TIENE EN SU CESTA DE LA COMPRA
en total 0,00 €
CISSP Study Guide - fully updated for the 2021 CISSP Body of Knowledge
(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You´ll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you´ve learned with key topic exam essentials and chapter review questions.
The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully pass the CISSP exam. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.
Along with the book, you also get access to Sybex´s superior online interactive learning environment that includes:
Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you´re ready to take the certification exam.
More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
New for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare.
Coverage of all of the exam topics in the book means you´ll be ready for:
Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security
Table of contents
Introduction xxxvii
Assessment Test lix
Chapter 1 Security Governance Through Principles and Policies 1
Security 101 3
Understand and Apply Security Concepts 4
Confidentiality 5
Integrity 6
Availability 7
DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7
Protection Mechanisms 11
Security Boundaries 13
Evaluate and Apply Security Governance Principles 14
Third-Party Governance 15
Documentation Review 15
Manage the Security Function 16
Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17
Organizational Processes 19
Organizational Roles and Responsibilities 21
Security Control Frameworks 22
Due Diligence and Due Care 23
Security Policy, Standards, Procedures, and Guidelines 23
Security Policies 24
Security Standards, Baselines, and Guidelines 24
Security Procedures 25
Threat Modeling 26
Identifying Threats 26
Determining and Diagramming Potential Attacks 28
Performing Reduction Analysis 28
Prioritization and Response 30
Supply Chain Risk Management 31
Summary 33
Exam Essentials 33
Written Lab 36
Review Questions 37
Chapter 2 Personnel Security and Risk Management Concepts 43
Personnel Security Policies and Procedures 45
Job Descriptions and Responsibilities 45
Candidate Screening and Hiring 46
Onboarding: Employment Agreements and Policies 47
Employee Oversight 48
Offboarding, Transfers, and Termination Processes 49
Vendor, Consultant, and Contractor Agreements and Controls 52
Compliance Policy Requirements 53
Privacy Policy Requirements 54
Understand and Apply Risk Management Concepts 55
Risk Terminology and Concepts 56
Asset Valuation 58
Identify Threats and Vulnerabilities 60
Risk Assessment/Analysis 60
Risk Responses 66
Cost vs. Benefit of Security Controls 69
Countermeasure Selection and Implementation 72
Applicable Types of Controls 74
Security Control Assessment 76
Monitoring and Measurement 76
Risk Reporting and Documentation 77
Continuous Improvement 77
Risk Frameworks 79
Social Engineering 81
Social Engineering Principles 83
Eliciting Information 85
Prepending 85
Phishing 85
Spear Phishing 87
Whaling 87
Smishing 88
Vishing 88
Spam 89
Shoulder Surfing 90
Invoice Scams 90
Hoax 90
Impersonation and Masquerading 91
Tailgating and Piggybacking 91
Dumpster Diving 92
Identity Fraud 93
Typo Squatting 94
Influence Campaigns 94
Establish and Maintain a Security Awareness, Education, and Training Program 96
Awareness 97
Training 97
Education 98
Improvements 98
Effectiveness Evaluation 99
Summary 100
Exam Essentials 101
Written Lab 106
Review Questions 107
Chapter 3 Business Continuity Planning 113
Planning for Business Continuity 114
Project Scope and Planning 115
Organizational Review 116
BCP Team Selection 117
Resource Requirements 119
Legal and Regulatory Requirements 120
Business Impact Analysis 121
Identifying Priorities 122
Risk Identification 123
Likelihood Assessment 125
Impact Analysis 126
Resource Prioritization 128
Continuity Planning 128
Strategy Development 129
Provisions and Processes 129
Plan Approval and Implementation 131
Plan Approval 131
Plan Implementation 132
Training and Education 132
BCP Documentation 132
Summary 136
Exam Essentials 137
Written Lab 138
Review Questions 139
Chapter 4 Laws, Regulations, and Compliance 143
Categories of Laws 144
Criminal Law 144
Civil Law 146
Administrative Law 146
Laws 147
Computer Crime 147
Intellectual Property (IP) 152
Licensing 158
Import/Export 158
Privacy 160
State Privacy Laws 168
Compliance 169
Contracting and Procurement 171
Summary 171
Exam Essentials 172
Written Lab 173
Review Questions 174
Chapter 5 Protecting Security of Assets 179
Identifying and Classifying Information and Assets 180
Defining Sensitive Data 180
Defining Data Classifications 182
Defining Asset Classifications 185
Understanding Data States 185
Determining Compliance Requirements 186
Determining Data Security Controls 186
Establishing Information and Asset Handling Requirements 188
Data Maintenance 189
Data Loss Prevention 189
Marking Sensitive Data and Assets 190
Handling Sensitive Information and Assets 192
Data Collection Limitation 192
Data Location 19