(isc)2 cissp certified information systems security professional official study guide mike chapple -

https://ebookmass.com/product/isc2-cissp-certified-

Instant digital products (PDF, ePub, MOBI) ready for you

Download now and discover formats that fit your needs...

CISSP: Certified Information Systems Security

Professional: Top-Notch Questions: The Latest CISSP Certification Blueprint Macmillane

https://ebookmass.com/product/cissp-certified-information-systemssecurity-professional-top-notch-questions-the-latest-cisspcertification-blueprint-macmillane/ ebookmass.com

Official Google Cloud Certified Professional Machine Learning Engineer Study Guide Mona

https://ebookmass.com/product/official-google-cloud-certifiedprofessional-machine-learning-engineer-study-guide-mona/

ebookmass.com

Official Google Cloud Certified Professional Data Engineer Study Guide 1st Edition Dan Sullivan

https://ebookmass.com/product/official-google-cloud-certifiedprofessional-data-engineer-study-guide-1st-edition-dan-sullivan/ ebookmass.com

Obstetrics and Gynecology in Chinese Medicine

2nd Edition

https://ebookmass.com/product/obstetrics-and-gynecology-in-chinesemedicine-2nd-edition/

ebookmass.com

Democracy Unmoored: Populism and the Corruption of Popular Sovereignty 1st Edition Issacharoff

https://ebookmass.com/product/democracy-unmoored-populism-and-thecorruption-of-popular-sovereignty-1st-edition-issacharoff/

ebookmass.com

eTextbook 978-0134320779 GO! with Office 2016 Volume 1 (GO! for Office 2016 Series)

https://ebookmass.com/product/etextbook-978-0134320779-go-withoffice-2016-volume-1-go-for-office-2016-series/

ebookmass.com

Exam Ref 70-764 Administering a SQL Database Infrastructure Victor Isakov

https://ebookmass.com/product/exam-ref-70-764-administering-a-sqldatabase-infrastructure-victor-isakov/

ebookmass.com

Probabilidad y estadística: para las ciencias sociales del comportamiento y la salud William Mendenhall

https://ebookmass.com/product/probabilidad-y-estadistica-para-lasciencias-sociales-del-comportamiento-y-la-salud-william-mendenhall/

ebookmass.com

Ibsen's Hedda Gabler: philosophical perspectives Gjesdal

https://ebookmass.com/product/ibsens-hedda-gabler-philosophicalperspectives-gjesdal/

ebookmass.com

Nonlinear Systems in Heat Transfer Davood Domiri Ganji

https://ebookmass.com/product/nonlinear-systems-in-heat-transferdavood-domiri-ganji/

ebookmass.com

Table of Contents

Cover

TitlePage

Copyright

Dedication

Acknowledgments

AbouttheAuthors

AbouttheTechnicalEditors

Foreword

Introduction

OverviewoftheCISSPExam

TheElementsofThisStudyGuide

InteractiveOnlineLearningEnvironmentandTestBank

StudyGuideExamObjectives

ObjectiveMap

ReaderSupportforThisBook

AssessmentTest

AnswerstoAssessmentTest

Chapter1:SecurityGovernanceThroughPrinciplesandPolicies

Security101

UnderstandandApplySecurityConcepts

SecurityBoundaries

EvaluateandApplySecurityGovernancePrinciples

ManagetheSecurityFunction

SecurityPolicy,Standards,Procedures,andGuidelines

ThreatModeling

SupplyChainRiskManagement

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter2:PersonnelSecurityandRiskManagementConcepts

PersonnelSecurityPoliciesandProcedures

UnderstandandApplyRiskManagementConcepts

SocialEngineering

EstablishandMaintainaSecurityAwareness,Education,and TrainingProgram

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter3:BusinessContinuityPlanning

PlanningforBusinessContinuity

ProjectScopeandPlanning

BusinessImpactAnalysis

ContinuityPlanning

PlanApprovalandImplementation

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter4:Laws,Regulations,andCompliance

CategoriesofLaws

Laws

StatePrivacyLaws

Compliance

ContractingandProcurement

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter5:ProtectingSecurityofAssets

IdentifyingandClassifyingInformationandAssets

EstablishingInformationandAssetHandlingRequirements

DataProtectionMethods

UnderstandingDataRoles

UsingSecurityBaselines

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter6:CryptographyandSymmetricKeyAlgorithms

CryptographicFoundations

ModernCryptography

SymmetricCryptography

CryptographicLifecycle

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter7:PKIandCryptographicApplications

AsymmetricCryptography

HashFunctions

DigitalSignatures

PublicKeyInfrastructure

AsymmetricKeyManagement

HybridCryptography

AppliedCryptography

CryptographicAttacks

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter8:PrinciplesofSecurityModels,Design,andCapabilities

SecureDesignPrinciples

TechniquesforEnsuringCIA

UnderstandtheFundamentalConceptsofSecurityModels

SelectControlsBasedonSystemsSecurityRequirements

UnderstandSecurityCapabilitiesofInformationSystems

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter9:SecurityVulnerabilities,Threats,andCountermeasures

SharedResponsibility

AssessandMitigatetheVulnerabilitiesofSecurity

Architectures,Designs,andSolutionElements

Client-BasedSystems

Server-BasedSystems

IndustrialControlSystems

DistributedSystems

High-PerformanceComputing(HPC)Systems

InternetofThings

EdgeandFogComputing

EmbeddedDevicesandCyber-PhysicalSystems

SpecializedDevices

Microservices

InfrastructureasCode

VirtualizedSystems

Containerization

ServerlessArchitecture

MobileDevices

EssentialSecurityProtectionMechanisms

CommonSecurityArchitectureFlawsandIssues

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter10:PhysicalSecurityRequirements

ApplySecurityPrinciplestoSiteandFacilityDesign

ImplementSiteandFacilitySecurityControls

ImplementandManagePhysicalSecurity

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter11:SecureNetworkArchitectureandComponents

OSIModel

TCP/IPModel

AnalyzingNetworkTraffic

CommonApplicationLayerProtocols

TransportLayerProtocols

DomainNameSystem

InternetProtocol(IP)Networking

ARPConcerns

SecureCommunicationProtocols

ImplicationsofMultilayerProtocols

Microsegmentation

WirelessNetworks

OtherCommunicationProtocols

CellularNetworks

ContentDistributionNetworks(CDNs)

SecureNetworkComponents

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter12:SecureCommunicationsandNetworkAttacks

ProtocolSecurityMechanisms

SecureVoiceCommunications

RemoteAccessSecurityManagement

MultimediaCollaboration

LoadBalancing

ManageEmailSecurity

VirtualPrivateNetwork

SwitchingandVirtualLANs

NetworkAddressTranslation

Third-PartyConnectivity

SwitchingTechnologies

WANTechnologies

Fiber-OpticLinks

SecurityControlCharacteristics

PreventorMitigateNetworkAttacks

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter13:ManagingIdentityandAuthentication

ControllingAccesstoAssets

ManagingIdentificationandAuthentication

ImplementingIdentityManagement

ManagingtheIdentityandAccessProvisioningLifecycle

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter14:ControllingandMonitoringAccess

ComparingAccessControlModels

ImplementingAuthenticationSystems

UnderstandingAccessControlAttacks

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter15:SecurityAssessmentandTesting

BuildingaSecurityAssessmentandTestingProgram

PerformingVulnerabilityAssessments

TestingYourSoftware

ImplementingSecurityManagementProcesses

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter16:ManagingSecurityOperations

ApplyFoundationalSecurityOperationsConcepts

AddressingPersonnelSafetyandSecurity

ProvisionResourcesSecurely

ApplyResourceProtection

ManagedServicesintheCloud

PerformConfigurationManagement(CM)

ManagingChange

ManagingPatchesandReducingVulnerabilities

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter17:PreventingandRespondingtoIncidents

ConductingIncidentManagement

ImplementingDetectiveandPreventiveMeasures

LoggingandMonitoring

AutomatingIncidentResponse

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter18:DisasterRecoveryPlanning

TheNatureofDisaster

UnderstandSystemResilience,HighAvailability,andFault Tolerance

RecoveryStrategy

RecoveryPlanDevelopment

Training,Awareness,andDocumentation

TestingandMaintenance

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter19:InvestigationsandEthics

Investigations

MajorCategoriesofComputerCrime

Ethics

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter20:SoftwareDevelopmentSecurity

IntroducingSystemsDevelopmentControls

EstablishingDatabasesandDataWarehousing

StorageThreats

UnderstandingKnowledge-BasedSystems

Summary

ExamEssentials

WrittenLab

ReviewQuestions

Chapter21:MaliciousCodeandApplicationAttacks

Malware

MalwarePrevention

ApplicationAttacks

InjectionVulnerabilities

ExploitingAuthorizationVulnerabilities

ExploitingWebApplicationVulnerabilities

ApplicationSecurityControls

SecureCodingPractices

Summary

ExamEssentials

WrittenLab

ReviewQuestions

AppendixA:AnswerstoReviewQuestions

Chapter1:SecurityGovernanceThroughPrinciplesandPolicies

Chapter2:PersonnelSecurityandRiskManagementConcepts

Chapter3:BusinessContinuityPlanning

Chapter4:Laws,Regulations,andCompliance

Chapter5:ProtectingSecurityofAssets

Chapter6:CryptographyandSymmetricKeyAlgorithms

Chapter7:PKIandCryptographicApplications

Chapter8:PrinciplesofSecurityModels,Design,and Capabilities

Chapter9:SecurityVulnerabilities,Threats,and Countermeasures

Chapter10:PhysicalSecurityRequirements

Chapter11:SecureNetworkArchitectureandComponents

Chapter12:SecureCommunicationsandNetworkAttacks

Chapter13:ManagingIdentityandAuthentication

Chapter14:ControllingandMonitoringAccess

Chapter15:SecurityAssessmentandTesting

Chapter16:ManagingSecurityOperations

Chapter17:PreventingandRespondingtoIncidents

Chapter18:DisasterRecoveryPlanning

Chapter19:InvestigationsandEthics

Chapter20:SoftwareDevelopmentSecurity

Chapter21:MaliciousCodeandApplicationAttacks

AppendixB:AnswerstoWrittenLabs

Chapter1:SecurityGovernanceThroughPrinciplesandPolicies

Chapter2:PersonnelSecurityandRiskManagementConcepts

Chapter3:BusinessContinuityPlanning

Chapter4:Laws,Regulations,andCompliance

Chapter5:ProtectingSecurityofAssets

Chapter6:CryptographyandSymmetricKeyAlgorithms

Chapter7:PKIandCryptographicApplications

Chapter8:PrinciplesofSecurityModels,Design,and Capabilities

Chapter9:SecurityVulnerabilities,Threats,and Countermeasures

Chapter10:PhysicalSecurityRequirements

Chapter11:SecureNetworkArchitectureandComponents

Chapter12:SecureCommunicationsandNetworkAttacks

Chapter13:ManagingIdentityandAuthentication

Chapter14:ControllingandMonitoringAccess

Chapter15:SecurityAssessmentandTesting

Chapter16:ManagingSecurityOperations

Chapter17:PreventingandRespondingtoIncidents

Chapter18:DisasterRecoveryPlanning

Chapter19:InvestigationsandEthics

Chapter20:SoftwareDevelopmentSecurity

Chapter21:MaliciousCodeandApplicationAttacks

Index

EndUserLicenseAgreement

List of Tables

Chapter2

TABLE2.1Comparisonofquantitativeandqualitativerisk analysis

TABLE2.2Quantitativeriskanalysisformulas

Chapter5

TABLE5.1Securingemaildata

TABLE5.2Unmodifieddatawithinadatabase

TABLE5.3Maskeddata

Chapter6

TABLE6.1ANDoperationtruthtable

TABLE6.2ORoperationtruthtable

TABLE6.3NOToperationtruthtable

TABLE6.4ExclusiveORoperationtruthtable

TABLE6.5UsingtheVigenèresystem

TABLE6.6Theencryptionoperation

TABLE6.7Symmetricandasymmetrickeycomparison

TABLE6.8Comparisonofsymmetricandasymmetric cryptographysystems

TABLE6.9Symmetricencryptionmemorizationchart

Chapter7

TABLE7.1Hashalgorithmmemorizationchart

TABLE7.2Digitalcertificateformats

Chapter8

TABLE8.1Subjectsandobjects

TABLE8.2Failtermsdefinitionsrelatedtophysicalanddigital products

TABLE8.3Anaccesscontrolmatrix

TABLE8.4CommonCriteriaevaluationassurancelevels

Chapter10

TABLE10.1Staticvoltageanddamage

TABLE10.2Fireextinguisherclasses

Chapter11

TABLE11.1IPclasses

TABLE11.2IPclasses'defaultsubnetmasks

TABLE11.3802.11wirelessnetworkingamendments

TABLE11.4UTPcategories

Chapter12

TABLE12.1Commonload-balancingschedulingtechniques

TABLE12.2Circuitswitchingvs.packetswitching

TABLE12.3BandwidthlevelsofSDHandSONET

List of Illustrations

Chapter1

FIGURE1.1TheCIATriad

FIGURE1.2ThefiveelementsofAAAservices

FIGURE1.3Strategic,tactical,andoperationalplantimeline comparison

FIGURE1.4Anexampleofdiagrammingtorevealthreat concerns

FIGURE1.5Ariskmatrixorriskheatmap Chapter2

FIGURE2.1Ex-employeesmustreturnallcompanyproperty.

FIGURE2.2Thecyclicalrelationshipsofriskelements

FIGURE2.3Thesixmajorelementsofquantitativeriskanalysis

FIGURE2.4Thecategoriesofsecuritycontrolsinadefense-indepthimpleme...

FIGURE2.5Theelementsoftheriskmanagementframework (RMF)(fromNISTSP...

Chapter3

FIGURE3.1EarthquakehazardmapoftheUnitedStates Chapter5

FIGURE5.1Dataclassifications

FIGURE5.2Clearingaharddrive

Chapter6

FIGURE6.1Challenge-responseauthenticationprotocol

FIGURE6.2Themagicdoor

FIGURE6.3Symmetrickeycryptography

FIGURE6.4Asymmetrickeycryptography

Chapter7

FIGURE7.1Asymmetrickeycryptography

FIGURE7.2Steganographytool

FIGURE7.3Imagewithembeddedmessage

Chapter8

FIGURE8.1Transitivetrust

FIGURE8.2TheTCB,securityperimeter,andreference monitor

FIGURE8.3Thetake-grantmodel'sdirectedgraph

FIGURE8.4TheBell–LaPadulamodel

FIGURE8.5TheBibamodel

FIGURE8.6MemorizingBell–LaPadulaandBiba

FIGURE8.7TheClark–Wilsonmodel

Chapter9

FIGURE9.1Thefour-layerprotectionringmodel

FIGURE9.2Thelifecycleofanexecutedprocess

FIGURE9.3Typesofhypervisors

FIGURE9.4Applicationcontainersversusahypervisor

Chapter10

FIGURE10.1Asmartcard'sISO7816interface

FIGURE10.2Hotandcoldaisles

FIGURE10.3Thefiretriangle

FIGURE10.4Thefourprimarystagesoffire

FIGURE10.5Asecurephysicalboundarywithanaccesscontrol vestibuleand...

Chapter11

FIGURE11.1TheOSImodel

FIGURE11.2OSImodelencapsulation

FIGURE11.3TheOSImodelpeerlayerlogicalchannels

FIGURE11.4OSImodellayer-basednetworkcontainernames

FIGURE11.5ComparingtheOSImodelwiththeTCP/IPmodel

FIGURE11.6TheTCPthree-wayhandshake

FIGURE11.7AnRFIDantenna

FIGURE11.8Theconfigurationdialogboxesforatransparent (left)vs.ano...

FIGURE11.9Aringtopology

FIGURE11.10Alinearbustopologyandatreebustopology

FIGURE11.11Astartopology

FIGURE11.12Ameshtopology

Chapter12

FIGURE12.1IPsec'sencryptionofapacketintransportmode

FIGURE12.2IPsec'sencryptionofapacketintunnelmode

FIGURE12.3TwoLANsbeingconnectedusingatunnel-mode VPNacrosstheinte...

FIGURE12.4Aclientconnectingtoanetworkviaaremoteaccess/tunnelVPN...

Chapter13

FIGURE13.1GraphofFRRandFARerrorsindicatingtheCER point

Chapter14

FIGURE14.1Role-BasedAccessControl

FIGURE14.2Arepresentationoftheboundariesprovidedby lattice-basedacc...

FIGURE14.3Wiresharkcapture

Chapter15

FIGURE15.1NmapscanofawebserverrunfromaLinux system

FIGURE15.2DefaultApacheserverpagerunningontheserver scannedinFigu...

FIGURE15.3NmapscanofalargenetworkrunfromaMac systemusingtheTer...

FIGURE15.4Networkvulnerabilityscanofthesamewebserver thatwasport...

FIGURE15.5Webapplicationvulnerabilityscanofthesame webserverthatw...

FIGURE15.6Scanningadatabase-backedapplicationwith sqlmap

FIGURE15.7Penetrationtestingprocess

FIGURE15.8TheMetasploitFrameworkautomatedsystem exploitationtoolallo...

FIGURE15.9Faganinspectionsfollowarigidformalprocess, withdefineden...

FIGURE15.10Prefuzzinginputfilecontainingaseriesof1s

FIGURE15.11TheinputfilefromFigure15.10afterbeingrun throughthezz...

Chapter16

FIGURE16.1Cloudsharedresponsibilitymodel

FIGURE16.2Creatinganddeployingimages

FIGURE16.3Webserveranddatabaseserver Chapter17

FIGURE17.1Incidentmanagement

FIGURE17.2SYNfloodattack

FIGURE17.3Aman-in-the-middleattack

FIGURE17.4Intrusionpreventionsystem

FIGURE17.5Viewingalogentry Chapter18

FIGURE18.1Seismichazardmap

FIGURE18.2FloodhazardmapforMiami–DadeCounty, Florida

FIGURE18.3Failoverclusterwithnetworkloadbalancing Chapter20

FIGURE20.1RStudioDesktopIDE

FIGURE20.2Securityvs.user-friendlinessvs.functionality

FIGURE20.3Theiterativelifecyclemodelwithfeedbackloop

FIGURE20.4Thespirallifecyclemode

FIGURE20.5SoftwareAssuranceMaturityModel

FIGURE20.6TheIDEALmodel

FIGURE20.7Ganttchart

FIGURE20.8TheDevOpsmodel

FIGURE20.9Hierarchicaldatamodel

FIGURE20.10Customerstablefromarelationaldatabase

FIGURE20.11ODBCastheinterfacebetweenapplicationsand aback-enddatab...

Chapter21

FIGURE21.1Accountnumberinputpage

FIGURE21.2Accountinformationpage

FIGURE21.3AccountinformationpageafterblindSQL injection

FIGURE21.4Accountcreationpage

FIGURE21.5Examplewebserverdirectorystructure

FIGURE21.6Messageboardpostrenderedinabrowser

FIGURE21.7XSSattackrenderedinabrowser

FIGURE21.8Webapplicationfirewall

FIGURE21.9SQLerrordisclosure

Copyright©2021byJohnWiley&Sons,Inc.Allrightsreserved.

PublishedbyJohnWiley&Sons,Inc.,Hoboken,NewJersey

PublishedsimultaneouslyinCanadaandtheUnitedKingdom

ISBN:978-1-119-78623-8

ISBN:978-1-119-78633-7(ebk)

ISBN:978-1-119-78624-5(ebk)

Nopartofthispublicationmaybereproduced,storedinaretrieval systemortransmittedinanyformorbyanymeans,electronic, mechanical,photocopying,recording,scanningorotherwise,exceptas permittedunderSections107or108ofthe1976UnitedStatesCopyright Act,withouteitherthepriorwrittenpermissionofthePublisher,or authorizationthroughpaymentoftheappropriateper-copyfeetothe CopyrightClearanceCenter,222RosewoodDrive,Danvers,MA01923, (978)750-8400,fax(978)646-8600.RequeststothePublisherfor permissionshouldbeaddressedtothePermissionsDepartment,John Wiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011, fax(201)748-6008,oronlineat http://www.wiley.com/go/permissions.

LimitofLiability/DisclaimerofWarranty:Whilethepublisherand authorhaveusedtheirbesteffortsinpreparingthisbook,theymakeno representationsorwarrantieswithrespecttotheaccuracyor completenessofthecontentsofthisbookandspecificallydisclaimany impliedwarrantiesofmerchantabilityorfitnessforaparticularpurpose. Nowarrantymaybecreatedorextendedbysalesrepresentativesor writtensalesmaterials.Theadviceandstrategiescontainedhereinmay notbesuitableforyoursituation.Youshouldconsultwithaprofessional whereappropriate.Neitherthepublishernorauthorshallbeliablefor anylossofprofitoranyothercommercialdamages,includingbutnot limitedtospecial,incidental,consequential,orotherdamages.

Forgeneralinformationonourotherproductsandservicesortoobtain technicalsupport,pleasecontactourCustomerCareDepartmentwithin theU.S.at(877)762-2974,outsidetheU.S.at(317)572-3993orfax(317) 572-4002.

Wileyalsopublishesitsbooksinavarietyofelectronicformats.Some contentthatappearsinprintmaynotbeavailableinelectronicformats.

FormoreinformationaboutWileyproducts,visitourwebsiteat www.wiley.com.

LibraryofCongressControlNumber:2021935479

TRADEMARKS:WILEYandtheWileylogoaretrademarksorregistered trademarksofJohnWiley&Sons,Inc.and/oritsaffiliates,intheUnited Statesandothercountries,andmaynotbeusedwithoutwritten permission.(ISC)2 andCISSParetrademarksorregisteredtrademarksof (ISC)2,Inc.Allothertrademarksarethepropertyoftheirrespective owners.JohnWiley&Sons,Inc.isnotassociatedwithanyproductor vendormentionedinthisbook.

Coverimage(s):©JeremyWoodhouse/GettyImages,Inc.

Coverdesign:Wiley

ToDewittLatimer,mymentor,friend,andcolleague.Imissyou dearly. MikeChapple

ToCathy,yourperspectiveontheworldandlifeoftensurprisesme, challengesme,andmakesmeloveyouevenmore.

JamesMichaelStewart

ToNimfa,thanksforsharingyourlifewithmeforthepast29years andlettingmeshareminewithyou.

DarrilGibson

Acknowledgments

We'dliketoexpressourthankstoWileyforcontinuingtosupportthis project.Extrathankstothedevelopmenteditor,KellyTalbot,and technicaleditors,JerryRayome,ChrisCrayton,andAaronKraus,who performedamazingfeatsinguidingustoimprovethisbook.Thanksas welltoouragent,CaroleJelen,forcontinuingtoassistinnailingdown theseprojects.

—Mike,James,andDarril

Specialthanksgotomymanyfriendsandcolleaguesinthecybersecurity communitywhoprovidedhoursofinterestingconversationanddebate onsecurityissuesthatinspiredandinformedmuchofthematerialinthis book.

IwouldliketothanktheteamatWiley,whoprovidedinvaluable assistancethroughoutthebookdevelopmentprocess.Ialsooweadebtof gratitudetomyliteraryagent,CaroleJelenofWatersideProductions.My coauthors,JamesMichaelStewartandDarrilGibson,weregreat collaboratorsandI'dliketothankthembothfortheirthoughtful contributionstomychapters.

I'dalsoliketothankthemanypeoplewhoparticipatedintheproduction ofthisbookbutwhomIneverhadthechancetomeet:thegraphicsteam, theproductionstaff,andallofthoseinvolvedinbringingthisbookto press.

—MikeChapple

ThankstoMikeChappleandDarrilGibsonforcontinuingtocontribute tothisproject.ThanksalsotoallmyCISSPcoursestudentswhohave providedtheirinsightandinputtoimprovemytrainingcoursewareand ultimatelythistome.Tomyadoringwife,Cathy:Buildingalifeanda familytogetherhasbeenmorewonderfulthanIcouldhaveever imagined.ToSlaydeandRemi:Youaregrowingupsofastandlearning atanoutstandingpace,andyoucontinuetodelightandimpressmedaily. Youarebothgrowingintoamazingindividuals.Tomymom,Johnnie:It iswonderfultohaveyoucloseby.ToMark:Nomatterhowmuchtime haspassedorhowlittleweseeeachother,Ihavebeenandalwayswillbe

yourfriend.Andfinally,asalways,toElvis:Youwerewayaheadofthe currentbaconobsessionwithyourpeanutbutter/banana/bacon sandwich;Ithinkthat'sproofyoutraveledthroughtime!

JamesMichaelStewart

It'sbeenapleasureworkingwithtalentedpeoplelikeJamesMichael StewartandMikeChapple.Thankstobothofyouforallyourworkand collaborativeeffortsonthisproject.Thetechnicaleditors,JerryRayome, ChrisCrayton,andAaronKraus,provideduswithsomeoutstanding feedback,andthisbookisbetterbecauseoftheirefforts.Thankstothe teamatWiley(includingprojectmanagers,editors,andgraphicartists) foralltheworkyoudidhelpingusgetthisbooktoprint.Last,thanksto mywife,Nimfa,forputtingupwithmyoddhoursasIworkedonthis book.