About the Book
“If you're preparing for the CISSP exam, this book is a must-have. It clearly covers all domains in a structured way, simplifying complex topics. The exam-focused approach ensures you're targeting the right areas, while practical examples reinforce your learning. The exam tips and readiness drills at the end of each chapter are particularly valuable. Highly recommended for CISSP aspirants!”
Bill DeLong, CISSP | CISM | CISA | IT Cybersecurity Specialist, DCMA | Cybersecurity Advisor, US Coast Guard
Key Features
Explore up-to-date content meticulously aligned with the latest CISSP exam objectives
Understand the value of governance, risk management, and compliance
Unlocks access to web-based exam prep resources including mock exams, flashcards and exam tips
Authored by seasoned professionals with extensive experience in cybersecurity and CISSP training
Book DescriptionThe (ISC)2 CISSP exam evaluates the competencies required to secure organizations, corporations, military sites, and government entities. The comprehensive CISSP certification guide offers up-to-date coverage of the latest exam syllabus, ensuring you can approach the exam with confidence, fully equipped to succeed.
Complete with interactive flashcards, invaluable exam tips, and self-assessment questions, this CISSP book helps you build and test your knowledge of all eight CISSP domains. Detailed answers and explanations for all questions will enable you to gauge your current skill level and strengthen weak areas.
This guide systematically takes you through all the information you need to not only pass the CISSP exam, but also excel in your role as a security professional. Starting with the big picture of what it takes to secure the organization through asset and risk management, it delves into the specifics of securing networks and identities. Later chapters address critical aspects of vendor security, physical security, and software security.
By the end of this book, you'll have mastered everything you need to pass the latest CISSP certification exam and have this valuable desktop reference tool for ongoing security needs.What you will learn
Get to grips with network communications and routing to secure them best
Understand the difference between encryption and hashing
Know how and where certificates and digital signatures are used
Study detailed incident and change management procedures
Manage user identities and authentication principles tested in the exam
Familiarize yourself with the CISSP security models covered in the exam
Discover key personnel and travel policies to keep your staff secure
Discover how to develop secure software from the start
Who this book is forThis book is for professionals seeking to obtain the ISC2 CISSP certification. You should have experience in at least two of the following areas: GRC, change management, network administration, systems administration, physical security, database management, or software development. Additionally, a solid understanding of network administration, systems administration, and change management is essential.
Table of Contents:
Table of Contents- Ethics, Security Concepts, and Governance Principles
- Compliance, Regulation, and Investigations
- Security Policies and Business Continuity
- Risk Management, Threat Modeling, SCRM, and SETA
- Asset and Privacy Protection
- Information and Asset Handling
- Secure Design Principles and Controls
- Architecture Vulnerabilities and Cryptography
- Facilities and Physical Security
- Network Architecture Security
- Securing Communication Channels
- Identity, Access Management, and Federation
- Identity Management Implementation
- Designing and Conducting Security Assessments
- Designing and Conducting Security Testing
- Planning for Security Operations
- Security Operations
- Disaster Recovery
- Business Continuity, Personnel, and Physical Security
- Software Development Life Cycle Security
- Software Development Security Controls
- Securing Software Development
- Secure Coding Guidelines, Third-Party Software, and Databases
About the Author :
Ted Jordan, M.S., CISSP, Linux+, is a seasoned cybersecurity professional with over 30 years of experience. His career includes work with NASA, General Motors, Silicon Graphics, Sun Microsystems, Fakespace, and AM General. Ted has trained over 2,500 students to achieve their CISSP, Security+, and Linux+ certifications with The Training Camp and Learning Tree. He is also the author of five books on Linux and CISSP.
In his free time, Ted enjoys a good game of tennis or watching the complexities of carom three-cushion billiards. Ricardo “Ric” Daza, PhD, is a cybersecurity mentor with the Tampa Bay Wave Accelerator, a committee member with West Florida ISACA, and a recipient of two NSA fellowships. He is also an adjunct cybersecurity professor and frequent speaker at regional and international conferences with a doctorate in Information Assurance and holds double CCIE² (R&S, Security), CISSP, CRISC, CISA, ISO 27001 Lead Auditor, PMP, and RHCE certifications.
Dr. Daza builds networks and develops cybersecurity solutions for foreign and domestic government agencies, as well as Fortune 500 companies in the financial, technology, defense, healthcare, and manufacturing sectors. He contributes to the cyber defense of organizations across the Americas. He specializes in an evidence-based approach to tackling process and technology challenges, including networking, risk management, security analysis, incident response, risk communication, vulnerability management, metrics and maturity programs, data science, programming, and more.
In addition to being a seasoned executive cybersecurity consultant, Dr. Daza was an exam content developer, crafting the tests like CISSP for ISC2, the largest cybersecurity certification body in the world. Hinne Hettema, a PhD in theoretical chemistry and philosophy of science, focuses especially on the implementation of security practices and mentoring others to become proficient security professionals. Working in IT since the early 1990s and focusing on security since the early 2000s, he has held a variety of roles working as a consultant, as part of a team, or as a leader of a security team. With over two decades of experience in the security field, Hinne has also served as an adjunct senior research fellow in cybersecurity at the University of Queensland, Australia.
He has experience in developing, implementing and running security operations, incident response and security service definition and execution. He focuses current engagements primarily on how organizations can optimize current practices, develop improvements, and make sensible decisions about their future direction. To that end, he uses his skills in architecture, security posture management, data science, threat intelligence, risk assessment and situational awareness to ensure an optimal spend of the security dollar.
He also has extensive experience in incident handling and response, including OT and ICS environments. He is a confident public speaker and can present to various audiences, from the general public to boards to cybersecurity experts to people needing training in specific aspects of cybersecurity. Hinne has authored several books including Agile Security Operation by Packt.
