60,40 €*
Versandkostenfrei per Post / DHL
auf Lager, Lieferzeit 1-2 Werktage
(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.
The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully pass the CISSP exam. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.
Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:
* Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.
* More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
* A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
* New for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare.
Coverage of all of the exam topics in the book means you'll be ready for:
* Security and Risk Management
* Asset Security
* Security Architecture and Engineering
* Communication and Network Security
* Identity and Access Management (IAM)
* Security Assessment and Testing
* Security Operations
* Software Development Security
(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.
The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully pass the CISSP exam. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.
Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:
* Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.
* More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
* A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
* New for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare.
Coverage of all of the exam topics in the book means you'll be ready for:
* Security and Risk Management
* Asset Security
* Security Architecture and Engineering
* Communication and Network Security
* Identity and Access Management (IAM)
* Security Assessment and Testing
* Security Operations
* Software Development Security
Mike Chapple, PhD, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame's Mendoza College of Business. He is a cybersecurity professional and educator with over 25 years of experience. Mike provides cybersecurity certification resources at his website, [...].
James Michael Stewart, CISSP, CEH, CHFI, ECSA, CND, ECIH, CySA+, PenTest+, CASP+, Security+, Network+, A+, CISM, and CFR, has been writing and training for more than 25 years, with a current focus on security. He has been writing and teaching CISSP materials since 2002. He is the author of and contributor to more than 75 books on security certifications.
Darril Gibson, CISSP, Security+, CASP, is the CEO of YCDA (short for You Can Do Anything), and he has authored or coauthored more than 40 books. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications.
Introduction xxxvii
Assessment Test lix
Chapter 1 Security Governance Through Principles and Policies 1
Security 101 3
Understand and Apply Security Concepts 4
Confidentiality 5
Integrity 6
Availability 7
DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7
Protection Mechanisms 11
Security Boundaries 13
Evaluate and Apply Security Governance Principles 14
Third-Party Governance 15
Documentation Review 15
Manage the Security Function 16
Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17
Organizational Processes 19
Organizational Roles and Responsibilities 21
Security Control Frameworks 22
Due Diligence and Due Care 23
Security Policy, Standards, Procedures, and Guidelines 23
Security Policies 24
Security Standards, Baselines, and Guidelines 24
Security Procedures 25
Threat Modeling 26
Identifying Threats 26
Determining and Diagramming Potential Attacks 28
Performing Reduction Analysis 28
Prioritization and Response 30
Supply Chain Risk Management 31
Summary 33
Exam Essentials 33
Written Lab 36
Review Questions 37
Chapter 2 Personnel Security and Risk Management Concepts 43
Personnel Security Policies and Procedures 45
Job Descriptions and Responsibilities 45
Candidate Screening and Hiring 46
Onboarding: Employment Agreements and Policies 47
Employee Oversight 48
Offboarding, Transfers, and Termination Processes 49
Vendor, Consultant, and Contractor Agreements and Controls 52
Compliance Policy Requirements 53
Privacy Policy Requirements 54
Understand and Apply Risk Management Concepts 55
Risk Terminology and Concepts 56
Asset Valuation 58
Identify Threats and Vulnerabilities 60
Risk Assessment/Analysis 60
Risk Responses 66
Cost vs. Benefit of Security Controls 69
Countermeasure Selection and Implementation 72
Applicable Types of Controls 74
Security Control Assessment 76
Monitoring and Measurement 76
Risk Reporting and Documentation 77
Continuous Improvement 77
Risk Frameworks 79
Social Engineering 81
Social Engineering Principles 83
Eliciting Information 85
Prepending 85
Phishing 85
Spear Phishing 87
Whaling 87
Smishing 88
Vishing 88
Spam 89
Shoulder Surfing 90
Invoice Scams 90
Hoax 90
Impersonation and Masquerading 91
Tailgating and Piggybacking 91
Dumpster Diving 92
Identity Fraud 93
Typo Squatting 94
Influence Campaigns 94
Establish and Maintain a Security Awareness, Education, and Training Program 96
Awareness 97
Training 97
Education 98
Improvements 98
Effectiveness Evaluation 99
Summary 100
Exam Essentials 101
Written Lab 106
Review Questions 107
Chapter 3 Business Continuity Planning 113
Planning for Business Continuity 114
Project Scope and Planning 115
Organizational Review 116
BCP Team Selection 117
Resource Requirements 119
Legal and Regulatory Requirements 120
Business Impact Analysis 121
Identifying Priorities 122
Risk Identification 123
Likelihood Assessment 125
Impact Analysis 126
Resource Prioritization 128
Continuity Planning 128
Strategy Development 129
Provisions and Processes 129
Plan Approval and Implementation 131
Plan Approval 131
Plan Implementation 132
Training and Education 132
BCP Documentation 132
Summary 136
Exam Essentials 137
Written Lab 138
Review Questions 139
Chapter 4 Laws, Regulations, and Compliance 143
Categories of Laws 144
Criminal Law 144
Civil Law 146
Administrative Law 146
Laws 147
Computer Crime 147
Intellectual Property (IP) 152
Licensing 158
Import/Export 158
Privacy 160
State Privacy Laws 168
Compliance 169
Contracting and Procurement 171
Summary 171
Exam Essentials 172
Written Lab 173
Review Questions 174
Chapter 5 Protecting Security of Assets 179
Identifying and Classifying Information and Assets 180
Defining Sensitive Data 180
Defining Data Classifications 182
Defining Asset Classifications 185
Understanding Data States 185
Determining Compliance Requirements 186
Determining Data Security Controls 186
Establishing Information and Asset Handling Requirements 188
Data Maintenance 189
Data Loss Prevention 189
Marking Sensitive Data and Assets 190
Handling Sensitive Information and Assets 192
Data Collection Limitation 192
Data Location 193
Storing Sensitive Data 193
Data Destruction 194
Ensuring Appropriate Data and Asset Retention 197
Data Protection Methods 199
Digital Rights Management 199
Cloud Access Security Broker 200
Pseudonymization 200
Tokenization 201
Anonymization 202
Understanding Data Roles 204
Data Owners 204
Asset Owners 205
Business/Mission Owners 206
Data Processors and Data Controllers 206
Data Custodians 207
Administrators 207
Users and Subjects 208
Using Security Baselines 208
Comparing Tailoring and Scoping 209
Standards Selection 210
Summary 211
Exam Essentials 211
Written Lab 213
Review Questions 214
Chapter 6 Cryptography and Symmetric Key Algorithms 219
Cryptographic Foundations 220
Goals of Cryptography 220
Cryptography Concepts 223
Cryptographic Mathematics 224
Ciphers 230
Modern Cryptography 238
Cryptographic Keys 238
Symmetric Key Algorithms 239
Asymmetric Key Algorithms 241
Hashing Algorithms 244
Symmetric Cryptography 244
Cryptographic Modes of Operation 245
Data Encryption Standard 247
Triple DES 247
International Data Encryption Algorithm 248
Blowfish 249
Skipjack 249
Rivest Ciphers 249
Advanced Encryption Standard 250
CAST 250
Comparison of Symmetric Encryption Algorithms 251
Symmetric Key Management 252
Cryptographic Lifecycle 255
Summary 255
Exam Essentials 256
Written Lab 257
Review Questions 258
Chapter 7 PKI and Cryptographic Applications 263
Asymmetric Cryptography 264
Public and Private Keys 264
RSA 265
ElGamal 267
Elliptic Curve 268
Diffie-Hellman Key Exchange 269
Quantum Cryptography 270
Hash Functions 271
SHA 272
MD5 273
RIPEMD 273
Comparison of Hash Algorithm Value Lengths 274
Digital Signatures 275
HMAC 276
Digital Signature Standard 277
Public Key Infrastructure 277
Certificates 278
Certificate Authorities 279
Certificate Lifecycle 280
Certificate Formats 283
Asymmetric Key Management 284
Hybrid Cryptography 285
Applied Cryptography 285
Portable Devices 285
Email 286
Web Applications 290
Steganography and Watermarking 292
Networking 294
Emerging Applications 295
Cryptographic Attacks 297
Summary 301
Exam Essentials 302
Written Lab 303
Review Questions 304
Chapter 8 Principles of Security Models, Design, and Capabilities 309
Secure Design Principles 310
Objects and Subjects 311
Closed and Open Systems 312
Secure Defaults 314
Fail Securely 314
Keep It Simple 316
Zero Trust 317
Privacy by Design 319
Trust but Verify 319
Techniques for Ensuring CIA 320
Confinement 320
Bounds 320
Isolation 321
Access Controls 321
Trust and Assurance 321
Understand the Fundamental Concepts of Security Models 322
Trusted Computing Base 323
State Machine Model 325
Information Flow Model 325
Noninterference Model 326
Take-Grant Model 326
Access Control Matrix 327
Bell-LaPadula Model 328
Biba Model 330
Clark-Wilson Model 333
Brewer and Nash Model 334
Goguen-Meseguer Model 335
Sutherland Model 335
Graham-Denning Model 335
Harrison-Ruzzo-Ullman Model 336
Select Controls Based on Systems Security Requirements 337
Common Criteria 337
Authorization to Operate 340
Understand Security Capabilities of Information Systems 341
Memory Protection 341
Virtualization 342
Trusted Platform Module 342
Interfaces 343
Fault Tolerance 343
Encryption/Decryption 343
Summary 343
Exam Essentials 344
Written Lab 347
Review Questions 348
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 353
Shared Responsibility 354
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 355
Hardware 356
Firmware 370
Client-Based Systems 372
Mobile Code 372
Local Caches 375
Server-Based Systems 375
Large-Scale Parallel Data Systems 376
Grid Computing 377
Peer to Peer 378
Industrial Control Systems 378
Distributed Systems 380
High-Performance Computing (HPC) Systems 382
Internet of Things 383
Edge...
| Erscheinungsjahr: | 2021 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Taschenbuch |
| Reihe: | Sybex Study Guide |
| Inhalt: | 1248 S. |
| ISBN-13: | 9781119786238 |
| ISBN-10: | 1119786231 |
| Sprache: | Englisch |
| Herstellernummer: | 1W119786230 |
| Einband: | Kartoniert / Broschiert |
| Autor: |
Chapple, Mike
Stewart, James Michael Gibson, Darril |
| Auflage: | 9. Auflage |
| Hersteller: |
Wiley John + Sons
Sybex |
| Maße: | 236 x 188 x 48 mm |
| Von/Mit: | Mike Chapple (u. a.) |
| Erscheinungsdatum: | 28.06.2021 |
| Gewicht: | 1,88 kg |
Mike Chapple, PhD, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame's Mendoza College of Business. He is a cybersecurity professional and educator with over 25 years of experience. Mike provides cybersecurity certification resources at his website, [...].
James Michael Stewart, CISSP, CEH, CHFI, ECSA, CND, ECIH, CySA+, PenTest+, CASP+, Security+, Network+, A+, CISM, and CFR, has been writing and training for more than 25 years, with a current focus on security. He has been writing and teaching CISSP materials since 2002. He is the author of and contributor to more than 75 books on security certifications.
Darril Gibson, CISSP, Security+, CASP, is the CEO of YCDA (short for You Can Do Anything), and he has authored or coauthored more than 40 books. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications.
Introduction xxxvii
Assessment Test lix
Chapter 1 Security Governance Through Principles and Policies 1
Security 101 3
Understand and Apply Security Concepts 4
Confidentiality 5
Integrity 6
Availability 7
DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7
Protection Mechanisms 11
Security Boundaries 13
Evaluate and Apply Security Governance Principles 14
Third-Party Governance 15
Documentation Review 15
Manage the Security Function 16
Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17
Organizational Processes 19
Organizational Roles and Responsibilities 21
Security Control Frameworks 22
Due Diligence and Due Care 23
Security Policy, Standards, Procedures, and Guidelines 23
Security Policies 24
Security Standards, Baselines, and Guidelines 24
Security Procedures 25
Threat Modeling 26
Identifying Threats 26
Determining and Diagramming Potential Attacks 28
Performing Reduction Analysis 28
Prioritization and Response 30
Supply Chain Risk Management 31
Summary 33
Exam Essentials 33
Written Lab 36
Review Questions 37
Chapter 2 Personnel Security and Risk Management Concepts 43
Personnel Security Policies and Procedures 45
Job Descriptions and Responsibilities 45
Candidate Screening and Hiring 46
Onboarding: Employment Agreements and Policies 47
Employee Oversight 48
Offboarding, Transfers, and Termination Processes 49
Vendor, Consultant, and Contractor Agreements and Controls 52
Compliance Policy Requirements 53
Privacy Policy Requirements 54
Understand and Apply Risk Management Concepts 55
Risk Terminology and Concepts 56
Asset Valuation 58
Identify Threats and Vulnerabilities 60
Risk Assessment/Analysis 60
Risk Responses 66
Cost vs. Benefit of Security Controls 69
Countermeasure Selection and Implementation 72
Applicable Types of Controls 74
Security Control Assessment 76
Monitoring and Measurement 76
Risk Reporting and Documentation 77
Continuous Improvement 77
Risk Frameworks 79
Social Engineering 81
Social Engineering Principles 83
Eliciting Information 85
Prepending 85
Phishing 85
Spear Phishing 87
Whaling 87
Smishing 88
Vishing 88
Spam 89
Shoulder Surfing 90
Invoice Scams 90
Hoax 90
Impersonation and Masquerading 91
Tailgating and Piggybacking 91
Dumpster Diving 92
Identity Fraud 93
Typo Squatting 94
Influence Campaigns 94
Establish and Maintain a Security Awareness, Education, and Training Program 96
Awareness 97
Training 97
Education 98
Improvements 98
Effectiveness Evaluation 99
Summary 100
Exam Essentials 101
Written Lab 106
Review Questions 107
Chapter 3 Business Continuity Planning 113
Planning for Business Continuity 114
Project Scope and Planning 115
Organizational Review 116
BCP Team Selection 117
Resource Requirements 119
Legal and Regulatory Requirements 120
Business Impact Analysis 121
Identifying Priorities 122
Risk Identification 123
Likelihood Assessment 125
Impact Analysis 126
Resource Prioritization 128
Continuity Planning 128
Strategy Development 129
Provisions and Processes 129
Plan Approval and Implementation 131
Plan Approval 131
Plan Implementation 132
Training and Education 132
BCP Documentation 132
Summary 136
Exam Essentials 137
Written Lab 138
Review Questions 139
Chapter 4 Laws, Regulations, and Compliance 143
Categories of Laws 144
Criminal Law 144
Civil Law 146
Administrative Law 146
Laws 147
Computer Crime 147
Intellectual Property (IP) 152
Licensing 158
Import/Export 158
Privacy 160
State Privacy Laws 168
Compliance 169
Contracting and Procurement 171
Summary 171
Exam Essentials 172
Written Lab 173
Review Questions 174
Chapter 5 Protecting Security of Assets 179
Identifying and Classifying Information and Assets 180
Defining Sensitive Data 180
Defining Data Classifications 182
Defining Asset Classifications 185
Understanding Data States 185
Determining Compliance Requirements 186
Determining Data Security Controls 186
Establishing Information and Asset Handling Requirements 188
Data Maintenance 189
Data Loss Prevention 189
Marking Sensitive Data and Assets 190
Handling Sensitive Information and Assets 192
Data Collection Limitation 192
Data Location 193
Storing Sensitive Data 193
Data Destruction 194
Ensuring Appropriate Data and Asset Retention 197
Data Protection Methods 199
Digital Rights Management 199
Cloud Access Security Broker 200
Pseudonymization 200
Tokenization 201
Anonymization 202
Understanding Data Roles 204
Data Owners 204
Asset Owners 205
Business/Mission Owners 206
Data Processors and Data Controllers 206
Data Custodians 207
Administrators 207
Users and Subjects 208
Using Security Baselines 208
Comparing Tailoring and Scoping 209
Standards Selection 210
Summary 211
Exam Essentials 211
Written Lab 213
Review Questions 214
Chapter 6 Cryptography and Symmetric Key Algorithms 219
Cryptographic Foundations 220
Goals of Cryptography 220
Cryptography Concepts 223
Cryptographic Mathematics 224
Ciphers 230
Modern Cryptography 238
Cryptographic Keys 238
Symmetric Key Algorithms 239
Asymmetric Key Algorithms 241
Hashing Algorithms 244
Symmetric Cryptography 244
Cryptographic Modes of Operation 245
Data Encryption Standard 247
Triple DES 247
International Data Encryption Algorithm 248
Blowfish 249
Skipjack 249
Rivest Ciphers 249
Advanced Encryption Standard 250
CAST 250
Comparison of Symmetric Encryption Algorithms 251
Symmetric Key Management 252
Cryptographic Lifecycle 255
Summary 255
Exam Essentials 256
Written Lab 257
Review Questions 258
Chapter 7 PKI and Cryptographic Applications 263
Asymmetric Cryptography 264
Public and Private Keys 264
RSA 265
ElGamal 267
Elliptic Curve 268
Diffie-Hellman Key Exchange 269
Quantum Cryptography 270
Hash Functions 271
SHA 272
MD5 273
RIPEMD 273
Comparison of Hash Algorithm Value Lengths 274
Digital Signatures 275
HMAC 276
Digital Signature Standard 277
Public Key Infrastructure 277
Certificates 278
Certificate Authorities 279
Certificate Lifecycle 280
Certificate Formats 283
Asymmetric Key Management 284
Hybrid Cryptography 285
Applied Cryptography 285
Portable Devices 285
Email 286
Web Applications 290
Steganography and Watermarking 292
Networking 294
Emerging Applications 295
Cryptographic Attacks 297
Summary 301
Exam Essentials 302
Written Lab 303
Review Questions 304
Chapter 8 Principles of Security Models, Design, and Capabilities 309
Secure Design Principles 310
Objects and Subjects 311
Closed and Open Systems 312
Secure Defaults 314
Fail Securely 314
Keep It Simple 316
Zero Trust 317
Privacy by Design 319
Trust but Verify 319
Techniques for Ensuring CIA 320
Confinement 320
Bounds 320
Isolation 321
Access Controls 321
Trust and Assurance 321
Understand the Fundamental Concepts of Security Models 322
Trusted Computing Base 323
State Machine Model 325
Information Flow Model 325
Noninterference Model 326
Take-Grant Model 326
Access Control Matrix 327
Bell-LaPadula Model 328
Biba Model 330
Clark-Wilson Model 333
Brewer and Nash Model 334
Goguen-Meseguer Model 335
Sutherland Model 335
Graham-Denning Model 335
Harrison-Ruzzo-Ullman Model 336
Select Controls Based on Systems Security Requirements 337
Common Criteria 337
Authorization to Operate 340
Understand Security Capabilities of Information Systems 341
Memory Protection 341
Virtualization 342
Trusted Platform Module 342
Interfaces 343
Fault Tolerance 343
Encryption/Decryption 343
Summary 343
Exam Essentials 344
Written Lab 347
Review Questions 348
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 353
Shared Responsibility 354
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 355
Hardware 356
Firmware 370
Client-Based Systems 372
Mobile Code 372
Local Caches 375
Server-Based Systems 375
Large-Scale Parallel Data Systems 376
Grid Computing 377
Peer to Peer 378
Industrial Control Systems 378
Distributed Systems 380
High-Performance Computing (HPC) Systems 382
Internet of Things 383
Edge...
| Erscheinungsjahr: | 2021 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Taschenbuch |
| Reihe: | Sybex Study Guide |
| Inhalt: | 1248 S. |
| ISBN-13: | 9781119786238 |
| ISBN-10: | 1119786231 |
| Sprache: | Englisch |
| Herstellernummer: | 1W119786230 |
| Einband: | Kartoniert / Broschiert |
| Autor: |
Chapple, Mike
Stewart, James Michael Gibson, Darril |
| Auflage: | 9. Auflage |
| Hersteller: |
Wiley John + Sons
Sybex |
| Maße: | 236 x 188 x 48 mm |
| Von/Mit: | Mike Chapple (u. a.) |
| Erscheinungsdatum: | 28.06.2021 |
| Gewicht: | 1,88 kg |
Ähnliche Produkte
Lieferzeit 2-3 Wochen
Aktuell nicht verfügbar
Aktuell nicht verfügbar
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Werktage
Lieferzeit 1-2 Wochen