The tables of contents are arranged to correspond to the 10 domains of the certification examination. Some chapters examine specific Common Body of Knowledge (CBK) topics in each domain. Domain 1 discusses access control issues and methodology. Access control involves all of the mechanisms used to ensure that only specifically authorized persons are allowed to use or access a system. Domain 2 discusses telecommunications and network security, including network security and Internet, intranet, and extranet security. It involves ensuring integrity and confidentiality of information transmitted via telecommunications media and the availability of the telecommunications media itself. Domain 3 examines security management practices, including policies and guidelines, information classification, security awareness training, organization architecture, and risk management. Domain 4 explores applications and systems development security, focusing on application security. Domain 5 examines cryptography, focusing on crypto technology and implementations from the basic to the latest. Domain 6 discusses security architecture and models. Domain 7 explores operations security, including operator and system administrator privileges, and the protection of computing resources. Domain 8 examines business continuity planning and disaster recovery planning. Domain 9 discusses law, investigations, and ethics. Domain 10 focuses on physical security, involving the provision of a safe environment for information processing activities, and preventing unauthorized physical and technical access to computing equipment. Index