Cissp

The CISSP Prep Guide—Mastering the Ten Domains of Computer Security
Ronald L. Krutz Russell Dean Vines Wiley Computer Publishing John Wiley & Sons, Inc. Publisher: Robert Ipsen Editor: Carol Long Managing Editor: Micheline Frederick Text Design & Composition: D&G Limited, LLC Designations used by companies to distinguish their products are often claimed as trademarks. In all instances whereJohn Wiley & Sons, Inc., is aware of a claim, the product names appear in initial capital or ALL CAPITAL LETTERS . Readers, however, should contact the appropriate companies for more complete information regarding trademarks and registration. Copyright © 2001 by Ronald L. Krutz and Russell Dean Vines. All rights reserved. Published by John Wiley & Sons, Inc. Published simultaneously in Canada. Nopart of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy feeto the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 7508400, fax (978) 750-4744. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 605 Third Avenue, New York, NY 10158-0012, (212) 850-6011, fax (212) 850-6008, E-Mail: PERMREQ @ WILEY.COM. This publication is designed to provide accurate and authoritativeinformation in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in professional services. If professional advice or other expert assistance is required, the services of a competent professional person should be sought. Library of Congress Cataloging-in-Publication Data: Krutz, Ronald L., 1938– The CISSP prep guide: mastering the ten domainsof computer security/Ronald L. Krutz, Russell Dean Vines. p. cm. Includes bibliographical references and index. ISBN 0-471-41356-9 (pbk. : alk. paper) 1. Electronic data processing personnel—Certification. 2. Computer networks— Examinations—Study guides. I. Vines, Russell Dean, 1952–. II. Title. QA76.3 K78 2001 005.8—dc21Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1 The constantjoys in my life—my daughters, Sheri and Lisa—who have given me the latest miracles in my life—Patrick, Ryan, and the Angel who is on the way.

—RLK About the Authors Ronald L. Krutz, Ph.D., P.E., CISSP. Dr. Krutz is a Senior Information Assurance Consultant with Corbett Technologies, Inc. He is the lead assessor for all Capability Maturity Model (CMM) engagements for Corbett Technologies and ledthe development of Corbett’s HIPAA-CMM assessment methodology. Dr. Krutz is also a lead instructor for the (ISC)2 CISSP Common Body of Knowledge review seminars. He has over forty years of experience in distributed computing systems, computer architectures, real-time systems, information assurance methodologies and information security training. He has been an Information Security Consultant atRealtech Systems Corporation, an Associate Director of the Carnegie Mellon Research Institute (CMRI), and a Professor in the Carnegie Mellon University Department of Electrical and Computer Engineering. Dr. Krutz founded the CMRI Cybersecurity Center and was founder and Director of the CMRI Computer, Automation and Robotics Group. Prior to his 24 years at Carnegie Mellon University, Dr. Krutz was aDepartment Director in the Singer Corporate R&D Center and a Senior Engineer at Gulf Research and Development Company. Dr. Krutz conducted and sponsored applied research and development in the areas of computer security, artificial intelligence, networking, modeling and simulation, robotics, and real-time computer applications. He is the author of three textbooks in the areas of microcomputer...