Details

(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide


(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide


3. Aufl.

von: Mike Wills

38,99 €

Verlag: Wiley
Format: EPUB
Veröffentl.: 07.01.2022
ISBN/EAN: 9781119854999
Sprache: englisch
Anzahl Seiten: 816

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p><b>The only SSCP study guide officially approved by (ISC)2</b></p> <p>The (ISC)2 Systems Security Certified Practitioner (SSCP) certification is a well-known vendor-neutral global IT security certification. The SSCP is designed to show that holders have the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures.</p> <p>This comprehensive Official Study Guide—the only study guide officially approved by (ISC)2—covers all objectives of the seven SSCP domains.</p> <ul> <li>Security Operations and Administration</li> <li>Access Controls</li> <li>Risk Identification, Monitoring, and Analysis</li> <li>Incident Response and Recovery</li> <li>Cryptography</li> <li>Network and Communications Security</li> <li>Systems and Application Security</li> </ul> <p>This updated <i>Third Edition</i> covers the SSCP exam objectives effective as of November 2021. Much of the new and more advanced knowledge expected of an SSCP is now covered in a new chapter "Cross-Domain Challenges." If you're an information security professional or student of cybersecurity looking to tackle one or more of the seven domains of the SSCP, this guide gets you prepared to pass the exam and enter the information security workforce with confidence.</p>
<p>Introduction xxv</p> <p>Assessment Test xlviii</p> <p><b>Part I Getting Started as an SSCP 1</b></p> <p><b>Chapter 1 The Business Case for Decision Assurance and Information Security 3</b></p> <p>Information: The Lifeblood of Business 4</p> <p>Policy, Procedure, and Process: How Business Gets Business Done 10</p> <p>Who Runs the Business? 20</p> <p>Summary 24</p> <p>Exam Essentials 24</p> <p>Review Questions 26</p> <p><b>Chapter 2 Information Security Fundamentals 33</b></p> <p>The Common Needs for Privacy, Confidentiality, Integrity, and Availability 34</p> <p>Training and Educating Everybody 47</p> <p>SSCPs and Professional Ethics 47</p> <p>Summary 49</p> <p>Exam Essentials 50</p> <p>Review Questions 54</p> <p><b>Part II Integrated Risk Management and Mitigation 61</b></p> <p><b>Chapter 3 Integrated Information Risk Management 63</b></p> <p>It’s a Dangerous World 64</p> <p>The Four Faces of Risk 75</p> <p>Getting Integrated and Proactive with Information Defense 83</p> <p>Risk Management: Concepts and Frameworks 89</p> <p>Risk Assessment 95</p> <p>Four Choices for Limiting or Containing Damage 107</p> <p>Summary 114</p> <p>Exam Essentials 114</p> <p>Review Questions 120</p> <p><b>Chapter 4 Operationalizing Risk Mitigation 127</b></p> <p>From Tactical Planning to Information Security Operations 128</p> <p>Operationalizing Risk Mitigation: Step by Step 134</p> <p>The Ongoing Job of Keeping Your Baseline Secure 164</p> <p>Ongoing, Continuous Monitoring 174</p> <p>Reporting to and Engaging with Management 182</p> <p>Summary 183</p> <p>Exam Essentials 183</p> <p>Review Questions 189</p> <p><b>Part III The Technologies of Information Security 197</b></p> <p><b>Chapter 5 Communications and Network Security 199</b></p> <p>Trusting Our Communications in a Converged World 200</p> <p>Internet Systems Concepts 206</p> <p>Two Protocol Stacks, One Internet 218</p> <p>Wireless Network Technologies 240</p> <p>IP Addresses, DHCP, and Subnets 243</p> <p>IPv4 vs. IPv6: Important Differences and Options 248</p> <p>CIANA Layer by Layer 251</p> <p>Securing Networks as Systems 262</p> <p>Summary 273</p> <p>Exam Essentials 273</p> <p>Review Questions 280</p> <p><b>Chapter 6 Identity and Access Control 285</b></p> <p>Identity and Access: Two Sides of the Same CIANA+PS Coin 286</p> <p>Identity Management Concepts 288</p> <p>Access Control Concepts 295</p> <p>Network Access Control 305</p> <p>Implementing and Scaling IAM 310</p> <p>User and Entity Behavior Analytics (UEBA) 329</p> <p>Zero Trust Architectures 332</p> <p>Summary 333</p> <p>Exam Essentials 334</p> <p>Review Questions 343</p> <p><b>Chapter 7 Cryptography 349</b></p> <p>Cryptography: What and Why 350</p> <p>Building Blocks of Digital Cryptographic Systems 358</p> <p>Keys and Key Management 367</p> <p>“Why Isn’t All of This Stuff Secret?” 373</p> <p>Cryptography and CIANA+PS 375</p> <p>Public Key Infrastructures 381</p> <p>Applying Cryptography to Meet Different Needs 399</p> <p>Managing Cryptographic Assets and Systems 405</p> <p>Measures of Merit for Cryptographic Solutions 407</p> <p>Attacks and Countermeasures 408</p> <p>PKI and Trust: A Recap 418</p> <p>On the Near Horizon 420</p> <p>Summary 423</p> <p>Exam Essentials 424</p> <p>Review Questions 429</p> <p><b>Chapter 8 Hardware and Systems Security 435</b></p> <p>Infrastructure Security Is Baseline Management 437</p> <p>Securing the Physical Context 442</p> <p>Infrastructures 101 and Threat Modeling 444</p> <p>Endpoint Security 457</p> <p>Malware: Exploiting the Infrastructure’s Vulnerabilities 462</p> <p>Privacy and Secure Browsing 466</p> <p>“The Sin of Aggregation” 469</p> <p>Updating the Threat Model 469</p> <p>Managing Your Systems’ Security 470</p> <p>Summary 471</p> <p>Exam Essentials 472</p> <p>Review Questions 478</p> <p><b>Chapter 9 Applications, Data, and Cloud Security 483</b></p> <p>It’s a Data-Driven World…At the Endpoint 484</p> <p>Software as Appliances 487</p> <p>Applications Lifecycles and Security 490</p> <p>CIANA+PS and Applications Software Requirements 498</p> <p>Application Vulnerabilities 504</p> <p>“Shadow IT:” The Dilemma of the User as Builder 507</p> <p>Information Quality and Information Assurance 511</p> <p>Protecting Data in Motion, in Use, and at Rest 514</p> <p>Into the Clouds: Endpoint App and Data Security Considerations 522</p> <p>Legal and Regulatory Issues 533</p> <p>Countermeasures: Keeping Your Apps and Data Safe and Secure 535</p> <p>Summary 536</p> <p>Exam Essentials 537</p> <p>Review Questions 548</p> <p><b>Part IV People Power: What Makes or Breaks Information Security 555</b></p> <p><b>Chapter 10 Incident Response and Recovery 557</b></p> <p>Defeating the Kill Chain One Skirmish at a Time 558</p> <p>Harsh Realities of Real Incidents 564</p> <p>Incident Response Framework 566</p> <p>Preparation 571</p> <p>Detection and Analysis 578</p> <p>Containment and Eradication 584</p> <p>Recovery: Getting Back to Business 587</p> <p>Post-Incident Activities 590</p> <p> </p> <p>Summary 594</p> <p>Exam Essentials 595</p> <p>Review Questions 601</p> <p><b>Chapter 11 Business Continuity via Information Security and People Power 607</b></p> <p>What Is a Disaster? 608</p> <p>Surviving to Operate: Plan for It! 609</p> <p>Timelines for BC/DR Planning and Action 615</p> <p>Options for Recovery 617</p> <p>Cloud- Based “Do- Over” Buttons for Continuity, Security, and Resilience 623</p> <p>People Power for BC/DR 626</p> <p>Security Assessment: For BC/DR and Compliance 633</p> <p>Converged Communications: Keeping Them Secure During BC/DR Actions 634</p> <p>Summary 637</p> <p>Exam Essentials 637</p> <p>Review Questions 641</p> <p><b>Chapter 12 Cross-Domain Challenges 647</b></p> <p>Operationalizing Security Across the Immediate and Longer Term 648</p> <p>Supply Chains, Security, and the SSCP 657</p> <p>Other Dangers on the Web and Net 662</p> <p>On Our Way to the Future 666</p> <p>Enduring Lessons 672</p> <p>Your Next Steps 677</p> <p>At the Close 678</p> <p>Exam Essentials 678</p> <p>Review Questions 683</p> <p>Appendix Answers to Review Questions 689</p> <p>Chapter 1: The Business Case for Decision Assurance and Information Security 690</p> <p>Chapter 2: Information Security Fundamentals 693</p> <p>Chapter 3: Integrated Information Risk Management 695</p> <p>Chapter 4: Operationalizing Risk Mitigation 698</p> <p>Chapter 5: Communications and Network Security 701</p> <p>Chapter 6: Identity and Access Control 704</p> <p>Chapter 7: Cryptography 707</p> <p>Chapter 8: Hardware and Systems Security 709</p> <p>Chapter 9: Applications, Data, and Cloud Security 712</p> <p>Chapter 10: Incident Response and Recovery 715</p> <p>Chapter 11: Business Continuity via Information Security and People Power 718</p> <p>Chapter 12: Cross- Domain Challenges 722<br /> Index 727</p>
<p><b>ABOUT THE AUTHOR</b></p> <p><b>Michael S. Wills, SSCP, CISSP, CAMS,</b> is Assistant Professor of Applied Information Technologies in the College of Business at the Embry-Riddle Aeronautical University’s Worldwide Campus. He has many years of experience designing, building, and operating cutting-edge secure systems, and wrote (ISC)<sup>2</sup>’s official training courses for both the SSCP and CISSP. He is also the creator of ERAU’s Master of Science in Information Security and Assurance degree program.
<p><b>Your complete guide to preparing for the SSCP exam</b></p> <p>The Third Edition of the (ISC)<sup>2</sup> SSCP Systems Security Certified Practitioner Official Study Guide is your one-stop resource for complete coverage of the challenging SSCP exam. This self-paced Sybex Study Guide covers 100% of the SSCP domain competencies and offers the knowledge you’ll need to help organizations protect their data throughout their systems from today’s complex cyber attacks. New and expanded coverage for 2021 and beyond includes IoT, SCADA, and ICS security issues, Zero Trust, Access Controls, and App and Data security. It prepares students and professionals for the SSCP exam with assessment tests that validate exam readiness, objective maps, real-world scenarios, practical exercises, and challenging chapter review questions. You’ll also get cross-device access to the online Sybex learning environment. After the exam, the book serves as a great on-the-job reference. <p><b>Coverage of 100% of all exam objectives in this Study Guide means you’ll be ready for:</b> <ul><li>Security Operations and Administration</li> <li>Access Controls</li> <li>Risk Identification, Monitoring, and Analysis</li> <li>Incident Response and Recovery</li> <li>Cryptography</li> <li>Network and Communications Security</li> <li>Systems and Application Security</li></ul> <p><b>Interactive learning environment</b> <p>Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, register your book to receive your unique PIN, and instantly gain one year of FREE access after activation to: <ul><b><li>Interactive test bank with 2 practice exams to help you identify areas where further review is needed. Get more than 90% of the answers correct, and you???re ready to take the certification exam. </li> <li>More than 120 electronic flashcards to reinforce learning and last-minute prep before the exam.</li> <li>Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared.</li></b></ul> <p><b>ABOUT THE SSCP CERTIFICATION PROGRAM </b> <p><b>Successful completion of the Systems Security Certified Practitioner certification program demonstrates your competency in the implementation, monitoring, and administration of IT infrastructure using information security best practices, policies, and procedures. It proves you know how to ensure the confidentiality, integrity, and availability of data. </b> <p><b>Visit www.isc2.org/sscp for more information</b>

Diese Produkte könnten Sie auch interessieren:

Symbian OS Explained
Symbian OS Explained
von: Jo Stichbury
PDF ebook
32,99 €
Symbian OS Internals
Symbian OS Internals
von: Jane Sales
PDF ebook
56,99 €
Parallel Combinatorial Optimization
Parallel Combinatorial Optimization
von: El-Ghazali Talbi
PDF ebook
120,99 €