Efnisyfirlit

• Cover
• Title Page
• Copyright
• Introduction
• About This Book
• Foolish Assumptions
• Icons Used in This Book
• Beyond the Book
• Where to Go from Here
• Part 1: Getting Started with CISSP Certification
• Chapter 1: ISC2 and the CISSP Certification
• You Must Be This Tall to Ride This Ride (And Other Requirements)
• Preparing for the Exam
• Registering for the Exam
• About the CISSP Examination
• After the Examination
• Chapter 2: Putting Your Certification to Good Use
• Networking with Other Security Professionals
• Being an Active ISC2 Member
• Considering ISC2 Volunteer Opportunities
• Becoming an Active Member of Your Local Security Chapter
• Spreading the Good Word about CISSP Certification
• Helping Others
• Using Your CISSP Certification to Be an Agent of Change
• Earning Other Certifications
• Pursuing Security Excellence
• Part 2: Certification Domains
• Chapter 3: Security and Risk Management
• Understand, Adhere to, and Promote Professional Ethics
• Understand and Apply Security Concepts
• Evaluate, Apply, and Sustain Security Governance Principles
• Understand Legal, Regulatory, and Compliance Issues That Pertain to Information Security
• Understand Requirements for Investigation Types
• Develop, Document, and Implement Security Policies, Standards, Procedures, and Guidelines
• Identify, Analyze, Assess, Prioritize, and Implement Business Continuity (BC) Requirements
• Contribute to and Enforce Personnel Security Policies and Procedures
• Understand and Apply Risk Management Concepts
• Understand and Apply Threat Modeling Concepts and Methodologies
• Apply Supply Chain Risk Management (SCRM) Concepts
• Establish and Maintain a Security Awareness, Education, and Training Program
• Chapter 4: Asset Security
• Identify and Classify Information and Assets
• Establish Information and Asset Handling Requirements
• Provision Information and Assets Securely
• Manage Data Life Cycle
• Ensure Appropriate Asset Retention
• Determine Data Security Controls and Compliance Requirements
• Chapter 5: Security Architecture and Engineering
• Using Secure Design Principles in Engineering Processes
• Understand the Fundamental Concepts of Security Models
• Select Controls Based Upon Systems Security Requirements
• Understand Security Capabilities of Information Systems
• Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
• Select and Determine Cryptographic Solutions
• Understand Methods of Cryptanalytic Attacks
• Apply Security Principles to Site and Facility Design
• Design Site and Facility Security Controls
• Manage the Information System Lifecycle
• Chapter 6: Communication and Network Security
• Apply Secure Design Principles in Network Architectures
• Secure Network Components
• Implement Secure Communication Channels According to Design
• Chapter 7: Identity and Access Management
• Control Physical and Logical Access to Assets
• Design Identification and Authentication Strategy
• Federated Identity with a Third-Party Service
• Implement and Manage Authorization Mechanisms
• Manage the Identity and Access Provisioning Lifecycle
• Implement Authentication Systems
• Chapter 8: Security Assessment and Testing
• Design and Validate Assessment, Test, and Audit Strategies
• Conduct Security Control Testing
• Collect Security Process Data
• Analyze Test Output and Generate Reports
• Conduct or Facilitate Security Audits
• Chapter 9: Security Operations
• Understand and Comply with Investigations
• Conduct Logging and Monitoring Activities
• Perform Configuration Management (CM)
• Apply Foundational Security Operations Concepts
• Apply Resource Protection
• Conduct Incident Management
• Operate and Maintain Detective and Preventive Measures
• Implement and Support Patch and Vulnerability Management
• Understand and Participate in Change Management Processes
• Implement Recovery Strategies
• Implement Disaster Recovery (DR) Processes
• Test Disaster Recovery Plans
• Participate in Business Continuity Planning and Exercises
• Implement and Manage Physical Security
• Address Personnel Safety and Security Concerns
• Chapter 10: Software Development Security
• Understand and Integrate Security in the Software Development Life Cycle
• Identify and Apply Security Controls in Software Development Ecosystems
• Assess the Effectiveness of Software Security
• Assess the Security Impact of Acquired Software
• Define and Apply Secure Coding Guidelines and Standards
• Part 3: The Part of Tens
• Chapter 11: Ten Ways to Prepare for the Exam
• Know Your Learning Style
• Get a Networking Certification First
• Register Now
• Make a 60-Day Study Plan
• Get Organized and Read
• Join a Study Group
• Take Practice Exams
• Take a CISSP Training Seminar
• Adopt an Exam-Taking Strategy
• Take a Breather
• Chapter 12: Ten Test-Day Tips
• Get a Good Night’s Rest
• Dress Comfortably
• Eat a Good Meal
• Arrive Early
• Bring Approved Identification
• Bring Snacks and Drinks
• Bring Prescription and Over-the-Counter Medications
• Leave Your Mobile Devices Behind
• Take Frequent Breaks
• Guess — As a Last Resort
• Glossary
• Index
• About the Authors
• Connect with Dummies
• End User License Agreement