CISSP in 21 Days Second Edition M. L. Srinivasan – Ebook PDF Instand Download/DeliveryISBN:
Full dowload CISSP in 21 Days Second Edition after payment
Product details:
ISBN-10 : 1785880705
ISBN-13 : 9781785880704
Author: M. L. Srinivasan
Certified Information Systems Security Professional (CISSP) is an internationally recognized and coveted qualification. Success in this respected exam opens the door to your dream job as a security expert with an eye-catching salary. But passing the final exam is challenging. Every year a lot of candidates do not prepare sufficiently for the examination, and fail at the final stage. This happens when they cover everything but do not revise properly and hence lack confidence.
This simple yet informative book will take you through the final weeks before the exam with a day-by-day plan covering all of the exam topics. It will build your confidence and enable you to crack the Gold Standard exam, knowing that you have done all you can to prepare for the big day.
CISSP in 21 Days Table of contents:
1. Day 1 – Security and Risk Management – Security, Compliance, and Policies
Overview of security, compliance, and policies
Asset
Asset protection
Confidentiality, Integrity, and Availability (CIA)
Confidentiality
Integrity
Availability
Security governance
Strategy, goals, mission, and objectives
Organizational processes
Security roles and responsibilities
Control frameworks
Management controls
Administrative controls
Technical controls
Due diligence and due care
Compliance
Legislative and regulatory compliance
Privacy requirements in compliance
Licensing and intellectual property
Legal and regulatory issues
Computer crimes
Fraud
Theft
Malware/malicious code
Cyber crime
Importing and exporting controls
Transborder data flow
Data breaches
Professional ethics
Codes of ethics
(ISC)2 code of professional ethics
Security policies, standards, procedures, and guidelines
Personnel security policies
Employment candidate screening
Employment agreement and policies
Employment termination processes
Vendor, consultant, and contractor controls
Compliance and privacy
Summary
Sample questions
2. Day 2 – Security and Risk Management – Risk Management, Business Continuity, and Security Education
Overview of risk management, business continuity, and security education
Risk management
Threats, vulnerabilities, and attacks
Threat risk modeling
Threat and vulnerability analysis
Attack analysis
Risk analysis
Quantitative risk analysis
Qualitative risk analysis
Risk treatment
Business continuity management
The Business Continuity Planning (BCP) process
BCP best practices
Security risk considerations in acquisitions, strategy, and practice
Information security education, training, and awareness
Summary
Sample questions
3. Day 3 – Asset Security – Information and Asset Classification
Overview of asset security – information and asset classification
Asset classification and control
Classification types in government
The United States information classification
Classification types in corporations
Data privacy
Data owners
Data processors
Data remanence
Data collection limitations
Data retention
Data in media
Data in hardware
Data with personnel
Summary
Sample questions
4. Day 4 – Asset Security – Data Security Controls and Handling
Overview of asset security – data security controls and handling
Data security controls
Data security requirements
Payment Card Industry Data Security Standard (PCI DSS)
Sarbanes-Oxley Act (SOX)
Gramm-Leach-Bliley Act (GLBA)
EU Data Protection Act (DPA)
Data Loss Prevention (DLP)
Data in motion
Data at rest
Data in use
Data Loss Prevention strategies
DLP controls
Cryptographic methods to secure data
Encryption
Hashing
Digital signatures
Data handling requirements
Handling sensitive information
Summary
Sample questions
5. Day 5 – Exam Cram and Practice Questions
An overview of exam cram and practice questions
CISSP CBK domain #1 – security and risk management
CISSP CBK domain #2 – asset security
Sample questions
References and further reading
Summary
6. Day 6 – Security Engineering – Security Design, Practices, Models, and Vulnerability Mitigation
An overview of security design, practices, models, and vulnerability mitigation
Secure design principles
The computer architecture
Computer system
Trusted computing
Assurance
Common Criteria
Certification and accreditation
DITSCAP
NIACAP
DIACAP
Security engineering practices
Information security models
Take-grant model
Bell-LaPadula model
Biba model
Clark-Wilson model
Vulnerability assessment and mitigation
Vulnerability assessment
Penetration testing
Vulnerability assessment and the penetration testing process
CVE and CVSS
Summary
Sample questions
7. Day 7 – Security Engineering – Cryptography
An overview of cryptography
The fundamentals of cryptography
The methods of encryption
The cryptographic process
Cryptographic algorithms
The cryptographic method
Types of encryption
Symmetric key encryption
The operation modes of block ciphers
Asymmetric key encryption
Hashing
The key length and security
The summary of encryption types
Applications and the use of cryptography
Public Key Infrastructure (PKI)
Secure messaging
Message digest
Digital signature
The digital certificate
Key management techniques
Key management procedures
Type of keys
Key management best practices
Key states
Key management phases
Cryptanalytic attacks
The methods of cryptanalytic attacks
Cryptographic standards
Wireless cryptographic standards
The Federal Information Processing Standard
Summary
Sample questions
8. Day 8 – Communication and Network Security – Network Security
An overview of communication and network security
Network architecture, protocols, and technologies
Layered architecture
Open System Interconnect (OSI) model
Transmission Control Protocol / Internet Protocol (TCP/IP)
OSI layers and security
Application layer protocols and security
Domain Name System (DNS)
Threats, attacks, and countermeasures
Dynamic Host Configuration Protocol (DHCP)
Threats, vulnerabilities, attacks, and countermeasures
Hyper Text Transfer Protocol (HTTP)
Threats, vulnerabilities, attacks, and countermeasures
FTP and TELNET
Threats, vulnerabilities, attacks, and countermeasures
Post Office Protocol (POP3) and Internet Message Access Protocol (IMAP)
Threats, vulnerabilities, attacks, and countermeasures
Simple Network Management Protocol (SNMP)
Threats, vulnerabilities, attacks, and countermeasures
Presentation layer protocols and security
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Threats, vulnerabilities, attacks, and countermeasures
Session layer protocols and security
Threats, vulnerabilities, attacks, and countermeasures
Summary
Sample questions
9. Day 9 – Communication and Network Security – Communication Security
An overview of communication security
Transport layer protocols and security
Transmission Control Protocol (TCP)
Threats, vulnerabilities, attacks, and countermeasures
User Datagram Protocol (UDP)
Threats, vulnerabilities, attacks, and countermeasures
Internet Control Message Protocol (ICMP)
Threats, vulnerabilities, attacks, and countermeasures
Other protocols in the transport layer
The network layer protocols and security
Internet Protocol (IP)
Threats, vulnerabilities, attacks, and countermeasures
IPsec protocols
Threats, vulnerabilities, attacks, and countermeasures
Data link layer protocols and security
Link layer protocols
Address Resolution Protocol (ARP)
Threats, vulnerabilities, attacks, and countermeasures
Border Gateway Protocol
Threats, vulnerabilities, attacks, and countermeasures
Ethernet
Threats, vulnerabilities, attacks, and countermeasures
The physical layer and security
Security in communication channels
Security requirements in voice, multimedia, remote access, data communications, and virtualized networks
Attacks on communication networks
Preventing or mitigating communication network attacks
Security controls in communication networks
Summary
Sample questions
10. Day 10 – Exam Cram and Practice Questions
An overview of exam cram and practice questions
The exam cram
CISSP CBK Domain #3 – security engineering
CISSP CBK Domain #4 – communication and network security
Sample questions
References and further reading
Summary
11. Day 11 – Identity and Access Management – Identity Management
An overview of identity and access management
Physical and logical access to assets
Identity management principles and implementation
Identity as a service
Security concerns
Third-party identity services
Summary
Sample questions
12. Day 12 – Identity and Access Management – Access Management, Provisioning, and Attacks
An overview of access management
Access management concepts, methodologies, and techniques
Basic concepts
Access control models
Discretionary access control
Non-discretionary access control
Authentication and authorization
Authorization
Identity and provisioning life cycle
Access control attacks and countermeasures
Port scanning and compromise
Hijacking
Malicious codes
Password attacks
Vulnerability compromises
Accountability
Summary
Sample questions
13. Day 13 – Security Assessment and Testing – Designing, Performing Security Assessment, and Tests
An overview of security assessment and testing
Security assessment and test strategies
Designing and validating assessment and testing strategies
Security controls
Conduct security control testing
Vulnerability assessments
Penetration testing
Black box testing
White box testing
Grey box testing
Log reviews
Synthetic transactions
Stress tests
Denial-of-Service tests
Load tests
Concurrency tests
Latency test
Code review and testing
Manual code review
Dynamic code review
Static code review
Fuzz code review
Misuse case testing
Test coverage analysis
Interface testing
The API
The UI
Physical
The effectiveness of controls
Summary
Sample questions
14. Day 14 – Security Assessment and Testing – Controlling, Analyzing, Auditing, and Reporting
An overview of controlling, analyzing, auditing, and reporting security test data
A collection of security process data
The control of security process data
The protection and control of system test data
Audit logging
System logs
Administrator and operator logs
Fault logging
Key performance and risk indicators
Disaster recovery and business continuity
Analyzing security process data
False positives
False negatives
The effectiveness of a security control
Internal and third-party security audits
Internal audits
Third-party audits
Information system audit controls
Reporting test and audit outputs
Summary
Sample questions
15. Day 15 – Exam Cram and Practice Questions
An overview of exam cram and practice questions
Exam cram
CISSP CBK Domain #5 – identity and access management
CISSP CBK Domain #6 – security assessment and testing
Mock test
References and further reading
Summary
16. Day 16 – Security Operations – Foundational Concepts
An overview of operations security
The physical security design
Physical facility
Geographic operating location
Supporting facilities
Physical and operations security controls
Threats, vulnerabilities, and countermeasures for physical and operations security
Common threats
Common vulnerabilities
Designing physical and operations security controls
Perimeter security
Interior security
Unauthorized intrusions
Motion detectors
Fire
Fire classes
Fire detectors
Fire suppression mediums
Water sprinklers
Gas dischargers
Electrical power
Operations/facility security
Auditing
Audit trail
Emergency procedures
Startup and shutdown procedures
Evacuation procedures
Training and awareness
Protecting and securing equipment
Equipment security
Media security
Computer investigations
Summary
Sample questions
17. Day 17 – Security Operations – Incident Management and Disaster Recovery
Incident management and reporting
The examples of incidents
Incident management objective and goals
Incident management controls
Intrusion detection systems
Vulnerability assessment and penetration testing
Patch management
Configuration management
Business Continuity Planning (BCP)
BCP goals and objectives
BCP process
BCP best practices
Disaster Recovery Planning (DRP)
Goals and objectives
Components of disaster recovery planning
Recovery teams
Recovery sites
Business resumption from alternative sites
A reciprocal agreement
Subscription services
Backup terminologies
Testing procedures
Summary
Sample questions
18. Day 18 – Software Development Security – Security in Software Development Life Cycle
An overview of software development security
Systems engineering
Initiation phase
Development/acquisition phase
Implementation phase
Operation/maintenance phase
Disposal phase
Software development life cycle
Software development models
Simplistic model
Waterfall model
Complex models
Incremental model
Spiral model
Agile framework
Security in software development
Security controls in software development
Separation of development, test, and operational facilities
Change control processes and procedures
Vendor-supplied software packages
Avoiding covert channels
Summary
Sample questions
People also search for CISSP in 21 Days
new cissp exam
cissp in one month
is cissp in high demand
is cissp still relevant
how long is the cissp certification good for
Reviews
There are no reviews yet.