Official (Isc)2 Sscp Cbk Reference

Read more

The only official body of knowledge for SSCP--(ISC)2's popular credential for hands-on security professionals--fully revised and updated 2021 SSCP Exam Outline.
 
Systems Security Certified Practitioner (SSCP) is an elite, hands-on cybersecurity certification that validates the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures. SSCP certification--fully compliant with U.S. Department of Defense Directive 8140 and 8570 requirements--is valued throughout the IT security industry. The Official (ISC)2 SSCP CBK Reference is the only official Common Body of Knowledge (CBK) available for SSCP-level practitioners, exclusively from (ISC)2, the global leader in cybersecurity certification and training.
 
This authoritative volume contains essential knowledge practitioners require on a regular basis. Accurate, up-to-date chapters provide in-depth coverage of the seven SSCP domains: Security Operations and Administration; Access Controls; Risk Identification, Monitoring and Analysis; Incident Response and Recovery; Cryptography; Network and Communications Security; and Systems and Application Security.
 
Designed to serve as a reference for information security professionals throughout their careers, this indispensable (ISC)2 guide:
* Provides comprehensive coverage of the latest domains and objectives of the SSCP
* Helps better secure critical assets in their organizations
* Serves as a complement to the SSCP Study Guide for certification candidates
 
The Official (ISC)2 SSCP CBK Reference is an essential resource for SSCP-level professionals, SSCP candidates and other practitioners involved in cybersecurity.

List of contents

Foreword xxiii
 
Introduction xxv
 
Chapter 1: Security Operations and Administration 1
 
Comply with Codes of Ethics 2
 
Understand, Adhere to, and Promote Professional Ethics 3
 
(ISC)2 Code of Ethics 4
 
Organizational Code of Ethics 5
 
Understand Security Concepts 6
 
Conceptual Models for Information Security 7
 
Confidentiality 8
 
Integrity 15
 
Availability 17
 
Accountability 18
 
Privacy 18
 
Nonrepudiation 26
 
Authentication 27
 
Safety 28
 
Fundamental Security Control Principles 29
 
Access Control and Need-to-Know 34
 
Job Rotation and Privilege Creep 35
 
Document, Implement, and Maintain Functional Security Controls 37
 
Deterrent Controls 37
 
Preventative Controls 39
 
Detective Controls 39
 
Corrective Controls 40
 
Compensating Controls 41
 
The Lifecycle of a Control 42
 
Participate in Asset Management 43
 
Asset Inventory 44
 
Lifecycle (Hardware, Software, and Data) 47
 
Hardware Inventory 48
 
Software Inventory and Licensing 49
 
Data Storage 50
 
Implement Security Controls and Assess Compliance 56
 
Technical Controls 57
 
Physical Controls 58
 
Administrative Controls 61
 
Periodic Audit and Review 64
 
Participate in Change Management 66
 
Execute Change Management Process 68
 
Identify Security Impact 70
 
Testing/Implementing Patches, Fixes, and Updates 70
 
Participate in Security Awareness and Training 71
 
Security Awareness Overview 72
 
Competency as the Criterion 73
 
Build a Security Culture, One Awareness Step at a Time 73
 
Participate in Physical Security Operations 74
 
Physical Access Control 74
 
The Data Center 78
 
Service Level Agreements 79
 
Summary 82
 
Chapter 2: Access Controls 83
 
Access Control Concepts 85
 
Subjects and Objects 86
 
Privileges: What Subjects Can Do with Objects 88
 
Data Classification, Categorization, and Access Control 89
 
Access Control via Formal Security Models 91
 
Implement and Maintain Authentication Methods 94
 
Single-Factor/Multifactor Authentication 95
 
Accountability 114
 
Single Sign-On 116
 
Device Authentication 117
 
Federated Access 118
 
Support Internetwork Trust Architectures 120
 
Trust Relationships (One-Way, Two-Way, Transitive) 121
 
Extranet 122
 
Third-Party Connections 123
 
Zero Trust Architectures 124
 
Participate in the Identity Management Lifecycle 125
 
Authorization 126
 
Proofing 127
 
Provisioning/Deprovisioning 128
 
Identity and Access Maintenance 130
 
Entitlement 134
 
Identity and Access Management Systems 137
 
Implement Access Controls 140
 
Mandatory vs. Discretionary Access Control 141
 
Role-Based 142
 
Attribute-Based 143
 
Subject-Based 144
 
Object-Based 144
 
Summary 145
 
Chapter 3: Risk Identification, Monitoring, And Analysis 147
 
Defeating the Kill Chain One Skirmish at a Time 148
 
Kill Chains: Reviewing the Basics 151
 
Events vs. Incidents 155
 
Understand the Risk Management Process 156
 
Risk Visibility and Reporting 159
 
Risk Management Concepts 165
 
Risk Management Frameworks 185
 
Risk Treatment 195
 
Pe

Summary

The only official body of knowledge for SSCP--(ISC)2's popular credential for hands-on security professionals--fully revised and updated 2021 SSCP Exam Outline.

Systems Security Certified Practitioner (SSCP) is an elite, hands-on cybersecurity certification that validates the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures. SSCP certification--fully compliant with U.S. Department of Defense Directive 8140 and 8570 requirements--is valued throughout the IT security industry. The Official (ISC)2 SSCP CBK Reference is the only official Common Body of Knowledge (CBK) available for SSCP-level practitioners, exclusively from (ISC)2, the global leader in cybersecurity certification and training.

This authoritative volume contains essential knowledge practitioners require on a regular basis. Accurate, up-to-date chapters provide in-depth coverage of the seven SSCP domains: Security Operations and Administration; Access Controls; Risk Identification, Monitoring and Analysis; Incident Response and Recovery; Cryptography; Network and Communications Security; and Systems and Application Security.

Designed to serve as a reference for information security professionals throughout their careers, this indispensable (ISC)2 guide:
* Provides comprehensive coverage of the latest domains and objectives of the SSCP
* Helps better secure critical assets in their organizations
* Serves as a complement to the SSCP Study Guide for certification candidates

The Official (ISC)2 SSCP CBK Reference is an essential resource for SSCP-level professionals, SSCP candidates and other practitioners involved in cybersecurity.