CC Certified in Cybersecurity Cert Guide

Mari Galloway, a best-selling author of Securing Our Future and cyber professional, is the CEO and a founding board member for the Women’s Society of Cyberjutsu (WSC), one of the fastest growing 501(c)3 nonprofit cybersecurity communities dedicated to bringing more women and girls to cyber. WSC provides its members with the resources and support required to enter and advance as cybersecurity professionals. Mari began her career with Accenture, where she excelled as a network engineer. Mari is also a 2023 Presidential Lifetime Award winner and the inaugural ISC2 Diversity Award winner for 2019. With over 15 years in IT and cybersecurity, her experience spans network design, security architecture, risk assessments, vulnerability management, incident response, and policy development across government and commercial industries. Mari holds a variety of technical and management certifications (CISSP, GIAC, CCNA, etc.) as well as a Bachelor of Business Administration in Computer Information Systems from Columbus State University and a Master of Science in Information Systems from Strayer University. Mari is currently a resident of Las Vegas and is the CEO of a cybersecurity consulting company. She regularly contributes content to security blogs and training companies across the country as well as an adjunct professor for the University of Maryland Global Campus (UMGC). She also lends her time to various organizations as an award judge, mentor, and advisor. Outside of being a geek, Mari enjoys arts, puzzles, and Lego! Amena Jamali is a person with multiple facets. With her rational mind, she is a cybersecurity auditor and an aspiring scholar in the field of disinformation research and cyber psychology. With her creative mind, she is an epic fantasy author with four books published so far in the The Lord of Freedom series and many more coming. Her pursuit of truth has been shaped by an eclectic mixture of education: a Bachelor of Arts in Politics and a Master of Science in Cybersecurity from the University of Dallas, which is located in her home state of Texas. In various forums, she speaks and writes about political philosophy, information ethics, governance, risk, compliance, and data privacy, and she is equally passionate about diversity, equity, and inclusion and about the representation of powerful women in literature. A firm believer in the supportive power of community, Amena is an active member of and leader in the Women’s Society of Cyberjutsu and has in 2023 won that organization’s Cyber Rising Star Award. When she is not working, writing, or theorizing, she reads, learns languages, watches superhero movies, embroiders, and bakes delicious pies.

Introduction xviii
Chapter 1 Cybersecurity Principles 3
“Do I Know This Already?” Quiz 3
Foundation Topics 6
Information Assurance 6
The CIA Triad 7
Confidentiality 7
Integrity 8
Availability 8
Privacy 9
ISC2 Code of Ethics 9
Exam Preparation Tasks 10
Review All Key Topics 10
Define Key Terms 11
Q&A 11
References 11
Chapter 2 Risk Management 13
“Do I Know This Already” Quiz 13
Foundation Topics 18
Risk Management 18
Risks, Threats, and Vulnerabilities 18
The Scope of Risk Management 21
The Risk Management Process 22
Risk Identification 23
Risk Assessment 24
Risk Treatment 26
Security Controls and Governance 28
Exam Preparation Tasks 30
Review All Key Topics 30
Define Key Terms 31
Q&A 31
References 31
Chapter 3 Threats to Security 33
“Do I Know This Already?” Quiz 33
Foundation Topics 38
Threats to Security 38
Common Threat Categories 39
Malware 39
Viruses 39
Worms 40
Trojans 41
Ransomware 41
Advanced Persistent Threats 43
Network Attacks 43
Distributed Denial-of-Service Attack 43
Man-in-the-Middle Attack 44
Side-Channel Attack 44
Detection and Mitigation Techniques 44
Detection Tools 45
Scanning and Penetration Testing 48
Exam Preparation Tasks 48
Review All Key Topics 48
Define Key Terms 49
Q&A 49
References 50
Chapter 4 Physical Access Controls 53
“Do I Know This Already?” Quiz 53
Foundation Topics 56
Physical Security Controls 56
Badge Systems 56
Gates for Physical Protection 59
Types of Gate Entry Systems 59
Access Control 62
Environmental Design 62
Monitoring for Physical Security 63
Security Guards 63
Closed-Circuit Television 64
Alarm Systems 65
Logs and Documentation 65
Authorized Versus Unauthorized Personnel 66
Exam Preparation Tasks 66
Review All Key Topics 66
Define Key Terms 67
Q&A 67
References 67
Chapter 5 Logical Access Controls 71
“Do I Know This Already?” Quiz 71
Foundation Topics 74
Need to Know and Least Privilege 74
Segregation of Duties 75
Security Models 76
Discretionary Access Control 76
Mandatory Access Control 77
Role-Based Access Control 79
IAM and Automation 81
Exam Preparation Tasks 81
Review All Key Topics 81
Define Key Terms 82
Q&A 82
References 82
Chapter 6 Computer Networking Fundamentals 85
“Do I Know This Already” Quiz 85
Foundation Topics 89
Understanding Computer Networking 89
Ports and Protocols 93
OSI Model 94
Application Layer (Layer 7) 95
Presentation Layer (Layer 6) 96
Session Layer (Layer 5) 96
Transport Layer (Layer 4) 97
Network Layer (Layer 3) 98
Internet Protocol 98
Data Link Layer (Layer 2) 102
Protocols 103
Wireless 104
Physical Layer (Layer 1) 106
TCP/IP Model 106
Exam Preparation Tasks 107
Review All Key Topics 107
Define Key Terms 108
Q&A 108
References 109
Chapter 7 Network Security Infrastructure 111
“Do I Know This Already” Quiz 111
Foundation Topics 115
On-Premises Network Security Infrastructure 115
Environmental Controls 115
Fire Suppression Systems 116
Redundancy and High Availability 117
Memorandum of Understanding and Memorandum of Agreement 117
Designing Secure Networks 118
Demilitarized Zones 121
Virtual Local Area Networks 121
Virtual Private Networks 122
Network Access Control 123
Embedded Systems 124
Cloud Network Security Infrastructure 125
Cloud Deployment Models 125
Public 125
Private 126
Community 127
Hybrid 128
Cloud Service Models 129
Infrastructure as a Service 130
Platform as a Service 130
Software as a Service 131
Service-Level Agreement 132
Managed Service Provider 133
Cloud Challenges 134
Exam Preparation Tasks 135
Review All Key Topics 135
Define Key Terms 135
Q&A 136
References 136
Chapter 8 Data and the System 139
“Do I Know This Already?” Quiz 139
Foundation Topics 143
Data Security 143
Encryption 143
Hashing 144
Non-Repudiation 145
Authentication 146
One-Time Passwords 147
Password Policy 147
Data Handling 149
Data Classification 149
Data Labeling 150
Data Retention 151
Data Destruction 152
Data Handling Policy 153
Exam Preparation Tasks 153
Review All Key Topics 153
Define Key Terms 154
Q&A 154
References 154
Chapter 9 Security in the Life 157
“Do I Know This Already?” Quiz 158
Foundation Topics 162
System Hardening 162
Baselines 162
Patch Management 164
Vulnerability Management 165
System Updates and Upgrades 165
Logging and Monitoring 166
Security Policies 167
Acceptable Use Policy 167
Bring Your Own Device Policy 167
Change Management Policy 168
Privacy Policy 169
Security Awareness Training 170
Social Engineering 170
Password Protection 171
Exam Preparation Tasks 172
Review All Key Topics 172
Define Key Terms 172
Q&A 172
Reference 173
Chapter 10 Security in Emergencies 175
“Do I Know This Already?” Quiz 176
Foundation Topics 180
Incident Response 180
Detection 181
Classification 181
Containment 182
Response 183
Recovery 183
Reflection 183
Testing 183
Business Continuity 184
Business Impact Analysis 184
Testing 185
Backup and Recovery 185
Disaster Recovery 188
Recovery Time Objective 189
Recovery Point Objective 189
Maximum Tolerable Downtime 190
Replication, Hot Sites, Warm Sites, and Cold Sites 190
Failover Testing 191
Governance Processes 191
Policies 193
Standards 193
Procedures 193
Guidelines 194
Regulations and Laws 194
Exam Preparation Tasks 195
Review All Key Topics 195
Define Key Terms 196
Q&A 196
References 197
Chapter 11 Tying It All Together 199
Security as a Whole 199
Defense-in-Depth 199
The Castle Analogy 200
The Whole of Information Assurance 202
Summary 202
Chapter 12 After the Certification 205
Take a Breather and Reflect 205
Update Your Professional Profiles 205
Showcase Your Passion and Knowledge 205
Seek Mentorship and Sponsorship 206
Stay Informed About Emerging Threats and Technologies 206
Contribute to the Community Through Thought Leadership 206
Explore Further Education Opportunities 207
Evaluate Career Progress and Set New Goals 207
Summary 207
Chapter 13 Final Preparation 209
Suggested Plan for Final Review and Study 209
Summary 210
Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A 211
Appendix B CC Certified in Cybersecurity Cert Guide Exam Updates 223
Glossary of Key Terms 225
Online Elements:
Glossary of Key Terms
Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A
Appendix B CC Certified in Cybersecurity Cert Guide Exam Updates
Appendix C Study Planner


9780138200381 TOC 5/21/2024