ورود به حساب

نام کاربری گذرواژه

گذرواژه را فراموش کردید؟ کلیک کنید

حساب کاربری ندارید؟ ساخت حساب

ساخت حساب کاربری

نام نام کاربری ایمیل شماره موبایل گذرواژه

برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید


09117307688
09117179751

در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید

دسترسی نامحدود

برای کاربرانی که ثبت نام کرده اند

ضمانت بازگشت وجه

درصورت عدم همخوانی توضیحات با کتاب

پشتیبانی

از ساعت 7 صبح تا 10 شب

دانلود کتاب Official Study Guide

دانلود کتاب راهنمای مطالعه رسمی CISSP

Official Study Guide

مشخصات کتاب

Official Study Guide

ویرایش: [8th ed.] 
نویسندگان: , ,   
سری: CISSP 
ISBN (شابک) : 1119475937 
ناشر: Sybex 
سال نشر: 2018 
تعداد صفحات: 1103 
زبان: English 
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) 
حجم فایل: 19 Mb 

قیمت کتاب (تومان) : 41,000



ثبت امتیاز به این کتاب

میانگین امتیاز به این کتاب :
       تعداد امتیاز دهندگان : 8


در صورت تبدیل فایل کتاب Official Study Guide به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.

توجه داشته باشید کتاب راهنمای مطالعه رسمی CISSP نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.


توضیحاتی درمورد کتاب به خارجی



فهرست مطالب

(ISC)2 CISSP® Official Study Guide......Page 2
Acknowledgments......Page 8
About the Authors......Page 10
About the Technical Editors......Page 12
Contents at a Glance......Page 14
Contents......Page 16
Introduction......Page 34
Assessment Test......Page 43
Answers to Assessment Test......Page 50
Chapter 1 Security Governance Through Principles and Policies......Page 54
Understand and Apply Concepts of Confidentiality, Integrity, and Availability......Page 55
Confidentiality......Page 56
Integrity......Page 57
Availability......Page 59
Other Security Concepts......Page 61
Layering......Page 65
Data Hiding......Page 66
Evaluate and Apply Security Governance Principles......Page 67
Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives......Page 68
Organizational Processes......Page 70
Organizational Roles and Responsibilities......Page 76
Security Control Frameworks......Page 78
Security Policies......Page 79
Security Procedures......Page 81
Understand and Apply Threat Modeling Concepts and Methodologies......Page 83
Identifying Threats......Page 84
Determining and Diagramming Potential Attacks......Page 88
Performing Reduction Analysis......Page 89
Prioritization and Response......Page 90
Apply Risk-Based Management Concepts to the Supply Chain......Page 91
Summary......Page 93
Exam Essentials......Page 95
Written Lab......Page 97
Review Questions......Page 98
Chapter 2 Personnel Security and Risk Management Concepts......Page 102
Personnel Security Policies and Procedures......Page 104
Employment Agreements and Policies......Page 108
Onboarding and Termination Processes......Page 110
Compliance Policy Requirements......Page 113
Privacy Policy Requirements......Page 114
Security Governance......Page 115
Understand and Apply Risk Management Concepts......Page 116
Risk Terminology......Page 117
Identify Threats and Vulnerabilities......Page 120
Risk Assessment/Analysis......Page 121
Risk Responses......Page 129
Countermeasure Selection and Implementation......Page 130
Applicable Types of Controls......Page 132
Monitoring and Measurement......Page 134
Asset Valuation and Reporting......Page 135
Risk Frameworks......Page 136
Establish and Maintain a Security Awareness, Education, and Training Program......Page 139
Manage the Security Function......Page 140
Summary......Page 141
Exam Essentials......Page 142
Written Lab......Page 145
Review Questions......Page 146
Chapter 3 Business Continuity Planning......Page 150
Planning for Business Continuity......Page 151
Project Scope and Planning......Page 152
Business Organization Analysis......Page 153
BCP Team Selection......Page 154
Resource Requirements......Page 156
Legal and Regulatory Requirements......Page 157
Business Impact Assessment......Page 158
Identify Priorities......Page 159
Risk Identification......Page 160
Likelihood Assessment......Page 161
Impact Assessment......Page 163
Continuity Planning......Page 164
Provisions and Processes......Page 165
Plan Implementation......Page 167
BCP Documentation......Page 168
Exam Essentials......Page 172
Written Lab......Page 173
Review Questions......Page 174
Chapter 4 Laws, Regulations, and Compliance......Page 178
Criminal Law......Page 179
Administrative Law......Page 181
Computer Crime......Page 182
Intellectual Property......Page 187
Licensing......Page 192
Import/Export......Page 193
Privacy......Page 194
Compliance......Page 202
Contracting and Procurement......Page 203
Summary......Page 204
Exam Essentials......Page 205
Written Lab......Page 206
Review Questions......Page 207
Chapter 5 Protecting Security of Assets......Page 212
Defining Sensitive Data......Page 213
Defining Data Classifications......Page 215
Determining Data Security Controls......Page 218
Understanding Data States......Page 221
Handling Information and Assets......Page 222
Data Protection Methods......Page 229
Determining Ownership......Page 231
Asset Owners......Page 232
Business/Mission Owners......Page 233
Data Processors......Page 234
Custodians......Page 237
Protecting Privacy......Page 238
Using Security Baselines......Page 239
Summary......Page 240
Exam Essentials......Page 241
Written Lab......Page 242
Review Questions......Page 243
Chapter 6 Cryptography and Symmetric Key Algorithms......Page 248
Caesar Cipher......Page 249
American Civil War......Page 250
Goals of Cryptography......Page 251
Cryptography Concepts......Page 253
Cryptographic Mathematics......Page 255
Ciphers......Page 260
Cryptographic Keys......Page 267
Symmetric Key Algorithms......Page 268
Asymmetric Key Algorithms......Page 269
Symmetric Cryptography......Page 272
Data Encryption Standard......Page 273
Triple DES......Page 275
Skipjack......Page 276
Advanced Encryption Standard......Page 277
Symmetric Key Management......Page 279
Cryptographic Lifecycle......Page 281
Exam Essentials......Page 282
Written Lab......Page 284
Review Questions......Page 285
Chapter 7 PKI and Cryptographic Applications......Page 290
Public and Private Keys......Page 291
RSA......Page 292
El Gamal......Page 294
Hash Functions......Page 295
MD2......Page 297
MD5......Page 298
Digital Signatures......Page 299
HMAC......Page 300
Digital Signature Standard......Page 301
Certificates......Page 302
Certificate Authorities......Page 303
Certificate Generation and Destruction......Page 304
Asymmetric Key Management......Page 306
Portable Devices......Page 307
Email......Page 308
Web Applications......Page 309
Digital Rights Management......Page 312
Networking......Page 315
Cryptographic Attacks......Page 318
Summary......Page 321
Exam Essentials......Page 322
Written Lab......Page 323
Review Questions......Page 324
Chapter 8 Principles of Security Models, Design, and Capabilities......Page 328
Implement and Manage Engineering Processes Using Secure Design Principles......Page 329
Closed and Open Systems......Page 330
Techniques for Ensuring Confidentiality, Integrity, and Availability......Page 332
Controls......Page 333
Understand the Fundamental Concepts of Security Models......Page 334
Trusted Computing Base......Page 335
State Machine Model......Page 337
Noninterference Model......Page 338
Access Control Matrix......Page 339
Bell-LaPadula Model......Page 341
Biba Model......Page 343
Clark-Wilson Model......Page 345
Brewer and Nash Model (aka Chinese Wall)......Page 346
Graham-Denning Model......Page 347
Select Controls Based On Systems Security Requirements......Page 348
Rainbow Series......Page 349
ITSEC Classes and Required Assurance and Functionality......Page 354
Common Criteria......Page 355
Industry and International Security Implementation Guidelines......Page 358
Certification and Accreditation......Page 359
Memory Protection......Page 362
Trusted Platform Module......Page 363
Summary......Page 364
Exam Essentials......Page 365
Written Lab......Page 366
Review Questions......Page 367
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures......Page 372
Assess and Mitigate Security Vulnerabilities......Page 373
Hardware......Page 374
Firmware......Page 394
Applets......Page 395
Local Caches......Page 397
Server-Based Systems......Page 399
Aggregation......Page 400
Data Mining and Data Warehousing......Page 401
Data Analytics......Page 402
Distributed Systems and Endpoint Security......Page 403
Cloud-Based Systems and Cloud Computing......Page 406
Grid Computing......Page 410
Internet of Things......Page 411
Industrial Control Systems......Page 412
Assess and Mitigate Vulnerabilities in Web-Based Systems......Page 413
Assess and Mitigate Vulnerabilities in Mobile Systems......Page 418
Device Security......Page 419
Application Security......Page 423
BYOD Concerns......Page 425
Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems......Page 428
Examples of Embedded and Static Systems......Page 429
Methods of Securing Embedded and Static Systems......Page 430
Essential Security Protection Mechanisms......Page 432
Technical Mechanisms......Page 433
Policy Mechanisms......Page 436
Common Architecture Flaws and Security Issues......Page 437
Attacks Based on Design or Coding Flaws and Security Issues......Page 438
Programming......Page 441
Electromagnetic Radiation......Page 442
Summary......Page 443
Exam Essentials......Page 444
Written Lab......Page 447
Review Questions......Page 448
Chapter 10 Physical Security Requirements......Page 452
Apply Security Principles to Site and Facility Design......Page 453
Site Selection......Page 454
Facility Design......Page 455
Implement Site and Facility Security Controls......Page 456
Equipment Failure......Page 457
Wiring Closets......Page 458
Server Rooms/Data Centers......Page 460
Media Storage Facilities......Page 465
Restricted and Work Area Security......Page 466
Utilities and HVAC Considerations......Page 467
Fire Prevention, Detection, and Suppression......Page 470
Perimeter Security Controls......Page 475
Internal Security Controls......Page 478
Summary......Page 484
Exam Essentials......Page 485
Written Lab......Page 487
Review Questions......Page 488
Chapter 11 Secure Network Architecture and Securing Network Components......Page 492
OSI Model......Page 493
OSI Functionality......Page 494
Encapsulation/Deencapsulation......Page 495
OSI Layers......Page 497
TCP/IP Model......Page 504
TCP/IP Protocol Suite Overview......Page 505
Converged Protocols......Page 523
Wireless Networks......Page 525
Securing Wireless Access Points......Page 526
Securing the SSID......Page 528
Using Secure Encryption Protocols......Page 529
Determining Antenna Placement......Page 532
Adjusting Power Level Controls......Page 533
General Wi-Fi Security Procedure......Page 534
Wireless Attacks......Page 535
Secure Network Components......Page 539
Firewalls......Page 540
Endpoint Security......Page 544
Secure Operation of Hardware......Page 545
Cabling, Wireless, Topology, Communications, and Transmission Media Technology......Page 548
Transmission Media......Page 549
Network Topologies......Page 553
Wireless Communications and Security......Page 556
LAN Technologies......Page 562
Summary......Page 566
Exam Essentials......Page 567
Written Lab......Page 569
Review Questions......Page 570
Chapter 12 Secure Communications and Network Attacks......Page 574
Network and Protocol Security Mechanisms......Page 575
Secure Communications Protocols......Page 576
Authentication Protocols......Page 577
Voice over Internet Protocol (VoIP)......Page 578
Social Engineering......Page 579
Fraud and Abuse......Page 580
Remote Meeting......Page 582
Manage Email Security......Page 583
Email Security Goals......Page 584
Understand Email Security Issues......Page 585
Email Security Solutions......Page 586
Remote Access Security Management......Page 589
Plan Remote Access Security......Page 591
Dial-Up Protocols......Page 592
Virtual Private Network......Page 593
Tunneling......Page 594
How VPNs Work......Page 595
Common VPN Protocols......Page 596
Virtual LAN......Page 598
Virtualization......Page 599
Virtual Software......Page 600
Virtual Networking......Page 601
Network Address Translation......Page 602
Private IP Addresses......Page 603
Stateful NAT......Page 604
Automatic Private IP Addressing......Page 605
Switching Technologies......Page 606
Packet Switching......Page 607
Virtual Circuits......Page 608
WAN Technologies......Page 609
WAN Connection Technologies......Page 611
Transparency......Page 614
Transmission Mechanisms......Page 615
Security Boundaries......Page 616
DoS and DDoS......Page 617
Eavesdropping......Page 618
Impersonation/Masquerading......Page 619
Address Resolution Protocol Spoofing......Page 620
Hyperlink Spoofing......Page 621
Summary......Page 622
Exam Essentials......Page 624
Written Lab......Page 626
Review Questions......Page 627
Chapter 13 Managing Identity and Authentication......Page 632
Controlling Access to Assets......Page 633
The CIA Triad and Access Controls......Page 634
Types of Access Control......Page 635
Comparing Identification and Authentication......Page 637
Registration and Proofing of Identity......Page 638
Authorization and Accountability......Page 639
Authentication Factors......Page 640
Passwords......Page 641
Smartcards and Tokens......Page 645
Biometrics......Page 648
Multifactor Authentication......Page 652
Device Authentication......Page 653
Service Authentication......Page 654
Single Sign-On......Page 655
Credential Management Systems......Page 660
Managing Sessions......Page 661
AAA Protocols......Page 662
Provisioning......Page 664
Account Review......Page 665
Account Revocation......Page 666
Summary......Page 667
Exam Essentials......Page 668
Written Lab......Page 670
Review Questions......Page 671
Chapter 14 Controlling and Monitoring Access......Page 676
Comparing Permissions, Rights, and Privileges......Page 677
Understanding Authorization Mechanisms......Page 678
Defining Requirements with a Security Policy......Page 679
Implementing Defense in Depth......Page 680
Summarizing Access Control Models......Page 681
Discretionary Access Controls......Page 682
Nondiscretionary Access Controls......Page 683
Understanding Access Control Attacks......Page 688
Risk Elements......Page 689
Identifying Assets......Page 690
Identifying Threats......Page 691
Identifying Vulnerabilities......Page 693
Common Access Control Attacks......Page 694
Summary of Protection Methods......Page 705
Summary......Page 706
Exam Essentials......Page 707
Written Lab......Page 709
Review Questions......Page 710
Chapter 15 Security Assessment and Testing......Page 714
Security Testing......Page 715
Security Assessments......Page 717
Security Audits......Page 718
Vulnerability Scans......Page 721
Penetration Testing......Page 732
Testing Your Software......Page 734
Code Review and Testing......Page 735
Test Coverage Analysis......Page 739
Website Monitoring......Page 740
Log Reviews......Page 741
Backup Verification......Page 742
Summary......Page 743
Exam Essentials......Page 744
Written Lab......Page 745
Review Questions......Page 746
Chapter 16 Managing Security Operations......Page 750
Need-to-Know and Least Privilege......Page 751
Separation of Duties and Responsibilities......Page 753
Mandatory Vacations......Page 756
Privileged Account Management......Page 757
Managing the Information Lifecycle......Page 759
Service-Level Agreements......Page 760
Addressing Personnel Safety and Security......Page 761
Managing Hardware and Software Assets......Page 763
Protecting Physical Assets......Page 764
Managing Virtual Assets......Page 765
Managing Cloud-Based Assets......Page 766
Media Management......Page 767
Using Images for Baselining......Page 771
Managing Change......Page 772
Security Impact Analysis......Page 774
Versioning......Page 775
Systems to Manage......Page 776
Patch Management......Page 777
Vulnerability Management......Page 778
Summary......Page 781
Exam Essentials......Page 782
Written Lab......Page 784
Review Questions......Page 785
Chapter 17 Preventing and Responding to Incidents......Page 790
Defining an Incident......Page 791
Incident Response Steps......Page 792
Basic Preventive Measures......Page 798
Understanding Attacks......Page 799
Intrusion Detection and Prevention Systems......Page 809
Specific Preventive Measures......Page 816
Logging and Monitoring......Page 826
Egress Monitoring......Page 834
Auditing to Assess Effectiveness......Page 836
Security Audits and Reviews......Page 840
Reporting Audit Results......Page 841
Summary......Page 843
Exam Essentials......Page 845
Written Lab......Page 848
Review Questions......Page 849
Chapter 18 Disaster Recovery Planning......Page 854
The Nature of Disaster......Page 855
Natural Disasters......Page 856
Man-Made Disasters......Page 860
Understand System Resilience and Fault Tolerance......Page 865
Protecting Hard Drives......Page 866
Protecting Servers......Page 867
Protecting Power Sources......Page 868
Trusted Recovery......Page 869
Quality of Service......Page 870
Business Unit and Functional Priorities......Page 871
Crisis Management......Page 872
Alternate Processing Sites......Page 873
Database Recovery......Page 878
Recovery Plan Development......Page 880
Personnel and Communications......Page 881
Backups and Offsite Storage......Page 882
External Communications......Page 886
Recovery vs. Restoration......Page 887
Training, Awareness, and Documentation......Page 888
Read-Through Test......Page 889
Maintenance......Page 890
Exam Essentials......Page 891
Written Lab......Page 892
Review Questions......Page 893
Chapter 19 Investigations and Ethics......Page 898
Investigation Types......Page 899
Evidence......Page 902
Investigation Process......Page 906
Military and Intelligence Attacks......Page 910
Business Attacks......Page 911
Grudge Attacks......Page 912
Ethics......Page 914
Ethics and the Internet......Page 915
Exam Essentials......Page 917
Written Lab......Page 918
Review Questions......Page 919
Chapter 20 Software Development Security......Page 924
Software Development......Page 925
Systems Development Lifecycle......Page 931
Lifecycle Models......Page 934
Gantt Charts and PERT......Page 940
Change and Configuration Management......Page 941
The DevOps Approach......Page 942
Application Programming Interfaces......Page 943
Software Testing......Page 944
Code Repositories......Page 946
Software Acquisition......Page 947
Establishing Databases and Data Warehousing......Page 948
Database Management System Architecture......Page 949
Database Transactions......Page 952
Security for Multilevel Databases......Page 954
Open Database Connectivity......Page 956
Storing Data and Information......Page 957
Storage Threats......Page 958
Understanding Knowledge-Based Systems......Page 959
Expert Systems......Page 960
Neural Networks......Page 961
Exam Essentials......Page 962
Written Lab......Page 963
Review Questions......Page 964
Chapter 21 Malicious Code and Application Attacks......Page 968
Sources of Malicious Code......Page 969
Viruses......Page 970
Logic Bombs......Page 976
Trojan Horses......Page 977
Worms......Page 978
Zero-Day Attacks......Page 981
Password Guessing......Page 982
Dictionary Attacks......Page 983
Social Engineering......Page 984
Countermeasures......Page 985
Buffer Overflows......Page 986
Back Doors......Page 987
Cross-Site Scripting......Page 988
Cross-Site Request Forgery......Page 989
SQL Injection......Page 990
Port Scans......Page 993
Masquerading Attacks......Page 994
Summary......Page 995
Exam Essentials......Page 996
Written Lab......Page 997
Review Questions......Page 998
Appendix A Answers to Review Questions......Page 1002
Chapter 1: Security Governance Through Principles and Policies......Page 1003
Chapter 2: Personnel Security and Risk Management Concepts......Page 1004
Chapter 3: Business Continuity Planning......Page 1005
Chapter 4: Laws, Regulations, and Compliance......Page 1007
Chapter 5: Protecting Security of Assets......Page 1009
Chapter 6: Cryptography and Symmetric Key Algorithms......Page 1011
Chapter 7: PKI and Cryptographic Applications......Page 1013
Chapter 8: Principles of Security Models, Design, and Capabilities......Page 1014
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures......Page 1016
Chapter 10: Physical Security Requirements......Page 1018
Chapter 11: Secure Network Architecture and Securing Network Components......Page 1019
Chapter 12: Secure Communications and Network Attacks......Page 1021
Chapter 13: Managing Identity and Authentication......Page 1022
Chapter 14: Controlling and Monitoring Access......Page 1024
Chapter 15: Security Assessment and Testing......Page 1026
Chapter 16: Managing Security Operations......Page 1028
Chapter 17: Preventing and Responding to Incidents......Page 1030
Chapter 18: Disaster Recovery Planning......Page 1033
Chapter 19: Investigations and Ethics......Page 1034
Chapter 20: Software Development Security......Page 1036
Chapter 21: Malicious Code and Application Attacks......Page 1037
Appendix B Answers to Written Labs......Page 1040
Chapter 2: Personnel Security and Risk Management Concepts......Page 1041
Chapter 3: Business Continuity Planning......Page 1042
Chapter 4: Laws, Regulations, and Compliance......Page 1043
Chapter 6: Cryptography and Symmetric Key Algorithms......Page 1044
Chapter 8: Principles of Security Models, Design, and Capabilities......Page 1045
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures......Page 1046
Chapter 11: Secure Network Architecture and Securing Network Components......Page 1047
Chapter 12: Secure Communications and Network Attacks......Page 1048
Chapter 14: Controlling and Monitoring Access......Page 1049
Chapter 16: Managing Security Operations......Page 1050
Chapter 17: Preventing and Responding to Incidents......Page 1051
Chapter 19: Investigations and Ethics......Page 1052
Chapter 21: Malicious Code and Application Attacks......Page 1053
Index......Page 1054
EULA......Page 0




نظرات کاربران