Official (ISC)2 SSCP CBK Reference - Mike Wills Blick ins Buch

Official (ISC)2 SSCP CBK Reference (eBook)

(Autor)

eBook Download: EPUB
2022 | 6. Auflage
832 Seiten
Wiley (Verlag)
978-1-119-87487-4 (ISBN)

Lese- und Medienproben

Official (ISC)2 SSCP CBK Reference - Mike Wills
Ebook-Leseprobe (EPUB)
Systemvoraussetzungen
51,99 inkl. MwSt
  • Download sofort lieferbar
  • Zahlungsarten anzeigen
The only official body of knowledge for SSCP-(ISC)2's popular credential for hands-on security professionals-fully revised and updated 2021 SSCP Exam Outline.

Systems Security Certified Practitioner (SSCP) is an elite, hands-on cybersecurity certification that validates the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures. SSCP certification-fully compliant with U.S. Department of Defense Directive 8140 and 8570 requirements-is valued throughout the IT security industry. The Official (ISC)2 SSCP CBK Reference is the only official Common Body of Knowledge (CBK) available for SSCP-level practitioners, exclusively from (ISC)2, the global leader in cybersecurity certification and training.

This authoritative volume contains essential knowledge practitioners require on a regular basis. Accurate, up-to-date chapters provide in-depth coverage of the seven SSCP domains: Security Operations and Administration; Access Controls; Risk Identification, Monitoring and Analysis; Incident Response and Recovery; Cryptography; Network and Communications Security; and Systems and Application Security.

Designed to serve as a reference for information security professionals throughout their careers, this indispensable (ISC)2 guide:

  • Provides comprehensive coverage of the latest domains and objectives of the SSCP
  • Helps better secure critical assets in their organizations
  • Serves as a complement to the SSCP Study Guide for certification candidates

The Official (ISC)2 SSCP CBK Reference is an essential resource for SSCP-level professionals, SSCP candidates and other practitioners involved in cybersecurity.

The only official body of knowledge for SSCP (ISC)2 s popular credential for hands-on security professionals fully revised and updated 2021 SSCP Exam Outline. Systems Security Certified Practitioner (SSCP) is an elite, hands-on cybersecurity certification that validates the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures. SSCP certification fully compliant with U.S. Department of Defense Directive 8140 and 8570 requirements is valued throughout the IT security industry. The Official (ISC)2 SSCP CBK Reference is the only official Common Body of Knowledge (CBK) available for SSCP-level practitioners, exclusively from (ISC)2, the global leader in cybersecurity certification and training. This authoritative volume contains essential knowledge practitioners require on a regular basis. Accurate, up-to-date chapters provide in-depth coverage of the seven SSCP domains: Security Operations and Administration; Access Controls; Risk Identification, Monitoring and Analysis; Incident Response and Recovery; Cryptography; Network and Communications Security; and Systems and Application Security. Designed to serve as a reference for information security professionals throughout their careers, this indispensable (ISC)2 guide: Provides comprehensive coverage of the latest domains and objectives of the SSCP Helps better secure critical assets in their organizations Serves as a complement to the SSCP Study Guide for certification candidates The Official (ISC)2 SSCP CBK Reference is an essential resource for SSCP-level professionals, SSCP candidates and other practitioners involved in cybersecurity.

Introduction


CONGRATULATIONS ON CHOOSING TO become a Systems Security Certified Practitioner (SSCP)! In making this choice, you're signing up to join the professionals who strive to keep our information-based modern world safe, secure, and reliable. SSCPs and other information security professionals help businesses and organizations keep private data private and help to ensure that published and public-facing information stays unchanged and unhacked.

Whether you are new to the fields of information security, information assurance, or cybersecurity, or you've been working with these concepts, tools, and ideas for some time now, this book is here to help you grow your knowledge, skills, and abilities as a systems security professional.

Let's see how!

ABOUT THIS BOOK


You're here because you need a ready reference source of ideas, information, knowledge, and experience about information systems security. Users of earlier editions of the CBK describe it as the place to go when you need to look up something about bringing your systems or networks back up and online—when you can't exactly Google it. As a first responder in an information security incident, you may need to rely on what you know and what you've got at hand as you characterize, isolate, and contain an intruder and their malware or other causal agents. This book cannot answer all of the questions you'll have in real time, but it may just remind you of important concepts as well as critical details when you need them. As with any reference work, it can help you think your way through to a solution. By taking key definitions and concepts and operationalizing them, showing how they work in practice, this book can enrich the checklists, troubleshooting guides, and task-focused procedures that you may already be using in your work.

The SSCP Seven Domains


This book directly reflects the SSCP Common Body of Knowledge, which is the comprehensive framework that (ISC)2 has developed to express what security professionals should have working knowledge of. These domains include theoretical knowledge, industry best practices, and applied skills and techniques. Chapter by chapter, this book takes you through these domains, with major headings within each chapter being your key to finding what you need when you need it. Topics that are covered in more than one domain will be found within sections or subsections in each chapter as appropriate.

This Sixth Edition has been updated to reflect (ISC)2's Domain Content Outline, released in November 2021. This outline update changed the relative order of the first two domains, but largely kept the topics within each domain the same. Revisions, clarifications, and additions have been made throughout, while a new Appendix brings topics from across those Domains together to provide you assistance with today's thorniest of information security challenges.

(ISC)2 is committed to helping members learn, grow, and thrive. The Common Body of Knowledge (CBK) is the comprehensive framework that helps it fulfill this commitment. The CBK includes all the relevant subjects a security professional should be familiar with, including skills, techniques, and best practices. (ISC)2 uses the various domains of the CBK to test a certificate candidate's levels of expertise in the most critical aspects of information security. You can see this framework in the SSCP Exam Outline at https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/2021/SSCP-Exam-Outline-English-Nov-2021.ashx?la=en&hash=ABCB9E34548D2E8170ADA04EAAD3003F5577D3F5

Successful candidates are competent in the following seven domains:

  • Domain 1 Security Operations and Administration Identification of information assets and documentation of policies, standards, procedures, and guidelines that ensure confidentiality, integrity, and availability, such as:
    1. 1.1 Comply with codes of ethics.
    2. 1.2 Understand security concepts.
    3. 1.3 Identify and implement security controls.
    4. 1.4 Document and maintain functional security controls.
    5. 1.5 Participate in asset management lifecycle (hardware, software, and data).
    6. 1.6 Participate in change management lifecycle.
    7. 1.7 Participate in implementing security awareness and training (e.g., social engineering/phishing).
    8. 1.8 Collaborate with physical security operations (e.g., data center assessment, badging).
  • Domain 2 Access Controls Policies, standards, and procedures that define users (human and nonhuman) as entities with identities that are approved to use an organization's systems and information assets, what they can do, which resources and information they can access, and what operations they can perform on a system, such as:
    1. 2.1 Implement and maintain authentication methods.
    2. 2.2 Support internetwork trust architectures.
    3. 2.3 Participate in the identity management lifecycle.
    4. 2.4 Understand and apply access controls.
  • Domain 3 Risk Identification, Monitoring, and Analysis Risk identification is the review, analysis, and implementation of processes essential to the identification, measurement, and control of loss associated with unplanned adverse events.

    Monitoring and analysis are determining system implementation and access in accordance with defined IT criteria. This involves collecting information for identification of, and response to, security breaches or events, such as:

    1. 3.1 Understand the risk management process.
    2. 3.2 Understand legal and regulatory concerns (e.g., jurisdiction, limitations, privacy).
    3. 3.3 Participate in security assessment and vulnerability management activities.
    4. 3.4 Operate and monitor security platforms (e.g., continuous monitoring).
    5. 3.5 Analyze monitoring results.
  • Domain 4 Incident Response and Recovery Prevent. Detect. Respond. Recover. Incident response and recovery focus on the near real-time actions that must take place if the organization is to survive a cyberattack or other information security incident, get back into operation, and continue as a viable entity. In this domain, the SSCP gains an understanding of how to handle incidents using consistent, applied approaches within a framework of business continuity planning (BCP) and disaster recovery planning (DRP). These approaches are utilized to mitigate damages, recover business operations, and avoid critical business interruption:
    1. 4.1 Support incident lifecycle (e.g., National Institute of Standards and Technology [NIST], International Organization for Standardization [ISO]).
    2. 4.2 Understand and support forensic investigations.
    3. 4.3 Understand and support business continuity plan (BCP) and disaster recovery plan (DRP) activities.
  • Domain 5 Cryptography The protection of information using techniques that ensure its integrity, confidentiality, authenticity, and nonrepudiation, and the

    recovery of encrypted information in its original form:

    1. 5.1 Understand reasons and requirements for cryptography.
    2. 5.2 Apply cryptography concepts.
    3. 5.3 Understand and implement secure protocols.
    4. 5.4 Understand and support public key infrastructure (PKI) systems.
  • Domain 6 Network and Communications Security The network structure, transmission methods and techniques, transport formats, and security measures used to operate both private and public communication networks:
    1. 6.1 Understand and apply fundamental concepts of networking.
    2. 6.2 Understand network attacks (e.g., distributed denial of service [DDoS], man-in-the-middle [MITM], Domain Name System [DNS] poisoning) and countermeasures (e.g., content delivery networks [CDN]).
    3. 6.3 Manage network access controls.
    4. 6.4 Manage network security.
    5. 6.5 Operate and configure network-based security devices.
    6. 6.6 Secure wireless communications.
  • Domain 7 Systems and Application Security Countermeasures and prevention techniques for dealing with viruses, worms, logic bombs, Trojan horses, and other related forms of intentionally created damaging code:
    1. 7.1 Identify and analyze malicious code and activity.
    2. 7.2 Implement and operate endpoint device security.
    3. 7.3 Administer Mobile Device Management (MDM).
    4. 7.4 Understand and configure cloud security.
    5. 7.5 Operate and maintain secure virtual environments.
  • Appendix: Cross-Domain Challenges In 2020 and 2021, the world was rocked by the Covid-19 pandemic and a significant increase in the complexity, scale, and severity of cybercrime and cyber attacks on businesses, government services, and critical infrastructures. In response, information security professionals around the globe worked tirelessly to address incident response and recovery. They also worked to improve systems hardening and intrusion detection techniques. Many of the persistent (and pernicious) attack strategies exploit aspects of nearly every topic in every SSCP Domain. Here in the CBK, the appendix offers five sets of strategies that can help security professionals shift the offense-versus-defense struggle more into the defense's favor. These five shifts or pivots are:
    • Turn the attackers' playbooks against them.
    • Cybersecurity hygiene: think small, act...

Erscheint lt. Verlag 3.3.2022
Sprache englisch
Themenwelt Mathematik / Informatik Informatik Netzwerke
Schlagworte Computer Science • Informatik • Networking / Security • Netzwerke / Sicherheit • Netzwerksicherheit
ISBN-10 1-119-87487-4 / 1119874874
ISBN-13 978-1-119-87487-4 / 9781119874874
Haben Sie eine Frage zum Produkt?
EPUBEPUB (Adobe DRM)
Größe: 7,8 MB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belle­tristik und Sach­büchern. Der Fließ­text wird dynamisch an die Display- und Schrift­größe ange­passt. Auch für mobile Lese­geräte ist EPUB daher gut geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Andere eBook-Ausgabe
PDF (Adobe DRM)
51,99 €
Print-Ausgabe
Buch | Hardcover
73,19 €
Mehr entdecken
aus dem Bereich
PC-Netzwerke - Martin Linten; Axel Schemberg; Kai Surendorf
PC-Netzwerke
Das umfassende Handbuch

von Martin Linten; Axel Schemberg; Kai Surendorf

eBook Download (2023)
Rheinwerk Computing (Verlag)
29,90
Raspberry Pi - Michael Kofler; Charly Kühnast; Christoph Scherbeck
Raspberry Pi
Das umfassende Handbuch

von Michael Kofler; Charly Kühnast; Christoph Scherbeck

eBook Download (2024)
Rheinwerk Computing (Verlag)
33,68
Computernetzwerke - Rüdiger Schreiner; Oliver P. Waldhorst
Computernetzwerke
Von den Grundlagen zur Funktion und Anwendung

von Rüdiger Schreiner; Oliver P. Waldhorst

eBook Download (2023)
Carl Hanser Verlag GmbH & Co. KG
29,99
auf Facebook teilen
bei Twitter
Link zu dieser Seite kopieren