Muutke küpsiste eelistusi

ISC2 SSCP Systems Security Certified Practitioner Official Study Guide & Practice Tests Bundle 3rd edition [Pehme köide]

(University of Notre Dame), ,
  • Formaat: Paperback / softback, 1 pages, kõrgus x laius x paksus: 234x188x64 mm, kaal: 1633 g
  • Ilmumisaeg: 07-Apr-2022
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 111987890X
  • ISBN-13: 9781119878902
Teised raamatud teemal:
  • Pehme köide
  • Hind: 76,97 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 90,55 €
  • Säästad 15%
  • Raamatu kohalejõudmiseks kirjastusest kulub orienteeruvalt 2-4 nädalat
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
ISC2 SSCP Systems Security Certified Practitioner Official Study Guide & Practice Tests Bundle 3rd editionSuurem pilt
  • Formaat: Paperback / softback, 1 pages, kõrgus x laius x paksus: 234x188x64 mm, kaal: 1633 g
  • Ilmumisaeg: 07-Apr-2022
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 111987890X
  • ISBN-13: 9781119878902
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781119878902.html
Märksõnad:
Prepare effectively and efficiently for the challenging SSCP exam and a new career in systems security In the newly revised third edition of the (ISC)2 SSCP Study Guide & SSCP Practice Test Kit, a team of celebrated technical professionals and educators delivers a comprehensive and authoritative guide to preparing for the widely recognized and in-demand Systems Security Certified Practitioner certification exam. The included study resources and practice test material will prepare you to succeed on the challenging exam the first time. It will also help you build job-ready skills in security operations and administration, cryptography, network and communications security, access controls, risk identification, monitoring, and analysis, incident response and recovery, and systems and application security. With accessible coverage of every competency covered by the test, the (ISC)2 SSCP Study Guide & SSCP Practice Test Kit is an indispensable study aid for anyone preparing for the SSCP exam or seeking to expand their systems security skillset.
(ISC)2® SSCP® Systems Security Certified Practitioner
Official Study Guide
Third Edition
Introduction xxv
Assessment Test xlviii
Part I Getting Started as an SSCP
1(60)
Chapter 1 The Business Case for Decision Assurance and Information Security
3(30)
Information: The Lifeblood of Business
4(1)
Data, Information, Knowledge, Wisdom
5(3)
Information Is Nor Information Technology
8(2)
Policy, Procedure, and Process: How Business Gets Business Done
10(1)
Who Is the Business?
11(1)
"What's the Business Case for That?"
12(1)
Purpose, Intent, Goals, Objectives
13(1)
Business Logic and Business Processes: Transforming Assets into Opportunity, Wealth, and Success
14(1)
The Value Chain
15(2)
Being Accountable
17(3)
Who Runs the Business?
20(1)
Owners and Investors
20(1)
Boards of Directors
20(1)
Managing or Executive Directors and the "C-Suite"
21(1)
Layers of Function, Structure, Management, and Responsibility
21(2)
Plans and Budgets, Policies, and Directives
23(1)
Summary
24(1)
Exam Essentials
24(2)
Review Questions
26(7)
Chapter 2 Information Security Fundamentals
33(28)
The Common Needs for Privacy, Confidentiality, Integrity, and Availability
34(1)
Privacy
34(4)
Confidentiality
38(1)
Integrity
39(1)
Availability
40(1)
Privacy vs. Security, or Privacy and Security?
41(2)
CIANA+PS Needs of Individuals
43(1)
Private Business's Need for CIANA+PS
44(1)
Government's Need for CIANA+PS
45(1)
The Modern Military's Need for CIA
45(1)
Do Societies Need CIANA+PS?
46(1)
Training and Educating Everybody
47(1)
SSCPs and Professional Ethics
47(2)
Summary
49(1)
Exam Essentials
50(4)
Review Questions
54(7)
Part II Integrated Risk Management and Mitigation
61(136)
Chapter 3 Integrated Information Risk Management
63(64)
It's a Dangerous World
64(2)
What Is Risk?
66(3)
Risk: When Surprise Becomes Disruption
69(2)
Information Security: Delivering Decision Assurance
71(3)
"Common Sense" and Risk Management
74(1)
The Four Faces of Risk
75(2)
Outcomes-Based Risk
77(1)
Process-Based Risk
78(1)
Asset-Based Risk
79(1)
Threat-Based (or Vulnerability-Based) Risk
79(4)
Getting Integrated and Proactive with Information Defense
83(3)
Lateral Movement: Mitigate with Integrated C3
86(1)
Trust, but Verify
87(1)
Due Care and Due Diligence: Whose Jobs Are These?
87(1)
Be Prepared: First, Set Priorities
88(1)
Risk Management: Concepts and Frameworks
89(3)
The SSCP and Risk Management
92(1)
Plan, Do, Check, Act
93(2)
Risk Assessment
95(1)
Establish Consensus about Information Risk
95(1)
Information Risk Impact Assessment
96(1)
Information Classification and Categorization
97(2)
Risk Analysis
99(6)
The Business Impact Analysis
105(1)
From Assessments to Information Security Requirements
106(1)
Four Choices for Limiting or Containing Damage
107(2)
Deter
109(1)
Detect
110(1)
Prevent
110(1)
Avoid
111(3)
Summary
114(1)
Exam Essentials
114(6)
Review Questions
120(7)
Chapter 4 Operationalizing Risk Mitigation
127(70)
From Tactical Planning to Information Security Operations
128(2)
Operationally Outthinking Your Adversaries
130(2)
Getting Inside the Other Side's OODA Loop
132(1)
Defeating the Kill Chain
133(1)
Operationalizing Risk Mitigation: Step by Step
134(1)
Step 1 Assess the Existing Architectures
135(7)
Step 2 Assess Vulnerabilities and Threats
142(10)
Step 3 Select Risk Treatment and Controls
152(7)
Step 4 Implement Controls
159(4)
Step 5 Authorize: Senior Leader Acceptance and Ownership
163(1)
The Ongoing Job of Keeping Your Baseline Secure
164(1)
Build and Maintain User Engagement with Risk Controls
165(1)
Participate in Security Assessments
166(3)
Manage the Architectures: Asset Management and Change Control
169(5)
Ongoing, Continuous Monitoring
174(3)
Exploiting What Monitoring and Event Data Is Telling You
177(4)
Incident Investigation, Analysis, and Reporting
181(1)
Reporting to and Engaging with Management
182(1)
Summary
183(1)
Exam Essentials
183(6)
Review Questions
189(8)
Part III The Technologies of Information Security
197(358)
Chapter 5 Communications and Network Security
199(86)
Trusting Our Communications in a Converged World
200(3)
CIANA+PS: Applying Security Needs to Networks
203(2)
Threat Modeling for Communications Systems
205(1)
Internet Systems Concepts
206(1)
Datagrams and Protocol Data Units
207(1)
Handshakes
208(1)
Packets and Encapsulation
209(2)
Addressing, Routing, and Switching
211(1)
Network Segmentation
212(1)
URLs and the Web
212(1)
Topologies
213(4)
"Best Effort" and Trusting Designs
217(1)
Two Protocol Stacks, One Internet
218(1)
Complementary, Not Competing, Frameworks
218(4)
Layer 1 The Physical Layer
222(1)
Layer 2 The Data Link Layer
223(2)
Layer 3 The Network Layer
225(1)
Layer 4 The Transport Layer
226(4)
Layer 5 The Session Layer
230(1)
Layer 6 The Presentation Layer
231(1)
Layer 7 The Application Layer
232(1)
Cross-Layer Protocols and Services
233(1)
IP and Security
234(1)
Layers or Planes?
235(1)
Network Architectures
236(1)
DMZs and Botnets
237(1)
Software-Defined Networks
238(1)
Virtual Private Networks
239(1)
Wireless Network Technologies
240(1)
Wi-Fi
241(1)
Bluetooth
242(1)
Near-Field Communication
242(1)
IP Addresses, DHCP, and Subnets
243(1)
DHCP Leases: IPv4 and IPv6
243(2)
IPv4 Address Classes
245(2)
Subnetting in IPv4
247(1)
IPv4 vs. IPv6: Important Differences and Options
248(3)
CI AN A Layer by Layer
251(1)
CIANA at Layer 1: Physical
251(3)
CIANA at Layer 2: Data Link
254(2)
CIANA at Layer 3: Network
256(1)
CIANA at Layer 4: Transport
257(1)
CIANA at Layer 5: Session
258(2)
CIANA at Layer 6: Presentation
260(1)
CIANA at Layer 7: Application
260(2)
Securing Networks as Systems
262(1)
Network Security Devices and Services
263(1)
Wireless Network Access and Security
264(1)
CIANA+PS and Wireless
265(2)
Monitoring and Analysis for Network Security
267(2)
A SOC Is Not a NOC
269(1)
Tools for the SOC and the NOC
270(1)
Integrating Network and Security Management
271(2)
Summary
273(1)
Exam Essentials
273(7)
Review Questions
280(5)
Chapter 6 Identity and Access Control
285(64)
Identity and Access: Two Sides of the Same CIANA+PS Coin
286(2)
Identity Management Concepts
288(1)
Identity Provisioning and Management
289(4)
Identity and AAA
293(2)
Access Control Concepts
295(1)
Subjects and Objects--Everywhere!
296(1)
Data Classification and Access Control
297(2)
Bell-LaPadula and Biba Models
299(3)
Role-Based
302(1)
Attribute-Based
303(1)
Subject-Based
303(1)
Object-Based
304(1)
Rule-Based Access Control
304(1)
Risk-Based Access Control
304(1)
Mandatory vs. Discretionary Access Control
305(1)
Network Access Control
305(2)
IEEE 802.IX Concepts
307(1)
RADIUS Authentication
308(1)
TACACS and TACACS+
309(1)
Implementing and Scaling I AM
310(1)
Choices for Access Control Implementations
311(2)
"Built-in" Solutions?
313(1)
Other Protocols for IAM
314(1)
Multifactor Authentication
315(4)
Server-Based IAM
319(1)
Integrated IAM systems
320(1)
Single Sign-On
321(1)
OpenID Connect
322(1)
Identity as a Service (IDaaS)
322(1)
Federated IAM
322(1)
Session Management
323(2)
Kerberos
325(1)
Credential Management
326(2)
Trust Frameworks and Architectures
328(1)
User and Entity Behavior Analytics (UEBA)
329(3)
Zero Trust Architectures
332(1)
Summary
333(1)
Exam Essentials
334(9)
Review Questions
343(6)
Chapter 7 Cryptography
349(86)
Cryptography: What and Why
350(2)
Codes and Ciphers: Defining Our Terms
352(5)
Cryptography, Cry ptology, or?
357(1)
Building Blocks of Digital Cryptographic Systems
358(1)
Cryptographic Algorithms
359(1)
Cryptographic Keys
360(2)
Hashing as One-Way Cryptography
362(3)
A Race Against Time
365(1)
"The Enemy Knows Your System"
366(1)
Keys and Key Management
367(1)
Key Storage and Protection
367(1)
Key Revocation and Disposal
368(2)
Modern Cryptography: Beyond the "Secret Decoder Ring"
370(1)
Symmetric Key Cryptography
370(1)
Asymmetric Key Cryptography
370(1)
Hybrid Cryptosystems
371(1)
Design and Use of Cryptosystems
371(1)
Cryptanalysis, Ethical and Unethical
372(1)
Cryptographic Primitives
373(1)
Cryptographic Engineering
373(1)
"Why Isn't All of This Stuff Secret?"
373(2)
Cryptography and CIANA+PS
375(1)
Confidentiality
376(1)
Authentication
376(1)
Integrity
376(1)
Nonrepudiation
377(1)
"But I Didn't Get That Email"
378(1)
Availability
379(1)
Privacy
380(1)
Safety
381(1)
Public Key Infrastructures
381(1)
Diffie-Hellman-Merkle Public Key Exchange
382(3)
RSA Encryption and Key Exchange
385(1)
ElGamal Encryption
385(1)
Elliptical Curve Cryptography (ECC)
386(1)
Digital Signatures
387(1)
Digital Certificates and Certificate Authorities
387(1)
Hierarchies (or Webs) of Trust
388(4)
Pretty Good Privacy
392(1)
TLS
393(1)
HTTPS
394(1)
Symmetric Key Algorithms and PKI
395(1)
Encapsulation for Security: IPSec, ISAKMP, and Others
396(3)
Applying Cryptography to Meet Different Needs
399(1)
Message Integrity Controls
399(1)
S/MIME
400(1)
DKIM
400(1)
Blockchain
401(2)
Data Storage, Content Distribution, and Archiving
403(1)
Steganography
404(1)
Access Control Protocols
404(1)
Managing Cryptographic Assets and Systems
405(2)
Measures of Merit for Cryptographic Solutions
407(1)
Attacks and Countermeasures
408(1)
Social Engineering for Key Discovery
409(1)
Implementation Attacks
410(1)
Brute Force and Dictionary Attacks
410(1)
Side Channel Attacks
411(1)
Numeric (Algorithm or Key) Attacks
412(1)
Traffic Analysis, "Op Intel," and Social Engineering Attacks
413(1)
Massively Parallel Systems Attacks
414(1)
Supply Chain Vulnerabilities
414(1)
The "Sprinkle a Little Crypto Dust on It" Fallacy
415(1)
Countermeasures
416(2)
PKI and Trust: A Recap
418(2)
On the Near Horizon
420(1)
Pervasive and Homomorphic Encryption
420(1)
Quantum Cryptography and Post-Quantum Cryptography
421(1)
AI, Machine Learning, and Cryptography
422(1)
Summary
423(1)
Exam Essentials
424(5)
Review Questions
429(6)
Chapter 8 Hardware and Systems Security
435(48)
Infrastructure Security Is Baseline Management
437(1)
It's About Access Control
437(2)
It's Also About Supply Chain Security
439(1)
Do Clouds Have Boundaries?
439(3)
Securing the Physical Context
442(1)
Facilities Security
442(1)
Services Security
443(1)
OT-Intensive (or Reliant) Contexts
444(1)
Infrastructures 101 and Threat Modeling
444(3)
Protecting the Trusted Computing Base
447(1)
Hardware Vulnerabilities
447(2)
Firmware Vulnerabilities
449(2)
Operating Systems Vulnerabilities
451(3)
Virtual Machines and Vulnerabilities
454(1)
Network Operating Systems
455(2)
Endpoint Security
457(2)
MDM, COPE, and BYOD
459(1)
BYOI? BYOC?
460(2)
Malware: Exploiting the Infrastructure's Vulnerabilities
462(3)
Countering the Malware Threat
465(1)
Privacy and Secure Browsing
466(3)
"The Sin of Aggregation"
469(1)
Updating the Threat Model
469(1)
Managing Your Systems' Security
470(1)
Summary
471(1)
Exam Essentials
472(6)
Review Questions
478(5)
Chapter 9 Applications, Data, and Cloud Security
483(72)
It's a Data-Driven World At the Endpoint
484(3)
Software as Appliances
487(3)
Applications Lifecycles and Security
490(1)
The Software Development Lifecycle (SDLC)
491(3)
Why Is (Most) Software So Insecure?
494(3)
Hard to Design It Right, Easy to Fix It?
497(1)
CIANA+PS and Applications Software Requirements
498(4)
Positive and Negative Models for Software Security
502(1)
Is Negative Control Dead? Or Dying?
503(1)
Application Vulnerabilities
504(1)
Vulnerabilities Across the Lifecycle
505(1)
Human Failures and Frailties
506(1)
"Shadow IT:" The Dilemma of the User as Builder
507(2)
Data and Metadata as Procedural Knowledge
509(2)
Information Quality and Information Assurance
511(1)
Information Quality Lifecycle
512(1)
Preventing (or Limiting) the "Garbage In" Problem
513(1)
Protecting Data in Motion, in Use, and at Rest
514(2)
Data Exfiltration I: The Traditional Threat
516(2)
Detecting Unauthorized Data Acquisition
518(1)
Preventing Data Loss
519(2)
Detecting and Preventing Malformed Data Attacks
521(1)
Into the Clouds: Endpoint App and Data Security Considerations
522(2)
Cloud Deployment Models and Information Security
524(1)
Cloud Service Models and Information Security
525(2)
Edge and Fog Security: Virtual Becoming Reality
527(1)
Clouds, Continuity, and Resiliency
528(1)
Clouds and Threat Modeling
529(2)
Cloud Security Methods
531(1)
Integrate and Correlate
532(1)
SLAs, TORs, and Penetration Testing
532(1)
Data Exfiltration II: Hiding in the Clouds
533(1)
Legal and Regulatory Issues
533(2)
Countermeasures: Keeping Your Apps and Data Safe and Secure
535(1)
Summary
536(1)
Exam Essentials
537(11)
Review Questions
548(7)
Part IV People Power: What Makes or Breaks Information Security
555(134)
Chapter 10 Incident Response and Recovery
557(50)
Defeating the Kill Chain One Skirmish at a Time
558(2)
Kill Chains: Reviewing the Basics
560(2)
Events vs. Incidents
562(2)
Harsh Realities of Real Incidents
564(1)
MITRE's ATT&CK Framework
564(2)
Learning from Others' Painful Experiences
566(1)
Incident Response Framework
566(2)
Incident Response Team: Roles and Structures
568(2)
Incident Response Priorities
570(1)
Preparation
571(1)
Preparation Planning
572(2)
Put the Preparation Plan in Motion
574(1)
Are You Prepared?
575(3)
Detection and Analysis
578(1)
Warning Signs
578(2)
Initial Detection
580(1)
Timeline Analysis
581(1)
Notification
582(1)
Prioritization
583(1)
Containment and Eradication
584(1)
Evidence Gathering, Preservation, and Use
585(1)
Constant Monitoring
586(1)
Recovery: Getting Back to Business
587(1)
Data Recovery
588(1)
Post-Recovery: Notification and Monitoring
589(1)
Post-Incident Activities
590(1)
Learning the Lessons
591(1)
Orchestrate and Automate
592(1)
Support Ongoing Forensics Investigations
592(1)
Information and Evidence Retention
593(1)
Information Sharing with the Larger IT Security Community
594(1)
Summary
594(1)
Exam Essentials
595(6)
Review Questions
601(6)
Chapter 11 Business Continuity via Information Security and People Power
607(40)
What Is a Disaster?
608(1)
Surviving to Operate: Plan for It!
609(1)
Business Continuity
610(1)
IS Disaster Recovery Plans
610(1)
Plans, More Plans, and Triage
611(4)
Timelines for BC/DR Planning and Action
615(2)
Options for Recovery
617(1)
Backups, Archives, and Image Copies
618(2)
Cryptographic Assets and Recovery
620(1)
"Golden Images" and Validation
621(1)
Scan Before Loading: Blocking Historical Zero-Day Attacks
622(1)
Restart from a Clean Baseline
622(1)
Cloud-Based "Do-Over" Buttons for Continuity, Security, and Resilience
623(2)
Restoring a Virtual Organization
625(1)
People Power for BC/DR
626(2)
Threat Vectors: It Is a Dangerous World Out There
628(3)
"Blue Team's" C3I
631(1)
Learning from Experience
632(1)
Security Assessment: For BC/DR and Compliance
633(1)
Converged Communications: Keeping Them Secure During BC/DR Actions
634(1)
POTS and VoIP Security
635(1)
People Power for Secure Communications
636(1)
Summary
637(1)
Exam Essentials
637(4)
Review Questions
641(6)
Chapter 12 Cross-Domain Challenges
647(42)
Operationalizing Security Across the Immediate and Longer Term
648(2)
Continuous Assessment and Continuous Compliance
650(1)
SDNs and SDS
651(2)
SOAR: Strategies for Focused Security Effort
653(2)
A "DevSecOps" Culture: SOAR for Software Development
655(1)
Just-in-Time Education, Training, and Awareness
656(1)
Supply Chains, Security, and the SSCP
657(1)
ICS, IoT, and SCADA: More Than SUNBURST
658(2)
Extending Physical Security: More Than Just Badges and Locks
660(1)
All-Source, Proactive Intelligence: The SOC as a Fusion Center
661(1)
Other Dangers on the Web and Net
662(1)
Surface, Deep, and Dark Webs
662(2)
Deep and Dark: Risks and Countermeasures
664(1)
DNS and Namespace Exploit Risks
665(1)
On Our Way to the Future
666(1)
Cloud Security: Edgier and Foggier
667(1)
AI, ML, and Analytics: Explicability and Trustworthiness
667(2)
Quantum Communications, Computing, and Cryptography
669(1)
Paradigm Shifts in Information Security?
669(2)
Perception Management and Information Security
671(1)
Widespread Lack of Useful Understanding of Core Technologies
672(1)
Enduring Lessons
672(1)
You Cannot Legislate Security (But You Can Punish Noncompliance)
673(1)
It's About Managing Our Security and Our Systems
673(1)
People Put It Together
674(1)
Maintain Flexibility of Vision
675(1)
Accountability--It's Personal. Make It So
675(1)
Stay Sharp
676(1)
Your Next Steps
677(1)
At the Close
678(1)
Exam Essentials
678(5)
Review Questions
683(6)
Appendix Answers to Review Questions
689
Chapter 1 The Business Case for Decision Assurance and Information Security
690(3)
Chapter 2 Information Security Fundamentals
693(2)
Chapter 3 Integrated Information Risk Management
695(3)
Chapter 4 Operationalizing Risk Mitigation
698(3)
Chapter 5 Communications and Network Security
701(3)
Chapter 6 Identity and Access Control
704(3)
Chapter 7 Cryptography
707(2)
Chapter 8 Hardware and Systems Security
709(3)
Chapter 9 Applications, Data, and Cloud Security
712(3)
Chapter 10 Incident Response and Recovery
715(3)
Chapter 11 Business Continuity via Information Security and People Power
718(4)
Chapter 12 Cross-Domain Challenges
722
Index 727
(ISC)2® SSCP® Systems Security Certified Practitioner
Official Practice Tests
Second Edition
Introduction xi
Chapter 1 Security Operations and Administration (Domain 1)
1(20)
Chapter 2 Access Controls (Domain 2)
21(16)
Chapter 3 Risk Identification, Monitoring, and Analysis (Domain 3)
37(24)
Chapter 4 Incident Response and Recovery (Domain 4)
61(18)
Chapter 5 Cryptography (Domain 5)
79(16)
Chapter 6 Network and Communications Security (Domain 6)
95(24)
Chapter 7 Systems and Application Security (Domain 7)
119(22)
Chapter 8 Practice Test 1
141(28)
Chapter 9 Practice Test 2
169(28)
Appendix Answers to Review Questions
197(86)
Chapter 1 Security Operations and Administration (Domain 1)
198(6)
Chapter 2 Access Controls (Domain 2)
204(8)
Chapter 3 Risk Identification, Monitoring, and Analysis (Domain 3)
212(9)
Chapter 4 Incident Response and Recovery (Domain 4)
221(8)
Chapter 5 Cryptography (Domain 5)
229(6)
Chapter 6 Network and Communications Security (Domain 6)
235(11)
Chapter 7 Systems and Application Security (Domain 7)
246(9)
Chapter 8 Practice Test 1
255(14)
Chapter 9 Practice Test 2
269(14)
Index 283