CISSP: Certified Information Systems Security Professoinal, Study Guide, Sybex

CISSP: Certified Information Systems Security Professoinal, Study Guide, Sybex

Now pay Easier and Secure using Paypal

Read more


Ed Tittel Mike Chapple James Michael Stewart

E-books Shop
CISSP: Certified Information Systems Security Professoinal

Thanks to Neil Edde and Jordan Gold at Sybex for helping us hook up
with this project; thanks also to Rodnay Zaks for numerous fine gastronomic
experiences and for an even greater number of good ideas. Thanks to my Mom
and Dad for providing me with the basic tools to become a writer and trainer:
an inquiring mind, plus good verbal and debating skills. Thanks to Dina Kutueva
for marrying me and thereby completing my life; I look forward to building a
family with you! And finally, thanks to the whole gang at LANWrights—
Dawn, Mary, Kim, Bill, Chelsea, and Michael—for 10 great years of camaraderie,
collaboration, and the occasional success. You guys are the greatest; I
couldn’t have done it without you!
—Ed Tittel

I’d like to thank Ed Tittel, Dawn Rader, and the team at LANWrights,
Inc. for their assistance with this project. I also owe a debt of gratitude to the
countless technical experts in government and industry who’ve patiently
answered my questions and fueled my passion for security over the years.
Above all, I’d like to thank my wife Renee for her undying patience as I
worked on this book. Without her support, this never would have been possible.
—Mike Chapple

Thanks to Ed Tittel and LANWrights, Inc. for allowing me to contribute
to this book. Working with you guys is and always has been a pleasure.
Thanks to my editor Dawn Rader for putting up with bad grammar and sporadic
submission schedules. To my parents, Dave and Sue, sister Sharon and
nephew Wesley: thanks for your love and consistent support. To Mark, I
promise I won’t do anything that will require you to get medieval on my arse.
To HERbert and Quin, thanks for being the chick magnets that you are. And
finally, as always, to Elvis—my latest sacrament has been to proudly wear a
tie glowing with your effervescent persona!
—James Michael Stewart

Product Support Department
1151 Marina Village Parkway
Alameda, CA 94501


This book offers you a solid foundation for the Certified Information
Systems Security Professional (CISSP) exam. By purchasing this book, you’ve shown a willingness to learn and a desire to develop the skills you need to achieve this certification. 
This introduction provides you with a basic overview of this book and the CISSP exam.
This book is designed for readers and students who want to study for the CISSP certification exam. If your goal is to become a certified security professional, then the CISSP certification and this study guide are for you. 
The purpose of this book is to adequately prepare you to pass the CISSP exam. Before you dive into this book, you need to have accomplished a few tasks on your own. 
You need to have a general understanding of IT and of security. 
You should have the necessary 4 years of experience (or 3 years plus a college degree) in one of the 10 domains covered by the CISSP exam. If you are qualified to take the CISSP exam according to (ISC) then you are sufficiently prepared to use this book to study for the CISSP exam. For more information on (ISC) see the (ISC) section later in the Introduction.

How to Use This Book
As with any study guide or exam preparation book, the more time you spend reading the material and working through practice questions, the more you’ll retain. 
We can’t emphasize enough the need to understand the concepts presented in this book. 
To get the most out of this book, here is a recommended procedure for working through the material:
1.Read each chapter carefully and completely.
2.Review all of the end-of-chapter elements to refine and focus your knowledge and understanding of the material from each chapter.
3.Work through the end-of-chapter review questions. If you have problems with any subject, reread the section that covers it.
4. After completing the entire book, take the practice exams on the CD.
5. Print out the flashcards and use them to further your study.

Notes on This Book’s Organization
This book is was designed to cover each of the 10 CISSP Common Body of Knowledge (CBK) domains in sufficient depth to provide you with a clear understanding of the material. The main body of this book comprises 19 chapters. The first 9 domains are each covered by 2 chapters, and the final domain (Physical Security) is covered in Chapter 19. 
The domain/chapter breakdown is as follows:
Chapters 1 and 2
Access Control Systems and Methodology
Chapters 3 and 4
Telecommunications and Network Security
Chapters 5 and 6
Security Management Practices
Chapters 7 and 8
Applications and Systems Development Security
Chapters 9 and 10
Chapters 11 and 12
Security Architecture and Models
Chapters 13 and 14
Operations Security
Chapters 15 and 16
Business Continuity Planning (BCP) and Disaster
Recovery Planning (DRP)
Chapters 17 and 18
Law, Investigation, and Ethics
Chapter 19

Physical Security
Each chapter includes elements to help you focus your studies and test your knowledge. 
These include exam essentials, key terms, and review questions.
The exam essentials point out key topics to know for the exam. The key terms list includes the unique terminology presented in the chapter. 
Each key term is defined in the glossary at the end of the book for your convenience. 
Review questions test your knowledge retention for the material covered in the chapter.
There is a CD included that offers many other study tools, including lengthy practice exams (over 700 questions) and a complete set of study flashcards.

The CISSP exam is governed by the International Information Systems Security
Certification Consortium, Inc. (ISC)2 organization. (ISC)2 is a global notfor-profit organization. It has four primary mission goals:
Maintain the Common Body of Knowledge for the field of information systems security
Provide certification for information systems security professionals and practitioners
Conduct certification training and administer the certification exams
Oversee the ongoing accreditation of qualified certification candidates through continued education The (ISC)2 is operated by a board of directors elected from the ranks of its
certified practitioners. More information about (ISC)2 can be obtained from its website at
(ISC)2 supports and provides two primary certifications: CISSP and SSCP.
These certifications are designed to emphasize the knowledge and skills of an IT security professional across all industries. CISSP is a certification for security professionals who have the task of designing a security infrastructure for an organization. System Security Certified Practitioner (SSCP) is a certification designed for security professionals who have the responsibility of implementing a security infrastructure in an organization. The CISSP certification covers material from the 10 CBK domains listed previously. 
The SSCP certification covers material from 7 CBK domains:
Access Controls
Audit and Monitoring
Data Communications
Malicious Code/Malware
Risk, Response, and Recovery
The content for the CISSP and SSCP domains overlap significantly, but they do each have a different focus. CISSP focuses on theory and design, whereas SSCP focuses more on implementation. This book focuses only on the domains for the CISSP exam. 

Code of Ethics
(ISC)2 has defined several qualification requirements you must meet to become a CISSP. First, you must be a practicing security professional with at least 4 years’ experience or with 3 years’ experience and a college degree. 
Professional experience is defined as security work performed for salary or commission within one or more of the 10 CBK domains.
Second, you must agree to adhere to the code of ethics. The CISSP Code of Ethics is a set of guidelines the (ISC)2 wants all CISSP candidates to follow in order to maintain professionalism in the field of information systems security. 
You can find it in the Information section on the (ISC)2 website at www.isc2.org.
To sign up for the exam, visit the (ISC)2 website and follow the instructions listed there on registering to take the CISSP exam. 
You’ll provide your contact information, payment details, and security-related professional experience. You’ll also select one of the available time and location settings for the exam. Once (ISC)2 approves your application to take the exam, you’ll receive a confirmation e-mail with all the details you’ll need to find the testing center and take the exam.

Overview of the CISSP Exam
The CISSP exam consists of 250 questions, and you are given six hours to complete it. 
The exam is still administered in a booklet and answer sheet format.
This means you’ll be using a pencil to fill in answer bubbles.
The CISSP exam focuses on security from a 30,000-foot view; it deals more with theory and concept than implementation and procedure. 
It is very broad but not very deep. To successfully complete the exam, you’ll need to be familiar with every domain but not necessarily be a master of each domain.
You’ll need to register for the exam through the (ISC)2 website at www.isc2.
(ISC)2 administers the exam itself. In most cases, the exams are held in large conference rooms at hotels. Existing CISSP holders are recruited to serve as proctors or administrators over the exams. Be sure to arrive at the testing center around 8:00 A.M., and keep in mind that absolutely no one will be admitted into the exam after 8:30 A.M
CISSP Exam Question Types
Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Here’s an example:
1. What is the most important goal and top priority of a security solution?
A. Prevention of disclosure
B. Maintaining integrity
C. Human safety
D. Sustaining availability
You must select the one correct or best answer and mark it on your answer sheet. In some cases, the correct answer will be very obvious to you.
In other cases, there will be several answers that seem correct. 
In these instances, you must choose the best answer for the question asked. 
Watch for general, specific, universal, superset, and subset answer selections. 
In other cases, none of the answers will seem correct. 
In these instances, you’ll need to select the least incorrect answer. 

Advice on Taking the Exam
There are two key elements to the CISSP exam. First, you need to know the material from the 10 CBK domains. Second, you must have good test-taking skills. 
With 6 hours to complete a 250-question exam, you have just under 90 seconds for each question. Thus, it is important to work quickly, without rushing but without wasting time.
A key factor to keep in mind is that guessing is better than not answering a question. 
If you skip a question, you will not get credit. But if you guess, you have at least a 25-percent chance of improving your score. 
Wrong answers are not counted against you. So, near the end of the sixth hour, be sure an answer is selected for every line on the answer sheet.
You can write on the test booklet, but nothing written on it will count for or against your score. Use the booklet to make notes and keep track of your progress. We recommend circling each answer you select before you mark it on your answer sheet.
To maximize your test-taking activities, here are some general guidelines:
1. Answer easy questions first.
2. Skip harder questions and return to them later. Consider creating a column on the front cover of your testing booklet to keep track of skipped questions.
3. Eliminate wrong answers before selecting the correct one.
4. Watch for double negatives.
5. Be sure you understand what the question is asking. Manage your time. 
You should try to keep up with about 50 questions per hour. 
This will leave you with about an hour to focus on skipped questions and double-check your work. Be very careful to mark your answers on the correct question number on
the answer sheet. The most common cause of failure is making a transference mistake from the test booklet to the answer sheet.

Study and Exam Preparation Tips
When studying for the CISSP exam, we recommend planning out a month or so for nightly intensive study. Here are some suggestions to maximize your learning time; you can modify them as necessary based on your own learning habits:
Take one or two evenings to read each chapter and work through its review material.
Take all the practice exams provided in the book and on the CD.
Review the (ISC)2’s study guide from www.isc2.org
. Use the flashcards to reinforce your understanding of concepts.

E-books Shop

Purchase Now !
Just with Paypal

Product details
 File Size
 8,195 KB
 772 p
 File Type
 PDF format
 2003 SYBEX Inc         

═════ ═════