• forward arrow
    Main Menu

  • Book & Article Categories

  • forward arrow
    Main Menu

  • Book & Article Categories

Home
Academics & The Arts Books
Study Skills & Test Prep Books
CISSP Books
Lawrence C. Miller
Peter H. Gregory
|
Published:
March 15, 2022

CISSP For Dummies

Buy Now
Subscribe on Perlego
Engage with Book

Overview

Showcase your security expertise with the highly regarded CISSP certification

The CISSP certification, held by more than 150,000 security professionals worldwide, is the gold standard of cybersecurity certifications. The CISSP Exam certifies cybersecurity professionals and opens doors for career advancement. Fully updated and revised to reflect the 2024 ISC2 CISSP Exam Outline, CISSP For Dummies is packed with helpful content for all eight security domains. This book includes access to online study tools such as practice questions and digital flashcards, boosting your likelihood of success on the exam. Plus, you'll feel prepared and ready for test day thanks to a 60-day study plan. Boost your security career with this Dummies study guide.

  • Review all the content covered in the latest CISSP Exam
  • Test with confidence and achieve your certification as a cybersecurity professional
  • Study smarter, thanks to online practice resources and a 60-day study plan
  • Enhance your career with the in-demand CISSP certification
  • Continue advancing your career and the profession through speaking and mentoring opportunities

With up-to-date content and valuable test prep features, this book is a one-and-done resource for any cybersecurity professional studying for the CISSP exam.

Read More

About The Author

Lawrence C. Miller, CISSP, is a Navy veteran, information security professional, and author of more than 250 For Dummies books. Peter H. Gregory, CISSP, is a seasoned For Dummies author, as well as a security, risk, and technology director with experience in SaaS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond.

Sample Chapters

Read Sample
cissp for dummies

CHEAT SHEET

The Certified Information Systems Security Professional (CISSP) certification is based upon a Common Body of Knowledge (CBK) determined by the International Information Systems Security Certification Consortium, Inc. (ISC2). It is defined through eight tested domains: Security and Risk Management; Asset Security; Security Engineering; Communication and Network Security; Identity and Access Management; Security Assessment and Testing; Security Operations; and Software Development Security.
View Cheat Sheet
View Cheat Sheet

HAVE THIS BOOK?

View Book Companion Site
Access practice tests
Additional Book Resources

Articles from
the book

The International Information System Security Certification Consortium (ISC)2 has several other certifications, including some that you may aspire to earn after (or instead of) receiving your Certified Information Systems Security Professional (CISSP) credential. These certifications are CCFP® (Certified Cyber Forensics Professional): This is a certification for forensics and security incident responders.
Read More
Read More
The business of information security is all about risk management. For the CISSP exam, you need to understand and apply risk management concepts. A risk consists of a threat and a vulnerability of an asset: Threat: Any natural or man-made circumstance or event that could have an adverse or undesirable impact, minor or major, on an organizational asset or process.
Read More
Read More
Embedded devices encompass the wide variety of systems and devices that are Internet connected. Mainly, we’re talking about devices that are not human connected in the computing sense. Examples of such devices include Automobiles and other vehicles. Home appliances, such as clothes washers and dryers, ranges and ovens, refrigerators, thermostats, televisions, video games, video surveillance systems, and home automation systems.
Read More
Read More
Mobile systems include the operating systems and applications on smartphones, tablets, phablets, smart watches, and wearables. The most popular operating system platforms for mobile systems are Apple iOS, Android, and Windows 10.The vulnerabilities that are found on mobile systems include Lack of robust resource access controls.
Read More
Read More
Web-based systems contain many components, including application code, database management systems, operating systems, middleware, and the web server software itself. These components may, individually and collectively, have security design or implementation defects. Some of the defects present include these: Failure to block injection attacks.
Read More
Read More
The CISSP exam is demanding, but if you've worked your way through the Common Body of Knowledge and know your stuff when it comes to areas such as network security and disaster recovery, you should do fine — as long as you've also read CISSP For Dummies and take the following CISSP exam test day tips to heart: Get a Good Night's Rest.
Read More
Read More
The Certified Information Systems Security Professional (CISSP) certification is based upon a Common Body of Knowledge (CBK) determined by the International Information Systems Security Certification Consortium, Inc. (ISC2). It is defined through eight tested domains: Security and Risk Management; Asset Security; Security Engineering; Communication and Network Security; Identity and Access Management; Security Assessment and Testing; Security Operations; and Software Development Security.
Read More
Read More
Models are used to express access control requirements in a theoretical or mathematical framework that precisely describes or quantifies real access control systems. Common access control models include Bell-LaPadula, Access Matrix, Take-Grant, Biba, Clark-Wilson, Information Flow, and Non-interference. Bell-LaPadula, Access Matrix, and Take-Grant models address confidentiality of stored information.
Read More
Read More
Basic computer (system) architecture refers to the structure of a computer system and comprises its hardware, firmware, and software. The CompTIA A+ certification exam covers computer architecture in depth and is an excellent way to prepare for this portion of the CISSP examination.Hardware Hardware consists of the physical components in computer architecture.
Read More
Read More
In an effort to combat identity theft, many U.S. states have passed disclosure laws that compel organizations to publicly disclose security breaches that may result in the compromise of personal data.Although these laws typically include statutory penalties, the damage to an organization’s reputation and the potential loss of business — caused by the public disclosure requirement of these laws — can be the most significant and damaging aspect to affected organizations.
Read More
Read More
Email has emerged as one of the most important communication mediums in our global economy, with over 50 billion email messages sent worldwide every day. Unfortunately, spam accounts for as much as 85 percent of that email volume. Spam is more than a minor nuisance — it's a serious security threat to all organizations worldwide.
Read More
Read More
The CISSP candidate should be familiar with the tools and objectives of security awareness, training, and education programs. Adversaries are well aware that, as organizations’ technical defenses improve, the most effective way to attack an organization is through its staff. Hence, all personnel in an organization need to be aware of attack techniques so that they can be on the lookout for these attacks and not be fooled by them.
Read More
Read More
Evaluation criteria provide a standard for quantifying the security of a computer system or network. These criteria include the Trusted Computer System Evaluation Criteria (TCSEC), Trusted Network Interpretation (TNI), European Information Technology Security Evaluation Criteria (ITSEC), and the Common Criteria.
Read More
Read More
For the International Information System Security Certification Consortium (ISC)2 CISSP exam, you must fully understand and be able to apply security governance principles including the following: Alignment of security function to business strategy, goals, mission, and objectives Organizational processes Security roles and responsibilities Control frameworks Due care Due diligence Alignment of security function to business strategy, goals, mission, and objectives In order for an information security program to be effective, it must be aligned with the organization’s mission, strategy, goals, and objectives; thus, you must understand the differences and relationships between an organization’s mission statement, strategy, goals, and objectives.
Read More
Read More
Being an active International Information System Security Certification Consortium (ISC)2 member is easy! Besides volunteering, you can participate in several other activities including: Attend the (ISC)2 Congress. For years, (ISC)2 rode the coattails of ASIS (formerly the American Society for Industrial Security — we blame Kentucky Fried Chicken for becoming “KFC” and starting the trend of businesses and organizations dropping the original meaning behind their acronyms!
Read More
Read More
Regularly, technology and security professionals ask which certifications they should earn next. Your decision depends on where you are now and where you want your career to go. There is no single “right” certification for everyone — determining which certification you should seek is a very individual thing.When considering other certifications, ask yourself the following questions: Where am I in my career right now?
Read More
Read More
Integrating security risk considerations into supply chain management and merger and acquisition strategy helps to minimize the introduction of new or unknown risks into the organization.It is often said that security in an organization is only as strong as its weakest link. In the context of service providers, mergers, and acquisitions, the security of all organizations in a given ecosystem will be dragged down by shoddy practices in any one of them.
Read More
Read More
A basic understanding of the major types and classifications of U.S. and international law, including key concepts and terms, is required for the CISSP exam. Common law Common law (also known as case law) originated in medieval England, and is derived from the decisions (or precedents) of judges. Common law is based on the doctrine of stare decisis (“let the decision stand”) and is often codified by statutes.
Read More
Read More
Organizations other than International Information System Security Certification Consortium (ISC)2 have security-related certifications, one or more of which may be right for you. None of these certifications directly compete with CISSP, but some of them do overlap with CISSP somewhat. Non-technical/non-vendor certifications There are many other certifications available that are not tied to specific hardware or software vendors.
Read More
Read More
Privacy and data protection laws are enacted to protect information collected and maintained on individuals from unauthorized disclosure or misuse. Privacy laws are one area in which the United States lags behind many others, particularly the European Union (EU) and its General Data Protection Regulation (GDPR), which has defined increasingly restrictive privacy regulations that regulate the transfer of personal information to countries (including the United States) that don’t equally protect such information.
Read More
Read More
Two key elements of risk management are the risk assessment and risk treatment. Risk can never be completely eliminated. Given sufficient time, resources, motivation, and money, any system or environment, no matter how secure, can eventually be compromised. Some threats or events, such as natural disasters, are entirely beyond our control and often unpredictable.
Read More
Read More
If you ask an experienced security and risk professional about risk frameworks, chances are they will think you are talking about either risk assessment frameworks or risk management frameworks. You need to understand the difference for the CISSP Exam. These frameworks are distinct but deal with the same general subject matter: identification of risk that can be treated in some way.
Read More
Read More
Various security controls and countermeasures that should be applied to security architecture, as appropriate, include defense in depth, system hardening, implementation of heterogeneous environments, and designing system resilience. Defense in depth Defense in depth is a strategy for resisting attacks. A system that employs defense in depth will have two or more layers of protective controls that are designed to protect the system or data stored there.
Read More
Read More
On the CISSP exam, you need to be able to recognize the techniques used to identify and fix vulnerabilities in systems and the techniques for security assessments and testing for the various types of systems. Client-based systems The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications.
Read More
Read More
Not only does "chance favor the prepared mind" — the CISSP exam does too! So make sure that you've prepared yourself well for your upcoming CISSP exam. Your task may seem a bit overwhelming, but take things one step at a time and be sure to heed the following tips for CISSP exam success: Register NOW! Go online and register for the CISSP exam NOW!
Read More
Read More
Load More Articles

Related Books

0:00
0:00
Listen now
Pause
https://cdn.prod.website-files.com/6630d85d73068bc09c7c436c/69195ee32d5c606051d9f433_4.%20All%20For%20You.mp3

Frequently Asked Questions

No items found.

Get a Subscription