Contact Us Need help? Contact us
Explore Departments

Official (Isc)2 Guide to the CISSP Cbk, Fourth Edition

Adam Gordon

  • Hardcover
PUBLISHED: 7th October 2014
ISBN: 9781482262759
Official (Isc)2 Guide to the CISSP Cbk, Fourth Edition
Or pay later with
Leaves warehouse in 4 to 6 days
From Sydney (AU)
Check your delivery time: Your delivery location:
{{ SelectedArea.Suburb }}{{ SelectedArea.Country == 'AU' ? (', ' + SelectedArea.State) : '' }} ({{ SelectedArea.Postcode }}) change
  • {{ Area.Suburb }}{{ Area.Country == 'AU' ? (', ' + Area.State) : '' }} {{ Area.Postcode }}
  • Your area not listed?
    Try search by suburb and postcode.
{{ DeliveryOption.expectation }} - {{ DeliveryOption.door_time }}
{{ DeliveryOption.price | currencyCentsFree }}
from {{ DeliveryOption.price | currencyCentsFree }}
Option unavailable
If ordered {{ DeliveryOption.cutoff }}
{{ }}
An error occurred getting delivery options
Sorry about that, please try again later.
  • Hardcover
PUBLISHED: 7th October 2014
ISBN: 9781482262759

Publisher Description

As a result of a rigorous, methodical process that (ISC)(2) follows to routinely update its credential exams, it has announced that enhancements will be made to both the Certified Information Systems Security Professional (CISSP) credential, beginning April 15, 2015. (ISC)(2) conducts this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today's practicing information security professionals.

Refreshed technical content has been added to the official (ISC)(2) CISSP CBK to reflect the most current topics in the information security industry today. Some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization's information security program within an ever-changing security landscape.

The domain names have been updated as follows:

CISSP Domains, Effective April 15, 2015

Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) Asset Security (Protecting Security of Assets) Security Engineering (Engineering and Management of Security) Communications and Network Security (Designing and Protecting Network Security) Identity and Access Management (Controlling Access and Managing Identity) Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) Software Development Security (Understanding, Applying, and Enforcing Software Security)

Some candidates may be wondering how these updates affect training materials for the CISSP credential. As part of the organization's comprehensive education strategy and certifying body best practices, (ISC)(2) training materials do not teach directly to its credential examinations. Rather, (ISC)(2) Education is focused on teaching the core competencies relevant to the roles and responsibilities of today's practicing information security professional. It is designed to refresh and enhance the knowledge of experienced industry professionals.

Table of Contents

Domain 1 - Security & Risk Management Security & Risk Management Confidentiality, Integrity, and Availability Security Governance The Complete and Effective Security Program Compliance Global Legal and Regulatory Issues Understand Professional Ethics Develop and Implement Security Policy Business Continuity (BC) & Disaster Recovery (DR) Requirements Manage Personnel Security Risk Management Concepts Threat Modeling Acquisitions Strategy and Practice Security Education, Training, and Awareness

Domain 2 - Asset Security Asset Security Data Management: Determine and Maintain Ownership Data Standards Longevity and Use Classify Information and Supporting Assets Asset Management Protect Privacy Ensure Appropriate Retention Determine Data Security Controls Standards Selection

Domain 3 - Security Engineering Security Engineering The Engineering Lifecycle Using Security Design Principles Fundamental Concepts of Security Models Information Systems Security Evaluation Models Security Capabilities of Information Systems Vulnerabilities of Security Architectures Database Security Software and System Vulnerabilities and Threats Vulnerabilities in Mobile Systems Vulnerabilities in Embedded Devices and Cyber-Physical Systems The Application and Use of Cryptography Site and Facility Design Considerations Site Planning Implementation and Operation of Facilities Security

Domain 4 - Communications & Network Security Communications & Network Security Secure Network Architecture and Design Implications of Multi-Layer Protocols Converged Protocols Securing Network Components Secure Communication Channels Network Attacks

Domain 5 - Identity & Access Management Identity & Access Management Physical and Logical Access to Assets Identification and Authentication of People and Devices Identity Management Implementation Identity as a Service (IDaaS) Integrate Third-Party Identity Services Implement and Manage Authorization Mechanisms Prevent or Mitigate Access Control Attacks Identity and Access Provisioning Lifecycle

Domain 6 - Security Assessment & Testing Security Assessment & Testing Assessment and Test Strategies Collect Security Process Data Internal and Third-Party Audits

Domain 7 - Security Operations Security Operations Investigations Provisioning of Resources through Configuration Management Resource Protection Incident Response Preventative Measures against Attacks Patch and Vulnerability Management Change and Configuration Management The Disaster Recovery Process Test Plan Review Business Continuity and Other Risk Areas Access Control Personnel Safety

Domain 8 - Security in the Software Development Life Cycle Security in the Software Development Life Cycle Software Development Security Outline Environment and Security Controls Security of the Software Environment Software Protection Mechanisms Assess the Effectiveness of Software Security Assess Software Acquisition Security

Product Details

Apple Academic Press Inc.
ISC2 Press
Country of Publication
Edited by
Adam Gordon
Adam Gordon
Edition Description
Short Title
81 Tables, black and white; 206 Illustrations, black and white
Publication Date