Muutke küpsiste eelistusi

Official (ISC)2 SSCP CBK Reference 5th edition [Kõva köide]

3.71/5 (8 hinnangut Goodreads-ist)
  • Formaat: Hardback, 784 pages, kõrgus x laius x paksus: 241x193x43 mm, kaal: 1474 g
  • Ilmumisaeg: 02-Jan-2020
  • Kirjastus: Sybex Inc.,U.S.
  • ISBN-10: 1119601940
  • ISBN-13: 9781119601944
Teised raamatud teemal:
  • Kõva köide
  • Hind: 97,75 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
  • Raamatukogudele
Official (ISC)2 SSCP CBK Reference 5th editionSuurem pilt
  • Formaat: Hardback, 784 pages, kõrgus x laius x paksus: 241x193x43 mm, kaal: 1474 g
  • Ilmumisaeg: 02-Jan-2020
  • Kirjastus: Sybex Inc.,U.S.
  • ISBN-10: 1119601940
  • ISBN-13: 9781119601944
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781119601944.html
Märksõnad:

The only official body of knowledge for SSCP—(ISC)2’s popular credential for hands-on security professionals—fully revised and updated.

Systems Security Certified Practitioner (SSCP) is an elite, hands-on cybersecurity certification that validates the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures. SSCP certification—fully compliant with U.S. Department of Defense Directive 8140 and 8570 requirements—is valued throughout the IT security industry. The Official (ISC)2 SSCP CBK Reference is the only official Common Body of Knowledge (CBK) available for SSCP-level practitioners, exclusively from (ISC)2, the global leader in cybersecurity certification and training.

This authoritative volume contains essential knowledge practitioners require on a regular basis. Accurate, up-to-date chapters provide in-depth coverage of the seven SSCP domains: Access Controls; Security Operations and Administration; Risk Identification, Monitoring and Analysis; Incident Response and Recovery; Cryptography; Network and Communications Security; and Systems and Application Security.

Designed to serve as a reference for information security professionals throughout their careers, this indispensable (ISC)2guide:

  • Provides comprehensive coverage of the latest domains and objectives of the SSCP
  • Helps better secure critical assets in their organizations
  • Serves as a complement to the SSCP Study Guide for certification candidates

The Official (ISC)2 SSCP CBK Reference is an essential resource for SSCP-level professionals, SSCP candidates and other practitioners involved in cybersecurity.

Foreword xxi
Introduction xxiii
Chapter 1 Access Controls
1(64)
Access Control Concepts
3(9)
Subjects and Objects
4(2)
Privileges: What Subjects Can Do with Objects
6(1)
Data Classification and Access Control
7(2)
Access Control via Formal Security Models
9(3)
Implement and Maintain Authentication Methods
12(26)
Single-Factor/Multifactor Authentication
13(19)
Accountability
32(2)
Single Sign-On
34(1)
Device Authentication
35(1)
Federated Access
36(2)
Support Internetwork Trust Architectures
38(5)
Trust Relationships (One-Way, Two-Way, Transitive)
39(1)
Extranet
40(1)
Third-Party Connections
41(1)
Zero Trust Architectures
42(1)
Participate in the Identity Management Lifecycle
43(15)
Authorization
44(1)
Proofing
45(1)
Provisioning/Deprovisioning
46(2)
Identity and Access Maintenance
48(4)
Entitlement
52(3)
Identity and Access Management Systems
55(3)
Implement Access Controls
58(5)
Mandatory, Discretionary, and Nondiscretionary
59(2)
Role-Based
61(1)
Attribute-Based
62(1)
Subject-Based
62(1)
Object-Based
62(1)
Summary
63(2)
Chapter 2 Security Operations and Administration
65(82)
Comply with Codes of Ethics
66(4)
Understand, Adhere to, and Promote Professional Ethics
67(1)
(ISC)2 Code of Ethics
68(1)
Organizational Code of Ethics
69(1)
Understand Security Concepts
70(31)
Conceptual Models for Information Security
71(1)
Confidentiality
72(7)
Integrity
79(2)
Availability
81(1)
Accountability
82(1)
Privacy
82(8)
Nonrepudiation
90(1)
Authentication
91(1)
Safety
92(1)
Key Control Principles
93(5)
Access Control and Need-to-Know
98(1)
Job Rotation and Privilege Creep
99(2)
Document, Implement, and Maintain Functional Security Controls
101(6)
Deterrent Controls
101(2)
Preventative Controls
103(1)
Detective Controls
103(1)
Corrective Controls
104(1)
Compensating Controls
105(1)
The Lifecycle of a Control
106(1)
Participate in Asset Management
107(13)
Asset Inventory
108(3)
Lifecycle (Hardware, Software, and Data)
111(1)
Hardware Inventory
112(1)
Software Inventory and Licensing
113(1)
Data Storage
114(6)
Implement Security Controls and Assess Compliance
120(10)
Technical Controls
121(1)
Physical Controls
122(3)
Administrative Controls
125(3)
Periodic Audit and Review
128(2)
Participate in Change Management
130(5)
Execute Change Management Process
132(2)
Identify Security Impact
134(1)
Testing/Implementing Patches, Fixes, and Updates
134(1)
Participate in Security Awareness and Training
135(3)
Security Awareness Overview
136(1)
Competency as the Criterion
137(1)
Build a Security Culture, One Awareness Step at a Time
137(1)
Participate in Physical Security Operations
138(8)
Physical Access Control
138(4)
The Data Center
142(1)
Service Level Agreements
143(3)
Summary
146(1)
Chapter 3 Risk Identification, Monitoring, and Analysis
147(100)
Defeating the Kill Chain One Skirmish at a Time
148(8)
Kill Chains: Reviewing the Basics
151(4)
Events vs. Incidents
155(1)
Understand the Risk Management Process
156(47)
Risk Visibility and Reporting
159(6)
Risk Management Concepts
165(20)
Risk Management Frameworks
185(10)
Risk Treatment
195(8)
Perform Security Assessment Activities
203(17)
Security Assessment Workflow Management
204(2)
Participate in Security Testing
206(9)
Interpretation and Reporting of Scanning and Testing Results
215(1)
Remediation Validation
216(1)
Audit Finding Remediation
217(1)
Manage the Architectures: Asset Management and Configuration Control
218(2)
Operate and Maintain Monitoring Systems
220(18)
Events of Interest
222(7)
Logging
229(1)
Source Systems
230(6)
Legal and Regulatory Concerns
236(2)
Analyze Monitoring Results
238(8)
Security Baselines and Anomalies
240(3)
Visualizations, Metrics, and Trends
243(1)
Event Data Analysis
244(1)
Document and Communicate Findings
245(1)
Summary
246(1)
Chapter 4 Incident Response and Recovery
247(88)
Support the Incident Lifecycle
249(38)
Think like a Responder
253(1)
Physical, Logical, and Administrative Surfaces
254(1)
Incident Response: Measures of Merit
254(1)
The Lifecycle of a Security Incident
255(2)
Preparation
257(7)
Detection, Analysis, and Escalation
264(11)
Containment
275(2)
Eradication
277(2)
Recovery
279(4)
Lessons Learned; Implementation of New Countermeasures
283(1)
Third-Party Considerations
284(3)
Understand and Support Forensic Investigations
287(19)
Legal and Ethical Principles
289(2)
Logistics Support to Investigations
291(1)
Evidence Handling
292(5)
Evidence Collection
297(9)
Understand and Support Business Continuity Plan and Disaster Recovery Plan Activities
306(22)
Emergency Response Plans and Procedures
307(3)
Interim or Alternate Processing Strategies
310(3)
Restoration Planning
313(2)
Backup and Redundancy Implementation
315(4)
Data Recovery and Restoration
319(2)
Training and Awareness
321(1)
Testing and Drills
322(6)
CIANA at Layer 8 and Above
328(5)
It Is a Dangerous World Out There
329(3)
People Power and Business Continuity
332(1)
Summary
333(2)
Chapter 5 Cryptography
335(132)
Understand Fundamental Concepts of Cryptography
336(59)
Building Blocks of Digital Cryptographic Systems
339(8)
Hashing
347(4)
Salting
351(2)
Symmetric Block and Stream Ciphers
353(12)
Stream Ciphers
365(6)
EU ECRYPT
371(1)
Asymmetric Encryption
371(9)
Elliptical Curve Cryptography
380(3)
Nonrepudiation
383(5)
Digital Certificates
388(4)
Encryption Algorithms
392(1)
Key Strength
393(2)
Cryptographic Attacks, Cryptanalysis, and Countermeasures
395(19)
Cryptologic Hygiene as Countermeasures
396(5)
Common Attack Patterns and Methods
401(8)
Secure Cryptoprocessors, Hardware Security Modules, and Trusted Platform Modules
409(5)
Understand the Reasons and Requirements for Cryptography
414(10)
Confidentiality
414(1)
Integrity and Authenticity
415(2)
Data Sensitivity
417(1)
Availability
418(1)
Nonrepudiation
418(2)
Authentication
420(1)
Privacy
421(1)
Safety
422(1)
Regulatory
423(1)
Transparency and Auditability
423(1)
Competitive Edge
424(1)
Understand and Support Secure Protocols
424(22)
Services and Protocols
425(12)
Common Use Cases
437(5)
Deploying Cryptography: Some Challenging Scenarios
442(2)
Limitations and Vulnerabilities
444(2)
Understand Public Key Infrastructure Systems
446(18)
Fundamental Key Management Concepts
447(12)
Hierarchies of Trust
459(3)
Web of Trust
462(2)
Summary
464(3)
Chapter 6 Network and Communications Security
467(182)
Understand and Apply Fundamental Concepts of Networking
468(42)
Complementary, Not Competing, Frameworks
470(1)
OSI and TCP/IP Models
471(15)
OSI Reference Model
486(15)
TCP/IP Reference Model
501(7)
Converged Protocols
508(1)
Software-Defined Networks
509(1)
IPv4 Addresses, DHCP, and Subnets
510(4)
IPv4 Address Classes
510(2)
Subnetting in IPv4
512(1)
Running Out of Addresses?
513(1)
IPv4 vs. IPv6: Key Differences and Options
514(22)
Network Topographies
516(5)
Network Relationships
521(4)
Transmission Media Types
525(5)
Commonly Used Ports and Protocols
530(6)
Understand Network Attacks and Countermeasures
536(29)
CIANA+PS Layer by Layer 5
38(515)
Common Network Attack Types
553(9)
SCADA, IoT, and the Implications of Multilayer Protocols
562(3)
Manage Network Access Controls
565(18)
Network Access Control and Monitoring
568(5)
Network Access Control Standards and Protocols
573(2)
Remote Access Operation and Configuration
575(8)
Manage Network Security
583(10)
Logical and Physical Placement of Network Devices
586(1)
Segmentation
587(4)
Secure Device Management
591(2)
Operate and Configure Network-Based Security Devices
593(22)
Network Address Translation
594(2)
Additional Security Device Considerations
596(2)
Firewalls and Proxies
598(7)
Network Intrusion Detection/Prevention Systems
605(2)
Security Information and Event Management Systems
607(2)
Routers and Switches
609(1)
Network Security from Other Hardware Devices
610(3)
Traffic-Shaping Devices
613(2)
Operate and Configure Wireless Technologies
615(31)
Wireless: Common Characteristics
616(8)
Wi-Fi
624(13)
Bluetooth
637(1)
Near-Field Communications
638(1)
Cellular/Mobile Phone Networks
639(1)
Ad Hoc Wireless Networks
640(2)
Transmission Security
642(3)
Wireless Security Devices
645(1)
Summary
646(3)
Chapter 7 Systems and Application Security
649(81)
Systems and Software Insecurity
650(20)
Software Vulnerabilities Across the Lifecycle
654(9)
Risks of Poorly Merged Systems
663(1)
Hard to Design It Right, Easy to Fix It?
664(3)
Hardware and Software Supply Chain Security
667(1)
Positive and Negative Models for Software Security
668(1)
Is Blacklisting Dead? Or Dying?
669(1)
Information Security = Information Quality + Information Integrity
670(8)
Data Modeling
671(3)
Preserving Data Across the Lifecycle
674(4)
Identify and Analyze Malicious Code and Activity
678(11)
Malware
679(3)
Malicious Code Countermeasures
682(2)
Malicious Activity
684(4)
Malicious Activity Countermeasures
688(1)
Implement and Operate Endpoint Device Security
689(12)
HIDS
691(1)
Host-Based Firewalls
692(1)
Application White Listing
693(1)
Endpoint Encryption
694(1)
Trusted Platform Module
695(1)
Mobile Device Management
696(1)
Secure Browsing
697(3)
IoT Endpoint Security
700(1)
Operate and Configure Cloud Security
701(19)
Deployment Models
702(1)
Service Models
703(3)
Virtualization
706(3)
Legal and Regulatory Concerns
709(7)
Data Storage and Transmission
716(1)
Third-Party/Outsourcing Requirements
716(1)
Lifecycles in the Cloud
717(1)
Shared Responsibility Model
718(1)
Layered Redundancy as a Survival Strategy
719(1)
Operate and Secure Virtual Environments
720(10)
Software-Defined Networking
723(2)
Hypervisor
725(1)
Virtual Appliances
726(1)
Continuity and Resilience
727(1)
Attacks and Countermeasures
727(2)
Shared Storage
729(1)
Summary 730(1)
Index 731
Mike Wills, SSCP, CISSP, Assistant Professor and Program Chair of Applied Information Technologies in the College of Business at Embry-Riddle Aeronautical University's Worldwide Campus. Mike has been a pioneer in ethical hacking since his days as a phone phreak. His many years of cutting-edge experience in secure systems design, development, and operation have enriched the dozens of courses he's built and taught. He created ERAU's Master of Science in Information Security and Assurance degree program and leads the university's teaching and courseware development for the Microsoft Software & Systems Academy at ERAU's 13 US teaching sites.