Scribd
Upload
376 views14 pages

Epidemics The Story of South Africas Five Most Lethal Human Diseases 1st Edition Readable Ebook Download

The document discusses the evolution and significance of the CISSP certification in the information security field, highlighting its growth from 500 initial applicants to over 100,000 credential holders worldwide. It emphasizes the importance of the CISSP Study Guide as a comprehensive learning tool for certification candidates, reflecting the latest industry topics and standards. The document also acknowledges contributors and outlines the structure of the study guide, covering various domains essential for cybersecurity professionals.

Uploaded by

koac.hric.hguanhbach
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
376 views14 pages

Epidemics The Story of South Africas Five Most Lethal Human Diseases 1st Edition Readable Ebook Download

The document discusses the evolution and significance of the CISSP certification in the information security field, highlighting its growth from 500 initial applicants to over 100,000 credential holders worldwide. It emphasizes the importance of the CISSP Study Guide as a comprehensive learning tool for certification candidates, reflecting the latest industry topics and standards. The document also acknowledges contributors and outlines the structure of the study guide, covering various domains essential for cybersecurity professionals.

Uploaded by

koac.hric.hguanhbach
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Epidemics The Story of South Africas Five Most Lethal

Human Diseases 1st Edition

Visit the link below to download the full version of this book:

https://medipdf.com/product/epidemics-the-story-of-south-africas-five-most-letha
l-human-diseases-1st-edition/

Click Download Now


The users of the Official CISSP: Certified Information Systems Security Professional Study Guide, Seventh Edition agree that
John Wiley and Sons, Inc.. and (ISC)2 are not liable for any indirect, special, incidental, or consequential damages up to and
including negligence that may arise from use of these materials. Under no circumstances, including negligence, shall John Wiley
and Sons, Inc.or (ISC)2, its officers, directors, agents, author or anyone else involved in creating, producing or distributing these
materials be liable for any direct, indirect, incidental, special or consequential damages that may result from the use of this study
guide.
Whenever we look toward the future, we have to first look back and think about where we
came from. Back in 1989, (ISC)2 was established by a handful of passionate volunteers who
wanted to create a set of standards for a new concept, not yet a full-fledged career field, called
information security. In the minds of those volunteers, having the initial 500 applicants sign up
to take the Certified Information Systems Security Professional (CISSP®) exam was
considered quite a success. Little did they imagine that 26 years later, not only would those
500 applicants grow to a cadre of 100,000 CISSP credential holders across more than 160
countries, the CISSP would also become recognized as the standard certification for the
information security industry.
Advancements in technology bring about the need for updates, and we work tirelessly to ensure
that our content is always relevant to the industry. As the information security industry
continues to transition, and cybersecurity becomes a global focus, the CISSP Common Body of
Knowledge (CBK) is even more relevant to today's challenges.
The new (ISC)² CISSP Study Guide is part of a concerted effort to enhance and increase our
education and training offerings. The CISSP Study Guide reflects the most relevant topics in
our ever-changing field and is a learning tool for (ISC)² certification exam candidates. It
provides a comprehensive study guide to the eight CISSP domains and the most current topics
in the industry.
If you are on the path to getting certified, you have no doubt heard of the (ISC)2 Official Guides
to the CBK. While our Official Guides to the CBK are the authoritative references to the
Common Body of Knowledge, the new study guides are learning tools focused on educating the
reader in preparation for exams. As an ANSI accredited certification body under the ISO/IEC
17024 standard, (ISC)² does not teach the CISSP exam. Rather, we strive to generate or
endorse content that teaches the CISSP's CBK. Candidates who have a strong understanding of
the CBK are best prepared for success with the exam and within the profession.
(ISC)2 is also breaking new ground by partnering with Wiley, a recognized industry leading
brand. Developing a partnership with renowned content provider Wiley allows (ISC)2 to grow
its offerings on the scale required to keep our content fresh and aligned with the constantly
changing environment. The power of combining the expertise of our two organizations benefits
certification candidates and the industry alike.
I look forward to your feedback on the (ISC)2 CISSP Study Guide. Congratulations on taking
the first step toward earning the certification that SC Magazine named “Best Professional
Certification Program.” Good luck with your studies!
Best Regards,

David P. Shearer, CISSP, PMP


CEO
(ISC)2
To Cathy, your perspective on the world and life often surprises me, challenges me, and
makes me love you even more.
—James Michael Stewart

To Dewitt Latimer, my mentor, friend, and colleague. I miss you dearly.


—Mike Chapple

To Nimfa: Thanks for sharing your life with me for the past 23 years and letting me share
mine with you.
—Darril Gibson
Acknowledgments
I’d like to express my thanks to Sybex for continuing to support this project. Thanks to Mike
Chapple and Darril Gibson for continuing to contribute to this project. Thanks also to all my
CISSP course students who have provided their insight and input to improve my training
courseware and ultimately this tome. Extra thanks to the seventh edition developmental editor,
Alexa Murphy, and technical editor, David Seidl, who performed amazing feats in guiding us to
improve this book. Thanks as well to my agent, Carole Jelen, for continuing to assist in nailing
down these projects.
To my adoring wife, Cathy: Building a life and a family together has been more wonderful than
I could have ever imagined. To Slayde and Remi: You are growing up so fast and learning at an
outstanding pace, and you continue to delight and impress me daily. You are both growing into
amazing individuals. To my mom, Johnnie: It is wonderful to have you close by. To Mark: No
matter how much time has passed or how little we see each other, I have been and always will
be your friend. And finally, as always, to Elvis: You were way ahead of the current bacon
obsession, with your peanut butter-banana-bacon sandwich; I think that’s proof you traveled
through time!
—James Michael Stewart

Special thanks go to the information security team at the University of Notre Dame, who
provided hours of interesting conversation and debate on security issues that inspired and
informed much of the material in this book.
I would like to thank the team at Wiley who provided invaluable assistance throughout the
book development process. I also owe a debt of gratitude to my literary agent, Carole Jelen of
Waterside Productions. My coauthors, James Michael Stewart and Darril Gibson, were great
collaborators. David Seidl, our diligent and knowledgeable technical editor, provided
valuable insight as we brought this edition to press.
I’d also like to thank the many people who participated in the production of this book but
whom I never had the chance to meet: the graphics team, the production staff, and all of those
involved in bringing this book to press.
—Mike Chapple

Thanks to Carol Long and Carole Jelen for helping get this update in place before (ISC)2
released the objectives. This helped us get a head start on this new edition and we appreciate
your efforts. It’s been a pleasure working with talented people like James Michael Stewart and
Mike Chapple. Thanks to both of you for all your work and collaborative efforts on this
project. The technical editor, Dave Seidl, provided us with some outstanding feedback and this
book is better because of his efforts. Thanks again, David. Last, thanks to the team at Sybex
(including project managers, editors, and graphics artists) for all the work you did helping us
get this book to print.
—Darril Gibson
About the Authors
James Michael Stewart, CISSP, has been writing and training for more than 20 years, with a
current focus on security. He has been teaching CISSP training courses since 2002, not to
mention other courses on Internet security and ethical hacking/penetration testing. He is the
author of and contributor to more than 75 books and numerous courseware sets on security
certification, Microsoft topics, and network administration. More information about Michael
can be found at his website:www.impactonline.com.
Mike Chapple, CISSP, Ph.D., is Senior Director for IT Service Delivery at the University of
Notre Dame. In the past, he was chief information officer of Brand Institute and an information
security researcher with the National Security Agency and the U.S. Air Force. His primary
areas of expertise include network intrusion detection and access controls. Mike is a frequent
contributor to TechTarget’s SearchSecurity site and the author of more than 25 books including
CompTIA Security+ Training Kit and Information Security Illuminated. Mike can be found
on Twitter @mchapple.
Darril Gibson, CISSP, is the CEO of YCDA, LLC (short for You Can Do Anything) and he has
authored or coauthored more than 35 books. Darril regularly writes, consults, and teaches on a
wide variety of technical and security topics and holds several certifications. He regularly
posts blog articles at http://blogs.getcertifiedgetahead.com/ about certification
topics and uses that site to help people stay abreast of changes in certification exams. He loves
hearing from readers, especially when they pass an exam after using one of his books, and you
can contact him through the blogging site.
Contents
Introduction
Assessment Test
Chapter 1 Security Governance Through Principles and Policies
Understand and Apply Concepts of Confidentiality, Integrity, and Availability
Apply Security Governance Principles
Develop and Implement Documented Security Policy, Standards, Procedures, and
Guidelines
Understand and Apply Threat Modeling
Integrate Security Risk Considerations into Acquisition Strategy and Practice
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 2 Personnel Security and Risk Management Concepts
Contribute to Personnel Security Policies
Security Governance
Understand and Apply Risk Management Concepts
Establish and Manage Information Security Education, Training, and Awareness
Manage the Security Function
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 3 Business Continuity Planning
Planning for Business Continuity
Project Scope and Planning
Business Impact Assessment
Continuity Planning
BCP Documentation
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 4 Laws, Regulations, and Compliance
Categories of Laws
Laws
Compliance
Contracting and Procurement
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 5 Protecting Security of Assets
Classifying and Labeling Assets
Identifying Data Roles
Protecting Privacy
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 6 Cryptography and Symmetric Key Algorithms
Historical Milestones in Cryptography
Cryptographic Basics
Modern Cryptography
Symmetric Cryptography
Cryptographic Life Cycle
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 7 PKI and Cryptographic Applications
Asymmetric Cryptography
Hash Functions
Digital Signatures
Public Key Infrastructure
Asymmetric Key Management
Applied Cryptography
Cryptographic Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 8 Principles of Security Models, Design, and Capabilities
Implement and Manage Engineering Processes Using Secure Design Principles
Understand the Fundamental Concepts of Security Models
Select Controls and Countermeasures Based on Systems Security Evaluation Models
Understand Security Capabilities of Information Systems
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures
Assess and Mitigate Security Vulnerabilities
Client-Based
Server-Based
Database Security
Distributed Systems
Industrial Control Systems
Assess and Mitigate Vulnerabilities in Web-Based Systems
Assess and Mitigate Vulnerabilities in Mobile Systems
Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
Essential Security Protection Mechanisms
Common Architecture Flaws and Security Issues
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 10 Physical Security Requirements
Apply Secure Principles to Site and Facility Design
Design and Implement Physical Security
Implement and Manage Physical Security
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 11 Secure Network Architecture and Securing Network Components
OSI Model
TCP/IP Model
Converged Protocols
Wireless Networks
General Wi-Fi Security Procedure
Cabling, Wireless, Topology, and Communications Technology
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 12 Secure Communications and Network Attacks
Network and Protocol Security Mechanisms
Secure Voice Communications
Multimedia Collaboration
Manage Email Security
Remote Access Security Management
Virtual Private Network
Virtualization
Network Address Translation
Switching Technologies
WAN Technologies
Miscellaneous Security Control Characteristics
Security Boundaries
Prevent or Mitigate Network Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 13 Managing Identity and Authentication
Controlling Access to Assets
Comparing Identification and Authentication
Implementing Identity Management
Managing the Identity and Access Provisioning Life Cycle
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 14 Controlling and Monitoring Access
Comparing Access Control Models
Understanding Access Control Attacks
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 15 Security Assessment and Testing
Building a Security Assessment and Testing Program
Performing Vulnerability Assessments
Testing Your Software
Implementing Security Management Processes
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 16 Managing Security Operations
Applying Security Operations Concepts
Provisioning and Managing Resources
Managing Configuration
Managing Change
Managing Patches and Reducing Vulnerabilities
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 17 Preventing and Responding to Incidents
Managing Incident Response
Implementing Preventive Measures
Logging, Monitoring, and Auditing
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 18 Disaster Recovery Planning
The Nature of Disaster
Understand System Resilience and Fault Tolerance
Recovery Strategy
Recovery Plan Development
Training, Awareness, and Documentation
Testing and Maintenance
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 19 Incidents and Ethics
Investigations
Major Categories of Computer Crime
Incident Handling
Ethics
Summary
Exam Essentials
Written Lab
Review Questions
Chapter 20 Software Development Security
Introducing Systems Development Controls
Establishing Databases and Data Warehousing
Storing Data and Information
Understanding Knowledge-Based Systems

You might also like