首页The CISSP Prep Guide
The CISSP Prep Guide
5星 · 超过95%的资源 需积分: 9 47 浏览量 更新于2023-03-03 评论 收藏 5.7MB PDF 举报
CISSP 全称 Certified Information System Security Professional，国际注册信息系统安全专家，由国际信息系统安全认证协会((ISC)2)组织和管理，是目前全球范围内最权威，最专业，最系统的信息安全认证
The CISSP Prep Guide—Mastering the Ten Domains of
Ronald L. Krutz
Russell Dean Vines
Wiley Computer Publishing
John Wiley & Sons, Inc.
Publisher: Robert Ipsen
Editor: Carol Long
Managing Editor: Micheline Frederick
Text Design & Composition: D&G Limited, LLC
Designations used by companies to distinguish their products are often claimed as
trademarks. In all instances where John Wiley & Sons, Inc., is aware of a claim, the
product names appear in initial capital or ALL CAPITAL LETTERS. Readers, however,
should contact the appropriate companies for more complete information regarding
trademarks and registration.
Copyright © 2001 by Ronald L. Krutz and Russell Dean Vines. All rights reserved.
Published by John Wiley & Sons, Inc.
Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system or
transmitted in any form or by any means, electronic, mechanical, photocopying,
recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the
1976 United States Copyright Act, without either the prior written permission of the
Publisher, or authorization through payment of the appropriate per-copy fee to the
Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-
8400, fax (978) 750-4744. Requests to the Publisher for permission should be
addressed to the Permissions Department, John Wiley & Sons, Inc., 605 Third Avenue,
New York, NY 10158-0012, (212) 850-6011, fax (212) 850-6008, E-Mail: PERMREQ @
This publication is designed to provide accurate and authoritative information in regard
to the subject matter covered. It is sold with the understanding that the publisher is not
engaged in professional services. If professional advice or other expert assistance is
required, the services of a competent professional person should be sought.
Library of Congress Cataloging-in-Publication Data:
Krutz, Ronald L., 1938–
The CISSP prep guide: mastering the ten domains of computer security/Ronald L.
Russell Dean Vines.
Includes bibliographical references and index.
ISBN 0-471-41356-9 (pbk. : alk. paper)
1. Electronic data processing personnel—Certification. 2. Computer networks—
Examinations—Study guides. I. Vines, Russell Dean, 1952–. II. Title.
QA76.3 K78 2001
005.8—dc21Printed in the United States of America.
10 9 8 7 6 5 4 3 2 1
The constant joys in my life—my daughters, Sheri and Lisa—who have given me
the latest miracles in my life—Patrick, Ryan, and the Angel who is on the way.
About the Authors
Ronald L. Krutz, Ph.D., P.E., CISSP. Dr. Krutz is a Senior Information Assurance
Consultant with Corbett Technologies, Inc. He is the lead assessor for all Capability
Maturity Model (CMM) engagements for Corbett Technologies and led the development
of Corbett’s HIPAA-CMM assessment methodology. Dr. Krutz is also a lead instructor
for the (ISC)
CISSP Common Body of Knowledge review seminars. He has over forty
years of experience in distributed computing systems, computer architectures, real-time
systems, information assurance methodologies and information security training.
He has been an Information Security Consultant at Realtech Systems Corporation, an
Associate Director of the Carnegie Mellon Research Institute (CMRI), and a Professor
in the Carnegie Mellon University Department of Electrical and Computer Engineering.
Dr. Krutz founded the CMRI Cybersecurity Center and was founder and Director of the
CMRI Computer, Automation and Robotics Group. Prior to his 24 years at Carnegie
Mellon University, Dr. Krutz was a Department Director in the Singer Corporate R&D
Center and a Senior Engineer at Gulf Research and Development Company.
Dr. Krutz conducted and sponsored applied research and development in the areas of
computer security, artificial intelligence, networking, modeling and simulation, robotics,
and real-time computer applications. He is the author of three textbooks in the areas of
microcomputer system design, computer interfacing, and computer architecture, and is
the holder of seven patents in the area of digital systems. He also is an instructor in the
University of Pittsburgh Computer Engineering Program where he teaches courses in
information system security and computer organization. Dr. Krutz is a Certified
Information Systems Security Professional (CISSP) and a Registered Professional
Russell Dean Vines, CISSP, CCNA, MCSE, MCNE. Mr. Vines is currently President
and founder of the RDV Group, Inc. (www.rdvgroup.com), a New York City-based
security consulting services firm, whose clients include government, finance, and new
media organizations. Mr. Vines has been active in the prevention, detection, and
remediation of security vulnerabilities for international corporations for many years. He
is a frequent speaker on privacy, security awareness, and best practices in the
information industry. He is also an instructor for the (ISC)
CISSP Common Body of
Knowledge review seminars.
Mr. Vines has been active in computer engineering for nearly 20 years. He has earned
high level certifications in Cisco, 3Com, Ascend, Microsoft, and Novell technologies,
and has been trained in the National Security Agency’s ISSO Information Assessment
Methodology. He formerly directed the Security Consulting Services Group for Realtech
Systems Corporation; designed, implemented, and managed large global information
networks for CBS/Fox Video, Inc.; and was Director of MIS for the Children’s Aid
Society in New York City.
After receiving a Downbeat magazine scholarship to Boston’s Berklee College of Music,
Mr. Vines’s early professional years were illuminated not by the flicker of a computer
monitor, but by the bright lights of Nevada nightclubs. He performed as a sideman for a
variety of well-known entertainers, including George Benson, John Denver, Sammy
Davis Jr., and Dean Martin. Mr. Vines composed and arranged hundreds of pieces of
jazz and contemporary music that were recorded and performed by his own big band
and others, founded and managed a scholastic music publishing company, and worked
as an artist-in-residence in communities throughout the West. He still performs and
teaches music in the New York City area, and is a member of Local #802, American
Federation of Musicians.
I want to express my appreciation to my wife, Hilda, for her patience and support during
the writing of this guide.
I would like to take this opportunity to thank those who have either directly or indirectly
helped me write this book: The astute and diligent editors at Wiley. My former co-
workers at Realtech Systems Corporation: Bill Glennon, Diana Ng Yang, Cuong Vu,
Robert Caputo and Justin Jones. My parents Marian MacKenzie and James Vines.
Good friends: Virginia French Belanger, Richard Kelsey, Dean Calabrese, George
Pettway, Bill Easterby, John Sabasteanski, Ken Brandt, Edward Stroz, and the greatest
tuba player in the world, Howard Johnson.
I would especially like to thank my best friend and wife, Elzy Kolb, for her continual
support and guidance, without whom I would not be where I am today.
Table of Contents
The CISSP Prep Guide—Mastering the Ten Domains of
Chapter 1 -
Security Management Practices
Chapter 2 -
Access Control Systems
Chapter 3 -
Telecommunications and Network Security
Chapter 4 -
Chapter 5 -
Security Architecture and Models
Chapter 6 -
Chapter 7 -
Applications and Systems Development
Chapter 8 -
Business Continuity Planning and Disaster
Chapter 9 -
Law, Investigation, and Ethics
Glossary of Terms and Acronyms
The RAINBOW Series—Minimum Security
Requirements for Multi-user Operating
Systems NISTIR 5153
Answers to Sample Questions
A Process Approach to HIPAA Compliance
Through a HIPAA-CMM
The NSA InfoSec Assessment Methodology
The Case for Ethical Hacking
The Common Criteria
References for Further Study
British Standard 7799
List of Figures
List of Tables
List of Sidebars
- 我的内容管理 收起
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额