CISSP Study Guide - fully updated for the 2024 CISSP Body of Knowledge
ISC2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 10th Edition has been completely updated based on the latest 2024 CISSP Detailed Content Outline. This bestselling Sybex Study Guide covers 100% of the CISSP objectives. You'll prepare smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic Study Essentials and chapter review questions.
The book’s co-authors bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully prove your CISSP mastery. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs.
Along with the book, you also get access to Sybex's superior online interactive learning environment that includes:
Over 900 practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. More than 1000 Electronic Flashcards to reinforce your learning and give you last-minute test prep A searchable glossary in PDF to give you instant access to the key terms you need to know Audio Review. Author Mike Chapple reads the Study Essentials for each chapter providing you with more than 2 hours of up-to-date audio review for yet another way to reinforce your knowledge as you prepare.
Coverage of all of the CISSP topics in the book means you'll be ready for:
Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management (IAM) Security Assessment and Testing Security Operations Software Development Security
Introduction xxxv Assessment Test lx Chapter 1 Security Governance Through Principles and Policies 1 Security 101 3 Understand and Apply Security Concepts 4 Security Boundaries 13 Evaluate and Apply Security Governance Principles 14 Manage the Security Function 16 Security Policy, Standards, Procedures, and Guidelines 27 Threat Modeling 29 Supply Chain Risk Management 35 Summary 38 Study Essentials 39 Written Lab 41 Review Questions 42 Chapter 2 Personnel Security and Risk Management Concepts 49 Personnel Security Policies and Procedures 51 Understand and Apply Risk Management Concepts 60 Social Engineering 90 Establish and Maintain a Security Awareness, Education, and Training Program 106 Summary 110 Study Essentials 111 Written Lab 114 Review Questions 115 Chapter 3 Business Continuity Planning 121 Planning for Business Continuity 122 Project Scope and Planning 123 Business Impact Analysis 131 Continuity Planning 137 Plan Approval and Implementation 140 Summary 145 Study Essentials 145 Written Lab 146 Review Questions 147 Chapter 4 Laws, Regulations, and Compliance 151 Categories of Laws 152 Laws 155 State Privacy Laws 179 Compliance 179 Contracting and Procurement 181 Summary 182 Study Essentials 182 Written Lab 184 Review Questions 185 Chapter 5 Protecting Security of Assets 189 Identifying and Classifying Information and Assets 190 Establishing Information and Asset Handling Requirements 198 Data Protection Methods 208 Understanding Data Roles 214 Using Security Baselines 216 Summary 219 Study Essentials 220 Written Lab 221 Review Questions 222 Chapter 6 Cryptography and Symmetric Key Algorithms 227 Cryptographic Foundations 228 Modern Cryptography 246 Symmetric Cryptography 253 Cryptographic Life Cycle 263 Summary 264 Study Essentials 264 Written Lab 266 Review Questions 267 Chapter 7 PKI and Cryptographic Applications 271 Asymmetric Cryptography 272 Hash Functions 279 Digital Signatures 283 Public Key Infrastructure 286 Asymmetric Key Management 292 Hybrid Cryptography 293 Applied Cryptography 294 Cryptographic Attacks 306 Summary 309 Study Essentials 310 Written Lab 311 Review Questions 312 Chapter 8 Principles of Security Models, Design, and Capabilities 317 Secure Design Principles 319 Techniques for Ensuring CIA 330 Understand the Fundamental Concepts of Security Models 332 Select Controls Based on Systems Security Requirements 345 Understand Security Capabilities of Information Systems 349 Summary 352 Study Essentials 353 Written Lab 354 Review Questions 355 Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 359 Shared Responsibility 360 Data Localization and Data Sovereignty 362 Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 363 Client‐Based Systems 378 Server‐Based Systems 381 Industrial Control Systems 384 Distributed Systems 386 High‐Performance Computing (HPC) Systems 387 Real‐Time Operating Systems 388 Internet of Things 389 Edge and Fog Computing 390 Embedded Devices and Cyber‐Physical Systems 391 Microservices 396 Infrastructure as Code 397 Immutable Architecture 398 Virtualized Systems 399 Containerization 406 Mobile Devices 407 Essential Security Protection Mechanisms 424 Common Security Architecture Flaws and Issues 427 Summary 431 Study Essentials 432 Written Lab 436 Review Questions 437 Chapter 10 Physical Security Requirements 443 Apply Security Principles to Site and Facility Design 444 Implement Site and Facility Security Controls 449 Implement and Manage Physical Security 473 Summary 480 Study Essentials 481 Written Lab 484 Review Questions 485 Chapter 11 Secure Network Architecture and Components 491 OSI Model 493 TCP/IP Model 501 Analyzing Network Traffic 502 Common Application Layer Protocols 503 Transport Layer Protocols 504 Domain Name System 506 Internet Protocol (IP) Networking 512 ARP Concerns 516 Secure Communication Protocols 517 Implications of Multilayer Protocols 518 Segmentation 523 Edge Networks 526 Wireless Networks 527 Satellite Communications 543 Cellular Networks 544 Content Distribution Networks (CDNs) 544 Secure Network Components 545 Summary 572 Study Essentials 573 Written Lab 575 Review Questions 576 Chapter 12 Secure Communications and Network Attacks 581 Protocol Security Mechanisms 582 Secure Voice Communications 587 Remote Access Security Management 591 Multimedia Collaboration 595 Monitoring and Management 597 Load Balancing 597 Manage Email Security 600 Virtual Private Network 606 Switching and Virtual LANs 613 Network Address Translation 617 Third‐Party Connectivity 622 Switching Technologies 624 WAN Technologies 626 Fiber‐Optic Links 629 Prevent or Mitigate Network Attacks 630 Summary 631 Study Essentials 632 Written Lab 635 Review Questions 636 Chapter 13 Managing Identity and Authentication 641 Controlling Access to Assets 643 The AAA Model 645 Implementing Identity Management 662 Managing the Identity and Access Provisioning Life Cycle 668 Summary 672 Study Essentials 672 Written Lab 675 Review Questions 676 Chapter 14 Controlling and Monitoring Access 681 Comparing Access Control Models 682 Implementing Authentication Systems 694 Zero‐Trust Access Policy Enforcement 702 Understanding Access Control Attacks 703 Summary 719 Study Essentials 720 Written Lab 721 Review Questions 722 Chapter 15 Security Assessment and Testing 727 Building a Security Assessment and Testing Program 729 Performing Vulnerability Assessments 735 Testing Your Software 750 Training and Exercises 758 Implementing Security Management Processes and Collecting Security Process Data 759 Summary 762 Exam Essentials 763 Written Lab 764 Review Questions 765 Chapter 16 Managing Security Operations 769 Apply Foundational Security Operations Concepts 771 Address Personnel Safety and Security 778 Provision Information and Assets Securely 780 Managed Services in the Cloud 786 Perform Configuration Management (CM) 790 Manage Change 793 Manage Patches and Reduce Vulnerabilities 797 Summary 801 Study Essentials 802 Written Lab 804 Review Questions 805 Chapter 17 Preventing and Responding to Incidents 809 Conducting Incident Management 811 Implementing Detection and Preventive Measures 818 Logging and Monitoring 842 Automating Incident Response 854 Summary 860 Study Essentials 860 Written Lab 863 Review Questions 864 Chapter 18 Disaster Recovery Planning 869 The Nature of Disaster 871 Understand System Resilience, High Availability, and Fault Tolerance 883 Recovery Strategy 888 Recovery Plan Development 898 Training, Awareness, and Documentation 906 Testing and Maintenance 907 Summary 911 Study Essentials 912 Written Lab 913 Review Questions 914 Chapter 19 Investigations and Ethics 919 Investigations 920 Major Categories of Computer Crime 934 Ethics 940 Summary 944 Study Essentials 945 Written Lab 946 Review Questions 947 Chapter 20 Software Development Security 951 Introducing Systems Development Controls 953 Establishing Databases and Data Warehousing 984 Storage Threats 994 Understanding Knowledge‐ Based Systems 995 Summary 998 Study Essentials 998 Written Lab 1000 Review Questions 1001 Chapter 21 Malicious Code and Application Attacks 1005 Malware 1006 Malware Prevention 1018 Application Attacks 1021 Injection Vulnerabilities 1024 Exploiting Authorization Vulnerabilities 1030 Exploiting Web Application Vulnerabilities 1033 Application Security Controls 1038 Secure Coding Practices 1044 Summary 1048 Study Essentials 1048 Written Lab 1049 Review Questions 1050 Appendix A Answers to Review Questions 1055 Chapter 1: Security Governance Through Principles and Policies 1056 Chapter 2: Personnel Security and Risk Management Concepts 1059 Chapter 3: Business Continuity Planning 1063 Chapter 4: Laws, Regulations, and Compliance 1065 Chapter 5: Protecting Security of Assets 1068 Chapter 6: Cryptography and Symmetric Key Algorithms 1070 Chapter 7: PKI and Cryptographic Applications 1072 Chapter 8: Principles of Security Models, Design, and Capabilities 1074 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 1077 Chapter 10: Physical Security Requirements 1082 Chapter 11: Secure Network Architecture and Components 1085 Chapter 12: Secure Communications and Network Attacks 1089 Chapter 13: Managing Identity and Authentication 1092 Chapter 14: Controlling and Monitoring Access 1095 Chapter 15: Security Assessment and Testing 1097 Chapter 16: Managing Security Operations 1099 Chapter 17: Preventing and Responding to Incidents 1102 Chapter 18: Disaster Recovery Planning 1104 Chapter 19: Investigations and Ethics 1106 Chapter 20: Software Development Security 1108 Chapter 21: Malicious Code and Application Attacks 1111 Appendix B Answers to Written Labs 1115 Chapter 1: Security Governance Through Principles and Policies 1116 Chapter 2: Personnel Security and Risk Management Concepts 1116 Chapter 3: Business Continuity Planning 1117 Chapter 4: Laws, Regulations, and Compliance 1118 Chapter 5: Protecting Security of Assets 1119 Chapter 6: Cryptography and Symmetric Key Algorithms 1119 Chapter 7: PKI and Cryptographic Applications 1120 Chapter 8: Principles of Security Models, Design, and Capabilities 1121 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 1121 Chapter 10: Physical Security Requirements 1123 Chapter 11: Secure Network Architecture and Components 1124 Chapter 12: Secure Communications and Network Attacks 1125 Chapter 13: Managing Identity and Authentication 1126 Chapter 14: Controlling and Monitoring Access 1127 Chapter 15: Security Assessment and Testing 1127 Chapter 16: Managing Security Operations 1128 Chapter 17: Preventing and Responding to Incidents 1129 Chapter 18: Disaster Recovery Planning 1130 Chapter 19: Investigations and Ethics 1131 Chapter 20: Software Development Security 1131 Chapter 21: Malicious Code and Application Attacks 1131 Index 1133
