| |
| |
Introduction | |
| |
| |
About This Book | |
| |
| |
How This Book Is Organized | |
| |
| |
How the Chapters Are Organized | |
| |
| |
Icons Used in This Book | |
| |
| |
Let's Get Started! | |
| |
| |
Exam Basics | |
| |
| |
(ISC)[superscript 2] and the CISSP Certification | |
| |
| |
About (ISC)[superscript 2] and the CISSP Certification | |
| |
| |
You Must Be This Tall to Ride (And Other Minimum Requirements) | |
| |
| |
Registering for the Exam | |
| |
| |
Developing a Study Plan | |
| |
| |
About the CISSP Examination | |
| |
| |
Waiting for Your Results | |
| |
| |
The Common Body of Knowledge (CBK) | |
| |
| |
Access Control Systems and Methodology | |
| |
| |
Telecommunications and Network Security | |
| |
| |
Security Management Practices | |
| |
| |
Applications and Systems Development Security | |
| |
| |
Cryptography | |
| |
| |
Security Architecture and Models | |
| |
| |
Operations Security | |
| |
| |
Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) | |
| |
| |
Law, Investigations, and Ethics | |
| |
| |
Physical Security | |
| |
| |
Domains | |
| |
| |
Access Control Systems and Methodology | |
| |
| |
Uncovering Concepts of Access Control | |
| |
| |
Categories of Access Control | |
| |
| |
Additional References | |
| |
| |
Telecommunications and Network Security | |
| |
| |
Data Network Types | |
| |
| |
The OSI Reference Model | |
| |
| |
The TCP/IP Model | |
| |
| |
Network Security | |
| |
| |
E-Mail, Facsimile, and Telephone Security | |
| |
| |
Network Attacks and Countermeasures | |
| |
| |
Additional References | |
| |
| |
Security Management Practices | |
| |
| |
Security Management Concepts and Principles | |
| |
| |
Data Classification | |
| |
| |
Employment Policies and Practices | |
| |
| |
Policies, Standards, Guidelines, and Procedures | |
| |
| |
Principles of Risk Management | |
| |
| |
Security Awareness | |
| |
| |
Additional References | |
| |
| |
Applications and Systems Development Security | |
| |
| |
Distributed Applications | |
| |
| |
Object-Oriented Environments | |
| |
| |
Data and Information Storage | |
| |
| |
Databases | |
| |
| |
Knowledge-Based Systems | |
| |
| |
Systems Development Lifecycle | |
| |
| |
Application Security Controls | |
| |
| |
Malicious Code | |
| |
| |
System Attack Methods | |
| |
| |
Perpetrators | |
| |
| |
Additional References | |
| |
| |
Cryptography | |
| |
| |
The Role of Cryptography in Information Security | |
| |
| |
Cryptography Basics | |
| |
| |
Not Quite the Metric System: Symmetric and Asymmetric Key Systems | |
| |
| |
Message Authentication | |
| |
| |
Public Key Infrastructure (PKI) | |
| |
| |
Key Management Functions | |
| |
| |
Key Escrow and Key Recovery | |
| |
| |
E-Mail Security Applications | |
| |
| |
Internet Security Applications | |
| |
| |
Methods of Attack | |
| |
| |
Additional References | |
| |
| |
Security Architecture and Models | |
| |
| |
Computer Architecture | |
| |
| |
Security Architecture | |
| |
| |
Access Control Models | |
| |
| |
Evaluation Criteria | |
| |
| |
Certification and Accreditation | |
| |
| |
Additional References | |
| |
| |
Operations Security | |
| |
| |
Security Operations Concepts | |
| |
| |
Threats and Countermeasures | |
| |
| |
Security Operations Management | |
| |
| |
Security Controls | |
| |
| |
Security Auditing | |
| |
| |
Audit Trails | |
| |
| |
Monitoring | |
| |
| |
Additional References | |
| |
| |
Business Continuity Planning and Disaster Recovery Planning | |
| |
| |
Defining Disastrous Events | |
| |
| |
The Differences between BCP and DRP | |
| |
| |
Understanding BCP Project Elements | |
| |
| |
Determining BCP Scope | |
| |
| |
Defining the Business Impact Assessment | |
| |
| |
BCP Recovery Plan Development | |
| |
| |
Development of the BCP Plan | |
| |
| |
Implementing the Business Continuity Plan | |
| |
| |
Disaster Recovery Planning | |
| |
| |
Developing a Disaster Recovery Plan | |
| |
| |
Testing the Disaster Recovery Plan | |
| |
| |
Additional References | |
| |
| |
Law, Investigations, and Ethics | |
| |
| |
Major Categories and Types of Laws | |
| |
| |
Major Categories of Computer Crime | |
| |
| |
Types of Laws Relevant to Computer Crimes | |
| |
| |
Investigations | |
| |
| |
Ethics | |
| |
| |
Additional References | |
| |
| |
Physical Security | |
| |
| |
Physical Security Threats | |
| |
| |
Facility Requirements Planning | |
| |
| |
Physical Security Controls | |
| |
| |
Additional References | |
| |
| |
The Part of Tens | |
| |
| |
Ten Security Domains | |
| |
| |
Access Control Systems and Methodology | |
| |
| |
Telecommunications and Network Security | |
| |
| |
Security Management Practices | |
| |
| |
Applications and Systems Development Security | |
| |
| |
Cryptography | |
| |
| |
Security Architecture and Models | |
| |
| |
Operations Security | |
| |
| |
Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) | |
| |
| |
Law, Investigations, and Ethics | |
| |
| |
Physical Security | |
| |
| |
Ten More Security Certifications | |
| |
| |
Check Point | |
| |
| |
Cisco | |
| |
| |
CIW | |
| |
| |
Comp TIA | |
| |
| |
DRII | |
| |
| |
ISACA | |
| |
| |
(ISC)[superscript 2] | |
| |
| |
Microsoft | |
| |
| |
SAIR Linux/GNU | |
| |
| |
SANS/GIAC | |
| |
| |
Ten Security Web Sites | |
| |
| |
(ISC)[superscript 2] | |
| |
| |
CISSP Open Study Guide | |
| |
| |
Cissps.com | |
| |
| |
Network Security Library | |
| |
| |
The SANS Institute | |
| |
| |
The Shmoo Group | |
| |
| |
www.simovits.com | |
| |
| |
Carnegie Mellon SEI CERT Coordination Center | |
| |
| |
Common Vulnerabilities and Exposures | |
| |
| |
HierosGamos Guide to Computers and the Law | |
| |
| |
Ten Test Preparation Tips | |
| |
| |
Get a Networking Certification First | |
| |
| |
Register NOW! | |
| |
| |
A 60-Day Study Plan | |
| |
| |
Get Organized and READ! | |
| |
| |
Join a Study Group | |
| |
| |
Take Practice Exams | |
| |
| |
Take a CISSP Review Seminar | |
| |
| |
Develop a Test-Taking Strategy | |
| |
| |
Practice Drawing Circles! | |
| |
| |
Plan Your Travel | |
| |
| |
Ten Test Day Tips | |
| |
| |
Get a Good Night's Rest | |
| |
| |
Dress Comfortably (And Appropriately) | |
| |
| |
Eat a Good Breakfast | |
| |
| |
Arrive Early | |
| |
| |
Bring Your Registration Letter and ID | |
| |
| |
Bring Snacks and Drinks | |
| |
| |
Bring Prescription or Over-the-Counter Medications | |
| |
| |
Bring Extra Pencils and a BIG Eraser | |
| |
| |
Leave Your Cell Phone, Pager, PDA, and Digital Watch at Home | |
| |
| |
Take Frequent Breaks | |
| |
| |
Ten Essential Reference Books | |
| |
| |
Appendixes | |
| |
| |
Practice Exam | |
| |
| |
Glossary | |
| |
| |
About the CD-ROM | |
| |
| |
System Requirements | |
| |
| |
Contents | |
| |
| |
If You Have Problems (Of the CD Kind) | |
| |
| |
Index | |
| |
| |
End-User License Agreement | |