CISSP: Certified Information Systems Security Professional Study Guide

Ch. 1 Accountability and Access Control 1

Ch. 2 Attacks and Monitoring 41

Ch. 3 ISO Model, Network Security, and Protocols 71

Ch. 4 Communications Security and Countermeasures 113

Ch. 5 Security Management Concepts and Principles 143

Ch. 6 Asset Value, Policies, and Roles 169

Ch. 7 Data and Application Security Issues 207

Ch. 8 Malicious Code and Application Attacks 249

Ch. 9 Cryptography and Private Key Algorithms 291

Ch. 10 PKI And Cryptographic Applications 331

Ch. 11 Principles of Computer Design 369

Ch. 12 Principles of Security Models 405

Ch. 13 Administrative Management 435

Ch. 14 Auditing and Monitoring 463

Ch. 15 Business Continuity Planning 495

Ch. 16 Disaster Recovery Planning 527

Ch. 17 Law and Investigations 567

Ch. 18 Incidents and Ethics 611

Ch. 19 Physical Security Requirements 639

Glossary:

* (star) Integrity Axiom, * (star) Security Property, 1000Base-T, 100Base-TX, 10Base2, 10Base5, 10Base-T

abnormal activity, abstraction, accepting risk, access control, access control list (ACL), access control matrix, access tracking, account lockout, accountability, accreditation, ActiveX, Address Resolution Protocol (ARP), addressing, administrative access controls, administrative law, administrative physical security controls, admissible evidence, Advanced Encryption Standard (AES), advisory policy, agent, aggregate functions, aggregation, alarm, alarm triggers, AND, annualized loss expectancy (ALE), annualized rate of occurrence (ARO), anomaly detection, applet, Application layer, application-level gateway firewall, asset, asset valuation, asset value (AV), assigning risk, asymmetric key, asynchronous dynamic password token, asynchronous transfer mode (ATM), attack, attacker, attenuation, attribute, audit trails, auditing, auditor, authentication, Authentication Header (AH), Authentication Service (AS), authorization, auxiliary alarm system, availability, awareness

badges, Base+Offset addressing, baseband, baseline, Basic Input/Output System (BIOS), Basic Rate Interface (BRI), behavior-based detection, Bell-LaPadula model, best evidence rule, Biba model, biometrics, birthday attack, blackout, block cipher, Blowfish, boot sector, bot, bounds, breach, broadband, broadcast, broadcast address, brownout, brute force attack, buffer overflow, business attack, Business Continuity Planning (BCP), Business Impact Assessment (BIA)

cache RAM, campus area network (CAN), capabilities list, capability list, centralized access control, centralized alarm system, certificate authority, certificates, certification, chain of evidence, Challenge Handshake Authentication Protocol (CHAP), challenge-response token, change control, change control management, change management, checklist test, Children's Online Privacy Protection Act (COPPA), chosen ciphertext attack, chosen plaintext attack, CIA Triad, cipher, Cipher Block Chaining (CBC), Cipher Feedback (CFB), ciphertext, civil laws, Clark-Wilson model, classification level, clean power, clearing, click-wrap license, closed head system, coaxial cable, code, cognitive password, cold sites, collision attack, collusion, commercial business/private sector classification, Committed Information Rate (CIR), Common Body of Knowledge (CBK), common mode noise, companion virus, compartmented mode, compartmented security mode, competent, compliance checking, compliance testing, compromise, computer architecture, computer crime, Computer Fraud and Abuse Act, Computer Security Act (CSA) of 1987, Confidential, confidentiality, configuration control management, confinement, confusion, continuity, contractual license agreement, control, controls gap, copyright, corrective access control, corrective controls, countermeasures, covert channel, covert storage channel, covert timing channel, cracker, criminal law, critical path analysis, Crossover Error Rate (CER), cryptanalysis, cryptographic key, cryptography, cryptosystem, custodian, cyclic redundancy check (CRC)

data circuit-terminating equipment (DCE), data classification, data custodian, Data Encryption Standard (DES), data extraction, data hiding, Data Link layer, data mining, data owner, data terminal equipment (DTE), data warehouse, database, database management system (DBMS), decentralized access control, decrypt, dedicated mode, dedicated security mode, deencapsulation, degaussing, Delphi technique, deluge system, denial of service (DoS), deny risk, detective access control, detective control, dictionary attack, differential backup, Diffie-Hellman algorithm, diffusion, Digital Millennium Copyright Act, digital signature, Digital Signature Standard (DSS), direct addressing, directive control, disaster, disaster recovery plan, Disaster Recovery Planning (DRP), discretionary access control, Discretionary Security Property, distributed access control, distributed denial of service (DDoS), distributed reflective denial of service (DRDoS), documentary evidence, domain, dry pipe system, due care, due diligence, dumb cards, dumpster diving, dynamic packet-filtering firewalls, dynamic passwords

eavesdropping, Economic Espionage Act of 1996, education, El Gamal, electronically erasable PROM (EEPROM), electromagnetic interference (EMI), Electronic Codebook (ECB), Electronic Communications Privacy Act (ECPA), electronic vaulting, elliptic curve cryptography, elliptic curve group, employee, employment agreement, Encapsulating Security Payload (ESP), encapsulation, encrypt, encryption, end user, end-to-end encryption, enrollment, entity, erasable PROM (EPROM), erasing, espionage, Ethernet, ethics, evidence, exit interview, expert system, exposure, exposure factor (EF), extranet

face scan, False Acceptance Rate (FAR), False Rejection Rate (FRR), Family Educational Rights and Privacy Act (FERPA), fault, fence, Fiber Distributed Data Interface (FDDI), fiber-optic, file infector, financial attack, fingerprints, firewall, firmware, flooding, Fourth Amendment, fragment, fragmentation attacks, Frame Relay, full backup, full-interruption tests, fun attacks

gate, gateway, Government Information Security Reform Act of 2000, government/military classification, Gramm-Leach-Bliley (GLB) Act, ground, group, grudge attack, guideline

hacker, Halon, handshaking, hardware, hardware segmentation, hash, hash function, hash total, hash value, Hashed Message Authentication Code (HMAC), Health Insurance Portability and Accountability Act (HIPAA), hearsay evidence, heart/pulse pattern, heuristics-based detection, High-Speed Serial Interface (HSSI), High-Level Data Link Control (HDLC), hijack attack, honey pot, host-based IDS, hot site, hub, Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

identification, identification card, Identity Theft and Assumption Deterrence Act, ignore risk, immediate addressing, inappropriate activities, incident, incremental backups, indirect addressing, industrial espionage, inference, inference engine, information flow model, informative policy, inrush, Integrated Services Digital Network (ISDN), integrity, intellectual property, International Data Encryption Algorithm (IDEA), International Standards Organization (ISO), Internet Key Exchange (IKE), Internet Message Access Protocol (IMAP), Internet Security Association and Key Management Protocol, (ISAKMP), intranet, intrusion, intrusion detection, intrusion detection system (IDS), IP Payload Compression (IPcomp) protocol, IP probes, IP Security (IPSec), IP spoofing, iris scans, isolation

Java, job description, job responsibilities, job rotation

Kerberos, kernel proxy firewalls, key, Key Distribution Center (KDC), keystroke monitoring, keystroke patterns, knowledge base, knowledge-based detection, known plaintext attack, KryptoKnight

land attack, lattice-based access control, layer 1, layer 2, layer 3, layer 4, layer 5, layer 6, layer 7, Layer 2 Forwarding (L2F), Layer Two Tunneling Protocol (L2TP), layering, licensing, lighting, link encryption, local alarm systems, local area network (LAN), log analysis, logging, logic bomb, logical access control, logon credentials

macro viruses, mailbombing, maintenance, maintenance hooks, malicious code, mandatory access control, mandatory vacations, man-in-the-middle attack, man-made disasters, mantrap, masquerading, massively parallel processing (MPP), Master Boot Record (MBR), Master Boot Record (MBR) virus, maximum tolerable downtime (MTD), MD2 (Message Digest 2), MD4, MD5, mean time to failure (MTTF), Media Access Control (MAC) address, meet-in-the-middle attack, memory, message digest (MD), microcode, middle management, military and intelligence attacks, MIME Object Security Services (MOSS), mitigated, mitigate risk, mobile sites, modulo, monitoring, motion detector, motion sensor, multicast, multilevel mode, multilevel security mode, multipartite virus, multiprocessing, multiprogramming, multistate, multitasking, multithreading, Mutual Assistance Agreement (MAA)

natural disaster, need to know, Network Address Translation (NAT), Network layer, network-based IDS, neural network, noise, nondisclosure agreement (NDA), nondiscretionary access control, noninterference model, nonrepudiation, nonvolatile, nonvolatile storage, NOT

object, one-time pad, one-time password, one-way encryption, one-way function, Open Systems Interconnection (OSI) model, operational plans, OR, organizational owner, OSI model, Output Feedback (OFB), overwriting, owner

packet, padded cell, palm geography, palm scan, palm topography, parallel tests, parol evidence rule, pass phrase, password, Password Authentication Protocol (PAP), password policy, password restrictions, patent, pattern-matching detection, penetration, penetration testing, permanent virtual circuit (PVC), personal identification number (PIN), personnel management, phone phreaking, physical access control, physical controls for physical security, Physical layer, piggybacking, ping, ping of death attack, plain old telephone service (POTS), plaintext, playback attack, Point-to-Point Protocol (PPP), Point to Point Tunneling Protocol (PPTP), policy, polyinstantiation, polymorphic virus, port, port scan, Post Office Protocol, version 3 (POP3), preaction system, Presentation layer, Pretty Good Privacy (PGP), preventative access control, preventive control, primary memory, Primary Rate Interface (PRI), primary storage, principle of least privilege, privacy, Privacy Act of 1974, Privacy Enhanced Mail (PEM), Private, private branch exchange (PBX), private key, privileged entity controls, privileged mode, privileged operations functions, procedure, process isolation, processor, programmable read-only memory (PROM), proprietary, protocol, proximity reader, proxy, pseudo-flaws, Public, public IP addresses, public key, public key infrastructure (PKI), purging

qualitative decision making, qualitative risk analysis, quantitative decision making, quantitative risk analysis

radiation monitoring, radio frequency interference (RFI), RADIUS, random access memory (RAM), random access storage, read-only memory (ROM), real evidence, real memory, realized risk, record, record retention, record sequence checking, recovery control, reducing risk, reference monitor, referential integrity, register, register address, regulatory policy, reject risk, relational database, relationship, relevant, Remote Authentication Dial-In User Service (RADIUS), remote journaling, remote mirroring, repeater, replay attack, residual risk, restricted interface model, retina scan, revocation, RFC 1918, Rijndael block cipher, risk, risk analysis, risk management, risk tolerance, Rivest, Shamir, and Adleman (RSA), role-based access control, root, rootkit, router, RSA, rule-based access control

S/MIME, safeguard, sag, sampling, sanitization, scanning, scavenging, search warrant, secondary memory, secondary storage, Secret, Secure Electronic Transaction (SET), Secure Hash Algorithm (SHA), Secure HTTP (S-HTTP), Secure Multipurpose Internet Mail Extensions (S/MIME), Secure Remote Procedure Call (S-RPC), Secure Shell (SSH), Secure Sockets Layer (SSL), security association (SA), security ID, security kernel, security label, security perimeter, security policy, security professional, security role, senior management, Sensitive, Sensitive but Unclassified, sensitivity, separation of duties and responsibilities, separation of privilege, sequential storage, Serial Line Internet Protocol (SLIP), Service Level Agreement (SLA), SESAME, session hijacking, Session layer, shielded twisted-pair (STP), shoulder surfing, shrink-wrap license, signature detection, signature dynamics, Simple Integrity Axiom, Simple Key Management for IP (SKIP), Simple Mail Transfer Protocol (SMTP), Simple Security Property (ss property), simulation tests, single loss expectancy (SLE), Single Sign On (SSO), single state, single-use passwords, Skipjack, smart card, Smurf attack, sniffer attack, sniffing, snooping attack, social engineering, socket, spam, spamming attacks, spike, spoofing, spoofing attack, standards, state, state machine model, stateful inspection firewall, static packet-filtering firewall, static password, static token, statistical intrusion detection, stealth virus, steganography, strategic plan, stream attack, stream ciphers, strong password, Structured Query Language (SQL), structured walk-through, subject, subpoena, substitution cipher, supervisory mode, surge, SWIPE, switch, Switched Multimegabit Data Services (SMDS), switched virtual circuit (SVC), symmetric key, symmetric multiprocessing (SMP), SYN flood attack, Synchronous Data Link Control (SDLC), synchronous dynamic password token, system high mode, system-high security mode

table, TACACS, tactical plan, Take-Grant model, TCP wrapper, teardrop attack, technical access control, technical physical security controls, TEMPEST, Terminal Access Controller Access Control System (TACACS), terrorist attacks, testimonial evidence, thicknet, thinnet, threat, threat agents, threat events, throughput rate, ticket, Ticket Granting Service (TGS), time-of-check, time-of-check-to-time-of-use (TOCTTOU), time-of-use, token, token device, token ring, Top Secret, topology, total risk, trade secret, trademark, traffic analysis, training, transferring risk, transient, Transmission Control Protocol (TCP), transmission error correction, transmission logging, transparency, Transport layer, transport mode, transposition cipher, trap door, traverse mode noise, trend analysis, Triple DES (3DES), Trojan horse, trust, trusted computing base (TCB), trusted path, trusted recovery process, tunnel mode, tunneling, turnstiles, twisted-pair, two-factor authentication, Type 1 authentication factor, Type 2 authentication factor, Type 3 authentication factor, Type I error, Type II error

Unclassified, unicast, Uniform Computer Information Transactions Act (UCITA), uninterruptible power supply (UPS), unshielded twisted-pair (UTP), upper management, USA Patriot Act of 2001, user, User Datagram Protocol (UDP), user mode

virtual memory, virtual private network (VPN), virus, Voice over IP (VoIP), voice pattern, volatile, volatile storage, voluntarily surrender, vulnerability, vulnerability scan, vulnerability scanner

war dialing, warm site, warning banners, well-known ports, wet pipe system, wide area network (WAN), WinNuke attack, Wired Equivalency Protocol (WEP), worm

X.25, XOR