Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Certified Information Systems Security Professional (CISSP) Exam Guide

You're reading from   Certified Information Systems Security Professional (CISSP) Exam Guide Become a certified CISSP professional with practical exam-oriented knowledge of all eight domains

Arrow left icon
Product type Paperback
Published in Sep 2024
Publisher Packt
ISBN-13 9781800567610
Length 526 pages
Edition 1st Edition
Arrow right icon
Authors (3):
Arrow left icon
Ted Jordan Ted Jordan
Author Profile Icon Ted Jordan
Ted Jordan
Ric Daza Ric Daza
Author Profile Icon Ric Daza
Ric Daza
Hinne Hettema Hinne Hettema
Author Profile Icon Hinne Hettema
Hinne Hettema
Arrow right icon
View More author details
Toc

Table of Contents (28) Chapters Close

Preface 1. Intro I: Becoming a CISSP FREE CHAPTER 2. Intro II: Pre-Assessment Test 3. Chapter 1: Ethics, Security Concepts, and Governance Principles 4. Chapter 2: Compliance, Regulation, and Investigations 5. Chapter 3: Security Policies and Business Continuity 6. Chapter 4: Risk Management, Threat Modeling, SCRM, and SETA 7. Chapter 5: Asset and Privacy Protection 8. Chapter 6: Information and Asset Handling 9. Chapter 7: Secure Design Principles and Controls 10. Chapter 8: Architecture Vulnerabilities and Cryptography 11. Chapter 9: Facilities and Physical Security 12. Chapter 10: Network Architecture Security 13. Chapter 11: Securing Communication Channels 14. Chapter 12: Identity, Access Management, and Federation 15. Chapter 13: Identity Management Implementation 16. Chapter 14: Designing and Conducting Security Assessments 17. Chapter 15: Designing and Conducting Security Testing 18. Chapter 16: Planning for Security Operations 19. Chapter 17: Security Operations 20. Chapter 18: Disaster Recovery 21. Chapter 19: Business Continuity, Personnel, and Physical Security 22. Chapter 20: Software Development Life Cycle Security 23. Chapter 21: Software Development Security Controls 24. Chapter 22: Securing Software Development 25. Chapter 23: Secure Coding Guidelines, Third-Party Software, and Databases 26. Chapter 24: Accessing the Online Practice Resources 27. Other Books You May Enjoy

What This Book Covers

Chapter 1, Ethics, Security Concepts, and Governance Principles, introduces the most relevant information security concepts, which are the foundation of the entire book. We discuss the importance of ethics, fundamental security concepts, and the difference between due care and due diligence.

Chapter 2, Compliance, Regulation, and Investigations, discusses privacy regulations and country-specific legislation related to PII and PHI. We will review key jurisdictional differences in data privacy.

Chapter 3, Security Policies and Business Continuity, describes the common practices that organizations follow for defining security policies and deploying frameworks that prioritize business continuity.

Chapter 4, Risk Management, Threat Modeling, SCRM, and SETA, discusses the application of key risk management principles. This will include an in-depth look at threat modeling techniques and methodologies, along with Supply Chain Risk Management (SCRM) strategies. Additionally, you’ll evaluate Security Education, Training, and Awareness (SETA) programs.

Chapter 5, Asset and Privacy Protection, delves into identifying and classifying information and assets, establishing appropriate handling requirements for them, and ensuring that resources are securely provisioned.

Chapter 6, Information and Asset Handling, further details asset security, focusing on the management of digital assets throughout their life cycle. It covers the usage and destruction phases of information, outlining the key requirements for effective oversight of digital assets.

Chapter 7, Secure Design Principles and Controls, guides you through the fundamental concepts of security models, helping you understand their role in protecting systems. Additionally, it covers the best practices for selecting appropriate security controls based on the specific requirements of a system.

Chapter 8, Architecture Vulnerabilities and Cryptography, discusses how you can assess and mitigate vulnerabilities in security architectures, select and implement cryptographic solutions as per your needs, and explore cryptanalytic attack methods to better recognize and defend against threats.

Chapter 9, Facilities and Physical Security, covers how to apply security principles in the design of buildings and other facilities, ensuring they are safeguarded against potential threats. The chapter will also cover the design and implementation of effective security controls tailored to different areas within a facility, including both restricted zones and general work areas. You will also learn how to incorporate utilities and HVAC systems into the overall security framework.

Chapter 10, Network Architecture Security, provides an overview of the key concepts of network architectures. We discuss network fundamentals, networking devices, and providing security channels around these architectures.

Chapter 11, Securing Communication Channels, discusses how organizations secure communications using various hardware and software solutions.

Chapter 12, Identity, Access Management, and Federation, discusses the implementation of security practices suited to an organization’s environment, performing detailed accounting of user and system access, and securely managing the provisioning and deprovisioning of identities to minimize vulnerabilities.

Chapter 13, Identity Management Implementation, focuses on the implementation of effective authentication systems to verify user identities and control access. The chapter will also delve into authentication, authorization, and accounting, explaining how these systems work together to ensure that users are not only verified but also granted appropriate access and that their activities are properly logged.

Chapter 14, Designing and Conducting Security Assessments, discusses how you can develop effective methods to evaluate the security posture of systems and ensure they meet the required standards. The chapter covers how to conduct thorough security control testing, including how to execute and analyze tests to identify vulnerabilities and verify the effectiveness of implemented controls.

Chapter 15, Designing and Conducting Security Testing, reviews the most common ways to conduct audits of IT systems, covering the audit process, the methodologies, and the required adaptations for a cloud environment.

Chapter 16, Planning for Security Operations, discusses investigation procedures and how to comply with them so that all incidents are properly documented and reviewed. The chapter covers logging and monitoring activities that track and help you analyze system events for potential security issues.

Chapter 17, Security Operations, details how you can effectively execute the incident management process. The chapter covers the procedures for responding to and resolving security incidents, and also operating and maintaining both detective and preventive measures to continuously protect systems from threats.

Chapter 18, Disaster Recovery, discusses the specifics of preparing to withstand disasters and business disruptions so that businesses can continue the delivery of products and services within acceptable time frames.

Chapter 19, Business Continuity, Personnel, and Physical Security, teaches you how to actively participate in planning and conducting exercises to test and improve security measures. The chapter also covers physical security strategies, including measures to protect physical assets and facilities from threats and ensure that employees are safeguarded and trained to handle security-related situations effectively.

Chapter 20, Software Development Life Cycle Security, is dedicated to educating you on the Secure Software Development Life Cycle (S-SDLC), including coverage of topics such as defining requirements, what methodology to use to apply the S-SDLC, threat modeling, and secure coding.

Chapter 21, Software Development Security Controls, details security controls identified and applied in the software development environment. We discuss the fundamentals of source code, compilation, and tools.

Chapter 22, Securing Software Development, describes maintaining secure software. We discuss tools that monitor code changes, risk analysis, and mitigation.

Chapter 23, Secure Coding Guidelines, Third-Party Software, and Databases, discusses the security impact of acquired software, whether it be commercial off-the-shelf, open source, or third-party. The chapter also covers security vulnerabilities at the source code level, the security of Application Programming Interfaces (APIs), including best practices for protecting these critical components, and secure coding practices to prevent common vulnerabilities and ensure robust software development.

Chapter 24, Accessing the Online Practice Resources presents all the necessary information and guidance on how you can access the online practice resources that come free with your copy of this book. These resources are designed to enhance your exam preparedness.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image