Cover image for The CISSP prep guide : mastering the ten domains of computer security
Title:
The CISSP prep guide : mastering the ten domains of computer security
Author:
Krutz, Ronald L., 1938-
Personal Author:
Publication Information:
New York : Wiley, [2001]

©2001
Physical Description:
xx, 556 pages : illustrations ; 24 cm
Language:
English
ISBN:
9780471413561
Format :
Book

Available:*

Library
Call Number
Material Type
Home Location
Status
Central Library QA76.3 .K78 2001 Adult Non-Fiction Central Closed Stacks
Searching...

On Order

Summary

Summary

With the growing threat of computer viruses and Internet security breaches, companies are fiercely headhunting for CISSP certified security professionals. The industry standard test on IT security, the Certified Information Systems Security Professionals (CISSP) exam is administered 16 times per year throughout the U.S. and Europe. This book serves both as a prep guide for IT professionals seeking to advance their careers through CISSP certification and as a reference for readers who need a fundamental end-to-end security reference book. Co-authored by Ronald Krutz, this handy guide explains the ten security domains covered by the exam, from security management to cryptography to disaster recovery planning to legal and ethical issues. Sample questions and answers are also included.


Author Notes

RONALD L. KRUTZ is a lead instructor for the CISSP CBK review seminars. He spent twenty-four years at Carnegie Mellon University as a faculty member and then as an R&D Director at the Carnegie Mellon University Research Institute. Dr. Krutz is a Senior Information Security Consultant for Corbett Technologies, specializing in information assurance appraisal methodologies. He holds a PhD in Computer Engineering, is a registered Professional Engineer, and is a CISSP. He is the author of two previous Wiley books, Microprocessors and Logic Design and Microcomputer Interfacing.
RUSSELL DEAN VINES is President of the RDVGroup, a NYC-based security consulting services firm, and has been involved in computer security for nearly twenty years. He is a frequent speaker on security methodology, wireless security, and best practices in the information industry, and is also an instructor for the CISSP CBK review seminars. He has helped design and build the security architecture for Fortune 1000 Companies worldwide. He is a CISSP, CCNA, MCSE, MCNE, and a National Security Agency/IAM professional. Mr. Vines is also an accomplished jazz composer, performer, and educator.


Table of Contents

Forewordp. ix
Introductionp. xiii
Acknowledgmentsp. xviii
About the Authorsp. xix
Chapter 1 Security Management Practicesp. 1
Our Goalsp. 2
Domain Definitionp. 2
Management Conceptsp. 2
Information Classification Processp. 5
Security Policy Implementationp. 10
Roles and Responsibilitiesp. 14
Risk Managementp. 15
Security Awarenessp. 25
Sample Questionsp. 27
Chapter 2 Access Control Systemsp. 31
Rationalep. 31
Controlsp. 32
Identification and Authenticationp. 36
Some Access Control Issuesp. 49
Sample Questionsp. 51
Chapter 3 Telecommunications and Network Securityp. 57
Our Goalsp. 58
Domain Definitionp. 59
Management Conceptsp. 60
Technology Conceptsp. 79
Sample Questionsp. 123
Chapter 4 Cryptographyp. 129
Introductionp. 129
Cryptographic Technologiesp. 139
Secret Key Cryptography (Symmetric Key)p. 147
Public (Asymmetric) Key Cryptosystemsp. 155
Approaches to Escrowed Encryptionp. 165
Internet Security Applicationsp. 170
Sample Questionsp. 176
Chapter 5 Security Architecture and Modelsp. 183
Security Architecturep. 183
Assurancep. 197
Information Security Modelsp. 200
Sample Questionsp. 208
Chapter 6 Operations Securityp. 215
Our Goalsp. 216
Domain Definitionp. 216
Controls and Protectionsp. 217
Monitoring and Auditingp. 232
Threats and Vulnerabilitiesp. 237
Sample Questionsp. 240
Chapter 7 Applications and Systems Developmentp. 245
The Software Life Cycle Development Processp. 246
The Software Capability Maturity Model (CMM)p. 254
Object-Oriented Systemsp. 255
Artificial Intelligence Systemsp. 258
Database Systemsp. 261
Application Controlsp. 262
Sample Questionsp. 266
Chapter 8 Business Continuity Planning and Disaster Recovery Planningp. 271
Our Goalsp. 272
Domain Definitionp. 272
Business Continuity Planningp. 273
Disaster Recovery Planningp. 280
Sample Questionsp. 293
Chapter 9 Law, Investigation, and Ethicsp. 297
Introductionp. 297
Lawp. 300
Investigationp. 308
Liabilityp. 314
Ethicsp. 315
Sample Questionsp. 319
Chapter 10 Physical Securityp. 325
Our Goalsp. 326
Domain Definitionp. 326
Threats to Physical Securityp. 326
Controls for Physical Securityp. 328
Sample Questionsp. 350
Appendix A Glossary of Terms and Acronymsp. 355
Appendix B The Rainbow Seriesp. 381
Appendix C Answers to Sample Questionsp. 409
Chapter 1 Security Management Practicesp. 409
Chapter 2 Access Control Systems and Methodologyp. 414
Chapter 3 Telecommunications and Network Securityp. 421
Chapter 4 Cryptographyp. 428
Chapter 5 Security Architecture and Modelsp. 437
Chapter 6 Operations Securityp. 444
Chapter 7 Applications and Systems Developmentp. 449
Chapter 8 Business Continuity Planning and Disaster Recovery Planningp. 455
Chapter 9 Law, Investigation, and Ethicsp. 459
Chapter 10 Physical Securityp. 465
Appendix D A Process Approach to HIPAA Compliance through a HIPAA-CMMp. 471
Appendix E The NSA InfoSec Assessment Methodologyp. 507
Appendix F The Case for Ethical Hackingp. 517
Appendix G The Common Criteriap. 523
Appendix H References for Further Studyp. 535
Appendix I British Standard 7799p. 543
Indexp. 545

Google Preview