Читаем CISSP Practice полностью

S. RAO VALLABHANENI is an educator, author, publisher, consultant, and practitioner in the business field, with more than 30 years of management and teaching experience in manufacturing, finance, accounting, auditing, and information technology. He has authored more than 60 books, mostly study guides to help students prepare for for several professional certification exams, in various business functions. He earned four master’s degrees in management, accounting, industrial engineering, and chemical engineering, and holds 24 professional certifications in various business disciplines. He is a graduate of the Advanced Management Development Program at the University of Chicago’s Graduate School of Business.

He is the recipient of the 2004 Joseph J. Wasserman Memorial Award for the distinguished contribution to the Information Systems Audit field, conferred by the New York Chapter of the Information Systems Audit and Control Association (ISACA). He is the first independent author and publisher in the CISSP Exam market to develop a comprehensive two-volume (Practice and Theory) reviewing products to help students prepare for the CISSP Exam in 2000. In addition to teaching undergraduate and graduate courses in business schools, he taught the Certified Information Systems Auditor (CISA) Exam and the Certified Internal Auditor (CIA) Exam review courses to prepare for these exams.

About the Technical Editor

RONALD L. KRUTZ is a senior information system security consultant. He has over 30 years of experience in distributed computing systems, computer architectures, real-time systems, information assurance methodologies, and information security training. He holds B.S., M.S., and Ph.D. degrees in Electrical and Computer Engineering and is the author of best-selling texts in the area of information system security. Dr. Krutz is a Certified Information Systems Security Professional (CISSP) and Information Systems Security Engineering Professional (ISSEP).

He coauthored the CISSP Prep Guide for John Wiley & Sons and is coauthor of the Wiley Advanced CISSP Prep Guide; CISSP Prep Guide, Gold Edition; Security +Certification Guide; CISM Prep Guide; CISSP Prep Guide, 2nd Edition: Mastering CISSP and ISSEP; Network Security Bible, CISSP and CAP Prep Guide, Platinum Edition: Mastering CISSP and CAP; Certified Ethical Hacker (CEH) Prep Guide; Certified Secure Software Lifecycle Prep Guide, Cloud Security, and Web Commerce Security.

He is also the author of Securing SCADA Systems and of three textbooks in the areas of microcomputer system design, computer interfacing, and computer architecture. Dr. Krutz has seven patents in the area of digital systems and has published over 40 technical papers. Dr. Krutz is a Registered Professional Engineer in Pennsylvania.

Acknowledgments

I want to thank the following organizations and institutions for enabling me to use their publications and reports. They were valuable and authoritative resources for developing the practice questions, answers, and explanations.

ISC2, Inc., for the use of its Common Body of Knowledge described in the “CISSP Candidate Information Bulletin,” January 1, 2012.

National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, for the use of various IT-related publications (FIPS, NISTIR, SP 500 series, SP 800 series).

National Communications System (NCS) and the U.S. Department of Defense (DOD) for their selected IT-related publications.

U.S. Government Accountability Office (GAO), formerly known as General Accounting Office, Washington, DC, for various IT-related reports and staff studies.

Office of Technology Assessment (OTA), U.S. Congress, Washington, DC, for various publications in IT security and privacy in network technology.

Office of Management and Budget (OMB), Washington, DC, for selected publications in IT security and privacy.

Federal Trade Commission (FTC), Washington, DC, at www.ftc.gov.

Chief Information Officer (CIO) council, Washington, DC at www.cio.gov.

Information Assurance Technical Framework (IATF), Release 3.1, National Security Agency (NSA), Fort Meade, Maryland, September 2002.

Security Technical Implementation Guides (STIGs) by Defense Information Systems Agency (DISA) developed for the U.S. Department of Defense (DOD).

I want to thank the following individuals for helping me to improve the content, quality, and completeness of this book: