Download SSCP (ISC)2 Systems Security Certified Practitioner Official Study Guide PDF

TitleSSCP (ISC)2 Systems Security Certified Practitioner Official Study Guide
LanguageEnglish
File Size14.7 MB
Total Pages576
Table of Contents
                            Cover
Title Page
Copyright
Contents
Introduction
Assessment Test
Chapter 1 Information Security: The Systems Security Certified Practitioner Certification
	About the (ISC)2 Organization
		(ISC)2 History
		Organizational Structure and Programs
	Exams, Testing, and Certification
		Certification Qualification: The SSCP Common Body of Knowledge
		After Passing the Exam
		Certification Maintenance
		Types of IT Certifications?
		About the Systems Security Certified Practitioner Certification
		How Do I Use My SSCP Knowledge on the Job?
	The SSCP Exam
		Preparing for the Exam
		Booking the Exam
		Taking the Exam
	Summary
	Exam Essentials
Chapter 2 Security Basics: A Foundation
	The Development of Security Techniques
	Understanding Security Terms and Concepts
		The Problem (Opportunity) and the Solution
		Evolution of Items
	Security Foundation Concepts
		CIA Triad
		Primary Security Categories
		Access Control
		Nonrepudiation
		Risk
		Prudent Man, Due Diligence, and Due Care
		User Security Management
		Least Privilege
		AAA
		Mandatory Vacation
		Separation of Duties
		M of N Requirement
		Two-Man Rule
		Job Rotation
		Geographic Access Control
		Temporal Access Control, Time of Day Control
		Privacy
		Transparency
		Implicit Deny
		Personal Device (BYOD)
		Privilege Management, Privilege Life Cycle
	Participating in Security Awareness Education
		Types of Security Awareness Education Programs
		Working with Human Resources and Stakeholders
		Senior Executives
		Customers, Vendors, and Extranet Users Security Awareness Programs
	Summary
	Exam Essentials
	Written Lab
	Review Questions
Chapter 3 Domain 1: Access Controls
	What Are Controls?
		What Should Be Protected?
		Why Control Access?
	Types of Access Controls
		Physical Access Controls
		Logical Access Controls
		Administrative Access Controls
	Identification
	Authentication
		Factors of Authentication
		Single-Factor Authentication
		Multifactor Authentication
		Token-Based Access Controls
	System-Level Access Controls
	Discretionary Access Control (DAC)
	Nondiscretionary Access Control
	Mandatory Access Control
		Administering Mandatory Access Control
		Trusted Systems
		Mandatory Access Control Architecture Models
		Account-Level Access Control
		Session-Level Access Control
		View-Based Access Control
		Data-Level Access Control
		Contextual- or Content-Based Access Control
		Physical Data and Printed Media Access Control
		Assurance of Accountability
		Manage Internetwork Trust Architectures
		Cloud-Based Security
	Summary
	Exam Essentials
	Written Lab
	Review Questions
Chapter 4 Domain 2: Security Operations and Administration
	Security Administration Concepts and Principles
		Security Equation
		Security Policies and Practices
	Data Management Policies
		Data States
		Information Life Cycle Management
		Information Classification Policy
	Endpoint Device Security
		Endpoint Health Compliance
		Endpoint Defense
		Endpoint Device Policy
	Security Education and Awareness Training
		Employee Security Training Policy
		Employee Security Training program
	Business Continuity Planning
		Developing a Business Continuity Plan
		Disaster Recovery Plans
	Summary
	Exam Essentials
	Written Lab
	Review Questions
Chapter 5 Domain 3: Risk Identification, Monitoring, and Analysis
	Understanding the Risk Management Process
		Defining Risk
		Risk Management Process
	Risk Management Frameworks and Guidance for Managing Risks
		ISO/IEC 27005
		NIST Special Publication 800-37 Revision 1
		NIST Special Publication 800-39
	Risk Analysis and Risk Assessment
		Risk Analysis
		Risk Assessments
	Managing Risks
		Treatment Plan
		Risk Treatment
		Risk Treatment Schedule
		Risk Register
	Risk Visibility and Reporting
		Enterprise Risk Management
		Continuous Monitoring
		Security Operations Center
		Threat Intelligence
	Analyzing Monitoring Results
		Security Analytics, Metrics, and Trends
		Event Data Analysis
		Visualization
		Communicating Findings
	Summary
	Exam Essentials
	Written Lab
	Review Questions
Chapter 6 Domain 4: Incident Response and Recovery
	Event and Incident Handling Policy
		Standards
		Procedures
		Guidelines
	Creating and Maintaining an Incident Response Plan
		Law Enforcement and Media Communication
		Building in Incident Response Team
		Incident Response Records
		Security Event Information
		Incident Response Containment and Restoration
		Implementation of Countermeasures
	Understanding and Supporting Forensic Investigations
		Incident Scene
		Volatility of Evidence
		Forensic Principles
		Chain of Custody
		Proper Investigation and Analysis of Evidence
		Interpretation and Reporting Assessment Results
	Understanding and Supporting the Business Continuity Plan and the Disaster Recovery Plan
		Emergency Response Plans and Procedures
		Business Continuity Planning
		Disaster Recovery Planning
		Interim or Alternate Processing Strategies
		Restoration Planning
		Backup and Redundancy Implementation
		Business Continuity Plan and Disaster Recovery Plan Testing and Drills
	Summary
	Exam Essentials
	Written Lab
	Review Questions
Chapter 7 Domain 5: Cryptography
	Concepts and Requirements of Cryptography
		Terms and Concepts Used in Cryptography
		Cryptographic Systems and Technology
		Data Classification and Regulatory Requirements
		Public Key Infrastructure and Certificate Management
	Key Management
		Key Generation
		Key Distribution
		Key Encrypting Keys
		Key Retrieval
	Secure Protocols
		IPsec
	Summary
	Exam Essentials
	Written Lab
	Review Questions
Chapter 8 Domain 6: Networks and Communications
	Network Models
		TCP/IP and OSI Reference Models
	Network Design Topographies
		Network Topology Models
		Network Connection Models
		Media Access Models
	Ports and Protocols
		Ports
		Common Protocols
	Converged Network Communications
	Network Monitoring and Control
		Continuous Monitoring
		Network Monitors
		Managing Network Logs
	Access Control Protocols and Standards
		Remote Network Access Control
	Remote User Authentication Services
		RADIUS
		TACACS/TACACS+/XTACACS
	Local User Authentication Services
		LDAP
		Kerberos
		Single Sign-On
	Network Segmentation
		Subnetting
		Virtual Local Area Networks
		Demilitarized Zones
		Network Address Translation
	Securing Devices
		MAC Filtering and Limiting
		Disabling Unused Ports
	Security Posture
	Firewall and Proxy Implementation
		Firewalls
		Firewall Rules
	Network Routers and Switches
		Routers
		Switches
	Intrusion Detection and Prevention Devices
		Intrusion Detection Systems
		Intrusion Prevention Systems
		Wireless Intrusion Prevention Systems
		Comparing Intrusion Detection Systems and Intrusion Prevention Systems
		Spam Filter to Prevent Email Spam
	Telecommunications Remote Access
		Network Access Control
	Wireless & Cellular Technologies
		IEEE 802.11x Wireless Protocols
		WEP/WPA/WPA2
	Wireless Networks
		Cellular Network
		WiMAX
		Wireless MAN
		Wireless WAN
		Wireless LAN
		Wireless Mesh Network
		Bluetooth
		Wireless Network Attacks
		Wireless Access Points
	Traffic Shaping Techniques and Devices
	Quality of Service
	Summary
	Exam Essentials
	Written Lab
	Review Questions
Chapter 9 Domain 7: Systems and Application Security
	Understand Malicious Code and Apply Countermeasures
		Malicious Code Terms and Concepts
		Managing Spam to Avoid Malware
		Cookies and Attachments
		Malicious Code Countermeasures
	Malicious Add-Ons
		Java Applets
		ActiveX
	User Threats and Endpoint Device Security
		General Workstation Security
		Physical Security
		Securing Mobile Devices and Mobile Device Management
	Understand and Apply Cloud Security
		Cloud Concepts and Cloud Security
		Cloud Deployment Model Security
		Cloud Service Model Security
		Cloud Management Security
		Cloud Legal and Privacy Concepts
		Cloud Virtualization Security
	Secure Data Warehouse and Big Data Environments
		Data Warehouse and Big Data Deployment and Operations
		Securing the Data Warehouse and Data Environment
	Secure Software-Defined Networks and Virtual Environments
		Software-Defined Networks
		Security Benefits and Challenges of Virtualization
	Summary
	Exam Essentials
	Written Lab
	Review Questions
Appendix A Answers to Written Labs
	Chapter 2
	Chapter 3
	Chapter 4
	Chapter 5
	Chapter 6
	Chapter 7
	Chapter 8
	Chapter 9
Appendix B Answers to Review Questions
	Chapter 2
	Chapter 3
	Chapter 4
	Chapter 5
	Chapter 6
	Chapter 7
	Chapter 8
	Chapter 9
Appendix C Diagnostic Tools
	Microsoft Baseline Security Analyzer
		Using the Tool
	Microsoft Password Checker
		Using the Tool
	Internet Explorer Phishing and Malicious Software Filter
		Using the Tool
	Manage Internet Cookies
		Using the Tool
	Observing Logs with Event Viewer
		Using the Tool
	Viewing a Digital Certificate
		Using the Tool
	Monitoring PC Activities with Windows Performance Monitor
		Using the Tool
	Analyzing Error Messages in Event Viewer
		Using the Tool
	Calculate Hash Values
		Using the Tool
Index
Comprehensive Online Learning Environment
EULA
                        
Document Text Contents
Page 575

Comprehensive Online Learning
Environment

Register on Sybex.com to gain access to the online interactive learning environment and
test bank to help you study for your (ISC)2 SSCP certifi cation - included with your purchase
of this book!

The online tool includes:

■ Assessment Test to help you focus your study to specific objectives

■ Chapter Tests to reinforce what you learned

■ Practice Exams to test your knowledge of the material

■ Electronic Flashcards to reinforce your learning and provide last-minute test prep
before the exam

■ Searchable Glossary gives you instant access to the key terms you’ll need to know for
the exam

Go to http://sybextestbanks.wiley.com to register and gain access to this comprehen-
sive study tool package.

http://sybextestbanks.wiley.com

Page 576

WILEY END USER LICENSE AGREEMENT
Go to www.wiley.com/go/eula to access Wiley’s ebook EULA.

http://www.wiley.com/go/eula

Similer Documents