Candidates for the CISSP-ISSAP professional certification need to not only demonstrate a thorough understanding of the six domains of the ISSAP CBK, but also need to have the ability to apply this in-depth knowledge to develop a detailed security architecture. Supplying an authoritative review of the key concepts and requirements of the ISSAP CBK, the Official (ISC)2® Guide to the ISSAP® CBK®,Second Edition provides the practical understanding required to implement the latest security protocols to improve productivity, profitability, security, and efficiency. Encompassing all of the knowledge elements needed to create secure architectures, the text covers the six domains: Access Control Systems and Methodology, Communications and Network Security, Cryptology, Security Architecture Analysis, BCP/DRP, and Physical Security Considerations. Newly Enhanced Design – This Guide Has It All!

• Only guide endorsed by (ISC)2
• Most up-to-date CISSP-ISSAP CBK
• Evolving terminology and changing requirements for security professionals
• Practical examples that illustrate how to apply concepts in real-life situations
• Chapter outlines and objectives
• Review questions and answers
• References to free study resources

Read It. Study It. Refer to It Often.Build your knowledge and improve your chance of achieving certification the first time around. Endorsed by (ISC)2 and compiled and reviewed by CISSP-ISSAPs and (ISC)2 members, this book provides unrivaled preparation for the certification exam and is a reference that will serve you well into your career. Earning your ISSAP is a deserving achievement that gives you a competitive advantage and makes you a member of an elite network of professionals worldwide.

Application vulnerabilities continue to top the list of cyber security concerns. While attackers and researchers continue to expose new application vulnerabilities, the most common application flaws are previous, rediscovered threats. For example, SQL injection and cross-site scripting (XSS) have appeared on the Open Web Application Security Project (OWASP) Top 10 list year after year over the past decade. This high volume of known application vulnerabilities suggests that many development teams do not have the security resources needed to address all potential security flaws and a clear shortage of qualified professionals with application security skills exists. Without action, this soft underbelly of business and governmental entities has and will continue to be exposed with serious consequences―data breaches, disrupted operations, lost business, brand damage, and regulatory fines. This is why it is essential for software professionals to stay current on the latest advances in software development and the new security threats they create. Recognized as one of the best application security tools available for professionals involved in software development, the Official (ISC)2® Guide to the CSSLP® CBK®, Second Edition, is both up-to-date and relevant, reflecting the latest developments in this ever-changing field and providing an intuitive approach to the CSSLP Common Body of Knowledge (CBK). It provides a robust and comprehensive study of the 8 domains of the CBK, covering everything from ensuring software security requirements are included in the software design phase to programming concepts that can effectively protect software from vulnerabilities to addressing issues pertaining to proper testing of software for security, and implementing industry standards and practices to provide a high level of assurance that the supply chain is secure―both up-stream. The book discusses the issues facing software professionals today, such as mobile app development, developing in the cloud, software supply chain risk management, and more. Numerous illustrated examples and practical exercises are included in this book to help the reader understand the concepts within the CBK and to enable them to apply these concepts in real-life situations. Endorsed by (ISC)2 and written and reviewed by CSSLPs and other (ISC)2 members, this book serves as an unrivaled study tool for the certification exam and an invaluable career reference. Earning your CSSLP is an esteemed achievement that validates your efforts in security leadership to help your organization build resilient software capable of combating the security threats of today and tomorrow.

A framework for formalizing risk management thinking in today¿s complex business environmentSecurity Risk Management Body of Knowledge details the security risk management process in a format that can easily be applied by executive managers and security risk management practitioners. Integrating knowledge, competencies, methodologies, and applications, it demonstrates how to document and incorporate best-practice concepts from a range of complementary disciplines.Developed to align with International Standards for Risk Management such as ISO 31000 it enables professionals to apply security risk management (SRM) principles to specific areas of practice. Guidelines are provided for: Access Management; Business Continuity and Resilience; Command, Control, and Communications; Consequence Management and Business Continuity Management; Counter-Terrorism; Crime Prevention through Environmental Design; Crisis Management; Environmental Security; Events and Mass Gatherings; Executive Protection; Explosives and Bomb Threats; Home-Based Work; Human Rights and Security; Implementing Security Risk Management; Intellectual Property Protection; Intelligence Approach to SRM; Investigations and Root Cause Analysis; Maritime Security and Piracy; Mass Transport Security; Organizational Structure; Pandemics; Personal Protective Practices; Psych-ology of Security; Red Teaming and Scenario Modeling; Resilience and Critical Infrastructure Protection; Asset-, Function-, Project-, and Enterprise-Based Security Risk Assessment; Security Specifications and Postures; Security Training; Supply Chain Security; Transnational Security; and Travel Security.

NCMA is proud to announce the publication of the Sixth Edition of the Contract Management Body of Knowledge (CMBOK). This update is driven by the changes in the Contract Management Standard Publication (CMS) Second Edition, which serves as the CMBOK’s foundation. The CMBOK Sixth Edition provides a common understanding of the terminology, practices, policies, and processes used in contract management. Primary CMBOK Adjustments. CMBOK 6 includes the following primary adjustments (see the full text of each change on the following pages): Updated the Annex to include the new ANSI-accredited CMS (ANSI/NCMA ASD 1-2019) (Page 2). Revised the CMBOK terms and definitions to match those found in the new CMS (Page 2). Added a section for the new CMS Guiding Principle—1.7 Communication and Documentation (see 3.7) (Page 4). Removed “2.4.2.3 Risk Sharing through Contract Types” and blended it into “4.1.2 Contract Types” (Page 5).

The Data Management Body of Knowledge (DAMA-DMBOK2) presents a comprehensive view of the challenges, complexities, and value of effective data management. Today's organizations recognize that managing data is central to their success. They recognize data has value and they want to leverage that value. As our ability and desire to create and exploit data has increased, so too has the need for reliable data management practices. The second edition of DAMA International's Guide to the Data Management Body of Knowledge (DAMA-DMBOK2) updates and augments the highly successful DMBOK1. An accessible, authoritative reference book written by leading thinkers in the field and extensively reviewed by DAMA members, DMBOK2 brings together materials that comprehensively describe the challenges of data management and how to meet them by:

• Defining a set of guiding principles for data management and describing how these principles can be applied within data management functional areas.
• Providing a functional framework for the implementation of enterprise data management practices; including widely adopted practices, methods and techniques, functions, roles, deliverables and metrics.
• Establishing a common vocabulary for data management concepts and serving as the basis for best practices for data management professionals.

DAMA-DMBOK2 provides data management and IT professionals, executives, knowledge workers, educators, and researchers with a framework to manage their data and mature their information infrastructure, based on these principles:

• Data is an asset with unique properties
• The value of data can be and should be expressed in economic terms
• Managing data means managing the quality of data
• It takes metadata to manage data
• It takes planning to manage data
• Data management is cross-functional and requires a range of skills and expertise
• Data management requires an enterprise perspective
• Data management must account for a range of perspectives
• Data management is data lifecycle management
• Different types of data have different lifecycle requirements
• Managing data includes managing risks associated with data
• Data management requirements must drive information technology decisions
• Effective data management requires leadership commitment

Chapters include:

• Data Management
• Data Handling Ethics
• Data Governance
• Data Architecture
• Data Modeling and Design
• Data Storage and Operations
• Data Security
• Data Integration and Interoperability
• Document and Content Management
• Reference and Master Data
• Data Warehousing and Business Intelligence
• Metadata Management
• Data Quality Management
• Big Data and Data Science
• Data Management Maturity Assessment
• Data Management Organization and Role Expectations
• Data Management and Organizational Change Management

Standardization of data management disciplines will help data management professionals perform more effectively and consistently. It will also enable organizational leaders to recognize the value and contributions of data management activities.

The Management Body of Knowledge is the American Management Association’s flagship publication that sets the bar in management excellence. It outlines the right mix of knowledge, skills and abilities needed for managers to succeed in today’s complex work environment. This resource guide provides the tools and key competencies managers need to excel in management and prosper in today’s market. Mastering the best practices outlined in this book will ensure you have a foundational set of skills to succeed as a Manager.