CISSP Study GuideCISSP Study Guide serves as a review for those who want to take the Certified Information Systems Security Professional (CISSP) exam and obtain CISSP certification. The exam is designed to ensure that someone who is handling computer security in a company has a standardized body of knowledge. The book is composed of 10 domains of the Common Body of Knowledge. In each section, it defines each domain. It also provides tips on how to prepare for the exam and take the exam. It also contains CISSP practice quizzes to test ones knowledge. The first domain provides information about risk analysis and mitigation. It also discusses security governance. The second domain discusses different techniques for access control, which is the basis for all the security disciplines. The third domain explains the concepts behind cryptography, which is a secure way of communicating that is understood only by certain recipients. Domain 5 discusses security system design, which is fundamental for operating the system and software security components. Domain 6 is a critical domain in the Common Body of Knowledge, the Business Continuity Planning, and Disaster Recovery Planning. It is the final control against extreme events such as injury, loss of life, or failure of an organization. Domains 7, 8, and 9 discuss telecommunications and network security, application development security, and the operations domain, respectively. Domain 10 focuses on the major legal systems that provide a framework in determining the laws about information system.
|
Contents
1 | |
7 | |
37 | |
Domain 3 Cryptography | 91 |
Domain 4 PhysicalEnvironmental security | 131 |
Domain 5 Security architecture and design | 165 |
Domain 6 Businesscontinuity and disasterrecovery planning | 211 |
Domain 7 Telecommunications and network security | 255 |
Other editions - View all
Common terms and phrases
access control algorithm allows Annualized Loss Expectancy Answers and Explanations applications assets attack authentication availability BCP/DRP bits Business Continuity cable called cipher ciphertext CISSP client common confidentiality configuration connection Correct Answer create cryptographic database decrypt designed detection device Disaster Recovery disk disruptive event Domain encryption ensure Ethics EXAM WARNING example Figure firewall hardware hash ICMP implementation incident response incorrect information security integrity Internet IP address IPSec IPv4 IPv6 Kerberos Layer MAC address malicious malware memory Microsoft mode multiple nodes objects one-time pad operating system organization organization’s OSI model packet password password cracking patch Phishing physical plaintext Plan port protection Protocol RAID rainbow tables risk router routing scans Separation of duties server specific symmetric Table TCP/IP TCSEC testing threat tion traffic typically vulnerability wireless