The Certified Information Systems Security Professional (CISSP) is an internationally recognized security qualification. Success in this esteemed exam opens the door to your dream job as an information security expert. As industry surveys show, a CISSP candidate earns a better salary than his counterparts without a security certification. In addition, the CISSP is a recognized qualification for US government jobs in the Department of Defense (DoD), and the National Security Agency (NSA). Similarly, this certification is also recognized by many governmental departments, businesses, stock exchanges, banks, and universities around the world. Therefore, obtaining this international certificate will present you with a host of opportunities, whether it is for employment, consulting, or an audit profession in the information security field.
But passing the final exam is challenging. Every year many candidates who attempt the exam do not prepare sufficiently and, unfortunately, fail at the final stage. This happens when they cover everything but do not properly review, which leads to a lack of confidence. This book will take you through the final weeks before the exam with a day-by-day plan that will cover all of the exam topics. It will help you to enter the exam room with confidence, knowing that you have done all you could to prepare for the examination day. This small, concise CISSP exam quick-revision guide provides a disciplined approach to be adopted for reviewing and revising the core concepts a month before the exam. This book provides a succinct explanation of important concepts in all 10 domains of the CISSP Common Body of Knowledge (CBK).
Introduction: This chapter introduces the organization of the guide, expectations, and the approach adopted.
Day 1: This chapter covers various concepts related to security management practices, control environment, and asset classification and controls.
Day 2: This chapter discusses important requirements of security awareness and training as well as risk assessment and management.
Day 3: This chapter covers the threats, vulnerabilities, and countermeasures for physical security and physical security design that includes perimeter and interior security.
Day 4: This chapter addresses the concepts in operations and facility security, along with protecting and securing equipment.
Day 5: This chapter covers concepts related to access control, methodologies and techniques, authentication, and access-related attacks and countermeasures.
Day 6: This chapter covers concepts related to vulnerability assessment and penetration testing.
Day 7: This chapter covers various concepts related to cryptography, such as methods and types of encryption, as well as the application and use of cryptography.
Day 8: This chapter covers the core concepts in Public Key Infrastructure, key management techniques, methods of cryptanalytic attacks, and various cryptographic standards.
Day 9: This chapter covers various concepts in the areas of operations procedures and responsibilities, incident management, and reporting.
Day 10: This chapter covers control environment related to operations security and also evaluation criteria, such as TCSEC.
Day 11: This chapter covers concepts in systems engineering and the Software Development Life Cycle models.
Day 12: This chapter covers IT systems, threats and vulnerabilities of application systems, and application control concepts.
Day 13: This chapter covers various concepts in network architecture, Open System Interconnect (OSI), and the TCP/IP models. It also covers various protocols in the TCP/IP models related to the application and transport layers, along with threats, vulnerabilities, attacks, and countermeasures for the TCP/IP protocols and services.
Day 14: This chapter covers different protocols that are in the network/Internet layer, data link layer, and physical layer in the TCP/IP model. In addition, it covers some of the threats and vulnerabilities that are prevalent in such protocols, common attacks, and possible countermeasures.
Day 15: This chapter covers concepts in computer architecture, the Trusted Computing Base, and protection domain and its related mechanisms.
Day 16: This chapter addresses the concepts in assurance-related standards, various certification and accreditation schemes, and various computer security models.
Day 17: This chapter covers various concepts in Business Continuity Planning, its goals and objectives as well as the concepts in the Business Impact Analysis.
Day 18: This chapter covers the Disaster Recovery Planning process, various backup concepts, and the process of resuming business from alternative sites.
Day 19: This chapter covers various computer crimes, cyber crimes, as well as different types of attacks.
Day 20: This chapter covers laws and regulations related to information systems across the world. Additionally, it covers concepts related to computer investigations and ethical usage of information systems as prescribed by international bodies including (ISC)2.
Day 21: This chapter contains a full mock test paper containing a total of 250 questions from all 10 domains.
References: This chapter provides various references and books that are relevant to the CISSP exam preparation.
This book is for all the aspirants who are planning to take the CISSP examination and obtain the coveted CISSP certification, which is considered as the gold standard in the information security personal certification.
This book assumes that the candidate already has sufficient knowledge in all 10 domains of the CISSP CBK from work experience and knowledge gained from studying information security. This book provides a concise explanation of the core concepts that are essentially covered in the exam.
Besides being a focused guide on information security, this book is also useful as a quick reference and revision guide for System and Network Administrators, Database Administrators, System Analysts, Software Developers, Application Designers, System Architects, Legal Professionals, Security Officers, Business Continuity professionals, IT Auditors, IS Auditors, Vulnerability Assessors, Penetration Testers, and Ethical Hackers.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
New terms and important words are introduced in a bold-type font.
Note
Tips and tricks appear like this.
Feedback from our readers is always welcome. Let us know what you think about this book, what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply drop an email to <[email protected]>, making sure to mention the book title in the subject of your message.
If there is a book that you need and would like to see us publish, please send us a note in the SUGGEST A TITLE form on http://www.packtpub.com or email <[email protected]>.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on http://www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our contents, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in text or code—we would be grateful if you would report this to us. By doing this you can save other readers from frustration, and help to improve subsequent versions of this book. If you find any errata, report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the let us know link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata added to the list of existing errata. The existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide the location address or website name immediately so we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with some aspect of the book, and we will do our best to address it.