Official (ISC)2® Guide to the ISSAP® CBK

About the Authors: Alex Golod, CISSP, is a senior security consultant with 29 years of experience for one of the Fortune 100 IT firms. He has focused the last 12 years of his career in information security. Alex’s many responsibilities include architecture, engineering, and operations of security solutions. His broad area of expertise covers application, network and data security, as well as risk analysis and mitigation. Paul Baker, CPP, is a security manager with more than 30 years of extensive experience in all phases of law enforcement and industrial security. He holds a Doctorate in Strategic Leadership from Regent University, along with a Master of Science in Criminal Justice from Troy University, and is a Certified Protection Professional (CPP). Dr. Baker spent 6 years in the U.S. Marine Corps and has retired from the Maryland State Police. Dr. Baker is currently employed as a senior security manager for one of the top ten banks in the Washington, D.C, area. Dr. Baker is also an adjunct professor, teaching parttime for the University of Maryland University College in homeland security and for Southwestern College in security management. Robert B. Batie, Jr., CISSP-ISSEP, ISSAP, ISSMP, CISM, CAP, has over 20 years of experience in communication security and information assurance. He is a senior principal systems engineer at Raytheon NCS, in St. Petersburg, FL. He is a Raytheon Author, Inventor and Technical Honoree, as well as a contributing author for the Official Guide to the CISSP-ISSEP CBK. He has published articles in the CSI Journal, Alert Newsletter and presented at Raytheon symposiums, the CSI Conferences, and the International Biometric Conference. He is an active member of (ISC)2. Bob has a Master’s of Science in Computer Systems Management from the University of Maryland and is currently working on a Ph.D. at Nova Southeastern University. Gilbert Held graduated from Pennsylvania Military College with a B.S. in electrical engineering; he also has earned an MSEE degree from New York University and an MSTM and M.B.A. from The American University. He spent 27 years in the U.S. Army and retired as a Lieutenant Colonel. Gil was the Chief of Data Communications for the U.S. Post Office of Personal Management for 20 years. He also designed, acquired, and constructed the OPM’s Web presence and received the Directors Award for his efforts. Gil has written over 100 technical books that have exceeded over a million copies, over 500 technical articles on personal computing and data communications and business, and taught 14 different graduate level courses. He has also served as the Editor-in-Chief of the Wiley International journal of Network Management and was selected by the Vice President of the United States to represent the United States at the Jerusalem Conference on Information Technology. Mark J. Makowski, CISSP-ISSAP, is a security architect who has worked in IT for more than 29 years. A graduate of Lawrence Technological University, Mark began his career as a field engineer at Burrough’s Corporation in the early 1980s. In the mid-1990s, Mark began engineering tools to help secure UNIX servers for EDS customers. Since then, Mark has been responsible for developing security architectures across a broad range of technologies and industries. Currently, he is helping engineer enterprise services security offerings at a technology company operating in more than 170 countries around the globe. Mark, a member of the Motor City Chapter of ISSA, lives in the Detroit area. Kelley Okolita is a Principal Consultant and Director of Business Continuity and Disaster Recovery for Hanover Insurance in Rhode Island. She built a new contingency program that cost less than industry peers. Within the first year she also renegotiated a hostile vendor contract saving the firm $500,000 a year and reducing the recovery timeline by 80% for time sensitive applications and added business recovery capabilities. Kelley has also held key roles in Fidelity Investments as Director of Risk Management, where she was responsible for the recovery and business contingency efforts for roughly one third of the business operations and previously as Director of Corporate Contingency Planning. While in this role, Kelley spent 9 weeks in New Jersey supporting the recovery efforts of Fidelity New York operations from the events of September 11th. She joined Fidelity in 1976 and has more than 20 years of experience in disaster recovery and business contingency planning both from a data center perspective and the business perspective. Through the years she has supported a number of business recoveries, both large and small. Kelley is an MBCP (Master Business Continuity Planner) and is a member of the Board of Directors for Disaster Recovery Institute International. Sean M. Price, CISA, CISSP, is an independent security consultant and researcher living in northern Virginia. Over the last 15 years he has specialized in designing and evaluating organizational information assurance programs and system security architectures. His research interests include access control, insider threat, information flows, and applications of artificial intelligence to information assurance problems. Sean’s prior publications include book chapters for the Information Security Management Handbook series and the Official (ISC) 2Guide to the CISSP CBK. A number of his articles and papers have appeared in peer-reviewed journals and conferences proceedings. Industry publications include the IEEE Computer Magazine, ISSA Journal, IA newsletter, and ISACA J-Online. You can reach him at sean.price@sentinel-consulting.com.

Introduction
Access Control Systems and Methodologies; Sean Price
Cryptography; Alex Golod and Mark Makowski
Physical Security Integration; Paul Baker
Requirements Analysis and Security Standards and Guidelines Criteria; Robert Batie
Technology-Related Business Continuity Planning and Disaster Recovery Planning; Kelley Okolita
Telecommunications and Network Security; Gilbert Held
Answers to Sample Questions
Index