Librería Portfolio Librería Portfolio

Búsqueda avanzada

TIENE EN SU CESTA DE LA COMPRA

0 productos

en total 0,00 €

(ISC)2 CISSP CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL OFFICIAL STUDY GUIDE 9E
Título:
(ISC)2 CISSP CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL OFFICIAL STUDY GUIDE 9E
Subtítulo:
Autor:
CHAPPLE, M
Editorial:
JOHN WILEY
Año de edición:
2021
Materia
OTRAS CERTIFICACIONES
ISBN:
978-1-119-78623-8
Páginas:
1248
75,95 €

 

Sinopsis



CISSP Study Guide - fully updated for the 2021 CISSP Body of Knowledge

(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You´ll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you´ve learned with key topic exam essentials and chapter review questions.

The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully pass the CISSP exam. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.

Along with the book, you also get access to Sybex´s superior online interactive learning environment that includes:

Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you´re ready to take the certification exam.
More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
New for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare.

Coverage of all of the exam topics in the book means you´ll be ready for:

Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security





Table of contents

Introduction xxxvii

Assessment Test lix

Chapter 1 Security Governance Through Principles and Policies 1

Security 101 3

Understand and Apply Security Concepts 4

Confidentiality 5

Integrity 6

Availability 7

DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7

Protection Mechanisms 11

Security Boundaries 13

Evaluate and Apply Security Governance Principles 14

Third-Party Governance 15

Documentation Review 15

Manage the Security Function 16

Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17

Organizational Processes 19

Organizational Roles and Responsibilities 21

Security Control Frameworks 22

Due Diligence and Due Care 23

Security Policy, Standards, Procedures, and Guidelines 23

Security Policies 24

Security Standards, Baselines, and Guidelines 24

Security Procedures 25

Threat Modeling 26

Identifying Threats 26

Determining and Diagramming Potential Attacks 28

Performing Reduction Analysis 28

Prioritization and Response 30

Supply Chain Risk Management 31

Summary 33

Exam Essentials 33

Written Lab 36

Review Questions 37

Chapter 2 Personnel Security and Risk Management Concepts 43

Personnel Security Policies and Procedures 45

Job Descriptions and Responsibilities 45

Candidate Screening and Hiring 46

Onboarding: Employment Agreements and Policies 47

Employee Oversight 48

Offboarding, Transfers, and Termination Processes 49

Vendor, Consultant, and Contractor Agreements and Controls 52

Compliance Policy Requirements 53

Privacy Policy Requirements 54

Understand and Apply Risk Management Concepts 55

Risk Terminology and Concepts 56

Asset Valuation 58

Identify Threats and Vulnerabilities 60

Risk Assessment/Analysis 60

Risk Responses 66

Cost vs. Benefit of Security Controls 69

Countermeasure Selection and Implementation 72

Applicable Types of Controls 74

Security Control Assessment 76

Monitoring and Measurement 76

Risk Reporting and Documentation 77

Continuous Improvement 77

Risk Frameworks 79

Social Engineering 81

Social Engineering Principles 83

Eliciting Information 85

Prepending 85

Phishing 85

Spear Phishing 87

Whaling 87

Smishing 88

Vishing 88

Spam 89

Shoulder Surfing 90

Invoice Scams 90

Hoax 90

Impersonation and Masquerading 91

Tailgating and Piggybacking 91

Dumpster Diving 92

Identity Fraud 93

Typo Squatting 94

Influence Campaigns 94

Establish and Maintain a Security Awareness, Education, and Training Program 96

Awareness 97

Training 97

Education 98

Improvements 98

Effectiveness Evaluation 99

Summary 100

Exam Essentials 101

Written Lab 106

Review Questions 107

Chapter 3 Business Continuity Planning 113

Planning for Business Continuity 114

Project Scope and Planning 115

Organizational Review 116

BCP Team Selection 117

Resource Requirements 119

Legal and Regulatory Requirements 120

Business Impact Analysis 121

Identifying Priorities 122

Risk Identification 123

Likelihood Assessment 125

Impact Analysis 126

Resource Prioritization 128

Continuity Planning 128

Strategy Development 129

Provisions and Processes 129

Plan Approval and Implementation 131

Plan Approval 131

Plan Implementation 132

Training and Education 132

BCP Documentation 132

Summary 136

Exam Essentials 137

Written Lab 138

Review Questions 139

Chapter 4 Laws, Regulations, and Compliance 143

Categories of Laws 144

Criminal Law 144

Civil Law 146

Administrative Law 146

Laws 147

Computer Crime 147

Intellectual Property (IP) 152

Licensing 158

Import/Export 158

Privacy 160

State Privacy Laws 168

Compliance 169

Contracting and Procurement 171

Summary 171

Exam Essentials 172

Written Lab 173

Review Questions 174

Chapter 5 Protecting Security of Assets 179

Identifying and Classifying Information and Assets 180

Defining Sensitive Data 180

Defining Data Classifications 182

Defining Asset Classifications 185

Understanding Data States 185

Determining Compliance Requirements 186

Determining Data Security Controls 186

Establishing Information and Asset Handling Requirements 188

Data Maintenance 189

Data Loss Prevention 189

Marking Sensitive Data and Assets 190

Handling Sensitive Information and Assets 192

Data Collection Limitation 192

Data Location 19