Copyright © 2022 by John Wiley & Sons, Inc. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.
978-1-119-80193-1
978-1-119-80204-4 (ebk.)
978-1-119-80194-8 (ebk.)
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com
. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission
.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware the Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com
.
Library of Congress Control Number: 2021948030
Trademarks: WILEY, the Wiley logo, Sybex and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CISM is a trademark or registered trademark of Information Systems Audit and Control Association, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
Cover image: ©Jeremy Woodhouse/Getty Images
Cover design: Wiley
To my wife, Renee. We are 22 years into this adventure together and every moment is better than the last. Here's to what's next!
—Mike
Books like this involve work from many people, and as an author, I truly appreciate the hard work and dedication that the team at Wiley shows. I would especially like to thank my acquisitions editor, Jim Minatel. I've worked with Jim for too many years to count and it's always an absolute pleasure working with a true industry pro.
I also greatly appreciated the editing and production team for the book, including David Clark, the project editor, who brought years of experience and great talent to the project; Ben Malisow, the technical editor, who provided insightful advice and gave wonderful feedback throughout the book; and Barath Kumar Rajasekaran, the production editor, who guided me through layouts, formatting, and final cleanup to produce a great book. I would also like to thank the many behind-the-scenes contributors, including the graphics, production, and technical teams who make the book and companion materials into a finished product.
Victoria Mastagh, my production assistant at CertMike.com
, was instrumental in preparing the glossary, and Matthew Howard, my research assistant at Notre Dame, played a crucial role in pulling together the class slides that accompany the book for instructors.
My agent, Carole Jelen of Waterside Productions, continues to provide me with wonderful opportunities, advice, and assistance throughout my writing career.
Finally, I would like to thank my family, who supported me through the late evenings, busy weekends, and long hours that a book like this requires to write, edit, and get to press.
Mike Chapple, Ph.D., CISM, is the author of over 30 books, including the best-selling CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide (Sybex, 2021) and the CISSP (ISC)2 Official Practice Tests (Sybex, 2021). He is an information security professional with two decades of experience in higher education, the private sector, and government.
Mike currently serves as Teaching Professor in the IT, Analytics, and Operations department at the University of Notre Dame's Mendoza College of Business, where he teaches undergraduate and graduate courses on cybersecurity, data management, and business analytics.
Mike previously served as executive vice president and chief information officer of the Brand Institute, a Miami-based marketing consultancy. Mike also spent four years in the information security research group at the National Security Agency and served as an active-duty intelligence officer in the U.S. Air Force.
Mike is a technical editor for Information Security Magazine and has written more than 25 books. He earned both his B.S. and Ph.D. degrees from Notre Dame in computer science and engineering. Mike also holds an M.S. in computer science from the University of Idaho and an MBA from Auburn University. Mike holds the Cybersecurity Analyst+ (CySA+), Security+, Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), and Certified Information Systems Security Professional (CISSP) certifications.
Learn more about Mike and his other security certification materials at his website, CertMike.com
.
Ben Malisow has worked in the fields of education/training, communication, information technology, security, and/or some combination of these industries, for over 25 years. Prior to his current position, Ben has provided information security consulting services and training to a diverse host of clients, including the Defense Advanced Research Projects Agency (DARPA), the Department of Homeland Security (at TSA), and the FBI. He has also served as an Air Force officer, after graduating from the Air Force Academy.
An experienced trainer, Ben has been an adjunct professor of English at the College of Southern Nevada, a computer teacher for troubled junior/senior high school students in Las Vegas, a senior instructor for the University of Texas - San Antonio, and he has taught computer security certification prep classes for Carnegie-Mellon University's CERT/SEI.
Ben has published widely in many fields. His latest books include Exposed: How Revealing Your Data and Eliminating Privacy Increases Trust and Liberates Humanity (Wiley, 2020), the CCSP (ISC)2 Official Study Guide (Sybex, 2020), the CCSP Official (ISC)2 Practice Tests (Sybex, 2018), and How to Pass Your INFOSEC Exam from Amazon Direct. Updates to his work and his podcast, “The Sensuous Sounds of INFOSEC,” can be found at securityzed.com
. His certification-preparation courses can be found on Udemy.com
.