Visit www.dummies.com/cheatsheet/cissp to view this book's cheat sheet.
Table of Contents
About This Book How This Book Is Organized Part I: Certification Basics Part II: Domains Part III: The Part of Tens Part IV: Appendixes How the Chapters Are Organized Chapter introductions Study subjects Tables and illustrations Prep Tests Icons Used in This Book Where to Go from Here
Part I: Certification Basics Part II: Domains Part III: The Part of Tens Part IV: Appendixes
Chapter introductions Study subjects Tables and illustrations Prep Tests
Chapter 1: (ISC)2 and the CISSP Certification About (ISC)2 and the CISSP Certification You Must Be This Tall to Ride (and Other Requirements) Registering for the Exam Preparing for the Exam Studying on your own Getting hands-on experience Attending an (ISC)2 CISSP CBK Review or Live OnLine Seminar Attending other training courses or study groups Take the testing tutorial and practice exam Are you ready for the exam? About the CISSP Examination After the Examination Chapter 2: The Common Body of Knowledge (CBK) Access Control Telecommunications and Network Security Information Security Governance and Risk Management Software Development Security Cryptography Security Architecture and Design Security Operations Business Continuity and Disaster Recovery Planning Legal, Regulations, Investigations, and Compliance Physical (Environmental) Security Chapter 3: Putting Your Certification to Good Use Following the (ISC)² Code of Ethics Keeping Your Certification Current Remaining an Active (ISC)² Member Considering (ISC)² Volunteer Opportunities Writing certification exam questions Speaking at events Joining the InterSeC Community Supervising examinations Read and contribute to (ISC)² publications Contribute to the (ISC)² Cyber Exchange Participating in (ISC)² focus groups Getting involved with a CISSP study group Helping others learn more about data security Becoming an Active Member of Your Local Security Chapter Spreading the Good Word about CISSP Certification Promoting other certifications Wearing the colors proudly Lead by example Using Your CISSP Certification to Be an Agent of Change Earning Other Certifications Other (ISC)² certifications CISSP concentrations Non-(ISC)² certifications Choosing the right certifications Pursue Security Excellence
About (ISC)2 and the CISSP Certification You Must Be This Tall to Ride (and Other Requirements) Registering for the Exam Preparing for the Exam Studying on your own Getting hands-on experience Attending an (ISC)2 CISSP CBK Review or Live OnLine Seminar Attending other training courses or study groups Take the testing tutorial and practice exam Are you ready for the exam? About the CISSP Examination After the Examination
Studying on your own Getting hands-on experience Attending an (ISC)2 CISSP CBK Review or Live OnLine Seminar Attending other training courses or study groups Take the testing tutorial and practice exam Are you ready for the exam?
Access Control Telecommunications and Network Security Information Security Governance and Risk Management Software Development Security Cryptography Security Architecture and Design Security Operations Business Continuity and Disaster Recovery Planning Legal, Regulations, Investigations, and Compliance Physical (Environmental) Security
Following the (ISC)² Code of Ethics Keeping Your Certification Current Remaining an Active (ISC)² Member Considering (ISC)² Volunteer Opportunities Writing certification exam questions Speaking at events Joining the InterSeC Community Supervising examinations Read and contribute to (ISC)² publications Contribute to the (ISC)² Cyber Exchange Participating in (ISC)² focus groups Getting involved with a CISSP study group Helping others learn more about data security Becoming an Active Member of Your Local Security Chapter Spreading the Good Word about CISSP Certification Promoting other certifications Wearing the colors proudly Lead by example Using Your CISSP Certification to Be an Agent of Change Earning Other Certifications Other (ISC)² certifications CISSP concentrations Non-(ISC)² certifications Choosing the right certifications Pursue Security Excellence
Writing certification exam questions Speaking at events Joining the InterSeC Community Supervising examinations Read and contribute to (ISC)² publications Contribute to the (ISC)² Cyber Exchange Participating in (ISC)² focus groups Getting involved with a CISSP study group Helping others learn more about data security
Promoting other certifications Wearing the colors proudly Lead by example
Other (ISC)² certifications CISSP concentrations Non-(ISC)² certifications Choosing the right certifications
Chapter 4: Access Control Basic Concepts of Access Control Control Types and Purposes Administrative controls Technical controls Physical controls Access Control Services Authentication Authorization Accountability Categories of Access Control System access controls Data access controls Access Control Attacks Evaluating and Testing Access Controls Why test? When and how to test Identity and Access Provisioning Lifecycle Chapter 5: Telecommunications and Network Security Data Network Types Local area network (LAN) Wide area network (WAN) The OSI Reference Model Physical Layer (Layer 1) Data Link Layer (Layer 2) Network Layer (Layer 3) Transport Layer (Layer 4) Session Layer (Layer 5) Presentation Layer (Layer 6) Application Layer (Layer 7) The TCP/IP Model Network Security Firewalls Intrusion detection and prevention systems (IDSs, IPSs, and IDPSs) Remote access Virtual Private Networks (VPNs) Wireless Network (WLAN) Security WLAN components and architectures WLAN security techniques and protocols E-mail, Web, Facsimile, and Telephone Security E-mail security Web security Facsimile security PBX, POTS, and VoIP fraud and abuse Caller ID fraud and abuse Network Attacks and Countermeasures Bluejacking and bluesnarfing Fraggle ICMP flood Session hijacking (spoofing) Smurf SYN flood Teardrop UDP flood Chapter 6: Information Security Governance and Risk Management Information Security Governance Concepts and Principles Confidentiality Integrity Availability Defense in depth Data Classification Commercial data classification Government data classification Mission Statements, Goals, and Objectives Mission (not-so-impossible) Goals and objectives Policies, Standards, Guidelines, and Procedures Policies Standards (and baselines) Guidelines Procedures Information Security Governance Practices Third-party governance Service-level agreements (SLAs) Identity management Personnel Security Policies and Practices Background checks and security clearances Employment agreements Hiring and termination practices Job descriptions Security roles and responsibilities Separation of duties and responsibilities Job rotation Risk Management Concepts Risk identification Risk Analysis (RA) Risk treatment Security Education, Training, and Awareness Programs Awareness Training Education Chapter 7: Software Development Security Distributed Applications Security in distributed systems Working with agents in distributed systems Adding applets to the mix Object-Oriented Environments Databases Database security Data dictionaries Data warehouses Types of databases Database transactions Knowledge-Based Systems Expert systems Neural networks Operating Systems Systems Development Life Cycle Conceptual definition Functional requirements Functional specifications Design Design review Coding Code review Unit test System test Certification and accreditation Maintenance Notes about the life cycle Other models of the system development life cycle Security principles in software development Application Security Controls Process isolation Hardware segmentation Separation of privilege Accountability Defense in depth Abstraction Data hiding System high mode Security kernel Reference monitor Supervisor and User modes Service-Level Agreements (SLAs) System Attack Methods Malicious code Injection attacks Cross-site scripting attacks Cross-site request forgery Escalation of privilege Denial of Service Dictionary attacks Spoofing Spam Social engineering Pseudo flaw Remote maintenance Maintenance hooks Sniffing and eavesdropping Traffic analysis and inference Brute force Antivirus Software Heuristics AV popping up everywhere Perpetrators Hackers Script kiddies Virus writers Bot herders Phreakers Black hats and white hats Chapter 8: Cryptography The Role of Cryptography in Information Security Cryptography Basics Plaintext and ciphertext Encryption and decryption Putting it all together: The cryptosystem Classes of ciphers Types of ciphers Cryptography Alternatives Steganography: A picture is worth a thousand (hidden) words Digital watermarking: The (ouch) low watermark Not Quite the Metric System: Symmetric and Asymmetric Key Systems Symmetric key cryptography Asymmetric key cryptography Message Authentication Digital signatures Message digests Public Key Infrastructure (PKI) Key Management Functions Key Escrow and Key Recovery E-Mail Security Applications Internet Security Applications Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Secure Hypertext Transfer Protocol (S-HTTP) IPSec Multi-Protocol Label Switching (MPLS) Secure Shell (SSH-2) Wireless Transport Layer Security (WTLS) Methods of Attack The Birthday Attack Ciphertext Only Attack (COA) Chosen Text Attack (CTA) Known Plaintext Attack (KPA) Man-in-the-Middle Attack Meet-in-the-Middle Attack Replay Attack Chapter 9: Security Architecture and Design Computer Architecture Hardware Firmware Software Security Architecture Trusted Computing Base (TCB) Open and closed systems Protection rings Security modes Recovery procedures Vulnerabilities in security architectures Security Countermeasures Defense in depth System hardening Heterogeneous environment System resilience Security Models Confidentiality Integrity Availability Access Control Models Evaluation Criteria Trusted Computer System Evaluation Criteria (TCSEC) Trusted Network Interpretation (TNI) European Information Technology Security Evaluation Criteria (ITSEC) Common Criteria System Certification and Accreditation DITSCAP NIACAP DCID 6/3 Chapter 10: Security Operations Administrative Management and Control Job requirements and qualifications Background checks and verification Separation of duties and responsibilities Job rotation Mandatory vacations Need-to-know Least privilege User monitoring Termination of employment Security Operations Concepts Avoiding single points of failure Handling sensitive information Records retention Threats and Countermeasures Errors and Omissions Fraud Hackers and crackers Industrial espionage Loss of physical and infrastructure support Malware Sabotage Theft Security Controls Resource protection Privileged entity controls Change controls Media controls Administrative controls Trusted recovery Security Auditing and Due Care Audit Trails Anatomy of an audit record Types of audit trails How to go looking for trouble Problem management and audit trails Retaining audit logs Protection of audit logs Monitoring Penetration testing Intrusion detection and prevention Violation analysis Keystroke monitoring Traffic and trend analysis Facilities monitoring Responding to events Chapter 11: Business Continuity and Disaster Recovery Planning Defining Disastrous Events Natural disasters Man-made disasters How disasters affect businesses How BCP and DRP Work Together COOPeration is the key Understanding BCP Project Elements Determining BCP Scope Conducting the Business Impact Assessment Vulnerability Assessment Criticality Assessment Identifying key players Establishing Maximum Tolerable Downtime Establish recovery targets Defining Resource Requirements Identifying the Elements of a Business Continuity Plan Emergency response Damage assessment Personnel safety Personnel notification Backups and off-site storage Software escrow agreements External communications Utilities Logistics and supplies Fire and water protection Documentation Data processing continuity planning Developing the BC Plan Making your BCP project a success Simplifying large or complex critical functions Documenting the strategy Implementing the Business Continuity Plan Securing senior management approval Promoting organizational awareness Maintaining the plan Disaster Recovery Planning Developing a Disaster Recovery Plan Preparing for emergency response Notifying personnel Facilitating external communications Maintaining physical and logical security Personnel safety Testing the Disaster Recovery Plan Checklist Structured walkthrough Simulation Parallel Interruption (or cutover) Creating competitive advantage Chapter 12: Legal, Regulations, Investigations, and Compliance Major Types and Classifications of Law Common law International law Major Categories of Computer Crime Business attacks Financial attacks “Fun” attacks Grudge attacks Ideological attacks Military and intelligence attacks Terrorist attacks Types of Laws Relevant to Computer Crimes Intellectual property Privacy and data protection laws Disclosure laws Computer crime and information security laws Investigations Evidence Conducting investigations Incident handling (or response) Professional Ethics (ISC)2 Code of Ethics Internet Architecture Board (IAB) — Ethics and the Internet (RFC 1087) Computer Ethics Institute (CEI) Chapter 13: Physical (Environmental) Security Physical Security Threats Site and Facility Design Considerations Choosing a secure location Designing a secure facility Physical (Environmental) Security Controls Physical access controls Technical controls Environmental and life safety controls Administrative controls Bringing It All Together
Basic Concepts of Access Control Control Types and Purposes Administrative controls Technical controls Physical controls Access Control Services Authentication Authorization Accountability Categories of Access Control System access controls Data access controls Access Control Attacks Evaluating and Testing Access Controls Why test? When and how to test Identity and Access Provisioning Lifecycle
Administrative controls Technical controls Physical controls
Authentication Authorization Accountability
System access controls Data access controls
Why test? When and how to test
Data Network Types Local area network (LAN) Wide area network (WAN) The OSI Reference Model Physical Layer (Layer 1) Data Link Layer (Layer 2) Network Layer (Layer 3) Transport Layer (Layer 4) Session Layer (Layer 5) Presentation Layer (Layer 6) Application Layer (Layer 7) The TCP/IP Model Network Security Firewalls Intrusion detection and prevention systems (IDSs, IPSs, and IDPSs) Remote access Virtual Private Networks (VPNs) Wireless Network (WLAN) Security WLAN components and architectures WLAN security techniques and protocols E-mail, Web, Facsimile, and Telephone Security E-mail security Web security Facsimile security PBX, POTS, and VoIP fraud and abuse Caller ID fraud and abuse Network Attacks and Countermeasures Bluejacking and bluesnarfing Fraggle ICMP flood Session hijacking (spoofing) Smurf SYN flood Teardrop UDP flood
Local area network (LAN) Wide area network (WAN)
Physical Layer (Layer 1) Data Link Layer (Layer 2) Network Layer (Layer 3) Transport Layer (Layer 4) Session Layer (Layer 5) Presentation Layer (Layer 6) Application Layer (Layer 7)
Firewalls Intrusion detection and prevention systems (IDSs, IPSs, and IDPSs) Remote access Virtual Private Networks (VPNs)
WLAN components and architectures WLAN security techniques and protocols
E-mail security Web security Facsimile security PBX, POTS, and VoIP fraud and abuse Caller ID fraud and abuse
Bluejacking and bluesnarfing Fraggle ICMP flood Session hijacking (spoofing) Smurf SYN flood Teardrop UDP flood
Information Security Governance Concepts and Principles Confidentiality Integrity Availability Defense in depth Data Classification Commercial data classification Government data classification Mission Statements, Goals, and Objectives Mission (not-so-impossible) Goals and objectives Policies, Standards, Guidelines, and Procedures Policies Standards (and baselines) Guidelines Procedures Information Security Governance Practices Third-party governance Service-level agreements (SLAs) Identity management Personnel Security Policies and Practices Background checks and security clearances Employment agreements Hiring and termination practices Job descriptions Security roles and responsibilities Separation of duties and responsibilities Job rotation Risk Management Concepts Risk identification Risk Analysis (RA) Risk treatment Security Education, Training, and Awareness Programs Awareness Training Education
Confidentiality Integrity Availability Defense in depth
Commercial data classification Government data classification
Mission (not-so-impossible) Goals and objectives
Policies Standards (and baselines) Guidelines Procedures
Third-party governance Service-level agreements (SLAs) Identity management
Background checks and security clearances Employment agreements Hiring and termination practices Job descriptions Security roles and responsibilities Separation of duties and responsibilities Job rotation
Risk identification Risk Analysis (RA) Risk treatment
Awareness Training Education
Distributed Applications Security in distributed systems Working with agents in distributed systems Adding applets to the mix Object-Oriented Environments Databases Database security Data dictionaries Data warehouses Types of databases Database transactions Knowledge-Based Systems Expert systems Neural networks Operating Systems Systems Development Life Cycle Conceptual definition Functional requirements Functional specifications Design Design review Coding Code review Unit test System test Certification and accreditation Maintenance Notes about the life cycle Other models of the system development life cycle Security principles in software development Application Security Controls Process isolation Hardware segmentation Separation of privilege Accountability Defense in depth Abstraction Data hiding System high mode Security kernel Reference monitor Supervisor and User modes Service-Level Agreements (SLAs) System Attack Methods Malicious code Injection attacks Cross-site scripting attacks Cross-site request forgery Escalation of privilege Denial of Service Dictionary attacks Spoofing Spam Social engineering Pseudo flaw Remote maintenance Maintenance hooks Sniffing and eavesdropping Traffic analysis and inference Brute force Antivirus Software Heuristics AV popping up everywhere Perpetrators Hackers Script kiddies Virus writers Bot herders Phreakers Black hats and white hats
Security in distributed systems Working with agents in distributed systems Adding applets to the mix
Database security Data dictionaries Data warehouses Types of databases Database transactions
Expert systems Neural networks
Conceptual definition Functional requirements Functional specifications Design Design review Coding Code review Unit test System test Certification and accreditation Maintenance Notes about the life cycle Other models of the system development life cycle Security principles in software development
Process isolation Hardware segmentation Separation of privilege Accountability Defense in depth Abstraction Data hiding System high mode Security kernel Reference monitor Supervisor and User modes Service-Level Agreements (SLAs)
Malicious code Injection attacks Cross-site scripting attacks Cross-site request forgery Escalation of privilege Denial of Service Dictionary attacks Spoofing Spam Social engineering Pseudo flaw Remote maintenance Maintenance hooks Sniffing and eavesdropping Traffic analysis and inference Brute force
Heuristics AV popping up everywhere
Hackers Script kiddies Virus writers Bot herders Phreakers Black hats and white hats
The Role of Cryptography in Information Security Cryptography Basics Plaintext and ciphertext Encryption and decryption Putting it all together: The cryptosystem Classes of ciphers Types of ciphers Cryptography Alternatives Steganography: A picture is worth a thousand (hidden) words Digital watermarking: The (ouch) low watermark Not Quite the Metric System: Symmetric and Asymmetric Key Systems Symmetric key cryptography Asymmetric key cryptography Message Authentication Digital signatures Message digests Public Key Infrastructure (PKI) Key Management Functions Key Escrow and Key Recovery E-Mail Security Applications Internet Security Applications Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Secure Hypertext Transfer Protocol (S-HTTP) IPSec Multi-Protocol Label Switching (MPLS) Secure Shell (SSH-2) Wireless Transport Layer Security (WTLS) Methods of Attack The Birthday Attack Ciphertext Only Attack (COA) Chosen Text Attack (CTA) Known Plaintext Attack (KPA) Man-in-the-Middle Attack Meet-in-the-Middle Attack Replay Attack
Plaintext and ciphertext Encryption and decryption Putting it all together: The cryptosystem Classes of ciphers Types of ciphers
Steganography: A picture is worth a thousand (hidden) words Digital watermarking: The (ouch) low watermark
Symmetric key cryptography Asymmetric key cryptography
Digital signatures Message digests
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Secure Hypertext Transfer Protocol (S-HTTP) IPSec Multi-Protocol Label Switching (MPLS) Secure Shell (SSH-2) Wireless Transport Layer Security (WTLS)
The Birthday Attack Ciphertext Only Attack (COA) Chosen Text Attack (CTA) Known Plaintext Attack (KPA) Man-in-the-Middle Attack Meet-in-the-Middle Attack Replay Attack
Computer Architecture Hardware Firmware Software Security Architecture Trusted Computing Base (TCB) Open and closed systems Protection rings Security modes Recovery procedures Vulnerabilities in security architectures Security Countermeasures Defense in depth System hardening Heterogeneous environment System resilience Security Models Confidentiality Integrity Availability Access Control Models Evaluation Criteria Trusted Computer System Evaluation Criteria (TCSEC) Trusted Network Interpretation (TNI) European Information Technology Security Evaluation Criteria (ITSEC) Common Criteria System Certification and Accreditation DITSCAP NIACAP DCID 6/3
Hardware Firmware Software
Trusted Computing Base (TCB) Open and closed systems Protection rings Security modes Recovery procedures Vulnerabilities in security architectures
Defense in depth System hardening Heterogeneous environment System resilience
Confidentiality Integrity Availability Access Control Models
Trusted Computer System Evaluation Criteria (TCSEC) Trusted Network Interpretation (TNI) European Information Technology Security Evaluation Criteria (ITSEC) Common Criteria
DITSCAP NIACAP DCID 6/3
Administrative Management and Control Job requirements and qualifications Background checks and verification Separation of duties and responsibilities Job rotation Mandatory vacations Need-to-know Least privilege User monitoring Termination of employment Security Operations Concepts Avoiding single points of failure Handling sensitive information Records retention Threats and Countermeasures Errors and Omissions Fraud Hackers and crackers Industrial espionage Loss of physical and infrastructure support Malware Sabotage Theft Security Controls Resource protection Privileged entity controls Change controls Media controls Administrative controls Trusted recovery Security Auditing and Due Care Audit Trails Anatomy of an audit record Types of audit trails How to go looking for trouble Problem management and audit trails Retaining audit logs Protection of audit logs Monitoring Penetration testing Intrusion detection and prevention Violation analysis Keystroke monitoring Traffic and trend analysis Facilities monitoring Responding to events
Job requirements and qualifications Background checks and verification Separation of duties and responsibilities Job rotation Mandatory vacations Need-to-know Least privilege User monitoring Termination of employment
Avoiding single points of failure Handling sensitive information Records retention
Errors and Omissions Fraud Hackers and crackers Industrial espionage Loss of physical and infrastructure support Malware Sabotage Theft
Resource protection Privileged entity controls Change controls Media controls Administrative controls Trusted recovery
Anatomy of an audit record Types of audit trails How to go looking for trouble Problem management and audit trails Retaining audit logs Protection of audit logs
Penetration testing Intrusion detection and prevention Violation analysis Keystroke monitoring Traffic and trend analysis Facilities monitoring Responding to events
Defining Disastrous Events Natural disasters Man-made disasters How disasters affect businesses How BCP and DRP Work Together COOPeration is the key Understanding BCP Project Elements Determining BCP Scope Conducting the Business Impact Assessment Vulnerability Assessment Criticality Assessment Identifying key players Establishing Maximum Tolerable Downtime Establish recovery targets Defining Resource Requirements Identifying the Elements of a Business Continuity Plan Emergency response Damage assessment Personnel safety Personnel notification Backups and off-site storage Software escrow agreements External communications Utilities Logistics and supplies Fire and water protection Documentation Data processing continuity planning Developing the BC Plan Making your BCP project a success Simplifying large or complex critical functions Documenting the strategy Implementing the Business Continuity Plan Securing senior management approval Promoting organizational awareness Maintaining the plan Disaster Recovery Planning Developing a Disaster Recovery Plan Preparing for emergency response Notifying personnel Facilitating external communications Maintaining physical and logical security Personnel safety Testing the Disaster Recovery Plan Checklist Structured walkthrough Simulation Parallel Interruption (or cutover) Creating competitive advantage
Natural disasters Man-made disasters How disasters affect businesses
COOPeration is the key
Vulnerability Assessment Criticality Assessment Identifying key players Establishing Maximum Tolerable Downtime Establish recovery targets Defining Resource Requirements
Emergency response Damage assessment Personnel safety Personnel notification Backups and off-site storage Software escrow agreements External communications Utilities Logistics and supplies Fire and water protection Documentation Data processing continuity planning
Making your BCP project a success Simplifying large or complex critical functions Documenting the strategy
Securing senior management approval Promoting organizational awareness Maintaining the plan
Preparing for emergency response Notifying personnel Facilitating external communications Maintaining physical and logical security Personnel safety
Checklist Structured walkthrough Simulation Parallel Interruption (or cutover)
Major Types and Classifications of Law Common law International law Major Categories of Computer Crime Business attacks Financial attacks “Fun” attacks Grudge attacks Ideological attacks Military and intelligence attacks Terrorist attacks Types of Laws Relevant to Computer Crimes Intellectual property Privacy and data protection laws Disclosure laws Computer crime and information security laws Investigations Evidence Conducting investigations Incident handling (or response) Professional Ethics (ISC)2 Code of Ethics Internet Architecture Board (IAB) — Ethics and the Internet (RFC 1087) Computer Ethics Institute (CEI)
Common law International law
Business attacks Financial attacks “Fun” attacks Grudge attacks Ideological attacks Military and intelligence attacks Terrorist attacks
Intellectual property Privacy and data protection laws Disclosure laws Computer crime and information security laws
Evidence Conducting investigations Incident handling (or response)
(ISC)2 Code of Ethics Internet Architecture Board (IAB) — Ethics and the Internet (RFC 1087) Computer Ethics Institute (CEI)
Physical Security Threats Site and Facility Design Considerations Choosing a secure location Designing a secure facility Physical (Environmental) Security Controls Physical access controls Technical controls Environmental and life safety controls Administrative controls Bringing It All Together
Choosing a secure location Designing a secure facility
Physical access controls Technical controls Environmental and life safety controls Administrative controls
Chapter 14: Ten (Okay, Eight) Test Preparation Tips Get a Networking Certification First Register NOW! Make a 60-Day Study Plan Get Organized and READ! Join a Study Group Take Practice Exams Take a CISSP Review Seminar Take a Breather Chapter 15: Ten Test-Day Tips Get a Good Night’s Rest Dress Comfortably Eat a Good Breakfast Arrive Early Bring a Photo ID Bring Snacks and Drinks Bring Prescription and Over-the-Counter Medications Leave Your Cell Phone and Pager Behind Take Frequent Breaks Guess — as a Last Resort Chapter 16: Ten More Sources for Security Certifications ASIS International Check Point Cisco CompTIA CWNP DRI International EC-Council ISACA CISA CISM CRISC CGEIT (ISC)2 SSCP CSSLP CAP CISSP concentrations SANS/GIAC Chapter 17: Ten Security Websites CISSP Open Study Guide Carnegie Mellon SEI CERT Coordination Center Common Vulnerabilities and Exposures Dark Reading (ISC)2 INFOSYSSEC National Institute of Standards and Technology PCI Security Standards Council The SANS Institute WindowSecurity Network Security Library Chapter 18: Ten Essential Reference Books
Get a Networking Certification First Register NOW! Make a 60-Day Study Plan Get Organized and READ! Join a Study Group Take Practice Exams Take a CISSP Review Seminar Take a Breather
Get a Good Night’s Rest Dress Comfortably Eat a Good Breakfast Arrive Early Bring a Photo ID Bring Snacks and Drinks Bring Prescription and Over-the-Counter Medications Leave Your Cell Phone and Pager Behind Take Frequent Breaks Guess — as a Last Resort
ASIS International Check Point Cisco CompTIA CWNP DRI International EC-Council ISACA CISA CISM CRISC CGEIT (ISC)2 SSCP CSSLP CAP CISSP concentrations SANS/GIAC
CISA CISM CRISC CGEIT
SSCP CSSLP CAP CISSP concentrations
CISSP Open Study Guide Carnegie Mellon SEI CERT Coordination Center Common Vulnerabilities and Exposures Dark Reading (ISC)2 INFOSYSSEC National Institute of Standards and Technology PCI Security Standards Council The SANS Institute WindowSecurity Network Security Library
Appendix A: Practice CISSP Exam Appendix B: Glossary