Mike Meyers' Certification Passport CISSP

From the #1 Name in Professional Certification

Get on the road to becoming a Certified Information Systems Security Professional with this concise, affordable, and portable study tool. Certification training guru Mike Meyers and author Shon Harris will guide you on your career path, providing expert tips and sound advice along the way. With an intensive focus on only what you need to know to pass the test, this Certification Passport is your ticket to success on exam day.

1. Security Management Practices
• Objective 1.01 Management Responsibilities
• Objective 1.02 Risk Management
• Risk Analysis
• Objective 1.03 Possible Threats
• Objective 1.04 Security Control Types
• Objective 1.05 Calculating Risk
• Quantitative Versus Qualitative Approaches
• Dealing with Risk
• Countermeasure Selection
• Objective 1.06 Security Policies and their Supporting Counterparts
• Security Policy
• Standards
• Baselines
• Procedures
• Guidelines
• Objective 1.07 Roles and Responsibilities
• Data Owner
• Data Custodian
• User
• Security Auditor
• Objective 1.08 Information Classification
• Military Versus Commercial Classifications
• Objective 1.09 Employee Management
• Operational Administrative Controls
• CHECKPOINT
• Review Questions
• Review Answers
2. Access Control
• Objective 2.01 Identification and Authentication
• Definitions
• Three Steps to Access Control
• Authentication
• Biometrics
• Passwords
• Cognitive Password
• One-Time Password
• Cryptographic Keys
• Passphrase
• Memory Cards
• Smart Cards
• Authorization
• Objective 2.02 Single Sign-On Technologies
• Directory Services
• Kerberos
• SESAME
• Thin Clients
• Objective 2.03 Access Control Models and Techniques
• DAC
• MAC
• RBAC
• Access Control Techniques
• Restricted Interfaces
• Capability Tables and ACLs
• Content-Dependent Access Control
• Other Access Techniques
• Objective 2.04 Access Control Administration
• Centralized Access Control Administration
• RADIUS
• TACACS
• Diameter
• Decentralized Access Control Administration
• Objective 2.05 Intrusion Detection System
• Network-Based and Host-Based
• Signature-Based and Behavior-based
• Downfall of IDS
• Objective 2.06 Unauthorized Access Control and Attacks
• Unauthorized Disclosure of Information
• Emanation Security
• Attack Types
• Penetration Testing
• CHECKPOINT
• Review Questions
• Review Answers
3. Security Models and Architecture
• Objective 3.01 System Components
• Central Processing Unit
• Storage and Memory Types
• Virtual Memory
• Data Access Storage
• Processing Instructions
• Operating States
• Objective 3.02 Operation System Security Mechanisms
• Process Isolation
• Protection Rings
• Virtual Machine
• Trusted Computing Base
• Reference Monitor and Security Kernel
• Objective 3.03 Security Models
• The Different Models
• State Machine Models
• Bell-LaPadula Model
• Biba
• Clark-Wilson Model
• Non-Interference Model
• Access Control Matrix Model
• Information Flow Model
• Brewer and Nash Model
• Graham-Denning and Harrison-Ruzzo-Ullman Models
• Objective 3.04 Security Evaluation Criteria
• Security Evaluations
• Trusted Computer System Evaluation Criteria
• Rainbow Series
• Information Technology Security Evaluation Criteria
• Common Criteria
• Certification Versus Accreditation
• CHECKPOINT
• Review Questions
• Review Answers
4. Physical Security
• Objective 4.01 Controls Pertaining to Physical Security
• Facility Location
• Facility Construction
• Computing AArea
• Hardware Backups
• Objective 4.02 Electrical Power and Environmental Issues
• UPS
• Power Interference
• Environmental Considerations
• Ventilation
• Water, Steam, and Gas
• Objective 4.03 Fire Detection and Suppression
• Fire Prevention
• Fire Detection
• Fire Types
• Fire Suppression
• Halon
• Fire Extinguishing Issues
• Water Sprinkles
• Emergency Response
• Objective 4.04 Perimeter Security
• Lock Types
• Facility Access
• Entrance Protection
• Fencing
• Lighting
• Surveillance Devices
• Intrusion Detection Systems
• CHECKPOINT
• Review Questions
• Review Answers
5. Telecommunications and Networking Security
• Objective 5.01 TCP/IP Suite
• Internet Protocol (IP)
• Networks
• Intranets and Extranets
• Objective 5.02 Cabling and data Transmission Types
• Coaxial Cable
• Twisted-Pair Cable
• Fiber
• cable Issues
• Fire Ratings
• Broadband and Baseband
• Signals
• Asynchronous and Synchronous
• Transmission Methods
• Objective 5.03 LAN Technologies
• Network Topologies
• Media Access Technologies
• Ethernet
• Token Passing
• Polling
• Protocols
• Address Resolution Protocol (ARP)
• Reverse Address Resolution Protocol (RARP)
• Boot Protocol 
• Internet Control Message Protocol (ICMP)
• Other TCP/IP Protocols
• Objective 5.04 Networking Devices and Services
• Repeater
• Bridge
• Switches
• VLAN
• Router
• Brouters
• Gateway
• Summary of Devices
• Firewalls
• Packet Filtering
• Proxy Firewalls
• Stateful Firewalls
• Firewall Architecture
• Firewall Administration
• Remote Connectivity
• PPP
• SLIP
• PAP
• CHAP
• EAP
• VPN
• PPTP
• L2TP
• IPSec
• Network Services
• DNS
• NAT
• Objective 5.05 Telecommunications Protocols and Devices
• FDDI
• SONET
• Dedicated Link
• CSU/DSU
• S/WAN
• ISDN
• DSL
• Cable Modems
• WAN Switching
• Frame Relay
• X.25
• ATM
• Quality of Service
• SMDS
• SDLC
• HDLC
• Multiservice Access Technologies
• Objective 5.06 Remote Access Methods and Technolgies
• Remote Access
• Wireless Technology
• Spread Spectrum
• WAP
• Access Points
• SSID
• OSA and SKA
• Call Phone Cloning
• PBX Threats
• Objective 5.07 Fault Tolerance Mechanisms
• RAID
• Clustering
• Backing Up
• CHECKPOINT
• Review Questions
• Review Answers
6. Cryptography
• Objective 6.01 Cryptographic Definitions
• Definitions
• Keys and Text
• Keyspace
• Strength of Cryptosystem
• Attacks
• Spy-Like Ciphers
• Steganography
• Objective 6.02 Cipher Types
• Kerckhoff's Principle
• key Escrow
• Substitution Cipher
• Transposition Cipher
• Block Cipher
• Stream Cipher
• Symmetric Cryptography
• Asymmetric Cryptography
• Objective 6.03 Hybrid Approach
• Key Management
• Data Encryption
• Security Goals
• Types of Symmetric Algorithms
• DES
• Triple-DES (3DES)
• Advanced Encryption Standard (AES)
• Other Symmetric Algorithms
• Asymmetrical Algorithms
• Diffie-Hellman Key Exchange
• El Gamal
• Elliptic Curve Cryptosystems (ECC)
• Objective 6.04 Message Integrity and Digital Signatures
• Message Integrity
• One-Way Hash
• Attacks on Hashing Functions
• Hashing Algorithms
• Message Authentication Code
• Electronic Signing
• DSS
• Objective 6.05 Cryptographic Applications
• Public Key Infrastructure
• Certificate Authority (CA)
  Registration Authority
• Certificate Revocation List (CRL)
• Components of PKI
• PKI Steps
• One-Time Pad
• Encryption at Different Layers
• Objective 6.06 Cryptographic Protocols
• Privacy-Enhanced Mail (PEM)
• Message Security Protocol (MSP)
• Pretty Good Privacy (PGP)
• Internet Security
• Secure Hypertext Transfer Protocol (S-HTTP)
• HTTPS
• Secure Sockets Layer (SSL)
• S/MIME
• SSH2
• SET
• IPSec
• Other Security Technologies
• Objective 6.07 Attacks
• Ciphertext-Only Attack
• Known-Plaintext Attack
• Chosen-Plaintext Attack
• Adaptive Chosen-Plaintext Attack
• Chosen-Ciphertext Attach
• Adaptive Chosen-Ciphertext Attack
• man-in-the-Middle Attack
• Algebraic Attack
• Analytic Attack
• CHECKPOINT
• Review Questions
• Review Answers
7. Disaster Recovery and Business Continuity
• Objective 7.01 Disaster Recovery versus Business Continuity
• Objective 7.02 Project Initiation Phase
• Objective 7.03 Business Impact Analysis
• Objective 7.04 Possible Threats
• Objective 7.05 Backups and Off-Site Facilities
• Employees and the Working Environment
• Choosing a Software Backup Storage Facility
• Backup Facility Alternatives
• Objective 7.06 DRP and BCP Planning Objectives
• Emergency Response
• Recovery and Restoration
• Documentation
• Testing and Drills
• Maintenance
• Phase Breakdown
• Prevention
• CHECKPOINT
• Review Questions
• Review Answers
8. Investigation, and Ethics
• Objective 8.01 Ethics
• (ISC)²
• Computer Ethics Institute
• Internet Activities Board
• Objective 8.02 Hacking Methods
• Characteristics of an Attacker
• Problems with Prosecuting Attackers
• Types of Attacks
• Salami
• Data Diddling
• Excessive Privilege
• Password Sniffing
• IP Spoofing
• Dumpster Diving
• Wiretapping
• Social Engineering
• More Attack Types
• Attack Categories
• Phone Fraud
• Objective 8.03 Organization Liabilities and Ramifications
• Security Principles
• Legal Liability
• Privacy Issues
• Privacy Act of 1874
• Electronic Communications Privacy Act of 1986
• Health Insurance Portability and Accountability Act (HIPAA)
• Gramm Leach Bliley Act of 1999
• Employee Monitoring
• Transborder Information FLow
• International Issues
• Objective 8.04 Types pf Law
• Civil Law
• Criminal Law
• Administrative Law
• Federal Policies
• Computer Fraud and Abuse Act of 1986
• Economic Espionage Act of 1996
• Federal Sentencing Guidelines of 1991
• Intellectual Property Laws
• Trade Secret
• Copyright
• Trademark
• Patent
• Software Piracy
• Objective 8.05 Computer Crime Investigation
• Who Should Investigate?
• Incident Response Plan
• Incident Response Team
• Incident Handling
• Collective Evidence
• Search and Seizure
• Forensics
• Admissibility of Evidence
• Evidence Types
• Best Evidence
• Secondary Evidence
• Hearsay Evidence
• Enticement and Entrapment
• Trial
• CHECKPOINT
• Review Questions
• Review Answers
9. Applications and System Development
• Objective 9.01 Project Development
• Software Lifecycle
• Software Development Models
• Project Initiation
• Functional Design Analysis and Planning
• System Design Specifications
• Software Development
• Acceptance Testing/Implementation
• Operations/Maintenance
• Disposal
• Software Development Methods
• Change Controls
• Administrative Controls
• Program Language Evolution
• Objective 9.02 Object-Oriented Programming
• Classes and Objects
• Abstraction
• Polymorphism
• Polyinstantiation
• Application Threats
• Objective 9.03 Distributed Computing
• ORB and CORBA
• COM and DCOM
• Enterprise Java Bean
• OLE
• ActiveX
• Java Applets
• CGI
• Cookies
• Objective 9.04 Databases
• Relational Data Model
• Data Dictionary
• Database jargon
• Structured Query Language
• Hierarchical Database Model
• Network Database Management System
• Distributed Data Model
• Object-Oriented Database
• Concurrency Issues
• Aggregation and Inference
• Data Warehousing
• Data Mining
• Objective 9.05 Artificial Intelligence
• Expert Systems
• Artificial Neural Network
• Objective 9.06 Malware
• Virus
• Worms
• Logic Bombs
• Trojan Horse
• Denial of Service
• DDoS
• Smurf Attacks
• Timing Attacks
• CHECKPOINT
• Review Questions
• Review Answers
10. Operations Security
• Objective 10.01 Operations Controls
• Due Care
• Administrative Control
• Separation of Duties
• Job Rotation
• Least Privilege and Need-to-Know
• Mandatory Vacations
• Clipping Levels
• Control Categories
• Objective 10.02 Configuration Management and Media Control
• Media Controls
• Input/Output Data Controls
• Objective 10.03 Reacting to Failures and Recovering
• Trusted Recovery
• Facsimile Security
• Operational Responsibilities
• Unusual or Unexplained Occurrences
• Deviations from Standards
• Unscheduled Initial Program Loads
• Personnel Operators
• Objective 10.04 Software Backups
• Network Availability
• RAID
• Backups
• Contingency Management
• CHECKPOINT
• Review Questions
• Review Answers

1. About the Free Online Practice Exam
• Mike Meyers' Certification Passport FREE Online Practice Exam Instructions
• System Requirements
• Technical Support
2. Career Flight Path
• Career Paths in Security

A very good book, but you must not buy this one if you don't already knows the subjects. It's a book used to cram stuff you already know.