Cover13; --
Contents --
Foreword --
Acknowledgments --
Introduction --
Chapter 1 Becoming a CISSP --
Why Become a CISSP? --
The CISSP Exam --
CISSP: A Brief History --
How Do You Become a CISSP? --
Recertification Requirements --
What Does This Book Cover? --
Tips for Taking the CISSP Exam --
How to Use This Book --
Questions --
Answers --
Chapter 2 Security Trends --
How Security Became an Issue --
Areas of Security --
Information Warfare --
Evidence of the Evolution of Hacking --
How Are Nations Affected? --
How Are Companies Affected? --
The U.S. Government8217;s Actions --
So What Does This Mean to Us? --
Hacking and Attacking --
Management --
Internet and Web Activities --
Two-Tier Architecture --
Database Roles --
A Layered Approach --
Security at Different Layers --
An Architectural View --
A Layer Missed --
Bringing the Layers Together --
Politics and Laws --
Education --
Summary --
Chapter 3 Information Security and Risk Management --
Security Management --
Security Management Responsibilities --
The Top-Down Approach to Security --
Security Administration and Supporting Controls --
Fundamental Principles of Security --
Availability --
Integrity --
Confidentiality --
Security Definitions --
Organizational Security Model --
Security Program Components --
Business Requirements: Private Industry vs. Military Organizations --
Information Risk Management --
Who Really Understands Risk Management? --
Information Risk Management Policy --
Risk Management Team --
Risk Analysis --
Risk Analysis Team --
Value of Information and Assets --
Costs That Make Up the Value --
Identifying Threats --
Quantitative Risk Analysis --
Qualitative Risk Analysis --
Quantitative vs. Qualitative --
Protection Mechanisms --
Putting It Together --
Total Risk vs. Residual Risk --
Handling Risk --
Policies, Standards, Baselines, Guidelines, and Procedures --
Security Policy --
Standards --
Baselines --
Guidelines --
Procedures --
Implementation --
Information Classification --
Private Business vs. Military Classifications --
Classification Controls --
Layers of Responsibility --
Data Owner --
Data Custodian --
System Owner --
Security Administrator --
Security Analyst --
Application Owner --
Supervisor --
Change Control Analyst --
Data Analyst --
Process Owner --
Solution Provider --
User --
Product Line Manager --
Why So Many Roles? --
Personnel --
Structure --
Hiring Practices --
Employee Controls --
Termination --
Security-Awareness Training --
Different Types of Security-Awareness Training --
Evaluating the Program --
Specialized Security Training --
Summary --
Quick Tips --
Questions --
Answers --
Chapter 4 Access Controls --
Access Controls Overview --
Security Principles --
Availability --
Integrity --
Confidentiality --
Identification, Authentication, and Authorization --
Identification and Authentication --
Authorization --
Access Control Models --
Discretionary Access Control --
Mandatory Access Control --
Role-Based Access Control --
Access Control Techniques and Technologies --
Rule-Based.
| Access no. | Call number | Location | Status |
|---|---|---|---|
| 00313/18 | 005.8 Har C | Library - 7th Floor | Available |