Are you IT Security Professional? Here it is good book to read for. Here are the complete information about this book:
Title : CISSP Official Study Guide 7th Edition
ISBN : 978-1-119-04271-6
Author : James Michael Stewart et. al.
Publisher : Sybex
Year : 2015
Pages : 1561
This book build from 21 chapters. Chapter 1 describe about Security Governance Through Principles and Policies. Security management concepts and principles are inherent elements in a security policy and solution deployment. They define the basic parameters needed for a secure environment. They also define the goals and objectives that both policy designers and system implementers must achieve to create a secure solution. It is important for real-world security professionals, as well as CISSP exam students, to understand these items thoroughly.
Chapter 2 talking about Personnel Security and Risk Management Concepts. Because of the complexity and importance of hardware and software controls, security management for employees is often overlooked in overall security planning. This chapter explores the human side of security, from establishing secure hiring practices and job descriptions to developing an employee infrastructure. Additionally, we look at how employee training, management, and termination practices are considered an integral part of creating a secure environment. Finally, we examine how to assess and manage security risks.
Chapter 3 contains Business Continuity Planning. Despite our best wishes, disasters of one form or another eventually strike every organization. Whether it’s a natural disaster such as a hurricane or earthquake or a man-made calamity such as a building fire or burst water pipes, every organization will encounter events that threaten their operations or even their very existence. Resilient organizations have plans and procedures in place to help mitigate the effects a disaster has on their continuing operations and to speed the return to normal operations. Recognizing the importance of planning for business continuity and disaster recovery, the International Information Systems Security Certification Consortium (ISC)2 included these two processes in the Common Body of Knowledge for the CISSP program. Knowledge of these fundamental topics will help you prepare for the exam and help you prepare your organization for the unexpected.
Chapter 4 describe about Laws, Regulations, and Compliance. In this chapter, we’ll cover the various types of laws that deal with computer security issues. We’ll examine the legal issues surrounding computer crime, privacy, intellectual property, and a number of other related topics. We’ll also cover basic investigative techniques, including the pros and cons of calling in assistance from law enforcement.
Chapter 5 talking about Protecting Security of Assets. The Asset Security domain focuses on collecting, handling, and protecting information throughout its life cycle. A primary step in this domain is classifying information based on its value to the organization. All follow-on actions vary depending on the classification. For example, highly classified data requires stringent security controls. In contrast, unclassified data uses fewer security controls.
Chapter 6 contains Cryptography and Symmetric Key Algorithms. Cryptography provides added levels of security to data during processing, storage, and communications. Over the years, mathematicians and computer scientists have developed a series of increasingly complex algorithms designed to ensure confidentiality, integrity, authentication, and nonrepudiation. While cryptographers spent time developing strong encryption algorithms, hackers and governments alike devoted significant resources to undermining them. This led to an “arms race” in cryptography and resulted in the development of the extremely sophisticated algorithms in use today. This chapter looks at the history of cryptography, the basics of cryptographic communications, and the fundamental principles of private key cryptosystems.
Chapter 7 describe about PKI and Cryptographic Applications.This chapter explores the world of asymmetric (or public key) cryptography and the public key infrastructure (PKI) that supports worldwide secure communication between parties that don’t necessarily know each other prior to the communication. Asymmetric algorithms provide convenient key exchange mechanisms and are scalable to very large numbers of users, both challenges for users of symmetric cryptosystems. This chapter also explores several practical applications of asymmetric cryptography: securing email, web communications, electronic commerce, digital rights management, and networking. The chapter concludes with an examination of a variety of attacks malicious individuals might use to compromise weak cryptosystems.
Chapter 8 talking about Principles of Security Models, Design, and Capabilities. The process of determining how secure a system is can be difficult and time-consuming. In this chapter, we describe the process of evaluating a computer system’s level of security. We begin by introducing and explaining basic concepts and terminology used to describe information system security concepts and talk about secure computing, secure perimeters, security and access monitors, and kernel code. We turn to security models to explain how access and security controls can be implemented. We also briefly explain how system security may be categorized as either open or closed; describe a set of standard security techniques used to ensure confidentiality, integrity, and availability of data; discuss security controls; and introduce a standard suite of secure networking protocols.
Chapter 9 contains Security Vulnerabilities, Threats, and Countermeasures. In this chapter, we’ll cover those underlying security concerns by conducting a brief survey of a field known as computer architecture: the physical design of computers from various components. We’ll examine each of the major physical components of a computing system—hardware and firmware—from a security perspective. Obviously, the detailed analysis of a system’s hardware components is not always a luxury available to you because of resource and time constraints. However, all security professionals should have at least a basic understanding of these concepts in case they encounter a security incident that reaches down to the system design level.
Chapter 10 describe about Physical Security Requirements. The purpose of physical security is to protect against physical threats. The following physical threats are among the most common: fire and smoke, water (rising/falling), earth movement (earthquakes, landslides, volcanoes), storms (wind, lightning, rain, snow, sleet, ice), sabotage/vandalism, explosion/destruction, building collapse, toxic materials, utility loss (power, heating, cooling, air, water), equipment failure, theft, and personnel loss (strikes, illness, access, transport).
Chapter 11 talking about Secure Network Architecture & Network Components. Computers and networks emerge from the integration of communication devices, storage devices, processing devices, security devices, input devices, output devices, operating systems, software, services, data, and people. The CISSP CBK states that a thorough knowledge of these hardware and software components is an essential element of being able to implement and maintain security. This chapter discusses the OSI model as a guiding principle in networking, cabling, wireless connectivity, TCP/IP and related protocols, networking devices, and firewalls.
Chapter 12 contains Secure Communications and Network Attacks. Communications security is designed to detect, prevent, and even correct data transportation errors (that is, it provides integrity protection as well as confidentiality). This is done to sustain the security of networks while supporting the need to exchange and share data. This chapter covers the many forms of communications security, vulnerabilities, and countermeasures.
Chapter 13 describe about Managing Identity and Authentication. The Identity and Access Management domain focuses on issues related to granting and revoking privileges to access data or perform actions on systems. A primary focus is on identification, authentication, authorization, and accountability. In this chapter and in Chapter 14, Controlling and Monitoring Access,” we discuss all the objectives within the Identity and Access Management domain. Be sure to read and study the materials from both chapters to ensure complete coverage of the essential material for this domain.
Chapter 14 talking about Controlling and Monitoring Access. The method of authorizing subjects to access objects varies depending on the access control method used by the IT system.
Chapter 15 contains Security Assessment and Testing. Security assessment and testing programs perform regular checks to ensure that adequate security controls are in place and that they effectively perform their assigned functions. In this chapter, you’ll learn about many of the assessment and testing controls used by security professionals around the world.
Chapter 16 describe about Managing Security Operations. The Security Operations domain includes a wide range of security foundation concepts and best practices. This includes several core concepts that any organization needs to implement to provide basic security protection. The first section of this chapter covers these concepts. Resource protection ensures the protection of media and other valuable assets throughout the lifetime of the resource. Configuration management ensures that systems are configured similarly, and change management processes protect against outages from unauthorized changes. Patch and vulnerability management controls ensure systems are up-to-date and protected against known vulnerabilities.
Chapter 17 talking about Preventing and Responding to Incidents. Effective incident management helps an organization respond appropriately when attacks occur to limit the scope of an attack. Organizations implement preventive measures to protect against, and detect, attacks, and this chapter covers many of these controls and
countermeasures. Logging, monitoring, and auditing provide assurances that the security controls are in place and are providing the desired protections.
Chapter 18 contain Disaster Recovery Planning. Software development is a complex and challenging task undertaken by developers with many different skill levels and varying security awareness. Applications created and modified by these developers often work with sensitive data and interact with members of the general public. This presents significant risks to enterprise security, and information security professionals must understand these risks, balance them with business requirements, and implement appropriate risk mitigation mechanisms.
Chapter 19 describe about Incidents and Ethics. In this chapter, we explore the process of incident handling, including investigative techniques used to determine whether a computer crime has been committed and to collect evidence when appropriate. This chapter also includes a complete discussion of ethical issues and the code
of conduct for information security practitioners. The first step in deciding how to respond to a computer attack is to know if and when an attack has taken place. You must know how to determine that an attack is occurring, or has occurred, before you can properly choose a course of action. Once you have determined that an incident has occurred, the next step is to conduct an investigation and collect evidence to find out what has happened and determine the extent of any damage that might have been done. You must be sure you conduct the
investigation in accordance with local laws and regulations.
Chapter 20 talking about Software Development Security. Software development is a complex and challenging task undertaken by developers with many different skill levels and varying security awareness. Applications created and modified by these developers often work with sensitive data and interact with members of the general public.
This presents significant risks to enterprise security, and information security professionals must understand these risks, balance them with business requirements, and implement appropriate risk mitigation mechanisms.
Chapter 21 contains Malicious Code and Application Attacks. In previous chapters, you learned about many general security principles and the policy and procedure mechanisms that help security practitioners develop adequate protection against malicious individuals. This chapter takes an in-depth look at some of the specific threats faced on a daily basis by administrators in the field. This material is not only critical for the CISSP exam; it’s also some of the most basic information a computer security professional must understand to effectively practice their trade. We’ll begin this chapter by looking at the risks posed by malicious code objects—viruses, worms, logic bombs, and Trojan horses. We’ll then take a look at some of the other security exploits used by someone attempting to gain unauthorized access to a system or to prevent legitimate users from gaining such
access.
Buat kamu yang mau belajar berbagai macam materi Teknologi Informasi, kamu bisa melihat kumpulan tutorialnya disini :
1. Cloud Computing : https://bukutrainingns.blogspot.com/2020/01/kumpulan-tutorial-belajar-cloud.html
2. Web : https://bukutrainingns.blogspot.com/2020/02/kumpulan-tutorial-belajar-web.html
3. Server Hardware : https://bukutrainingns.blogspot.com/2020/01/kumpulan-tutorial-belajar-server.html
4. Data Center : https://bukutrainingns.blogspot.com/2020/01/kumpulan-tutorial-belajar-data-center.html
5. Veritas Backup Exec : https://bukutrainingns.blogspot.com/2020/01/kumpulan-tutorial-belajar-veritas.html
6. Windows Server 2012R2 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-windows.html
7. Windows Server 2016 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-windows_6.html
8. Windows Server 2019 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-windows_19.html
9. Active Directory : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-active.html
10. Exchange Server 2013 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-exchange.html
11. Exchange Server 2016 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-exchange_9.html
12. Exchange Server 2019 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-exchange_20.html
13. Linux Ubuntu : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-linux-ubuntu.html
14. Linux RedHat : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-linux-redhat.html
15. Linux CEntOS : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-linux-centos.html
16. Cisco : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-cisco.html
17. Mikrotik : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-router.html
18. Hyper-V : https://bukutrainingns.blogspot.com/2019/12/belajar-hyper-v-kumpulan-tutorial.html
19. SQL Server 2014 : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-sql-server.html
20. Jobs dan Career : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-karir-dunia-teknologi.html
21. Microsoft Office Word : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-microsoft.html
22. VMWare VSphere : https://bukutrainingns.blogspot.com/2019/12/kumpulan-tutorial-belajar-vmware-vsphere.html
Untuk artikel dan tutorial seputar IT kamu bisa kunjungi web saya berikut ini:
https://bukutrainingns.blogspot.com/
Untuk video tutorial seputar IT dan lainnya kamu bisa kunjungi Channel YouTube saya disini ya:
https://www.youtube.com/channel/UCikwGDYfTFWQxdiCqKvx6_w
Semoga bermanfaat.
Salam
Nanang