Details

(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide


(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide


3. Aufl.

von: Mike Wills

38,99 €

Verlag: Wiley
Format: PDF
Veröffentl.: 07.01.2022
ISBN/EAN: 9781119855002
Sprache: englisch
Anzahl Seiten: 816

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p><b>The only SSCP study guide officially approved by (ISC)2</b></p> <p>The (ISC)2 Systems Security Certified Practitioner (SSCP) certification is a well-known vendor-neutral global IT security certification. The SSCP is designed to show that holders have the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures.</p> <p>This comprehensive Official Study Guide—the only study guide officially approved by (ISC)2—covers all objectives of the seven SSCP domains.</p> <ul> <li>Security Operations and Administration</li> <li>Access Controls</li> <li>Risk Identification, Monitoring, and Analysis</li> <li>Incident Response and Recovery</li> <li>Cryptography</li> <li>Network and Communications Security</li> <li>Systems and Application Security</li> </ul> <p>This updated <i>Third Edition</i> covers the SSCP exam objectives effective as of November 2021. Much of the new and more advanced knowledge expected of an SSCP is now covered in a new chapter "Cross-Domain Challenges." If you're an information security professional or student of cybersecurity looking to tackle one or more of the seven domains of the SSCP, this guide gets you prepared to pass the exam and enter the information security workforce with confidence.</p>
<p>Introduction xxv</p> <p>Assessment Test xlviii</p> <p><b>Part I Getting Started as an SSCP 1</b></p> <p><b>Chapter 1 The Business Case for Decision Assurance and Information Security 3</b></p> <p>Information: The Lifeblood of Business 4</p> <p>Data, Information, Knowledge, Wisdom… 5</p> <p>Information Is <i>Not</i>Information Technology 8</p> <p>Policy, Procedure, and Process: How Business Gets Business Done 10</p> <p>Who Is the Business? 11</p> <p>“What’s the Business Case for That?” 12</p> <p>Purpose, Intent, Goals, Objectives 13</p> <p>Business Logic and Business Processes: Transforming Assets into Opportunity, Wealth, and Success 14</p> <p>The Value Chain 15</p> <p>Being Accountable 17</p> <p>Who Runs the Business? 20</p> <p>Owners and Investors 20</p> <p>Boards of Directors 20</p> <p>Managing or Executive Directors and the “C-Suite” 21</p> <p>Layers of Function, Structure, Management, and Responsibility 21</p> <p>Plans and Budgets, Policies, and Directives 23</p> <p>Summary 24</p> <p>Exam Essentials 24</p> <p>Review Questions 26</p> <p><b>Chapter 2 Information Security Fundamentals 33</b></p> <p>The Common Needs for Privacy, Confidentiality, Integrity, and Availability 34</p> <p>Privacy 34</p> <p>Confidentiality 38</p> <p>Integrity 39</p> <p>Availability 40</p> <p>Privacy vs. Security, or Privacy and Security? 41</p> <p>CIANA+PS Needs of Individuals 43</p> <p>Private Business’s Need for CIANA+PS 44</p> <p>Government’s Need for CIANA+PS 45</p> <p>The Modern Military’s Need for CIA 45</p> <p>Do Societies Need CIANA+PS? 46</p> <p>Training and Educating Everybody 47</p> <p>SSCPs and Professional Ethics 47</p> <p>Summary 49</p> <p>Exam Essentials 50</p> <p>Review Questions 54</p> <p><b>Part II Integrated Risk Management and Mitigation 61</b></p> <p><b>Chapter 3 Integrated Information Risk Management 63</b></p> <p>It’s a Dangerous World 64</p> <p>What Is Risk? 66</p> <p>Risk: When Surprise Becomes Disruption 69</p> <p>Information Security: Delivering Decision Assurance 71</p> <p>“Common Sense” and Risk Management 74</p> <p>The Four Faces of Risk 75</p> <p>Outcomes-Based Risk 77</p> <p>Process-Based Risk 78</p> <p>Asset-Based Risk 79</p> <p>Threat-Based (or Vulnerability-Based) Risk 79</p> <p>Getting Integrated and Proactive with Information Defense 83</p> <p>Lateral Movement: Mitigate with Integrated C3 86</p> <p>Trust, but Verify 87</p> <p>Due Care and Due Diligence: Whose Jobs Are These? 87</p> <p>Be Prepared: First, Set Priorities 88</p> <p>Risk Management: Concepts and Frameworks 89</p> <p>The SSCP and Risk Management 92</p> <p>Plan, Do, Check, Act 93</p> <p>Risk Assessment 95</p> <p>Establish Consensus about Information Risk 95</p> <p>Information Risk Impact Assessment 96</p> <p>Information Classification and Categorization 97</p> <p>Risk Analysis 99</p> <p>The Business Impact Analysis 105</p> <p>From Assessments to Information Security Requirements 106</p> <p>Four Choices for Limiting or Containing Damage 107</p> <p>Deter 109</p> <p>Detect 110</p> <p>Prevent 110</p> <p>Avoid 111</p> <p>Summary 114</p> <p>Exam Essentials 114</p> <p>Review Questions 120</p> <p><b>Chapter 4 Operationalizing Risk Mitigation 127</b></p> <p>From Tactical Planning to Information Security Operations 128</p> <p>Operationally Outthinking Your Adversaries 130</p> <p>Getting Inside the Other Side’s OODA Loop 132</p> <p>Defeating the Kill Chain 133</p> <p>Operationalizing Risk Mitigation: Step by Step 134</p> <p>Step 1: Assess the Existing Architectures 135</p> <p>Step 2: Assess Vulnerabilities and Threats 142</p> <p>Step 3: Select Risk Treatment and Controls 152</p> <p>Step 4: Implement Controls 159</p> <p>Step 5: Authorize: Senior Leader Acceptance and Ownership 163</p> <p>The Ongoing Job of Keeping Your Baseline Secure 164</p> <p>Build and Maintain User Engagement with Risk Controls 165</p> <p>Participate in Security Assessments 166</p> <p>Manage the Architectures: Asset Management and Change Control 169</p> <p>Ongoing, Continuous Monitoring 174</p> <p>Exploiting What Monitoring and Event Data Is Telling You 177</p> <p>Incident Investigation, Analysis, and Reporting 181</p> <p>Reporting to and Engaging with Management 182</p> <p>Summary 183</p> <p>Exam Essentials 183</p> <p>Review Questions 189</p> <p><b>Part III The Technologies of Information Security 197</b></p> <p><b>Chapter 5 Communications and Network Security 199</b></p> <p>Trusting Our Communications in a Converged World 200</p> <p>CIANA+PS: Applying Security Needs to Networks 203</p> <p>Threat Modeling for Communications Systems 205</p> <p>Internet Systems Concepts 206</p> <p>Datagrams and Protocol Data Units 207</p> <p>Handshakes 208</p> <p>Packets and Encapsulation 209</p> <p>Addressing, Routing, and Switching 211</p> <p>Network Segmentation 212</p> <p>URLs and the Web 212</p> <p>Topologies 213</p> <p>“Best Effort” and Trusting Designs 217</p> <p>Two Protocol Stacks, One Internet 218</p> <p>Complementary, Not Competing, Frameworks 218</p> <p>Layer 1: The Physical Layer 222</p> <p>Layer 2: The Data Link Layer 223</p> <p>Layer 3: The Network Layer 225</p> <p>Layer 4: The Transport Layer 226</p> <p>Layer 5: The Session Layer 230</p> <p>Layer 6: The Presentation Layer 231</p> <p>Layer 7: The Application Layer 232</p> <p>Cross-Layer Protocols and Services 233</p> <p>IP and Security 234</p> <p>Layers or Planes? 235</p> <p>Network Architectures 236</p> <p>DMZs and Botnets 237</p> <p>Software-Defined Networks 238</p> <p>Virtual Private Networks 239</p> <p>Wireless Network Technologies 240</p> <p>Wi-Fi 241</p> <p>Bluetooth 242</p> <p>Near-Field Communication 242</p> <p>IP Addresses, DHCP, and Subnets 243</p> <p>DHCP Leases: IPv4 and IPv6 243</p> <p>IPv4 Address Classes 245</p> <p>Subnetting in IPv4 247</p> <p>IPv4 vs. IPv6: Important Differences and Options 248</p> <p>CIANA Layer by Layer 251</p> <p>CIANA at Layer 1: Physical 251</p> <p>CIANA at Layer 2: Data Link 254</p> <p>CIANA at Layer 3: Network 256</p> <p>CIANA at Layer 4: Transport 257</p> <p>CIANA at Layer 5: Session 258</p> <p>CIANA at Layer 6: Presentation 260</p> <p>CIANA at Layer 7: Application 260</p> <p>Securing Networks as Systems 262</p> <p>Network Security Devices and Services 263</p> <p>Wireless Network Access and Security 264</p> <p>CIANA+PS and Wireless 265</p> <p>Monitoring and Analysis for Network Security 267</p> <p>A SOC Is Not a NOC 269</p> <p>Tools for the SOC and the NOC 270</p> <p>Integrating Network and Security Management 271</p> <p>Summary 273</p> <p>Exam Essentials 273</p> <p>Review Questions 280</p> <p><b>Chapter 6 Identity and Access Control 285</b></p> <p>Identity and Access: Two Sides of the Same CIANA+PS Coin 286</p> <p>Identity Management Concepts 288</p> <p>Identity Provisioning and Management 289</p> <p>Identity and AAA 293</p> <p>Access Control Concepts 295</p> <p>Subjects and Objects—Everywhere! 296</p> <p>Data Classification and Access Control 297</p> <p>Bell-LaPadula and Biba Models 299</p> <p>Role-Based 302</p> <p>Attribute-Based 303</p> <p>Subject-Based 303</p> <p>Object-Based 304</p> <p>Rule-Based Access Control 304</p> <p>Risk-Based Access Control 304</p> <p>Mandatory vs. Discretionary Access Control 305</p> <p>Network Access Control 305</p> <p>IEEE 802.1X Concepts 307</p> <p>RADIUS Authentication 308</p> <p>TACACS and TACACS+ 309</p> <p>Implementing and Scaling IAM 310</p> <p>Choices for Access Control Implementations 311</p> <p>“Built-in” Solutions? 313</p> <p>Other Protocols for IAM 314</p> <p>Multifactor Authentication 315</p> <p>Server-Based IAM 319</p> <p>Integrated IAM systems 320</p> <p>Single Sign-On 321</p> <p>OpenID Connect 322</p> <p>Identity as a Service (IDaaS) 322</p> <p>Federated IAM 322</p> <p>Session Management 323</p> <p>Kerberos 325</p> <p>Credential Management 326</p> <p>Trust Frameworks and Architectures 328</p> <p>User and Entity Behavior Analytics (UEBA) 329</p> <p>Zero Trust Architectures 332</p> <p>Summary 333</p> <p>Exam Essentials 334</p> <p>Review Questions 343</p> <p><b>Chapter 7 Cryptography 349</b></p> <p>Cryptography: What and Why 350</p> <p>Codes and Ciphers: Defining Our Terms 352</p> <p>Cryptography, Cryptology, or…? 357</p> <p>Building Blocks of Digital Cryptographic Systems 358</p> <p>Cryptographic Algorithms 359</p> <p>Cryptographic Keys 360</p> <p>Hashing as One-Way Cryptography 362</p> <p>A Race Against Time 365</p> <p>“The Enemy Knows Your System” 366</p> <p>Keys and Key Management 367</p> <p>Key Storage and Protection 367</p> <p>Key Revocation and Disposal 368</p> <p>Modern Cryptography: Beyond the “Secret Decoder Ring” 370</p> <p>Symmetric Key Cryptography 370</p> <p>Asymmetric Key Cryptography 370</p> <p>Hybrid Cryptosystems 371</p> <p>Design and Use of Cryptosystems 371</p> <p>Cryptanalysis, Ethical and Unethical 372</p> <p>Cryptographic Primitives 373</p> <p>Cryptographic Engineering 373</p> <p>“Why Isn’t All of This Stuff Secret?” 373</p> <p>Cryptography and CIANA+PS 375</p> <p>Confidentiality 376</p> <p>Authentication 376</p> <p>Integrity 376</p> <p>Nonrepudiation 377</p> <p>“But I Didn’t Get That Email…” 378</p> <p>Availability 379</p> <p>Privacy 380</p> <p>Safety 381</p> <p>Public Key Infrastructures 381</p> <p>Diffie-Hellman-Merkle Public Key Exchange 382</p> <p>RSA Encryption and Key Exchange 385</p> <p>ElGamal Encryption 385</p> <p>Elliptical Curve Cryptography (ECC) 386</p> <p>Digital Signatures 387</p> <p>Digital Certificates and Certificate Authorities 387</p> <p>Hierarchies (or Webs) of Trust 388</p> <p>Pretty Good Privacy 392</p> <p>TLS 393</p> <p>HTTPS 394</p> <p>Symmetric Key Algorithms and PKI 395</p> <p>Encapsulation for Security: IPSec, ISAKMP, and Others 396</p> <p>Applying Cryptography to Meet Different Needs 399</p> <p>Message Integrity Controls 399</p> <p>S/MIME 400</p> <p>DKIM 400</p> <p>Blockchain 401</p> <p>Data Storage, Content Distribution, and Archiving 403</p> <p>Steganography 404</p> <p>Access Control Protocols 404</p> <p>Managing Cryptographic Assets and Systems 405</p> <p>Measures of Merit for Cryptographic Solutions 407</p> <p>Attacks and Countermeasures 408</p> <p>Social Engineering for Key Discovery 409</p> <p>Implementation Attacks 410</p> <p>Brute Force and Dictionary Attacks 410</p> <p>Side Channel Attacks 411</p> <p>Numeric (Algorithm or Key) Attacks 412</p> <p>Traffic Analysis, “Op Intel,” and Social Engineering Attacks 413</p> <p>Massively Parallel Systems Attacks 414</p> <p>Supply Chain Vulnerabilities 414</p> <p>The “Sprinkle a Little Crypto Dust on It” Fallacy 415</p> <p>Countermeasures 416</p> <p>PKI and Trust: A Recap 418</p> <p>On the Near Horizon 420</p> <p>Pervasive and Homomorphic Encryption 420</p> <p>Quantum Cryptography and Post–Quantum Cryptography 421</p> <p>AI, Machine Learning, and Cryptography 422</p> <p>Summary 423</p> <p>Exam Essentials 424</p> <p>Review Questions 429</p> <p><b>Chapter 8 Hardware and Systems Security 435</b></p> <p>Infrastructure Security Is Baseline Management 437</p> <p>It’s About Access Control… 437</p> <p>It’s Also About Supply Chain Security 439</p> <p>Do Clouds Have Boundaries? 439</p> <p>Securing the Physical Context 442</p> <p>Facilities Security 442</p> <p>Services Security 443</p> <p>OT-Intensive (or Reliant) Contexts 444</p> <p>Infrastructures 101 and Threat Modeling 444</p> <p>Protecting the Trusted Computing Base 447</p> <p>Hardware Vulnerabilities 447</p> <p>Firmware Vulnerabilities 449</p> <p>Operating Systems Vulnerabilities 451</p> <p>Virtual Machines and Vulnerabilities 454</p> <p>Network Operating Systems 455</p> <p>Endpoint Security 457</p> <p>MDM, COPE, and BYOD 459</p> <p>BYOI? BYOC? 460</p> <p>Malware: Exploiting the Infrastructure’s Vulnerabilities 462</p> <p>Countering the Malware Threat 465</p> <p>Privacy and Secure Browsing 466</p> <p>“The Sin of Aggregation” 469</p> <p>Updating the Threat Model 469</p> <p>Managing Your Systems’ Security 470</p> <p>Summary 471</p> <p>Exam Essentials 472</p> <p>Review Questions 478</p> <p><b>Chapter 9 Applications, Data, and Cloud Security 483</b></p> <p>It’s a Data-Driven World…At the Endpoint 484</p> <p>Software as Appliances 487</p> <p>Applications Lifecycles and Security 490</p> <p>The Software Development Lifecycle (SDLC) 491</p> <p>Why Is (Most) Software So Insecure? 494</p> <p>Hard to Design It Right, Easy to Fix It? 497</p> <p>CIANA+PS and Applications Software Requirements 498</p> <p>Positive and Negative Models for Software Security 502</p> <p>Is Negative Control Dead? Or Dying? 503</p> <p>Application Vulnerabilities 504</p> <p>Vulnerabilities Across the Lifecycle 505</p> <p>Human Failures and Frailties 506</p> <p>“Shadow IT:” The Dilemma of the User as Builder 507</p> <p>Data and Metadata as Procedural Knowledge 509</p> <p>Information Quality and Information Assurance 511</p> <p>Information Quality Lifecycle 512</p> <p>Preventing (or Limiting) the “Garbage In” Problem 513</p> <p>Protecting Data in Motion, in Use, and at Rest 514</p> <p>Data Exfiltration I: The Traditional Threat 516</p> <p>Detecting Unauthorized Data Acquisition 518</p> <p>Preventing Data Loss 519</p> <p>Detecting and Preventing Malformed Data Attacks 521</p> <p>Into the Clouds: Endpoint App and Data Security Considerations 522</p> <p>Cloud Deployment Models and Information Security 524</p> <p>Cloud Service Models and Information Security 525</p> <p>Edge and Fog Security: Virtual Becoming Reality 527</p> <p>Clouds, Continuity, and Resiliency 528</p> <p>Clouds and Threat Modeling 529</p> <p>Cloud Security Methods 531</p> <p>Integrate and Correlate 532</p> <p>SLAs, TORs, and Penetration Testing 532</p> <p>Data Exfiltration II: Hiding in the Clouds 533</p> <p>Legal and Regulatory Issues 533</p> <p>Countermeasures: Keeping Your Apps and Data Safe and Secure 535</p> <p>Summary 536</p> <p>Exam Essentials 537</p> <p>Review Questions 548</p> <p><b>Part IV People Power: What Makes or Breaks Information Security 555</b></p> <p><b>Chapter 10 Incident Response and Recovery 557</b></p> <p>Defeating the Kill Chain One Skirmish at a Time 558</p> <p>Kill Chains: Reviewing the Basics 560</p> <p>Events vs. Incidents 562</p> <p>Harsh Realities of Real Incidents 564</p> <p>MITRE’s ATT&CK Framework 564</p> <p>Learning from Others’ Painful Experiences 566</p> <p>Incident Response Framework 566</p> <p>Incident Response Team: Roles and Structures 568</p> <p>Incident Response Priorities 570</p> <p>Preparation 571</p> <p>Preparation Planning 572</p> <p>Put the Preparation Plan in Motion 574</p> <p>Are You Prepared? 575</p> <p>Detection and Analysis 578</p> <p>Warning Signs 578</p> <p>Initial Detection 580</p> <p>Timeline Analysis 581</p> <p>Notification 582</p> <p>Prioritization 583</p> <p>Containment and Eradication 584</p> <p>Evidence Gathering, Preservation, and Use 585</p> <p>Constant Monitoring 586</p> <p>Recovery: Getting Back to Business 587</p> <p>Data Recovery 588</p> <p>Post-Recovery: Notification and Monitoring 589</p> <p>Post-Incident Activities 590</p> <p>Learning the Lessons 591</p> <p>Orchestrate and Automate 592</p> <p>Support Ongoing Forensics Investigations 592</p> <p>Information and Evidence Retention 593</p> <p>Information Sharing with the Larger IT</p> <p>Security Community 594</p> <p>Summary 594</p> <p>Exam Essentials 595</p> <p>Review Questions 601</p> <p><b>Chapter 11 Business Continuity via Information Security and People Power 607</b></p> <p>What Is a Disaster? 608</p> <p>Surviving to Operate: Plan for It! 609</p> <p>Business Continuity 610</p> <p>IS Disaster Recovery Plans 610</p> <p>Plans, More Plans, and Triage 611</p> <p>Timelines for BC/DR Planning and Action 615</p> <p>Options for Recovery 617</p> <p>Backups, Archives, and Image Copies 618</p> <p>Cryptographic Assets and Recovery 620</p> <p>“Golden Images” and Validation 621</p> <p>Scan Before Loading: Blocking Historical Zero-Day Attacks 622</p> <p>Restart from a Clean Baseline 622</p> <p>Cloud-Based “Do-Over” Buttons for Continuity, Security, and Resilience 623</p> <p>Restoring a Virtual Organization 625</p> <p>People Power for BC/DR 626</p> <p>Threat Vectors: It <b><i>Is </i></b>a Dangerous World Out There 628</p> <p>“Blue Team’s” C3I 631</p> <p>Learning from Experience 632</p> <p>Security Assessment: For BC/DR and Compliance 633</p> <p>Converged Communications: Keeping Them Secure During BC/DR Actions 634</p> <p>POTS and VoIP Security 635</p> <p>People Power for Secure Communications 636</p> <p>Summary 637</p> <p>Exam Essentials 637</p> <p>Review Questions 641</p> <p><b>Chapter 12 Cross-Domain Challenges 647</b></p> <p>Operationalizing Security Across the Immediate and Longer Term 648</p> <p>Continuous Assessment and Continuous Compliance 650</p> <p>SDNs and SDS 651</p> <p>SOAR: Strategies for Focused Security Effort 653</p> <p>A “DevSecOps” Culture: SOAR for Software Development 655</p> <p>Just-in-Time Education, Training, and Awareness 656</p> <p>Supply Chains, Security, and the SSCP 657</p> <p>ICS, IoT, and SCADA: More Than SUNBURST 658</p> <p>Extending Physical Security: More Than Just Badges and Locks 660</p> <p>All-Source, Proactive Intelligence: The SOC as a Fusion Center 661</p> <p>Other Dangers on the Web and Net 662</p> <p>Surface, Deep, and Dark Webs 662</p> <p>Deep and Dark: Risks and Countermeasures 664</p> <p>DNS and Namespace Exploit Risks 665</p> <p>On Our Way to the Future 666</p> <p>Cloud Security: Edgier and Foggier 667</p> <p>AI, ML, and Analytics: Explicability and Trustworthiness 667</p> <p>Quantum Communications, Computing, and Cryptography 669</p> <p>Paradigm Shifts in Information Security? 669</p> <p>Perception Management and Information Security 671</p> <p>Widespread Lack of Useful Understanding of Core Technologies 672</p> <p>Enduring Lessons 672</p> <p>You Cannot Legislate Security (But You Can Punish Noncompliance) 673</p> <p>It’s About Managing Our Security and Our Systems 673</p> <p>People Put It Together 674</p> <p>Maintain Flexibility of Vision 675</p> <p>Accountability—It’s</p> <p>Personal. Make It So 675</p> <p>Stay Sharp 676</p> <p>Your Next Steps 677</p> <p>At the Close 678</p> <p>Exam Essentials 678</p> <p>Review Questions 683</p> <p><b>Appendix Answers to Review Questions 689</b></p> <p>Chapter 1: The Business Case for Decision Assurance and Information Security 690</p> <p>Chapter 2: Information Security Fundamentals 693</p> <p>Chapter 3: Integrated Information Risk Management 695</p> <p>Chapter 4: Operationalizing Risk Mitigation 698</p> <p>Chapter 5: Communications and Network Security 701</p> <p>Chapter 6: Identity and Access Control 704</p> <p>Chapter 7: Cryptography 707</p> <p>Chapter 8: Hardware and Systems Security 709</p> <p>Chapter 9: Applications, Data, and Cloud Security 712</p> <p>Chapter 10: Incident Response and Recovery 715</p> <p>Chapter 11: Business Continuity via Information Security and People Power 718</p> <p>Chapter 12: Cross-Domain Challenges 722</p> <p>Index 727</p>
<p><b>ABOUT THE AUTHOR</b></p> <p><b>Michael S. Wills, SSCP, CISSP, CAMS,</b> is Assistant Professor of Applied Information Technologies in the College of Business at the Embry-Riddle Aeronautical University’s Worldwide Campus. He has many years of experience designing, building, and operating cutting-edge secure systems, and wrote (ISC)<sup>2</sup>’s official training courses for both the SSCP and CISSP. He is also the creator of ERAU’s Master of Science in Information Security and Assurance degree program.
<p><b>Your complete guide to preparing for the SSCP exam</b></p> <p>The Third Edition of the (ISC)<sup>2</sup> SSCP Systems Security Certified Practitioner Official Study Guide is your one-stop resource for complete coverage of the challenging SSCP exam. This self-paced Sybex Study Guide covers 100% of the SSCP domain competencies and offers the knowledge you’ll need to help organizations protect their data throughout their systems from today’s complex cyber attacks. New and expanded coverage for 2021 and beyond includes IoT, SCADA, and ICS security issues, Zero Trust, Access Controls, and App and Data security. It prepares students and professionals for the SSCP exam with assessment tests that validate exam readiness, objective maps, real-world scenarios, practical exercises, and challenging chapter review questions. You’ll also get cross-device access to the online Sybex learning environment. After the exam, the book serves as a great on-the-job reference. <p><b>Coverage of 100% of all exam objectives in this Study Guide means you’ll be ready for:</b> <ul><li>Security Operations and Administration</li> <li>Access Controls</li> <li>Risk Identification, Monitoring, and Analysis</li> <li>Incident Response and Recovery</li> <li>Cryptography</li> <li>Network and Communications Security</li> <li>Systems and Application Security</li></ul> <p><b>Interactive learning environment</b> <p>Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, register your book to receive your unique PIN, and instantly gain one year of FREE access after activation to: <ul><b><li>Interactive test bank with 2 practice exams to help you identify areas where further review is needed. Get more than 90% of the answers correct, and you???re ready to take the certification exam. </li> <li>More than 120 electronic flashcards to reinforce learning and last-minute prep before the exam.</li> <li>Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared.</li></b></ul> <p><b>ABOUT THE SSCP CERTIFICATION PROGRAM </b> <p><b>Successful completion of the Systems Security Certified Practitioner certification program demonstrates your competency in the implementation, monitoring, and administration of IT infrastructure using information security best practices, policies, and procedures. It proves you know how to ensure the confidentiality, integrity, and availability of data. </b> <p><b>Visit www.isc2.org/sscp for more information</b>

Diese Produkte könnten Sie auch interessieren:

Symbian OS Explained
Symbian OS Explained
von: Jo Stichbury
PDF ebook
32,99 €
Symbian OS Internals
Symbian OS Internals
von: Jane Sales
PDF ebook
56,99 €
Parallel Combinatorial Optimization
Parallel Combinatorial Optimization
von: El-Ghazali Talbi
PDF ebook
109,99 €