Aaron Kraus - The Official (ISC)2 CISSP CBK Reference

1 Cover

2 Title Page CISSP: Certified Information Systems Security Professional The Official (ISC) 2® CISSP ® CBK ® Reference Sixth Edition ARTHUR DEANE AARON KRAUS

3 Copyright

4 Lead Authors

5 Technical Reviewer

6 Foreword

7 Introduction

8 DOMAIN 1: Security and Risk Management UNDERSTAND, ADHERE TO, AND PROMOTE PROFESSIONAL ETHICS UNDERSTAND AND APPLY SECURITY CONCEPTS EVALUATE AND APPLY SECURITY GOVERNANCE PRINCIPLES DETERMINE COMPLIANCE AND OTHER REQUIREMENTS UNDERSTAND LEGAL AND REGULATORY ISSUES THAT PERTAIN TO INFORMATION SECURITY IN A HOLISTIC CONTEXT UNDERSTAND REQUIREMENTS FOR INVESTIGATION TYPES DEVELOP, DOCUMENT, AND IMPLEMENT SECURITY POLICY, STANDARDS, PROCEDURES, AND GUIDELINES IDENTIFY, ANALYZE, AND PRIORITIZE BUSINESS CONTINUITY REQUIREMENTS CONTRIBUTE TO AND ENFORCE PERSONNEL SECURITY POLICIES AND PROCEDURES UNDERSTAND AND APPLY RISK MANAGEMENT CONCEPTS UNDERSTAND AND APPLY THREAT MODELING CONCEPTS AND METHODOLOGIES APPLY SUPPLY CHAIN RISK MANAGEMENT CONCEPTS ESTABLISH AND MAINTAIN A SECURITY AWARENESS, EDUCATION, AND TRAINING PROGRAM SUMMARY

9 DOMAIN 2: Asset Security IDENTIFY AND CLASSIFY INFORMATION AND ASSETS ESTABLISH INFORMATION AND ASSET HANDLING REQUIREMENTS PROVISION RESOURCES SECURELY MANAGE DATA LIFECYCLE ENSURE APPROPRIATE ASSET RETENTION DETERMINE DATA SECURITY CONTROLS AND COMPLIANCE REQUIREMENTS SUMMARY

10 DOMAIN 3: Security Architecture and Engineering RESEARCH, IMPLEMENT, AND MANAGE ENGINEERING PROCESSES USING SECURE DESIGN PRINCIPLES UNDERSTAND THE FUNDAMENTAL CONCEPTS OF SECURITY MODELS SELECT CONTROLS BASED UPON SYSTEMS SECURITY REQUIREMENTS UNDERSTAND SECURITY CAPABILITIES OF INFORMATION SYSTEMS ASSESS AND MITIGATE THE VULNERABILITIES OF SECURITY ARCHITECTURES, DESIGNS, AND SOLUTION ELEMENTS SELECT AND DETERMINE CRYPTOGRAPHIC SOLUTIONS UNDERSTAND METHODS OF CRYPTANALYTIC ATTACKS APPLY SECURITY PRINCIPLES TO SITE AND FACILITY DESIGN DESIGN SITE AND FACILITY SECURITY CONTROLS SUMMARY

11 DOMAIN 4: Communication and Network Security ASSESS AND IMPLEMENT SECURE DESIGN PRINCIPLES IN NETWORK ARCHITECTURES SECURE NETWORK COMPONENTS IMPLEMENT SECURE COMMUNICATION CHANNELS ACCORDING TO DESIGN SUMMARY

12 DOMAIN 5: Identity and Access Management CONTROL PHYSICAL AND LOGICAL ACCESS TO ASSETS MANAGE IDENTIFICATION AND AUTHENTICATION OF PEOPLE, DEVICES, AND SERVICES FEDERATED IDENTITY WITH A THIRD-PARTY SERVICE IMPLEMENT AND MANAGE AUTHORIZATION MECHANISMS MANAGE THE IDENTITY AND ACCESS PROVISIONING LIFECYCLE IMPLEMENT AUTHENTICATION SYSTEMS SUMMARY

13 DOMAIN 6: Security Assessment and Testing DESIGN AND VALIDATE ASSESSMENT, TEST, AND AUDIT STRATEGIES CONDUCT SECURITY CONTROL TESTING COLLECT SECURITY PROCESS DATA ANALYZE TEST OUTPUT AND GENERATE REPORT CONDUCT OR FACILITATE SECURITY AUDITS SUMMARY

14 DOMAIN 7: Security Operations UNDERSTAND AND COMPLY WITH INVESTIGATIONS CONDUCT LOGGING AND MONITORING ACTIVITIES PERFORM CONFIGURATION MANAGEMENT APPLY FOUNDATIONAL SECURITY OPERATIONS CONCEPTS APPLY RESOURCE PROTECTION CONDUCT INCIDENT MANAGEMENT OPERATE AND MAINTAIN DETECTIVE AND PREVENTATIVE MEASURES IMPLEMENT AND SUPPORT PATCH AND VULNERABILITY MANAGEMENT UNDERSTAND AND PARTICIPATE IN CHANGE MANAGEMENT PROCESSES IMPLEMENT RECOVERY STRATEGIES IMPLEMENT DISASTER RECOVERY PROCESSES TEST DISASTER RECOVERY PLANS PARTICIPATE IN BUSINESS CONTINUITY PLANNING AND EXERCISES IMPLEMENT AND MANAGE PHYSICAL SECURITY ADDRESS PERSONNEL SAFETY AND SECURITY CONCERNS SUMMARY

15 DOMAIN 8: Software Development Security UNDERSTAND AND INTEGRATE SECURITY IN THE SOFTWARE DEVELOPMENT LIFE CYCLE (SDLC) IDENTIFY AND APPLY SECURITY CONTROLS IN SOFTWARE DEVELOPMENT ECOSYSTEMS ASSESS THE EFFECTIVENESS OF SOFTWARE SECURITY ASSESS SECURITY IMPACT OF ACQUIRED SOFTWARE DEFINE AND APPLY SECURE CODING GUIDELINES AND STANDARDS SUMMARY

16 Index

17 End User License Agreement

1 Chapter 2TABLE 2.1 Examples of Asset Classifications

2 Chapter 3TABLE 3.1 An Example Access MatrixTABLE 3.2 Cloud Service ModelsTABLE 3.3 Cryptographic ApproachesTABLE 3.4 Overview of Block CiphersTABLE 3.5 General Data Center Redundancy Tier Levels

3 Chapter 4TABLE 4.1 IPv4 Network ClassesTABLE 4.2 802.11 Standard AmendmentsTABLE 4.3 Basic Overview of Cellular Wireless TechnologiesTABLE 4.4 Important Characteristics for Common Network Cabling Types

1 Chapter 1FIGURE 1.1 CIA TriadFIGURE 1.2 NIST Cybersecurity FrameworkFIGURE 1.3 Relationship between policies, procedures, standards, and guideli...FIGURE 1.4 Relationship between MTD, RTO, and RPOFIGURE 1.5 Relationship between threats, vulnerabilities, assets, and risks...FIGURE 1.6 Steps for assessing riskFIGURE 1.7 ISO 31000:2018FIGURE 1.8 NIST Risk Management Framework

2 Chapter 2FIGURE 2.1 General benefits of asset classificationFIGURE 2.2 Data de-identification via anonymizationFIGURE 2.3 Data de-identification via maskingFIGURE 2.4 Typical asset management lifecycleFIGURE 2.5 Secure data lifecycleFIGURE 2.6 Relationship between data processor and data controllerFIGURE 2.7 Data states and examplesFIGURE 2.8 Tailoring process

3 Chapter 3FIGURE 3.1 N-tier architectureFIGURE 3.2 Finite state modelFIGURE 3.3 Simple Security Property and Star Property rulesFIGURE 3.4 Simple Integrity Property and Star Integrity Property rulesFIGURE 3.5 Brewer–Nash security modelFIGURE 3.6 Plan-Do-Check-Act cycleFIGURE 3.7 Operating system memory protectionFIGURE 3.8 Trusted Platform Module processesFIGURE 3.9 The cloud shared responsibility model for IaaS, PaaS, and SaaSFIGURE 3.10 Components of the Mirai DDoS BotNet attackFIGURE 3.11 Monoliths and microservicesFIGURE 3.12 An operating system efficiently allocates hardware resources bet...FIGURE 3.13 Type 1 and Type 2 hypervisorsFIGURE 3.14 ECB, CBC and CFB block encryption implementationsFIGURE 3.15 Stream cipher encryption algorithmFIGURE 3.16 Block cipher encryption algorithmFIGURE 3.17 Multiple rounds of mathematical functions in block ciphersFIGURE 3.18 Block cipher with substitution of S-boxesFIGURE 3.19 Block cipher with permutation of P-boxesFIGURE 3.20 Adding padding at the end of a message in a block cipherFIGURE 3.21 ECB padding produces serious weaknesses for longer messagesFIGURE 3.22 CBC mode encryptionFIGURE 3.23 CFB mode encryptionFIGURE 3.24 CTR mode encryptionFIGURE 3.25 Elliptic curveFIGURE 3.26 A certificate chain protects a CA's root private keyFIGURE 3.27 Producing and verifying a digital signatureFIGURE 3.28 Steps for using a cryptographic hash to detect tampering of a me...FIGURE 3.29 HMAC process

4 Chapter 4FIGURE 4.1 The OSI reference modelFIGURE 4.2 TCP three-way handshakeFIGURE 4.3 The TCP/IP reference modelFIGURE 4.4 Comparison of the OSI and TCP/IP modelsFIGURE 4.5 NAT implemented on a perimeter firewallFIGURE 4.6 Man-in-the-middle attackFIGURE 4.7 Virtual local area networkFIGURE 4.8 Multiple firewall deployment architectureFIGURE 4.9 Ring topologyFIGURE 4.10 Linear bus and tree bus topologiesFIGURE 4.11 Star topologyFIGURE 4.12 Mesh topologyFIGURE 4.13 Common areas of increased risk in remote access

5 Chapter 5FIGURE 5.1 The access management lifecycle

6 Chapter 6FIGURE 6.1 Pen test phases

7 Chapter 7FIGURE 7.1 Security perimeters

8 Chapter 8FIGURE 8.1 The Waterfall modelFIGURE 8.2 Scrum process flowFIGURE 8.3 SAMM domains and practices

1 Cover

2 Table of Contents

3 Title Page CISSP: Certified Information Systems Security Professional The Official (ISC) 2® CISSP ® CBK ® Reference Sixth Edition ARTHUR DEANE AARON KRAUS

4 Copyrigt

5 Lead Authors

6 Technical Reviewer

7 Foreword

8 Introduction

9 Begin Reading

10 Index