This value-packed packed set for the serious CISSP certification candidate combines the bestselling (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide, 8th Edition with an all new collection of Practice Exams to give you the best preparation ever for the high-stakes CISSP Exam.

(ISC)² CISSP Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.

Along with the book, you also get access to Sybex's superior online interactive learning environment that includes four unique 250 question practice exams to help you identify where you need to study more, more than 650 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam, a searchable glossary in PDF to give you instant access to the key terms you need to know for the exam.

Add to that the all-new (ISC)² CISSP Certified Information Systems Security Professional Official Practice Tests, 2^nd edition with 2 more complete 250-question exams and another 100 questions for each of the 8 domains and you'll be as ready as you can be for the CISSP exam.

Coverage of all of the exam topics in each book means you'll be ready for:

• Security and Risk Management
• Asset Security
• Security Engineering
• Communication and Network Security
• Identity and Access Management
• Security Assessment and Testing
• Security Operations
• Software Development Security

James Michael Stewart, CISSP, CEH, CHFI, and Security+ has been working with technology for nearly thirty years. His work focuses on security, certification, and various operating systems. Recently, Michael has been teaching job skill and certification courses, such as CISSP, ethical hacking/penetration testing, computer forensics, and Security+. He is the author of numerous publications, books, and courseware.

Mike Chapple Ph.D., CISSP, is Senior Director for IT Service Delivery at Notre Dame overseeing information security, data governance, IT architecture, project management, strategic planning and product management functions and teaches undergraduate courses on Information Security. Mike spent 4 years in the information security research group at NSA and served as an  intelligence officer in the U.S. Air Force. He is a technical editor for Information Security Magazine and has written several books.

Darril Gibson is the CEO of YCDA, LLC and regularly writes and consults on a wide variety of technical and security topics and holds numerous certifications including MCSE, MCDBA, MCSD, MCITP, ITIL v3, Security+, and CISSP. He has authored or coauthored more than 30 books.

David Seidl CISSP, GPEN, GCIH is the Senior Director for Campus Technology Services at the University of Notre Dame. As the Senior Director for CTS, David is responsible for central platform and operating system support, database administration and services, identity and access management, application services, and email and digital signage. During his 18 year IT career, he has served in a variety of technical and information security roles including leading Notre Dame's information security team as Notre Dame's Director of Information Security. He currently teaches a popular course on networking and security for Notre Dame's Mendoza College of Business.

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 8th Edition

Introduction xxxiii

Assessment Test xlii

Chapter 1 Security Governance Through Principles and Policies 1

Chapter 2 Personnel Security and Risk Management Concepts 49

Chapter 3 Business Continuity Planning 97

Chapter 4 Laws, Regulations, and Compliance 125

Chapter 5 Protecting Security of Assets 159

Chapter 6 Cryptography and Symmetric Key Algorithms 195

Chapter 7 PKI and Cryptographic Applications 237

Chapter 8 Principles of Security Models, Design, and Capabilities 275

Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 319

Chapter 10 Physical Security Requirements 399

Chapter 11 Secure Network Architecture and Securing Network Components 439

Chapter 12 Secure Communications and Network Attacks 521

Chapter 13 Managing Identity and Authentication 579

Chapter 14 Controlling and Monitoring Access 623

Chapter 15 Security Assessment and Testing 661

Chapter 16 Managing Security Operations 697

Chapter 17 Preventing and Responding to Incidents 737

Chapter 18 Disaster Recovery Planning 801

Chapter 19 Investigations and Ethics 845

Chapter 20 Software Development Security 871

Chapter 21 Malicious Code and Application Attacks 915

Appendix A Answers to Review Questions 949

Appendix B Answers to Written Labs 987

Index 1001

(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests, 2nd Edition

Introduction xvii

Chapter 1 Security and Risk Management (Domain 1) 1

Chapter 2 Asset Security (Domain 2) 27

Chapter 3 Security Architecture and Engineering (Domain 3) 51

Chapter 4 Communication and Network Security (Domain 4) 79

Chapter 5 Identity and Access Management (Domain 5) 103

Chapter 6 Security Assessment and Testing (Domain 6) 127

Chapter 7 Security Operations (Domain 7) 151

Chapter 8 Software Development Security (Domain 8) 175

Chapter 9 Practice Test 1 201

Chapter 10 Practice Test 2 231

Chapter 11 Practice Test 3 259

Chapter 12 Practice Test 4 287

Appendix Answers 317

Index 459