Official (ISC)2 Guide to the CISSP CBK  book cover
4th Edition

Official (ISC)2 Guide to the CISSP CBK

Edited By

Adam Gordon

ISBN 9781482262759
Published March 11, 2015 by Auerbach Publications
1304 Pages 206 B/W Illustrations

FREE Standard Shipping
SAVE $18.59
was $92.95
USD $74.36

Prices & shipping based on shipping country


Book Description

As a result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams, it has announced that enhancements will be made to both the Certified Information Systems Security Professional (CISSP) credential, beginning April 15, 2015. (ISC)² conducts this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.

Refreshed technical content has been added to the official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today. Some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization’s information security program within an ever-changing security landscape.

The domain names have been updated as follows:

CISSP Domains, Effective April 15, 2015

  1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
  2. Asset Security (Protecting Security of Assets)
  3. Security Engineering (Engineering and Management of Security)
  4. Communications and Network Security (Designing and Protecting Network Security)
  5. Identity and Access Management (Controlling Access and Managing Identity)
  6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
  8. Software Development Security (Understanding, Applying, and Enforcing Software Security)

Some candidates may be wondering how these updates affect training materials for the CISSP credential. As part of the organization’s comprehensive education strategy and certifying body best practices, (ISC)² training materials do not teach directly to its credential examinations. Rather, (ISC)² Education is focused on teaching the core competencies relevant to the roles and responsibilities of today’s practicing information security professional. It is designed to refresh and enhance the knowledge of experienced industry professionals.

Table of Contents

Domain 1 — Security & Risk Management
Security & Risk Management
Confidentiality, Integrity, and Availability
Security Governance
The Complete and Effective Security Program
Global Legal and Regulatory Issues
Understand Professional Ethics
Develop and Implement Security Policy
Business Continuity (BC) & Disaster Recovery (DR) Requirements
Manage Personnel Security
Risk Management Concepts
Threat Modeling
Acquisitions Strategy and Practice
Security Education, Training, and Awareness

Domain 2 — Asset Security
Asset Security
Data Management: Determine and Maintain Ownership
Data Standards
Longevity and Use
Classify Information and Supporting Assets
Asset Management
Protect Privacy
Ensure Appropriate Retention
Determine Data Security Controls
Standards Selection

Domain 3 — Security Engineering
Security Engineering
The Engineering Lifecycle Using Security Design Principles
Fundamental Concepts of Security Models
Information Systems Security Evaluation Models
Security Capabilities of Information Systems
Vulnerabilities of Security Architectures
Database Security
Software and System Vulnerabilities and Threats
Vulnerabilities in Mobile Systems
Vulnerabilities in Embedded Devices and Cyber-Physical Systems
The Application and Use of Cryptography
Site and Facility Design Considerations
Site Planning
Implementation and Operation of Facilities Security

Domain 4 — Communications & Network Security
Communications & Network Security
Secure Network Architecture and Design
Implications of Multi-Layer Protocols
Converged Protocols
Securing Network Components
Secure Communication Channels
Network Attacks

Domain 5 — Identity & Access Management
Identity & Access Management
Physical and Logical Access to Assets
Identification and Authentication of People and Devices
Identity Management Implementation
Identity as a Service (IDaaS)
Integrate Third-Party Identity Services
Implement and Manage Authorization Mechanisms
Prevent or Mitigate Access Control Attacks
Identity and Access Provisioning Lifecycle

Domain 6 — Security Assessment & Testing
Security Assessment & Testing
Assessment and Test Strategies
Collect Security Process Data
Internal and Third-Party Audits

Domain 7 — Security Operations
Security Operations
Provisioning of Resources through Configuration Management
Resource Protection
Incident Response
Preventative Measures against Attacks
Patch and Vulnerability Management
Change and Configuration Management
The Disaster Recovery Process
Test Plan Review
Business Continuity and Other Risk Areas
Access Control
Personnel Safety

Domain 8 — Security in the Software Development Life Cycle
Security in the Software Development Life Cycle
Software Development Security Outline
Environment and Security Controls
Security of the Software Environment
Software Protection Mechanisms
Assess the Effectiveness of Software Security
Assess Software Acquisition Security

View More