All-in-one: cissp certification exam guide / Shon Harris.
By: Harris, Shon.
Material type: BookPublisher: CA : Osborne McGraw-Hill, 2002Description: xxix, 971 p. : ill. ; 24 cm. + hbk.ISBN: 0072193530.Subject(s): Electronic data processing personnel -- Certification | Computer networks -- Examinations -- Study guidesDDC classification: 005.8
Contents:
Reasons to become a CISSP -- Security trends -- Security management practices -- Access control -- Security models and architecture -- Physical security -- Telecommunications and networking security -- Cryptography -- Disaster recovery and business continuity -- Law, investigation and ethics -- Application and system development -- Operations security.
Item type | Current library | Call number | Copy number | Status | Date due | Barcode | Item holds |
---|---|---|---|---|---|---|---|
General Lending | MTU Bishopstown Library Lending | 005.8 (Browse shelf(Opens below)) | 1 | Available | 00092132 |
Total holds: 0
Reasons to become a CISSP -- Security trends -- Security management practices -- Access control -- Security models and architecture -- Physical security -- Telecommunications and networking security -- Cryptography -- Disaster recovery and business continuity -- Law, investigation and ethics -- Application and system development -- Operations security.
Table of contents provided by Syndetics
- Foreword (p. xxiii)
- Acknowledgments (p. xxv)
- Introduction (p. xxvii)
- Chapter 1 Becoming a CISSP (p. 1)
- Why Become a CISSP? (p. 1)
- The CISSP Exam (p. 2)
- CISSP: A Brief History (p. 7)
- How Do You Become a CISSP? (p. 7)
- Recertification Requirements (p. 8)
- What Does This Book Cover? (p. 9)
- Tips for Taking the CISSP Exam (p. 9)
- How to Use This Book (p. 11)
- Questions (p. 12)
- Answers (p. 15)
- Chapter 2 Security Trends (p. 17)
- How Security Became an Issue (p. 17)
- Areas of Security (p. 20)
- Information Warfare (p. 21)
- Evidence of the Evolution of Hacking (p. 22)
- How Are Nations Affected? (p. 24)
- How Are Companies Affected? (p. 26)
- The U.S. Government's Actions (p. 27)
- So What Does This Mean to Us? (p. 29)
- Hacking and Attacking (p. 29)
- Management (p. 30)
- Internet and Web Activities (p. 32)
- Two-Tier Architecture (p. 35)
- Database Roles (p. 37)
- A Layered Approach (p. 40)
- Security at Different Layers (p. 40)
- An Architectural View (p. 41)
- A Layer Missed (p. 44)
- Bringing the Layers Together (p. 44)
- Politics and Laws (p. 45)
- Education (p. 46)
- Summary (p. 47)
- Chapter 3 Security Management Practices (p. 49)
- Security Management (p. 49)
- Security Management Responsibilities (p. 50)
- The Top-Down Approach to Security (p. 51)
- Security Administration and Supporting Controls (p. 52)
- Fundamental Principles of Security (p. 55)
- Availability (p. 56)
- Integrity (p. 56)
- Confidentiality (p. 57)
- Security Definitions (p. 57)
- Organizational Security Model (p. 60)
- Security Program Components (p. 61)
- Business Requirements: Private Industry vs. Military Organizations (p. 64)
- Information Risk Management (p. 65)
- Who Really Understands Risk Management? (p. 65)
- Information Risk Management Policy (p. 66)
- Risk Management Team (p. 67)
- Risk Analysis (p. 68)
- Risk Analysis Team (p. 69)
- Value of Information and Assets (p. 70)
- Costs That Make Up the Value (p. 70)
- Identifying Threats (p. 71)
- Quantitative Risk Analysis (p. 73)
- Qualitative Risk Analysis (p. 78)
- Quantitative vs. Qualitative (p. 81)
- Protection Mechanisms (p. 82)
- Putting It Together (p. 85)
- Total Risk vs. Residual Risk (p. 86)
- Handling Risk (p. 86)
- Policies, Standards, Baselines, Guidelines, and Procedures (p. 87)
- Security Policy (p. 88)
- Standards (p. 90)
- Baselines (p. 91)
- Guidelines (p. 92)
- Procedures (p. 92)
- Implementation (p. 93)
- Information Classification (p. 94)
- Private Business vs. Military Classifications (p. 95)
- Classification Controls (p. 98)
- Layers of Responsibility (p. 99)
- Data Owner (p. 100)
- Data Custodian (p. 100)
- System Owner (p. 101)
- Security Administrator (p. 101)
- Security Analyst (p. 101)
- Application Owner (p. 101)
- Supervisor (p. 102)
- Change Control Analyst (p. 102)
- Data Analyst (p. 102)
- Process Owner (p. 102)
- Solution Provider (p. 103)
- User (p. 103)
- Product Line Manager (p. 103)
- Why So Many Roles? (p. 103)
- Personnel (p. 104)
- Structure (p. 104)
- Hiring Practices (p. 105)
- Employee Controls (p. 106)
- Termination (p. 106)
- Security-Awareness Training (p. 107)
- Different Types of Security-Awareness Training (p. 107)
- Evaluating the Program (p. 109)
- Specialized Security Training (p. 109)
- Summary (p. 110)
- Quick Tips (p. 111)
- Questions (p. 114)
- Answers (p. 118)
- Chapter 4 Access Control (p. 123)
- Access Controls Overview (p. 123)
- Security Principles (p. 124)
- Availability (p. 125)
- Integrity (p. 125)
- Confidentiality (p. 126)
- Identification, Authentication, and Authorization (p. 126)
- Identification and Authentication (p. 129)
- Authorization (p. 146)
- Access Control Models (p. 161)
- Discretionary Access Control (p. 162)
- Mandatory Access Control (p. 163)
- Role-Based Access Control (p. 165)
- Access Control Techniques and Technologies (p. 167)
- Rule-Based Access Control (p. 167)
- Constrained User Interfaces (p. 168)
- Access Control Matrix (p. 169)
- Content-Dependent Access Control (p. 170)
- Context-Dependent Access Control (p. 171)
- Access Control Administration (p. 171)
- Centralized Access Control Administration (p. 172)
- Decentralized Access Control Administration (p. 179)
- Access Control Methods (p. 180)
- Access Control Layers (p. 180)
- Administrative Controls (p. 181)
- Physical Controls (p. 183)
- Technical Controls (p. 185)
- Access Control Types (p. 188)
- Preventive: Administrative (p. 190)
- Preventive: Physical (p. 190)
- Preventive: Technical (p. 190)
- Accountability (p. 193)
- Review of Audit Information (p. 194)
- Keystroke Monitoring (p. 195)
- Protecting Audit Data and Log Information (p. 196)
- Access Control Practices (p. 197)
- Unauthorized Disclosure of Information (p. 198)
- Access Control Monitoring (p. 200)
- Intrusion Detection (p. 200)
- Intrusion Prevention Systems (p. 211)
- A Few Threats to Access Control (p. 214)
- Dictionary Attack (p. 214)
- Brute Force Attack (p. 215)
- Spoofing at Logon (p. 216)
- Summary (p. 217)
- Quick Tips (p. 218)
- Questions (p. 220)
- Answers (p. 224)
- Chapter 5 Security Models and Architecture (p. 227)
- Computer Architecture (p. 229)
- Central Processing Unit (p. 229)
- Operating System Architecture (p. 235)
- Process Activity (p. 240)
- Memory Management (p. 242)
- Memory Types (p. 244)
- Virtual Memory (p. 252)
- CPU Modes and Protection Rings (p. 253)
- Operating System Architecture (p. 256)
- Domains (p. 258)
- Layering and Data Hiding (p. 260)
- Virtual Machines (p. 261)
- Additional Storage Devices (p. 262)
- Input/Output Device Management (p. 263)
- System Architecture (p. 266)
- Defined Subset of Subjects and Objects (p. 268)
- Trusted Computing Base (p. 269)
- Security Perimeter (p. 272)
- Reference Monitor and Security Kernel (p. 272)
- Security Policy (p. 274)
- Least Privilege (p. 275)
- Security Models (p. 275)
- State Machine Models (p. 277)
- Bell-LaPadula Model (p. 279)
- Biba Model (p. 282)
- Clark-Wilson Model (p. 284)
- Information Flow Model (p. 287)
- Noninterference Model (p. 290)
- Lattice Model (p. 291)
- Brewer and Nash Model (p. 293)
- Graham-Denning Model (p. 294)
- Security Modes of Operation (p. 296)
- Dedicated Security Mode (p. 297)
- System High-Security Mode (p. 297)
- Compartmented Security Mode (p. 297)
- Multilevel Security Mode (p. 298)
- Trust and Assurance (p. 300)
- Systems Evaluation Methods (p. 301)
- Why Put a Product Through Evaluation? (p. 301)
- The Orange Book (p. 302)
- Rainbow Series (p. 306)
- Red Book (p. 307)
- Information Technology Security Evaluation Criteria (p. 309)
- Common Criteria (p. 312)
- Certification vs. Accreditation (p. 314)
- Certification (p. 316)
- Accreditation (p. 316)
- Open vs. Closed Systems (p. 317)
- Open Systems (p. 317)
- Closed Systems (p. 318)
- A Few Threats to Security Models and Architectures (p. 318)
- Maintenance Hooks (p. 318)
- Time-of-Check/Time-of-Use Attack (p. 319)
- Buffer Overflow (p. 321)
- Summary (p. 325)
- Quick Tips (p. 325)
- Questions (p. 329)
- Answers (p. 333)
- Chapter 6 Physical Security (p. 337)
- Introduction to Physical Security (p. 337)
- Planning Process (p. 340)
- Crime Prevention Through Environmental Design (p. 344)
- Designing a Physical Security Program (p. 349)
- Protecting Assets (p. 362)
- Internal Support Systems (p. 364)
- Electric Power (p. 365)
- Environmental Issues (p. 370)
- Ventilation (p. 373)
- Fire Prevention, Detection, and Suppression (p. 373)
- Perimeter Security (p. 380)
- Facility Access Control (p. 381)
- Personnel Access Controls (p. 387)
- External Boundary Protection Mechanisms (p. 388)
- Intrusion Detection Systems (p. 397)
- Patrol Force and Guards (p. 400)
- Auditing Physical Access (p. 402)
- Summary (p. 402)
- Quick Tips (p. 403)
- Questions (p. 405)
- Answers (p. 410)
- Chapter 7 Telecommunications and Networking Security (p. 415)
- Open Systems Interconnection Reference Model (p. 417)
- Application Layer (p. 420)
- Presentation Layer (p. 421)
- Session Layer (p. 422)
- Transport Layer (p. 424)
- Network Layer (p. 425)
- Data Link Layer (p. 426)
- Physical Layer (p. 428)
- Functions and Protocols in the OSI Model (p. 428)
- Tying the Layers Together (p. 430)
- TCP/IP (p. 431)
- TCP (p. 432)
- IP Addressing (p. 438)
- IPv6 (p. 439)
- Types of Transmission (p. 439)
- Analog and Digital (p. 439)
- Asynchronous and Synchronous (p. 441)
- Broadband and Baseband (p. 441)
- LAN Networking (p. 442)
- Network Topology (p. 443)
- LAN Media Access Technologies (p. 446)
- Cabling (p. 453)
- Transmission Methods (p. 458)
- Media Access Tehnologies (p. 460)
- LAN Protocols (p. 463)
- Routing Protocols (p. 467)
- Networking Devices (p. 470)
- Repeaters (p. 470)
- Bridges (p. 471)
- Routers (p. 473)
- Switches (p. 475)
- Gateways (p. 479)
- PBXs (p. 481)
- Firewalls (p. 482)
- Honeypot (p. 499)
- Networking Services and Protocols (p. 500)
- Network Operating Systems (p. 501)
- Domain Name Service (p. 502)
- Network Information System (p. 505)
- Directory Services (p. 508)
- Lightweight Directory Access Protocol (p. 509)
- Network Address Translation (p. 510)
- Intranets and Extranets (p. 512)
- Metropolitan Area Network (p. 514)
- Wide Area Network (p. 515)
- Telecommunications Evolution (p. 516)
- Dedicated Links (p. 518)
- WAN Technologies (p. 520)
- Remote Access (p. 534)
- Dial-Up and RAS (p. 534)
- ISDN (p. 535)
- DSL (p. 537)
- Cable Modem (p. 537)
- VPN (p. 539)
- Authentication Protocols (p. 544)
- Remote Access Guidelines (p. 547)
- Wireless Technologies (p. 548)
- Wireless Communications (p. 549)
- WLAN Components (p. 552)
- Wireless Standards (p. 554)
- WAP (p. 565)
- i-Mode (p. 566)
- Mobile Phone Security (p. 567)
- War Driving for WLANs (p. 568)
- Satellites (p. 570)
- 3G Wireless Communication (p. 570)
- Rootkits (p. 572)
- Spyware and Adware (p. 574)
- Instant Messaging (p. 574)
- Summary (p. 576)
- Quick Tips (p. 576)
- Questions (p. 580)
- Answers (p. 584)
- Chapter 8 Cryptography (p. 587)
- History of Cryptography (p. 588)
- Vigenere Cipher (p. 590)
- Cryptography Definitions and Concepts (p. 593)
- Kerckhoff's Principle (p. 596)
- Strength of the Cryptosystem (p. 596)
- Services of Cryptosystems (p. 597)
- One-Time Pad (p. 599)
- Running and Concealment Ciphers (p. 601)
- Steganography (p. 602)
- Governments Involvement with Cryptography (p. 603)
- Wassenaar Arrangement (p. 603)
- Types of Ciphers (p. 604)
- Substitution Cipher (p. 604)
- Transposition Cipher (p. 605)
- Methods of Encryption (p. 607)
- Symmetric vs. Asymmetric Algorithms (p. 607)
- Block and Stream Ciphers (p. 613)
- Hybrid Encryption Methods (p. 617)
- Types of Symmetric Systems (p. 621)
- Data Encryption Standard (p. 621)
- Triple-DES (p. 629)
- Advanced Encryption Standard (p. 629)
- International Data Encryption Algorithm (p. 630)
- Blowfish (p. 630)
- RC4 (p. 631)
- RC5 (p. 631)
- RC6 (p. 631)
- Types of Asymmetric Systems (p. 632)
- Diffie-Hellman Algorithm (p. 632)
- RSA (p. 634)
- El Gamal (p. 638)
- Elliptic Curve Cryptosystem (p. 638)
- LUC (p. 638)
- Knapsack (p. 639)
- Zero Knowledge Proof (p. 639)
- Message Integrity (p. 640)
- One-Way Hash (p. 640)
- Various Hashing Algorithms (p. 645)
- Attack Against One-Way Hash Functions (p. 646)
- Digital Signatures (p. 648)
- Digital Signature Standard (p. 650)
- Public Key Infrastructure (p. 651)
- Certificate Authorities (p. 652)
- Certificates (p. 653)
- Registration Authority (p. 654)
- PKI Steps (p. 655)
- Key Management (p. 657)
- Key Management Principles (p. 658)
- Link Encryption vs. End-to-End Encryption (p. 659)
- E-Mail Standards (p. 662)
- Multipurpose Internet Mail Extension (p. 662)
- Privacy-Enhanced Mail (p. 663)
- Message Security Protocol (p. 664)
- Pretty Good Privacy (p. 664)
- Internet Security (p. 666)
- Start with the Basics (p. 666)
- Attacks (p. 675)
- Ciphertext-Only Attack (p. 676)
- Known-Plaintext Attack (p. 676)
- Chosen-Plaintext Attack (p. 676)
- Chosen-Ciphertext Attack (p. 676)
- Differential Cryptanalysis (p. 677)
- Linear Cryptanalysis (p. 677)
- Side Channel Attacks (p. 678)
- Replay Attack (p. 678)
- Summary (p. 679)
- Quick Tips (p. 680)
- Questions (p. 683)
- Answers (p. 687)
- Chapter 9 Business Continuity Planning (p. 691)
- Business Continuity and Disaster Recovery (p. 692)
- Business Continuity Steps (p. 693)
- Make BCP Part of the Security Policy and Program (p. 695)
- Project Initiation (p. 697)
- Business Continuity Planning Requirements (p. 699)
- Business Impact Analysis (p. 699)
- Preventative Measures (p. 706)
- Recovery Strategies (p. 707)
- Business Process Recovery (p. 708)
- Facility Recovery (p. 709)
- Supply and Technology Recovery (p. 715)
- End-User Environment (p. 720)
- Data Backup Alternatives (p. 721)
- Insurance (p. 728)
- Recovery and Restoration (p. 728)
- Developing Goals for the Plans (p. 732)
- Implementing Strategies (p. 733)
- Testing and Revising the Plan (p. 734)
- Maintaining the Plan (p. 739)
- Summary (p. 740)
- Quick Tips (p. 741)
- Questions (p. 743)
- Answers (p. 748)
- Chapter 10 Law, Investigation, and Ethics (p. 751)
- The Many Facets of Cyberlaw (p. 752)
- Ethics (p. 752)
- Computer Ethics Institute (p. 754)
- Internet Architecture Board (p. 754)
- Generally Accepted Information Security Principles (p. 755)
- Motive, Opportunity, and Means (p. 756)
- Hackers and Crackers (p. 757)
- Operations Security (p. 757)
- Well-Known Computer Crimes (p. 763)
- The Cuckoo's Egg (p. 763)
- Kevin Mitnick (p. 764)
- Chaos Computer Club (p. 764)
- Cult of the Dead Cow (p. 764)
- Phone Phreakers (p. 765)
- Identification, Protection, and Prosecution (p. 766)
- Liability and Its Ramifications (p. 767)
- Personal Information (p. 770)
- Hacker Intrusion (p. 771)
- Types of Laws (p. 772)
- Intellectual Property Laws (p. 774)
- Equipment and Software Disposal Issues (p. 778)
- Computer Crime Investigations (p. 778)
- Incident Response (p. 778)
- Incident Handling (p. 782)
- What Is Admissible in Court? (p. 783)
- Surveillance, Search, and Seizure (p. 786)
- Interviewing and Interrogating (p. 787)
- Import and Export Laws (p. 788)
- Transborder Information Flow (p. 788)
- Privacy (p. 789)
- Laws, Directives, and Regulations (p. 791)
- Health Insurance Portability and Accountability Act (p. 792)
- Gramm-Leach-Bliley Act of 1999 (p. 792)
- Computer Fraud and Abuse Act (p. 792)
- Federal Privacy Act of 1974 (p. 793)
- European Union Principles on Privacy (p. 794)
- Computer Security Act of 1987 (p. 794)
- Security and Freedom Through Encryption Act (p. 794)
- Federal Sentencing Guidelines (p. 795)
- Economic Espionage Act of 1996 (p. 795)
- International Cooperation Efforts (p. 795)
- Group of Eight (p. 795)
- Interpol (p. 796)
- European Commission (p. 796)
- Summary (p. 796)
- Quick Tips (p. 797)
- Questions (p. 799)
- Answers (p. 804)
- Chapter 11 Application and System Development (p. 809)
- Software's Importance (p. 809)
- Device vs. Software Security (p. 810)
- Different Environments Demand Different Security (p. 812)
- Client/Server Model (p. 812)
- Environment vs. Application Controls (p. 812)
- Complexity of Functionality (p. 814)
- Data Types, Format, and Length (p. 814)
- Implementation and Default Issues (p. 815)
- Implementation (p. 815)
- Failure States (p. 816)
- Database Management (p. 816)
- Database Management Software (p. 817)
- Database Models (p. 818)
- Database Interface Languages (p. 820)
- Relational Database Components (p. 821)
- Data Dictionary (p. 821)
- Integrity (p. 824)
- Database Security Issues (p. 826)
- Data Warehousing and Data Mining (p. 830)
- System Development (p. 832)
- Management of Development (p. 832)
- Life-Cycle Phases (p. 833)
- Software Development Methods (p. 845)
- Change Control (p. 846)
- Capability Maturity Model (p. 848)
- Software Escrow (p. 849)
- Application Development Methodology (p. 850)
- Object-Oriented Concepts (p. 850)
- Data Modeling (p. 856)
- Software Architecture (p. 857)
- Data Structures (p. 857)
- ORBs and CORBA (p. 859)
- Computer-Aided Software Engineering (p. 861)
- Prototyping (p. 862)
- COM and DCOM (p. 863)
- Open Database Connectivity (p. 863)
- Object Linking and Embedding (p. 864)
- Dynamic Data Exchange (p. 865)
- Distributed Computing Environment (p. 865)
- Mobile Code (p. 866)
- Enterprise JavaBeans (p. 867)
- Expert Systems and Knowledge-Based Systems (p. 867)
- Artificial Neural Networks (p. 869)
- Java (p. 872)
- ActiveX (p. 873)
- Malicious Software (Malware) (p. 874)
- Attacks (p. 878)
- Summary (p. 886)
- Quick Tips (p. 886)
- Questions (p. 890)
- Answers (p. 894)
- Chapter 12 Operations Security (p. 899)
- Role of the Operations Department (p. 900)
- Administrative Management (p. 900)
- Accountability (p. 903)
- Security Operations and Product Evaluation (p. 904)
- Input and Output Controls (p. 910)
- Network and Resource Availability (p. 911)
- Single Points of Failure (p. 911)
- RAID (p. 912)
- Clustering (p. 914)
- Backups (p. 914)
- E-Mail Security (p. 915)
- How E-Mail Works (p. 916)
- Facsimile Security (p. 920)
- Hack and Attack Methods (p. 921)
- Penetration Testing (p. 930)
- Operations Department (p. 933)
- Summary (p. 934)
- Quick Tips (p. 935)
- Questions (p. 937)
- Answers (p. 941)
- Appendix A About the CD-ROM (p. 945)
- Running the QuickTime Cryptography Video Sample (p. 946)
- Troubleshooting (p. 947)
- Installing Total Seminars' Test Software (p. 947)
- Navigation (p. 947)
- Minimum System Requirements for Total Seminars' Software (p. 948)
- Technical Support (p. 948)
- Appendix B Who's Who? (p. 949)
- NSA (p. 949)
- NIST (p. 950)
- NCSC (p. 951)
- ISO (p. 951)
- ANSI (p. 952)
- IEEE (p. 952)
- Glossary (p. 953)