Table of contents:
DOMAIN 1 INFORMATION SECURITY AND RISK MANAGEMENT. The Business Case for Information Security Management. Information Security Management Governance. Organizational Behavior. Security Awareness, Training, and Education. Risk Management. Ethics. Sample CISSP Questions. Footnotes. References. DOMAIN 2 ACCESS CONTROL. Definitions and Key Concepts. Access Control Categories and Types. Access Control Threats. Access to Systems. Access to Data. Intrusion Detection and Prevention Systems. Access Control Assurance. References. Sample Questions. DOMAIN 3 CRYPTOGRAPHY. Key Concepts and Definitions. Encryption Systems. Message Integrity Controls. Digital Signatures. Encryption Management. Cryptanalysis and Attacks. Encryption Usage. Footnotes. References. Sample Questions. DOMAIN 4 PHYSICAL (ENVIRONMENTAL) SECURITY. Introduction. Site Location. The Layered Defense Model. Information Protection and Management Services. References. Sample Questions. DOMAIN 5 SECURITY ARCHITECTURE AND DESIGN. Security Architecture and Design Components and Principles. Security Models and Architecture Theory. Security Product Evaluation Methods and Criteria. References. Sample Questions. DOMAIN 6 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING. Why Continuity Planning? The Need for Focus. Organization of the BCP/DRP Domain Chapter. References. Sample Questions. DOMAIN 7 TELECOMMUNICATIONS AND NETWORK SECURITY. Basic concepts. Physical layer. Layer 2: Data Link layer. Layer 3: Network layer. Layer 4: Transport layer. Layer 5: Session layer. Layer 6: Presentation layer. Layer 7: Application layer. General References. Sample Questions. DOMAIN 9 OPERATIONS SECURITY. Introduction. Privileged Entity Controls. Resource Protection. Continuity of Operations. Change Control Management. Summary. Reference List. Sample Questions. DOMAIN 10 LAW, REGULATIONS, COMPLIANCE, AND INVESTIGATION. Introduciton. Major Legal Systems. Information Technology Laws & Regulations. Incident Response. Incident Response and Handling. Computer Forensics. Conclusions. End Notes.
Candidates for the CISSP exam can now go directly to the source for study materials that are indispensable in achieving certification. The Official (ISC)2 Guide to the CISSP CBK is derived from the actual CBK review course created and administered by the non-profit security consortium (ISC)2. In addition to being an invaluable study guide, this book is detailed enough to serve as an authoritative information security resource. A CISSP certification garners significant respect, signifying that the recipient has demonstrated a higher standard of knowledge, proficiency, and ethics.
Candidates for the CISSP exam can now go directly to the source for study materials that are indispensable in achieving certification. The Official (ISC)2 Guide to the CISSP CBK is derived from the actual CBK review course created and administered by the non-profit security consortium (ISC)2. In addition to being an invaluable study guide, this book is detailed enough to serve as an authoritative information security resource. A CISSP certification garners significant respect, signifying that the recipient has demonstrated a higher standard of knowledge, proficiency, and ethics.
DOMAIN 1 INFORMATION SECURITY AND RISK MANAGEMENT. The Business Case for Information Security Management. Information Security Management Governance. Organizational Behavior. Security Awareness, Training, and Education. Risk Management. Ethics. Sample CISSP Questions. Footnotes. References. DOMAIN 2 ACCESS CONTROL. Definitions and Key Concepts. Access Control Categories and Types. Access Control Threats. Access to Systems. Access to Data. Intrusion Detection and Prevention Systems. Access Control Assurance. References. Sample Questions. DOMAIN 3 CRYPTOGRAPHY. Key Concepts and Definitions. Encryption Systems. Message Integrity Controls. Digital Signatures. Encryption Management. Cryptanalysis and Attacks. Encryption Usage. Footnotes. References. Sample Questions. DOMAIN 4 PHYSICAL (ENVIRONMENTAL) SECURITY. Introduction. Site Location. The Layered Defense Model. Information Protection and Management Services. References. Sample Questions. DOMAIN 5 SECURITY ARCHITECTURE AND DESIGN. Security Architecture and Design Components and Principles. Security Models and Architecture Theory. Security Product Evaluation Methods and Criteria. References. Sample Questions. DOMAIN 6 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING. Why Continuity Planning? The Need for Focus. Organization of the BCP/DRP Domain Chapter. References. Sample Questions. DOMAIN 7 TELECOMMUNICATIONS AND NETWORK SECURITY. Basic concepts. Physical layer. Layer 2: Data Link layer. Layer 3: Network layer. Layer 4: Transport layer. Layer 5: Session layer. Layer 6: Presentation layer. Layer 7: Application layer. General References. Sample Questions. DOMAIN 9 OPERATIONS SECURITY. Introduction. Privileged Entity Controls. Resource Protection. Continuity of Operations. Change Control Management. Summary. Reference List. Sample Questions. DOMAIN 10 LAW, REGULATIONS, COMPLIANCE, AND INVESTIGATION. Introduciton. Major Legal Systems. Information Technology Laws & Regulations. Incident Response. Incident Response and Handling. Computer Forensics. Conclusions. End Notes.
Candidates for the CISSP exam can now go directly to the source for study materials that are indispensable in achieving certification. The Official (ISC)2 Guide to the CISSP CBK is derived from the actual CBK review course created and administered by the non-profit security consortium (ISC)2. In addition to being an invaluable study guide, this book is detailed enough to serve as an authoritative information security resource. A CISSP certification garners significant respect, signifying that the recipient has demonstrated a higher standard of knowledge, proficiency, and ethics.
Candidates for the CISSP exam can now go directly to the source for study materials that are indispensable in achieving certification. The Official (ISC)2 Guide to the CISSP CBK is derived from the actual CBK review course created and administered by the non-profit security consortium (ISC)2. In addition to being an invaluable study guide, this book is detailed enough to serve as an authoritative information security resource. A CISSP certification garners significant respect, signifying that the recipient has demonstrated a higher standard of knowledge, proficiency, and ethics.