The CISSP Prep Guide

From stolen intellectual property and denial of service attacks to unauthorized use of critical resources and computer viruses, e-business companies face numerous threats each day that can cost millions of dollars. The need for these companies to protect their networks and information systems has, in turn created an unprecedented demand for information systems security professionals. In fact, today's companies are fiercely headhunting for Certified Information Systems Security Professionals (CISSP). Based on the extensive test experience of the authors, this book serves as both a prep guide for IT professionals seeking to expand advance their careers through CISSP certification and as a reference on fundamental and emerging information knowledge. It focuses on the common body of knowledge (CBK) as defined by the International Information Systems Security Certification Consortium (ISC)². The ten domains of the CBK are covered in detail, including security management, cryptography, disaster recovery planning, and telecommunications security. Each domain of the CBK is then followed by a series of sample practice questions that are similar to those that you'll encounter on the CISSP examination, helping you better prepare for and pass the exam.

This comprehensive book:

• Covers the fundamental content of the CBK in a way that is independent of the breakdown or possible merger of domains.
• Provides questions on each CBK domain along with explanations of the answers
• Reflects the most recent advances in the information security field
• Avoids the extraneous mathematical derivations, presenting only the information you'll need to know for the CISSP examination
• Includes valuable reference material and explores advanced topics in the appendices

1. Security Management Practices
   • Our Goals
   • Domain Definition
   • Management Concepts
   • Information Classification Process
   • Security Policy Implementation
   • Roles and Responsibilities
   • Risk Management
   • Security Awareness
   • Sample Questions
2. Access Control Systems
   • Rationale
   • Controls
   • Identification and Authentication
   • Some Access Control Issues
   • Sample Questions
3. Telecommunications and Network Security
   • Our Goals
   • Domain Definition
   • Management Concepts
   • Technology Concepts
   • Sample Questions
4. Cryptography
   • Introduction
   • Cryptographic Technologies
   • Secret Key Cryptography (Symmetric Key)
   • Public (Asymmetric) Key Cryptosystems
   • Approaches to Escrowed Encryption
   • Internet Security Applications
   • Sample Questions
5. Security Architecture and Models
   • Security Architecture
   • Assurance
   • Information Security Models
   • Sample Questions
6. Operations Security
   • Our Goals
   • Domain Definition
   • Controls and Protections
   • Monitoring and Auditing
   • Threats and Vulnerabilities
   • Sample Questions
7. Applications and Systems Development
   • The Software Life Cycle
   • The Software Capability Maturity Model (CMM)
   • Object-Oriented Systems
   • Artificial Intelligence Systems
   • Database Systems
   • Application Controls
   • Sample Questions
8. Business Continuity Planning and Disaster Recovery Planning
   • Our Goals
   • Domain Definition
   • Business Continuity Planning
   • Disaster Recovery Planning
   • Sample Questions
9. Law, Investigation, and Ethics
   • Introduction
   • Law
   • Investigation
   • Liability
   • Ethics
   • Sample Questions
10. Physical Security
    • Our Goals
    • Domain Definition
    • Threats to Physical Security
    • Controls for Physical Security
    • Sample Questions

• Appendix A: Glossary of Terms and Acronyms
• Appendix B: The RAINBOW Series
• Appendix C: Answers to Sample Questions
• Appendix D: A Process Approach to HIPAA Compliance through A HIPAA-CMM
• Appendix E: The NSA InfoSec Assessment Methodology
• Appendix F: The Case for Ethical Hacking
• Appendix G: The Common Criteria
• Appendix H: References for Further Study
• Appendix I: British Standard 7799

If you combine the All-In-One book with this one, you'll cover most bases.