ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition Introduction xxxv Assessment Test lx Chapter 1 Security Governance Through Principles and Policies 1 Chapter 2 Personnel Security and Risk Management Concepts 49 Chapter 3 Business Continuity Planning 121 Chapter 4 Laws, Regulations, and Compliance 151 Chapter 5 Protecting Security of Assets 189 Chapter 6 Cryptography and Symmetric Key Algorithms 227 Chapter 7 PKI and Cryptographic Applications 271 Chapter 8 Principles of Security Models, Design, and Capabilities 317 Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 359 Chapter 10 Physical Security Requirements 443 Chapter 11 Secure Network Architecture and Components 491 Chapter 12 Secure Communications and Network Attacks 581 Chapter 13 Managing Identity and Authentication 641 Chapter 14 Controlling and Monitoring Access 681 Chapter 15 Security Assessment and Testing 727 Chapter 16 Managing Security Operations 769 Chapter 17 Preventing and Responding to Incidents 809 Chapter 18 Disaster Recovery Planning 869 Chapter 19 Investigations and Ethics 919 Chapter 20 Software Development Security 951 Chapter 21 Malicious Code and Application Attacks 1005 Appendix A Answers to Review Questions 1055 Appendix B Answers to Written Labs 1115 Index 1133 ISC2 CISSP Certified Information Systems Security Professional Official Practice Tests, 4th Edition Introduction xiii Chapter 1 Security and Risk Management (Domain 1) 1 Chapter 2 Asset Security (Domain 2) 25 Chapter 3 Security Architecture and Engineering (Domain 3) 51 Chapter 4 Communication and Network Security (Domain 4) 75 Chapter 5 Identity and Access Management (Domain 5) 99 Chapter 6 Security Assessment and Testing (Domain 6) 123 Chapter 7 Security Operations (Domain 7) 147 Chapter 8 Software Development Security (Domain 8) 171 Chapter 9 Practice Test 1 197 Chapter 10 Practice Test 2 231 Chapter 11 Practice Test 3 257 Chapter 12 Practice Test 4 287 Appendix Answers to Review Questions 315 Index 475.