This book is streamlined to include only core certification information and is presented for ease of last-minute studying. Main objectives of the exam are covered concisely with key concepts highlighted.
The only guide you need for last-minute studyingAnswers the toughest questions and highlights core topicsCan be paired with any other study guide so you are completely prepared. Get more than 90 percent of the answers correct, and you're ready to take the certification exam. More than Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam New for the 9th edition: Audio Review.
Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare. This edition has been thoroughly revised to cover the new CISSP Common Body of Knowledge, including new hot spot and drag and drop question formats, and more. Each chapter features learning objectives, exam tips, practice questions, and in-depth explanations.
Beyond exam prep, the guide also serves as an ideal on-the-job reference for IT security professionals. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more.
Along with the book, you also get access to Sybex's superior online interactive learning environment that includes: Four unique question practice exams to help you identify where you need to study more. More than Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam Coverage of all of the exam topics in the book means you'll be ready for: Security and Risk Management Asset Security Security Engineering Communication and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security.
Covering in detail all eight domains, the expert advice inside gives you the key information you'll need to pass the exam. Plus, you'll get tips on setting up a day study plan, tips for exam day, and access to an online test bank of questions. Complete with access to an online test bank this book is the secret weapon you need to pass the exam and gain certification. The first part of the book provides questions per domain so you can practice on any domains you know you need to brush up on.
After that, you get two unique question practice exams to help you master the material and practice simulated exam taking well in advance of the exam. The two practice exams cover all exam domains, and are included in identical proportion to the exam itself to help you gauge the relative importance of each topic covered. These practice tests align with the version of the exam to ensure up-to-date preparation, and are designed to simulate what you'll see on exam day.
The CISSP credential signifies a body of knowledge and a set of guaranteed skills that put you in demand in the marketplace. This book is your ticket to achieving this prestigious certification, by helping you test what you know against what you need to know. Align your preparation with the CISSP Body of Knowledge Test your knowledge of all exam domains Identify areas in need of further study Gauge your progress throughout your exam preparation The Certified Information Systems Security Professional exam is refreshed every few years to ensure that candidates are up-to-date on the latest security topics and trends.
Fast Facts quickly review fundamentals Exam Warnings highlight particularly tough sections of the exam Crunch Time sidebars point out key concepts to remember Did You Know? Breaches have real and immediate financial, privacy, and safety consequences. This handbook has compiled advice from top professionals working in the real world about how to minimize the possibility of computer security breaches in your systems. Written for professionals and college students, it provides comprehensive best guidance about how to minimize hacking, fraud, human error, the effects of natural disasters, and more.
This essential and highly-regarded reference maintains timeless lessons and is fully revised and updated with current information on security issues for social networks, cloud computing, virtualization, and more. The book synthesizes existing concepts, strategies, approaches and methods of risk management and provides the results of empirical research on risk and risk management during the COVID pandemic.
The analysis looks at both the impact of the COVID pandemic on the selected enterprises and the risk management measures these enterprises had taken in response to the emerging global trends.
The final part of the book reflects on how firms can build resilience in challenging times and suggests a model for business resilience. The comparative analysis will provide useful insights into key strategic approaches of risk management. This dependence has significantly increased the risk of cyber crime and breaches in data security. Fortunately, research in the area of cyber security and information protection is flourishing; however, it is the responsibility of industry professionals to keep pace with the current trends within this field.
The company should employ secure vehicles and store media at a secure site. Ensure that the storage site is unlikely to be impacted by the same disaster that may strike the primary site, such as a flood, earthquake, or fire. This includes data sent over untrusted networks such as the Internet, but VPNs may also be used as an additional defense-in-depth measure on internal networks like a private corporate WAN or private circuits like T1s leased from a service provider. We discussed the roles required to protect data, including business or mission owners, data owners, system owners, custodians, and users.
An understanding of the remanence properties of volatile and nonvolatile memory and storage media are critical security concepts to master. A company outsources payroll services to a third-party company. Which of the following roles most likely applies to the third-party payroll company? Data controller B. Data owner D. Data processor 2. Which managerial role is responsible for the actual computers that house data, including the security of hardware and software configurations?
Custodian B. Data owner C. Mission owner D. System owner 3. What method destroys the integrity of magnetic media, such as tapes or disk drives, and the data they contain by exposing them to a strong magnetic field? Bit-level overwrite B. Degaussing C. Destruction D. Shredding 4. DRAM B. SRAM D. SSD 5. What type of memory stores bits in small capacitors like small batteries?
A third-party payroll company is an example of a data processor. A data owner is a management employee responsible for assuring that specific data is protected. A system owner is responsible for the actual computers that house data, including the security of hardware and software configurations.
A custodian is a nonmanager who provides hands-on protection of assets. A data owner is a manager responsible for assuring that specific data is protected.
Correct answer and explanation: B. Degaussing destroys the integrity of magnetic media, such as tapes or disk drives, and the data they contain by exposing them to a strong magnetic field. Incorrect answers and explanations: Answers A, C, and D are incorrect. A bitlevel overwrite removes data by overwriting every sector of a disk.
Destruction physically destroys data; for example, via incineration. DRAM is relatively inexpensive memory that uses capacitors. EPROM may be erased with ultraviolet light. DRAM stores bits in small capacitors like small batteries.
Executive Order —National security information. OECD privacy principles. SSD garbage collection briefly explained. What is TRIM? Next comes cryptography, including core concepts of symmetric encryption, asymmetric encryption, and hash functions.
Finally, we will discuss physical security, where we will learn that safety of personnel is paramount. This is the rule that forbids a secretcleared subject from reading a top-secret object. While Bell-LaPadula, which is discussed shortly, is focused on protecting confidentiality, other models like Biba are focused on integrity.
Reading down occurs when a subject reads an object at a lower sensitivity level, such as a top-secret subject reading a secret object. There are instances when a subject has information and passes that information up to an object, which has higher sensitivity than the subject has permission to access.
This is called writing up. It is focused on maintaining the confidentiality of objects. Protecting confidentiality means users at a lower security level are denied access to objects at a higher security level.
Subjects with a Secret clearance cannot access Top Secret objects, for example. For example: subjects who are logged into a Top Secret system cannot send emails to a Secret system.
For every relationship between a subject and an object, there are defined upper and lower access limits implemented by the system. Subjects have a least upper bound LUB and greatest lower bound GLB of access to the objects based on their lattice position. What if the Secret subject writes erroneous information to a Top Secret object? Integrity models such as Biba address this issue.
Biba is the model of choice when integrity protection is vital. This prevents subjects from accessing information at a lower integrity level.
This protects integrity by preventing bad information from moving up from lower integrity levels. This prevents subjects from passing information up to a higher integrity level than they have clearance to change.
This protects integrity by preventing bad information from moving up to higher integrity levels. Biba is often used where integrity is more important than confidentiality.
Examples include time and location-based information. Biba takes the Bell-LaPadula rules and reverses them, showing how confidentiality and integrity are often at odds. Because the programs have specific limitations to what they can and cannot do to objects, Clark-Wilson effectively limits the capabilities of the subject.
The concept of well-formed transactions provides integrity. The process is comprised of what is known as the access control triple: user, transformation procedure, and constrained data item. A matrix is a data structure that acts as a lookup table for the operating system. The columns of the table show the access control list ACL for each object or application.
The complexity of an issue, such as reading a sector from a disk drive, is contained to one layer; in this case, the hardware layer.
One layer, such as the application layer, is not directly affected by a change to another. Hardware 2. Kernel and device drivers 3. Operating system OS 4. That said, computers are tremendously complex machines, and abstraction provides a way to manage that complexity. More broadly defined, domains are groups of subjects and objects with similar security requirements.
The innermost ring is the most trusted, and each successive outer ring is less trusted. Processes communicate between the rings via system calls, which allow processes to communicate with the kernel and provide a window between the rings.
An open system is not the same as open source. An open system uses standard hardware and software, while open-source software makes source code publicly available. The hardware must provide confidentiality, integrity, and availability for processes, data, and users.
The motherboard contains hardware including the CPU, memory slots, firmware, and peripheral slots, such as peripheral component interconnect slots. The keyboard unit is the external keyboard. Ultimately, everything a computer does is mathematical: adding numbers, which can be extended to subtraction, multiplication, division, etc. CPUs are rated by the number of clock cycles per second.
Fetch Instruction 1 2. Decode Instruction 1 3. Execute Instruction 1 4. Write save Result 1 These four steps take one clock cycle to complete. Each part is called a pipeline stage; the pipeline depth is the number of simultaneous stages that may be completed at once. A four-stage pipeline can combine the stages of four other instructions: 1.
Fetch Instruction 2, Decode Instruction 1 3. This increases the throughput. A CPU interrupt is a form of hardware interrupt that causes the CPU to stop processing its current task, save the state, and begin processing a new request. When the new task is complete, the CPU will complete the prior task. A heavyweight process HWP is also called a task. A parent process may spawn additional child processes called threads. A thread is a lightweight process LWP.
Threads are able to share memory, resulting in lower overhead compared to heavy weight processes. Multitasking allows multiple tasks heavyweight processes to run simultaneously on one CPU. Multiprocessing has a fundamental difference from multitasking: it runs multiple processes on multiple CPUs. Virtual memory provides many functions, including multitasking multiple tasks executing at once on one CPU , swapping, and allowing multiple processes to access the same shared library in memory, among others.
It first runs the power-on self-test POST , which performs basic tests, including verifying the integrity of the BIOS itself, testing the memory, and identifying system devices, among other tasks.
Once the POST process is complete and successful, it locates the boot sector for systems that boot off disks , which contains the machine code for the operating system kernel. The kernel then loads and executes, and the operating system boots up. It is often used to support records retention for legal or regulatory compliance.
WORM storage helps assure the integrity of the data it contains; there is some assurance that it has not been and cannot be altered, short of destroying the media itself. Not all computer manufacturers employ TPM chips, but the adoption has steadily increased. The TPM chip allows for hardware-based cryptographic operations. Security functions can leverage the TPM for random number generation; the use of symmetric, asymmetric, and hashing algorithms; and secure storage of cryptographic keys and message digests.
The most commonly referenced use case for the TPM chip is ensuring boot integrity. By operating at the hardware level, the TPM chip can help ensure that kernel-mode rootkits are less likely to be able to undermine operating system security.
In addition to boot integrity, TPM is also commonly associated with some implementations of full disk encryption. The two most prominent protections against this attack are data execution prevention DEP and address space location randomization ASLR. Another protection mechanism, ASLR, seeks to make exploitation more difficult by randomizing memory addresses.
For example, imagine an adversary develops a successful working exploit on his or her own test machine. When the code is run on a different system using ASLR, the addresses will change, which will probably cause the exploit to fail.
Operating systems provide memory, resource, and process management. It provides the interface between hardware and the rest of the operating system, including applications.
That boot sector contains the beginning of the software kernel machine code, which is then executed. It enforces the system's security policy, such as preventing a normal user from writing to a restricted file, like the system password file.
A Type 1 hypervisor, also called bare metal, is part of an operating system that runs directly on host hardware. A Type 2 hypervisor runs as an application on a normal operating system, such as Windows Many virtualization exploits target the hypervisor, including hypervisor-controlled resources shared between host and guests, or guest and guest. These include cut-andpaste, shared drives, and shared network connections.
As discussed previously, complexity is the enemy of security1; the sheer complexity of virtualization software may cause security problems. Combining multiple guests onto one host may also raise security issues. Virtualization is no replacement for a firewall; never combine guests with different security requirements such as DMZ and internal onto one host.
The risk of virtualization escape is called VMEscape, where an attacker exploits the host OS or a guest from another guest. Many network-based security tools, such as network intrusion detection systems, can be blinded by virtualization. A cloud also implies geographic diversity of computer resources.
The goal of cloud computing is to allow large providers to leverage their economies of scale to provide computing resources to other companies that typically pay for these services based on their usage. IaaS provides an entire virtualized operating system, which the customer configures from the OS on up. PaaS provides a preconfigured operating system and the customer configures the applications. Finally, SaaS is completely configured, from the operating system to applications, and the customer simply uses the application.
In all three cases, the cloud provider manages hardware, virtualization software, network, backups, etc. See Table 3. Private clouds house data for a single organization and may be operated by a third party or by the organization itself.
Benefits of cloud computing include reduced upfront capital expenditure, reduced maintenance costs, robust levels of service, and overall operational cost savings. From a security perspective, taking advantage of public cloud computing services requires strict service level agreements and an understanding of new sources of risk.
Organizations should also negotiate specific rights before signing a contract with a cloud computing provider. These rights include the right to audit, the right to conduct a vulnerability assessment, and the right to conduct a penetration test, both electronic and physical, of data and systems placed in the cloud.
Rather than achieving highperformance computational needs by having large clusters of similar computing resources or a single high-performance system, such as a supercomputer, grid computing attempts to harness the computational resources of a large number of dissimilar devices.
One of the key security concerns with parallel systems is ensuring the maintenance of data integrity throughout the processing. This shared memory, if not appropriately managed, can expose potential race conditions that introduce integrity challenges. Any system may act as a client, a server, or both, depending on the data needs.
Decentralized peer-to-peer networks are resilient; there are no central servers that can be taken offline. Integrity is a key P2P concern. With no central repository of data, what assurance do users have of receiving legitimate data? Cryptographic hashes are a critical control and should be used to verify the integrity of data downloaded from a P2P network. Thin clients rely on central servers, which serve applications and store the associated data.
Thin clients allow centralization of applications and their data, as well as the associated security costs of upgrades, patching, data storage, etc. Thin clients may be hardware based such as diskless workstations or software based such as thin client applications. We will also discuss countermeasures, or mitigating actions that reduce the associated risk. The communication channel used by malware installed on a system that locates personally identifiable information PII such as credit card information and sends it to a malicious server is an example of a covert channel.
Two specific types of covert channels are storage channels and timing channels. Attackers will often install a backdoor after compromising a system. There are many types of malicious code; viruses, worms, Trojans, and logic bombs can all cause damage to targeted systems. Zero-day exploits are malicious code ie, a threat for which there is no vendor-supplied patch, meaning there is an unpatched vulnerability.
Also called multipart virus. Worms typically cause damage two ways: first by the malicious code they carry and then the loss of network availability due to aggressive self-propagation. The term derives from the Trojan horse described in Virgil's poem The Aeneid. Kernel-mode rootkits operate in ring 0 on most operating systems. The original executable is compressed, and a small decompresser is prepended to the executable. Upon execution, the decompresser unpacks the compressed executable machine code and runs it.
Packers are a neutral technology that is used to shrink the size of executables. Many types of malware use packers, which can be used to evade signature-based malware detection. Malware such as worms often contain logic bombs, behaving in one manner, then changing tactics on a specific date and time.
Signaturebased antivirus software uses static signatures of known malware. Heuristic-based antivirus uses anomaly-based detection to attempt to identify behavioral characteristics of malware, such as altering the boot sector. Patching, system hardening, firewalls, and other forms of defense-in-depth mitigate server-side attacks. Organizations should not allow direct access to server ports from untrusted networks such as the Internet, unless the systems are hardened and placed on DMZ networks.
Client-side attacks are difficult to mitigate for organizations that allow Internet access. Clients include word processing software, spreadsheets, media players, Web browsers, etc. They often fail to prevent client-side attacks. Unlike HTML, which provides a way to display content, applets are executables. The primary security concern is that applets are downloaded from servers, then run locally.
Malicious applets may be able to compromise the security of the client. Java applets run in a sandbox, which segregates the code from the operating system. The sandbox is designed to prevent an attacker who is able to compromise a java applet from accessing system files, such as the password file.
They use digital certificates instead of a sandbox to provide security. One of their best-known projects is the OWASP Top 10 project, which provides consensus guidance on what are considered to be the 10 most significant application security risks.
In addition to the wealth of information about application security threats, vulnerabilities, and defenses, OWASP also maintains a number of security tools available for free download including a leading interception proxy called the Zed Attack Proxy ZAP.
XML is used on the web, but is not tied to it; XML can be used to store application configuration and output from auditing tools, among other things. Extensible means users may use XML to define their own data formats. SOA is intended to allow multiple heterogeneous applications to be consumers of services.
The service can be used and reused throughout an organization rather than built within each individual application that needs the functionality offered by the service. Services are expected to be platform independent and able to be called in a generic way that is also independent of a particular programming language.
The intent is that that any application may leverage the service simply by using standard means available within their programming language of choice. Services are typically published in some form of a directory that provides details about how the service can be used and what the service provides. Though web services are not the only example, they are the most common example provided for the SOA model.
The sheer amount of data that may be housed in a database requires special security consideration. The word polyinstantiation is based on the Latin roots for multiple poly and instances instantiation.
Database polyinstantiation means two rows may have the same primary key, but different data. These issues occur in multiple realms, including database security.
Inference requires deduction. There is a mystery to be solved, and lower level details provide the clues. Aggregation is a mathematical process; a user asks every question, receives every answer, and derives restricted information. Traditional network-based protection, such as firewalls and intrusion detection systems, are powerless to prevent the initial attack.
Technical controls to mitigate infected mobile computers include requiring authentication at OSI model Layer 2 via As an information security professional, it is essential to stay current on the latest advances in technology and the effluence of security threats.
Recognized as one of the best tools available for security professionals, specifically for the candidate who is striving to become a CISSP,. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much.
This edition has been thoroughly revised to. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Covering in detail all eight domains, the expert advice inside gives you the key information you'll need to pass the exam. Plus, you'll get tips on setting up a day study plan, tips for exam day, and access to an online test bank of questions.
0コメント