If you'd rather place an order by talking to one of our cheerful order desk clerks, please call 1-888-232-4444 (USA and Canada only) or 250-383-6864. From Europe, ring our UK order desk clerk at local rate number 0845 230 9601 (UK only) or 44 (0)1865 722 113.

Secured Computing: CISSP Study Guide

by Carl F. Endorf CISSP

309 pages; quality trade paperback (softcover); catalogue #01-0291; ISBN 1-55212-889-X; US$44.95, C$64.00, EUR41.60, £28.90

This book is a study guide for those seeking the Certified Information Systems Security Professional (CISSP) designation.

Read more!

about the book      about the author      table of contents      catalogue info

About the Book The Certified Information Systems Security Professional (CISSP) designation is the most respected certification an IT professional can obtain during their career. It demonstrates the ability to understand a broad range of security issues in many areas. This is the ultimate study guide for the Certified Information Security Systems Professional CISSP Exam. You pass or your money back! * It is designed for the experienced Security Professional. This guide will help to supplement your studies and further your goal of acquiring the CISSP designation. The book is designed for a security professional by a security professional. The author has strived to take the information that is needed to be successful in the security arena and to condense it into one concise volume. In addition, this book is also a great resource for anyone interested in getting a better handle on how to secure ones organization and enterprise. This guide will help you to understand the common body of knowledge that is set forth by ISC2* and many security professionals today. * CISSP is a registered Trademark of ISC2, Inc. This publication is not endorsed nor sponsered by ISC2, Inc. The information here within is that of the authors and his intent to consolidate this information. The test and quiz questions are not official test questions set forth by ISC2, but intended only for the purpose of learning the knowledge needed to prepare for this test.

---

About the Author Carl Endorf, CISSP, MCSE, CCNA, is a technical security analyst and incident manager for one of the largest Insurance and banking companies in the U.S. He has practical experience in forensics, corporate investigations and Internet security. He is currently pursuing his graduate degree at the University of Illinois in Management Information Systems. Endorf's second book Secured Computing: SSCP Study Guide is also available through Trafford Publishing.

---

Table of Contents

Preface vii
Overview of CISSP and the Exam vii
How to Use This Book viii
The Study Plan viii
Test Day Tips ix

Chapter One
Domain 1 - Access Control Systems and Methodology
Definitions 3
Access Control Layers 4
Types of Access Control 5
Access Control Techniques 7
Access Control Administration 9
Data Owner, Custodian, and User Responsibilities 9
Access Control Models 10
Identification and Authentication Techniques 13
Access Controls Methodologies and Implementations 17
Monitoring 19
Test Your Knowledge 24

Chapter Two
Domain 2 - Telecommunications & Network Security
Definitions 31
ISO/OSI Model 31
Communications and Network Security 33
Protocols 37
Identification and Authentication 46
Data Communications 48
Network Components 53
Network Availability 54
Test Your Knowledge 59

Chapter Three
Domain 3 - Security Management Practices
Definitions 66
Security Management Concepts and Principles 67
Change/Control Management 68
Data Classification Schemes 69
Employment Policies and Practices 72
Policies, Standards, Guidelines, and Procedures 74
Risk Management 75
Roles and Responsibilities 83
Security Awareness 84
Security Management Planning 85
Test Your Knowledge 87

Chapter Four
Domain 4 - Applications & Systems Development
Definitions 93
Application Issues 93
Local/Non Distributed Environment 98
Data Information Storage 102
Knowledge Based Systems 103
System Development Controls 107
Test Your Knowledge 113

Chapter Five
Domain 5 - Cryptography
Definitions 117
Uses of Cryptography 118
Cryptographic Concepts, Methodologies, and Practices 120
Types of Encryption Systems 126
Public Key Infrastructure 136
Application and Network Based Protocols 140
Methods of Attack 142
Test Your Knowledge 144

Chapter Six
Domain 6 - Security Architecture and Models
Definitions 149
Principles of Common Computer and Network Architecture and Design 149
Principles of Common Security Models, Architectures, and Evaluation Criteria 153
NSA/NCSC Rainbow Series 158
Objects and Subjects 165
Common Flaws in Security Architecture 166
Test Your Knowledge 169

Chapter Seven
Domain 7 - Operations Security
Definitions 173
Administrative Management 174
Computer Operations Concepts 175
Test Your Knowledge 179

Chapter Eight
Domain 8 - Business Continuity Planning and Disaster Recovery
Definitions 184
Business Continuity Planning 185
Disaster Recovery Planning 187
Recovery Planning Development 188
Test Your Knowledge 193

Chapter Nine
Domain 9 - Laws, Investigations, and Ethics
Definitions 201
Types of Laws 201
U.S. Laws 203
International Computer Crime Related Laws 205
Investigations 206
Types of Computer Crime 211
Incident Handling/Response 212
Ethics 213
ISC2 Code of Ethics 213

Chapter Ten
Domain 10 - Physical Security
Definitions 221
Administrative and Physical Controls 221
Elements of Physical Security 226
Facility Requirements 226
Noise 228
Fire Access and Controls 229
Physical Access Controls 230
Technical Controls 231
Environment/Life Safety 231
Test Your Knowledge 233

Chapter Eleven
Methods of Attacks
Definitions 239
Other Attacks 241

CISSP Practice Exam 245
Bibliography 257
Recommended Study Aids 258
Glossary Terms 259

---

Catalogue Information

---