Cciso Certified Chief Information Security Officer All in One Exam Guide Steve Bennett Full Chapter
Cciso Certified Chief Information Security Officer All in One Exam Guide Steve Bennett Full Chapter
Cciso Certified Chief Information Security Officer All in One Exam Guide Steve Bennett Full Chapter
1. Governance
1. Sizing
2. Management Structure
4. Risk Management
1. Compliance Team
2. Compliance Management
7. Privacy
12. Ethics
13. Chapter Review
1. Quick Review
2. Questions
3. Answers
9. Chapter 2 Information Security Controls, Compliance, and Audit
Management
1. Control Fundamentals
2. Control Frameworks
1. NIST SP 800-53
2. NIST Cybersecurity Framework
3. ISO/IEC 27002
4. CIS Critical Security Controls
5. CSA Cloud Controls Matrix
1. Audit Management
2. Audit Process
3. Control Self-Assessments
4. Continuous Auditing
5. Specific Types of Audits and Assessments
6. Chapter Review
1. Quick Review
2. Questions
3. Answers
10. Chapter 3 Security Program Management and Operations
1. Project Management
2. Project Management Fundamentals
5. Chapter Review
1. Quick Review
2. Questions
3. Answers
11. Chapter 4 Information Security Core Competencies
1. Malware
2. Scripting and Vulnerability-Specific Attacks
2. Social Engineering
4. Data Security
1. Data at Rest
2. Data in Transit
3. Data in Use
4. Data Life Cycle
7. Cryptography
1. Cryptographic Definitions
2. Cryptographic Services
3. Symmetric, Asymmetric, and Hybrid
Cryptosystems
4. Hash Algorithms
5. Message Authentication Codes
6. Digital Signatures
7. Public Key Infrastructure
8. Cloud Security
9. Physical Security
1. Relevant Law
2. Logging and Monitoring
3. Incident Response and Investigations
4. Forensics and Digital Evidence
1. Vulnerability Assessments
2. Penetration Testing
3. Regulatory Compliance Assessments
4. Security Program Assessments
13. Business Continuity and Disaster Recovery
1. Quick Review
2. Questions
3. Answers
12. Chapter 5 Strategic Planning, Finance, Procurement, and Vendor
Management
1. Strategic Planning
1. Enterprise Architecture
3. Financial Management
1. Questions
2. Answers
13. Appendix About the Online Content
1. System Requirements
2. Your Total Seminars Training Hub Account
1. Privacy Notice
14. Glossary
15. Index
Guide
1. Cover
2. Title Page
3. CCISO™ Certified Chief Information Security Officer All-in-One
Exam Guide
Page List
1. i
2. ii
3. iii
4. iv
5. v
6. vi
7. vii
8. viii
9. ix
10. x
11. xi
12. xii
13. xiii
14. xiv
15. xv
16. xvi
17. xvii
18. xviii
19. xix
20. xx
21. xxi
22. xxii
23. xxiii
24. xxiv
25. 1
26. 2
27. 3
28. 4
29. 5
30. 6
31. 7
32. 9
33. 8
34. 10
35. 11
36. 12
37. 13
38. 14
39. 15
40. 16
41. 17
42. 18
43. 19
44. 20
45. 21
46. 22
47. 23
48. 24
49. 25
50. 26
51. 28
52. 27
53. 29
54. 30
55. 31
56. 32
57. 33
58. 34
59. 35
60. 36
61. 37
62. 38
63. 39
64. 40
65. 41
66. 42
67. 43
68. 44
69. 45
70. 46
71. 47
72. 48
73. 49
74. 50
75. 51
76. 52
77. 53
78. 54
79. 55
80. 56
81. 57
82. 58
83. 59
84. 60
85. 61
86. 62
87. 63
88. 64
89. 65
90. 66
91. 67
92. 68
93. 69
94. 70
95. 71
96. 72
97. 73
98. 74
99. 75
100. 76
101. 77
102. 78
103. 79
104. 80
105. 81
106. 82
107. 83
108. 84
109. 85
110. 87
111. 88
112. 89
113. 90
114. 91
115. 92
116. 93
117. 94
118. 95
119. 96
120. 97
121. 98
122. 99
123. 100
124. 101
125. 102
126. 103
127. 104
128. 105
129. 106
130. 107
131. 108
132. 109
133. 110
134. 111
135. 112
136. 113
137. 114
138. 115
139. 116
140. 117
141. 118
142. 119
143. 120
144. 121
145. 122
146. 123
147. 124
148. 125
149. 126
150. 127
151. 128
152. 129
153. 130
154. 131
155. 132
156. 133
157. 134
158. 135
159. 136
160. 137
161. 138
162. 139
163. 140
164. 141
165. 142
166. 143
167. 144
168. 145
169. 146
170. 147
171. 148
172. 149
173. 150
174. 151
175. 152
176. 153
177. 154
178. 155
179. 156
180. 157
181. 158
182. 159
183. 160
184. 161
185. 162
186. 163
187. 164
188. 165
189. 166
190. 167
191. 168
192. 169
193. 170
194. 171
195. 172
196. 173
197. 174
198. 175
199. 176
200. 177
201. 178
202. 179
203. 180
204. 181
205. 182
206. 183
207. 184
208. 185
209. 186
210. 187
211. 188
212. 189
213. 190
214. 191
215. 192
216. 193
217. 194
218. 195
219. 196
220. 197
221. 198
222. 199
223. 200
224. 201
225. 202
226. 203
227. 204
228. 205
229. 206
230. 207
231. 208
232. 209
233. 210
234. 211
235. 212
236. 213
237. 214
238. 215
239. 216
240. 217
241. 218
242. 219
243. 220
244. 221
245. 222
246. 223
247. 224
248. 225
249. 226
250. 227
251. 228
252. 229
253. 230
254. 231
255. 232
256. 233
257. 234
258. 235
259. 236
260. 237
261. 238
262. 239
263. 240
264. 241
265. 242
266. 243
267. 244
268. 245
269. 246
270. 247
271. 248
272. 249
273. 250
274. 251
275. 252
276. 253
277. 254
278. 255
279. 256
280. 257
281. 258
282. 259
283. 260
284. 261
285. 262
286. 263
287. 264
288. 265
289. 266
290. 267
291. 268
292. 269
293. 270
294. 271
295. 272
296. 273
297. 274
298. 275
299. 276
300. 277
301. 278
302. 279
303. 280
304. 281
305. 282
306. 283
307. 284
308. 285
309. 286
310. 287
311. 288
312. 289
313. 290
314. 291
315. 292
316. 293
317. 294
318. 295
319. 296
320. 297
321. 298
322. 299
323. 300
324. 301
325. 302
326. 303
327. 304
328. 305
329. 306
330. 307
331. 308
332. 309
333. 310
334. 311
335. 312
336. 313
337. 314
338. 315
339. 316
340. 317
341. 318
342. 319
343. 320
344. 321
345. 322
346. 323
347. 324
348. 325
349. 326
350. 327
351. 328
352. 329
353. 330
354. 331
355. 332
356. 333
357. 334
358. 335
359. 336
360. 337
361. 338
362. 339
363. 340
364. 341
365. 342
366. 343
367. 344
368. 345
369. 346
370. 347
371. 348
372. 349
373. 350
374. 351
375. 352
376. 353
377. 354
378. 355
379. 356
380. 357
381. 358
382. 359
383. 360
384. 361
385. 362
386. 363
387. 364
388. 365
389. 366
390. 367
391. 368
392. 369
393. 370
394. 371
395. 372
396. 373
397. 374
398. 375
399. 376
ABOUT THE AUTHORS
Steven Bennett, CCISO, CISSP, CISA, is an engineer,
sportsman, entrepreneur, and consultant. He has worked in the
information technology field for over 40 years helping
organizations protect their most important assets from criminal
threats. Steve has spent his lifetime studying human and animal
behavior in complex systems, the relationships between
predator and prey, and offensive and defensive survival
strategies and tactics observed in business and nature. Steve’s
information security consulting career includes supporting
clients in healthcare, manufacturing, retail, finance, military,
and government.
ISBN: 978-1-26-046393-4
MHID: 1-26-046393-1
Glossary
Index
CONTENTS
Acknowledgments
Introduction
Governance
Sizing
Management Structure
Cyberattack Elements
Defense-In-Depth
Risk Management
Asset Security
Security Engineering
Physical Security
Security Operations
Compliance
Compliance Team
Compliance Management
Privacy
Clinger-Cohen Act
Gramm-Leach-Bliley Act
Sarbanes-Oxley Act
ISO/IEC 27001
Privacy Shield
COBIT
ISACA
SANS Institute
Offensive Security
Ethics
Chapter Review
Quick Review
Questions
Answers
Control Fundamentals
Control Frameworks
ISO/IEC 27000
Step 2: Design
Step 3: Implementation
Step 4: Assessment
Step 5: Monitoring
NIST SP 800-53
NIST Cybersecurity Framework
ISO/IEC 27002
Audit Management
Audit Process
Control Self-Assessments
Continuous Auditing
Chapter Review
Quick Review
Questions
Answers
Project Management
Initiating
Planning
Executing
Closing
Chapter Review
Quick Review
Questions
Answers
Chapter 4 Information Security Core Competencies
Malware
Social Engineering
Asset Security
Vulnerability Management
Data Security
Data at Rest
Data in Transit
Data in Use
IP Addressing
Wireless
Cryptography
Cryptographic Definitions
Cryptographic Services
Hash Algorithms
Message Authentication Codes
Digital Signatures
Cloud Security
Physical Security
Personnel Security
Relevant Law
Vulnerability Assessments
Penetration Testing
Chapter Review
Quick Review
Questions
Answers
Strategic Planning
Enterprise Architecture
Financial Management
Types of Contracts
Scope Agreements
Chapter Review
Quick Review
Questions
Answers
System Requirements
Privacy Notice
TotalTester Online
Technical Support
Glossary
Index
ACKNOWLEDGMENTS
Steve would like to thank his incredible wife, Debby, for her
unyielding support throughout the book-writing process. I love
you, hon. Now maybe things can get back to normal around
here. Warmest thanks go to co-author Jordan, who put up with
my obstinance and made this project fun.
Jordan would like to thank his family and friends for their
continued support and encouragement. A special thanks to
Steve for the invitation to collaborate on this book. Your
expertise and guidance were invaluable in this undertaking. It
was an honor and a pleasure.
Twenty-five years ago, the role of the CISO didn’t even exist, yet
now over 60 percent of Fortune 500 businesses have a CISO.
Although that may seem like rapid adoption, it shows that 40
percent of large companies have not seen fit to turn to CISOs to
be the guardians of their organization. Proliferation and
development of the role of the CISO are driven by questions
such as these:
Marie.
. . . . . . . . . . .
Si le meilleur de l’homme est tel
Que rien n’en périsse, je l’aime
Avec ce que j’ai d’immortel.