did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780782143355

CISSP® : Certified Information Systems Security Professional Study Guide, 2nd Edition

by ; ;
  • ISBN13:

    9780782143355

  • ISBN10:

    0782143350

  • Edition: 2nd
  • Format: Paperback
  • Copyright: 2004-01-01
  • Publisher: Sybex
  • Purchase Benefits
List Price: $69.99

Summary

Here's the book you need to prepare for the challenging CISSP exam from (ISC)¯2. This revised edition was developed to meet the exacting requirements of today's security certification candidates. In addition to the consistent and accessible instructional approach that earned Sybex the "Best Study Guide" designation in the 2003 CertCities Readers Choice Awards, this book provides: * Clear and concise information on critical security technologies and topics * Practical examples and insights drawn from real-world experience * Leading-edge exam preparation software, including a testing engine and electronic flashcards for your Palm You'll find authoritative coverage of key exam topics including: * Access Control Systems & Methodology * Applications & Systems Development * Business Continuity Planning * Cryptography * Law, Investigation & Ethics * Operations Security * Physical Security * Security Architecture & Models * Security Management Practices * Telecommunications, Network & Internet Security

Table of Contents

Introduction xxiii
Assessment Test xxx
Accountability and Access Control
1(30)
Access Control Overview
2(5)
Types of Access Control
2(2)
Access Control in a Layered Environment
4(1)
The Process of Accountability
5(2)
Identification and Authentication Techniques
7(8)
Passwords
7(3)
Biometrics
10(3)
Tokens
13(1)
Tickets
14(1)
Access Control Techniques
15(2)
Access Control Methodologies and Implementation
17(2)
Centralized and Decentralized Access Control
17(1)
Radius and Tacacs
18(1)
Access Control Administration
19(2)
Account Administration
19(1)
Account, Log, and Journal Monitoring
20(1)
Access Rights and Permissions
20(1)
Summary
21(1)
Exam Essentials
22(2)
Review Questions
24(4)
Answers to Review Questions
28(3)
Attacks and Monitoring
31(24)
Monitoring
32(1)
Intrusion Detection
33(3)
Host-Based and Network-Based IDSs
33(2)
Knowledge-Based and Behavior-Based Detection
35(1)
IDS-Related Tools
36(1)
Penetration Testing
37(1)
Methods of Attacks
37(8)
Brute Force and Dictionary Attacks
38(2)
Denial of Service
40(3)
Spoofing Attacks
43(1)
Man-in-the-Middle Attacks
43(1)
Sniffer Attacks
44(1)
Spamming Attacks
44(1)
Crackers
45(1)
Access Control Compensations
45(1)
Summary
45(1)
Exam Essentials
46(3)
Review Questions
49(4)
Answers to Review Questions
53(2)
ISO Model, Network Security, and Protocols
55(44)
OSI Model
56(8)
History of the OSI Model
56(1)
OSI Functionality
57(1)
Encapsulation/Deencapsulation
58(1)
OSI Layers
59(4)
TCP/IP Model
63(1)
Communications and Network Security
64(14)
Network Cabling
65(3)
LAN Technologies
68(3)
Network Topologies
71(2)
TCP/IP Overview
73(5)
Internet/Intranet/Extranet Components
78(4)
Firewalls
78(3)
Other Network Devices
81(1)
Remote Access Security Management
82(1)
Network and Protocol Security Mechanisms
83(3)
VPN Protocols
83(1)
Secure Communications Protocols
84(1)
E-Mail Security Solutions
84(1)
Dial-Up Protocols
85(1)
Authentication Protocols
85(1)
Centralized Remote Authentication Services
85(1)
Network and Protocol Services
86(2)
Frame Relay
87(1)
Other WAN Technologies
87(1)
Avoiding Single Points of Failure
88(3)
Redundant Servers
88(1)
Failover Solutions
89(1)
RAID
89(2)
Summary
91(1)
Exam Essentials
91(2)
Review Questions
93(4)
Answers to Review Questions
97(2)
Communications Security and Countermeasures
99(30)
Virtual Private Network (VPN)
100(3)
Tunneling
100(1)
How VPNs Work
101(1)
Implementing VPNs
102(1)
Network Address Translation
103(1)
Private IP Addresses
103(1)
Stateful NAT
103(1)
Switching Technologies
104(1)
Circuit Switching
104(1)
Packet Switching
104(1)
Virtual Circuits
105(1)
WAN Technologies
105(3)
WAN Connection Technologies
106(2)
Encapsulation Protocols
108(1)
Miscellaneous Security Control Characteristics
108(1)
Transparency
108(1)
Verifying Integrity
109(1)
Transmission Mechanisms
109(1)
Managing E-Mail Security
109(4)
E-Mail Security Goals
110(1)
Understanding E-Mail Security Issues
111(1)
E-Mail Security Solutions
111(2)
Securing Voice Communications
113(2)
Social Engineering
113(1)
Fraud and Abuse
114(1)
Phreaking
115(1)
Security Boundaries
115(1)
Network Attacks and Countermeasures
116(2)
Eavesdropping
116(1)
Second-Tier Attacks
117(1)
Address Resolution Protocol (ARP)
117(1)
Summary
118(2)
Exam Essentials
120(2)
Review Questions
122(4)
Answers to Review Questions
126(3)
Security Management Concepts and Principles
129(20)
Security Management Concepts and Principles
130(5)
Confidentiality
130(1)
Integrity
131(1)
Availability
132(1)
Other Security Concepts
133(2)
Protection Mechanisms
135(2)
Layering
136(1)
Abstraction
136(1)
Data Hiding
136(1)
Encryption
137(1)
Change Control/Management
137(1)
Data Classification
138(2)
Summary
140(1)
Exam Essentials
141(2)
Review Questions
143(4)
Answers to Review Questions
147(2)
Asset Value, Policies, and Roles
149(30)
Employment Policies and Practices
150(3)
Security Management for Employees
150(3)
Security Roles
153(1)
Policies, Standards, Baselines, Guidelines, and Procedures
154(3)
Security Policies
155(1)
Security Standards, Baselines, and Guidelines
155(1)
Security Procedures
156(1)
Risk Management
157(9)
Risk Terminology
157(2)
Risk Assessment Methodologies
159(2)
Quantitative Risk Analysis
161(2)
Qualitative Risk Analysis
163(2)
Handling Risk
165(1)
Security Awareness Training
166(1)
Security Management Planning
167(1)
Summary
167(2)
Exam Essentials
169(3)
Review Questions
172(4)
Answers to Review Questions
176(3)
Data and Application Security Issues
179(40)
Application Issues
180(6)
Local/Nondistributed Environment
180(2)
Distributed Environment
182(4)
Databases and Data Warehousing
186(6)
Database Management System (DBMS) Architecture
186(2)
Database Transactions
188(1)
Multilevel Security
189(1)
Aggregation
190(1)
Inference
190(1)
Polyinstantiation
191(1)
Data Mining
191(1)
Data/Information Storage
192(1)
Types of Storage
192(1)
Storage Threats
193(1)
Knowledge-Based Systems
193(2)
Expert Systems
194(1)
Neural Networks
195(1)
Security Applications
195(1)
Systems Development Controls
195(14)
Software Development
196(2)
Systems Development Life Cycle
198(3)
Life Cycle Models
201(4)
Change Control and Configuration Management
205(1)
Security Control Architecture
206(2)
Service Level Agreements
208(1)
Summary
209(1)
Exam Essentials
210(1)
Written Lab
211(1)
Review Questions
212(4)
Answers to Review Questions
216(2)
Answers to Written Lab
218(1)
Malicious Code and Application Attacks
219(34)
Malicious Code
220(10)
Sources
220(1)
Viruses
221(5)
Logic Bombs
226(1)
Trojan Horses
226(1)
Worms
227(1)
Active Content
228(1)
Countermeasures
229(1)
Password Attacks
230(2)
Password Guessing
230(1)
Dictionary Attacks
231(1)
Social Engineering
231(1)
Countermeasures
232(1)
Denial of Service Attacks
232(6)
SYN Flood
232(2)
Distributed DoS Toolkits
234(1)
Smurf
234(2)
Teardrop
236(1)
Land
237(1)
DNS Poisoning
237(1)
Ping of Death
238(1)
Application Attacks
238(2)
Buffer Overflows
238(1)
Time-of-Check-to-Time-of-Use
239(1)
Trap Doors
239(1)
Rootkits
239(1)
Reconnaissance Attacks
240(1)
IP Probes
240(1)
Port Scans
240(1)
Vulnerability Scans
240(1)
Dumpster Diving
241(1)
Masquerading Attacks
241(1)
IP Spoofing
241(1)
Session Hijacking
242(1)
Decoy Techniques
242(1)
Honey Pots
242(1)
Pseudo-Flaws
243(1)
Summary
243(1)
Exam Essentials
244(1)
Written Lab
245(1)
Review Questions
246(4)
Answers to Review Questions
250(2)
Answers to Written Lab
252(1)
Cryptography and Private Key Algorithms
253(34)
History
254(2)
Caesar Cipher
254(1)
American Civil War
255(1)
Ultra vs. Enigma
255(1)
Cryptographic Basics
256(10)
Goals of Cryptography
256(1)
Concepts
257(1)
Cryptographic Mathematics
258(4)
Ciphers
262(4)
Modern Cryptography
266(5)
Cryptographic Keys
266(1)
Symmetric Key Algorithms
267(1)
Asymmetric Key Algorithms
268(2)
Hashing Algorithms
270(1)
Symmetric Cryptography
271(6)
Data Encryption Standard (DES)
271(1)
Triple DES (3DES)
272(1)
International Data Encryption Algorithm (IDEA)
273(1)
Blowfish
274(1)
Skipjack
274(1)
Advanced Encryption Standard (AES)
275(1)
Key Distribution
275(2)
Key Escrow
277(1)
Summary
277(1)
Exam Essentials
278(1)
Written Lab
279(1)
Review Questions
280(4)
Answers to Review Questions
284(2)
Answers to Written Lab
286(1)
PKI and Cryptographic Applications
287(30)
Asymmetric Cryptography
288(4)
Public and Private Keys
288(1)
RSA
289(2)
El Gamal
291(1)
Elliptic Curve
291(1)
Hash Functions
292(2)
SHA
293(1)
MD2
293(1)
MD4
294(1)
MD5
294(1)
Digital Signatures
294(3)
HMAC
295(1)
Digital Signature Standard
296(1)
Public Key Infrastructure
297(3)
Certificates
297(1)
Certificate Authorities
298(1)
Certificate Generation and Destruction
298(2)
Key Management
300(1)
Applied Cryptography
300(7)
Electronic Mail
301(2)
Web
303(1)
E-Commerce
304(1)
Networking
305(2)
Cryptographic Attacks
307(1)
Summary
308(1)
Exam Essentials
309(2)
Review Questions
311(4)
Answers to Review Questions
315(2)
Principles of Computer Design
317(44)
Computer Architecture
319(19)
Hardware
319(18)
Input/Output Structures
337(1)
Firmware
338(1)
Security Protection Mechanisms
338(6)
Technical Mechanisms
338(2)
Security Policy and Computer Architecture
340(1)
Policy Mechanisms
341(1)
Distributed Architecture
342(2)
Security Models
344(7)
State Machine Model
344(1)
Bell-LaPadula Model
345(1)
Biba
346(1)
Clark-Wilson
347(1)
Information Flow Model
348(1)
Noninterference Model
348(1)
Take-Grant Model
349(1)
Access Control Matrix
349(1)
Brewer and Nash Model (a.k.a. Chinese Wall)
350(1)
Classifying and Comparing Models
350(1)
Summary
351(1)
Exam Essentials
352(3)
Review Questions
355(4)
Answers to Review Questions
359(2)
Principles of Security Models
361(34)
Common Security Models, Architectures, and Evaluation Criteria
362(8)
Trusted Computing Base (TCB)
363(1)
Security Models
364(2)
Objects and Subjects
366(1)
Closed and Open Systems
367(1)
Techniques for Ensuring Confidentiality, Integrity, and Availability
367(1)
Controls
368(1)
IP Security (IPSec)
369(1)
Understanding System Security Evaluation
370(10)
Rainbow Series
371(4)
ITSEC Classes and Required Assurance and Functionality
375(1)
Common Criteria
376(3)
Certification and Accreditation
379(1)
Common Flaws and Security Issues
380(5)
Covert Channels
380(1)
Attacks Based on Design or Coding Flaws and Security Issues
381(3)
Programming
384(1)
Timing, State Changes, and Communication Disconnects
384(1)
Electromagnetic Radiation
385(1)
Summary
385(1)
Exam Essentials
386(2)
Review Questions
388(4)
Answers to Review Questions
392(3)
Administrative Management
395(26)
Antivirus Management
396(1)
Operations Security Concepts
397(11)
Operational Assurance and Life Cycle Assurance
397(1)
Backup Maintenance
398(1)
Changes in Workstation/Location
398(1)
Need-to-Know and the Principle of Least Privilege
399(1)
Privileged Operations Functions
399(1)
Trusted Recovery
400(1)
Configuration and Change Management Control
400(1)
Standards of Due Care and Due Diligence
401(1)
Privacy and Protection
402(1)
Legal Requirements
402(1)
Illegal Activities
402(1)
Record Retention
403(1)
Sensitive Information and Media
403(2)
Security Control Types
405(1)
Operations Controls
406(2)
Personnel Controls
408(1)
Summary
409(2)
Exam Essentials
411(3)
Review Questions
414(4)
Answers to Review Questions
418(3)
Auditing and Monitoring
421(28)
Auditing
422(6)
Auditing Basics
422(2)
Audit Trails
424(1)
Reporting Concepts
425(1)
Sampling
426(1)
Record Retention
426(1)
External Auditors
427(1)
Monitoring
428(2)
Monitoring Tools and Techniques
428(2)
Penetration Testing Techniques
430(4)
War Dialing
431(1)
Sniffing and Eavesdropping
431(1)
Radiation Monitoring
432(1)
Dumpster Diving
432(1)
Social Engineering
433(1)
Problem Management
433(1)
Inappropriate Activities
434(1)
Indistinct Threats and Countermeasures
434(4)
Errors and Omissions
435(1)
Fraud and Theft
435(1)
Collusion
435(1)
Sabotage
435(1)
Loss of Physical and Infrastructure Support
435(1)
Malicious Hackers or Crackers
436(1)
Espionage
436(1)
Malicious Code
436(1)
Traffic and Trend Analysis
436(1)
Initial Program Load Vulnerabilities
437(1)
Summary
438(1)
Exam Essentials
439(4)
Review Questions
443(4)
Answers to Review Questions
447(2)
Business Continuity Planning
449(26)
Business Continuity Planning
450(1)
Project Scope and Planning
450(5)
Business Organization Analysis
451(1)
BCP Team Selection
451(1)
Resource Requirements
452(1)
Legal and Regulatory Requirements
453(2)
Business Impact Assessment
455(4)
Identify Priorities
456(1)
Risk Identification
456(1)
Likelihood Assessment
457(1)
Impact Assessment
457(1)
Resource Prioritization
458(1)
Continuity Strategy
459(3)
Strategy Development
459(1)
Provisions and Processes
460(1)
Plan Approval
461(1)
Plan Implementation
462(1)
Training and Education
462(1)
BCP Documentation
462(3)
Continuity Planning Goals
463(1)
Statement of Importance
463(1)
Statement of Priorities
463(1)
Statement of Organizational Responsibility
463(1)
Statement of Urgency and Timing
464(1)
Risk Assessment
464(1)
Risk Acceptance/Mitigation
464(1)
Vital Records Program
464(1)
Emergency Response Guidelines
465(1)
Maintenance
465(1)
Testing
465(1)
Summary
465(1)
Exam Essentials
466(2)
Review Questions
468(4)
Answers to Review Questions
472(3)
Disaster Recovery Planning
475(32)
Disaster Recovery Planning
476(9)
Natural Disasters
477(4)
Man-Made Disasters
481(4)
Recovery Strategy
485(6)
Business Unit Priorities
485(1)
Crisis Management
485(1)
Emergency Communications
486(1)
Work Group Recovery
486(1)
Alternate Processing Sites
486(3)
Mutual Assistance Agreements
489(1)
Database Recovery
489(2)
Recovery Plan Development
491(5)
Emergency Response
491(1)
Personnel Notification
492(1)
Backups and Offsite Storage
493(1)
Software Escrow Arrangements
494(1)
External Communications
495(1)
Utilities
495(1)
Logistics and Supplies
495(1)
Recovery vs. Restoration
495(1)
Training and Documentation
496(1)
Testing and Maintenance
496(2)
Checklist Test
497(1)
Structured Walk-Through
497(1)
Simulation Test
497(1)
Parallel Test
497(1)
Full-Interruption Test
498(1)
Maintenance
498(1)
Summary
498(1)
Exam Essentials
498(1)
Written Lab
499(1)
Review Questions
500(4)
Answers to Review Questions
504(2)
Answers to Written Lab
506(1)
Law and Investigations
507(34)
Categories of Laws
508(2)
Criminal Law
508(1)
Civil Law
509(1)
Administrative Law
510(1)
Laws
510(16)
Computer Crime
511(3)
Intellectual Property
514(5)
Licensing
519(1)
Import/Export
520(1)
Privacy
521(5)
Investigations
526(4)
Evidence
526(2)
Investigation Process
528(2)
Summary
530(1)
Exam Essentials
530(2)
Written Lab
532(1)
Review Questions
533(4)
Answers to Review Questions
537(2)
Answers to Written Lab
539(2)
Incidents and Ethics
541(22)
Major Categories of Computer Crime
542(4)
Military and Intelligence Attacks
543(1)
Business Attacks
543(1)
Financial Attacks
544(1)
Terrorist Attacks
544(1)
Grudge Attacks
545(1)
``Fun'' Attacks
545(1)
Evidence
546(1)
Incident Handling
546(6)
Common Types of Incidents
547(2)
Response Teams
549(1)
Abnormal and Suspicious Activity
549(1)
Confiscating Equipment, Software, and Data
550(1)
Incident Data Integrity and Retention
551(1)
Reporting Incidents
551(1)
Ethics
552(2)
(ISC)2 Code of Ethics
552(1)
Ethics and the Internet
553(1)
Summary
554(1)
Exam Essentials
555(2)
Review Questions
557(4)
Answers to Review Questions
561(2)
Physical Security Requirements
563(28)
Facility Requirements
564(4)
Secure Facility Plan
565(1)
Physical Security Controls
565(1)
Site Selection
565(1)
Visibility
565(1)
Accessibility
566(1)
Natural Disasters
566(1)
Facility Design
566(1)
Work Areas
566(1)
Server Rooms
567(1)
Visitors
567(1)
Forms of Physical Access Controls
568(4)
Fences, Gates, Turnstiles, and Mantraps
568(1)
Lighting
568(1)
Security Guards and Dogs
569(1)
Keys and Combination Locks
570(1)
Badges
570(1)
Motion Detectors
571(1)
Intrusion Alarms
571(1)
Secondary Verification Mechanisms
571(1)
Technical Controls
572(3)
Smart Cards
572(1)
Proximity Readers
572(1)
Access Abuses
573(1)
Intrusion Detection Systems
573(1)
Emanation Security
574(1)
Environment and Life Safety
575(5)
Personnel Safety
575(1)
Power and Electricity
575(1)
Noise
576(1)
Temperature, Humidity, and Static
577(1)
Water
577(1)
Fire Detection and Suppression
578(2)
Equipment Failure
580(1)
Summary
581(1)
Exam Essentials
581(3)
Review Questions
584(4)
Answers to Review Questions
588(3)
Glossary 591(58)
Index 649

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program