Book Image

CISSP in 21 Days - Second Edition

By : M. L. Srinivasan, None M.L.Srinivasan
Book Image

CISSP in 21 Days - Second Edition

By: M. L. Srinivasan, None M.L.Srinivasan

Overview of this book

Certified Information Systems Security Professional (CISSP) is an internationally recognized and coveted qualification. Success in this respected exam opens the door to your dream job as a security expert with an eye-catching salary. But passing the final exam is challenging. Every year a lot of candidates do not prepare sufficiently for the examination, and fail at the final stage. This happens when they cover everything but do not revise properly and hence lack confidence. This simple yet informative book will take you through the final weeks before the exam with a day-by-day plan covering all of the exam topics. It will build your confidence and enable you to crack the Gold Standard exam, knowing that you have done all you can to prepare for the big day. This book provides concise explanations of important concepts in all 10 domains of the CISSP Common Body of Knowledge (CBK). Starting with Confidentiality, Integrity, and Availability, you will focus on classifying information and supporting assets. You will understand data handling requirements for sensitive information before gradually moving on to using secure design principles while implementing and managing engineering processes. You will understand the application of cryptography in communication security and prevent or mitigate strategies for network attacks. You will also learn security control requirements and how to assess their effectiveness. Finally, you will explore advanced topics such as automated and manual test result analysis and reporting methods. A complete mock test is included at the end to evaluate whether you're ready for the exam. This book is not a replacement for full study guides; instead, it builds on and reemphasizes concepts learned from them.
Table of Contents (27 chapters)
CISSP in 21 Days Second Edition
Credits
About the Author
About the Reviewer
www.PacktPub.com
Preface

An overview of controlling, analyzing, auditing, and reporting security test data


Security controls can be grouped as administrative and technical. The physical verification of an employee badge is a procedural administrative security control. Similarly, an access control system, such as a card reader that automates such a verification, is a technical security control. The function of a security control is based on data.

There are two types of applicable data pertaining to security controls. One is the data that is provided to the control for processing, in other words, the input data to the control. The other is security process data, in other words, the output data. For example, during a vulnerability scan on systems, lots of process data is available. Similarly, monitoring systems, such as intrusion prevention or detection systems, generate process data during control operations.

The input and output data of a security process has to be secured for analysis and establish an audit trail...