All new for 2019 and beyond, this is the authoritative common body of knowledge (CBK) from (ISC)2 for information security professionals charged with designing, engineering, implementing, and managing the overall information security program to protect organizations from increasingly sophisticated attacks. Vendor neutral and backed by (ISC)2, the CISSP credential meets the stringent requirements of ISO/IEC Standard 17024.
This CBK covers the new eight domains of CISSP with the necessary depth to apply them to the daily practice of information security. Written by a team of subject matter experts, this comprehensive reference covers all of the more than 300 CISSP objectives and sub-objectives in a structured format with:
• Common and good practices for each objective
• Common vocabulary and definitions
• References to widely accepted computing standards
• Highlights of successful approaches through case studies
Whether youve earned your CISSP credential or are looking for a valuable resource to help advance your security career, this comprehensive guide offers everything you need to apply the knowledge of the most recognized body of influence in information security.
The (ISC)2 Systems Security Certified Practitioner (SSCP) certification is a well-known vendor-neutral global IT security certification. The SSCP is designed to show that holders have the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures.
This comprehensive Official Study Guide—the only study guide officially approved by (ISC)2—covers all objectives of the seven SSCP domains.Access Controls Security Operations and Administration Risk Identification, Monitoring, and Analysis Incident Response and Recovery Cryptography Network and Communications Security Systems and Application Security
If you’re an information security professional or student of cybersecurity looking to tackle one or more of the seven domains of the SSCP, this guide gets you prepared to pass the exam and enter the information security workforce with confidence.
Get the Fundamentals of Internet Architecture and the Protocol Layers
Organized into six parts, the book walks you through the fundamentals, starting with the way most people first encounter computer networks—through the Internet architecture. Part 1 covers the most important Internet applications and the methods used to develop them. Part 2 discusses the network edge, consisting of hosts, access networks, LANs, and the physical media used with the physical and link layers. Part 3 explores the network core, including packet/circuit switches, routers, and the Internet backbone, and Part 4 examines reliable transport and the management of network congestion.
Learn about Malware and Security Systems
Building on the concepts and principles, the book then delves into state-of-the-art cybersecurity mechanisms in Part 5. It reviews the types of malware and the various security systems, made up of firewalls, intrusion detection systems, and other components. Crucially, it provides a seamless view of an information infrastructure in which security capabilities are built in rather than treated as an add-on feature. The book closes with a look at emerging technologies, including virtualization and data center and cloud computing unified communication.
Understand Cyber Attacks—and What You Can Do to Defend against Them
This comprehensive text supplies a carefully designed introduction to both the fundamentals of networks and the latest advances in Internet security. Addressing cybersecurity from an Internet perspective, it prepares you to better understand the motivation and methods of cyber attacks and what you can do to protect the networks and the applications that run on them.
The book’s modular design offers exceptional flexibility, whether you want to use it for quick reference, self-study, or a wide variety of one- or two-semester courses in computer networks, cybersecurity, or a hybrid of both. Learning goals in each chapter show you what you can expect to learn, and end-of-chapter problems and questions test your understanding. Throughout, the book uses real-world examples and extensive illustrations and screen captures to explain complicated concepts simply and clearly. Ancillary materials, including PowerPoint® animations, are available to instructors with qualifying course adoption.
This book is therefore dedicated to investigating and exploring the potential security issues of NFV. It contains three major elements: a thorough overview of the NFV framework and architecture, a comprehensive threat analysis aiming to establish a layer-specific threat taxonomy for NFV enabled networking services, and a series of comparative studies of security best practices in traditional networking scenarios and in NFV, ultimately leading to a set of recommendations on security countermeasures in NFV.
This book is primarily intended for engineers, engineering students and researchers and those with an interest in the field of networks and telecommunications (architectures, protocols, services) in general, and particularly software-defined network (SDN) and network functions virtualization (NFV)-based security services.Extensively studies security issues in NFVPresents a basis or guideline for both academia researchers and industry practitioners to work together to achieve secure and dependable lifecycle management of NFV based network services
With over 1,000 practice questions, this book gives you the opportunity to test your level of understanding and gauge your readiness for the Certified Cloud Security Professional (CCSP) exam long before the big day. These questions cover 100% of the CCSP exam domains, and include answers with full explanations to help you understand the reasoning and approach for each. Logical organization by domain allows you to practice only the areas you need to bring you up to par, without wasting precious time on topics you’ve already mastered.
As the only official practice test product for the CCSP exam endorsed by (ISC)², this essential resource is your best bet for gaining a thorough understanding of the topic. It also illustrates the relative importance of each domain, helping you plan your remaining study time so you can go into the exam fully confident in your knowledge.
When you’re ready, two practice exams allow you to simulate the exam day experience and apply your own test-taking strategies with domains given in proportion to the real thing. The online learning environment and practice exams are the perfect way to prepare, and make your progress easy to track.
CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide is your ultimate resource for the CCSP exam. As the only official study guide reviewed and endorsed by (ISC)2, this guide helps you prepare faster and smarter with the Sybex study tools that include pre-test assessments that show you what you know, and areas you need further review. Objective maps, exercises, and chapter review questions help you gauge your progress along the way, and the Sybex interactive online learning environment includes access to a PDF glossary, hundreds of flashcards, and two complete practice exams. Covering all CCSP domains, this book walks you through Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Cloud Application Security, Operations, and Legal and Compliance with real-world scenarios to help you apply your skills along the way.
The CCSP is the latest credential from (ISC)2 and the Cloud Security Alliance, designed to show employers that you have what it takes to keep their organization safe in the cloud. Learn the skills you need to be confident on exam day and beyond.Review 100% of all CCSP exam objectives Practice applying essential concepts and skills Access the industry-leading online study tool set Test your knowledge with bonus practice exams and more
As organizations become increasingly reliant on cloud-based IT, the threat to data security looms larger. Employers are seeking qualified professionals with a proven cloud security skillset, and the CCSP credential brings your resume to the top of the pile. CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide gives you the tools and information you need to earn that certification, and apply your skills in a real-world setting.
If you don’t already use Wireshark for a wide range of information security tasks, you will after this book. Mature and powerful, Wireshark is commonly used to find root cause of challenging network issues. This book extends that power to information security professionals, complete with a downloadable, virtual lab environment.
Wireshark for Security Professionals covers both offensive and defensive concepts that can be applied to essentially any InfoSec role. Whether into network security, malware analysis, intrusion detection, or penetration testing, this book demonstrates Wireshark through relevant and useful examples.
Master Wireshark through both lab scenarios and exercises. Early in the book, a virtual lab environment is provided for the purpose of getting hands-on experience with Wireshark. Wireshark is combined with two popular platforms: Kali, the security-focused Linux distribution, and the Metasploit Framework, the open-source framework for security testing. Lab-based virtual systems generate network traffic for analysis, investigation and demonstration. In addition to following along with the labs you will be challenged with end-of-chapter exercises to expand on covered material.
Lastly, this book explores Wireshark with Lua, the light-weight programming language. Lua allows you to extend and customize Wireshark’s features for your needs as a security professional. Lua source code is available both in the book and online. Lua code and lab source code are available online through GitHub, which the book also introduces. The book’s final two chapters greatly draw on Lua and TShark, the command-line interface of Wireshark.
By the end of the book you will gain the following:Master the basics of Wireshark Explore the virtual w4sp-lab environment that mimics a real-world network Gain experience using the Debian-based Kali OS among other systems Understand the technical details behind network attacks Execute exploitation and grasp offensive and defensive activities, exploring them through Wireshark Employ Lua to extend Wireshark features and create useful scripts
To sum up, the book content, labs and online material, coupled with many referenced sources of PCAP traces, together present a dynamic and robust manual for information security professionals seeking to leverage Wireshark.