Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Certified Information Systems Security Professional (CISSP) Exam Guide
  • Table Of Contents Toc
Certified Information Systems Security Professional (CISSP) Exam Guide

Certified Information Systems Security Professional (CISSP) Exam Guide

By : Ted Jordan, Ric Daza, Hinne Hettema
5 (5)
Buy this Book
close
close
Certified Information Systems Security Professional (CISSP) Exam Guide

Certified Information Systems Security Professional (CISSP) Exam Guide

5 (5)
By: Ted Jordan, Ric Daza, Hinne Hettema
Buy this Book

Overview of this book

The (ISC)2 CISSP exam evaluates the competencies required to secure organizations, corporations, military sites, and government entities. The comprehensive CISSP certification guide offers up-to-date coverage of the latest exam syllabus, ensuring you can approach the exam with confidence, fully equipped to succeed. Complete with interactive flashcards, invaluable exam tips, and self-assessment questions, this CISSP book helps you build and test your knowledge of all eight CISSP domains. Detailed answers and explanations for all questions will enable you to gauge your current skill level and strengthen weak areas. This guide systematically takes you through all the information you need to not only pass the CISSP exam, but also excel in your role as a security professional. Starting with the big picture of what it takes to secure the organization through asset and risk management, it delves into the specifics of securing networks and identities. Later chapters address critical aspects of vendor security, physical security, and software security. By the end of this book, you'll have mastered everything you need to pass the latest CISSP certification exam and have this valuable desktop reference tool for ongoing security needs.
Table of Contents (28 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who This Book Is For
Icon
What This Book Covers
Icon
How to Get the Most Out of This Book
Icon
Online Practice Resources
Icon
Download the Color Images
Icon
Conventions Used
Icon
Get in Touch
Icon
Share Your Thoughts
Icon
Download a Free PDF Copy of This Book
Lock Free Chapter
1
Intro I: Becoming a CISSP
Icon
Intro I: Becoming a CISSP
Icon
Making the Most Out of This Book – Your Certification and Beyond
Icon
The Need for CISSPs
Icon
CISSP Exam Overview
Icon
CISSP Exam Structure
Icon
Information About Becoming a CISSP
Icon
Exam Tips and Tricks
Icon
Summary
2
Intro II: Pre-Assessment Test
Icon
Intro II: Pre-Assessment Test
Icon
Security and Risk Management – 16%
Icon
Asset Security – 10%
Icon
Security Architecture and Engineering – 13%
Icon
Communication and Network Security – 13%
Icon
Identity and Access Management (IAM) – 13%
Icon
Security Assessment and Testing – 12%
Icon
Security Operations – 13%
Icon
Software Development Security – 10%
Icon
Answer Key
Icon
Summary
3
Chapter 1: Ethics, Security Concepts, and Governance Principles
Icon
Chapter 1: Ethics, Security Concepts, and Governance Principles
Icon
The ISC2 Code of Professional Ethics
Icon
Important Security Concepts
Icon
Confidentiality Concepts
Icon
Essential Security Frameworks
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
4
Chapter 2: Compliance, Regulation, and Investigations
Icon
Chapter 2: Compliance, Regulation, and Investigations
Icon
Determining Compliance and Other Requirements
Icon
Understanding Legal and Regulatory Issues
Icon
Understanding the Requirements for Investigation Types
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
5
Chapter 3: Security Policies and Business Continuity
Icon
Chapter 3: Security Policies and Business Continuity
Icon
Policies
Icon
Standards
Icon
Procedures
Icon
Guidelines
Icon
Identifying, Analyzing, and Prioritizing BC Requirements
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
6
Chapter 4: Risk Management, Threat Modeling, SCRM, and SETA
Icon
Chapter 4: Risk Management, Threat Modeling, SCRM, and SETA
Icon
Risk Management
Icon
Threat Modeling Concepts and Methodologies
Icon
Supply Chain Risk Management
Icon
SETA Programs
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
7
Chapter 5: Asset and Privacy Protection
Icon
Chapter 5: Asset and Privacy Protection
Icon
Identifying and Classifying Information and Assets
Icon
Establishing Information- and Asset-Handling Requirements
Icon
Provisioning Resources Securely
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
8
Chapter 6: Information and Asset Handling
Icon
Chapter 6: Information and Asset Handling
Icon
Managing the Data Life Cycle
Icon
Asset Retention
Icon
Data Security Controls and Compliance
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
9
Chapter 7: Secure Design Principles and Controls
Icon
Chapter 7: Secure Design Principles and Controls
Icon
Researching, Implementing, and Managing Engineering Processes Securely
Icon
Understanding the Fundamental Concepts of Security Models
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
10
Chapter 8: Architecture Vulnerabilities and Cryptography
Icon
Chapter 8: Architecture Vulnerabilities and Cryptography
Icon
Security Capabilities of Information Systems
Icon
Assessing and Mitigating the Vulnerabilities of Security Architectures and Designs
Icon
Selecting and Determining Cryptographic Solutions
Icon
Web Application Security
Icon
Public Key Infrastructure
Icon
Understanding Methods of Cryptanalytic Attacks
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
11
Chapter 9: Facilities and Physical Security
Icon
Chapter 9: Facilities and Physical Security
Icon
Security Principles in Site and Facility Design
Icon
Cabling Wiring and Distribution Facilities
Icon
Restricted and Work Area Security
Icon
Utilities and Heating, Ventilation, and Air Conditioning (HVAC)
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
12
Chapter 10: Network Architecture Security
Icon
Chapter 10: Network Architecture Security
Icon
Secure Design Principles in Network Architectures
Icon
TCP/IP Model
Icon
Implications of Multilayer Protocols
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
13
Chapter 11: Securing Communication Channels
Icon
Chapter 11: Securing Communication Channels
Icon
Secure Network Components
Icon
Operation of Hardware
Icon
Secure Communication Channels
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
14
Chapter 12: Identity, Access Management, and Federation
Icon
Chapter 12: Identity, Access Management, and Federation
Icon
Securing Access Control
Icon
Identity Provisioning
Icon
Authentication Methods
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
15
Chapter 13: Identity Management Implementation
Icon
Chapter 13: Identity Management Implementation
Icon
Implementing Authentication Systems
Icon
Authentication, Authorization, and Accounting Systems
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
16
Chapter 14: Designing and Conducting Security Assessments
Icon
Chapter 14: Designing and Conducting Security Assessments
Icon
Designing and Validating Assessment, Test, and Audit Strategies
Icon
Conducting Security Control Testing
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
17
Chapter 15: Designing and Conducting Security Testing
Icon
Chapter 15: Designing and Conducting Security Testing
Icon
Collecting Security Process Data
Icon
Disaster Recovery and Business Continuity
Icon
Analyzing Test Output and Generating a Report
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
18
Chapter 16: Planning for Security Operations
Icon
Chapter 16: Planning for Security Operations
Icon
Understanding and Complying with Investigations
Icon
Conducting Logging and Monitoring Activities
Icon
Performing Configuration Management
Icon
Applying Foundational Security Operations Concepts
Icon
Applying Resource Protection
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
19
Chapter 17: Security Operations
Icon
Chapter 17: Security Operations
Icon
Conducting Incident Management
Icon
Operating and Maintaining Detective and Preventive Measures
Icon
Implementing and Supporting Patch and Vulnerability Management
Icon
Change Management Processes
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
20
Chapter 18: Disaster Recovery
Icon
Chapter 18: Disaster Recovery
Icon
Implementing Disaster Recovery Strategies
Icon
Implementing Disaster Recovery Processes
Icon
Testing Disaster Recovery Plans
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
21
Chapter 19: Business Continuity, Personnel, and Physical Security
Icon
Chapter 19: Business Continuity, Personnel, and Physical Security
Icon
Planning and Exercises
Icon
Implement and Manage Physical Security
Icon
Personnel Safety and Security Concerns
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
22
Chapter 20: Software Development Life Cycle Security
chevron up
Icon
Chapter 20: Software Development Life Cycle Security
Icon
Software Development Methodologies
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
23
Chapter 21: Software Development Security Controls
Icon
Chapter 21: Software Development Security Controls
Icon
Computer Programming
Icon
Continuous Integration and Continuous Delivery
Icon
Software Security Automation
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
24
Chapter 22: Securing Software Development
Icon
Chapter 22: Securing Software Development
Icon
Assessing the Effectiveness of Software Security
Icon
Assess the Security Impact of Acquired Software
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
25
Chapter 23: Secure Coding Guidelines, Third-Party Software, and Databases
Icon
Chapter 23: Secure Coding Guidelines, Third-Party Software, and Databases
Icon
Security Vulnerabilities at the Source Code Level
Icon
Security of APIs
Icon
Secure Coding Practices
Icon
Establishing Secure Databases
Icon
Database Security
Icon
Summary
Icon
Further Reading
Icon
Exam Readiness Drill – Chapter Review Questions
Icon
Working On Timing
26
Chapter 24: Accessing the Online Practice Resources
Icon
Chapter 24: Accessing the Online Practice Resources
Icon
How to Access These Materials
Icon
Troubleshooting Tips
Icon
Back to the Book
Icon
Why subscribe?
27
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Share Your Thoughts
Icon
Download a Free PDF Copy of This Book

Software Development Methodologies

To create a secure software development project, you must have a secure development process in place. This process includes proper planning and collection of software requirements, architecture and design, coding, testing, and release and maintenance. There are several software development frameworks in use today, including Waterfall, Agile, DevOps, and DevSecOps. These frameworks guide the process of developing secure software applications and provide a structured approach to releasing software projects.

The Agile model is an incremental development methodology that focuses on customer collaboration and feedback. Agile was developed to address the dissatisfaction that customers had when the final software project did not meet their expectations; it does so by involving them more in the process. For example, consider a project where a client requires an app to print two dots. Without involvement, the developer might complete the project and make...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Certified Information Systems Security Professional (CISSP) Exam Guide
End of Section 22
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon