Cissp study guide third edition pdf download

Theft of unencrypted PII has occurred previously and has cost the company many times the value of the laptop in regulatory fines, bad publicity, legal fees, staff hours spent investigating, etc. Tangible assets, such as computers or buildings, are straightforward to calculate.

Intangible assets are more challenging. For example, what is the value of brand loyalty? For example, when looking through past events, you discover that you have suffered 11 lost or stolen laptops per year on average. Your ARO is TCO combines upfront costs often a one-time capital expense plus the annual cost of maintenance, including staff hours, vendor maintenance fees, software subscriptions, etc.

These ongoing costs are usually considered operational expenses. You estimate that it will take four staff hours per laptop to install the software, or staff hours. The math is summarized in Table 1. Implementing laptop encryption will change the EF.

The laptop encryption project has a positive ROI and is a wise investment. Metrics can greatly assist the information security budgeting process. They help illustrate potentially costly risks and demonstrate the effectiveness and potential cost savings of existing controls.

They can also help champion the cause of information security. Options include accepting the risk, mitigating or eliminating the risk, transferring the risk, and avoiding the risk. In some cases, it is cheaper to leave an asset unprotected due to a specific risk, rather than make the effort and spend the money required to protect it.

This cannot be an ignorant decision; all options must be considered before accepting the risk. High and extreme risks cannot be accepted. There are cases where accepting the risk is not an option, such as data protected by laws or regulations and risk to human life or safety. Lowering risk is also called risk reduction, and the process of lowering risk is also called reduction analysis.

The laptop encryption example given in the previous ALE section is an example of mitigating the risk. The risk of lost PII due to stolen laptops was mitigated by encrypting the data on the laptops.

The risk has not been eliminated entirely; a weak or exposed encryption password could expose the PII, but the risk has been reduced to an acceptable level. In some cases, it is possible to remove specific risks entirely; this is called eliminating the risk. Most homeowners do not assume the risk of fire for their houses; they pay an insurance company to assume that risk for them.

The insurance companies are experts in risk analysis; buying risk is their business. If the risk analysis discovers high or extreme risks that cannot be easily mitigated, avoiding the risk and the project may be the best option. Quantitative is more objective; qualitative is more subjective.

Hybrid risk analysis combines the two by using quantitative analysis for risks that may be easily expressed in hard numbers, such as money, and qualitative analysis for the remainder. Calculating the ALE is an example of quantitative risk analysis.

The risk analysis matrix shown previously in Table 1. The guide describes a nine-step risk analysis process: 1. System Characterization 2. Threat Identification 3.

Vulnerability Identification 4. Control Analysis 5. Likelihood Determination 6. Impact Analysis 7. Risk Determination 8. Control Recommendations 9. Information systems may be attacked by a variety of attackers, ranging from script kiddies to worms to militarized attacks. Attackers may use a variety of methods in their attempts to compromise the confidentiality, integrity, and availability of systems.

The term originally described a nonmalicious explorer who used technologies in ways its creators did not intend. A hacktivist is a hacker activist who attacks computer systems for political reasons. Script kiddies attack computer systems with tools of which they have little or no understanding. The outsider seeks to gain unauthorized access. Outsiders launch the majority of attacks, but most are usually mitigated by defense-in-depth perimeter controls.

An insider attack may be intentional or accidental. Insider attackers range from poorly trained administrators who make mistakes to malicious individuals who intentionally compromise the security of systems. An authorized insider who attacks a system may be in a position to cause significant impact. The term zombie is sometimes used to describe a bot. Phishing is a social engineering attack that sometimes includes other attacks, including clientside attacks.

Users who click links in phishing emails may be subject to client-side attacks and theft of credentials. Simply visiting a phishing site is dangerous, and the client may be automatically compromised. Governance helps ensure that a company has the proper administrative controls to mitigate risk. Risk analysis helps ensure that an organization properly identifies, analyzes, and mitigates risk.

An understanding and appreciation of legal systems, concepts, and terms are required of an information security practitioner working in the information-centric world today. The impact of the ubiquity of information systems on legal systems cannot be overstated. Whether the major legal system is civil, common, religious, or a hybrid, information systems have made a lasting impact on legal systems throughout the world, causing the creation of new laws and reinterpretation of existing laws, as well as a new appreciation for the unique aspects that computers bring to the courts.

Finally, the nature of information security and the inherent sensitivity therein makes ethical frameworks an additional point requiring attention. You suffer seven DoS attacks on average per year. You have tested this service and believe it will mitigate the attacks. What is the ARO in the above scenario? Is the DoS mitigation service a good investment? Possible answers Readme. Drag and drop: Identify from the list below items that can be classified as objects. Drag and drop the objects from left to right Fig.

Correct answer and explanation: C. The ARO is the number of attacks in a year. Incorrect answers and explanations: Answers A, B, and D are incorrect. Correct answer and explanation: D. Incorrect answers and explanations: Answers A, B, and C are incorrect. This means it is less expensive to accept the risk of DoS attacks or to find a less expensive mitigation strategy. The annual TCO is higher, not lower. Correct answer and explanation: A. Incorrect answers and explanations: Answers B, C, and D are incorrect.

The second canon requires the security professional to act honorably, honestly, justly, responsibly, and legally. The third mandates that professionals provide diligent and competent service to principals. The final and therefore least important canon wants professionals to advance and protect the profession. Correct answer and explanation: Files, database tables, and tax forms are example of objects, so they should be dragged to the right Fig.

Incorrect answers and explanations: A running process and a user are examples of subjects. Computer Ethics Institute. Ten Commandments of Computer Ethics.

Internet Activities Board. RFC —Ethics and the Internet. Intangible Assets—Recognising their Value. We will discuss data remanence, including newly testable material such as the remanence properties of solid-state drives SSDs , which are a combination of electrically erasable programmable read-only memory EEPROM and random-access memory RAM and have remanence properties that are quite different in comparison to magnetic drives.

The domain wraps up with a discussion of controls determination, including standards, scoping, and tailoring. These formal mechanisms are typically used to protect highly sensitive data, such as government or military data. The object labels used by many world governments are confidential, secret, and top-secret. Clearances must determine the subject's current and potential future trustworthiness; the latter is harder and more expensive to assess.

Some higher-level clearances include access to compartmented information. Compartmentalization is a technical method for enforcing need to know. Most computer systems rely on least privilege and require the users to police themselves by following the set policy and therefore only attempting to obtain access to information of which they have a need to know. Need to know is more granular than least privilege: unlike least privilege, which typically groups objects together, need to know access decisions are based on each individual object.

This section discusses concepts that are an important component of a strong overall information security posture. In addition to primary storage, backup storage must also be considered.

Wherever data exists, there must be processes in place to ensure that the data is not destroyed or inaccessible breach of availability , disclosed breach of confidentiality , or altered breach of integrity. They must understand their role in the organization's information security posture.

Sensitive media should have strict policies regarding its handling. Policies should require the inclusion of written logs detailing the person responsible for the media. Historically, backup media has posed a significant problem for organizations. Retention of sensitive information should not persist beyond this period or legal requirement whichever is greater , as it needlessly exposes the data to threats of disclosure when the data is no longer needed by the organization.

Keep in mind there may be regulatory or other legal reasons that may compel the organization to maintain such data far beyond its time of utility. Each role has a different set of responsibilities in securing an organization's assets. These owners are responsible for ensuring that all organizational assets are protected. Data owners determine data sensitivity labels and the frequency of data backup.

They focus on the data itself, whether in electronic or paper format. A company with multiple lines of business may have multiple data owners. The data owner performs management duties, while custodians, which will be discussed shortly perform the hands-on protection of data. This includes the hardware and software configuration, including updates, patching, etc.

The system owners ensure that the hardware is physically secure, operating systems are patched and up to date, the system is hardened, etc. Technical hands-on responsibilities are delegated to custodians, discussed in the next section.

They perform data backups and restoration, patch systems, configure antivirus software, etc. The custodians follow detailed orders and do not make critical decisions on how data is protected. For example, users must not write their passwords down or share accounts. Users must be made aware of these risks and requirements. They must also be made aware of the penalty for failing to comply with mandatory directives and policies.

Human resources employees are often data controllers, as they create and manage sensitive data, such as salary and benefit data, reports from employee sanctions, etc. Data processors manage data on behalf of data controllers. An outsourced payroll company is an example of a data processor. Data processors manage payroll data, which is used to determine the amount to pay individual employees, on behalf of a data controller, such as an HR department.

Data remanence is data that persists beyond noninvasive means to delete it. Though data remanence is sometimes used specifically to refer to residual data that persists on magnetic storage, remanence concerns go beyond just that of magnetic storage media.

Memory may be chip based, disk based, or tape based. Sequential memory, such as tape, must sequentially read memory, beginning at offset zero, to the desired portion of memory.

Volatile memory, such as RAM, loses integrity after a power loss; nonvolatile memory such as read-only memory ROM , disk, or tape maintains integrity without power. Real or primary memory, such as RAM, is directly accessible by the CPU and is used to hold instructions and data for currently executing processes.

Secondary memory, such as disk-based memory, is not directly accessible. The data most frequently used by the CPU is stored in cache memory. The fastest portion of the CPU cache is the register file, which contains multiple registers. Registers are small storage locations used by the CPU to store instructions and data. The next fastest form of cache memory is Level 1 cache, located on the CPU itself.

Finally, Level 2 cache is connected to but outside of the CPU. Static randomaccess memory SRAM is used for cache memory. It loses integrity after loss of power. The capacitors used by DRAM leak charge, and so they must be continually refreshed to maintain integrity, typically every few to a few hundred milliseconds, depending on the type of DRAM.

Refreshing reads and writes the bits back to memory. SRAM does not require refreshing and maintains integrity as long as power is supplied. PROM can be written to once, typically at the factory. A programmable logic device PLD is a field-programmable device, which means it is programmed after it leaves the factory.

Degaussing destroying data via a strong magnetic field, which we will discuss shortly has no effect on SSDs. While physical disks have physical blocks eg, Block 1 is on a specific physical location on a magnetic disk , blocks on SSDs are logical and are mapped to physical blocks. Also, SSDs do not overwrite blocks that contain data; the device will instead write data to an unused block and mark the previous block unallocated. The TRIM function improves compatibility, endurance, and performance by allowing the drive to do garbage collection in the background.

This collection eliminates blocks of data, such as deleted files. A sector-by-sector overwrite behaves very differently on an SSD versus a magnetic drive, and it does not reliably destroy all data. Destruction is the best method for SSD drives that are physically damaged. Objects may be physical, such as paper files in manila folders, or electronic, such as data on a hard drive. Object reuse attacks range from nontechnical attacks, such as dumpster diving searching for information by rummaging through unsecured trash , to technical attacks, such as recovering information from unallocated blocks on a disk drive.

In both cases, data itself usually remains and can be recovered through the use of forensic tools. Common methods include writing all zeroes or writing random characters. Destructive measures include incineration, pulverizing, and shredding, as well as bathing metal components in acid.

Destroying objects is more secure than overwriting them. It may not be possible to overwrite damaged media, though data may still be recoverable. Highly sensitive data should be degaussed or destroyed, perhaps in addition to overwriting.

Though this term is sometimes used in relation to overwriting of data, here shredding refers to the process of making unrecoverable any data printed on hard copy or on smaller objects, such as floppy or optical disks. Standards, scoping, and tailoring are used to choose and customize which controls are employed. Also, the determination of controls will be dictated by whether the data is at rest or in motion. Certification considers the system, the security measures taken to protect the system, and the residual risk represented by the system.

Accreditation is the data owner's acceptance of the certification and of the residual risk, which is required before the system is put into production. PCI-DSS seeks to protect credit cards by requiring vendors who use them to take specific security precautions. Phase 1 identifies staff knowledge, assets, and threats. Phase 2 identifies vulnerabilities and evaluates safeguards. Phase 3 conducts the risk analysis and develops the risk mitigation strategy.

It presents a hierarchy of requirements for a range of classifications and systems. ISO had 11 areas, focusing on specific information security controls: 1. Policy 2. Organization of information security 3. Asset management 4. Human resources security 5. Physical and environmental security 6. Communications and operations management 7. Access control 8. Information systems acquisition, development, and maintenance 9.

Information security incident management Business continuity management There are 34 IT processes across the 4 domains. Version 5 was released in Apr. Service Design details the infrastructure and architecture required to deliver IT services. Service Transition describes taking new projects and making them operational.

Service Operation covers IT operations controls. For example, an organization that does not employ wireless equipment may declare the wireless provisions of a standard are out of scope and therefore do not apply. Tailoring is the process of customizing a standard for an organization. It begins with controls selection, continues with scoping, and finishes with the application of compensating controls.

Data in motion is data that is being transferred across a network. Each form of data requires different controls for protection, which we will discuss next. These controls are recommended for all mobile devices and media containing sensitive information that may physically leave a site or security zone. Whole-disk encryption of mobile device hard drives is recommended. Partially encrypted solutions, such as encrypted file folders or partitions, often risk exposing sensitive data stored in temporary files, unallocated space, swap space, etc.

Sites using backup media should follow strict procedures for rotating media offsite. Always use a bonded and insured company for offsite media storage.

The company should employ secure vehicles and store media at a secure site. Ensure that the storage site is unlikely to be impacted by the same disaster that may strike the primary site, such as a flood, earthquake, or fire.

This includes data sent over untrusted networks such as the Internet, but VPNs may also be used as an additional defense-in-depth measure on internal networks like a private corporate WAN or private circuits like T1s leased from a service provider. We discussed the roles required to protect data, including business or mission owners, data owners, system owners, custodians, and users. An understanding of the remanence properties of volatile and nonvolatile memory and storage media are critical security concepts to master.

A company outsources payroll services to a third-party company. Which of the following roles most likely applies to the third-party payroll company? Data controller B. Data owner D. Data processor 2. Which managerial role is responsible for the actual computers that house data, including the security of hardware and software configurations?

Custodian B. Data owner C. Mission owner D. System owner 3. What method destroys the integrity of magnetic media, such as tapes or disk drives, and the data they contain by exposing them to a strong magnetic field? Bit-level overwrite B. Degaussing C. Destruction D. Shredding 4. DRAM B. SRAM D. SSD 5. What type of memory stores bits in small capacitors like small batteries?

A third-party payroll company is an example of a data processor. A data owner is a management employee responsible for assuring that specific data is protected. A system owner is responsible for the actual computers that house data, including the security of hardware and software configurations. A custodian is a nonmanager who provides hands-on protection of assets. A data owner is a manager responsible for assuring that specific data is protected.

Correct answer and explanation: B. Degaussing destroys the integrity of magnetic media, such as tapes or disk drives, and the data they contain by exposing them to a strong magnetic field.

Incorrect answers and explanations: Answers A, C, and D are incorrect. A bitlevel overwrite removes data by overwriting every sector of a disk. Destruction physically destroys data; for example, via incineration.

DRAM is relatively inexpensive memory that uses capacitors. EPROM may be erased with ultraviolet light. DRAM stores bits in small capacitors like small batteries. Executive Order —National security information. OECD privacy principles. SSD garbage collection briefly explained. What is TRIM? Next comes cryptography, including core concepts of symmetric encryption, asymmetric encryption, and hash functions.

Finally, we will discuss physical security, where we will learn that safety of personnel is paramount. This is the rule that forbids a secretcleared subject from reading a top-secret object. While Bell-LaPadula, which is discussed shortly, is focused on protecting confidentiality, other models like Biba are focused on integrity. Reading down occurs when a subject reads an object at a lower sensitivity level, such as a top-secret subject reading a secret object.

There are instances when a subject has information and passes that information up to an object, which has higher sensitivity than the subject has permission to access. This is called writing up.

It is focused on maintaining the confidentiality of objects. Protecting confidentiality means users at a lower security level are denied access to objects at a higher security level.

Subjects with a Secret clearance cannot access Top Secret objects, for example. For example: subjects who are logged into a Top Secret system cannot send emails to a Secret system. For every relationship between a subject and an object, there are defined upper and lower access limits implemented by the system.

Subjects have a least upper bound LUB and greatest lower bound GLB of access to the objects based on their lattice position. What if the Secret subject writes erroneous information to a Top Secret object? Integrity models such as Biba address this issue. Biba is the model of choice when integrity protection is vital. This prevents subjects from accessing information at a lower integrity level. This protects integrity by preventing bad information from moving up from lower integrity levels.

This prevents subjects from passing information up to a higher integrity level than they have clearance to change. This protects integrity by preventing bad information from moving up to higher integrity levels. Biba is often used where integrity is more important than confidentiality. Examples include time and location-based information. Biba takes the Bell-LaPadula rules and reverses them, showing how confidentiality and integrity are often at odds.

Because the programs have specific limitations to what they can and cannot do to objects, Clark-Wilson effectively limits the capabilities of the subject. The concept of well-formed transactions provides integrity.

The process is comprised of what is known as the access control triple: user, transformation procedure, and constrained data item. A matrix is a data structure that acts as a lookup table for the operating system. The columns of the table show the access control list ACL for each object or application. The complexity of an issue, such as reading a sector from a disk drive, is contained to one layer; in this case, the hardware layer.

One layer, such as the application layer, is not directly affected by a change to another. Hardware 2. Kernel and device drivers 3. Operating system OS 4. That said, computers are tremendously complex machines, and abstraction provides a way to manage that complexity. More broadly defined, domains are groups of subjects and objects with similar security requirements. The innermost ring is the most trusted, and each successive outer ring is less trusted.

Processes communicate between the rings via system calls, which allow processes to communicate with the kernel and provide a window between the rings.

An open system is not the same as open source. An open system uses standard hardware and software, while open-source software makes source code publicly available. The hardware must provide confidentiality, integrity, and availability for processes, data, and users. The motherboard contains hardware including the CPU, memory slots, firmware, and peripheral slots, such as peripheral component interconnect slots.

The keyboard unit is the external keyboard. Ultimately, everything a computer does is mathematical: adding numbers, which can be extended to subtraction, multiplication, division, etc. CPUs are rated by the number of clock cycles per second.

Fetch Instruction 1 2. Decode Instruction 1 3. Execute Instruction 1 4. Write save Result 1 These four steps take one clock cycle to complete. Each part is called a pipeline stage; the pipeline depth is the number of simultaneous stages that may be completed at once.

A four-stage pipeline can combine the stages of four other instructions: 1. Fetch Instruction 2, Decode Instruction 1 3. This increases the throughput.

A CPU interrupt is a form of hardware interrupt that causes the CPU to stop processing its current task, save the state, and begin processing a new request. When the new task is complete, the CPU will complete the prior task. A heavyweight process HWP is also called a task. A parent process may spawn additional child processes called threads.

A thread is a lightweight process LWP. Threads are able to share memory, resulting in lower overhead compared to heavy weight processes. Multitasking allows multiple tasks heavyweight processes to run simultaneously on one CPU.

Multiprocessing has a fundamental difference from multitasking: it runs multiple processes on multiple CPUs. Virtual memory provides many functions, including multitasking multiple tasks executing at once on one CPU , swapping, and allowing multiple processes to access the same shared library in memory, among others. It first runs the power-on self-test POST , which performs basic tests, including verifying the integrity of the BIOS itself, testing the memory, and identifying system devices, among other tasks.

Once the POST process is complete and successful, it locates the boot sector for systems that boot off disks , which contains the machine code for the operating system kernel. The kernel then loads and executes, and the operating system boots up.

It is often used to support records retention for legal or regulatory compliance. WORM storage helps assure the integrity of the data it contains; there is some assurance that it has not been and cannot be altered, short of destroying the media itself. Not all computer manufacturers employ TPM chips, but the adoption has steadily increased. The TPM chip allows for hardware-based cryptographic operations. Security functions can leverage the TPM for random number generation; the use of symmetric, asymmetric, and hashing algorithms; and secure storage of cryptographic keys and message digests.

The most commonly referenced use case for the TPM chip is ensuring boot integrity. By operating at the hardware level, the TPM chip can help ensure that kernel-mode rootkits are less likely to be able to undermine operating system security.

In addition to boot integrity, TPM is also commonly associated with some implementations of full disk encryption. The two most prominent protections against this attack are data execution prevention DEP and address space location randomization ASLR. Another protection mechanism, ASLR, seeks to make exploitation more difficult by randomizing memory addresses. For example, imagine an adversary develops a successful working exploit on his or her own test machine. When the code is run on a different system using ASLR, the addresses will change, which will probably cause the exploit to fail.

Operating systems provide memory, resource, and process management. It provides the interface between hardware and the rest of the operating system, including applications.

That boot sector contains the beginning of the software kernel machine code, which is then executed. It enforces the system's security policy, such as preventing a normal user from writing to a restricted file, like the system password file. A Type 1 hypervisor, also called bare metal, is part of an operating system that runs directly on host hardware.

A Type 2 hypervisor runs as an application on a normal operating system, such as Windows Many virtualization exploits target the hypervisor, including hypervisor-controlled resources shared between host and guests, or guest and guest. These include cut-andpaste, shared drives, and shared network connections. As discussed previously, complexity is the enemy of security1; the sheer complexity of virtualization software may cause security problems.

Combining multiple guests onto one host may also raise security issues. Virtualization is no replacement for a firewall; never combine guests with different security requirements such as DMZ and internal onto one host. The risk of virtualization escape is called VMEscape, where an attacker exploits the host OS or a guest from another guest. Many network-based security tools, such as network intrusion detection systems, can be blinded by virtualization. A cloud also implies geographic diversity of computer resources.

The goal of cloud computing is to allow large providers to leverage their economies of scale to provide computing resources to other companies that typically pay for these services based on their usage. IaaS provides an entire virtualized operating system, which the customer configures from the OS on up. PaaS provides a preconfigured operating system and the customer configures the applications.

Finally, SaaS is completely configured, from the operating system to applications, and the customer simply uses the application. In all three cases, the cloud provider manages hardware, virtualization software, network, backups, etc.

See Table 3. Private clouds house data for a single organization and may be operated by a third party or by the organization itself. Benefits of cloud computing include reduced upfront capital expenditure, reduced maintenance costs, robust levels of service, and overall operational cost savings.

From a security perspective, taking advantage of public cloud computing services requires strict service level agreements and an understanding of new sources of risk. Leading IT certification experts Robin Abernathy and Troy McMillan share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan. Score: 5. The 10 domains are covered completely and as concisely as possible with an eye to passing the exam thr first time. Each of the 10 domains has its own chapter that includes specially-designed pedagogy to aid you in passing the exam. Each chapter features learning objectives, exam tips, and practice questions with in-depth answer explanations.

Beyond exam prep, the guide also serves as an ideal on-the-job reference for IT security professionals. It also provides additional advice on how to pass each section of the exam.

With expanded coverage of key areas, it also includes a full-length, question practice exam. Fully updated for the CISSP Body of Knowledge, the industry-leading standard for IT professionals Thoroughly covers exam topics, including access control, application development security, business continuity and disaster recovery planning, cryptography, operations security, and physical environmental security Examines information security governance and risk management, legal regulations, investigations and compliance, and telecommunications and network security Features expanded coverage of biometrics, auditing and accountability, software security testing, and many more key topics CISSP: Certified Information Systems Security Professional Study Guide, 6th Edition prepares you with both the knowledge and the confidence to pass the CISSP exam.

This comprehensive study guide covers every aspect of the exam and the latest revision of the CISSP body of knowledge. It offers advice on how to pass each section of the exam and features expanded coverage of biometrics, auditing and accountability, software security testing, and other key topics. Included is a CD with two full-length, question sample exams to test your progress. CISSP certification identifies the ultimate IT security professional; this complete study guide is fully updated to cover all the objectives of the CISSP exam Provides in-depth knowledge of access control, application development security, business continuity and disaster recovery planning, cryptography, Information Security governance and risk management, operations security, physical environmental security, security architecture and design, and telecommunications and network security Also covers legal and regulatory investigation and compliance Includes two practice exams and challenging review questions on the CD Professionals seeking the CISSP certification will boost their chances of success with CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition.

The first part of the book provides questions per domain. You also have access to four unique question practice exams to help you master the material.

As the only official practice tests endorsed by ISC 2, this book gives you the advantage of full and complete preparation. These practice tests align with the version of the exam to ensure up-to-date preparation, and are designed to cover what you'll see on exam day. The CISSP credential signifies a body of knowledge and a set of guaranteed skills that put you in demand in the marketplace.