As a result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams, it has announced that enhancements will be made to both the Certified Information Systems Security Professional (CISSP) credential, beginning April 15, 2015. (ISC)² conducts this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.Refreshed technical content has been added to the official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today. Some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization’s information security program within an ever-changing security landscape. The domain names have been updated as follows:CISSP Domains, Effective April 15, 2015
Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) Asset Security (Protecting Security of Assets) Security Engineering (Engineering and Management of Security) Communications and Network Security (Designing and Protecting Network Security) Identity and Access Management (Controlling Access and Managing Identity) Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) Software Development Security (Understanding, Applying, and Enforcing Software Security)Some candidates may be wondering how these updates affect training materials for the CISSP credential. As part of the organization’s comprehensive education strategy and certifying body best practices, (ISC)² training materials do not teach directly to its credential examinations. Rather, (ISC)² Education is focused on teaching the core competencies relevant to the roles and responsibilities of today’s practicing information security professional. It is designed to refresh and enhance the knowledge of experienced industry professionals.
Published by: Auerbach Publications | Publication date: 04/08/2015Kindle book details: Kindle Edition, 1304 pages
For increasingly data-savvy clients, lawyers can no longer give "it depends" answers rooted in anecdata. Clients insist that their lawyers justify their reasoning, and with more than a limited set of war stories. The considered judgment of an experienced lawyer is unquestionably valuable. However, on balance, clients would rather have the considered judgment of an experienced lawyer informed by the most relevant information required to answer their questions. Data-Driven Law: Data Analytics and the New Legal Services helps legal professionals meet the challenges posed by a data-driven approach to delivering legal services. Its chapters are written by leading experts who cover such topics as:
- Mining legal data
- Computational law
- Uncovering bias through the use of Big Data
- Quantifying the quality of legal services
- Data mining and decision-making
- Contract analytics and contract standards
Published by: Auerbach Publications | Publication date: 07/16/2018Kindle book details: Kindle Edition, 227 pages
Todd Fitzgerald, co-author of the ground-breaking (ISC)2 CISO Leadership: Essential Principles for Success, Information Security Governance Simplified: From the Boardroom to the Keyboard, co-author for the E-C Council CISO Body of Knowledge, and contributor to many others including Official (ISC)2 Guide to the CISSP CBK, COBIT 5 for Information Security, and ISACA CSX Cybersecurity Fundamental Certification, is back with this new book incorporating practical experience in leading, building, and sustaining an information security/cybersecurity program.CISO COMPASS includes personal, pragmatic perspectives and lessons learned of over 75 award-winning CISOs, security leaders, professional association leaders, and cybersecurity standard setters who have fought the tough battle. Todd has also, for the first time, adapted the McKinsey 7S framework (strategy, structure, systems, shared values, staff, skills and style) for organizational effectiveness to the practice of leading cybersecurity to structure the content to ensure comprehensive coverage by the CISO and security leaders to key issues impacting the delivery of the cybersecurity strategy and demonstrate to the Board of Directors due diligence. The insights will assist the security leader to create programs appreciated and supported by the organization, capable of industry/ peer award-winning recognition, enhance cybersecurity maturity, gain confidence by senior management, and avoid pitfalls. The book is a comprehensive, soup-to-nuts book enabling security leaders to effectively protect information assets and build award-winning programs by covering topics such as developing cybersecurity strategy, emerging trends and technologies, cybersecurity organization structure and reporting models, leveraging current incidents, security control frameworks, risk management, laws and regulations, data protection and privacy, meaningful policies and procedures, multi-generational workforce team dynamics, soft skills, and communicating with the Board of Directors and executive management. The book is valuable to current and future security leaders as a valuable resource and an integral part of any college program for information/ cybersecurity.
Published by: Auerbach Publications | Publication date: 11/21/2018Kindle book details: Kindle Edition, 574 pages
Significant developments since the publication of its bestselling predecessor, Building and Implementing a Security Certification and Accreditation Program, warrant an updated text as well as an updated title. Reflecting recent updates to the Certified Authorization Professional (CAP®) Common Body of Knowledge (CBK®) and NIST SP 800-37, the Official (ISC)2® Guide to the CAP® CBK®, Second Edition provides readers with the tools to effectively secure their IT systems via standard, repeatable processes.Derived from the author’s decades of experience, including time as the CISO for the Nuclear Regulatory Commission, the Department of Housing and Urban Development, and the National Science Foundation’s Antarctic Support Contract, the book describes what it takes to build a system security authorization program at the organizational level in both public and private organizations. It analyzes the full range of system security authorization (formerly C&A) processes and explains how they interrelate. Outlining a user-friendly approach for top-down implementation of IT security, the book:
- Details an approach that simplifies the authorization process, yet still satisfies current federal government criteria
- Explains how to combine disparate processes into a unified risk management methodology
- Covers all the topics included in the Certified Authorization Professional (CAP®) Common Body of Knowledge (CBK®)
- Examines U.S. federal polices, including DITSCAP, NIACAP, CNSS, NIAP, DoD 8500.1 and 8500.2, and NIST FIPS
- Reviews the tasks involved in certifying and accrediting U.S. government information systems
Published by: Auerbach Publications | Publication date: 04/19/2016Kindle book details: Kindle Edition, 462 pages
Journey Inside and Outside Yourself to Develop Psychic Powers through Fascinating and Effective Techniques The mind is a powerful tool that, when properly focused, can do amazing things for both your body and the world around you. In Mind Over Matter, Loyd Auerbach presents an impressive variety of topics, including telekinesis, faith healing, spirit communication, stigmata, shamanism, firewalking, psychic attacks, levitation, and more. This remarkable book helps you develop your psychic abilities, build your confidence and self-esteem, and keep a responsible attitude as you learn to psychically affect yourself and others. You'll also explore how to:
- Ease your body's ailments through mental health
- Investigate ghosts and be at the center of a poltergeist experience
- Improve your physical performance by exercising your mind
- Move objects through psychokinesis
Published by: Llewellyn Publications | Publication date: 07/08/2017Kindle book details: Kindle Edition, 410 pages
Solid requirements engineering has increasingly been recognized as the key to improved, on-time, and on-budget delivery of software and systems projects. This textbook provides a comprehensive treatment of the theoretical and practical aspects of discovering, analyzing, modeling, validating, testing, and writing requirements for systems of all kinds, with an intentional focus on software-intensive systems. It brings into play a variety of formal methods, social models, and modern requirements for writing techniques to be useful to the practicing engineer.This book was written to support both undergraduate and graduate requirements engineering courses. Each chapter includes simple, intermediate, and advanced exercises. Advanced exercises are suitable as a research assignment or independent study and are denoted by an asterisk. Various exemplar systems illustrate points throughout the book, and four systems in particular—a baggage handling system, a point of sale system, a smart home system, and a wet well pumping system—are used repeatedly. These systems involve application domains with which most readers are likely to be familiar, and they cover a wide range of applications from embedded to organic in both industrial and consumer implementations. Vignettes at the end of each chapter provide mini-case studies showing how the learning in the chapter can be employed in real systems.Requirements engineering is a dynamic ﬁeld and this text keeps pace with these changes. Since the ﬁrst edition of this text, there have been many changes and improvements. Feedback from instructors, students, and corporate users of the text was used to correct, expand, and improve the material. This third edition includes many new topics, expanded discussions, additional exercises, and more examples. A focus on safety critical systems, where appropriate in examples and exercises, has also been introduced. Discussions have also been added to address the important domain of the Internet of Things. Another signiﬁcant change involved the transition from the retired IEEE Standard 830, which was referenced throughout previous editions of the text, to its successor, the ISO/IEC/IEEE 29148 standard.
Published by: Auerbach Publications | Publication date: 10/24/2017Kindle book details: Kindle Edition, 399 pages
Application vulnerabilities continue to top the list of cyber security concerns. While attackers and researchers continue to expose new application vulnerabilities, the most common application flaws are previous, rediscovered threats. For example, SQL injection and cross-site scripting (XSS) have appeared on the Open Web Application Security Project (OWASP) Top 10 list year after year over the past decade. This high volume of known application vulnerabilities suggests that many development teams do not have the security resources needed to address all potential security flaws and a clear shortage of qualified professionals with application security skills exists. Without action, this soft underbelly of business and governmental entities has and will continue to be exposed with serious consequences—data breaches, disrupted operations, lost business, brand damage, and regulatory fines. This is why it is essential for software professionals to stay current on the latest advances in software development and the new security threats they create. Recognized as one of the best application security tools available for professionals involved in software development, the Official (ISC)2® Guide to the CSSLP® CBK®, Second Edition, is both up-to-date and relevant, reflecting the latest developments in this ever-changing field and providing an intuitive approach to the CSSLP Common Body of Knowledge (CBK). It provides a robust and comprehensive study of the 8 domains of the CBK, covering everything from ensuring software security requirements are included in the software design phase to programming concepts that can effectively protect software from vulnerabilities to addressing issues pertaining to proper testing of software for security, and implementing industry standards and practices to provide a high level of assurance that the supply chain is secure—both up-stream. The book discusses the issues facing software professionals today, such as mobile app development, developing in the cloud, software supply chain risk management, and more. Numerous illustrated examples and practical exercises are included in this book to help the reader understand the concepts within the CBK and to enable them to apply these concepts in real-life situations. Endorsed by (ISC)2 and written and reviewed by CSSLPs and other (ISC)2 members, this book serves as an unrivaled study tool for the certification exam and an invaluable career reference. Earning your CSSLP is an esteemed achievement that validates your efforts in security leadership to help your organization build resilient software capable of combating the security threats of today and tomorrow.
Published by: Auerbach Publications | Publication date: 09/03/2013Kindle book details: Kindle Edition, 798 pages
Implementing Cybersecurity: A Guide to the National Institute of Standards and Technology Risk Management Framework (Internal Audit and IT Audit)
The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an "application" of the risk management process as well as the fundamental elements of control formulation within an applied context.
Published by: Auerbach Publications | Publication date: 03/16/2017Kindle book details: Kindle Edition, 337 pages
Transforming Business with Program Management: Integrating Strategy, People, Process, Technology, Structure, and Measurement (Best Practices in Portfolio, Program, and Project Management)
Organizations need to constantly innovate and improve products and services to maintain a strong competitive position in the market place. The vehicle used by organizations for such constant reinvention is a business transformation program. This book illustrates a tested program management roadmap along with the supporting comprehensive frameworks to successfully execute business transformation programs, formulated strategies, and strategic initiatives. It outlines the steps to successfully transform any business and deliver tangible business outcomes. This breakthrough work establishes the linkage between strategy formulation and strategy execution through the program management discipline. It depicts how program management integrates strategy, people, process, technology, structure, and measurement on cross-functional initiatives. The author details the processes, techniques, and tools that a program management team can customize and easily implement on any type of strategic initiative within the private or public sector environment to deliver and sustain the expected business outcomes and benefits.This book discusses the ten mandatory steps (or roadmap) needed to lead complex, business transformation programs to success. It showcases program management best practices and lessons learned though real-world case studies spanning different industry sectors and functional domains. Transforming Business with Program Management will equip executives, general managers, and program managers with the core skills necessary to effectively plan and implement business transformation strategies that drive sweeping business change and innovation.
Published by: Auerbach Publications | Publication date: 03/18/2015Kindle book details: Kindle Edition, 255 pages
Everyone is psychic to some degree, but did you know that your abilities can be enhanced while you dream? Psychic Dreaming explores how parapsychology and dreamwork can be combined to boost creativity, improve your decision-making, and heal yourself in body and soul. Parapsychologist Loyd Auerbach shows you how to identify telepathy, clairvoyance, precognition, and other psi experiences as they occur through dreams. Discover dream incubation, lucid dreaming, and symbol interpretation to solve problems, relieve stress, confront your fears, and overcome nightmares. Use your dreams to create psychic connections with your loved ones, and explore other points in time and space to create a complete picture of the person you are, the person you have been, and the person you will be in the future. Praise: "This book provides wonderful insight into the research and methods used by parapsychologists and dreamers. Loyd Auerbach does a remarkable job of telling an interesting story while defining the nature of psi and dreaming."—John G. Kruth, executive director of the Rhine Research Center
Published by: Llewellyn Publications | Publication date: 04/08/2017Kindle book details: Kindle Edition, 290 pages