Isc 2 Sscp Systems Security Certified Practitioner Official Study - Guid

Read more

The only SSCP study guide officially approved by (ISC)2
 
The (ISC)2 Systems Security Certified Practitioner (SSCP) certification is a well-known vendor-neutral global IT security certification. The SSCP is designed to show that holders have the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures.
 
This comprehensive Official Study Guide--the only study guide officially approved by (ISC)2--covers all objectives of the seven SSCP domains.
* Security Operations and Administration
* Access Controls
* Risk Identification, Monitoring, and Analysis
* Incident Response and Recovery
* Cryptography
* Network and Communications Security
* Systems and Application Security
 
This updated Third Edition covers the SSCP exam objectives effective as of November 2021. Much of the new and more advanced knowledge expected of an SSCP is now covered in a new chapter "Cross-Domain Challenges." If you're an information security professional or student of cybersecurity looking to tackle one or more of the seven domains of the SSCP, this guide gets you prepared to pass the exam and enter the information security workforce with confidence.

List of contents

Introduction xxv
 
Assessment Test xlviii
 
Part I Getting Started as an SSCP 1
 
Chapter 1 The Business Case for Decision Assurance and Information Security 3
 
Information: The Lifeblood of Business 4
 
Policy, Procedure, and Process: How Business Gets Business Done 10
 
Who Runs the Business? 20
 
Summary 24
 
Exam Essentials 24
 
Review Questions 26
 
Chapter 2 Information Security Fundamentals 33
 
The Common Needs for Privacy, Confidentiality, Integrity, and Availability 34
 
Training and Educating Everybody 47
 
SSCPs and Professional Ethics 47
 
Summary 49
 
Exam Essentials 50
 
Review Questions 54
 
Part II Integrated Risk Management and Mitigation 61
 
Chapter 3 Integrated Information Risk Management 63
 
It's a Dangerous World 64
 
The Four Faces of Risk 75
 
Getting Integrated and Proactive with Information Defense 83
 
Risk Management: Concepts and Frameworks 89
 
Risk Assessment 95
 
Four Choices for Limiting or Containing Damage 107
 
Summary 114
 
Exam Essentials 114
 
Review Questions 120
 
Chapter 4 Operationalizing Risk Mitigation 127
 
From Tactical Planning to Information Security Operations 128
 
Operationalizing Risk Mitigation: Step by Step 134
 
The Ongoing Job of Keeping Your Baseline Secure 164
 
Ongoing, Continuous Monitoring 174
 
Reporting to and Engaging with Management 182
 
Summary 183
 
Exam Essentials 183
 
Review Questions 189
 
Part III The Technologies of Information Security 197
 
Chapter 5 Communications and Network Security 199
 
Trusting Our Communications in a Converged World 200
 
Internet Systems Concepts 206
 
Two Protocol Stacks, One Internet 218
 
Wireless Network Technologies 240
 
IP Addresses, DHCP, and Subnets 243
 
IPv4 vs. IPv6: Important Differences and Options 248
 
CIANA Layer by Layer 251
 
Securing Networks as Systems 262
 
Summary 273
 
Exam Essentials 273
 
Review Questions 280
 
Chapter 6 Identity and Access Control 285
 
Identity and Access: Two Sides of the Same CIANA+PS Coin 286
 
Identity Management Concepts 288
 
Access Control Concepts 295
 
Network Access Control 305
 
Implementing and Scaling IAM 310
 
User and Entity Behavior Analytics (UEBA) 329
 
Zero Trust Architectures 332
 
Summary 333
 
Exam Essentials 334
 
Review Questions 343
 
Chapter 7 Cryptography 349
 
Cryptography: What and Why 350
 
Building Blocks of Digital Cryptographic Systems 358
 
Keys and Key Management 367
 
"Why Isn't All of This Stuff Secret?" 373
 
Cryptography and CIANA+PS 375
 
Public Key Infrastructures 381
 
Applying Cryptography to Meet Different Needs 399
 
Managing Cryptographic Assets and Systems 405
 
Measures of Merit for Cryptographic Solutions 407
 
Attacks and Countermeasures 408
 
PKI and Trust: A Recap 418
 
On the Near Horizon 420
 
Summary 423
 
Exam Essentials 424
 
Review Questions 429
 
Chapter 8 Hardware and Systems Security 435
 
Infrastructure Security Is Baseline Management 437
 
Securing the Physical Context 442
 
Infrastructures 101 and Threat Modeling 444
 
Endpoint Security 457
 
Malware: Exploiting the Infrastructure's Vulnerabilities 462
 
Privacy and Secur

About the author

ABOUT THE AUTHOR
Michael S. Wills, SSCP, CISSP, CAMS, is Assistant Professor of Applied Information Technologies in the College of Business at the Embry-Riddle Aeronautical University's Worldwide Campus. He has many years of experience designing, building, and operating cutting-edge secure systems, and wrote (ISC)²'s official training courses for both the SSCP and CISSP. He is also the creator of ERAU's Master of Science in Information Security and Assurance degree program.