PDF Drive is your search engine for PDF files. CISSP® Certified Information Systems Security Professional Study Guide Seventh ronaldweinland.info Good evening to all,The best Study Book as a companion to your certification At the link above you can find a copy of the book in PDF format and it is. Title: CISSP exam guide / Shon Harris, Fernando Maymi. and consulting companies for 13 years prior to her death in PDF Copy of the Book.
|Language:||English, Spanish, Portuguese|
|ePub File Size:||24.88 MB|
|PDF File Size:||17.62 MB|
|Distribution:||Free* [*Register to download]|
cissp-exam-outline-aprilpdf. Learn the acronyms in this book and the words they represent, backwards and forwards. Both the glossary and index of this. just one exam, which is covered by the CBT Nuggets course, (ISC)2 CISSP Supplement all video training with book study and practical application of. If you need a free CISSP study guide (PDF) to download, look no further. This eBook provides a great overview of all topics you must be familiar with to pass the.
Since many people have doubts on which study material should be used to prepare for CISSP, I have listed the most used books and practice tests. If you used other books or practice tests please leave your comment! This version covers the new exam structure. It is still one of the BEST sources of studying. It is an easier reading than AIO and many people use it as their primary source of studying. Eric Conrad 11th hour — Last minute revision!
Integrate security risk considerations into acquisition strategy and practice Hardware, software, and services Third-party assessment and monitoring e. Minimum security requirements Service-level requirements L.
Establish and manage information security education, training and awareness Appropriate levels of awareness, training, and education required within organization Periodic reviews for content relevancy.
An Overview Asset Security, the second domain of the CISSP certification, deals with the collection, handling and protection of information throughout the lifecycle. Candidates are expected to be knowledgeable in areas of classification of information and supporting assets the key topics covered in this domain. The other topic that is covered under this domain that goes along with the previous topic is the knowledge of ownership and how it relates to information, systems, and business processes.
With the continued expansion of collected and stored digitized personal information, privacy concerns have gained importance. This forms an integral part of asset security domain.
The topics covered in this domain include: Data retention should always be considered hand-in-hand with organizational, legal and regulatory requirements and candidates will be tested on each of these areas.
Thus, the responsibility for the selection of appropriate data security controls falls on the information security professional and candidates can expect to be tested on these areas.
The sub-topics covered within this area include: Other topics covered under this area are: Evaluating data handling requirements, developing appropriate policies and procedures based on that evaluation are skills expected of CISSP candidates. Asset Security: Classify information and supporting assets e. Determine and maintain ownership e.
Ensure appropriate retention e. Determine data security controls e. Establish handling requirements markings, labels, storage, destruction of sensitive information.
An Overview Security engineering is the second largest domain among the eight, in terms of the number of topics covered. Security engineering, as defined by ISC 2, is the practice of building information systems and related architecture that continue to deliver the required functionality in the face of threats caused by malicious acts, human error, hardware failure and natural disasters.
Candidates can be expected to be tested on their ability to implement and manage security engineering processes using secure design principles. In this regard, candidates are expected to possess a strong understanding of the fundamental concepts of security models and be able to develop design requirements based on organizational requirements and security policies.
Candidates should also be able to select controls and countermeasures that satisfy these design requirements. All this is, in fact, a byproduct of the candidates in-depth knowledge of the security limitations and capabilities of information systems. As the role of information security professionals includes assessing and mitigating vulnerabilities in security architectures, designs, and solution elements, candidates are expected to have a strong grounding in these areas as well.
Topics covered under this include: Web application vulnerabilities, mobile devices and embedded systems are also covered. Cryptography, a key area in security engineering, involves the protection of information, both while in motion and at rest, which is done by altering that information in order to maintain a good level of integrity, confidentiality and authenticity. Some general topics in cryptography that candidates can be expected to be tested upon are: Candidates should also possess a thorough understanding of cryptanalytic attack vectors including social engineering, brute force, cipher-text only, known plaintext, frequency analysis, chosen cipher-text and implementation attacks.
However, one should note that security engineering does not limit itself to information systems development, and additional topics in the security engineering domain include: Security Engineering: Implement and manage engineering processes using secure design principles B.
Understand the fundamental concepts of security models e. Confidentiality, Integrity, and Multi-level Models C. Select controls and countermeasures based upon the systems security evaluation models D.
Understand security capabilities of information systems e. Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements Client-based e. Assess and mitigate vulnerabilities in web-based systems e. Assess and mitigate vulnerabilities in mobile systems H. Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems e.
Apply cryptography Cryptographic life cycle e. Non-repudiation Integrity hashing and salting Methods of cryptanalytic e.
Apply secure principles to site and facility design K. Design and implement physical security Wiring closets Server rooms Media storage facilities Evidence storage Restricted and work area security e.
An Overview Communication and Network Security is an umbrella area covering aspects of network architecture, transmission methods, transport protocols, control devices, and the security measures used to maintain the confidentiality, integrity and availability of information transmitted over both private and public communication networks. They will further be tested on cryptography, part of which is related to secure network communication.
Ability to securely operate and maintain network control devices will be key expectations from this domain. Other concepts covered in this area include: With a thorough knowledge gained from this domain, candidates should be able to design and implement secure communication channels using a wide range of technologies to facilitate a number of applications like data, voice, remote access, multimedia collaboration and virtualized networks.
Communication and Network Security: Apply secure design principles to network architecture e. Secure network components Operation of hardware e.
Design and establish secure communication channels Voice Multimedia collaboration e. Prevent or mitigate network attacks. An Overview The identity and access management as stated by ISC 2 involves provisioning and managing the identities and access used in the interaction of humans and information systems, of disparate information systems, and even between individual components of information systems.
In order to gain unauthorized access to systems and information and subsequently gain access to confidential data, attacks are based on compromising identity and access control system. This domain helps CISSP candidates to equip themselves with enough knowledge to prevent attacks of this sort. Key concepts in this domain that candidates can expect to be tested on are: Other areas that candidates need to note are: Candidates will be expected to demonstrate their ability to implement and manage authorization mechanisms, like those based on role-based, rule-based, mandatory and discretionary access control.
Topics thus included are: Identity and Access Management: Control physical and logical access to assets Information. Manage identification and authentication of people and devices Identity management implementation e. Integrate identity as a service e. Integrate third-party identity services e. Prevent or mitigate access control attacks G.
Manage the identity and access provisioning lifecycle e. An Overview Security assessment and testing aims to cover evaluation of information assets and associated infrastructure using various tools and techniques for the purposes of identifying and mitigating risk arising out of architectural issues, design flaws, configuration errors, hardware and software vulnerabilities, coding errors, and any other weaknesses that may affect an information systems ability to deliver in a secured manner.
Candidates may be tested in the areas of: Other areas that candidates will be tested on include: In addition to ensuring that the security policies and procedures are continuously and uniformly applied, it is also the responsibility of information security professionals to ensure that disaster recovery and business continuity plans are maintained, updated, and function as intended in the event of disaster.
Therefore, this domain includes topics in the collection of security process data. Candidates will be tested on account management, management review, key performance and risk indicators, verification of backups, training and awareness, and disaster recovery and business continuity. As is obvious, security assessment and testing cannot be successful in the absence of careful analysis and reporting of assessment results in a way that appropriate mitigation strategies can be developed and implemented.
Security Assessment and Testing: Design and validate assessment and test strategies B. Conduct security control testing Vulnerability assessment Penetration testing Log reviews Synthetic transactions Code review and testing e. Collect security process data e. Analyze and report test outputs e. Conduct or facilitate internal and third party audits. It is therefore a broad area covering a range of topics in the application of information security concepts and best practices to the operation of enterprise computing systems; and is the largest of all the eight domains constituting the CISSP CBK.
This domain aims to assess candidates knowledge of and ability to support forensic investigations, besides their skill in using various investigative concepts including evidence collection and handling, documentation and reporting, investigative techniques and digital forensics.
CISSP candidates should be adept at investigation that their understanding of the subject from an operational, criminal, civil, and regulatory perspective is in-depth.
Other than supporting forensic investigations, candidates are expected to have good knowledge of effective logging and monitoring mechanisms which are essential security functions.
Certain other aspects addressed in this domain include: The security operations is predicated on the protection of these resources. Candidates will be tested in their ability to operate and maintain protective controls like firewalls, intrusion prevention systems, application whitelisting, anti-malware, honeypots and honey-nets and sandboxing as well manage third party security contracts and services.
Other concepts that candidates can be tested upon are patch, vulnerability, and change management. Security Operations: Understand and support investigations Evidence collection and handling e. Conduct logging and monitoring activities Intrusion detection and prevention Security information and event management Continuous monitoring Egress monitoring e. Secure the provisioning of resources Asset inventory e. Information lifecycle Service-level agreements F. Employ resource protection techniques Media management Hardware and software asset management G.
Conduct incident management Detection. Implement and support patch and vulnerability management J. Participate in and understand change management processes e. Four unique question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam. More than 1, Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam.
A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam. Stay ahead with the world's most comprehensive technology and business learning platform.
With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.
Netwrix Auditor. Netwrix Auditor for Active Directory. Netwrix Auditor for Azure AD. Netwrix Auditor for Office Netwrix Auditor for Windows File Servers.
Netwrix Auditor for EMC. Netwrix Auditor for NetApp. Netwrix Auditor for Windows Server. Netwrix Auditor for Exchange.