CD-ROM

For details about the CD-ROM accompanying this title, please refer to Appendix H.

Who Should Read This Book?

There are three main categories of readers for this comprehensive guide:

1. Candidates for the CISSP, CAP, ISSEP, ISSAP, or ISSMP examinations who are studying on their own or those who are taking the corresponding review seminars will find this text a valuable aid in their preparation plan. The guide provides a no- nonsense way of obtaining the information needed without having to sort through numerous books covering portions of the CBK, U.S Government information assurance domains, certification and accreditation approaches, or information security management documents and then filtering their content to acquire the fundamental knowledge needed for the exam. The assessment questions provided will acclimate the reader to the type of questions that he or she will encounter on the exams, and the answers serve to cement and reinforce the candidate’s knowledge.

2. Candidates with the CISSP certification who will be working on information assurance or certification and accreditation with U.S. Federal Government organizations.

3. Students attending information system security certification programs offered in many of the major universities will find this text a valuable addition to their reference library. For the same reasons cited for the candidate preparing for the CISSP, CAP, ISSEP, ISSAP, or ISSMP exams, this book is a single-source repository of fundamental and emerging information security knowledge. It presents the information at the level of the experienced information security professional and thus is commensurate with the standards that universities require for their certificate offerings.

4. The material contained in this book is of practical value to information security professionals in performing their job functions. The professional, certified or not, will refer to the text as a refresher for information security basics as well as for a guide to the application of emerging methodologies.

Summary

The authors sincerely believe that this text will provide a more cost-effective and timesaving means of preparing for the CISSP, CAP, ISSEP, ISSAP, or ISSMP certification examinations. By using this reference, the candidate can focus on the fundamentals of the material instead of spending time deciding upon and acquiring numerous expensive texts and the overwhelming number of U.S. Government information assurance publications . It also provides the breadth and depth of coverage to avoid gaps in the CBK and U.S. Government information assurance requirements that are present in other “single” references.

We present the information security material in the text in an organized, professional manner that is a primary source of information for students in the information security field as well as for practicing professionals.

Part One: Focused Review of the CISSP Ten Domains

Chapter List

Chapter 1: Information Security and Risk Management

Chapter 2: Access Control

Chapter 3: Telecommunications and Network Security

Chapter 4: Cryptography

Chapter 5: Security Architecture and Design

Chapter 6: Operations Security

Chapter 7: Application Security

Chapter 8: Business Continuity Planning and Disaster Recovery Planning

Chapter 9: Legal, Regulations, Compliance, and Investigations

Chapter 10: Physical (Environmental) Security