[...]... The CISSP: Certified Information Systems Security Professional Study Guide, 4th Edition, offers you a solid foundation for the Certified Information Systems Security Professional (CISSP) exam By purchasing this book, you’ve shown a willingness to learn and a desire to develop the skills you need to achieve this certification This introduction provides you with a basic overview of this book and the CISSP. .. practitioners You can obtain more information about (ISC)2 from its website at www.isc2.org CISSP and SSCP (ISC)2 supports and provides two primary certifications: CISSP and SSCP These certifications are designed to verify the knowledge and skills of IT security professionals across all industries The Certified Information Systems Security Professional credential is for security professionals responsible for... domains covered by the CISSP exam If you are qualified to take the CISSP exam according to (ISC)2, then you are sufficiently prepared to use this book to study for the CISSP exam For more information on (ISC)2, see the next section (ISC)2 The CISSP exam is governed by the International Information Systems Security Certification Consortium (ISC)2 organization (ISC)2 is a global not-for-profit organization... Detection Host-Based and Network-Based IDSs Knowledge-Based and Behavior-Based Detection 46 47 50 51 76884.book Page xii Tuesday, May 20, 2008 10:47 AM xii Contents IDS-Related Tools Understanding Honey Pots Understanding Padded Cells Understanding Vulnerability Scanners Penetration Testing Methods of Attack Brute-Force and Dictionary Attacks Denial-of-Service Attacks Spoofing Attacks Man-in-the-Middle Attacks... Password Guessing Dictionary Attacks Social Engineering Countermeasures Denial-of-Service Attacks SYN Flood Distributed DoS Toolkits Smurf DNS Amplification Attacks Teardrop Land DNS Poisoning Ping of Death Application Attacks Buffer Overflows Time-of-Check-to-Time-of-Use Trap Doors Rootkits Web Application Security Cross-Site Scripting (XSS) SQL Injection Reconnaissance Attacks IP Probes Port Scans... Data Mining Data /Information Storage Types of Storage Storage Threats Knowledge-Based Systems Expert Systems Neural Networks Decision Support Systems Security Applications Systems Development Controls Software Development Systems Development Life Cycle Life Cycle Models Gantt Charts and PERT Change Control and Configuration Management Software Testing Security Control Architecture Service-Level Agreements... who design security systems or infrastructure or for those who audit and analyze such structures Information Systems Security Management Professional (ISSMP): Aimed at those who focus on management of information security policies, practices, principles, and procedures Key domains covered here include enterprise security management practices; enterprise-wide system development security; law, investigations,... who want to study for the CISSP certification exam If your goal is to become a certified security professional, then the CISSP certification and this study guide are for you The purpose of this book is to adequately prepare you to take the CISSP exam Before you dive into this book, you need to have accomplished a few tasks on your own You need to have a general understanding of IT and of security You... Mike Chapple, CISSP, is an IT security professional with the University of Notre Dame In the past, he was chief information officer of Brand Institute and an information security researcher with the National Security Agency and the U.S Air Force His primary areas of expertise include network intrusion detection and access controls Mike is a frequent contributor to TechTarget’s SearchSecurity site,... Introduction Post -CISSP Concentrations (ISC)2 has added three concentrations to its certification lineup These concentrations are offered only to CISSP certificate holders The (ISC)2 has taken the concepts introduced on the CISSP exam and focused on specific areas, namely, architecture, management, and engineering These three concentrations are as follows: Information Systems Security Architecture Professional