(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide, 3rd Edition

(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide, 3rd Edition

by Mike Wills
Released February 2022
Publisher(s): Sybex
ISBN: 9781119854982

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

The only SSCP study guide officially approved by (ISC)2

The (ISC)2 Systems Security Certified Practitioner (SSCP) certification is a well-known vendor-neutral global IT security certification. The SSCP is designed to show that holders have the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures.

This comprehensive Official Study Guide—the only study guide officially approved by (ISC)2—covers all objectives of the seven SSCP domains.

  • Security Operations and Administration
  • Access Controls
  • Risk Identification, Monitoring, and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security

This updated Third Edition covers the SSCP exam objectives effective as of November 2021. Much of the new and more advanced knowledge expected of an SSCP is now covered in a new chapter "Cross-Domain Challenges." If you're an information security professional or student of cybersecurity looking to tackle one or more of the seven domains of the SSCP, this guide gets you prepared to pass the exam and enter the information security workforce with confidence.

Table of contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Acknowledgments
  5. About the Author
  6. About the Technical Editor
  7. Introduction
    1. About This Book
    2. What Is an SSCP?
    3. Using This Book
    4. Major Changes in This Edition
    5. Objective Map
    6. Earning Your Certification
    7. Congratulations! You're Now an SSCP. Now What?
    8. Let's Get Started!
    9. Assessment  Test
    10. Answers to Assessment  Test
  8. PART I: Getting Started as an SSCP
    1. Chapter 1: The Business Case for Decision Assurance and Information Security
      1. Information: The Lifeblood of Business
      2. Policy, Procedure, and Process: How Business Gets Business Done
      3. Who Runs the Business?
      4. Summary
      5. Exam Essentials
      6. Review Questions
    2. Chapter 2: Information Security Fundamentals
      1. The Common Needs for Privacy, Confidentiality, Integrity, and Availability
      2. Training and Educating Everybody
      3. SSCPs and Professional Ethics
      4. Summary
      5. Exam Essentials
      6. Review Questions
  9. PART II: Integrated Risk Management and Mitigation
    1. Chapter 3: Integrated Information Risk Management
      1. It’s a Dangerous World
      2. The Four Faces of Risk
      3. Getting Integrated and Proactive with Information Defense
      4. Risk Management: Concepts and Frameworks
      5. Risk Assessment
      6. Four Choices for Limiting or Containing Damage
      7. Summary
      8. Exam Essentials
      9. Review Questions
    2. Chapter 4: Operationalizing Risk Mitigation
      1. From Tactical Planning to Information Security Operations
      2. Operationalizing Risk Mitigation: Step by Step
      3. The Ongoing Job of Keeping Your Baseline Secure
      4. Ongoing, Continuous Monitoring
      5. Reporting to and Engaging with Management
      6. Summary
      7. Exam Essentials
      8. Review Questions
  10. PART III: The Technologies of Information Security
    1. Chapter 5: Communications and Network Security
      1. Trusting Our Communications in a Converged World
      2. Internet Systems Concepts
      3. Two Protocol Stacks, One Internet
      4. Wireless Network Technologies
      5. IP Addresses, DHCP, and Subnets
      6. IPv4 vs. IPv6: Important Differences and Options
      7. CIANA Layer by Layer
      8. Securing Networks as Systems
      9. Summary
      10. Exam Essentials
      11. Review Questions
    2. Chapter 6: Identity and Access Control
      1. Identity and Access: Two Sides of the Same CIANA+PS Coin
      2. Identity Management Concepts
      3. Access Control Concepts
      4. Network Access Control
      5. Implementing and Scaling IAM
      6. User and Entity Behavior Analytics (UEBA)
      7. Zero Trust Architectures
      8. Summary
      9. Exam Essentials
      10. Review Questions
    3. Chapter 7: Cryptography
      1. Cryptography: What and Why
      2. Building Blocks of Digital Cryptographic Systems
      3. Keys and Key Management
      4. Modern Cryptography: Beyond the “Secret Decoder Ring”
      5. “Why Isn't All of This Stuff Secret?”
      6. Cryptography and CIANA+PS
      7. Public Key Infrastructures
      8. Applying Cryptography to Meet Different Needs
      9. Managing Cryptographic Assets and Systems
      10. Measures of Merit for Cryptographic Solutions
      11. Attacks and Countermeasures
      12. PKI and Trust: A Recap
      13. On the Near Horizon
      14. Summary
      15. Exam Essentials
      16. Review Questions
    4. Chapter 8: Hardware and Systems Security
      1. Infrastructure Security Is Baseline Management
      2. Securing the Physical Context
      3. Infrastructures 101 and Threat Modeling
      4. Endpoint Security
      5. Malware: Exploiting the Infrastructure's Vulnerabilities
      6. Privacy and Secure Browsing
      7. “The Sin of Aggregation”
      8. Updating the Threat Model
      9. Managing Your Systems' Security
      10. Summary
      11. Exam Essentials
      12. Review Questions
    5. Chapter 9: Applications, Data, and Cloud Security
      1. It's a Data-Driven World…At the Endpoint
      2. Software as Appliances
      3. Applications Lifecycles and Security
      4. CIANA+PS and Applications Software Requirements
      5. Application Vulnerabilities
      6. “Shadow IT:” The Dilemma of the User as Builder
      7. Information Quality and Information Assurance
      8. Protecting Data in Motion, in Use, and at Rest
      9. Into the Clouds: Endpoint App and Data Security Considerations
      10. Legal and Regulatory Issues
      11. Countermeasures: Keeping Your Apps and Data Safe and Secure
      12. Summary
      13. Exam Essentials
      14. Review Questions
  11. PART IV: People Power: What Makes or Breaks Information Security
    1. Chapter 10: Incident Response and Recovery
      1. Defeating the Kill Chain One Skirmish at a Time
      2. Harsh Realities of Real Incidents
      3. Incident Response Framework
      4. Preparation
      5. Detection and Analysis
      6. Containment and Eradication
      7. Recovery: Getting Back to Business
      8. Post-Incident Activities
      9. Summary
      10. Exam Essentials
      11. Review Questions
      12. Note
    2. Chapter 11: Business Continuity via Information Security and People Power
      1. What Is a Disaster?
      2. Surviving to Operate: Plan for It!
      3. Timelines for BC/DR Planning and Action
      4. Options for Recovery
      5. Cloud-Based “Do-Over” Buttons for Continuity, Security, and Resilience
      6. People Power for BC/DR
      7. Security Assessment: For BC/DR and Compliance
      8. Converged Communications: Keeping Them Secure During BC/DR Actions
      9. Summary
      10. Exam Essentials
      11. Review Questions
    3. Chapter 12: Cross-Domain Challenges
      1. Operationalizing Security Across the Immediate and Longer Term
      2. Supply Chains, Security, and the SSCP
      3. Other Dangers on the Web and Net
      4. On Our Way to the Future
      5. Enduring Lessons
      6. Your Next Steps
      7. At the Close
      8. Exam Essentials
      9. Review Questions
  12. Appendix: Answers to Review Questions
    1. Chapter 1: The Business Case for Decision Assurance and Information Security
    2. Chapter 2: Information Security Fundamentals
    3. Chapter 3: Integrated Information Risk Management
    4. Chapter 4: Operationalizing Risk Mitigation
    5. Chapter 5: Communications and Network Security
    6. Chapter 6: Identity and Access Control
    7. Chapter 7: Cryptography
    8. Chapter 8: Hardware and Systems Security
    9. Chapter 9: Applications, Data, and Cloud Security
    10. Chapter 10: Incident Response and Recovery
    11. Chapter 11: Business Continuity via Information Security and People Power
    12. Chapter 12: Cross-Domain Challenges
  13. Index
  14. End User License Agreement

Product information

  • Title: (ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide, 3rd Edition
  • Author(s): Mike Wills
  • Release date: February 2022
  • Publisher(s): Sybex
  • ISBN: 9781119854982