Darril Gibson & James Michael Stewart 
CISSP 
Certified Information Systems Security Professional Study Guide

Fully updated Sybex Study Guide for the industry-leadingsecurity certification: CISSP

Security professionals consider the Certified Information Systems Security Professional (CISSP) to be the most desiredcertification to achieve. More than 200, 000 have taken the exam, and there are more than 70, 000 CISSPs worldwide. This highlyrespected guide is updated to cover changes made to the CISSP Bodyof Knowledge in 2012. It also provides additional advice on how topass each section of the exam. With expanded coverage of key areas, it also includes a full-length, 250-question practice exam.

* Fully updated for the 2012 CISSP Body of Knowledge, theindustry-leading standard for IT professionals

* Thoroughly covers exam topics, including access control, application development security, business continuity and disasterrecovery planning, cryptography, operations security, and physical(environmental) security

* Examines information security governance and risk management, legal regulations, investigations and compliance, andtelecommunications and network security

* Features expanded coverage of biometrics, auditing andaccountability, software security testing, and many more keytopics

CISSP: Certified Information Systems Security Professional Study Guide, 6th Edition prepares you with both the knowledgeand the confidence to pass the CISSP exam.

Table of Content

Introduction xxxv

Assessment Test xliv

Chapter 1 Access Control 1

Chapter 2 Access Control Attacks and Monitoring 47

Chapter 3 Secure Network Architecture and Securing Network Components 87

Chapter 4 Secure Communications and Network Attacks 151

Chapter 5 Security Governance Concepts, Principles, and Policies 205

Chapter 6 Risk and Personnel Management 239

Chapter 7 Software Development Security 275

Chapter 8 Malicious Code and Application Attacks 327

Chapter 9 Cryptography and Symmetric Key Algorithms 361

Chapter 10 PKI and Cryptographic Applications 403

Chapter 11 Principles of Security Models, Design, and Capabilities 437

Chapter 12 Security Architecture Vulnerabilities, Threats, and Countermeasures 477

Chapter 13 Security Operations 531

Chapter 14 Incident Management 571

Chapter 15 Business Continuity Planning 617

Chapter 16 Disaster Recovery Planning 643

Chapter 17 Laws, Regulations, and Compliance 681

Chapter 18 Incidents and Ethics 713

Chapter 19 Physical Security Requirements 745

Appendix A Answers to Review Questions 781

Appendix B Answers to Written Labs 815

Appendix C About the Additional Study Tools 829

Index 833

About the author

James M. Stewart, CISSP, is a security expert, technical trainer, and author of numerous publications, books, and courseware. Mike Chapple, Ph D, CISSP, is an IT security professional at the University of Notre Dame. He was formerly CIO of Brand Institute. Darril Gibson, Security+, CISSP, ITIL v3, is the CEO of Security Consulting and Training, LLC.