TY  - BOOK
AU  - Srinivasan,M.L.
TI  - CISSP in 21 Days - Second Edition: Boost Your Confidence and Get the Competitive Edge You Need to Crack the Exam in Just 21 Days!
SN  - 9781785880704
AV  - QA76.3.S65 2016eb 
U1  - 005.8 
PY  - 2016///
CY  - Birmingham
PB  - Packt Publishing, Limited
KW  - Electronic data processing personnel--Certification
KW  - Electronic books
N1  - Cover -- Copyright -- Credits -- About the Author -- About the Reviewer -- www.PacktPub.com -- Table of Contents -- Preface -- Chapter 1: Day 1 - Security and Risk Management - Security, Compliance, and Policies -- Overview of security, compliance, and policies -- Asset -- Asset protection -- Confidentiality, Integrity, and Availability (CIA) -- Confidentiality -- Integrity -- Availability -- Security governance -- Strategy, goals, mission, and objectives -- Organizational processes -- Security roles and responsibilities -- Control frameworks -- Management controls -- Administrative controls -- Technical controls -- Due diligence and due care -- Compliance -- Legislative and regulatory compliance -- Privacy requirements in compliance -- Licensing and intellectual property -- Legal and regulatory issues -- Computer crimes -- Fraud -- Theft -- Malware/malicious code -- Cyber crime -- Importing and exporting controls -- Transborder data flow -- Data breaches -- Professional ethics -- Codes of ethics -- (ISC)sup /2/sup code of professional ethics -- Security policies, standards, procedures, and guidelines -- Personnel security policies -- Employment candidate screening -- Employment agreement and policies -- Employment termination processes -- Vendor, consultant, and contractor controls -- Compliance and privacy -- Summary -- Sample questions -- Chapter 2: Day 2 - Security and Risk Management - Risk Management, Business Continuity, and Security Education -- Overview of risk management, business continuity, and security education -- Risk management -- Threats, vulnerabilities, and attacks -- Threat risk modeling -- Threat and vulnerability analysis -- Attack analysis -- Risk analysis -- Quantitative risk analysis -- Qualitative risk analysis -- Risk treatment -- Business continuity management -- The Business Continuity Planning (BCP) process; BCP best practices -- Security risk considerations in acquisitions, strategy, and practice -- Information security education, training, and awareness -- Summary -- Sample questions -- Chapter 3: Day 3 - Asset Security - Information and Asset Classification -- Overview of asset security - information and asset classification -- Asset classification and control -- Classification types in government -- The United States information classification -- Classification types in corporations -- Data privacy -- Data owners -- Data processors -- Data remanence -- Data collection limitations -- Data retention -- Data in media -- Data in hardware -- Data with personnel -- Summary -- Sample questions -- Chapter 4: Day 4 - Asset Security - Data Security Controls and Handling -- Overview of asset security - data security controls and handling -- Data security controls -- Data security requirements -- Payment Card Industry Data Security Standard (PCI DSS) -- Sarbanes-Oxley Act (SOX) -- Gramm-Leach-Bliley Act (GLBA) -- EU Data Protection Act (DPA) -- Data Loss Prevention (DLP) -- [Data in motion] -- Data in motion -- Data at rest -- Data in use -- Data Loss Prevention strategies -- DLP controls -- Cryptographic methods to secure data -- Encryption -- Hashing -- Digital signatures -- Data handling requirements -- Handling sensitive information -- Summary -- Sample questions -- Chapter 5: Day 5 - Exam Cram and Practice Questions -- An overview of exam cram and practice questions -- CISSP CBK domain #1 - security and risk management -- CISSP CBK domain #2 - asset security -- Sample questions -- References and further reading -- Summary -- Chapter 6: Day 6 - Security Engineering - Security Design, Practices, Models, and Vulnerability Mitigation -- An overview of security design, practices, models, and vulnerability mitigation -- Secure design principles; The computer architecture -- Computer system -- Trusted computing -- Assurance -- Common Criteria -- Certification and accreditation -- DITSCAP -- NIACAP -- DIACAP -- Security engineering practices -- Information security models -- Take-grant model -- Bell-LaPadula model -- Biba model -- Clark-Wilson model -- Vulnerability assessment and mitigation -- Vulnerability assessment -- Penetration testing -- Vulnerability assessment and the penetration testing process -- CVE and CVSS -- Summary -- Sample questions -- Chapter 7: Day 7 - Security Engineering - Cryptography -- An overview of cryptography -- The fundamentals of cryptography -- The methods of encryption -- The cryptographic process -- Cryptographic algorithms -- The cryptographic method -- Types of encryption -- Symmetric key encryption -- The operation modes of block ciphers -- Asymmetric key encryption -- Hashing -- The key length and security -- The summary of encryption types -- Applications and the use of cryptography -- Public Key Infrastructure (PKI) -- Secure messaging -- Message digest -- Digital signature -- The digital certificate -- Key management techniques -- Key management procedures -- Type of keys -- Key management best practices -- Key states -- Key management phases -- Cryptanalytic attacks -- The methods of cryptanalytic attacks -- Cryptographic standards -- Wireless cryptographic standards -- The Federal Information Processing Standard -- Summary -- Sample questions -- Chapter 8: Day 8 - Communication and Network Security - Network Security -- An overview of communication and network security -- Network architecture, protocols, and technologies -- Layered architecture -- Open System Interconnect (OSI) model -- Transmission Control Protocol / Internet Protocol (TCP/IP) -- OSI layers and security -- Application layer protocols and security -- Domain Name System (DNS); Threats, attacks, and countermeasures -- Dynamic Host Configuration Protocol (DHCP) -- Threats, vulnerabilities, attacks, and countermeasures -- Hyper Text Transfer Protocol (HTTP) -- Threats, vulnerabilities, attacks, and countermeasures -- FTP and TELNET -- Threats, vulnerabilities, attacks, and countermeasures -- Post Office Protocol (POP3) and Internet Message Access Protocol (IMAP) -- Threats, vulnerabilities, attacks, and countermeasures -- Simple Network Management Protocol (SNMP) -- Threats, vulnerabilities, attacks, and countermeasures -- Presentation layer protocols and security -- Transport Layer Security (TLS) and Secure Sockets Layer (SSL) -- Threats, vulnerabilities, attacks, and countermeasures -- Session layer protocols and security -- Threats, vulnerabilities, attacks, and countermeasures -- Summary -- Sample questions -- Chapter 9: Day 9 - Communication and Network Security - Communication Security -- An overview of communication security -- Transport layer protocols and security -- Transmission Control Protocol (TCP) -- Threats, vulnerabilities, attacks, and countermeasures -- User Datagram Protocol (UDP) -- Threats, vulnerabilities, attacks, and countermeasures -- Internet Control Message Protocol (ICMP) -- Threats, vulnerabilities, attacks, and countermeasures -- Other protocols in the transport layer -- The network layer protocols and security -- Internet Protocol (IP) -- Threats, vulnerabilities, attacks, and countermeasures -- IPsec protocols -- Threats, vulnerabilities, attacks, and countermeasures -- Data link layer protocols and security -- Link layer protocols -- Address Resolution Protocol (ARP) -- Threats, vulnerabilities, attacks, and countermeasures -- Border Gateway Protocol -- Threats, vulnerabilities, attacks, and countermeasures -- Ethernet -- Threats, vulnerabilities, attacks, and countermeasures; The physical layer and security -- Security in communication channels -- Security requirements in voice, multimedia, remote access, data communications, and virtualized networks -- Attacks on communication networks -- Preventing or mitigating communication network attacks -- Security controls in communication networks -- Summary -- Sample questions -- Chapter 10: Day 10 - Exam Cram and Practice Questions -- An overview of exam cram and practice questions -- The exam cram -- CISSP CBK Domain #3 â security engineering -- CISSP CBK Domain #4 â communication and network security -- Sample questions -- References and further reading -- Summary -- Chapter 11: Day 11 - Identity and Access Management - Identity Management -- An overview of identity and access management -- Physical and logical access to assets -- Identity management principles and implementation -- Identity as a service -- Security concerns -- Third-party identity services -- Summary -- Sample questions -- Chapter 12: Day 12 - Identity and Access Management - Access Management, Provisioning, and Attacks -- An overview of access management -- Access management concepts, methodologies, and techniques -- Basic concepts -- Access control models -- Discretionary access control -- Non-discretionary access control -- Authentication and authorization -- Authorization -- Identity and provisioning life cycle -- Access control attacks and countermeasures -- Port scanning and compromise -- Hijacking -- Malicious codes -- Password attacks -- Vulnerability compromises -- Accountability -- Summary -- Sample questions -- Chapter 13: Day 13 - Security Assessment and Testing - Designing, Performing Security Assessment, and Tests -- An overview of security assessment and testing -- Security assessment and test strategies -- Designing and validating assessment and testing strategies -- Security controls; Conduct security control testing
N2  - About This BookDay-by-day plan to study and assimilate core concepts from CISSP CBKRevise and take a mock test at the end of every four chaptersA systematic study and revision of myriad concepts to help you crack the CISSP examinationWho This Book Is For If you are a networking professional aspiring to take the CISSP examination and obtain the coveted CISSP certification (considered to be the Gold Standard in Information Security personal certification), then this book for you. This book assumes that you already have sufficient knowledge in all 10 domains of the CISSP CBK by way of work experience and knowledge gained from other study books. What You Will LearnReview Exam Cram and Practice review questions to reinforce the required conceptsFollow the day-by-day plan to revise important concepts a month before the CISSP® examBoost your time management for the exam by attempting the mock question paperDevelop a structured study plan for all 10 CISSP® domainsBuild your understanding of myriad concepts in the information security domainPractice the full-blown mock test to evaluate your knowledge and exam preparationIn Detail Certified Information Systems Security Professional (CISSP) is an internationally recognized and coveted qualification. Success in this respected exam opens the door to your dream job as a security expert with an eye-catching salary. But passing the final exam is challenging. This happens when they cover everything but do not revise properly and hence lack confidence.  This simple yet informative book provides concise explanations of important concepts in all 10 domains of the CISSP Common Body of Knowledge (CBK). This book will take you through the final weeks before the exam with a day-by-day plan covering all of the exam topics. It will build your confidence and enable you to crack the Gold Standard exam, knowing that you have; done all you can to prepare for the big day. This book is not a replacement for full study guides; instead, it builds on and re-emphasizes concepts learned from them
UR  - https://ebookcentral.proquest.com/lib/orpp/detail.action?docID=4594266
ER  -