INFORMATION SECURITY PROFESSIONAL LEARNING MATERIAL AND EXAM PREPARATION

Useful Information

• CISSP Candidate Information Bulletin, (ISC)2

Exam Exercise

• CCCure Free Practice Test for CISA and CISSP (required registration)
• CISA Self-Assessment by ISACA
• CISA Review Questions, Answers and Explanations Manual 2011 (online e-Book)

Glossary

• CISA Glossary
• Glossary of Security Terms, SANS
• Webopedia: Online Computer Dictionary for Computer and Internet Terms and Definitions

Information Security Management

• Information Security Handbook: A Guide for Managers, NIST SP 800-10 2007
• Managing Information Security Risk: Organization, Mission, and Information System View, NIST SP 800-39 2011
• Risk Management Guide for Information Technology Systems, NIST SP 800-30 2002
• Generally Accepted Principles and Practices for Securing Information Technology Systems, NIST SP 800-14 1996
• Guidelines on Security and Privacy in Public Cloud Computing, NIST SP 800-144 2011

Access Control

• Biometric Data Specification for Personal Identity Verification, NIST SP 800-76-2 2011
• Electronic Authentication Guideline, NIST SP 800-63r1 2008
• Role Based Access Control, NIST
• Biometrics Security Considerations, NSA

Application and Database

• Security Considerations in the System Development Life Cycle, NIST SP 800-64r2 2008
• The Need for Secure Software
• The Ten Best Practices for Secure Software Development, (ISC)2
• Guide to the Software Engineering Body of Knowledge (SWEBOK), IEEE
• Web Application Security Overview, NSA
• The Case for Using Layered Defenses to Stop Worms, NSA

Cryptography

• Introduction to Public Key Technology and the Federal PKI Infrastructure, NIST SP 800-32 2001
• Recommendation for Key Management: Part 1: General, NIST SP 800-57 2011
• Recommendation for Key Management: Part 2, NIST SP 800-57 2007
• Recommendation for Key Management: Part 3, SP 800-57 2009
• The Open–source PKI Book, A guide to PKIs and Open–source Implementations
• Ron Rivest’s large compilation of links (no longer maintained)

Network and Telecommunication Security

• Guide to Intrusion Detection and Prevention Systems (IDPS), SP 800-94 2007
• Secure Domain Name System (DNS) Deployment Guide, NIST SP800-81r1 2010
• Guide to IPsec VPNs, NIST SP 800-77 2005
• Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementation, NIST SP 800-52 2005

Legal, Regulation, Ethics

• Guide to Integrating Forensic Techniques into Incident Response, NIST SP 800-86 2006
• Ten Commandments of Computer Ethics, Computer Ethics Institute
• (ISC)² Code Of Ethics
• ISACA Code of Professional Ethics

Operation Security

• Guidelines for Media Sanitization, NIST SP 800-88 2006
• Computer Security Incident Handling Guide, NIST SP 800-61r1 2008
• Creating a Patch and Vulnerability Management Program, NIST SP 800-40V2 2005
• Guide to Malware Incident Prevention and Handling, NIST SP 800-83 2005
• Guide to Computer Security Log Management, NIST SP 800-92 2006
• Cloud Computing Guidance, NSA
• Best Practices for Storage Networks, NSA

Security Architecture

• Security Guide for Interconnecting Information Technology Systems, NIST SP 800-47 2002
• Guide to Enterprise Telework and Remote Access Security, NIST SP 800-46r1 2009
• Defense in Depth, NSA