Official (ISC)2 Guide to the CISSP CBK

Official (ISC)2 Guide to the CISSP CBK

  • Electronic book text

List price: US$69.94

Currently unavailable

We can notify you when this item is back in stock

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

The urgency for a global standard of excellence for those who protect the networked world has never been greater. (ISC)2 created the information security industry's first and only CBK(R), a global compendium of information security topics. Continually updated to incorporate rapidly changing technologies and threats, the CBK continues to serve as the basis for (ISC)2's education and certification programs. Unique and exceptionally thorough, the Official (ISC)2(R) Guide to the CISSP(R)CBK(R)provides a better understanding of the CISSP CBK -- a collection of topics relevant to information security professionals around the world. Although the book still contains the ten domains of the CISSP, some of the domain titles have been revised to reflect evolving terminology and changing emphasis in the security professional's day-to-day environment.
The ten domains include information security and risk management, access control, cryptography, physical (environmental) security, security architecture and design, business continuity (BCP) and disaster recovery planning (DRP), telecommunications and network security, application security, operations security, legal, regulations, and compliance and investigations. Endorsed by the (ISC)2, this valuable resource follows the newly revised CISSP CBK, providing reliable, current, and thorough information. Moreover, the Official (ISC)2(R) Guide to the CISSP(R) CBK(R) helps information security professionals gain awareness of the requirements of their profession and acquire knowledge validated by the CISSP certification. The book is packaged with a CD that is an invaluable tool for those seeking certification. It includes sample exams that simulate the actual exam, providing the same number and types of questions with the same allotment of time allowed. It even grades the exam, provides correct answers, and identifies areas where more study is needed.
show more

Product details

  • Electronic book text | 1112 pages
  • Auerbach
  • London, United Kingdom
  • Revised
  • 2nd Revised edition
  • 74 black & white illustrations, 32 black & white tables
  • 0849382327
  • 9780849382321

Table of contents

INFORMATION SECURITY AND RISK MANAGEMENT Introduction The Business Case for Information Security Management Core Information Security Principles: Availability, Integrity, Information Security Management Governance Organizational Behavior Security Awareness, Training, and Education Risk Management Ethics Data Classification Policy Data Handling Policy References Other References Sample Questions ACCESS CONTROL Introduction Definitions and Key Concepts Access Control Categories and Types Access Control Threats Access to Systems Access to Data Intrusion Detection and Prevention Systems Access Control Assurance References. Sample Questions CRYPTOGRAPHY Introduction Key Concepts and Definitions Encryption Systems Message Integrity Controls Digital Signatures Encryption Management Cryptanalysis and Attacks Encryption Usage References Sample Questions PHYSICAL (ENVIRONMENTAL) SECURITY Introduction Site Location The Layered Defense Model Information Protection and Management Services Summary References Sample Questions SECURITY ARCHITECTURE AND DESIGN Introduction Security Architecture and Design Components and Principles Security Models and Architecture Theory Security Product Evaluation Methods and Criteria Sample Questions BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Introduction Organization of the BCP/DRP Domain Chapter Terminology Appendix A: Addressing Legislative Compliance within Business Continuity Plans TELECOMMUNICATIONS AND NETWORK SECURITY Introduction Basic Concepts Layer 1: Physical Layer Layer 2: Data-Link Layer Layer 3: Network Layer Layer 4: Transport Layer Layer 5: Session Layer Layer 6: Presentation Layer Layer 7: Application Layer Trivial File Transfer Protocol (TFTP) General References Sample Questions Endnotes APPLICATION SECURITY Domain Description and Introduction Applications Development and Programming Concepts and Protection Audit and Assurance Mechanisms Malicious Software (Malware) The Database and Data Warehousing Environment Web Application Environment Summary References OPERATIONS SECURITY Introduction Privileged Entity Controls Resource Protection Continuity of Operations Change Control Management Summary References Sample Questions LEGAL, REGULATIONS, COMPLIANCE AND INVESTIGATIONS Introduction Major Legal Systems Information Technology Laws and Regulations Incident Response Computer Forensics Conclusions References Sample Questions ANSWERS TO SAMPLE QUESTIONS CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP(R)) CANDIDATE INFORMATION BULLETIN GLOSSARY INDEX
show more