CISSP: Certified Information Systems Security Professional study guide

Free Download

Authors:

ISBN: 9780782141757, 0-7821-4175-7

Size: 3 MB (3525918 bytes)

Pages: 770/770

File format:

Language:

Publishing Year:

Category:

Ed Tittel, Mike Chapple, James Michael Stewart9780782141757, 0-7821-4175-7

IT security skills are in high demand, and the CISSP Study Guide can give you the skills you need to pursue a successful career as an IT security professional. Sponsored by (ICS2), CISSP was selected as one of the “10 Hottest Certifications for 2002” by the leading certification web site, CertCities.com. It was developed to validate mastery of an international standard for information security. Topics covered include security architecture, access control systems, cryptography, operations and physical security, law, investigation & ethics. Written by IT security experts with years of real-world security experience, this book provides in-depth coverage of all official exam domains and includes hundreds of challenging review questions, electronic flashcards, and a searchable electronic version of the entire book.

Table of contents :
Acknowledgments……Page 5
How to Use This Book……Page 6
Notes on This Book s Organization……Page 7
CISSP and SSCP……Page 8
Overview of the CISSP Exam……Page 9
Advice on Taking the Exam……Page 10
Study and Exam Preparation Tips……Page 11
Assessment Test……Page 12
Answers to Assessment Test……Page 22
Accountability and Access Control……Page 27
Access Control Overview……Page 28
Identification and Authentication Techniques……Page 32
Passwords……Page 33
Biometrics……Page 36
Tokens……Page 38
Tickets……Page 39
Access Control Techniques……Page 41
State Machine Model……Page 43
Bell- LaPadula Model……Page 44
Biba……Page 45
Information Flow Model……Page 47
Access Control Matrix……Page 48
Implementation……Page 49
RADIUS and TACACS……Page 50
Account Administration……Page 51
Account, Log, and Journal Monitoring……Page 52
Access Rights and Permissions……Page 53
Summary……Page 54
Exam Essentials……Page 55
Key Terms……Page 57
Review Questions……Page 60
Answers to Review Questions……Page 64
Attacks and Monitoring……Page 66
Monitoring……Page 67
Intrusion Detection……Page 68
Host- Based and Network- Based IDSs……Page 69
Knowledge- Based and Behavior- Based Detection……Page 70
IDS- Related Tools……Page 71
Penetration Testing……Page 72
Methods of Attacks……Page 73
Brute Force and Dictionary Attacks……Page 74
Denial of Service……Page 76
Spoofing Attacks……Page 79
Sniffer Attacks……Page 80
Crackers……Page 81
Summary……Page 82
Exam Essentials……Page 83
Key Terms……Page 87
Review Questions……Page 88
Answers to Review Questions……Page 93
ISO Model, Network Security, and Protocols……Page 96
OSI Model……Page 97
Physical Layer……Page 101
Data Link Layer……Page 102
Network Layer……Page 103
Session Layer……Page 104
Application Layer……Page 105
Communications and Network Security……Page 106
Network Cabling……Page 107
LAN Technologies……Page 111
Network Topologies……Page 112
TCP/ IP Overview……Page 115
Internet/ Intranet/ Extranet Components……Page 116
Firewalls……Page 117
Other Network Devices……Page 119
Network and Protocol Security Mechanisms……Page 120
Network and Protocol Services……Page 123
Exam Essentials……Page 125
Key Terms……Page 127
Review Questions……Page 130
Answers to Review Questions……Page 135
Communications Security and Countermeasures……Page 138
Tunneling……Page 140
Virtual Private Network ( VPN)……Page 141
Network Address Translation……Page 142
Miscellaneous Security Control Characteristics……Page 144
E- Mail Security……Page 145
Secure Voice Communications……Page 149
Security Boundaries……Page 152
Network Attacks and Countermeasures……Page 153
Summary……Page 156
Exam Essentials……Page 157
Key Terms……Page 159
Review Questions……Page 160
Answers to Review Questions……Page 165
Security Management Concepts and Principles……Page 167
Security Management Concepts and Principles……Page 168
Confidentiality……Page 169
Integrity……Page 170
Availability……Page 171
Other Security Concepts……Page 172
Protection Mechanisms……Page 175
Change Control/ Management……Page 177
Data Classification……Page 178
Summary……Page 181
Exam Essentials……Page 182
Key Terms……Page 185
Review Questions……Page 186
Answers to Review Questions……Page 191
Asset Value, Policies, and Roles……Page 193
Hiring……Page 194
Security Roles……Page 198
and Procedures……Page 200
Risk Management……Page 202
Risk Terminology……Page 203
Risk Assessment Methodologies……Page 205
Quantitative Risk Analysis……Page 208
Qualitative Risk Analysis……Page 210
Handling Risk……Page 212
Security Awareness Training……Page 214
Security Management Planning……Page 215
Summary……Page 216
Exam Essentials……Page 218
Key Terms……Page 222
Review Questions……Page 224
Answers to Review Questions……Page 228
Data and Application Security Issues……Page 230
Application Issues……Page 231
Local/ Nondistributed Environment……Page 232
Distributed Environment……Page 234
Database Management System ( DBMS) Architecture……Page 237
Aggregation……Page 239
Inference……Page 240
Data Mining……Page 241
Types of Storage……Page 242
Storage Threats……Page 243
Expert Systems……Page 244
Neural Networks……Page 245
Systems Development Controls……Page 246
Systems Development Life Cycle……Page 247
Life Cycle Models……Page 251
Security Control Architecture……Page 254
Summary……Page 258
Exam Essentials……Page 259
Key Terms……Page 262
Written Lab……Page 263
Review Questions……Page 264
Answers to Review Questions……Page 268
Answers to Written Lab……Page 270
Malicious Code and Application Attacks……Page 271
Malicious Code……Page 272
Viruses……Page 273
Trojan Horses……Page 280
Worms……Page 281
Password Attacks……Page 283
Password Guessing……Page 284
Social Engineering……Page 285
Countermeasures……Page 286
SYN Flood……Page 287
Smurf……Page 288
Teardrop……Page 290
Ping of Death……Page 292
Buffer Overflows……Page 293
Rootkits……Page 294
Port Scans……Page 295
Dumpster Diving……Page 296
IP Spoofing……Page 297
Decoy Techniques……Page 298
Summary……Page 299
Exam Essentials……Page 300
Key Terms……Page 302
Written Lab……Page 303
Review Questions……Page 304
Answers to Review Questions……Page 308
Answers to Written Lab……Page 310
Cryptography and Private Key Algorithms……Page 312
History……Page 313
American Civil War……Page 314
Goals of Cryptography……Page 315
Concepts……Page 317
Cryptographic Mathematics……Page 318
Ciphers……Page 323
Cryptographic Keys……Page 327
Symmetric Key Algorithms……Page 329
Asymmetric Key Algorithms……Page 330
Data Encryption Standard ( DES)……Page 332
Triple DES ( 3DES)……Page 334
International Data Encryption Algorithm ( IDEA)……Page 335
Skipjack……Page 336
Advanced Encryption Standard ( AES)……Page 337
Key Distribution……Page 338
Exam Essentials……Page 340
Key Terms……Page 343
Written Lab……Page 344
Review Questions……Page 345
Answers to Review Questions……Page 349
Answers to Written Lab……Page 351
PKI And Cryptographic Applications……Page 352
Asymmetric Cryptography……Page 353
Public and Private Keys……Page 354
RSA……Page 355
El Gamal……Page 356
Elliptic Curve……Page 357
Hash Functions……Page 358
SHA……Page 359
MD4……Page 360
Digital Signatures……Page 361
Digital Signature Standard……Page 363
Certificates……Page 364
Certificate Authorities……Page 365
Certificate Generation and Destruction……Page 366
Electronic Mail……Page 368
Web……Page 371
E- Commerce……Page 372
Networking……Page 373
Cryptographic Attacks……Page 376
Summary……Page 378
Exam Essentials……Page 379
Key Terms……Page 381
Review Questions……Page 383
Answers to Review Questions……Page 387
Principles of Computer Design……Page 389
Hardware……Page 391
Firmware……Page 408
Technical Mechanisms……Page 409
Policy Mechanisms……Page 411
Summary……Page 412
Exam Essentials……Page 413
Key Terms……Page 415
Review Questions……Page 416
Answers to Review Questions……Page 421
Principles of Security Models……Page 424
and Evaluation Criteria……Page 425
Certification and Accreditation……Page 426
Closed and Open Systems……Page 427
Confinement, Bounds, and Isolation……Page 428
Objects and Subjects……Page 429
Controls……Page 430
TCSEC Classes and Required Functionality……Page 431
Trusted Computing Base ( TCB)……Page 434
Reference Monitors and Kernels……Page 435
Security Models……Page 436
Tokens, Capabilities, and Labels……Page 438
Covert Channels……Page 439
Input and Parameter Checking……Page 440
Programming……Page 441
Electromagnetic Radiation……Page 442
Summary……Page 443
Exam Essentials……Page 444
Key Terms……Page 446
Review Questions……Page 447
Answers to Review Questions……Page 452
Administrative Management……Page 454
Antivirus Management……Page 455
Changes in Workstation/ Location……Page 457
Privileged Operations Functions……Page 458
Legal Requirements……Page 459
Record Retention……Page 460
Sensitive Information and Media……Page 461
Security Control Types……Page 464
Operations Controls……Page 465
Summary……Page 469
Exam Essentials……Page 471
Key Terms……Page 474
Review Questions……Page 475
Answers to Review Questions……Page 480
Auditing and Monitoring……Page 482
Auditing……Page 483
Audit Trails……Page 485
Reporting Concepts……Page 487
Record Retention……Page 488
Monitoring……Page 489
Monitoring Tools and Techniques……Page 490
Penetration Testing Techniques……Page 492
War Dialing……Page 493
Radiation Monitoring……Page 494
Dumpster Diving……Page 495
Inappropriate Activities……Page 496
Indistinct Threats and Countermeasures……Page 498
Summary……Page 500
Exam Essentials……Page 501
Key Terms……Page 506
Review Questions……Page 507
Answers to Review Questions……Page 512
Business Continuity Planning……Page 514
Business Continuity Planning……Page 515
Business Organization Analysis……Page 516
BCP Team Selection……Page 517
Resource Requirements……Page 519
Legal and Regulatory Requirements……Page 520
Business Impact Assessment……Page 521
Identify Priorities……Page 522
Risk Identification……Page 523
Impact Assessment……Page 524
Resource Prioritization……Page 526
Strategy Development……Page 527
Provisions and Processes……Page 528
Plan Implementation……Page 530
BCP Documentation……Page 531
Statement of Priorities……Page 532
Risk Acceptance/ Mitigation……Page 533
Maintenance……Page 534
Summary……Page 535
Exam Essentials……Page 536
Key Terms……Page 537
Review Questions……Page 538
Answers to Review Questions……Page 543
Disaster Recovery Planning……Page 546
Natural Disasters……Page 548
Man- Made Disasters……Page 553
Business Unit Priorities……Page 557
Emergency Communications……Page 558
Alternative Processing Sites……Page 559
Mutual Assistance Agreements……Page 562
Database Recovery……Page 563
Recovery Plan Development……Page 565
Emergency Response……Page 566
Backups and Offsite Storage……Page 567
Software Escrow Arrangements……Page 569
Recovery vs. Restoration……Page 570
Training and Documentation……Page 571
Checklist Test……Page 572
Maintenance……Page 573
Exam Essentials……Page 574
Key Terms……Page 575
Written Lab……Page 576
Review Questions……Page 577
Answers to Review Questions……Page 582
Answers to Written Lab……Page 585
Law and Investigations……Page 586
Categories of Laws……Page 587
Criminal Law……Page 588
Civil Law……Page 589
Laws……Page 590
Computer Crime……Page 591
Intellectual Property……Page 595
Licensing……Page 602
Import/ Export……Page 603
Privacy……Page 604
Evidence……Page 611
Investigation Process……Page 613
Summary……Page 614
Exam Essentials……Page 615
Key Terms……Page 617
Written Lab……Page 618
Review Questions……Page 619
Answers to Review Questions……Page 625
Answers to Written Lab……Page 628
Incidents and Ethics……Page 629
Major Categories of Computer Crime……Page 630
Military and Intelligence Attacks……Page 631
Financial Attacks……Page 632
Terrorist Attacks……Page 633
Fun Attacks……Page 634
Incident Handling……Page 635
Common Types of Incidents……Page 636
Abnormal and Suspicious Activity……Page 639
Confiscating Equipment, Software, and Data……Page 640
Reporting Incidents……Page 641
( ISC) Code of Ethics……Page 643
Summary……Page 644
Exam Essentials……Page 645
Key Terms……Page 647
Review Questions……Page 648
Answers to Review Questions……Page 653
Physical Security Requirements……Page 656
Physical Security Threats……Page 657
Facility Requirements……Page 658
Forms of Physical Access Controls……Page 661
Lighting……Page 662
Security Guards and Dogs……Page 663
Badges……Page 664
Motion Detectors, Sensors, and Alarms……Page 665
Technical Controls……Page 666
Environment and Life Safety……Page 668
Fire Detection and Suppression……Page 671
Equipment Failure……Page 674
Summary……Page 675
Exam Essentials……Page 676
Key Terms……Page 679
Review Questions……Page 680
Answers to Review Questions……Page 685
Glossary……Page 687

Reviews

There are no reviews yet.

Be the first to review “CISSP: Certified Information Systems Security Professional study guide”
Shopping Cart
Scroll to Top