Boundaries 13
Evaluate and Apply Security Governance Principles 14
Manage the Security Function 16
Security Policy, Standards, Procedures, and Guidelines 27
Threat Modeling 29
Supply Chain Risk Management 35
Summary 38
Study Essentials 39
Written Lab 41
Review Questions 42
Chapter 2 Personnel Security and Risk Management Concepts 49
Personnel Security Policies and Procedures 51
Understand and Apply Risk Management Concepts 60
Social Engineering 90
Establish and Maintain a Security Awareness, Education, and Training Program 106
Summary 110
Study Essentials 111
Written Lab 114
Review Questions 115
Chapter 3 Business Continuity Planning 121
Planning for Business Continuity 122
Project Scope and Planning 123
Business Impact Analysis 131
Continuity Planning 137
Plan Approval and Implementation 140
Summary 145
Study Essentials 145
Written Lab 146
Review Questions 147
Chapter 4 Laws, Regulations, and Compliance 151
Categories of Laws 152
Laws 155
State Privacy Laws 179
Compliance 179
Contracting and Procurement 181
Summary 182
Study Essentials 182
Written Lab 184
Review Questions 185
Chapter 5 Protecting Security of Assets 189
Identifying and Classifying Information and Assets 190
Establishing Information and Asset Handling Requirements 198
Data Protection Methods 208
Understanding Data Roles 214
Using Security Baselines 216
Summary 219
Study Essentials 220
Written Lab 221
Review Questions 222
Chapter 6 Cryptography and Symmetric Key Algorithms 227
Cryptographic Foundations 228
Modern Cryptography 246
Symmetric Cryptography 253
Cryptographic Life Cycle 263
Summary 264
Study Essentials 264
Written Lab 266
Review Questions 267
Chapter 7 PKI and Cryptographic Applications 271
Asymmetric Cryptography 272
Hash Functions 279
Digital Signatures 283
Public Key Infrastructure 286
Asymmetric Key Management 292
Hybrid Cryptography 293
Applied Cryptography 294
Cryptographic Attacks 306
Summary 309
Study Essentials 310
Written Lab 311
Review Questions 312
Chapter 8 Principles of Security Models, Design, and Capabilities 317
Secure Design Principles 319
Techniques for Ensuring CIA 330
Understand the Fundamental Concepts of Security Models 332
Select Controls Based on Systems Security Requirements 345
Understand Security Capabilities of Information Systems 349
Summary 352
Study Essentials 353
Written Lab 354
Review Questions 355
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 359
Shared Responsibility 360
Data Localization and Data Sovereignty 362
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 363
Client¿Based Systems 378
Server¿Based Systems 381
Industrial Control Systems 384
Distributed Systems 386
High¿Performance Computing (HPC) Systems 387
Real¿Time Operating Systems 388
Internet of Things 389
Edge and Fog Computing 390
Embedded Devices and Cyber¿Physical Systems 391
Microservices 396
Infrastructure as Code 397
Immutable Architecture 398
Virtualized Systems 399
Containerization 406
Mobile Devices 407
Essential Security Protection Mechanisms 424
Common Security Architecture Flaws and Issues 427
Summary 431
Study Essentials 432
Written Lab 436
Review Questions 437
Chapter 10 Physical Security Requirements 443
Apply Security Principles to Site and Facility Design 444
Implement Site and Facility Security Controls 449
Implement and Manage Physical Security 473
Summary 480
Study Essentials 481
Written Lab 484
Review Questions 485
Chapter 11 Secure Network Architecture and Components 491
OSI Model 493
TCP/IP Model 501
Analyzing Network Traffic 502
Common Application Layer Protocols 503
Transport Layer Protocols 504
Domain Name System 506
Internet Protocol (IP) Networking 512
ARP Concerns 516
Secure Communication Protocols 517
Implications of Multilayer Protocols 518
Segmentation 523
Edge Networks 526
Wireless Networks 527
Satellite Communications 543
Cellular Networks 544
Content Distribution Networks (CDNs) 544
Secure Network Components 545
Summary 572
Study Essentials 573
Written Lab 575
Review Questions 576
Chapter 12 Secure Communications and Network Attacks 581
Protocol Security Mechanisms 582
Secure Voice Communications 587
Remote Access Security Management 591
Multimedia Collaboration 595
Monitoring and Management 597
Load Balancing 597
Manage Email Security 600
Virtual Private Network 606
Switching and Virtual LANs 613
Network Address Translation 617
Third¿Party Connectivity 622
Switching Technologies 624
WAN Technologies 626
Fiber¿Optic Links 629
Prevent or Mitigate Network Attacks 630
Summary 631
Study Essentials 632
Written Lab 635
Review Questions 636
Chapter 13 Managing Identity and Authentication 641
Controlling Access to Assets 643
The AAA Model 645
Implementing Identity Management 662
Managing the Identity and Access Provisioning Life Cycle 668
Summary 672
Study Essentials 672
Written Lab 675
Review Questions 676
Chapter 14 Controlling and Monitoring Access 681
Comparing Access Control Models 682
Implementing Authentication Systems 694
ZeröTrust Access Policy Enforcement 702
Understanding Access Control Attacks 703
Summary 719
Study Essentials 720
Written Lab 721
Review Questions 722
Chapter 15 Security Assessment and Testing 727
Building a Security Assessment and Testing Program 729
Performing Vulnerability Assessments 735
Testing Your Software 750
Training and Exercises 758
Implementing Security Management Processes and Collecting Security Process Data 759
Summary 762
Exam Essentials 763
Written Lab 764
Review Questions 765
Chapter 16 Managing Security Operations 769
Apply Foundational Security Operations Concepts 771
Address Personnel Safety and Security 778
Provision Information and Assets Securely 780
Managed Services in the Cloud 786
Perform Configuration Management (CM) 790
Manage Change 793
Manage Patches and Reduce Vulnerabilities 797
Summary 801
Study Essentials 802
Written Lab 804
Review Questions 805
Chapter 17 Preventing and Responding to Incidents 809
Conducting Incident Management 811
Implementing Detection and Preventive Measures 818
Logging and Monitoring 842
Automating Incident Response 854
Summary 860
Study Essentials 860
Written Lab 863
Review Questions 864
Chapter 18 Disaster Recovery Planning 869
The Nature of Disaster 871
Understand System Resilience, High Availability, and Fault Tolerance 883
Recovery Strategy 888
Recovery Plan Development 898
Training, Awareness, and Documentation 906
Testing and Maintenance 907
Summary 911
Study Essentials 912
Written Lab 913
Review Questions 914
Chapter 19 Investigations and Ethics 919
Investigations 920
Major Categories of Computer Crime 934
Ethics 940
Summary 944
Study Essentials 945
Written Lab 946
Review Questions 947
Chapter 20 Software Development Security 951
Introducing Systems Development Controls 953
Establishing Databases and Data Warehousing 984
Storage Threats 994
Understanding Knowledge¿ Based Systems 995
Summary 998
Study Essentials 998
Written Lab 1000
Review Questions 1001
Chapter 21 Malicious Code and Application Attacks 1005
Malware 1006
Malware Prevention 1018
Application Attacks 1021
Injection Vulnerabilities 1024
Exploiting Authorization Vulnerabilities 1030
Exploiting Web Application Vulnerabilities 1033
Application Security Controls 1038
Secure Coding Practices 1044
Summary 1048
Study Essentials 1048
Written Lab 1049
Review Questions 1050
Appendix A Answers to Review Questions 1055
Chapter 1: Security Governance Through Principles and Policies 1056
Chapter 2: Personnel Security and Risk Management Concepts 1059
Chapter 3: Business Continuity Planning 1063
Chapter 4: Laws, Regulations, and Compliance 1065
Chapter 5: Protecting Security of Assets 1068
Chapter 6: Cryptography and Symmetric Key Algorithms 1070
Chapter 7: PKI and Cryptographic Applications 1072
Chapter 8: Principles of Security Models, Design, and Capabilities 1074
Chapter 9: Security Vulnerabilities,...
| Erscheinungsjahr: | 2024 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Importe, Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Taschenbuch |
| Reihe: | Sybex Study Guide |
| Inhalt: | Einband - flex.(Paperback) |
| ISBN-13: | 9781394254699 |
| ISBN-10: | 1394254695 |
| Sprache: | Englisch |
| Einband: | Kartoniert / Broschiert |
| Autor: |
Chapple, Mike
Stewart, James Michael Gibson, Darril |
| Auflage: | 10th edition |
| Hersteller: |
Wiley John + Sons
Sybex |
| Verantwortliche Person für die EU: | Zeitfracht Medien GmbH, Ferdinand-Jühlke-Str. 7, D-99095 Erfurt, produktsicherheit@zeitfracht.de |
| Maße: | 234 x 187 x 49 mm |
| Von/Mit: | Mike Chapple (u. a.) |
| Erscheinungsdatum: | 04.06.2024 |
| Gewicht: | 1,906 kg |
Ähnliche Produkte
Lieferzeit 1-2 Wochen
Lieferzeit 2-4 Werktage