(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. Mike Chapple
held.
According to the study, employers value certified cybersecurity professionals for a number of qualities, from having increased confidence in strategies and practices to communicating and demonstrating that confidence and competence to customers. Other benefits of certification cited by employers include reducing the impact of a security breach, knowing that technology and best practices are up to date, and enhancing the organization's reputation within its given industry.
In addition to engendering confidence on the part of their employers and organizations, security professionals with cybersecurity certifications can boost their salaries by 27 percent on average. There has never been a better time to use your information technology skills to help protect your organization's infrastructure, information, systems, and processes and to improve and grow in your professional journey.
The CISSP certification is the gold standard for mastery in the field of cybersecurity, demonstrating to employers that you have strong knowledge and skills within a broad range of cybersecurity disciplines and an ability to build and manage nearly all aspects of an organization's security operations. It also signals your commitment to ongoing professional development as you continue to stay abreast of industry changes and sharpen your skills.
This study guide will steer you through the eight subject area domains on which the CISSP exam will test your knowledge. Step by step, it will cover the fundamentals involved in each topic and gradually build toward more focused areas of learning to prepare you, based on the content covered in the (ISC)2 CISSP Common Body of Knowledge (CBK).
As you prepare to sit for the CISSP exam, this guide will help you build a solid understanding of concepts of design, implementation, and management of best-in-class cybersecurity programs, as well as the ethical fidelity required of CISSP holders.
I hope that you will find the (ISC)2® CISSP® Certified Information Systems Security Professional Official Study Guide 9th Edition helpful in your cybersecurity journey, exam preparation, and continued professional growth.
Sincerely,
Clar Rosso
CEO, (ISC)2
Introduction
The (ISC)2® CISSP®: Certified Information Systems Security Professional Official Study Guide, Ninth Edition, offers you a solid foundation for the Certified Information Systems Security Professional (CISSP) exam. By purchasing this book, you've shown a willingness to learn and a desire to develop the skills you need to achieve this certification. This introduction provides you with a basic overview of this book and the CISSP exam.
This book is designed for readers and students who want to study for the CISSP certification exam. If your goal is to become a certified security professional, then the CISSP certification and this study guide are for you. The purpose of this book is to adequately prepare you to take the CISSP exam.
Before you dive into this book, you need to have accomplished a few tasks on your own. You need to have a general understanding of IT and of security. You should have the necessary five years of full-time paid work experience (or four years if you have a college degree) in two or more of the eight domains covered by the CISSP exam. If you are qualified to take the CISSP exam according to (ISC)², then you are sufficiently prepared to use this book to study for it. For more information on (ISC)², see the next section.
(ISC)² also allows for a one-year reduction of the five-year experience requirement if you have earned one of the approved certifications from the (ISC)² prerequisite pathway. These include certifications such as Certified Authorization Professional (CAP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Cisco Certified Internetwork Expert (CCIE), Cisco Certified Network Associate Security (CCNA Security), CompTIA Advanced Security Practitioner (CASP), CompTIA Security+, CompTIA Cybersecurity Analyst (CySA+), and many of the Global Information Assurance Certification (GIAC) certifications. For a complete list of qualifying certifications, visit www.isc2.org/Certifications/CISSP/Prerequisite-Pathway
.
You can use only one of the experience reduction measures, either a college degree or a certification, not both.
If you are just getting started on your journey to CISSP certification and do not yet have the work experience, then our book can still be a useful tool in your preparation for the exam. However, you may find that some of the topics covered assume knowledge that you don't have. For those topics, you may need to do some additional research using other materials, and then return to this book to continue learning about the CISSP topics.
(ISC)2
The CISSP exam is governed by the International Information Systems Security Certification Consortium (ISC)². (ISC)2 is a global nonprofit organization. It has four primary mission goals:
Maintain the Common Body of Knowledge (CBK) for the field of information systems security.
Provide certification for information systems security professionals and practitioners.
Conduct certification training and administer the certification exams.
Oversee the ongoing accreditation of qualified certification candidates through continued education.
(ISC)2 is operated by a board of directors elected from the ranks of its certified practitioners.
(ISC)2 supports and provides a wide variety of certifications, including CISSP, CISSP-ISSAP, CISSP-ISSMP, CISSP-ISSEP, SSCP, CAP, CSSLP, HCISPP, and CCSP. These certifications are designed to verify the knowledge and skills of IT security professionals across all industries. You can obtain more information about (ISC)2 and its other certifications from its website at isc2.org
.
The CISSP credential is for security professionals responsible for designing and maintaining security infrastructure within an organization.
Topical Domains
The CISSP certification covers material from the eight topical domains. These eight domains are as follows:
Domain 1: Security and Risk Management
Domain 2: Asset Security
Domain 3: Security Architecture and Engineering
Domain 4: Communication and Network Security
Domain 5: Identity and Access Management (IAM)
Domain 6: Security Assessment and Testing
Domain 7: Security Operations
Domain 8: Software Development Security
These eight domains provide a vendor-independent overview of a common security framework. This framework is the basis for a discussion on security practices that can be supported in all types of organizations worldwide.
Prequalifications
(ISC)2 has defined the qualification requirements you must meet to become a CISSP. First, you must be a practicing security professional with at least five years’ full-time paid work experience or with four years’ experience and a recent IT or IS degree or an approved security certification (see isc2.org
for details). Professional experience is defined as security work performed for salary or commission within two or more of the eight CBK domains.
Second, you must agree to adhere to a formal code of ethics. The CISSP Code of Ethics is a set of guidelines (ISC)2 wants all CISSP candidates