基于(ISC)2 CISSP Common Body of Knowledge,可以辅助all in one加深对8个域知识点了解,最新的知识点已经在2018年4月15日CISSP考试中广泛体现。本学习指南重点突出知识点概念并伴有相应测试题,结合all in one 8后面测试题、光盘题和《CISSP Official (ISC)2 Practice Tests 2018年第二版》英文版&官方练习题及解题详解(1300题左右),备考题库已足够了解所有知识点本书含21章节,各域对应的章节如下:1-4章对应Domain 1 Security and Risk Mgmt第5章对应Domain 2 Asset security资产安全第6,7,8,9,10章对应Domain 3 安全架构与工程第11,12章,通讯与网络安全第13,14章,身份与访问管理IAM第15章对应域安全评估与测试第16,17,18,19章对应域7安全运维第20,21章软件开发安全
Development Editor: Kelly TalbotTechnical Editors: Jeff Parker, Bob Sipes, and David SeidlCopy Editor: Kim WimpsettEditorial Manager: Pete GaughanProduction Manager: Kathleen wisorExecutive editor: im minatelProofreader: Amy schneiderIndexer: Johnna Van Hoose dinseProject Coordinator, Cover: brent SavageCover Designer: wileyCover Image: @Jeremy Woodhouse/Getty Images, Inc.Copyright C 2018 by John Wiley Sons, InC, Indianapolis, IndianaPublished simultaneously in CanadaISBN:978-1-119-47593-4ISBN:978-1-119-47595-8(ebk)ISBN:978-1-119-47587-3(ebk)Manufactured in the United States of americaNo part of this publication may be reproduced, stored in a retrieval system or transmitted iany form or by any means, electronic, mechanical, photocopying, recording, scanning orotherwise, except as permitted under Sections 107 or 108 of the 1976 United States CopyrightAct, without either the prior written permission of the Publisher, or authorization throughpayment of the appropriate per-copy fee to the Copyright Clearance Center, 222 RosewoodDrive, Danvers, MA O1923,( 978)750-8400, fax(978)646-8600 Requests to the Publisherfor permission should be addressed to the permissions Department, John Wiley sons, Inc.111 River Street, Hoboken, NJ o7030, (201)748-6011, fax(201)748-6008, or online athttp://www.wiley.com/go/permissionsLimit of liability /Disclaimer of Warranty: The publisher and the author make norepresentations or warranties with respect to the accuracy or completeness of the contents ofthis work and specifically disclaim all warranties, including without limitation warranties offitness for a particular purpose. No warranty may be created or extended by sales orpromotional materials. The advice and strategies contained herein may not be suitable forevery situation. This work is sold with the understanding that the publisher is not engaged inrendering legal, accounting, or other professional services. If professional assistance isrequired the services of a competent professional person should be sought. Neither thepublisher nor the author shall be liable for damages arising herefrom. The fact that anorganization or Web site is referred to in this work as a citation and/or a potential source offurther information does not mean that the author or the publisher endorses the informationthe organization or Web site may provide or recommendations it may make Further readersshould be aware that Internet Web sites listed in this work may have changed or disappearedbetween when this work was written and when it is readFor general information on our other products and services or to obtain technical supportplease contact our Customer Care Department within the U.S. at(877)762-2974, outside theUS.at(317)5723993 or fax(317)572-4002Wiley publishes in a variety of print and electronic formats and by print-on-demand. Somematerial included with standard print versions of this book may not be included in e-books orin print-On-demand. If this book refers to media such as a CD or DVd that is not included intheversionyoupurchasedyoumaydownloadthismaterialathttp://booksupport.wilev.comFormoreinformationaboutwileyproductsvisitwww.wiley.comLibrary of Congress Control Number: 2018933561TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registeredtrademarks of John Wiley Sons, Inc and /or its affiliates, in the United States and othercountries, and may not be used without written permission. CISSP is a registered trademark of(ISC)2, Inc. All other trademarks are the property of their respective owners John WileySons, Inc is not associated with any product or vendor mentioned in this book.To Dewitt Latimer, my mentor, friend, and colleague. I miss youdearly.Mike ChappleTo Cathy, your perspective on the world and life often surprises me,challenges me, and makes me love you even moreJames michael stewartTo Nimfa, thanks for sharing your life with me for the past 26 yearsand letting me share mine with youDarril gibsonDear Future(ISC)2 MemberCongratulations on starting your journey toCISSPR certification Earning your CISSP is anexciting and rewarding milestone in yourcybersecurity career. Not only does it demonstrateyour ability to develop and manage nearly allaspects of an organizations cybersecurityoperations, but you also signal to employers yourcommitment to life-long learning and taking anactive role in fulfilling the(isc)2 vision ofinspiring a safe and secure cyber worldThe material in this study guide is based upon the (isc)2 cisspCommon Body of Knowledge. It will help you prepare for the examthat will assess your competency in the following eight domainsa Security and risk management■ Asset securitySecurity Architecture and engineeringa Communication and Network securitya Identity and Access Management (IAM)Security Assessment and Testing■ Security OperationsSoftware Development SecurityWhile this study guide will help you prepare, passing the cissp examdepends on your mastery of the domains combined with your ability toapply those concepts using your real-world experiencei wish you the best of luck as you continue on your path to become aCISSP and certified member of(Isc)2Sincerely,David shearer. CISSPCEO(ISC)2Ackn。w| edgmentsWe'd like to express our thanks to Sybex for continuing to support thisproject. Extra thanks to the eighth edition developmental editor, kellyTalbot, and technical editors, Jeff Parker, Bob Sipes, and David Seidlwho performed amazing feats in guiding us to improve this bookThanks as well to our agent, Carole Jelen, for continuing to assist innailing down these projectsMike james. and darrilSpecial thanks go to the information security team at the University ofNotre Dame, who provided hours of interesting conversation anddebate on security issues that inspired and informed much of thematerial in this bookI would like to thank the team at wiley who provided invaluableassistance throughout the book development process. i also owe a debtof gratitude to my literary agent, Carole Jelen of WatersideProductions. My coauthors, James Michael Stewart and darril Gibsonwere great collaborators. Jeff Parker, Bob Sipes, and David Seidl, ourdiligent and knowledgeable technical editors, provided valuable insight as we brought this edition to pressId also like to thank the many people who participated in theproduction of this book but whom I never had the chance to meet: thegraphics team, the production staff, and all of those involved inbringing this book to press-Mike ChappleThanks to Mike Chapple and Darril Gibson for continuing tocontribute to this project Thanks also to all my cissp course studentswho have provided their insight and input to improve my trainingcourseware and ultimately this tome. To my adoring wife, CathyBuilding a life and a family together has been more wonderful than Icould have ever imagined. To Slayde and remi: you are growing up sofast and learning at an outstanding pace, and you continue to delightand impress me daily. You are both growing into amazing individualsTo my mom, Johnnie: It is wonderful to have you close by To MarkNo matter how much time has passed or how little we see each other, Ihave been and always will be your friend. and finally, as always, toElvis: You were way ahead of the current bacon obsession with yourpeanut butter/banana/ bacon sandwich; i think that' s proof youtraveled through timeJames michael StewartThanks to Jim Minatel and Carole Jelen for helping get this update inplace before(IsC)2 released the objectives. This helped us get a headstart on this new edition, and we appreciate your efforts. It's been apleasure working with talented people like James Michael Stewart andMike Chapple Thanks to both of you for all your work andcollaborative efforts on this project. The technical editors, Jeff ParkerBob Sipes, and David Seidl, provided us with some outstandingfeedback, and this book is better because of their efforts Thanks to theteam at Sybex (including project managers, editors, and graphicsartists) for all the work you did helping us get this book to print. Last,thanks to my wife, Nimfa, for putting up with my odd hours as Iworked on this bookDarril gibsonAbout the authorsMike Chapple, CISSP, PhD, Security+, CISA, CySA+, is an associateteaching professor of IT, analytics, and operations at the University ofNotre Dame. In the past he was chief information officer of BrandInstitute and an information security researcher with the nationalSecurity agency and the u.s. air Force his primary areas of expertiseinclude network intrusion detection and access controls. mike is afrequent contributor to TechTarget's Search Security site and theauthor of more than 25 books including the companion book to thisstudy guide: CISSP Official (ISC)2 Practice Tests, the CompTIA CSA+Study Guide, and Cyberwarfare: Information Operations in aConnected World. Mike offers study groups for the CISSP, SSCP,Security+, and cSa+ certifications on his website atwww.certmike.comJames Michael Stewart, CISSP, CEH, ECSA, CHFI, Security+Network+, has been writing and training for more than 20 years, witha current focus on security. he has been teaching CiSsP trainingcourses since 2002, not to mention other courses on Internet securityand ethical hacking/penetration testing He is the author of andcontributor to more than 75 books and numerous courseware sets onsecurity certification, Microsoft topics, and network administrationincluding the Security +(SY0-501) Review guide. More informationaboutmichaelcanbefoundathiswebsiteatwww.impactonline.comDarril Gibson, CISSP, Security+, CASP, is the Ceo of YODa (shortfor You Can Do Anything), and he has authored or coauthored morethan 40 books. Darril regularly writes, consults, and teaches on a widevariety of technical and security topics and holds several certificationsHe regularly posts blog articles athttp://blogs.getcertifiedgetahead.com/aboutcertificationtopicsanduses that site to help people stay abreast of changes in certificationexams. He loves hearing from readers, especially when they pass anexam after using one of his books, and you can contact him throughthele blogging site.
2019-12-21 21:49:47 17.84MB CISSP OSG OSG8 Official
1