图书简介
CISSP Study Guide - fully updated for the 2018 CISSP Body of Knowledge
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You’ll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you’ve learned with key topic exam essentials and chapter review questions.
Along with the book, you also get access to Sybex’s superior online interactive learning environment that includes:
- Four unique 250 question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you’re ready to take the certification exam.
- More than 650 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
- A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
Coverage of all of the exam topics in the book means you’ll be ready for:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
Introduction xxxiii Assessment Test xlii Chapter 1 Security Governance Through Principles and Policies 1 Understand and Apply Concepts of Confidentiality, Integrity, and Availability 2 Evaluate and Apply Security Governance Principles 14 Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines 26 Understand and Apply Threat Modeling Concepts and Methodologies 30 Apply Risk-Based Management Concepts to the Supply Chain 38 Summary 40 Exam Essentials 42 Written Lab 44 Review Questions 45 Chapter 2 Personnel Security and Risk Management Concepts 49 Personnel Security Policies and Procedures 51 Security Governance 62 Understand and Apply Risk Management Concepts 63 Establish and Maintain a Security Awareness, Education, and Training Program 86 Manage the Security Function 87 Summary 88 Exam Essentials 89 Written Lab 92 Review Questions 93 Chapter 3 Business Continuity Planning 97 Planning for Business Continuity 98 Project Scope and Planning 99 Business Impact Assessment 105 Continuity Planning 111 Plan Approval and Implementation 114 Summary 119 Exam Essentials 119 Written Lab 120 Review Questions 121 Chapter 4 Laws, Regulations, and Compliance 125 Categories of Laws 126 Laws 129 Compliance 149 Contracting and Procurement 150 Summary 151 Exam Essentials 152 Written Lab 153 Review Questions 154 Chapter 5 Protecting Security of Assets 159 Identify and Classify Assets 160 Determining Ownership 178 Using Security Baselines 186 Summary 187 Exam Essentials 188 Written Lab 189 Review Questions 190 Chapter 6 Cryptography and Symmetric Key Algorithms 195 Historical Milestones in Cryptography 196 Cryptographic Basics 198 Modern Cryptography 214 Symmetric Cryptography 219 Cryptographic Lifecycle 228 Summary 229 Exam Essentials 229 Written Lab 231 Review Questions 232 Chapter 7 PKI and Cryptographic Applications 237 Asymmetric Cryptography 238 Hash Functions 242 Digital Signatures 246 Public Key Infrastructure 249 Asymmetric Key Management 253 Applied Cryptography 254 Cryptographic Attacks 265 Summary 268 Exam Essentials 269 Written Lab 270 Review Questions 271 Chapter 8 Principles of Security Models, Design, and Capabilities 275 Implement and Manage Engineering Processes Using Secure Design Principles 276 Understand the Fundamental Concepts of Security Models 281 Select Controls Based On Systems Security Requirements 295 Understand Security Capabilities of Information Systems 309 Summary 311 Exam Essentials 312 Written Lab 313 Review Questions 314 Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 319 Assess and Mitigate Security Vulnerabilities 320 Client-Based Systems 342 Server-Based Systems 346 Database Systems Security 347 Distributed Systems and Endpoint Security 350 Internet of Things 358 Industrial Control Systems 359 Assess and Mitigate Vulnerabilities in Web-Based Systems 360 Assess and Mitigate Vulnerabilities in Mobile Systems 365 Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems 375 Essential Security Protection Mechanisms 379 Common Architecture Flaws and Security Issues 384 Summary 390 Exam Essentials 391 Written Lab 394 Review Questions 395 Chapter 10 Physical Security Requirements 399 Apply Security Principles to Site and Facility Design 400 Implement Site and Facility Security Controls 403 Implement and Manage Physical Security 422 Summary 431 Exam Essentials 432 Written Lab 434 Review Questions 435 Chapter 11 Secure Network Architecture and Securing Network Components 439 OSI Model 440 TCP/IP Model 451 Converged Protocols 470 Wireless Networks 472 Secure Network Components 486 Cabling, Wireless, Topology, Communications, and Transmission Media Technology 495 Summary 513 Exam Essentials 514 Written Lab 516 Review Questions 517 Chapter 12 Secure Communications and Network Attacks 521 Network and Protocol Security Mechanisms 522 Secure Voice Communications 525 Multimedia Collaboration 529 Manage Email Security 530 Remote Access Security Management 536 Virtual Private Network 540 Virtualization 546 Network Address Translation 549 Switching Technologies 553 WAN Technologies 556 Miscellaneous Security Control Characteristics 561 Security Boundaries 563 Prevent or Mitigate Network Attacks 564 Summary 569 Exam Essentials 571 Written Lab 573 Review Questions 574 Chapter 13 Managing Identity and Authentication 579 Controlling Access to Assets 580 Comparing Identification and Authentication 584 Implementing Identity Management 602 Managing the Identity and Access Provisioning Lifecycle 611 Summary 614 Exam Essentials 615 Written Lab 617 Review Questions 618 Chapter 14 Controlling and Monitoring Access 623 Comparing Access Control Models 624 Understanding Access Control Attacks 635 Summary 653 Exam Essentials 654 Written Lab 656 Review Questions 657 Chapter 15 Security Assessment and Testing 661 Building a Security Assessment and Testing Program 662 Performing Vulnerability Assessments 668 Testing Your Software 681 Implementing Security Management Processes 688 Summary 690 Exam Essentials 691 Written Lab 692 Review Questions 693 Chapter 16 Managing Security Operations 697 Applying Security Operations Concepts 698 Securely Provisioning Resources 710 Managing Configuration 718 Managing Change 719 Managing Patches and Reducing Vulnerabilities 723 Summary 728 Exam Essentials 729 Written Lab 731 Review Questions 732 Chapter 17 Preventing and Responding to Incidents 737 Managing Incident Response 738 Implementing Detective and Preventive Measures 745 Logging, Monitoring, and Auditing 773 Summary 790 Exam Essentials 792 Written Lab 795 Review Questions 796 Chapter 18 Disaster Recovery Planning 801 The Nature of Disaster 802 Understand System Resilience and Fault Tolerance 812 Recovery Strategy 818 Recovery Plan Development 827 Training, Awareness, and Documentation 835 Testing and Maintenance 836 Summary 838 Exam Essentials 838 Written Lab 839 Review Questions 840 Chapter 19 Investigations and Ethics 845 Investigations 846 Major Categories of Computer Crime 857 Ethics 861 Summary 864 Exam Essentials 864 Written Lab 865 Review Questions 866 Chapter 20 Software Development Security 871 Introducing Systems Development Controls 872 Establishing Databases and Data Warehousing 895 Storing Data and Information 904 Understanding Knowledge-Based Systems 906 Summary 909 Exam Essentials 909 Written Lab 910 Review Questions 911 Chapter 21 Malicious Code and Application Attacks 915 Malicious Code 916 Password Attacks 929 Application Attacks 933 Web Application Security 935 Reconnaissance Attacks 940 Masquerading Attacks 941 Summary 942 Exam Essentials 943 Written Lab 944 Review Questions 945 Appendix A Answers to Review Questions 949 Chapter 1: Security Governance Through Principles and Policies 950 Chapter 2: Personnel Security and Risk Management Concepts 951 Chapter 3: Business Continuity Planning 952 Chapter 4: Laws, Regulations, and Compliance 954 Chapter 5: Protecting Security of Assets 956 Chapter 6: Cryptography and Symmetric Key Algorithms 958 Chapter 7: PKI and Cryptographic Applications 960 Chapter 8: Principles of Security Models, Design, and Capabilities 961 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 963 Chapter 10: Physical Security Requirements 965 Chapter 11: Secure Network Architecture and Securing Network Components 966 Chapter 12: Secure Communications and Network Attacks 968 Chapter 13: Managing Identity and Authentication 969 Chapter 14: Controlling and Monitoring Access 971 Chapter 15: Security Assessment and Testing 973 Chapter 16: Managing Security Operations 975 Chapter 17: Preventing and Responding to Incidents 977 Chapter 18: Disaster Recovery Planning 980 Chapter 19: Investigations and Ethics 981 Chapter 20: Software Development Security 983 Chapter 21: Malicious Code and Application Attacks 984 Appendix B Answers to Written Labs 987 Chapter 1: Security Governance Through Principles and Policies 988 Chapter 2: Personnel Security and Risk Management Concepts 988 Chapter 3: Business Continuity Planning 989 Chapter 4: Laws, Regulations, and Compliance 990 Chapter 5: Protecting Security of Assets 991 Chapter 6: Cryptography and Symmetric Key Algorithms 991 Chapter 7: PKI and Cryptographic Applications 992 Chapter 8: Principles of Security Models, Design, and Capabilities 992 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 993 Chapter 10: Physical Security Requirements 994 Chapter 11: Secure Network Architecture and Securing Network Components 994 Chapter 12: Secure Communications and Network Attacks 995 Chapter 13: Managing Identity and Authentication 996 Chapter 14: Controlling and Monitoring Access 996 Chapter 15: Security Assessment and Testing 997 Chapter 16: Managing Security Operations 997 Chapter 17: Preventing and Responding to Incidents 998 Chapter 18: Disaster Recovery Planning 999 Chapter 19: Investigations and Ethics 999 Chapter 20: Software Development Security 1000 Chapter 21: Malicious Code and Application Attacks 1000 Index 1001
Trade Policy 买家须知
- 关于产品:
- ● 正版保障:本网站隶属于中国国际图书贸易集团公司,确保所有图书都是100%正版。
- ● 环保纸张:进口图书大多使用的都是环保轻型张,颜色偏黄,重量比较轻。
- ● 毛边版:即书翻页的地方,故意做成了参差不齐的样子,一般为精装版,更具收藏价值。
关于退换货:
- 由于预订产品的特殊性,采购订单正式发订后,买方不得无故取消全部或部分产品的订购。
- 由于进口图书的特殊性,发生以下情况的,请直接拒收货物,由快递返回:
- ● 外包装破损/发错货/少发货/图书外观破损/图书配件不全(例如:光盘等)
并请在工作日通过电话400-008-1110联系我们。
- 签收后,如发生以下情况,请在签收后的5个工作日内联系客服办理退换货:
- ● 缺页/错页/错印/脱线
关于发货时间:
- 一般情况下:
- ●【现货】 下单后48小时内由北京(库房)发出快递。
- ●【预订】【预售】下单后国外发货,到货时间预计5-8周左右,店铺默认中通快递,如需顺丰快递邮费到付。
- ● 需要开具发票的客户,发货时间可能在上述基础上再延后1-2个工作日(紧急发票需求,请联系010-68433105/3213);
- ● 如遇其他特殊原因,对发货时间有影响的,我们会第一时间在网站公告,敬请留意。
关于到货时间:
- 由于进口图书入境入库后,都是委托第三方快递发货,所以我们只能保证在规定时间内发出,但无法为您保证确切的到货时间。
- ● 主要城市一般2-4天
- ● 偏远地区一般4-7天
关于接听咨询电话的时间:
- 010-68433105/3213正常接听咨询电话的时间为:周一至周五上午8:30~下午5:00,周六、日及法定节假日休息,将无法接听来电,敬请谅解。
- 其它时间您也可以通过邮件联系我们:customer@readgo.cn,工作日会优先处理。
关于快递:
- ● 已付款订单:主要由中通、宅急送负责派送,订单进度查询请拨打010-68433105/3213。
本书暂无推荐
本书暂无推荐