Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide

James Michael Stewart,CISSP, CEH, CHFI, ECSA, CND, ECIH, CySA+, PenTest+, CASP+, Security+, Network+, A+, CISM, and CFR, has been writing and training for more than 25 years, with a current focus on security. He has been teaching CISSP training courses since 2002, not to mention other courses on internet security and ethical hacking/penetration testing. He is the author of and contributor to more than 75 books on security certification, Microsoft topics, and network administration, including CompTIA Security+ Review Guide: Exam SY0-601 . More information about Michael can be found at his website at www.impactonline.com.

Darril Gibson,CISSP, Security+, CASP, is the CEO of YCDA (short for You Can Do Anything), and he has authored or coauthored more than 40 books. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications. He regularly posts blog articles at blogs.getcertifiedgetahead.comabout certification topics and uses that site to help people stay abreast of changes in certification exams. He loves hearing from readers, especially when they pass an exam after using one of his books, and you can contact him through the blogging site.

Jerry Rayome, BS/MS Computer Science, CISSP, has been employed as a member of the Cyber Security Program at Lawrence Livermore National Laboratory for over 20 years, providing cybersecurity services that include software development, penetrative testing, incident response, firewall implementation/administration, firewall auditing, honeynet deployment/monitoring, cyber forensic investigations, NIST 800-53 control implementation/assessment, cloud risk assessment, and cloud security auditing.

Chris Craytonis a technical consultant, trainer, author, and industry-leading technical editor. He has worked as a computer technology and networking instructor, information security director, network administrator, network engineer, and PC specialist. Chris has authored several print and online books on PC repair, CompTIA A+, CompTIA Security+, and Microsoft Windows. He has also served as technical editor and content contributor on numerous technical titles for several leading publishing companies. He holds numerous industry certifications, including CISSP, MCSE, CompTIA S+, N+, A+, and many others. He has also been recognized with many professional and teaching awards, and he has served as a state-level SkillsUSA final competition judge.

Aaron Kraus,CISSP, CCSP, is an information security practitioner, instructor, and author who has worked across industries and around the world. He has spent more than 15 years as a consultant or security risk manager in roles with government, financial services, and tech startups, including most recently in cyber risk insurance, and has spent 13 years teaching, writing, and developing security courseware at Learning Tree International, where he is also dean of cybersecurity curriculum. His writing and editing experience includes official (ISC) 2reference books, practice exams, and study guides for both CISSP and CCSP.

Welcome to the (ISC)2® CISSP® Certified Information Systems Security Professional Official Study Guide, 9th Edition .

Data from the 2020 Cybersecurity Workforce Study shows that 47 percent of employers require their security staff to hold vendor-neutral cybersecurity certifications and that the Certified Information Systems Security Professional (CISSP) is the most commonly held.

According to the study, employers value certified cybersecurity professionals for a number of qualities, from having increased confidence in strategies and practices to communicating and demonstrating that confidence and competence to customers. Other benefits of certification cited by employers include reducing the impact of a security breach, knowing that technology and best practices are up to date, and enhancing the organization's reputation within its given industry.

In addition to engendering confidence on the part of their employers and organizations, security professionals with cybersecurity certifications can boost their salaries by 27 percent on average. There has never been a better time to use your information technology skills to help protect your organization's infrastructure, information, systems, and processes and to improve and grow in your professional journey.

The CISSP certification is the gold standard for mastery in the field of cybersecurity, demonstrating to employers that you have strong knowledge and skills within a broad range of cybersecurity disciplines and an ability to build and manage nearly all aspects of an organization's security operations. It also signals your commitment to ongoing professional development as you continue to stay abreast of industry changes and sharpen your skills.

This study guide will steer you through the eight subject area domains on which the CISSP exam will test your knowledge. Step by step, it will cover the fundamentals involved in each topic and gradually build toward more focused areas of learning to prepare you, based on the content covered in the (ISC) 2CISSP Common Body of Knowledge (CBK).

As you prepare to sit for the CISSP exam, this guide will help you build a solid understanding of concepts of design, implementation, and management of best-in-class cybersecurity programs, as well as the ethical fidelity required of CISSP holders.

I hope that you will find the (ISC)2® CISSP® Certified Information Systems Security Professional Official Study Guide 9th Edition helpful in your cybersecurity journey, exam preparation, and continued professional growth.

Sincerely,

Clar Rosso

CEO, (ISC) 2

The ( ISC ) 2® CISSP®: Certified Information Systems Security Professional Official Study Guide, Ninth Edition, offers you a solid foundation for the Certified Information Systems Security Professional (CISSP) exam. By purchasing this book, you've shown a willingness to learn and a desire to develop the skills you need to achieve this certification. This introduction provides you with a basic overview of this book and the CISSP exam.

This book is designed for readers and students who want to study for the CISSP certification exam. If your goal is to become a certified security professional, then the CISSP certification and this study guide are for you. The purpose of this book is to adequately prepare you to take the CISSP exam.

Before you dive into this book, you need to have accomplished a few tasks on your own. You need to have a general understanding of IT and of security. You should have the necessary five years of full-time paid work experience (or four years if you have a college degree) in two or more of the eight domains covered by the CISSP exam. If you are qualified to take the CISSP exam according to (ISC)², then you are sufficiently prepared to use this book to study for it. For more information on (ISC)², see the next section.

(ISC)² also allows for a one-year reduction of the five-year experience requirement if you have earned one of the approved certifications from the (ISC)² prerequisite pathway. These include certifications such as Certified Authorization Professional (CAP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Cisco Certified Internetwork Expert (CCIE), Cisco Certified Network Associate Security (CCNA Security), CompTIA Advanced Security Practitioner (CASP), CompTIA Security+, CompTIA Cybersecurity Analyst (CySA+), and many of the Global Information Assurance Certification (GIAC) certifications. For a complete list of qualifying certifications, visit www.isc2.org/Certifications/CISSP/Prerequisite-Pathway.