Table of Contents

Introduction.
1. Information Security and Risk Management.
2. Access Controls.
3. Software Development Security.
4. Business Continuity and Disaster Recovery.
5. Cryptography.
6. Legal Regulations, Compliance, and Investigations.
7. Security Operations.
8. Physical and Environmental Security.
9. Security Architecture and Design.
10. Telecommunications and Network Security.
Appendix A: Ten Domains of CISSP.
Appendix B: (ISC)� Code of Ethics.
Appendix C: The CISSP Exam.
Glossary.
Index.

About the Author

Peter H. Gregory, CISSP, CISA, CRISC, C|CISO, CCSK, QSA, has over 25 years of experience in virtually every role in business IT organizations, including work in government, financial services, non-profit, telecommunications, SAAS, and retail. He is the author of more than 30 books on security and technology, and the technical editor for more than 20 additional books. Gregory sits on the board of advisors and is the lead instructor for the University of Washington certificate program in information systems security, and he is a lecturer at the university's NSA-certified certificate program in information security and risk management. He is also a member of the executive steering board for the SecureWorld Expo Conference, and the board of advisors for PaymentGear. A founding member of the Pacific CISO Forum, Gregory is a graduate of the FBI Citizens' Academy. He studied electrical engineering and computer science at the University of Nevada, Reno, and is the director of strategic services a national consulting firm.