CISSP® Certified Information Systems Security Professional Study Guide


This book offers you a solid foundation for the Certified Information Systems Security Professional (CISSP) exam. By purchasing this book, you’ve shown a willingness to learn and a desire to develop the skills you need to achieve this certification. This introduction provides you with a basic overview of this book and the CISSP exam. This book is designed for readers and students who want to study for the
CISSP certification exam. If your goal is to become a certified security professional, then the CISSP certification and this study guide are for you. The purpose of this book is to adequately prepare you to pass the CISSP exam. Before you dive into this book, you need to have accomplished a few tasks
on your own. You need to have a general understanding of IT and of security.

You should have the necessary 4 years of experience (or 3 years plus a college degree) in one of the 10 domains covered by the CISSP exam. If you are qualified to take the CISSP exam according to (ISC)2, then you are sufficiently prepared to use this book to study for the CISSP exam. For more information on (ISC)2, see the (ISC)2 section later in the Introduction.

How to Use This Book

As with any study guide or exam preparation book, the more time you spend reading the material and working through practice questions, the more you’ll retain. We can’t emphasize enough the need to understand the concepts presented in this book.

To get the most out of this book, here is a recommended procedure for working through the material:

  1. Read each chapter carefully and completely.
  2. Review all of the end-of-chapter elements to refine and focus your
    knowledge and understanding of the material from each chapter.
  3. Work through the end-of-chapter review questions. If you have problems with any subject, reread the section that covers it.
  4. After completing the entire book, take the practice exams on the CD.
  5. Print out the flashcards and use them to further your study.

Notes on This Book’s Organization

This book is was designed to cover each of the 10 CISSP Common Body of Knowledge (CBK) domains in sufficient depth to provide you with a clear understanding of the material. The main body of this book comprises 19 chapters. The first 9 domains are each covered by 2 chapters, and the final domain (Physical Security) is covered in Chapter 19. The domain/chapter breakdown is as follows:

Chapters 1 and 2 Access Control Systems and Methodology
Chapters 3 and 4 Telecommunications and Network Security
Chapters 5 and 6 Security Management Practices
Chapters 7 and 8 Applications and Systems Development Security
Chapters 9 and 10 Cryptography
Chapters 11 and 12 Security Architecture and Models
Chapters 13 and 14 Operations Security
Chapters 15 and 16 Business Continuity Planning (BCP) and Disaster
Recovery Planning (DRP)
Chapters 17 and 18 Law, Investigation, and Ethics
Chapter 19 Physical Security

Each chapter includes elements to help you focus your studies and test your knowledge. These include exam essentials, key terms, and review questions. The exam essentials point out key topics to know for the exam. The key terms list includes the unique terminology presented in the chapter. Each key term is defined in the glossary at the end of the book for your convenience. Review questions test your knowledge retention for the material covered in the chapter…