The Cissp Prep Guide: Mastering the Ten Domains of Computer Security
-
Author:
-
Subject:
-
Published by:John Wiley & Sons Inc (US)
-
Published:24/08/2001
-
Price:$135.00
- < Buy this book >
From stolen intellectual proprietary and denial of service attacks to unauthorized use of critical resources and computer viruses, e-business companies face numerous threats each day that can cost millions of dollars. The need for these companies to protect their networks and information systems has, in turn, created an unprecedented demand for information systems security professionals. In fact, today?s companies are fiercely headhunting for Certified Information Systems Security Professionals (CISSP). Based on the extensive test experience of the authors, this book serves as both a prep guide for IT professionals seeking to advance their careers through CISSP certification and as a reference on fundamental and emerging information security knowledge.
Biography
RONALD L. KRUTZ is a lead instructor for the CISSP CBK review seminars. He spent twenty-four years at Carnegie Mellon University as a faculty member and then as an R&D Director at the Carnegie Mellon University Research Institute. Dr. Krutz is a Senior Information Security Consultant for Corbett Technologies, specializing in information assurance appraisal methodologies. He holds a PhD in Computer Engineering, is a registered Professional Engineer, and is a CISSP. He is the author of two previous Wiley books, Microprocessors and Logic Design and Microcomputer Interfacing.
RUSSELL DEAN VINES is President of the RDVGroup, a NYC-based security consulting services firm, and has been involved in computer security for nearly twenty years. He is a frequent speaker on security methodology, wireless security, and best practices in the information industry, and is also an instructor for the CISSP CBK review seminars. He has helped design and build the security architecture for Fortune 1000 Companies worldwide. He is a CISSP, CCNA, MCSE, MCNE, and a National Security Agency/IAM professional. Mr. Vines is also an accomplished jazz composer, performer, and educator.
RUSSELL DEAN VINES is President of the RDVGroup, a NYC-based security consulting services firm, and has been involved in computer security for nearly twenty years. He is a frequent speaker on security methodology, wireless security, and best practices in the information industry, and is also an instructor for the CISSP CBK review seminars. He has helped design and build the security architecture for Fortune 1000 Companies worldwide. He is a CISSP, CCNA, MCSE, MCNE, and a National Security Agency/IAM professional. Mr. Vines is also an accomplished jazz composer, performer, and educator.
Table of Contents
Foreword.
Introduction.
Acknowledgments.
About the Authors.
Chapter 1: Security Management Practices.
Our Goals.
Domain Definition.
Management Concepts.
Information Classification Process.
Security Policy Implementation.
Roles and Responsibilities.
Risk Management.
Security Awareness.
Sample Questions.
Chapter 2: Access Control Systems.
Rationale.
Controls.
Identification and Authentication.
Some Access Control Issues.
Sample Questions.
Chapter 3: Telecommunications and Network Security.
Our Goals.
Domain Definition.
Management Concepts.
Technology Concepts.
Sample Questions.
Chapter 4: Cryptography.
Introduction.
Cryptographic Technologies.
Secret Key Cryptography (Symmetric Key).
Public (Asymmetric) Key Cryptosystems.
Approaches to Escrowed Encryption.
Internet Security Applications.
Sample Questions.
Chapter 5: Security Architecture and Models.
Security Architecture.
Assurance.
Information Security Models.
Sample Questions.
Chapter 6: Operations Security.
Our Goals.
Domain Definition.
Controls and Protections.
Monitoring and Auditing.
Threats and Vulnerabilities.
Sample Questions.
Chapter 7: Applications and Systems Development.
The Software Life Cycle Development Process.
The Software Capability Maturity Model (CMM).
Object-Oriented Systems.
Artificial Intelligence Systems.
Database Systems.
Application Controls.
Sample Questions.
Chapter 8: Business Continuity Planning and Disaster Recovery Planning.
Our Goals.
Domain Definition.
Business Continuity Planning.
Disaster Recovery Planning.
Sample Questions.
Chapter 9: Law, Investigation, and Ethics.
Introduction.
Law.
Investigation.
Liability.
Ethics.
Sample Questions.
Chapter 10: Physical Security.
Our Goals.
Domain Definition.
Threats to Physical Security.
Controls for Physical Security.
Sample Questions.
Appendix A: Glossary of Terms and Acronyms.
Appendix B: The RAINBOW Series.
Appendix C: Answers to Sample Questions.
Chapter 1-Security Management Practices.
Chapter 2-Access Control Systems and Methodology.
Chapter 3-Telecommunications and Network Security.
Chapter 4-Cryptography.
Chapter 5-Security Architecture and Models.
Chapter 6-Operations Security.
Chapter 7-Applications and Systems Development.
Chapter 8-Business Continuity Planning and Disaster Recovery Planning.
Chapter 9-Law, Investigation, and Ethics.
Chapter 10-Physical Security.
Appendix D: A Process Approach to HIPAA Compliance through a HIPAA-CMM.
Appendix E: The NSA InfoSec Assessment Methodology.
Appendix F: The Case for Ethical Hacking.
Appendix G: The Common Criteria.
Appendix H: References for Further Study.
Appendix I: British Standard 7799.
Index.
Introduction.
Acknowledgments.
About the Authors.
Chapter 1: Security Management Practices.
Our Goals.
Domain Definition.
Management Concepts.
Information Classification Process.
Security Policy Implementation.
Roles and Responsibilities.
Risk Management.
Security Awareness.
Sample Questions.
Chapter 2: Access Control Systems.
Rationale.
Controls.
Identification and Authentication.
Some Access Control Issues.
Sample Questions.
Chapter 3: Telecommunications and Network Security.
Our Goals.
Domain Definition.
Management Concepts.
Technology Concepts.
Sample Questions.
Chapter 4: Cryptography.
Introduction.
Cryptographic Technologies.
Secret Key Cryptography (Symmetric Key).
Public (Asymmetric) Key Cryptosystems.
Approaches to Escrowed Encryption.
Internet Security Applications.
Sample Questions.
Chapter 5: Security Architecture and Models.
Security Architecture.
Assurance.
Information Security Models.
Sample Questions.
Chapter 6: Operations Security.
Our Goals.
Domain Definition.
Controls and Protections.
Monitoring and Auditing.
Threats and Vulnerabilities.
Sample Questions.
Chapter 7: Applications and Systems Development.
The Software Life Cycle Development Process.
The Software Capability Maturity Model (CMM).
Object-Oriented Systems.
Artificial Intelligence Systems.
Database Systems.
Application Controls.
Sample Questions.
Chapter 8: Business Continuity Planning and Disaster Recovery Planning.
Our Goals.
Domain Definition.
Business Continuity Planning.
Disaster Recovery Planning.
Sample Questions.
Chapter 9: Law, Investigation, and Ethics.
Introduction.
Law.
Investigation.
Liability.
Ethics.
Sample Questions.
Chapter 10: Physical Security.
Our Goals.
Domain Definition.
Threats to Physical Security.
Controls for Physical Security.
Sample Questions.
Appendix A: Glossary of Terms and Acronyms.
Appendix B: The RAINBOW Series.
Appendix C: Answers to Sample Questions.
Chapter 1-Security Management Practices.
Chapter 2-Access Control Systems and Methodology.
Chapter 3-Telecommunications and Network Security.
Chapter 4-Cryptography.
Chapter 5-Security Architecture and Models.
Chapter 6-Operations Security.
Chapter 7-Applications and Systems Development.
Chapter 8-Business Continuity Planning and Disaster Recovery Planning.
Chapter 9-Law, Investigation, and Ethics.
Chapter 10-Physical Security.
Appendix D: A Process Approach to HIPAA Compliance through a HIPAA-CMM.
Appendix E: The NSA InfoSec Assessment Methodology.
Appendix F: The Case for Ethical Hacking.
Appendix G: The Common Criteria.
Appendix H: References for Further Study.
Appendix I: British Standard 7799.
Index.
Most Read
Get exclusive access to ARN's news, research and invitation only events. Latest Jobs
- CCDB2 / DBA Technical Consultant - Finance company - Melbourne CBD - DB2VIC
- FTAccount Manager - Strategic Enterprise DevelopmentNSW
- FTMobile Portal Architect - .Net TechnologiesNSW
- FTSenior .Net Developer - Mobility/Portal SolutionsNSW
- FTSupport Consultant - Global Vendor - $55-75,000NSW
- FTDigital Account ManagerNSW
- FTDigital Account ManagerNSW
- CCDigital Business Analyst - Agile/ScrumNSW
Most Commented
Channel Deals
iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.
Featured Whitepapers
Churchtown Primary School UK Primary School Chooses Aerohive's Reliable, Manageable, Scalable and Economical Controller-less Wireless LAN Architecture
Churchtown School, one of the largest primary schools in the UK, was been searching for a new wireless LAN, and Aerohive answered the call. Reliability was a top priority, followed by manageability, performance, and cost, plus the ability to take advantage of the latest technology, including 802.11n. Read the whole story >>>
Most Popular Whitepapers
#1
HiveManager Online: Less Dollars, More Sense
Today’s de facto standard controller-based Wi-Fi infrastructure model is just too complicated, too expensive, and too unreliable. It’s common for enterprise and mid-market network operators alike to get caught in a crossroads of compromises involving costs, complexity, features, and reliability.
Market Place
Good Gear Guide
Buying Guides
Latest Products
Computerworld
CIO
Techworld
Copyright 2012 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.
IDG Sites:
PC World |
GoodGearGuide |
Computerworld Australia |
CIO Australia |
CSO Online |
Techworld |
CIO Executive Council
Links: Privacy Policy [Updated 7 Aug 09] | Advertising | Books | Downloads
