CISSP Study Guide, Third Edition

  • 11h 18m
  • Eric Conrad, Joshua Feldman, Seth Misenar
  • Elsevier Science and Technology Books, Inc.
  • 2016

CISSP Study Guide, Third Edition provides readers with information on the CISSP certification, the most prestigious, globally-recognized, vendor-neutral exam for information security professionals.

With over 100,000 professionals certified worldwide, and many more joining their ranks, this new third edition presents everything a reader needs to know on the newest version of the exam's Common Body of Knowledge.

The eight domains are covered completely and as concisely as possible, allowing users to ace the exam. Each domain has its own chapter that includes a specially-designed pedagogy to help users pass the exam, including clearly-stated exam objectives, unique terms and definitions, exam warnings, "learning by example" modules, hands-on exercises, and chapter ending questions.

  • Provides the most complete and effective study guide to prepare users for passing the CISSP exam, giving them exactly what they need to pass the test
  • Authored by Eric Conrad who has prepared hundreds of professionals for passing the CISSP exam through SANS, a popular and well-known organization for information security professionals
  • Covers all of the new information in the Common Body of Knowledge updated in January 2015, and also provides two exams, tiered end-of-chapter questions for a gradual learning curve, and a complete self-test appendix

About the Author

Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, Security+), is a SANS-certified instructor and President of Backshore Communications, which provides information warfare, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He has taught more than a thousand students in courses such as SANS Management 414: CISSP, Security 560: Network Penetration Testing and Ethical Hacking, Security 504: Hacker Techniques, and Exploits and Incident Handling. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering.

Seth Misenar (CISSP, GPEN, GCIH, GCIA, GCFA, GWAPT, GCWN, GSEC, MCSE, MCDBA), is a certified instructor with the SANS Institute and serves as lead consultant for Context Security, which is based in Jackson, Mississippi. His background includes security research, network and Web application penetration testing, vulnerability assessment, regulatory compliance, security architecture design, and general security consulting. Seth previously served as a physical and network security consultant for Fortune 100 companies and as the HIPAA and information security officer for a state government agency. He teaches a variety of courses for the SANS Institute, including Security Essentials, Web Application Penetration Testing, Hacker Techniques, and the CISSP course. Seth is pursuing a Master of Science degree in Information Security Engineering from the SANS Technology Institute and holds a Bachelor of Science degree from Millsaps College, Jackson, Mississippi.

Joshua Feldman (CISSP), is currently employed by SAIC, Inc. He has been involved in the Department of Defense Information Systems Agency (DISA) Information Assurance Education, Training, and Awareness program since 2002, where he has contributed to a variety of DoD-wide Information Assurance and Cyber Security policies, specifically the 8500.2 and 8570 series. Joshua has taught more than a thousand DoD students through his "DoD IA Boot Camp" course. He is a subject matter expert for the Web-based DoD Information Assurance Awareness-yearly training of every DoD user is required as part of his or her security awareness curriculum. Also, he is a regular presenter and panel member at the annual Information Assurance Symposium hosted jointly by DISA and NSA. Before joining the support team at DoD/DISA, Joshua spent time as an IT security engineer at the Department of State's Bureau of Diplomatic Security. He got his start in the IT security field with NFR Security Software, a company that manufactures Intrusion Detection Systems. There, he worked as both a trainer and an engineer, implementing IDS technologies and instructing customers how in properly configuring them.

In this Book

  • Introduction
  • Domain 1—Security and Risk Management (e.g., Security, Risk, Compliance, Law, Regulations, Business Continuity)
  • Domain 2—Asset Security (Protecting Security of Assets)
  • Domain 3—Security Engineering (Engineering and Management of Security)
  • Domain 4—Communication and Network Security (Designing and Protecting Network Security)
  • Domain 5—Identity and Access Management (Controlling Access and Managing Identity)
  • Domain 6—Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  • Domain 7—Security Operations (e.g., Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
  • Domain 8—Software Development Security (Understanding, Applying, and Enforcing Software Security)
  • Glossary