The CISSP Prep Guide: Mastering the Ten Domains of Computer Security


With the growing threat of computer viruses and Internet security breaches, companies are fiercely headhunting for CISSP certified security professionals. The industry standard test on IT security, the Certified Information Systems Security Professionals (CISSP) exam is administered 16 times per year throughout the U.S. and Europe. This book serves both as a prep guide for IT professionals seeking to advance their careers through CISSP certification and as a reference for readers who need a fundamental end-to-end...
See more details below
Available through our Marketplace sellers.
Other sellers (Hardcover)
  • All (30) from $1.99   
  • New (1) from $58.77   
  • Used (29) from $1.99   
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any coupons and promotions
Seller since 2008

Feedback rating:



New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.


Ships from: Chicago, IL

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Sort by
Sending request ...


With the growing threat of computer viruses and Internet security breaches, companies are fiercely headhunting for CISSP certified security professionals. The industry standard test on IT security, the Certified Information Systems Security Professionals (CISSP) exam is administered 16 times per year throughout the U.S. and Europe. This book serves both as a prep guide for IT professionals seeking to advance their careers through CISSP certification and as a reference for readers who need a fundamental end-to-end security reference book. Co-authored by Ronald Krutz, this handy guide explains the ten security domains covered by the exam, from security management to cryptography to disaster recovery planning to legal and ethical issues. Sample questions and answers are also included.
Read More Show Less

Editorial Reviews

From the Publisher
"...fulfils its purpose well and forms a good introduction to the concepts and jargon used in all areas of IT security...worth having as a reference dictionary..." (Computer Bulletin, September 2002)
From The Critics
Helping to prepare for the Certified Information System Security Professionals exam, this book covers the common body of knowledge as defined by the International Information Systems Security Certification Consortium. Chapters address security management practices, access control systems, telecommunications and network security, cryptography, security architecture and models, operations security, applications and systems development, business continuity and disaster recovery planning, law and ethics, and physical security. Krutz is a CISSP instructor. Vines is a security consultant. Annotation c. Book News, Inc., Portland, OR (
Read More Show Less

Product Details

  • ISBN-13: 9780471413561
  • Publisher: Wiley, John & Sons, Incorporated
  • Publication date: 8/1/1901
  • Series: Computer Security Series
  • Edition description: Older Edition
  • Edition number: 1
  • Pages: 576
  • Product dimensions: 7.70 (w) x 9.58 (h) x 1.47 (d)

Meet the Author

RONALD L. KRUTZ is a lead instructor for the CISSP CBK review seminars. He spent twenty-four years at Carnegie Mellon University as a faculty member and then as an R&D Director at the Carnegie Mellon University Research Institute. Dr. Krutz is a Senior Information Security Consultant for Corbett Technologies, specializing in information assurance appraisal methodologies. He holds a PhD in Computer Engineering, is a registered Professional Engineer, and is a CISSP. He is the author of two previous Wiley books, Microprocessors and Logic Design and Microcomputer Interfacing.
RUSSELL DEAN VINES is President of the RDVGroup, a NYC-based security consulting services firm, and has been involved in computer security for nearly twenty years. He is a frequent speaker on security methodology, wireless security, and best practices in the information industry, and is also an instructor for the CISSP CBK review seminars. He has helped design and build the security architecture for Fortune 1000 Companies worldwide. He is a CISSP, CCNA, MCSE, MCNE, and a National Security Agency/IAM professional. Mr. Vines is also an accomplished jazz composer, performer, and educator.
Read More Show Less

Read an Excerpt

One day last year, the CEO of a large media company received an alarming e-mail. The sender said that he had gained access to the computer system of the CEO's company. If the CEO were willing to pay a large sum of money, the sender would reveal the weaknesses that he had found in the company's computer system. Just to ensure that he was taken seriously, several sensitive files (including photographs) that could only have come from the company's network were attached to the email. This message was not a drill--this situation was reality.

As you might expect, this kind of problem goes straight to the top of the "to-do" list for the victimized company. The CEO needed many immediate answers and solutions: the true source of the e-mail, the accuracy of the claims made by the sender, the possible weaknesses that might have been used to break into the system, why the intrusion detection system was not triggered, the steps that could be taken to further tighten security, the legal actions that might be possible, and the best way to deal with an adversary who was living halfway around the world.

For several months, many people--including computer security professionals--worked to gather information and evidence, to secure the system, and to track down the source of the attack. Ultimately, undercover officers from New Scotland Yard and the FBI met the unsuspecting "cyber extortionists" at a designated location in London, where they were arrested. They are currently in jail, awaiting extradition to the United States.

For anyone who has information security experience, this case will bring many thoughts to mind about some of the tools of the trade: logging, packet sniffers, firewalls and their rule sets, and legal access rights to e-mail communications (concepts covered in this book). Also, this incident raises questions about how an adversary in a remote location can gain access to a computer network without detection.

As those of us who have been involved in this field for years know, information systems security is achieved through intelligent risk management, rather than through risk elimination. Computer information security professionals find themselves at the core of a collaborative decision-making process. They must be able to provide answers and explanations that are anchored in sound methodology

Not all security issues that arise in the daily course of business will be as intense as the case study cited here, and many will be quite subtle. As many of the finest minds in technology focus more on the topic of security, there is a growing consensus that security is ensured through a process, rather than through a blind reliance on software or hardware products. No one in this field disputes that a computer security professional must be armed with training and experience in order to be effective.

As you read this book, keep in mind that those people who are closest to the business operations of an organization are in a great position to help notice anomalies. I often point out to clients that a violation of computer security might only be apparent to someone who is intimately familiar with the features of a given network and its file structure. It is not what you see, but what you know.

For example, if you went home tonight and found that your family photographs on your bedroom nightstand had been switched around, yet everything was still in its place, you would immediately know that someone had been in your home. Would a security guard who does not intimately know your home be able to notice this kind of difference, even if he or she took the time to look at your nightstand? More than likely, the answer is no. Similarly, there are many computer network features that an intruder could disturb, yet would go unnoticed by everyone except an expert who is familiar with your system.

You must sometimes point out to a client that the most serious threat to information systems security comes from people, not machines. A person who is an insider and is given a user account on a computer system has an enormous advantage in targeting an attack on a system. Computer crime statistics consistently show that insiders, as opposed to outside hackers, do greater damage to systems. As brilliant as they might be, computer criminals are a poor choice as computer security professionals.

Think of the concept this way: While the fictional Dr. Hannibal Lechter, in the movie "Silence of the Lambs," was brilliant in many ways, I would not trust him with my family. I respect the knowledge that smart people possess, but when you bring one on the team you receive their knowledge and their ethics--a package deal.

As you study the depth of the material provided in this book, keep in mind that the information system security professional of today is just that: a professional. Professionals must abide by rigorous standards yet provide something that computers cannot: human judgment. As a result the (ISC)2 requires strict adherence to its Code of Ethics before granting CISSP certifications.

If you are beginning your Certified Information System Security Professional (CISSP) certification, this book provides the framework to help you become a CISSP. If you are a harried IT manager for whom security is becoming an increasingly daily concern, this book will give you the fundamental concepts and a solid foundation to implement effective security controls. If you are already a CISSP or an active security practitioner, the "CISSP Prep Guide" will help you succeed in a field that has become crucial to the success of business and to the security of a nation's economy.

Edward M. Stroz
April 2001

Edward Stroz is president of Stroz Associates, LLC, a consulting firm specializing in helping clients detect and respond to incidents of computer crime. He was an agent with the FBI, where he formed and supervised the computer crime squad in its New York office. He can be reached at
Read More Show Less

Table of Contents




About the Authors.

Chapter 1: Security Management Practices.

Our Goals.

Domain Definition.

Management Concepts.

Information Classification Process.

Security Policy Implementation.

Roles and Responsibilities.

Risk Management.

Security Awareness.

Sample Questions.

Chapter 2: Access Control Systems.



Identification and Authentication.

Some Access Control Issues.

Sample Questions.

Chapter 3: Telecommunications and Network Security.

Our Goals.

Domain Definition.

Management Concepts.

Technology Concepts.

Sample Questions.

Chapter 4: Cryptography.


Cryptographic Technologies.

Secret Key Cryptography (Symmetric Key).

Public (Asymmetric) Key Cryptosystems.

Approaches to Escrowed Encryption.

Internet Security Applications.

Sample Questions.

Chapter 5: Security Architecture and Models.

Security Architecture.


Information Security Models.

Sample Questions.

Chapter 6: Operations Security.

Our Goals.

Domain Definition.

Controls and Protections.

Monitoring and Auditing.

Threats and Vulnerabilities.

Sample Questions.

Chapter 7: Applications and Systems Development.

The Software Life Cycle Development Process.

The Software Capability Maturity Model (CMM).

Object-Oriented Systems.

Artificial Intelligence Systems.

Database Systems.

Application Controls.

Sample Questions.

Chapter 8: Business Continuity Planning and Disaster Recovery Planning.

Our Goals.

Domain Definition.

Business Continuity Planning.

Disaster Recovery Planning.

Sample Questions.

Chapter 9: Law, Investigation, and Ethics.






Sample Questions.

Chapter 10: Physical Security.

Our Goals.

Domain Definition.

Threats to Physical Security.

Controls for Physical Security.

Sample Questions.

Appendix A: Glossary of Terms and Acronyms.

Appendix B: The RAINBOW Series.

Appendix C: Answers to Sample Questions.

Chapter 1-Security Management Practices.

Chapter 2-Access Control Systems and Methodology.

Chapter 3-Telecommunications and Network Security.

Chapter 4-Cryptography.

Chapter 5-Security Architecture and Models.

Chapter 6-Operations Security.

Chapter 7-Applications and Systems Development.

Chapter 8-Business Continuity Planning and Disaster Recovery Planning.

Chapter 9-Law, Investigation, and Ethics.

Chapter 10-Physical Security.

Appendix D: A Process Approach to HIPAA Compliance through a HIPAA-CMM.

Appendix E: The NSA InfoSec Assessment Methodology.

Appendix F: The Case for Ethical Hacking.

Appendix G: The Common Criteria.

Appendix H: References for Further Study.

Appendix I: British Standard 7799.


Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Anonymous

    Posted May 8, 2003

    This book is obsolete unless you need a history snapshot

    When this book was released in 2001 it was a great book. Now that it is 2003 this book is only ~60-75% of what is needed for the CISSP exam. IHMO this book should be pulled from the shelves because it has been superseeded by the Gold Edition (2003) from the same author. Gold Edition really means 'current' edition. It is not superior, it's just current with more material. I read this book and was surprised that it prepared me perfectly for the CISSP test, if it was 2 years ago. Now I have to read the Gold Edition and re-read content I already know just to get the Delta. It's possible the new Q&A book may contain enough for the exam but that's a gamble I can't take since my $450 is at stake. Conclusion: Don't buy it. Buy the Gold and/or the Q&A. PS I think the Q&A may just be the questions stripped out of the Gold Edition. You should check before you consider buying both.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted September 3, 2001

    This IS the Book to Buy First!

    It¿s been said many times that the vast ocean of the CISSP Common Body of Knowledge (CBK) is fifty miles wide and two miles deep and preparing for it can be quite an overwhelming endeavor. Various on-line study groups and web sites have numerous suggestions and links where freely available materials and helpful hints may be found. Individuals share there study guides and suggest the best books to procure for the study quest. I myself have participated and contributed in these vibrant forums. It¿s been said many times over that NO one book can effectively cover the CBK and to prepare the CISSP candidate for the exam. I too have amassed a large collection of the most suggested tombs. Well The CISSP Prep Guide almost negates this statement. The CISSP Prep Guide is now the FIRST place to start! I wish it had been in print a year ago when I began my quest for the CISSP. It is a complete and affordable textbook covering the MEAT of the CBK. This book completely defines and explains the major points of the CBK. It is an extremely readable and understandable text. If you can¿t afford attending the ISC2 CISSP Seminar either because of cost or time away from work this book is for you. If you have already attended the CISSP Seminar this book is for you. I was blessed by having the opportunity in attending the CISSP Seminar yet I am still finding that The CISSP Prep Guide is building upon the materials presented in the seminar. I can see where my copy of The CISSP Prep Guide will quickly become a dog-eared reference text that I use to refer to while carrying out my duties as an Information Systems Security Officer with the U.S. Government.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)