In this comprehensive study guide, two leading experts help you master all the topics you need to know to succeed on the latest CISSP exam and advance your career in IT security. Their concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know.
Every feature of this book supports both efficient exam preparation and long-term mastery:
Opening Topics Lists identify the topics you need to learn in each chapter and list (ISC)²’s official exam objectives Key Topic figures, tables, and lists call attention to the information that’s most crucial for exam success Exam Preparation Tasks enable you to review key topics, complete memory tables, define key terms, work through scenarios, and answer review questions…going beyond mere facts to master the concepts that are crucial to passing the exam and enhancing your career Key Terms are listed in each chapter and defined in a complete glossary, explaining all the field’s essential terminology
This study guide helps you master all the topics on the latest CISSP exam, deepening your knowledge of:
Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management (IAM) Security Assessment and Testing Security Operations Software Development Security
By:
Robin Abernathy,
Darren Hayes
Imprint: Pearson IT Certification
Country of Publication: United States
Edition: 5th edition
Dimensions:
Height: 230mm,
Width: 185mm,
Spine: 45mm
Weight: 1.565kg
ISBN: 9780135343999
ISBN 10: 0135343992
Series: Certification Guide
Pages: 944
Publication Date: 25 February 2025
Audience:
Professional and scholarly
,
Undergraduate
Format: Paperback
Publisher's Status: Active
Introduction xlix Chapter 1 Security and Risk Management 5 Foundation Topics 6 Security Terms 6 Security Governance Principles 11 Compliance 40 Legal and Regulatory Issues 42 Investigation Types 65 Professional Ethics 70 Security Documentation 72 Business Continuity 76 Personnel Security Policies and Procedures 89 Risk Management Concepts 95 Geographical Threats 133 Threat Modeling 142 Security Risks in the Supply Chain 148 Security Education, Training, and Awareness 153 Exam Preparation Tasks 155 Review All Key Topics 155 Complete the Tables and Lists from Memory 157 Define Key Terms 157 Answer Review Questions 158 Answers and Explanations 164 Chapter 2 Asset Security 171 Foundation Topics 172 Asset Security Concepts 172 Identify and Classify Information and Assets 175 Information and Asset Handling Requirements 183 Provision Resources Securely 185 Data Life Cycle 186 Asset Retention 201 Data Security Controls 203 Exam Preparation Tasks 211 Review All Key Topics 211 Define Key Terms 211 Answer Review Questions 212 Answers and Explanations 213 Chapter 3 Security Architecture and Engineering 219 Foundation Topics 220 Information Systems Life Cycle 220 Engineering Processes Using Secure Design Principles 223 Security Model Concepts 231 System Security Evaluation Models 255 Certification and Accreditation 267 Control Selection Based on Systems Security Requirements 268 Security Capabilities of Information Systems 269 Security Architecture Maintenance 272 Vulnerabilities of Security Architectures, Designs, and Solution Elements 273 Vulnerabilities in Web-Based Systems 296 Vulnerabilities in Mobile Systems 299 Vulnerabilities in Embedded Systems 304 Cryptographic Solutions 305 Cryptographic Types 317 Symmetric Algorithms 325 Asymmetric Algorithms 332 Public Key Infrastructure and Digital Certificates 335 Key Management Practices 343 Message Integrity 347 Digital Signatures and Non-repudiation 354 Applied Cryptography 354 Cryptanalytic Attacks 355 Digital Rights Management 360 Site and Facility Design 362 Site and Facility Security Controls 368 Exam Preparation Tasks 379 Review All Key Topics 379 Complete the Tables and Lists from Memory 381 Define Key Terms 381 Answer Review Questions 382 Answers and Explanations 387 Chapter 4 Communication and Network Security 391 Foundation Topics 392 Secure Network Design Principles 392 IP Networking 403 Protocols and Services 435 Converged Protocols 443 Wireless Networks 448 Communications Cryptography 468 Secure Network Components 473 Secure Communication Channels 520 Network Attacks 535 Exam Preparation Tasks 547 Review All Key Topics 547 Define Key Terms 548 Answer Review Questions 550 Answers and Explanations 555 Chapter 5 Identity and Access Management (IAM) 561 Foundation Topics 562 Access Control Process 562 Physical and Logical Access to Assets 563 Identification and Authentication Concepts 568 Identification and Authentication Implementation 588 Identity as a Service (IDaaS) Implementation 602 Third-Party Identity Services Integration 602 Authorization Mechanisms 603 Provisioning Life Cycle 612 Access Control Threats 618 Prevent or Mitigate Access Control Threats 625 Exam Preparation Tasks 625 Review All Key Topics 625 Define Key Terms 626 Answer Review Questions 627 Answers and Explanations 630 Chapter 6 Security Assessment and Testing 635 Foundation Topics 636 Design and Validate Assessment and Testing Strategies 636 Conduct Security Control Testing 639 Collect Security Process Data 655 Analyze Test Outputs and Generate a Report 659 Conduct or Facilitate Security Audits 659 Exam Preparation Tasks 661 Review All Key Topics 661 Define Key Terms 662 Answer Review Questions 662 Answers and Explanations 665 Chapter 7 Security Operations 673 Foundation Topics 674 Investigations 674 Logging and Monitoring Activities 690 Configuration and Change Management 697 Security Operations Concepts 702 Resource Protection 707 Incident Management 719 Detective and Preventive Measures 724 Patch and Vulnerability Management 729 Recovery Strategies 729 Disaster Recovery 747 Testing Disaster Recovery Plans 751 Business Continuity Planning and Exercises 753 Physical Security 754 Personnel Safety and Security 760 Exam Preparation Tasks 763 Review All Key Topics 763 Define Key Terms 764 Answer Review Questions 764 Answers and Explanations 768 Chapter 8 Software Development Security 773 Foundation Topics 774 Software Development Concepts 774 Security in the System and Software Development Life Cycle 783 Security Controls in Development 806 Assess Software Security Effectiveness 815 Security Impact of Acquired Software 817 Exam Preparation Tasks 825 Review All Key Topics 825 Define Key Terms 825 Answer Review Questions 826 Answers and Explanations 830 Chapter 9 Final Preparation 835 Tools for Final Preparation 835 Suggested Plan for Final Review/Study 839 Summary 840 Online Elements Appendix A Memory Tables Appendix B Memory Tables Answer Key Glossary 9780135343999, TOC, 7/24/24
Robin M. Abernathy has been working in the IT certification preparation industry for more than 20 years. She has written and edited certification preparation materials for many (ISC)2, Microsoft, CompTIA, PMI, ITIL, ISACA, and GIAC certifications and holds multiple IT certifications from these vendors. Robin provides training on computer hardware and software, networking, security, and project management. Over the past decade, she has ventured into the traditional publishing industry by technically editing several publications and co-authoring Pearson’s CISSP Cert Guide and CASP+ Cert Guide and authoring Pearson’s Project+ Cert Guide. She presents at technical conferences and hosts webinars on IT certification topics. Dr. Darren R. Hayes has close to 20 years of academic and professional experience in computer security and digital forensics. He has authored numerous publications in these fields, including A Practical Guide to Digital Forensics Investigations, which is published by Pearson. He is Associate Professor at Pace University, where he is the founder and director of the Seidenberg Digital Forensics Research Lab. He holds numerous IT certifications in security and digital forensics and holds a PhD from Sapienza University in Italy and a doctorate from Pace University. Darren is also a professional digital forensics examiner and has supported both criminal and civil investigations over the past decade and a half. He has also been declared an expert witness in federal court.
