CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition
Considered the most desired certification for IT security professionals, the Certified Information Systems Security Professional designation is also a career-booster. This comprehensive study guide covers every aspect of the 2011 exam and the latest revision of the CISSP body of knowledge. It offers advice on how to pass each section of the exam and features expanded coverage of biometrics, auditing and accountability, software security testing, and other key topics. Included is a CD with two full-length, 250-question sample exams to test your progress.
- CISSP certification identifies the ultimate IT security professional; this complete study guide is fully updated to cover all the objectives of the 2011 CISSP exam
- Provides in-depth knowledge of access control, application development security, business continuity and disaster recovery planning, cryptography, Information Security governance and risk management, operations security, physical (environmental) security, security architecture and design, and telecommunications and network security
- Also covers legal and regulatory investigation and compliance
- Includes two practice exams and challenging review questions on the CD
Professionals seeking the CISSP certification will boost their chances of success with CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition.
1 Accountability and Access Control.
2 Attacks and Monitoring.
3 ISO Model, Protocols, Network Security, and Network Infrastructure.
4 Communications Security and Countermeasures.
5 Security Management Concepts and Principles.
6 Asset Value, Policies, and Roles.
7 Data and Application Security Issues.
8 Malicious Code and Application Attacks.
9 Cryptography and Private Key Algorithms.
10 PKI and Cryptographic Applications.
11 Principles of Computer Design.
12 Principles of Security Models.
13 Administrative Management.
14 Auditing and Monitoring.
15 Business Continuity Planning.
16 Disaster Recovery Planning.
17 Law and Investigations.
18 Incidents and Ethics.
19 Physical Security Requirements.
Appendix About the Companion CD.
James Michael Stewart, CISSP, is a security expert, technical trainer, and author who has written numerous publications, books, and courseware. Ed Tittel, CISSP, is a freelance writer and a regular contributor to numerous online outlets, including SearchSecurity.com, InformIT.com, and ITExpertVoice.com. He has authored over 140 books. Mike Chapple, PhD, CISSP, is an IT security professional with the University of Notre Dame. He was formerly chief information officer of Brand Institute and an information security researcher with the National Security Agency and the U.S. Air Force.
Do you think you've discovered an error in this book? Please check the list of errata below to see if we've already addressed the error. If not, please submit the error via our Errata Form. We will attempt to verify your error; if you're right, we will post a correction below.
|3||102||Corrections and clarifications for Table 3.3
Remove the entries "WINNER" and "WWRF" under "Technology"
XHOM is not a separate technology, but a brand-name for WiMax IEEE 802.16.
Additionally, append this clarification to the table:
"Some of the technologies listed in this table are labeled and marketed as 4G, while not actually meeting the technical requirements to be classified as 4G. The International Telecommunications Union-Radio communications sector (ITU-R) defined the requirements for 4G in 2008, but in 2010 acquiesced that carriers can call their non-compliant technologies 4G as long as they lead to future compliant services."
|3||105||Text correction: Number of Wireless channels in Japan
In the Real World Scenario it is stated that there are 17 wireless channels in Japan. This is incorrect. There are 14 wireless channels in Japan.
|3||118||Text correction: Error in discussion of TCP acknowledgement
Replace this text starting with the third sentence in the second full paragraph:
"Data communicated through a TCP session is periodically verified with an acknowledgement signal. The acknowledgement is a hash value of all previously transmitted data. If the server's own hash of received data does not match the hash value sent by the client, the server asks the client to resend the last collection of data."
"Data communicated through a TCP session is periodically verified with an acknowledgement. The acknowledgement is sent by the receiver back to the sender by marking setting the TCP header's acknowledgement sequence value to the last sequence number received from the sender within the transmission window. In the event that all packets of a transmission window were not received, no acknowledgement is sent. After a timeout period, the sender will re-send the entire transmission window set of packets again."
|9||387||Correction: Error in Figure 9.4: Asymmetric key cryptography
The figure indicates that the receiver decrypts the message using the receiver's public key. The term in the bottom-right box under "Receiver" should be "Receiver's Private Key".
|9||394||Text correction: Incorrect key size for RC5
In the sidebar entitled "Rivest Cipher 5 (RC5)" the maximum key size in bits is in error.
The last sentence should read:
"RC5 is a block cipher of variable block sizes (32, 64 or 128 bits) that uses key sizes between 0 (zero) length and 2040 bits."
|9||395||Text correction: Incorrect numbers of encryption rounds given for AES cipher
The first bullet list under "Advanced Encryption Standard" should read as follows:
|9||396||Text correction: Errors in Table 9.2
Rivest Ciphers 2, 4 and 5 (RC2, RC4, and RC5) are listed as based on RSA. This is an error.
The key size of RC5 is given as the range "0-2048". The correct range is "0-2040".