A comprehensive, up-to-date revision of the market-leading CISSP training resource

Written by Shon Harris, the number-one name in IT security certification and training, this exam guide offers complete coverage of all the material on the latest release of the Certified Information Systems Security Professional (CISSP) exam. With full treatment of all 10 exam domains, as developed by the International Information Systems Security Certification Consortium (ISC2), this definitive tool contains learning objectives at the beginning of each chapter, sidebars with in-depth technical explanations, practice questions, and real-world scenarios.

Detailed and authoritative, Shon Harris's CISSP All-in-One Exam Guide, Fifth Edition serves as both a comprehensive certification study guide and student work book, and a fundamental on-the-job reference. The CD-ROM includes more than 250 simulated practice questions in a Windows-based test engine, an electronic book, and video training from the author.

A comprehensive CISSP training resource

Written by Shon Harris, the leading IT security certification and training expert, this practice exam book offers hundreds of realistic questions with detailed answers of all the material on the latest release of the Certified Information Systems Security Professional (CISSP) exam. With full treatment of all the 10 exam domains, as developed by the International Information Systems Security Certification Consortium (ISC2), this book allows you to prepare for the certification exam in an in-depth, self paced manner.

Implement SIEM to efficiently analyze and report data, respond to inside and outside threats, and follow compliance regulations

Security Information and Event Management (SIEM) Implementation shows how to take advantage of SIEM technology for real-time analysis of security alerts generated by network hardware and applications. The book explains how to implement multiple SIEM products from different vendors, and also discusses the strengths, weaknesses, and advanced tuning of these various systems.
This comprehensive guide covers everything from basic concepts and components to high-level configuration, risk and threat analysis, interpretation, and response. The separate pieces that make up a complete SIEM system are outlined, and techniques for deploying an integrated collection of discrete SIEM pieces to meet your requirements are presented. You will also learn how to extend SIEM tools to develop business intelligence solutions.

Security Information and Event Management (SIEM) Implementation

• Includes a Smartbook—a knowledge base of real-world business use cases illustrating successfully deployed, finely-tuned SIEM systems
• Covers the top SIEM products/vendors: ArcSight, Q1 QRadar, and Cisco MARS
• Is written by security, SIEM, and compliance experts
• Includes product feature summaries and analyses and trending examples
• Covers regulatory compliance issues and provides Incident Response solutions

All-inclusive coverage:
Introduction to Threat Intelligence For IT Systems; Business Models; Threat Models; Compliance; SIEM Concepts - Components for small and medium size businesses; The Anatomy of SIEM Systems; Incident Response; SIEM for Business Intelligence; SIEM Tools; Open Source SIEM Implementation; Open Source SIEM Advanced Techniques; Cisco Security-MARS Implementation; Cisco Security-MARS Advanced Techniques; Q1 Labs QRadar Implementation; Q1 Labs Advanced Techniques; ArcSight Implementation; ArcSight Advanced Techniques

Thwart malicious network intrusion by using cutting-edge techniques for finding and fixing security flaws. Fully updated and expanded with nine new chapters, Gray Hat Hacking: The Ethical Hacker's Handbook, Third Edition details the most recent vulnerabilities and remedies along with legal disclosure methods. Learn from the experts how hackers target systems, defeat production schemes, write malicious code, and exploit flaws in Windows and Linux systems. Malware analysis, penetration testing, SCADA, VoIP, and Web security are also covered in this comprehensive resource.

• Develop and launch exploits using BackTrack and Metasploit
• Employ physical, social engineering, and insider attack techniques
• Build Perl, Python, and Ruby scripts that initiate stack buffer overflows
• Understand and prevent malicious content in Adobe, Office, and multimedia files
• Detect and block client-side, Web server, VoIP, and SCADA attacks
• Reverse engineer, fuzz, and decompile Windows and Linux software
• Develop SQL injection, cross-site scripting, and forgery exploits
• Trap malware and rootkits using honeypots and SandBoxes