CISSP in 21 Days.
Title:
CISSP in 21 Days.
Author:
Srinivasan, M. L.
ISBN:
9781847194510
Personal Author:
Edition:
1st ed.
Physical Description:
1 online resource (391 pages)
Contents:
CISSP in 21 Days -- Table of Contents -- CISSP in 21 Days -- Credits -- About the Author -- About the Reviewer -- Preface -- What this book covers -- Who is this book for -- Conventions -- Reader feedback -- Customer support -- Errata -- Piracy -- Questions -- 1. Introduction to CISSP -- Eligibility requirements for the CISSP exam and certification -- The (ISC)² CBK security domains -- Approach -- Summary -- 2. Day1: Information Security and Risk Management -- Knowledge requirements -- The approach -- Security management practices -- Control environment -- Management controls -- Administrative controls -- Technical controls -- Standards and guidelines -- NIST special publication 800-14 -- ISO/IEC 27000 -- Security posture -- Asset classification and control -- Classification types in government -- Classification types in private sector -- Summary -- Practice questions -- 3. Day 2: Information Security and Risk Management -- Security awareness and training -- Security awareness requirements in national and international standards -- NIST publication 800-14 -- ISO/IEC 27002:2005 information technology-security techniques-code of practice for information security management -- Identifying security awareness needs -- Coverage of security awareness training -- Awareness training on incidents -- Measuring security awareness maturity in terms of benefit/value -- Risk assessment and management -- Assets -- Threat -- Vulnerability -- Risk -- Risk definitions -- Risk scenarios -- Risk assessment -- Quantitative risk assessment -- Qualitative risk assessment -- Summary -- Practice questions -- 4. Day 3: Physical (Environmental) Security -- Knowledge requirements -- The approach -- Threats, vulnerabilities, and countermeasures for physical security -- Common threats -- Common vulnerabilities -- Physical security design -- Physical facility.
Geographic operating location -- Supporting facilities -- Physical security controls -- Perimeter security -- Interior security -- Unauthorized intrusions -- Motion detectors -- Fire -- Fire classes -- Fire detectors -- Fire suppression mediums -- Water sprinklers -- Gas dischargers -- Electrical power -- Summary -- Practice questions -- 5. Day 4: Physical (Environmental) Security -- Operations/Facility security -- Auditing -- Emergency procedures -- Startup and shutdown procedures -- Evacuation procedures -- Training and awareness -- Protecting and securing equipments -- Equipment security -- Media security -- Summary -- Practice questions -- 6. Day 5: Access Control -- Knowledge requirements -- The approach -- Access control concepts, methodologies, and techniques -- Basic concepts -- Access control models -- Discretionary access control -- Non-discretionary access control -- Access control and authentication -- Access control attacks and countermeasures -- Port scanning and compromise -- Hijacking -- Malicious code -- Password attacks -- Vulnerability compromises -- Summary -- Practice questions -- 7. Day 6: Access Control -- Vulnerability assessment -- Penetration testing -- Common myths about vulnerability assessment and penetration testing -- CVE and CVSS -- Summary -- Practice questions -- 8. Day 7: Cryptography -- Key areas of knowledge -- The approach -- Methods of encryption -- Basic concepts -- Types of encryption -- Symmetric key encryption -- Asymmetric key encryption -- Hashing -- Key length and security -- Summary of encryption types -- Application and use of cryptography -- Summary -- Practice questions -- 9. Day 8: Cryptography -- Public key infrastructure -- Secure messaging -- Message digest -- Digital signature -- Digital certificate -- Key management procedures -- Type of keys -- Key management best practices -- Key states.
Key management phases -- Methods of cryptanalytic attacks -- Cryptographic standards -- Wireless cryptographic standards -- Federal information processing standard -- Summary -- Practice questions -- 10. Day 9: Operations Security -- Knowledge requirements -- The approach -- Operations procedure and responsibilities -- Roles and responsibilities -- System administrators -- Security administrators -- Operators -- Users -- Incident management and reporting -- Incidents -- Incident management objective and goals -- Incident management controls -- Intrusion detection system -- Vulnerability assessment and penetration testing -- Patch management -- Configuration management -- Business continuity planning -- Summary -- Practice questions -- 11. Day 10: Operations Security -- Administrative management and control -- Preventive controls -- Detective controls -- Corrective controls -- Other controls -- Recovery controls -- Deterrent controls -- Compensating controls -- System controls -- System evaluation standards -- Trusted Computer System Evaluation Criteria (TCSEC) -- Common Criteria (CC) -- Summary -- Practice questions -- 12. Day 11: Application Security -- Knowledge requirements -- The approach -- Systems engineering -- System Development Life Cycle -- System development phases -- Software Development Life Cycle -- Security standards for software development processes -- Systems Security Engineering-Capability Maturity Model (SSE-CMM) -- ISO/IEC 27002 -- Summary -- Practice questions -- 13. Day 12: Application Security -- Introduction to Information Technology systems -- Object-oriented systems -- Object-oriented programming (OOP) -- Artificial Intelligence (AI) systems -- Database systems -- Threats and vulnerabilities to application systems -- Application vulnerabilities -- Common weakness enumeration -- Web application security.
Common web application vulnerabilities -- Common web application attacks -- Application controls -- Summary -- Practice questions -- 14. Day 13: Telecommunications and Network Security -- Knowledge requirements -- The approach -- Network architecture, protocols, and technologies -- Layered architecture -- Open Systems Interconnect (OSI) Model -- OSI by illustration -- Transmission Control Protocol/Internet Protocol (TCP/IP) -- TCP/IP Protocols -- Application layer protocols -- Domain Name System (DNS) -- Dynamic Host Control Protocol (DHCP) -- Hyper Text Transfer Protocol (HTTP) -- File Transfer Protocol (FTP) and TELNET -- Post Office Protocol 3 (POP3) and Internet Message Access Protocol (IMAP) -- Simple Network Management Protocol (SNMP) -- Transports Layer Security (TLS) and Secure Sockets Layer (SSL) -- Summary -- Practice questions -- 15. Day 14: Telecommunications and Network Security -- Transport layer -- Transport layer protocols -- Transmission Control Protocol (TCP) -- User Datagram Protocol (UDP) -- Network or Internet layer -- Network/Internet layer protocols -- Internet Protocol (IP) -- IPsec protocols -- Link layer -- Link layer protocols -- Address Resolution Protocol (ARP) -- Border Gateway Protocol (BGP) -- Ethernet -- Summary -- Practice questions -- 16. Day 15: Security Architecture and Design -- Knowledge requirements -- The approach -- Computer architecture -- Elements of computer architecture -- Computer systems -- Computing principles -- Information security in computer architecture -- Trusted computing -- Summary -- Practice questions -- 17. Day 16: Security Architecture and Design -- Assurance -- Common Criteria (CC) -- Certification and accreditation -- DITSCAP -- NIACAP -- DIACAP -- SSE-CMM -- Security engineering practices -- Security organizational processes -- Information security models -- Take-Grant model.
Bell-LaPadula model -- Biba model -- Clark-Wilson Model -- Summary -- Practice questions -- 18. Day 17: Business Continuity and Disaster Recovery Planning -- Knowledge requirements -- The approach -- Business Continuity Planning (BCP) -- The BCP goals and objectives -- The BCP process -- BCP best practices -- Summary -- Practice questions -- 19. Day 18: Business Continuity and Disaster Recovery Planning -- Disaster Recovery Planning (DRP) -- Goals and objectives -- Components of disaster recovery planning -- Recovery teams -- Recovery sites -- Business resumption from alternative sites -- Backup terminologies -- Testing procedures -- Summary -- Practice questions -- 20. Day 19: Legal, Regulations, Compliance, and Investigations -- Knowledge requirements -- The approach -- Computer crimes -- Fraud -- Theft -- Malware or Malicious code -- Cyber crime -- Computer crime related incidents -- Summary -- Practice questions -- 21. Day 20: Legal, Regulations, Compliance, and Investigations -- Legal and regulatory frameworks -- Law terminologies -- Intellectual property laws -- Privacy -- Act -- Computer investigations -- Ethical usage of information systems -- (ISC)2 Code of ethics -- Summary -- Practice questions -- 22. Day 21: Mock Test Paper -- Questions -- Answers -- 23. References -- Index.
Abstract:
Boost your confidence and get a competitive edge to crack the exam.
Local Note:
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2017. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
Genre:
Electronic Access:
Click to View