Librería Portfolio

CISSP Study Guide - fully updated for the 2015 CISSP Body of Knowledge
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition has been completely updated for the latest 2015 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You´ll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you´ve learned with key topic exam essentials and chapter review questions.

Along with the book, you also get access to Sybex´s superior online interactive learning environment that includes:

Four unique 250 question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you´re ready to take the certification exam.
More than 1,000 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
Coverage of all of the exam topics in the book means you´ll be ready for:

Security and Risk Management
Asset Security
Security Engineering
Communication and Network Security
Identity and Access Management
Security Assessment and Testing
Security Operations
Software Development Security



Table of Contents

Introduction xxxiii
Assessment Test xlii

Chapter 1 Security Governance Through Principles and Policies 1

Understand and Apply Concepts of Confidentiality, Integrity, and Availability 3

Confidentiality 4

Integrity 5

Availability 6

Other Security Concepts 8

Protection Mechanisms 12

Layering 12

Abstraction 12

Data Hiding 13

Encryption 13

Apply Security Governance Principles 13

Alignment of Security Function to Strategy, Goals, Mission, and Objectives 14

Organizational Processes 16

Security Roles and Responsibilities 22

Control Frameworks 23

Due Care and Due Diligence 24

Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines 25

Security Policies 25

Security Standards, Baselines, and Guidelines 26

Security Procedures 27

Understand and Apply Threat Modeling 28

Identifying Threats 30

Determining and Diagramming Potential Attacks 32

Performing Reduction Analysis 33

Prioritization and Response 34

Integrate Security Risk Considerations into Acquisition Strategy and Practice 35

Summary 36

Exam Essentials 38

Written Lab 41

Review Questions 42

Chapter 2 Personnel Security and Risk Management Concepts 47

Contribute to Personnel Security Policies 49

Employment Candidate Screening 52

Employment Agreements and Policies 53

Employment Termination Processes 54

Vendor, Consultant, and Contractor Controls 56

Compliance 57

Privacy 57

Security Governance 59

Understand and Apply Risk Management Concepts 60

Risk Terminology 61

Identify Threats and Vulnerabilities 63

Risk Assessment/Analysis 64

Risk Assignment/Acceptance 72

Countermeasure Selection and Assessment 73

Implementation 74

Types of Controls 75

Monitoring and Measurement 76

Asset Valuation 77

Continuous Improvement 78

Risk Frameworks 78

Establish and Manage Information Security Education, Training, and Awareness 81

Manage the Security Function 82

Summary 83

Exam Essentials 84

Written Lab 88

Review Questions 89

Chapter 3 Business Continuity Planning 93

Planning for Business Continuity 94

Project Scope and Planning 95

Business Organization Analysis 96

BCP Team Selection 96

Resource Requirements 98

Legal and Regulatory Requirements 100

Business Impact Assessment 101

Identify Priorities 101

Risk Identification 102

Likelihood Assessment 104

Impact Assessment 104

Resource Prioritization 106

Continuity Planning 107

Strategy Development 107

Provisions and Processes 108

Plan Approval 109

Plan Implementation 110

Training and Education 110

BCP Documentation 110

Continuity Planning Goals 111

Statement of Importance 111

Statement of Priorities 111

Statement of Organizational Responsibility 111

Statement of Urgency and Timing 112

Risk Assessment 112

Risk Acceptance/Mitigation 112

Vital Records Program 113

Emergency-Response Guidelines 113

Maintenance 114

Testing and Exercises 114

Summary 114

Exam Essentials 115

Written Lab 117

Review Questions 118

Chapter 4 Laws, Regulations, and Compliance 123

Categories of Laws 124

Criminal Law 124

Civil Law 126

Administrative Law 126

Laws 127

Computer Crime 127

Intellectual Property 132

Licensing 138

Import/Export 139

Privacy 139

Compliance 146

Contracting and Procurement 147

Summary 148

Exam Essentials 149

Written Lab 151

Review Questions 152

Chapter 5 Protecting Security of Assets 157

Classifying and Labeling Assets 158

Defining Sensitive Data 158

Defining Classifications 160

Defining Data Security Requirements 163

Understanding Data States 164

Managing Sensitive Data 165

Protecting Confidentiality with Cryptography 172

Identifying Data Roles 174

Data Owners 174

System Owners 175

Business/Mission Owners 176

Data Processors 176

Administrators 177

Custodians 178

Users 178

Protecting Privacy 178

Using Security Baselines 179

Scoping and Tailoring 180

Selecting Standards 180

Summary 181

Exam Essentials 182

Written Lab 183

Review Questions 184

Chapter 6 Cryptography and Symmetric Key Algorithms 189

Historical Milestones in Cryptography 190

Caesar Cipher 190

American Civil War 191

Ultra vs. Enigma 192

Cryptographic Basics 192

Goals of Cryptography 192

Cryptography Concepts 194

Cryptographic Mathematics 196

Ciphers 201

Modern Cryptography 208

Cryptographic Keys 208

Symmetric Key Algorithms 209

Asymmetric Key Algorithms 210

Hashing Algorithms 213

Symmetric Cryptography 214

Data Encryption Standard 214

Triple DES 216

International Data Encryption Algorithm 217

Blowfish 217

Skipjack 217

Advanced Encryption Standard 218

Symmetric Key Management 219

Cryptographic Life Cycle 222

Summary 222

Exam Essentials 223

Written Lab 225

Review Questions 226

Chapter 7 PKI and Cryptographic Applications 231

Asymmetric Cryptography 232

Public and Private Keys 232

RSA 233

El Gamal 235

Elliptic Curve 235

Hash Functions 236

SHA 237

MD2 238

MD4 238

MD5 239

Digital Signatures 240

HMAC 241

Digital Signature Standard 242

Public Key Infrastructure 242

Certificates 243

Certificate Authorities 243

Certificate Generation and Destruction 245

Asymmetric Key Management 246

Applied Cryptography 247

Portable Devices 247