Skip to main content

CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition

CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition

James M. Stewart, Ed Tittel, Mike Chapple

ISBN: 978-0-470-94498-1

Jan 2011

864 pages

Select type: Paperback

Product not available for purchase


Totally updated for 2011, here's the ultimate study guide for the CISSP exam

Considered the most desired certification for IT security professionals, the Certified Information Systems Security Professional designation is also a career-booster. This comprehensive study guide covers every aspect of the 2011 exam and the latest revision of the CISSP body of knowledge. It offers advice on how to pass each section of the exam and features expanded coverage of biometrics, auditing and accountability, software security testing, and other key topics. Included is a CD with two full-length, 250-question sample exams to test your progress.

  • CISSP certification identifies the ultimate IT security professional; this complete study guide is fully updated to cover all the objectives of the 2011 CISSP exam
  • Provides in-depth knowledge of access control, application development security, business continuity and disaster recovery planning, cryptography, Information Security governance and risk management, operations security, physical (environmental) security, security architecture and design, and telecommunications and network security
  • Also covers legal and regulatory investigation and compliance
  • Includes two practice exams and challenging review questions on the CD

Professionals seeking the CISSP certification will boost their chances of success with CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition.

Related Resources


1 Accountability and Access Control.

2 Attacks and Monitoring.

3 ISO Model, Protocols, Network Security, and Network Infrastructure.

4 Communications Security and Countermeasures.

5 Security Management Concepts and Principles.

6 Asset Value, Policies, and Roles.

7 Data and Application Security Issues.

8 Malicious Code and Application Attacks.

9 Cryptography and Private Key Algorithms.

10 PKI and Cryptographic Applications.

11 Principles of Computer Design.

12 Principles of Security Models.

13 Administrative Management.

14 Auditing and Monitoring.

15 Business Continuity Planning.

16 Disaster Recovery Planning.

17 Law and Investigations.

18 Incidents and Ethics.

19 Physical Security Requirements.

Appendix About the Companion CD.


ChapterPageDetailsDatePrint Run
3102Corrections and clarifications for Table 3.3,Remove the entries WINNER and WWRF under Technology

XHOM is not a separate technology, but a brand-name for WiMax IEEE 802.16.

Additionally, append this clarification to the table:
Some of the technologies listed in this table are labeled and marketed as 4G, while not actually meeting the technical requirements to be classified as 4G. The International Telecommunications Union-Radio communications sector (ITU-R) defined the requirements for 4G in 2008, but in 2010 acquiesced that carriers can call their non-compliant technologies 4G as long as they lead to future compliant services.
3105Text correction: Number of Wireless channels in Japan,In the Real World Scenario it is stated that there are 17 wireless channels in Japan. This is incorrect. There are 14 wireless channels in Japan.5/7/12
3118Text correction: Error in discussion of TCP acknowledgement,Replace this text starting with the third sentence in the second full paragraph:

Data communicated through a TCP session is periodically verified with an acknowledgement signal. The acknowledgement is a hash value of all previously transmitted data. If the server's own hash of received data does not match the hash value sent by the client, the server asks the client to resend the last collection of data.


Data communicated through a TCP session is periodically verified with an acknowledgement. The acknowledgement is sent by the receiver back to the sender by marking setting the TCP header's acknowledgement sequence value to the last sequence number received from the sender within the transmission window. In the event that all packets of a transmission window were not received, no acknowledgement is sent. After a timeout period, the sender will re-send the entire transmission window set of packets again.
9387Correction: Error in Figure 9.4: Asymmetric key cryptography,The figure indicates that the receiver decrypts the message using the receiver's public key. The term in the bottom-right box under Receiver should be Receiver's Private Key .9/4/12
9394Text correction: Incorrect key size for RC5,In the sidebar entitled Rivest Cipher 5 (RC5) the maximum key size in bits is in error.
The last sentence should read:
RC5 is a block cipher of variable block sizes (32, 64 or 128 bits) that uses key sizes between 0 (zero) length and 2040 bits.
9395Text correction: Incorrect numbers of encryption rounds given for AES cipher,The first bullet list under Advanced Encryption Standard should read as follows:

  • 128-bit keys require 10 rounds of encryption
  • 192-bit keys require 12 rounds of encryption
  • 256-bit keys require 14 rounds of encryption
9396Text correction: Errors in Table 9.2,Rivest Ciphers 2, 4 and 5 (RC2, RC4, and RC5) are listed as based on RSA. This is an error.

The key size of RC5 is given as the range 0-2048 . The correct range is 0-2040 .