| Description |
1 online resource : illustrations |
| Contents |
CISSP® Study Guide -- About the authors -- Lead Author -- Contributing Authors -- About the Technical Editor -- 1. : Introduction -- How to Prepare for the Exam -- The CISSP exam is a management exam -- The notes card approach -- Practice tests -- Read the glossary -- Readiness checklist -- Taking the Exam -- Steps to becoming a CISSP -- Computer-based testing (CBT) -- How to take the exam -- The two-pass method -- Pass one -- Pass two -- The three-pass method -- After the exam -- Good Luck! -- 2. : Domain 1 -- Unique Terms and Definitions -- Introduction |
|
Cornerstone Information Security ConceptsConfidentiality, integrity, and availability -- Confidentiality -- Integrity -- Availability -- Tension between the concepts -- Disclosure, alteration, and destruction -- Identity and authentication, authorization, and accountability (AAA) -- Identity and authentication -- Authorization -- Accountability -- Non-repudiation -- Least privilege and need to know -- Subjects and objects -- Defense in depth -- Access Control Models -- Discretionary Access Control (DAC) -- Mandatory Access Control (MAC) -- Non-discretionary access control -- Content- and context-dependent access controls |
|
Centralized access controlDecentralized access control -- Access provisioning lifecycle -- User entitlement, access review, and audit -- Access control protocols and frameworks -- RADIUS -- Diameter -- TACACS and TACACS+ -- PAP and CHAP -- Microsoft Active Directory Domains -- Procedural Issues for Access Control -- Lab els. clearance, formal access approval, and need to know -- Lab els. -- Clearance -- Formal access approval -- Need to know -- Rule-based access controls -- Access control lists -- Access Control Defensive Categories and Types -- Preventive -- Detective -- Corrective -- Recovery -- Deterrent -- Compensating |
|
Comparing access controlsAuthentication Methods -- Type 1 authentication: something you know -- Passwords -- Password hashes and password cracking -- Dictionary attacks -- Brute-force and hybrid attacks -- Salts -- Password management -- Password control -- Type 2 authentication: something you have -- Synchronous dynamic token -- Asynchronous dynamic token -- Type 3 authentication: something you are -- Biometric fairness, psychological comfort, and safety -- Biometric enrollment and throughput -- Accuracy of biometric systems -- False reject rate (FRR) -- False accept rate (FAR) -- Crossover error rate (CER) |
|
Types of biometric controlsFingerprints -- Retina scan -- Iris scan -- Hand geometry -- Keyboard dynamics -- Dynamic signature -- Voiceprint -- Facial scan -- Someplace you are -- Access Control Technologies -- Single sign-on (SSO) -- Federated identity management -- Kerberos -- Kerberos characteristics -- Kerberos operational steps -- Kerberos strengths -- Kerberos weaknesses -- SESAME -- Security audit logs -- Types of Attackers -- Hackers -- Black hats and white hats -- Script kiddies -- Outsiders -- Insiders -- Hacktivist -- Bots and botnets -- Phishers and spear phishers -- Assessing Access Control -- Penetration testing |
|
Penetration testing tools and methodology |
| Summary |
The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. The newest edition of this acclaimed study guide is aligned to cover all of the material included in the newest version of the exam's Common Body of Knowledge. The ten domains are covered completely and as concisely as possible with an eye to acing the exam. Each of the ten domains has its own chapter that includes specially designed pedagogy to aid the test-taker in passing the exam, including: Clearly stated exam objectives; Unique terms/Definitions; Exam Warnings; Learning by Example; Hands-On Exercises; Chapter ending questions. Furthermore, special features include: Two practice exams; Tiered chapter ending questions that allow for a gradual learning curve; and a self-test appendix . Provides the most complete and effective study guide to prepare you for passing the CISSP exam-contains only what you need to pass the test, with no fluff! . Eric Conrad has prepared hundreds of professionals for passing the CISSP exam through SANS, a popular and well-known organization for information security professionals. . Covers all of the new information in the Common Body of Knowledge updated in January 2012, and also provides two practice exams, tiered end-of-chapter questions for a gradual learning curve, and a complete self-test appendix |
| Bibliography |
Includes bibliographical references and index |
| Notes |
Copyright ©: Elsevier Science & Technology 2012 |
|
Title information on publisher's Web site; (ScienceDirect; viewed on Aug. 28, 2012) |
| Subject |
Computer networks -- Security measures -- Examinations -- Study guides
|
|
Computer security -- Examinations -- Study guides
|
|
Computer networks -- Security measures -- Examinations
|
|
Computer security -- Examinations
|
| Genre/Form |
examination study guides.
|
|
Study guides
|
|
Study guides.
|
|
Guides de l'étudiant.
|
| Form |
Electronic book
|
| Author |
Misenar, Seth.
|
|
Feldman, Joshua.
|
| ISBN |
9781597499613 |
|
1597499617 |
|
9781597499682 |
|
1597499684 |
|
