Ace your preparation for Certified Information Systems Security Professional (CISSP) Exam. Work at your own pace through a series of lessons and reviews that fully cover each exam objective. Then, reinforce what you’ve learned by applying your knowledge to real-world case scenarios and practice exercises. This guide is designed to help make the most of your study time.
Maximize your performance on the exam in these 10 domains:
Information Security Governance and Risk Management
Physical (Environmental) Security
Security Architecture and Design
Legal, Regulations, Investigations and Compliance
Telecommunications and Network Security
Business Continuity and Disaster Recovery Planning
Software Development Security
Assess your skills with practice tests on CD. You can work through hundreds of questions using multiple testing modes to meet your specific learning needs. You get detailed explanations for right and wrong answers—including a customized learning path that describes how and where to focus your studies.
Chapter 1 Information security governance and risk management
Where do information security and risk management begin?
Security objectives and controls
Policies and frameworks
Risk assessment and management
Implementing the security program
Chapter 2 Access control
Choices, choices, choices
Authentication, authorization, and auditing
Chapter 3 Cryptography
What is cryptography?
The basics of cryptography
Historical review of cryptography
Hashing algorithm/message digest
Symmetric key algorithms and cryptosystems
Asymmetric key algorithms and cryptosystems
Cryptography in use
Attacks on cryptography
Chapter 4 Physical (environmental) security
Physical security in a layered defense model
Planning the design of a secure facility
Designing a physical security program
Fire prevention, detection, and suppression
Chapter 5 Security architecture and design
Identifying architectural boundaries
Computer hardware and operating systems
Frameworks for security
Chapter 6 Legal, regulations, investigations, and compliance
A global perspective of laws regarding computer crime
Chapter 7 Telecommunications and network security
The Open Systems Interconnection (OSI) Model
Transmission media and technologies
Protocols, protocols, and more protocols
PAN, LAN, MAN, WAN, and more
Attacking the network
Chapter 8 Business continuity and disaster recovery planning
Disaster recovery plan and the business continuity plan
Develop the plans: Proposals
Implementing the approved plans
Chapter 9 Software development security
The need for improved security in software
Attacks on applications
Chapter 10 Operations security
The activities of operations
Attacks on operations
Appendix Additional resources
Additional resources available from (ISC)2
Miscellaneous additional resources
Chapter 1: Information security governance and risk management
Chapter 2: Access control
Chapter 3: Cryptography
Chapter 4: Physical (environmental) security
Chapter 5: Security architecture and design
Chapter 6: Legal, regulations, investigations and compliance
Chapter 7: Telecommunications and network security
Chapter 8: Business continuity and disaster recovery planning
David R. Miller (CISSP, MCT, MCITP) is an information technology and network engineering consultant; instructor; author; and technical editor of books, curricula, certification exams, and computer-based training videos. He has authored Microsoft Press Training Kits on Windows Server 2008 and Exchange Server 2007.
David R. Miller presents an alternative way to study each major chapter of the CISSP certification program. The book is delivered with a cd-rom (even with the ebook version) full of practice tests. The book provides various study path depending on the purpose of your investment in the CISSP certification. The CISSP certification is a standard certification that confirms the knowledge of an expert in the field of information security. This certification covers from physical security to cryptography.
I was not expecting something particular by reading a training kit (most of them are very static in terms of pedagogy and uncomfortable). I was surprised by the efficiency of the teaching that the author provides through the examples and the definitions of the different notions. During the reading, I have focused on the cryptography and telecommunications and network security chapters to assess the quality and the accuracy of the informations, since I am more accustomed in those fields. The definitions are accurate and examples are numerous and well-chosen. You are not obliged to be an expert in the field to understand the topics, and the author takes the reader by the hand to help him to discover and understand the different concepts.
The book has one or two bad points. The cd-rom is dedicated to study within a windows environment and it is not a cross-platform learning platform. Since the subject is general information security, the tests should be more general also. The examples given inside the book are also sometimes Microsoft software oriented. Since it is a microsoft press book, it could be considered as normal, but not so much in a certifying environment.
The last bad point is maybe the misleading effect concerning some concepts explanation. For instance, when the author explains the notion of security through obscurity, he says that «... it should be used whenever possible ...». It misleads the fact that in most security courses, it is advised to not base your security on that kind of security artifice (see Kerchoffs principle). The book is self-contained, but some pointers for the readers to go further on some topics, if they were interested, would have been a serious positive addition to the book.
I will finish the review by summarizing that this book is self-contained, well-written, accurate and very helpful to prepare the certification, but a small improvement would have given us a perfect tool to perfect your knowledge as a security expert.
This book is part of the reader review program of Oreilly
Bottom Line Yes, I would recommend this to a friend