product iamge

The Official (ISC)2 SSCP CBK Reference

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

The only official body of knowledge for SSCP—(ISC)2’s popular credential for hands-on security professionals—fully revised and updated 2021 SSCP Exam Outline. Systems Security Certified Practitioner (SSCP) is an elite, hands-on cybersecurity certification that validates the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures. SSCP certification—fully compliant with U.S. Department of Defense Directive 8140 and 8570 requirements—is valued throughout the IT security industry. The Official (ISC)2 SSCP CBK Reference is the only official Common Body of Knowledge (CBK) available for SSCP-level practitioners, exclusively from (ISC)2, the global leader in cybersecurity certification and training. This authoritative volume contains essential knowledge practitioners require on a regular basis. Accurate, up-to-date chapters provide in-depth coverage of the seven SSCP domains: Security Operations and Administration; Access Controls; Risk Identification, Monitoring and Analysis; Incident Response and Recovery; Cryptography; Network and Communications Security; and Systems and Application Security. Designed to serve as a reference for information security professionals throughout their careers, this indispensable (ISC)2 guide: - Provides comprehensive coverage of the latest domains and objectives of the SSCP - Helps better secure critical assets in their organizations - Serves as a complement to the SSCP Study Guide for certification candidates The Official (ISC)2 SSCP CBK Reference is an essential resource for SSCP-level professionals, SSCP candidates and other practitioners involved in cybersecurity.

Author(s): Michael Wills
Edition: 6
Publisher: Sybex
Year: 2022

Language: English
Pages: 832

Title Page
Copyright
Acknowledgments
About the Author
About the Technical Editor
Foreword

Introduction
ABOUT THIS BOOK
WHERE DO YOU GO FROM HERE?
LET'S GET STARTED!
HOW TO CONTACT THE PUBLISHER

CHAPTER 1: Security Operations and Administration
COMPLY WITH CODES OF ETHICS
UNDERSTAND SECURITY CONCEPTS
DOCUMENT, IMPLEMENT, AND MAINTAIN FUNCTIONAL SECURITY CONTROLS
PARTICIPATE IN ASSET MANAGEMENT
IMPLEMENT SECURITY CONTROLS AND ASSESS COMPLIANCE
PARTICIPATE IN CHANGE MANAGEMENT
PARTICIPATE IN SECURITY AWARENESS AND TRAINING
PARTICIPATE IN PHYSICAL SECURITY OPERATIONS
SUMMARY

CHAPTER 2: Access Controls
ACCESS CONTROL CONCEPTS
IMPLEMENT AND MAINTAIN AUTHENTICATION METHODS
SUPPORT INTERNETWORK TRUST ARCHITECTURES
PARTICIPATE IN THE IDENTITY MANAGEMENT LIFECYCLE
IMPLEMENT ACCESS CONTROLS
SUMMARY

CHAPTER 3: Risk Identification, Monitoring, and Analysis
DEFEATING THE KILL CHAIN ONE SKIRMISH AT A TIME
UNDERSTAND THE RISK MANAGEMENT PROCESS
PERFORM SECURITY ASSESSMENT ACTIVITIES
OPERATE AND MAINTAIN MONITORING SYSTEMS
ANALYZE MONITORING RESULTS
SUMMARY

CHAPTER 4: Incident Response and Recovery
SUPPORT THE INCIDENT LIFECYCLE
UNDERSTAND AND SUPPORT FORENSIC INVESTIGATIONS
UNDERSTAND AND SUPPORT BUSINESS CONTINUITY PLAN AND DISASTER RECOVERY PLAN ACTIVITIES
CIANA+PS AT LAYER 8 AND ABOVE
SUMMARY

CHAPTER 5: Cryptography
UNDERSTAND FUNDAMENTAL CONCEPTS OF CRYPTOGRAPHY
CRYPTOGRAPHIC ATTACKS, CRYPTANALYSIS, AND COUNTERMEASURES
UNDERSTAND THE REASONS AND REQUIREMENTS FOR CRYPTOGRAPHY
UNDERSTAND AND SUPPORT SECURE PROTOCOLS
UNDERSTAND PUBLIC KEY INFRASTRUCTURE SYSTEMS
SUMMARY

CHAPTER 6: Network and Communications Security
UNDERSTAND AND APPLY FUNDAMENTAL CONCEPTS OF NETWORKING
IPV4 ADDRESSES, DHCP, AND SUBNETS
IPV4 VS. IPV6: KEY DIFFERENCES AND OPTIONS
UNDERSTAND NETWORK ATTACKS AND COUNTERMEASURES
MANAGE NETWORK ACCESS CONTROLS
MANAGE NETWORK SECURITY
OPERATE AND CONFIGURE NETWORK-BASED SECURITY DEVICES
OPERATE AND CONFIGURE WIRELESS TECHNOLOGIES
SUMMARY

CHAPTER 7: Systems and Application Security
SYSTEMS AND SOFTWARE INSECURITY
INFORMATION SECURITY = INFORMATION QUALITY + INFORMATION INTEGRITY
IDENTIFY AND ANALYZE MALICIOUS CODE AND ACTIVITY
IMPLEMENT AND OPERATE ENDPOINT DEVICE SECURITY
OPERATE AND CONFIGURE CLOUD SECURITY
OPERATE AND SECURE VIRTUAL ENVIRONMENTS
SUMMARY

Appendix: Cross-Domain Challenges
PARADIGM SHIFTS IN INFORMATION SECURITY?
PIVOT 1: TURN THE ATTACKERS' PLAYBOOKS AGAINST THEM
PIVOT 2: CYBERSECURITY HYGIENE: THINK SMALL, ACT SMALL
PIVOT 3: FLIP THE “DATA-DRIVEN VALUE FUNCTION”
PIVOT 4: OPERATIONALIZE SECURITY ACROSS THE IMMEDIATE AND LONGER TERM
PIVOT 5: ZERO-TRUST ARCHITECTURES AND OPERATIONS
OTHER DANGERS ON THE WEB AND NET
CURIOSITY AS COUNTERMEASURE
Index