| |
| |
| Introduction | |
| |
| |
| About This Book | |
| |
| |
| How This Book Is Organized | |
| |
| |
| How the Chapters Are Organized | |
| |
| |
| Icons Used in This Book | |
| |
| |
| Let's Get Started! | |
| |
| |
| Exam Basics | |
| |
| |
| (ISC)[superscript 2] and the CISSP Certification | |
| |
| |
| About (ISC)[superscript 2] and the CISSP Certification | |
| |
| |
| You Must Be This Tall to Ride (And Other Minimum Requirements) | |
| |
| |
| Registering for the Exam | |
| |
| |
| Developing a Study Plan | |
| |
| |
| About the CISSP Examination | |
| |
| |
| Waiting for Your Results | |
| |
| |
| The Common Body of Knowledge (CBK) | |
| |
| |
| Access Control Systems and Methodology | |
| |
| |
| Telecommunications and Network Security | |
| |
| |
| Security Management Practices | |
| |
| |
| Applications and Systems Development Security | |
| |
| |
| Cryptography | |
| |
| |
| Security Architecture and Models | |
| |
| |
| Operations Security | |
| |
| |
| Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) | |
| |
| |
| Law, Investigations, and Ethics | |
| |
| |
| Physical Security | |
| |
| |
| Domains | |
| |
| |
| Access Control Systems and Methodology | |
| |
| |
| Uncovering Concepts of Access Control | |
| |
| |
| Categories of Access Control | |
| |
| |
| Additional References | |
| |
| |
| Telecommunications and Network Security | |
| |
| |
| Data Network Types | |
| |
| |
| The OSI Reference Model | |
| |
| |
| The TCP/IP Model | |
| |
| |
| Network Security | |
| |
| |
| E-Mail, Facsimile, and Telephone Security | |
| |
| |
| Network Attacks and Countermeasures | |
| |
| |
| Additional References | |
| |
| |
| Security Management Practices | |
| |
| |
| Security Management Concepts and Principles | |
| |
| |
| Data Classification | |
| |
| |
| Employment Policies and Practices | |
| |
| |
| Policies, Standards, Guidelines, and Procedures | |
| |
| |
| Principles of Risk Management | |
| |
| |
| Security Awareness | |
| |
| |
| Additional References | |
| |
| |
| Applications and Systems Development Security | |
| |
| |
| Distributed Applications | |
| |
| |
| Object-Oriented Environments | |
| |
| |
| Data and Information Storage | |
| |
| |
| Databases | |
| |
| |
| Knowledge-Based Systems | |
| |
| |
| Systems Development Lifecycle | |
| |
| |
| Application Security Controls | |
| |
| |
| Malicious Code | |
| |
| |
| System Attack Methods | |
| |
| |
| Perpetrators | |
| |
| |
| Additional References | |
| |
| |
| Cryptography | |
| |
| |
| The Role of Cryptography in Information Security | |
| |
| |
| Cryptography Basics | |
| |
| |
| Not Quite the Metric System: Symmetric and Asymmetric Key Systems | |
| |
| |
| Message Authentication | |
| |
| |
| Public Key Infrastructure (PKI) | |
| |
| |
| Key Management Functions | |
| |
| |
| Key Escrow and Key Recovery | |
| |
| |
| E-Mail Security Applications | |
| |
| |
| Internet Security Applications | |
| |
| |
| Methods of Attack | |
| |
| |
| Additional References | |
| |
| |
| Security Architecture and Models | |
| |
| |
| Computer Architecture | |
| |
| |
| Security Architecture | |
| |
| |
| Access Control Models | |
| |
| |
| Evaluation Criteria | |
| |
| |
| Certification and Accreditation | |
| |
| |
| Additional References | |
| |
| |
| Operations Security | |
| |
| |
| Security Operations Concepts | |
| |
| |
| Threats and Countermeasures | |
| |
| |
| Security Operations Management | |
| |
| |
| Security Controls | |
| |
| |
| Security Auditing | |
| |
| |
| Audit Trails | |
| |
| |
| Monitoring | |
| |
| |
| Additional References | |
| |
| |
| Business Continuity Planning and Disaster Recovery Planning | |
| |
| |
| Defining Disastrous Events | |
| |
| |
| The Differences between BCP and DRP | |
| |
| |
| Understanding BCP Project Elements | |
| |
| |
| Determining BCP Scope | |
| |
| |
| Defining the Business Impact Assessment | |
| |
| |
| BCP Recovery Plan Development | |
| |
| |
| Development of the BCP Plan | |
| |
| |
| Implementing the Business Continuity Plan | |
| |
| |
| Disaster Recovery Planning | |
| |
| |
| Developing a Disaster Recovery Plan | |
| |
| |
| Testing the Disaster Recovery Plan | |
| |
| |
| Additional References | |
| |
| |
| Law, Investigations, and Ethics | |
| |
| |
| Major Categories and Types of Laws | |
| |
| |
| Major Categories of Computer Crime | |
| |
| |
| Types of Laws Relevant to Computer Crimes | |
| |
| |
| Investigations | |
| |
| |
| Ethics | |
| |
| |
| Additional References | |
| |
| |
| Physical Security | |
| |
| |
| Physical Security Threats | |
| |
| |
| Facility Requirements Planning | |
| |
| |
| Physical Security Controls | |
| |
| |
| Additional References | |
| |
| |
| The Part of Tens | |
| |
| |
| Ten Security Domains | |
| |
| |
| Access Control Systems and Methodology | |
| |
| |
| Telecommunications and Network Security | |
| |
| |
| Security Management Practices | |
| |
| |
| Applications and Systems Development Security | |
| |
| |
| Cryptography | |
| |
| |
| Security Architecture and Models | |
| |
| |
| Operations Security | |
| |
| |
| Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) | |
| |
| |
| Law, Investigations, and Ethics | |
| |
| |
| Physical Security | |
| |
| |
| Ten More Security Certifications | |
| |
| |
| Check Point | |
| |
| |
| Cisco | |
| |
| |
| CIW | |
| |
| |
| Comp TIA | |
| |
| |
| DRII | |
| |
| |
| ISACA | |
| |
| |
| (ISC)[superscript 2] | |
| |
| |
| Microsoft | |
| |
| |
| SAIR Linux/GNU | |
| |
| |
| SANS/GIAC | |
| |
| |
| Ten Security Web Sites | |
| |
| |
| (ISC)[superscript 2] | |
| |
| |
| CISSP Open Study Guide | |
| |
| |
| Cissps.com | |
| |
| |
| Network Security Library | |
| |
| |
| The SANS Institute | |
| |
| |
| The Shmoo Group | |
| |
| |
| www.simovits.com | |
| |
| |
| Carnegie Mellon SEI CERT Coordination Center | |
| |
| |
| Common Vulnerabilities and Exposures | |
| |
| |
| HierosGamos Guide to Computers and the Law | |
| |
| |
| Ten Test Preparation Tips | |
| |
| |
| Get a Networking Certification First | |
| |
| |
| Register NOW! | |
| |
| |
| A 60-Day Study Plan | |
| |
| |
| Get Organized and READ! | |
| |
| |
| Join a Study Group | |
| |
| |
| Take Practice Exams | |
| |
| |
| Take a CISSP Review Seminar | |
| |
| |
| Develop a Test-Taking Strategy | |
| |
| |
| Practice Drawing Circles! | |
| |
| |
| Plan Your Travel | |
| |
| |
| Ten Test Day Tips | |
| |
| |
| Get a Good Night's Rest | |
| |
| |
| Dress Comfortably (And Appropriately) | |
| |
| |
| Eat a Good Breakfast | |
| |
| |
| Arrive Early | |
| |
| |
| Bring Your Registration Letter and ID | |
| |
| |
| Bring Snacks and Drinks | |
| |
| |
| Bring Prescription or Over-the-Counter Medications | |
| |
| |
| Bring Extra Pencils and a BIG Eraser | |
| |
| |
| Leave Your Cell Phone, Pager, PDA, and Digital Watch at Home | |
| |
| |
| Take Frequent Breaks | |
| |
| |
| Ten Essential Reference Books | |
| |
| |
| Appendixes | |
| |
| |
| Practice Exam | |
| |
| |
| Glossary | |
| |
| |
| About the CD-ROM | |
| |
| |
| System Requirements | |
| |
| |
| Contents | |
| |
| |
| If You Have Problems (Of the CD Kind) | |
| |
| |
| Index | |
| |
| |
| End-User License Agreement | |