Mike Wills

The Official (ISC)2 SSCP CBK Reference (eBook, PDF)

• Format: PDF

Produktbeschreibung

The only official body of knowledge for SSCP-(ISC)2's popular credential for hands-on security professionals-fully revised and updated 2021 SSCP Exam Outline.

Systems Security Certified Practitioner (SSCP) is an elite, hands-on cybersecurity certification that validates the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures. SSCP certification-fully compliant with U.S. Department of Defense Directive 8140 and 8570 requirements-is valued throughout the IT security industry. The Official (ISC)2 SSCP CBK Reference is the only official Common Body of Knowledge (CBK) available for SSCP-level practitioners, exclusively from (ISC)2, the global leader in cybersecurity certification and training.

This authoritative volume contains essential knowledge practitioners require on a regular basis. Accurate, up-to-date chapters provide in-depth coverage of the seven SSCP domains: Security Operations and Administration; Access Controls; Risk Identification, Monitoring and Analysis; Incident Response and Recovery; Cryptography; Network and Communications Security; and Systems and Application Security.

Designed to serve as a reference for information security professionals throughout their careers, this indispensable (ISC)2 guide:

• Provides comprehensive coverage of the latest domains and objectives of the SSCP
• Helps better secure critical assets in their organizations
• Serves as a complement to the SSCP Study Guide for certification candidates

The Official (ISC)2 SSCP CBK Reference is an essential resource for SSCP-level professionals, SSCP candidates and other practitioners involved in cybersecurity.

---

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in D ausgeliefert werden.

Produktdetails

• Verlag: Wiley-Blackwell
• Erscheinungstermin: 23. Februar 2022
• Englisch
• ISBN-13: 9781119874881
• Artikelnr.: 67399163

Inhaltsangabe

Foreword xxiii

Introduction xxv

Chapter 1: Security Operations and Administration 1

Comply with Codes of Ethics 2

Understand, Adhere to, and Promote Professional Ethics 3

(ISC)2 Code of Ethics 4

Organizational Code of Ethics 5

Understand Security Concepts 6

Conceptual Models for Information Security 7

Confidentiality 8

Integrity 15

Availability 17

Accountability 18

Privacy 18

Nonrepudiation 26

Authentication 27

Safety 28

Fundamental Security Control Principles 29

Access Control and Need-to-Know 34

Job Rotation and Privilege Creep 35

Document, Implement, and Maintain Functional Security Controls 37

Deterrent Controls 37

Preventative Controls 39

Detective Controls 39

Corrective Controls 40

Compensating Controls 41

The Lifecycle of a Control 42

Participate in Asset Management 43

Asset Inventory 44

Lifecycle (Hardware, Software, and Data) 47

Hardware Inventory 48

Software Inventory and Licensing 49

Data Storage 50

Implement Security Controls and Assess Compliance 56

Technical Controls 57

Physical Controls 58

Administrative Controls 61

Periodic Audit and Review 64

Participate in Change Management 66

Execute Change Management Process 68

Identify Security Impact 70

Testing/Implementing Patches, Fixes, and Updates 70

Participate in Security Awareness and Training 71

Security Awareness Overview 72

Competency as the Criterion 73

Build a Security Culture, One Awareness Step at a Time 73

Participate in Physical Security Operations 74

Physical Access Control 74

The Data Center 78

Service Level Agreements 79

Summary 82

Chapter 2: Access Controls 83

Access Control Concepts 85

Subjects and Objects 86

Privileges: What Subjects Can Do with Objects 88

Data Classification, Categorization, and Access Control 89

Access Control via Formal Security Models 91

Implement and Maintain Authentication Methods 94

Single-Factor/Multifactor Authentication 95

Accountability 114

Single Sign-On 116

Device Authentication 117

Federated Access 118

Support Internetwork Trust Architectures 120

Trust Relationships (One-Way, Two-Way, Transitive) 121

Extranet 122

Third-Party Connections 123

Zero Trust Architectures 124

Participate in the Identity Management Lifecycle 125

Authorization 126

Proofing 127

Provisioning/Deprovisioning 128

Identity and Access Maintenance 130

Entitlement 134

Identity and Access Management Systems 137

Implement Access Controls 140

Mandatory vs. Discretionary Access Control 141

Role-Based 142

Attribute-Based 143

Subject-Based 144

Object-Based 144

Summary 145

Chapter 3: Risk Identification, Monitoring, And Analysis 147

Defeating the Kill Chain One Skirmish at a Time 148

Kill Chains: Reviewing the Basics 151

Events vs. Incidents 155

Understand the Risk Management Process 156

Risk Visibility and Reporting 159

Risk Management Concepts 165

Risk Management Frameworks 185

Risk Treatment 195

Pe