Lawrence C. Miller CISSP - CISSP For Dummies

CISSP For Dummies, 4th Edition

by Lawrence Miller and Peter H. Gregory

CISSP For Dummies, 4th Edition

Published by John Wiley & Sons, Inc.
111 River Street
Hoboken, NJ 07030-5774

www.wiley.com

Copyright 2012 by John Wiley & Sons, Inc., Hoboken, New Jersey

Published by John Wiley & Sons, Inc., Hoboken, New Jersey

Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permissions .

Trademarks: Wiley, the Wiley logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. CISSP is a registered trademark of International Information Systems Security Certification Consortium, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services, please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002.

For technical support, please visit www.wiley.com/techsupport .

Wiley also publishes its books in a variety of electronic formats and by print-on-demand. Not all content that is available in standard print versions of this book may appear or be packaged in all book formats. If you have purchased a version of this book that did not include media that is referenced by or accompanies a standard print version, you may request this media by visiting http://booksupport.wiley.com. For more information about Wiley products, visit us www.wiley.com .

Library of Congress Control Number: 2012942107

ISBN 978-1-118-36239-6 (pbk); ISBN 978-1-118-41710-2 (ebk); ISBN 978-1-118-42037-9 (ebk); ISBN 978-1-118-46755-8 (ebk)

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

About the Authors

Lawrence Miller, CISSP, has worked in information security and technology management for more than 15 years. He received his MBA from Indiana University and has earned numerous technical certifications throughout his career. He is currently working as the Director of Information Technology for an e-commerce and event merchandising company. He has previously worked as the Operations Manager for a Top 100 U.S. law firm, as an internetworking security engineer and a security consultant for service providers and clients in the retail, financial, and manufacturing sectors in the U.S. and Japan; he was a Chief Petty Officer in the U.S. Navy, serving in various roles, including information systems security manager and weather guesser. He is the author of Home Networking Do-It-Yourself For Dummies (John Wiley & Sons, Inc.) and has also written more than 25 For Dummies Custom Edition books on numerous topics, including information security, unified communications, virtualization, and archiving.

Peter H. Gregory, C|CISO, CISA, CISSP, CRISC, DRCE, CCSK, is the author of more than thirty books on security and technology, including Solaris Security (Prentice Hall), Biometrics For Dummies (John Wiley & Sons, Inc.), IT Disaster Recovery Planning For Dummies (John Wiley & Sons, Inc.), and CISA Certified Information Systems Auditor All-In-One Study Guide (McGraw-Hill/Osborne Media Group).

Peter is a career technologist and the global manager of information security and risk management at Concur (www.concur.com), a Redmond, WAbased leading provider of integrated travel and expense management solutions. Prior to this, he held tactical and strategic security positions in large wireless telecommunications organizations. He has also held development and operations positions in casino management systems, banking, government, nonprofit organizations, and academia since the late 1970s. Peter is the lead instructor and advisory board member for the University of Washington certificate program in information systems security and a graduate of the FBI Citizens Academy. He is a certified RiderCoach for the Motorcycle Safety Foundation and teaches people how to ride motorcycles in the Seattle area.

Peter can be found at www.peterhgregory.com.

Dedication

From Lawrence Miller:
To Michelle.

From Peter H. Gregory:
To Rebekah.

Authors Acknowledgments

Lawrence Miller would like to thank all the wonderful folks I have worked with on so many projects over the years. You all make writing so enjoyable and fulfilling: Amy, Barry, Chris, Dan,... E, F, G,... Heidi, I, Jen, Katie, Laura, Mike, N, O, Paul,... Q, Rev, Susan,... T, U, V,... W, X, Y, and Zo! Finally, thank you Peter for working with me on yet another great book, and Kevin for helping to keep us (technically) honest and on our toes!

Peter H. Gregory would like to thank Katie Feltman, Senior Acquisitions Editor at Wiley, for her perseverance and patience. Thank you to Christopher Morris, Senior Project Editor at Wiley, for your help throughout this project, and to Barry Childs-Helton, for your really helpful copy editing. Thank you, Larry, for agreeing once again to coauthor this book. Its great as always to work with you on security books.

There are many more people at Wiley and other organizations without whom this book could not be published and reach readers. I dont know who you are, but I know you are out there, and I am grateful for your dedication and hard work.