ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition

by Mike Chapple, James Michael Stewart, Darril Gibson
Released June 2024
Publisher(s): Sybex
ISBN: 9781394254699

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

CISSP Study Guide - fully updated for the 2024 CISSP Body of Knowledge

ISC2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 10th Edition has been completely updated based on the latest 2024 CISSP Detailed Content Outline. This bestselling Sybex Study Guide covers 100% of the CISSP objectives. You'll prepare smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic Study Essentials and chapter review questions.

The book’s co-authors bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully prove your CISSP mastery. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:

  • Over 900 practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more.
  • More than 1000 Electronic Flashcards to reinforce your learning and give you last-minute test prep 
  • A searchable glossary in PDF to give you instant access to the key terms you need to know 
  • Audio Review. Author Mike Chapple reads the Study Essentials for each chapter providing you with more than 2 hours of up-to-date audio review for yet another way to reinforce your knowledge as you prepare.

Coverage of all of the CISSP topics in the book means you'll be ready for:

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

 

Table of contents

  1. Cover
  2. Table of Contents
  3. Title Page
  4. Copyright
  5. Dedication
  6. Acknowledgments
  7. About the Authors
  8. About the Technical Editors
  9. Introduction
    1. Overview of the CISSP Exam
    2. The Elements of This Study Guide
    3. Interactive Online Learning Environment and Test Bank
    4. Study Guide Exam Objectives
    5. Objective Map
    6. How to Contact the Publisher
    7. Assessment Test
    8. Answers to Assessment Test
  10. Chapter 1: Security Governance Through Principles and Policies
    1. Security 101
    2. Understand and Apply Security Concepts
    3. Security Boundaries
    4. Evaluate and Apply Security Governance Principles
    5. Manage the Security Function
    6. Security Policy, Standards, Procedures, and Guidelines
    7. Threat Modeling
    8. Supply Chain Risk Management
    9. Summary
    10. Study Essentials
    11. Written Lab
    12. Review Questions
  11. Chapter 2: Personnel Security and Risk Management Concepts
    1. Personnel Security Policies and Procedures
    2. Understand and Apply Risk Management Concepts
    3. Social Engineering
    4. Establish and Maintain a Security Awareness, Education, and Training Program
    5. Summary
    6. Study Essentials
    7. Written Lab
    8. Review Questions
  12. Chapter 3: Business Continuity Planning
    1. Planning for Business Continuity
    2. Project Scope and Planning
    3. Business Impact Analysis
    4. Continuity Planning
    5. Plan Approval and Implementation
    6. Summary
    7. Study Essentials
    8. Written Lab
    9. Review Questions
  13. Chapter 4: Laws, Regulations, and Compliance
    1. Categories of Laws
    2. Laws
    3. State Privacy Laws
    4. Compliance
    5. Contracting and Procurement
    6. Summary
    7. Study Essentials
    8. Written Lab
    9. Review Questions
  14. Chapter 5: Protecting Security of Assets
    1. Identifying and Classifying Information and Assets
    2. Establishing Information and Asset Handling Requirements
    3. Data Protection Methods
    4. Understanding Data Roles
    5. Using Security Baselines
    6. Summary
    7. Study Essentials
    8. Written Lab
    9. Review Questions
  15. Chapter 6: Cryptography and Symmetric Key Algorithms
    1. Cryptographic Foundations
    2. Modern Cryptography
    3. Symmetric Cryptography
    4. Cryptographic Life Cycle
    5. Summary
    6. Study Essentials
    7. Written Lab
    8. Review Questions
  16. Chapter 7: PKI and Cryptographic Applications
    1. Asymmetric Cryptography
    2. Hash Functions
    3. Digital Signatures
    4. Public Key Infrastructure
    5. Asymmetric Key Management
    6. Hybrid Cryptography
    7. Applied Cryptography
    8. Cryptographic Attacks
    9. Summary
    10. Study Essentials
    11. Written Lab
    12. Review Questions
  17. Chapter 8: Principles of Security Models, Design, and Capabilities
    1. Secure Design Principles
    2. Techniques for Ensuring CIA
    3. Understand the Fundamental Concepts of Security Models
    4. Select Controls Based on Systems Security Requirements
    5. Understand Security Capabilities of Information Systems
    6. Summary
    7. Study Essentials
    8. Written Lab
    9. Review Questions
  18. Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
    1. Shared Responsibility
    2. Data Localization and Data Sovereignty
    3. Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
    4. Client-Based Systems
    5. Server-Based Systems
    6. Industrial Control Systems
    7. Distributed Systems
    8. High-Performance Computing (HPC) Systems
    9. Real-Time Operating Systems
    10. Internet of Things
    11. Edge and Fog Computing
    12. Embedded Devices and Cyber-Physical Systems
    13. Microservices
    14. Infrastructure as Code
    15. Immutable Architecture
    16. Virtualized Systems
    17. Containerization
    18. Mobile Devices
    19. Essential Security Protection Mechanisms
    20. Common Security Architecture Flaws and Issues
    21. Summary
    22. Study Essentials
    23. Written Lab
    24. Review Questions
  19. Chapter 10: Physical Security Requirements
    1. Apply Security Principles to Site and Facility Design
    2. Implement Site and Facility Security Controls
    3. Implement and Manage Physical Security
    4. Summary
    5. Study Essentials
    6. Written Lab
    7. Review Questions
  20. Chapter 11: Secure Network Architecture and Components
    1. OSI Model
    2. TCP/IP Model
    3. Analyzing Network Traffic
    4. Common Application Layer Protocols
    5. Transport Layer Protocols
    6. Domain Name System
    7. Internet Protocol (IP) Networking
    8. ARP Concerns
    9. Secure Communication Protocols
    10. Implications of Multilayer Protocols
    11. Segmentation
    12. Edge Networks
    13. Wireless Networks
    14. Satellite Communications
    15. Cellular Networks
    16. Content Distribution Networks (CDNs)
    17. Secure Network Components
    18. Summary
    19. Study Essentials
    20. Written Lab
    21. Review Questions
  21. Chapter 12: Secure Communications and Network Attacks
    1. Protocol Security Mechanisms
    2. Secure Voice Communications
    3. Remote Access Security Management
    4. Multimedia Collaboration
    5. Monitoring and Management
    6. Load Balancing
    7. Manage Email Security
    8. Virtual Private Network
    9. Switching and Virtual LANs
    10. Network Address Translation
    11. Third-Party Connectivity
    12. Switching Technologies
    13. WAN Technologies
    14. Fiber-Optic Links
    15. Prevent or Mitigate Network Attacks
    16. Summary
    17. Study Essentials
    18. Written Lab
    19. Review Questions
  22. Chapter 13: Managing Identity and Authentication
    1. Controlling Access to Assets
    2. The AAA Model
    3. Implementing Identity Management
    4. Managing the Identity and Access Provisioning Life Cycle
    5. Summary
    6. Study Essentials
    7. Written Lab
    8. Review Questions
  23. Chapter 14: Controlling and Monitoring Access
    1. Comparing Access Control Models
    2. Implementing Authentication Systems
    3. Zero-Trust Access Policy Enforcement
    4. Understanding Access Control Attacks
    5. Summary
    6. Study Essentials
    7. Written Lab
    8. Review Questions
  24. Chapter 15: Security Assessment and Testing
    1. Building a Security Assessment and Testing Program
    2. Performing Vulnerability Assessments
    3. Testing Your Software
    4. Training and Exercises
    5. Implementing Security Management Processes and Collecting Security Process Data
    6. Summary
    7. Exam Essentials
    8. Written Lab
    9. Review Questions
  25. Chapter 16: Managing Security Operations
    1. Apply Foundational Security Operations Concepts
    2. Address Personnel Safety and Security
    3. Provision Information and Assets Securely
    4. Apply Resource Protection
    5. Managed Services in the Cloud
    6. Perform Configuration Management (CM)
    7. Manage Change
    8. Manage Patches and Reduce Vulnerabilities
    9. Summary
    10. Study Essentials
    11. Written Lab
    12. Review Questions
  26. Chapter 17: Preventing and Responding to Incidents
    1. Conducting Incident Management
    2. Implementing Detection and Preventive Measures
    3. Logging and Monitoring
    4. Automating Incident Response
    5. Summary
    6. Study Essentials
    7. Written Lab
    8. Review Questions
  27. Chapter 18: Disaster Recovery Planning
    1. The Nature of Disaster
    2. Understand System Resilience, High Availability, and Fault Tolerance
    3. Recovery Strategy
    4. Recovery Plan Development
    5. Training, Awareness, and Documentation
    6. Testing and Maintenance
    7. Summary
    8. Study Essentials
    9. Written Lab
    10. Review Questions
  28. Chapter 19: Investigations and Ethics
    1. Investigations
    2. Major Categories of Computer Crime
    3. Ethics
    4. Summary
    5. Study Essentials
    6. Written Lab
    7. Review Questions
  29. Chapter 20: Software Development Security
    1. Introducing Systems Development Controls
    2. Establishing Databases and Data Warehousing
    3. Storage Threats
    4. Understanding Knowledge-Based Systems
    5. Summary
    6. Study Essentials
    7. Written Lab
    8. Review Questions
  30. Chapter 21: Malicious Code and Application Attacks
    1. Malware
    2. Malware Prevention
    3. Application Attacks
    4. Injection Vulnerabilities
    5. Exploiting Authorization Vulnerabilities
    6. Exploiting Web Application Vulnerabilities
    7. Application Security Controls
    8. Secure Coding Practices
    9. Summary
    10. Study Essentials
    11. Written Lab
    12. Review Questions
  31. Appendix A: Answers to Review Questions
    1. Chapter 1: Security Governance Through Principles and Policies
    2. Chapter 2: Personnel Security and Risk Management Concepts
    3. Chapter 3: Business Continuity Planning
    4. Chapter 4: Laws, Regulations, and Compliance
    5. Chapter 5: Protecting Security of Assets
    6. Chapter 6: Cryptography and Symmetric Key Algorithms
    7. Chapter 7: PKI and Cryptographic Applications
    8. Chapter 8: Principles of Security Models, Design, and Capabilities
    9. Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
    10. Chapter 10: Physical Security Requirements
    11. Chapter 11: Secure Network Architecture and Components
    12. Chapter 12: Secure Communications and Network Attacks
    13. Chapter 13: Managing Identity and Authentication
    14. Chapter 14: Controlling and Monitoring Access
    15. Chapter 15: Security Assessment and Testing
    16. Chapter 16: Managing Security Operations
    17. Chapter 17: Preventing and Responding to Incidents
    18. Chapter 18: Disaster Recovery Planning
    19. Chapter 19: Investigations and Ethics
    20. Chapter 20: Software Development Security
    21. Chapter 21: Malicious Code and Application Attacks
  32. Appendix B: Answers to Written Labs
    1. Chapter 1: Security Governance Through Principles and Policies
    2. Chapter 2: Personnel Security and Risk Management Concepts
    3. Chapter 3: Business Continuity Planning
    4. Chapter 4: Laws, Regulations, and Compliance
    5. Chapter 5: Protecting Security of Assets
    6. Chapter 6: Cryptography and Symmetric Key Algorithms
    7. Chapter 7: PKI and Cryptographic Applications
    8. Chapter 8: Principles of Security Models, Design, and Capabilities
    9. Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
    10. Chapter 10: Physical Security Requirements
    11. Chapter 11: Secure Network Architecture and Components
    12. Chapter 12: Secure Communications and Network Attacks
    13. Chapter 13: Managing Identity and Authentication
    14. Chapter 14: Controlling and Monitoring Access
    15. Chapter 15: Security Assessment and Testing
    16. Chapter 16: Managing Security Operations
    17. Chapter 17: Preventing and Responding to Incidents
    18. Chapter 18: Disaster Recovery Planning
    19. Chapter 19: Investigations and Ethics
    20. Chapter 20: Software Development Security
    21. Chapter 21: Malicious Code and Application Attacks
  33. Index
  34. End User License Agreement

Product information

  • Title: ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition
  • Author(s): Mike Chapple, James Michael Stewart, Darril Gibson
  • Release date: June 2024
  • Publisher(s): Sybex
  • ISBN: 9781394254699