CISSP in 21 Days - Second Edition
3/5
()
About this ebook
- Day-by-day plan to study and assimilate core concepts from CISSP CBK
- Revise and take a mock test at the end of every four chapters
- A systematic study and revision of myriad concepts to help you crack the CISSP examination
If you are a networking professional aspiring to take the CISSP examination and obtain the coveted CISSP certification (considered to be the Gold Standard in Information Security personal certification), then this book for you. This book assumes that you already have sufficient knowledge in all 10 domains of the CISSP CBK by way of work experience and knowledge gained from other study books.
M. L. Srinivasan
Popularly known as MLS, the author is an Information Technology and Information Security professional and has about 18 years experience in various domains of IT such as Software Programming, Hardware Troubleshooting, Networking Technologies, Systems Administration, Security Administration; Information Security-related consulting, audit and training. MLS has been an avid trainer through out his career and has developed many short-term and long-term training programs. One such program is "Certified Vulnerability Assessor (cVa)", which is accredited by a leading ISO certifying agency. He's a prolific speaker and trainer and has presented many papers related to Network Security in International conventions and conferences. He was the Technical Director of Secure Matrix, an India-based company that provides security consulting and audits. During his tenure in the last four years, he led the team of consultants to implement many ISO 27001-certification projects across India, the Middle East, and Africa. He is a specialist IT and IS auditor with Det Norske Veritas (DNV), India region. He has performed many quality and information security audits to hundreds of medium and large organizations in the past 10 years. He is at present the Chairman and CEO of ChennaiNet, a technology company focused on IT and IS-related product development, services, and training.
Related to CISSP in 21 Days - Second Edition
Related ebooks
CISSP Exam Study Guide: NIST Framework, Digital Forensics & Cybersecurity Governance Rating: 5 out of 5 stars5/5(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide Rating: 3 out of 5 stars3/5NIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsSecurity Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Identity and Access Management: CISSP, #5 Rating: 0 out of 5 stars0 ratingsCISSP:Cybersecurity Operations and Incident Response: Digital Forensics with Exploitation Frameworks & Vulnerability Scans Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5CC Certified in Cybersecurity Study Guide Rating: 0 out of 5 stars0 ratingsCASP+ CompTIA Advanced Security Practitioner Study Guide: Exam CAS-004 Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701 Rating: 0 out of 5 stars0 ratingsThe Certified Ethical Hacker Exam - version 8 (The concise study guide) Rating: 3 out of 5 stars3/5The Cybersecurity Mindset: A Virtual and Transformational Thinking Mode Rating: 0 out of 5 stars0 ratingsCybersecurity Design Principles: Building Secure Resilient Architecture Rating: 0 out of 5 stars0 ratingsCybersecurity First Principles: A Reboot of Strategy and Tactics Rating: 5 out of 5 stars5/5Communication and Network Security: CISSP, #4 Rating: 0 out of 5 stars0 ratingsInformation Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5Security Architect: Careers in information security Rating: 4 out of 5 stars4/5Software Development Security: CISSP, #8 Rating: 0 out of 5 stars0 ratingsPractical Digital Forensics Rating: 0 out of 5 stars0 ratingsCybersecurity Jobs & Career Paths: Find Cybersecurity Jobs, #2 Rating: 0 out of 5 stars0 ratingsSecurity and Risk Management: CISSP, #1 Rating: 4 out of 5 stars4/5Threat Modeling: Designing for Security Rating: 4 out of 5 stars4/5Network Security Bible Rating: 2 out of 5 stars2/5Cyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsCybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsThe Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsCertified Cybersecurity Compliance Professional Rating: 5 out of 5 stars5/5
Security For You
Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5ISO/IEC 27001:2022: An introduction to information security and the ISMS standard Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 5 out of 5 stars5/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Hacking For Dummies Rating: 4 out of 5 stars4/5Codes and Ciphers Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsThe Wires of War: Technology and the Global Struggle for Power Rating: 5 out of 5 stars5/5A Vulnerable System: The History of Information Security in the Computer Age Rating: 0 out of 5 stars0 ratingsTor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5IAPP CIPM Certified Information Privacy Manager Study Guide Rating: 0 out of 5 stars0 ratingsMastering Blockchain Rating: 5 out of 5 stars5/5Google Cloud Platform an Architect's Guide Rating: 5 out of 5 stars5/5HTTP/2 in Action Rating: 0 out of 5 stars0 ratingsDeFi and the Future of Finance Rating: 0 out of 5 stars0 ratingsNavigating the Cybersecurity Career Path Rating: 0 out of 5 stars0 ratingsThe Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5The Art of Attack: Attacker Mindset for Security Professionals Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Unmasking the Social Engineer: The Human Element of Security Rating: 5 out of 5 stars5/5
Reviews for CISSP in 21 Days - Second Edition
1 rating1 review
- Rating: 3 out of 5 stars3/5I didn't like the structure of the book, the only thing is that it puts a day by day progress that kind of help with precise steps.
Book preview
CISSP in 21 Days - Second Edition - M. L. Srinivasan
Table of Contents
CISSP in 21 Days Second Edition
Credits
About the Author
About the Reviewer
www.PacktPub.com
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
1. Day 1 – Security and Risk Management - Security, Compliance, and Policies
Overview of security, compliance, and policies
Asset
Asset protection
Confidentiality, Integrity, and Availability (CIA)
Confidentiality
Integrity
Availability
Security governance
Strategy, goals, mission, and objectives
Organizational processes
Security roles and responsibilities
Control frameworks
Management controls
Administrative controls
Technical controls
Due diligence and due care
Compliance
Legislative and regulatory compliance
Privacy requirements in compliance
Licensing and intellectual property
Legal and regulatory issues
Computer crimes
Fraud
Theft
Malware/malicious code
Cyber crime
Importing and exporting controls
Transborder data flow
Data breaches
Professional ethics
Codes of ethics
(ISC)2 code of professional ethics
Security policies, standards, procedures, and guidelines
Personnel security policies
Employment candidate screening
Employment agreement and policies
Employment termination processes
Vendor, consultant, and contractor controls
Compliance and privacy
Summary
Sample questions
2. Day 2 – Security and Risk Management - Risk Management, Business Continuity, and Security Education
Overview of risk management, business continuity, and security education
Risk management
Threats, vulnerabilities, and attacks
Threat risk modeling
Threat and vulnerability analysis
Attack analysis
Risk analysis
Quantitative risk analysis
Qualitative risk analysis
Risk treatment
Business continuity management
The Business Continuity Planning (BCP) process
BCP best practices
Security risk considerations in acquisitions, strategy, and practice
Information security education, training, and awareness
Summary
Sample questions
3. Day 3 – Asset Security - Information and Asset Classification
Overview of asset security - information and asset classification
Asset classification and control
Classification types in government
The United States information classification
Classification types in corporations
Data privacy
Data owners
Data processors
Data remanence
Data collection limitations
Data retention
Data in media
Data in hardware
Data with personnel
Summary
Sample questions
4. Day 4 – Asset Security - Data Security Controls and Handling
Overview of asset security - data security controls and handling
Data security controls
Data security requirements
Payment Card Industry Data Security Standard (PCI DSS)
Sarbanes-Oxley Act (SOX)
Gramm-Leach-Bliley Act (GLBA)
EU Data Protection Act (DPA)
Data Loss Prevention (DLP)
Data in motion
Data at rest
Data in use
Data Loss Prevention strategies
DLP controls
Cryptographic methods to secure data
Encryption
Hashing
Digital signatures
Data handling requirements
Handling sensitive information
Summary
Sample questions
5. Day 5 – Exam Cram and Practice Questions
An overview of exam cram and practice questions
CISSP CBK domain #1 – security and risk management
CISSP CBK domain #2 – asset security
Sample questions
References and further reading
Summary
6. Day 6 – Security Engineering - Security Design, Practices, Models, and Vulnerability Mitigation
An overview of security design, practices, models, and vulnerability mitigation
Secure design principles
The computer architecture
Computer system
Trusted computing
Assurance
Common Criteria
Certification and accreditation
DITSCAP
NIACAP
DIACAP
Security engineering practices
Information security models
Take-grant model
Bell-LaPadula model
Biba model
Clark-Wilson model
Vulnerability assessment and mitigation
Vulnerability assessment
Penetration testing
Vulnerability assessment and the penetration testing process
CVE and CVSS
Summary
Sample questions
7. Day 7 – Security Engineering - Cryptography
An overview of cryptography
The fundamentals of cryptography
The methods of encryption
The cryptographic process
Cryptographic algorithms
The cryptographic method
Types of encryption
Symmetric key encryption
The operation modes of block ciphers
Asymmetric key encryption
Hashing
The key length and security
The summary of encryption types
Applications and the use of cryptography
Public Key Infrastructure (PKI)
Secure messaging
Message digest
Digital signature
The digital certificate
Key management techniques
Key management procedures
Type of keys
Key management best practices
Key states
Key management phases
Cryptanalytic attacks
The methods of cryptanalytic attacks
Cryptographic standards
Wireless cryptographic standards
The Federal Information Processing Standard
Summary
Sample questions
8. Day 8 – Communication and Network Security - Network Security
An overview of communication and network security
Network architecture, protocols, and technologies
Layered architecture
Open System Interconnect (OSI) model
Transmission Control Protocol / Internet Protocol (TCP/IP)
OSI layers and security
Application layer protocols and security
Domain Name System (DNS)
Threats, attacks, and countermeasures
Dynamic Host Configuration Protocol (DHCP)
Threats, vulnerabilities, attacks, and countermeasures
Hyper Text Transfer Protocol (HTTP)
Threats, vulnerabilities, attacks, and countermeasures
FTP and TELNET
Threats, vulnerabilities, attacks, and countermeasures
Post Office Protocol (POP3) and Internet Message Access Protocol (IMAP)
Threats, vulnerabilities, attacks, and countermeasures
Simple Network Management Protocol (SNMP)
Threats, vulnerabilities, attacks, and countermeasures
Presentation layer protocols and security
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Threats, vulnerabilities, attacks, and countermeasures
Session layer protocols and security
Threats, vulnerabilities, attacks, and countermeasures
Summary
Sample questions
9. Day 9 – Communication and Network Security - Communication Security
An overview of communication security
Transport layer protocols and security
Transmission Control Protocol (TCP)
Threats, vulnerabilities, attacks, and countermeasures
User Datagram Protocol (UDP)
Threats, vulnerabilities, attacks, and countermeasures
Internet Control Message Protocol (ICMP)
Threats, vulnerabilities, attacks, and countermeasures
Other protocols in the transport layer
The network layer protocols and security
Internet Protocol (IP)
Threats, vulnerabilities, attacks, and countermeasures
IPsec protocols
Threats, vulnerabilities, attacks, and countermeasures
Data link layer protocols and security
Link layer protocols
Address Resolution Protocol (ARP)
Threats, vulnerabilities, attacks, and countermeasures
Border Gateway Protocol
Threats, vulnerabilities, attacks, and countermeasures
Ethernet
Threats, vulnerabilities, attacks, and countermeasures
The physical layer and security
Security in communication channels
Security requirements in voice, multimedia, remote access, data communications, and virtualized networks
Attacks on communication networks
Preventing or mitigating communication network attacks
Security controls in communication networks
Summary
Sample questions
10. Day 10 – Exam Cram and Practice Questions
An overview of exam cram and practice questions
The exam cram
CISSP CBK Domain #3 – security engineering
CISSP CBK Domain #4 – communication and network security
Sample questions
References and further reading
Summary
11. Day 11 – Identity and Access Management - Identity Management
An overview of identity and access management
Physical and logical access to assets
Identity management principles and implementation
Identity as a service
Security concerns
Third-party identity services
Summary
Sample questions
12. Day 12 – Identity and Access Management - Access Management, Provisioning, and Attacks
An overview of access management
Access management concepts, methodologies, and techniques
Basic concepts
Access control models
Discretionary access control
Non-discretionary access control
Authentication and authorization
Authorization
Identity and provisioning life cycle
Access control attacks and countermeasures
Port scanning and compromise
Hijacking
Malicious codes
Password attacks
Vulnerability compromises
Accountability
Summary
Sample questions
13. Day 13 – Security Assessment and Testing - Designing, Performing Security Assessment, and Tests
An overview of security assessment and testing
Security assessment and test strategies
Designing and validating assessment and testing strategies
Security controls
Conduct security control testing
Vulnerability assessments
Penetration testing
Black box testing
White box testing
Grey box testing
Log reviews
Synthetic transactions
Stress tests
Denial-of-Service tests
Load tests
Concurrency tests
Latency test
Code review and testing
Manual code review
Dynamic code review
Static code review
Fuzz code review
Misuse case testing
Test coverage analysis
Interface testing
The API
The UI
Physical
The effectiveness of controls
Summary
Sample questions
14. Day 14 – Security Assessment and Testing - Controlling, Analyzing, Auditing, and Reporting
An overview of controlling, analyzing, auditing, and reporting security test data
A collection of security process data
The control of security process data
The protection and control of system test data
Audit logging
System logs
Administrator and operator logs
Fault logging
Key performance and risk indicators
Disaster recovery and business continuity
Analyzing security process data
False positives
False negatives
The effectiveness of a security control
Internal and third-party security audits
Internal audits
Third-party audits
Information system audit controls
Reporting test and audit outputs
Summary
Sample questions
15. Day 15 – Exam Cram and Practice Questions
An overview of exam cram and practice questions
Exam cram
CISSP CBK Domain #5 – identity and access management
CISSP CBK Domain #6 – security assessment and testing
Mock test
References and further reading
Summary
16. Day 16 – Security Operations - Foundational Concepts
An overview of operations security
The physical security design
Physical facility
Geographic operating location
Supporting facilities
Physical and operations security controls
Threats, vulnerabilities, and countermeasures for physical and operations security
Common threats
Common vulnerabilities
Designing physical and operations security controls
Perimeter security
Interior security
Unauthorized intrusions
Motion detectors
Fire
Fire classes
Fire detectors
Fire suppression mediums
Water sprinklers
Gas dischargers
Electrical power
Operations/facility security
Auditing
Audit trail
Emergency procedures
Startup and shutdown procedures
Evacuation procedures
Training and awareness
Protecting and securing equipment
Equipment security
Media security
Computer investigations
Summary
Sample questions
17. Day 17 – Security Operations - Incident Management and Disaster Recovery
Incident management and reporting
The examples of incidents
Incident management objective and goals
Incident management controls
Intrusion detection systems
Vulnerability assessment and penetration testing
Patch management
Configuration management
Business Continuity Planning (BCP)
BCP goals and objectives
BCP process
BCP best practices
Disaster Recovery Planning (DRP)
Goals and objectives
Components of disaster recovery planning
Recovery teams
Recovery sites
Business resumption from alternative sites
A reciprocal agreement
Subscription services
Backup terminologies
Testing procedures
Summary
Sample questions
18. Day 18 – Software Development Security - Security in Software Development Life Cycle
An overview of software development security
Systems engineering
Initiation phase
Development/acquisition phase
Implementation phase
Operation/maintenance phase
Disposal phase
Software development life cycle
Software development models
Simplistic model
Waterfall model
Complex models
Incremental model
Spiral model
Agile framework
Security in software development
Security controls in software development
Separation of development, test, and operational facilities
Change control processes and procedures
Vendor-supplied software packages
Avoiding covert channels
Summary
Sample questions
19. Day 19 – Software Development Security - Assessing effectiveness of Software Security
Overview
Security in information technology systems
Object-oriented systems
Object-oriented programming (OOP)
The security in object-oriented software
Artificial Intelligence (AI) systems
Database systems
Threats and vulnerabilities to application systems
Web application security
Common web application vulnerabilities
Security impact analysis
Monitoring and testing activities
Summary
Sample questions
20. Day 20 – Exam Cram and Practice Questions
Overview of exam cram and practice questions
Exam cram
CISSP CBK Domain #7 – security operations
CISSP CBK Domain #8 – software development security
References and further reading
Summary
Sample questions
21. Day 21 – Exam Cram and Mock Test
An overview of the exam cram and mock test
Exam cram
Summary
Mock test
References and further reading
CISSP in 21 Days Second Edition
CISSP in 21 Days Second Edition
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: December 2008
Second edition: June 2016
Production reference: 1240616
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78588-449-8
www.packtpub.com
Credits
About the Author
M. L. Srinivasan is the founder and CEO of ChennaiNet, an India-based technology company focused on information technology and information security-related product development, services, and training. He's a Certified Information System Security Professional (CISSP) and Certified Information Security Management System Lead Auditor.
Popularly known as MLS, the author is an information technology and information security professional and has about 25 years' experience in various IT domains, such as software programming, hardware troubleshooting, networking technologies, systems administration, security administration, information security-related consulting, auditing and training.
He has been an avid trainer throughout his career and has developed many short-term and long-term training programs. He has been invited to speak at many international conferences and seminars on information security. Currently he is associated with NIIT Technologies (USA), and CA Technologies (USA) as a senior instructor covering various product-based training on CA identity manager, CA SiteMinder (Single Sign-On), CA ControlMinder (AccessControl), CA Federation Manager, and CA DataMinder products.
He was a specialist IT and IS auditor with Det Norske Veritas (DNV), India region. He has performed many quality and information security audits for hundreds of medium and large organizations in the past.
About the Reviewer
John Schreiner is a Major in the United States Marine Corps and a networking and security instructor. He serves as a Company Commander, responsible for training Marines on the East Coast on the latest commercial technologies (Cisco, Microsoft, Riverbed, Harris, and so on.). John brings experience teaching CISSP, Security+, and CCNA: Security.
John holds a CISSP, CCNA: Security, CCNP, CCDP, WCNA, and various other certifications. He also blogs at http://www.unadulteratednerdery.com/. In addition to this title, John was the technical reviewer for Cisco Unified Communications Manager 8: Expert Administration Cookbook, Tanner Ezell, Packt Publishing.
I'd like to thank my amazing wife, Jacki, whose steadfast support and embrace of my nerdy endeavors are a constant reminder that she’s the best thing that has ever happened to me.
www.PacktPub.com
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Free access for Packt account holders
If you have an account with Packt at www.packtpub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.
To my Father who is the guiding force for everything I do
Preface
Certified Information System Security Professional (CISSP) is a coveted certification for an information security professional to achieve. Certified individuals are considered experienced and knowledgeable information security professionals. This is due to the fact that the certification's requirements are that the candidate not only has to pass the exam, but have 4 to 5 years of relevant practical experience in one or two domains of information security.
The exam is conducted by the International Information System Security Certification Consortium (ISC)²®, a nonprofit consortium that is the globally recognized Gold Standard for certifying information security professionals throughout their careers. (ISC)²® was founded in 1989 by industry leaders and has certified over 1,00,000 information security professionals across the globe.
While preparing for CISSP™, a candidate has to study many books and references. There are many books that cover the CISSP™ CBK™ domains in depth and provide a starting point for a thorough preparation for the exam. References to such books are covered in the references chapter at the end of this book. However, since there are many concepts spread across the eight security domains, it is an important starting point as a guide to explore deeper concepts, as well as refresh many concepts that need to be revised before the exam. This book addresses the requirements of the initial preparation for the exam, as well as revisiting the key concepts in these eight domains. To facilitate such a need core concept, the eight CISSP information security domains are explained in a short, simple, and lucid form.
What this book covers
Chapter 1, Day 1 – Security and Risk Management - Security, Compliance, and Policies, covers the foundational concepts in information security, such as Confidentiality, Integrity, and Availability (CIA) from the first domain of CISSP Common Body of Knowledge (CBK)®.
Chapter 2, Day2 – Security and Risk Management - Risk Management, Business Continuity, and Security Education, covers risk management practices that include the identification of risks through risk analysis and assessment, and mitigation techniques such as reduction, moving, transferring, and avoiding risks. An overview of business continuity requirements, developing and documenting project scopes and plans, and conducting business impact analyses is provided. Further more policies and practices pertaining to personnel security are covered.
Chapter 3, Day 3 – Asset Security - Information and Asset Classification, covers the classification of information and supporting assets; the collection of information, its handling and protection throughout its lifecycle, and ownership of information and its privacy; and data retention requirements and methods.
Chapter 4, Day 4 – Asset Security - Data Security Controls and Handling, covers data security controls that include Data Loss Prevention strategies, such as data at rest, data in transit, data in use, and data handling requirements for sensitive information.
Chapter 5, Day 5 – Exam Cram and Practice Questions, covers important concepts and information from the first two domains of the CISSP CBK, namely Security and Risk Management and Asset Security. They are provided in an exam-cram format for fast review and serve to reinforce of the two domains covered in the previous four chapters.
Chapter 6, Day 6 – Security Engineering - Security Design, Practices, Models, and Vulnerability Mitigation, covers concepts for using secure design principles while implementing and managing engineering processes. Information security models and system security evaluation models with controls and countermeasures, and security capabilities in information systems, are also covered. Also, vulnerability assessment and mitigation strategies in information systems, web-based systems, mobile systems, and embedded and cyber-physical systems are covered in detail.
Chapter 7, Day 7 – Security Engineering - Cryptography, covers the application of cryptography in information security requirements. Various concepts such as the cryptographic life cycle, types of cryptography, public key infrastructure, and so on are covered with illustrations. The methods of cryptanalytic attack are covered in detail with suitable examples.
Chapter 8, Day 8 – Communication and Network Security - Network Security, covers foundational concepts in network architecture and network security. IP and non-IP protocols, and their applications and vulnerabilities, are covered in detail, along with wireless networks and their security requirements. Application of cryptography in communication security, with illustrations and concepts related to securing network components.
Chapter 9, Day 9 – Communication and Network Security - Communication Security, covers communication channels such as voice, multimedia, remote access, data communications, virtualized networks, and so on, and their security requirements. Preventing or mitigating network attacks is also covered, with illustrations.
Chapter 10, Day 10 – Exam Cram and Practice Questions, covers important concepts and information from the third and fourth domains of the CISSP CBK, namely security engineering and communication and network security. They are provided in an exam cram format for fast review and serve to reinforce the two domains covered in the previous four chapters.
Chapter 11, Day 11 – Identity and Access Management - Identity Management, covers provisioning and managing the identities and the access used in the interaction between humans and information systems. Core concepts of identification, authentication, authorization, and accountability, are covered in detail. Concepts related to identity as a service or cloud-based third-party identity services are covered, as well as security requirements in such services, with illustrations.
Chapter 12, Day 12 – Identity and Access Management - Access Management, Provisioning, and Attacks, focuses on access control concepts, methods, attacks, and countermeasures in detail.
Chapter 13, Day 13 – Security Assessment and Testing - Designing and Performing Security Assessment and Tests, covers tools, methods, and techniques for identifying and mitigating risks due to architectural issues using systematic security assessment and testing of information assets and associated infrastructure. Security control requirements and their effectiveness assessment are also covered.
Chapter 14, Day 14 – Security Assessment and Testing - Controlling, Analyzing, Auditing, and Reporting, covers management and operational controls pertaining to security process data. Analyzing and reporting test outputs, either automated or through manual methods, and conducting or facilitating internal and third-party audits, are covered in detail.
Chapter 15, Day 15 – Exam Cram and Practice Questions, covers important concepts and information from the fifth and sixth domains of the CISSP CBK, namely Identity and Access Management and security assessment and testing. They are provided in an exam cram format for fast review and serve to reinforce the two domains covered in the previous four chapters.
Chapter 16, Day 16 – Security Operations - Foundational Concepts, covers physical security strategies that include secure facility and website design, data center security, hazards, and media storage. Concepts on logging and monitoring activities, investigations, security in the provision of resources, operations security, and resource protection techniques are covered in detail.
Chapter 17, Day 17 – Security Operations - Incident Management and Disaster Recovery, covers incident management, disaster recovery, and business continuity-related concepts that pertains to security operations.
Chapter 18, Day 18 – Software Development Security - Security in Software Development Life Cycle, covers the application of security concepts and the best practices for the production and development of software environments. Security in the software development life cycle is also covered in detail.
Chapter 19, Day 19 – Software Development Security - Assessing Effectiveness of Software Security, covers assurance requirements in software and ways to assess the effectiveness of software security. It also covers the different methods and techniques to assess the security impact of acquired software.
Chapter 20, Day 20 – Exam Cram and Practice Questions, covers important concepts and information from the seventh and eighth domains of the CISSP CBK®, namely security operations and software development security. They are provided in an exam cram format for fast review and serve to reinforce the two domains covered in the previous four chapters.
Chapter 21, Day 21 – Exam Cram and Mock Test, consists of an exam cram from all the eight domains in CISSP CBK®.
What you need for this book
There are no software/hardware requirements for this quick reference and revision guide. You only need to build your confidence with the systematic study and revision of the concepts in the information security domain to crack the CISSP examination.
Who this book is for
This book is for all aspirants who are planning to take the CISSP examination and obtain the coveted CISSP certification that is considered the Gold Standard
in Information Security personal certification.
It assumes that the candidate already has sufficient knowledge in all the eight domains of the CISSP CBK by way of work experience and knowledge gained from other study books. This book provides concise explanations of the core concepts that are covered in the exam.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: In a three-way handshake, first the client (workstation) sends a request to the server (for example, www.some_website.com).
New terms and important words are shown in bold.
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the color images of this book
We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from http://www.packtpub.com/sites/default/files/downloads/CISSPin21DaysSecondEdition_ColorImages.pdf.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and