MTU Cork Library Catalogue

Syndetics cover image
Image from Syndetics

All-in-one: cissp certification exam guide / Shon Harris.

By: Harris, Shon.
Material type: materialTypeLabelBookPublisher: CA : Osborne McGraw-Hill, 2002Description: xxix, 971 p. : ill. ; 24 cm. + hbk.ISBN: 0072193530.Subject(s): Electronic data processing personnel -- Certification | Computer networks -- Examinations -- Study guidesDDC classification: 005.8
Contents:
Reasons to become a CISSP -- Security trends -- Security management practices -- Access control -- Security models and architecture -- Physical security -- Telecommunications and networking security -- Cryptography -- Disaster recovery and business continuity -- Law, investigation and ethics -- Application and system development -- Operations security.
Holdings
Item type Current library Call number Copy number Status Date due Barcode Item holds
General Lending MTU Bishopstown Library Lending 005.8 (Browse shelf(Opens below)) 1 Available 00092132
Total holds: 0

Reasons to become a CISSP -- Security trends -- Security management practices -- Access control -- Security models and architecture -- Physical security -- Telecommunications and networking security -- Cryptography -- Disaster recovery and business continuity -- Law, investigation and ethics -- Application and system development -- Operations security.

Table of contents provided by Syndetics

  • Foreword (p. xxiii)
  • Acknowledgments (p. xxv)
  • Introduction (p. xxvii)
  • Chapter 1 Becoming a CISSP (p. 1)
  • Why Become a CISSP? (p. 1)
  • The CISSP Exam (p. 2)
  • CISSP: A Brief History (p. 7)
  • How Do You Become a CISSP? (p. 7)
  • Recertification Requirements (p. 8)
  • What Does This Book Cover? (p. 9)
  • Tips for Taking the CISSP Exam (p. 9)
  • How to Use This Book (p. 11)
  • Questions (p. 12)
  • Answers (p. 15)
  • Chapter 2 Security Trends (p. 17)
  • How Security Became an Issue (p. 17)
  • Areas of Security (p. 20)
  • Information Warfare (p. 21)
  • Evidence of the Evolution of Hacking (p. 22)
  • How Are Nations Affected? (p. 24)
  • How Are Companies Affected? (p. 26)
  • The U.S. Government's Actions (p. 27)
  • So What Does This Mean to Us? (p. 29)
  • Hacking and Attacking (p. 29)
  • Management (p. 30)
  • Internet and Web Activities (p. 32)
  • Two-Tier Architecture (p. 35)
  • Database Roles (p. 37)
  • A Layered Approach (p. 40)
  • Security at Different Layers (p. 40)
  • An Architectural View (p. 41)
  • A Layer Missed (p. 44)
  • Bringing the Layers Together (p. 44)
  • Politics and Laws (p. 45)
  • Education (p. 46)
  • Summary (p. 47)
  • Chapter 3 Security Management Practices (p. 49)
  • Security Management (p. 49)
  • Security Management Responsibilities (p. 50)
  • The Top-Down Approach to Security (p. 51)
  • Security Administration and Supporting Controls (p. 52)
  • Fundamental Principles of Security (p. 55)
  • Availability (p. 56)
  • Integrity (p. 56)
  • Confidentiality (p. 57)
  • Security Definitions (p. 57)
  • Organizational Security Model (p. 60)
  • Security Program Components (p. 61)
  • Business Requirements: Private Industry vs. Military Organizations (p. 64)
  • Information Risk Management (p. 65)
  • Who Really Understands Risk Management? (p. 65)
  • Information Risk Management Policy (p. 66)
  • Risk Management Team (p. 67)
  • Risk Analysis (p. 68)
  • Risk Analysis Team (p. 69)
  • Value of Information and Assets (p. 70)
  • Costs That Make Up the Value (p. 70)
  • Identifying Threats (p. 71)
  • Quantitative Risk Analysis (p. 73)
  • Qualitative Risk Analysis (p. 78)
  • Quantitative vs. Qualitative (p. 81)
  • Protection Mechanisms (p. 82)
  • Putting It Together (p. 85)
  • Total Risk vs. Residual Risk (p. 86)
  • Handling Risk (p. 86)
  • Policies, Standards, Baselines, Guidelines, and Procedures (p. 87)
  • Security Policy (p. 88)
  • Standards (p. 90)
  • Baselines (p. 91)
  • Guidelines (p. 92)
  • Procedures (p. 92)
  • Implementation (p. 93)
  • Information Classification (p. 94)
  • Private Business vs. Military Classifications (p. 95)
  • Classification Controls (p. 98)
  • Layers of Responsibility (p. 99)
  • Data Owner (p. 100)
  • Data Custodian (p. 100)
  • System Owner (p. 101)
  • Security Administrator (p. 101)
  • Security Analyst (p. 101)
  • Application Owner (p. 101)
  • Supervisor (p. 102)
  • Change Control Analyst (p. 102)
  • Data Analyst (p. 102)
  • Process Owner (p. 102)
  • Solution Provider (p. 103)
  • User (p. 103)
  • Product Line Manager (p. 103)
  • Why So Many Roles? (p. 103)
  • Personnel (p. 104)
  • Structure (p. 104)
  • Hiring Practices (p. 105)
  • Employee Controls (p. 106)
  • Termination (p. 106)
  • Security-Awareness Training (p. 107)
  • Different Types of Security-Awareness Training (p. 107)
  • Evaluating the Program (p. 109)
  • Specialized Security Training (p. 109)
  • Summary (p. 110)
  • Quick Tips (p. 111)
  • Questions (p. 114)
  • Answers (p. 118)
  • Chapter 4 Access Control (p. 123)
  • Access Controls Overview (p. 123)
  • Security Principles (p. 124)
  • Availability (p. 125)
  • Integrity (p. 125)
  • Confidentiality (p. 126)
  • Identification, Authentication, and Authorization (p. 126)
  • Identification and Authentication (p. 129)
  • Authorization (p. 146)
  • Access Control Models (p. 161)
  • Discretionary Access Control (p. 162)
  • Mandatory Access Control (p. 163)
  • Role-Based Access Control (p. 165)
  • Access Control Techniques and Technologies (p. 167)
  • Rule-Based Access Control (p. 167)
  • Constrained User Interfaces (p. 168)
  • Access Control Matrix (p. 169)
  • Content-Dependent Access Control (p. 170)
  • Context-Dependent Access Control (p. 171)
  • Access Control Administration (p. 171)
  • Centralized Access Control Administration (p. 172)
  • Decentralized Access Control Administration (p. 179)
  • Access Control Methods (p. 180)
  • Access Control Layers (p. 180)
  • Administrative Controls (p. 181)
  • Physical Controls (p. 183)
  • Technical Controls (p. 185)
  • Access Control Types (p. 188)
  • Preventive: Administrative (p. 190)
  • Preventive: Physical (p. 190)
  • Preventive: Technical (p. 190)
  • Accountability (p. 193)
  • Review of Audit Information (p. 194)
  • Keystroke Monitoring (p. 195)
  • Protecting Audit Data and Log Information (p. 196)
  • Access Control Practices (p. 197)
  • Unauthorized Disclosure of Information (p. 198)
  • Access Control Monitoring (p. 200)
  • Intrusion Detection (p. 200)
  • Intrusion Prevention Systems (p. 211)
  • A Few Threats to Access Control (p. 214)
  • Dictionary Attack (p. 214)
  • Brute Force Attack (p. 215)
  • Spoofing at Logon (p. 216)
  • Summary (p. 217)
  • Quick Tips (p. 218)
  • Questions (p. 220)
  • Answers (p. 224)
  • Chapter 5 Security Models and Architecture (p. 227)
  • Computer Architecture (p. 229)
  • Central Processing Unit (p. 229)
  • Operating System Architecture (p. 235)
  • Process Activity (p. 240)
  • Memory Management (p. 242)
  • Memory Types (p. 244)
  • Virtual Memory (p. 252)
  • CPU Modes and Protection Rings (p. 253)
  • Operating System Architecture (p. 256)
  • Domains (p. 258)
  • Layering and Data Hiding (p. 260)
  • Virtual Machines (p. 261)
  • Additional Storage Devices (p. 262)
  • Input/Output Device Management (p. 263)
  • System Architecture (p. 266)
  • Defined Subset of Subjects and Objects (p. 268)
  • Trusted Computing Base (p. 269)
  • Security Perimeter (p. 272)
  • Reference Monitor and Security Kernel (p. 272)
  • Security Policy (p. 274)
  • Least Privilege (p. 275)
  • Security Models (p. 275)
  • State Machine Models (p. 277)
  • Bell-LaPadula Model (p. 279)
  • Biba Model (p. 282)
  • Clark-Wilson Model (p. 284)
  • Information Flow Model (p. 287)
  • Noninterference Model (p. 290)
  • Lattice Model (p. 291)
  • Brewer and Nash Model (p. 293)
  • Graham-Denning Model (p. 294)
  • Security Modes of Operation (p. 296)
  • Dedicated Security Mode (p. 297)
  • System High-Security Mode (p. 297)
  • Compartmented Security Mode (p. 297)
  • Multilevel Security Mode (p. 298)
  • Trust and Assurance (p. 300)
  • Systems Evaluation Methods (p. 301)
  • Why Put a Product Through Evaluation? (p. 301)
  • The Orange Book (p. 302)
  • Rainbow Series (p. 306)
  • Red Book (p. 307)
  • Information Technology Security Evaluation Criteria (p. 309)
  • Common Criteria (p. 312)
  • Certification vs. Accreditation (p. 314)
  • Certification (p. 316)
  • Accreditation (p. 316)
  • Open vs. Closed Systems (p. 317)
  • Open Systems (p. 317)
  • Closed Systems (p. 318)
  • A Few Threats to Security Models and Architectures (p. 318)
  • Maintenance Hooks (p. 318)
  • Time-of-Check/Time-of-Use Attack (p. 319)
  • Buffer Overflow (p. 321)
  • Summary (p. 325)
  • Quick Tips (p. 325)
  • Questions (p. 329)
  • Answers (p. 333)
  • Chapter 6 Physical Security (p. 337)
  • Introduction to Physical Security (p. 337)
  • Planning Process (p. 340)
  • Crime Prevention Through Environmental Design (p. 344)
  • Designing a Physical Security Program (p. 349)
  • Protecting Assets (p. 362)
  • Internal Support Systems (p. 364)
  • Electric Power (p. 365)
  • Environmental Issues (p. 370)
  • Ventilation (p. 373)
  • Fire Prevention, Detection, and Suppression (p. 373)
  • Perimeter Security (p. 380)
  • Facility Access Control (p. 381)
  • Personnel Access Controls (p. 387)
  • External Boundary Protection Mechanisms (p. 388)
  • Intrusion Detection Systems (p. 397)
  • Patrol Force and Guards (p. 400)
  • Auditing Physical Access (p. 402)
  • Summary (p. 402)
  • Quick Tips (p. 403)
  • Questions (p. 405)
  • Answers (p. 410)
  • Chapter 7 Telecommunications and Networking Security (p. 415)
  • Open Systems Interconnection Reference Model (p. 417)
  • Application Layer (p. 420)
  • Presentation Layer (p. 421)
  • Session Layer (p. 422)
  • Transport Layer (p. 424)
  • Network Layer (p. 425)
  • Data Link Layer (p. 426)
  • Physical Layer (p. 428)
  • Functions and Protocols in the OSI Model (p. 428)
  • Tying the Layers Together (p. 430)
  • TCP/IP (p. 431)
  • TCP (p. 432)
  • IP Addressing (p. 438)
  • IPv6 (p. 439)
  • Types of Transmission (p. 439)
  • Analog and Digital (p. 439)
  • Asynchronous and Synchronous (p. 441)
  • Broadband and Baseband (p. 441)
  • LAN Networking (p. 442)
  • Network Topology (p. 443)
  • LAN Media Access Technologies (p. 446)
  • Cabling (p. 453)
  • Transmission Methods (p. 458)
  • Media Access Tehnologies (p. 460)
  • LAN Protocols (p. 463)
  • Routing Protocols (p. 467)
  • Networking Devices (p. 470)
  • Repeaters (p. 470)
  • Bridges (p. 471)
  • Routers (p. 473)
  • Switches (p. 475)
  • Gateways (p. 479)
  • PBXs (p. 481)
  • Firewalls (p. 482)
  • Honeypot (p. 499)
  • Networking Services and Protocols (p. 500)
  • Network Operating Systems (p. 501)
  • Domain Name Service (p. 502)
  • Network Information System (p. 505)
  • Directory Services (p. 508)
  • Lightweight Directory Access Protocol (p. 509)
  • Network Address Translation (p. 510)
  • Intranets and Extranets (p. 512)
  • Metropolitan Area Network (p. 514)
  • Wide Area Network (p. 515)
  • Telecommunications Evolution (p. 516)
  • Dedicated Links (p. 518)
  • WAN Technologies (p. 520)
  • Remote Access (p. 534)
  • Dial-Up and RAS (p. 534)
  • ISDN (p. 535)
  • DSL (p. 537)
  • Cable Modem (p. 537)
  • VPN (p. 539)
  • Authentication Protocols (p. 544)
  • Remote Access Guidelines (p. 547)
  • Wireless Technologies (p. 548)
  • Wireless Communications (p. 549)
  • WLAN Components (p. 552)
  • Wireless Standards (p. 554)
  • WAP (p. 565)
  • i-Mode (p. 566)
  • Mobile Phone Security (p. 567)
  • War Driving for WLANs (p. 568)
  • Satellites (p. 570)
  • 3G Wireless Communication (p. 570)
  • Rootkits (p. 572)
  • Spyware and Adware (p. 574)
  • Instant Messaging (p. 574)
  • Summary (p. 576)
  • Quick Tips (p. 576)
  • Questions (p. 580)
  • Answers (p. 584)
  • Chapter 8 Cryptography (p. 587)
  • History of Cryptography (p. 588)
  • Vigenere Cipher (p. 590)
  • Cryptography Definitions and Concepts (p. 593)
  • Kerckhoff's Principle (p. 596)
  • Strength of the Cryptosystem (p. 596)
  • Services of Cryptosystems (p. 597)
  • One-Time Pad (p. 599)
  • Running and Concealment Ciphers (p. 601)
  • Steganography (p. 602)
  • Governments Involvement with Cryptography (p. 603)
  • Wassenaar Arrangement (p. 603)
  • Types of Ciphers (p. 604)
  • Substitution Cipher (p. 604)
  • Transposition Cipher (p. 605)
  • Methods of Encryption (p. 607)
  • Symmetric vs. Asymmetric Algorithms (p. 607)
  • Block and Stream Ciphers (p. 613)
  • Hybrid Encryption Methods (p. 617)
  • Types of Symmetric Systems (p. 621)
  • Data Encryption Standard (p. 621)
  • Triple-DES (p. 629)
  • Advanced Encryption Standard (p. 629)
  • International Data Encryption Algorithm (p. 630)
  • Blowfish (p. 630)
  • RC4 (p. 631)
  • RC5 (p. 631)
  • RC6 (p. 631)
  • Types of Asymmetric Systems (p. 632)
  • Diffie-Hellman Algorithm (p. 632)
  • RSA (p. 634)
  • El Gamal (p. 638)
  • Elliptic Curve Cryptosystem (p. 638)
  • LUC (p. 638)
  • Knapsack (p. 639)
  • Zero Knowledge Proof (p. 639)
  • Message Integrity (p. 640)
  • One-Way Hash (p. 640)
  • Various Hashing Algorithms (p. 645)
  • Attack Against One-Way Hash Functions (p. 646)
  • Digital Signatures (p. 648)
  • Digital Signature Standard (p. 650)
  • Public Key Infrastructure (p. 651)
  • Certificate Authorities (p. 652)
  • Certificates (p. 653)
  • Registration Authority (p. 654)
  • PKI Steps (p. 655)
  • Key Management (p. 657)
  • Key Management Principles (p. 658)
  • Link Encryption vs. End-to-End Encryption (p. 659)
  • E-Mail Standards (p. 662)
  • Multipurpose Internet Mail Extension (p. 662)
  • Privacy-Enhanced Mail (p. 663)
  • Message Security Protocol (p. 664)
  • Pretty Good Privacy (p. 664)
  • Internet Security (p. 666)
  • Start with the Basics (p. 666)
  • Attacks (p. 675)
  • Ciphertext-Only Attack (p. 676)
  • Known-Plaintext Attack (p. 676)
  • Chosen-Plaintext Attack (p. 676)
  • Chosen-Ciphertext Attack (p. 676)
  • Differential Cryptanalysis (p. 677)
  • Linear Cryptanalysis (p. 677)
  • Side Channel Attacks (p. 678)
  • Replay Attack (p. 678)
  • Summary (p. 679)
  • Quick Tips (p. 680)
  • Questions (p. 683)
  • Answers (p. 687)
  • Chapter 9 Business Continuity Planning (p. 691)
  • Business Continuity and Disaster Recovery (p. 692)
  • Business Continuity Steps (p. 693)
  • Make BCP Part of the Security Policy and Program (p. 695)
  • Project Initiation (p. 697)
  • Business Continuity Planning Requirements (p. 699)
  • Business Impact Analysis (p. 699)
  • Preventative Measures (p. 706)
  • Recovery Strategies (p. 707)
  • Business Process Recovery (p. 708)
  • Facility Recovery (p. 709)
  • Supply and Technology Recovery (p. 715)
  • End-User Environment (p. 720)
  • Data Backup Alternatives (p. 721)
  • Insurance (p. 728)
  • Recovery and Restoration (p. 728)
  • Developing Goals for the Plans (p. 732)
  • Implementing Strategies (p. 733)
  • Testing and Revising the Plan (p. 734)
  • Maintaining the Plan (p. 739)
  • Summary (p. 740)
  • Quick Tips (p. 741)
  • Questions (p. 743)
  • Answers (p. 748)
  • Chapter 10 Law, Investigation, and Ethics (p. 751)
  • The Many Facets of Cyberlaw (p. 752)
  • Ethics (p. 752)
  • Computer Ethics Institute (p. 754)
  • Internet Architecture Board (p. 754)
  • Generally Accepted Information Security Principles (p. 755)
  • Motive, Opportunity, and Means (p. 756)
  • Hackers and Crackers (p. 757)
  • Operations Security (p. 757)
  • Well-Known Computer Crimes (p. 763)
  • The Cuckoo's Egg (p. 763)
  • Kevin Mitnick (p. 764)
  • Chaos Computer Club (p. 764)
  • Cult of the Dead Cow (p. 764)
  • Phone Phreakers (p. 765)
  • Identification, Protection, and Prosecution (p. 766)
  • Liability and Its Ramifications (p. 767)
  • Personal Information (p. 770)
  • Hacker Intrusion (p. 771)
  • Types of Laws (p. 772)
  • Intellectual Property Laws (p. 774)
  • Equipment and Software Disposal Issues (p. 778)
  • Computer Crime Investigations (p. 778)
  • Incident Response (p. 778)
  • Incident Handling (p. 782)
  • What Is Admissible in Court? (p. 783)
  • Surveillance, Search, and Seizure (p. 786)
  • Interviewing and Interrogating (p. 787)
  • Import and Export Laws (p. 788)
  • Transborder Information Flow (p. 788)
  • Privacy (p. 789)
  • Laws, Directives, and Regulations (p. 791)
  • Health Insurance Portability and Accountability Act (p. 792)
  • Gramm-Leach-Bliley Act of 1999 (p. 792)
  • Computer Fraud and Abuse Act (p. 792)
  • Federal Privacy Act of 1974 (p. 793)
  • European Union Principles on Privacy (p. 794)
  • Computer Security Act of 1987 (p. 794)
  • Security and Freedom Through Encryption Act (p. 794)
  • Federal Sentencing Guidelines (p. 795)
  • Economic Espionage Act of 1996 (p. 795)
  • International Cooperation Efforts (p. 795)
  • Group of Eight (p. 795)
  • Interpol (p. 796)
  • European Commission (p. 796)
  • Summary (p. 796)
  • Quick Tips (p. 797)
  • Questions (p. 799)
  • Answers (p. 804)
  • Chapter 11 Application and System Development (p. 809)
  • Software's Importance (p. 809)
  • Device vs. Software Security (p. 810)
  • Different Environments Demand Different Security (p. 812)
  • Client/Server Model (p. 812)
  • Environment vs. Application Controls (p. 812)
  • Complexity of Functionality (p. 814)
  • Data Types, Format, and Length (p. 814)
  • Implementation and Default Issues (p. 815)
  • Implementation (p. 815)
  • Failure States (p. 816)
  • Database Management (p. 816)
  • Database Management Software (p. 817)
  • Database Models (p. 818)
  • Database Interface Languages (p. 820)
  • Relational Database Components (p. 821)
  • Data Dictionary (p. 821)
  • Integrity (p. 824)
  • Database Security Issues (p. 826)
  • Data Warehousing and Data Mining (p. 830)
  • System Development (p. 832)
  • Management of Development (p. 832)
  • Life-Cycle Phases (p. 833)
  • Software Development Methods (p. 845)
  • Change Control (p. 846)
  • Capability Maturity Model (p. 848)
  • Software Escrow (p. 849)
  • Application Development Methodology (p. 850)
  • Object-Oriented Concepts (p. 850)
  • Data Modeling (p. 856)
  • Software Architecture (p. 857)
  • Data Structures (p. 857)
  • ORBs and CORBA (p. 859)
  • Computer-Aided Software Engineering (p. 861)
  • Prototyping (p. 862)
  • COM and DCOM (p. 863)
  • Open Database Connectivity (p. 863)
  • Object Linking and Embedding (p. 864)
  • Dynamic Data Exchange (p. 865)
  • Distributed Computing Environment (p. 865)
  • Mobile Code (p. 866)
  • Enterprise JavaBeans (p. 867)
  • Expert Systems and Knowledge-Based Systems (p. 867)
  • Artificial Neural Networks (p. 869)
  • Java (p. 872)
  • ActiveX (p. 873)
  • Malicious Software (Malware) (p. 874)
  • Attacks (p. 878)
  • Summary (p. 886)
  • Quick Tips (p. 886)
  • Questions (p. 890)
  • Answers (p. 894)
  • Chapter 12 Operations Security (p. 899)
  • Role of the Operations Department (p. 900)
  • Administrative Management (p. 900)
  • Accountability (p. 903)
  • Security Operations and Product Evaluation (p. 904)
  • Input and Output Controls (p. 910)
  • Network and Resource Availability (p. 911)
  • Single Points of Failure (p. 911)
  • RAID (p. 912)
  • Clustering (p. 914)
  • Backups (p. 914)
  • E-Mail Security (p. 915)
  • How E-Mail Works (p. 916)
  • Facsimile Security (p. 920)
  • Hack and Attack Methods (p. 921)
  • Penetration Testing (p. 930)
  • Operations Department (p. 933)
  • Summary (p. 934)
  • Quick Tips (p. 935)
  • Questions (p. 937)
  • Answers (p. 941)
  • Appendix A About the CD-ROM (p. 945)
  • Running the QuickTime Cryptography Video Sample (p. 946)
  • Troubleshooting (p. 947)
  • Installing Total Seminars' Test Software (p. 947)
  • Navigation (p. 947)
  • Minimum System Requirements for Total Seminars' Software (p. 948)
  • Technical Support (p. 948)
  • Appendix B Who's Who? (p. 949)
  • NSA (p. 949)
  • NIST (p. 950)
  • NCSC (p. 951)
  • ISO (p. 951)
  • ANSI (p. 952)
  • IEEE (p. 952)
  • Glossary (p. 953)

Author notes provided by Syndetics

Shon Harris, CISSP, MCSE, is the president of Logical Security, a security consultant, and a former engineer in the Air Force's Information Warfare unit

Powered by Koha