Fully updated Study Guide for the SSCPThis guide prepares you for the SSCP, Systems Security Certified Practitioner certification examination by focusing on the Common Body of Knowledge (CBK) as determined by ISC2 in seven high level topics. This Sybex Study Guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world practice, access to the Sybex online interactive learning environment and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.
Along with the book you also get access to Sybex's superior online interactive learning environment that includes:
- 125 question practice exam to help you identify where you need to study more. Get more than 90 percent of the answers correct, you're ready to take the certification exam.
- More than 100 Electronic Flashcards to reinforce your learning and give you last minute test prep before the exam
- A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
- Appendix of charts, tables, typical applications, and programs
Coverage of all of the exam topics in the book means you'll be ready for:
- Access Controls
- Security Operations and Administration
- Risk Identification, Monitoring and Analysis Incident Response and Recovery
- Cryptography
- Network and Communications Security
- Systems and Application Security
Introduction xxv Assessment Test xxxi
Chapter 1 Information
Security: The Systems Security Certified Practitioner Certification 1
About the (ISC)2 Organization 2 (ISC)2 History 3 Organizational
Structure and Programs 3 Exams, Testing, and Certification 6
Certification Qualification: The SSCP Common Body of Knowledge 6 After
Passing the Exam 8 Certification Maintenance 9 Types of IT
Certifications? 10 About the Systems Security Certified Practitioner
Certification 12 How Do I Use My SSCP Knowledge on the Job? 15 The SSCP
Exam 17 Preparing for the Exam 17 Booking the Exam 21 Taking the
Exam 22 Summary 25 Exam Essentials 25
Chapter 2 Security Basics: A
Foundation 27 The Development of Security Techniques 28 Understanding
Security Terms and Concepts 29 The Problem (Opportunity) and the Solution
29 Evolution of Items 31 Security Foundation Concepts 38 CIA Triad
38 Primary Security Categories 39 Access Control 40 Nonrepudiation
42 Risk 42 Prudent Man, Due Diligence, and Due Care 44 User Security
Management 44 Least Privilege 45 AAA 45 Mandatory Vacation 46
Separation of Duties 46 M of N Requirement 46 Two-Man Rule 47 Job
Rotation 48 Geographic Access Control 48 Temporal Access Control, Time
of Day Control 48 Privacy 49 Transparency 49 Implicit Deny 50
Personal Device (BYOD) 51 Privilege Management, Privilege Life Cycle 51
Participating in Security Awareness Education 52 Types of Security
Awareness Education Programs 52 Working with Human Resources and
Stakeholders 53 Senior Executives 53 Customers, Vendors, and Extranet
Users Security Awareness Programs 54 Summary 54 Exam Essentials 55
Written Lab 56 Review Questions 57
Chapter 3 Domain 1: Access Controls
61 What Are Controls? 62 What Should Be Protected? 63 Why Control
Access? 64 Types of Access Controls 67 Physical Access Controls 67
Logical Access Controls 68 Administrative Access Controls 69
Identification 70 Authentication 72 Factors of Authentication 74
Single-Factor Authentication 84 Multifactor Authentication 84
Token-Based Access Controls 85 System-Level Access Controls 86
Discretionary Access Control (DAC) 86 Nondiscretionary Access Control 87
Mandatory Access Control 87 Administering Mandatory Access Control 89
Trusted Systems 90 Mandatory Access Control Architecture Models 91
Account-Level Access Control 94 Session-Level Access Control 104
View-Based Access Control 104 Data-Level Access Control 105 Contextual-
or Content-Based Access Control 106 Physical Data and Printed Media Access
Control 106 Assurance of Accountability 107 Manage Internetwork Trust
Architectures 108 Cloud-Based Security 111 Summary 113 Exam
Essentials 114 Written Lab 115 Review Questions 116
Chapter 4 Domain
2: Security Operations and Administration 121 Security Administration
Concepts and Principles 122 Security Equation 123 Security Policies and
Practices 124 Data Management Policies 143 Data States 144
Information Life Cycle Management 144 Information Classification Policy
144 Endpoint Device Security 148 Endpoint Health Compliance 148
Endpoint Defense 149 Endpoint Device Policy 149 Security Education and
Awareness Training 150 Employee Security Training Policy 153 Employee
Security Training program 154 Business Continuity Planning 157
Developing a Business Continuity Plan 160 Disaster Recovery Plans 165
Summary 173 Exam Essentials 174 Written Lab 175 Review Questions 176
Chapter 5 Domain 3: Risk Identification, Monitoring, and Analysis 181
Understanding the Risk Management Process 183 Defining Risk 183 Risk
Management Process 184 Risk Management Frameworks and Guidance for
Managing Risks 191 ISO/IEC 27005 191 NIST Special Publication 800-37
Revision 1 192 NIST Special Publication 800-39 194 Risk Analysis and
Risk Assessment 194 Risk Analysis 195 Risk Assessments 199 Managing
Risks 202 Treatment Plan 202 Risk Treatment 202 Risk Treatment
Schedule 203 Risk Register 205 Risk Visibility and Reporting 207
Enterprise Risk Management 207 Continuous Monitoring 208 Security
Operations Center 209 Threat Intelligence 210 Analyzing Monitoring
Results 211 Security Analytics, Metrics, and Trends 212 Event Data
Analysis 213 Visualization 214 Communicating Findings 215 Summary
216 Exam Essentials 217 Written Lab 218 Review Questions 219
Chapter 6 Domain 4: Incident Response and Recovery 223 Event and Incident
Handling Policy 224 Standards 225 Procedures 225 Guidelines 226
Creating and Maintaining an Incident Response Plan 226 Law Enforcement and
Media Communication 229 Building in Incident Response Team 231 Incident
Response Records 232 Security Event Information 233 Incident Response
Containment and Restoration 233 Implementation of Countermeasures 235
Understanding and Supporting Forensic Investigations 235 Incident Scene
236 Volatility of Evidence 237 Forensic Principles 237 Chain of
Custody 238 Proper Investigation and Analysis of Evidence 238
Interpretation and Reporting Assessment Results 239 Understanding and
Supporting the Business Continuity Plan and the Disaster Recovery Plan 240
Emergency Response Plans and Procedures 240 Business Continuity Planning
240 Disaster Recovery Planning 242 Interim or Alternate Processing
Strategies 245 Restoration Planning 247 Backup and Redundancy
Implementation 247 Business Continuity Plan and Disaster Recovery Plan
Testing and Drills 252 Summary 253 Exam Essentials 254 Written Lab
255 Review Questions 256
Chapter 7 Domain 5: Cryptography 261
Concepts and Requirements of Cryptography 263 Terms and Concepts Used in
Cryptography 263 Cryptographic Systems and Technology 272 Data
Classification and Regulatory Requirements 297 Public Key Infrastructure
and Certificate Management 299 Key Management 303 Key Generation 303
Key Distribution 303 Key Encrypting Keys 304 Key Retrieval 304
Secure Protocols 306 IPsec 306 Summary 311 Exam Essentials 311
Written Lab 313 Review Questions 314
Chapter 8 Domain 6: Networks and
Communications 317 Network Models 318 TCP/IP and OSI Reference Models
319 Network Design Topographies 330 Network Topology Models 330
Network Connection Models 334 Media Access Models 335 Ports and
Protocols 336 Ports 336 Common Protocols 338 Converged Network
Communications 340 Network Monitoring and Control 341 Continuous
Monitoring 341 Network Monitors 341 Managing Network Logs 342 Access
Control Protocols and Standards 343 Remote Network Access Control 343
Remote User Authentication Services 346 RADIUS 347
TACACS/TACACS+/XTACACS 347 Local User Authentication Services 348 LDAP
348 Kerberos 348 Single Sign-On 350 Network Segmentation 351
Subnetting 352 Virtual Local Area Networks 353 Demilitarized Zones 353
Network Address Translation 354 Securing Devices 355 MAC Filtering
and Limiting 356 Disabling Unused Ports 356 Security Posture 356
Firewall and Proxy Implementation 357 Firewalls 357 Firewall Rules 359
Network Routers and Switches 361 Routers 361 Switches 363
Intrusion Detection and Prevention Devices 363 Intrusion Detection Systems
364 Intrusion Prevention Systems 364 Wireless Intrusion Prevention
Systems 365 Comparing Intrusion Detection Systems and Intrusion
Prevention Systems 366 Spam Filter to Prevent Email Spam 368
Telecommunications Remote Access 368 Network Access Control 368
Wireless & Cellular Technologies 369 IEEE 802.11x Wireless Protocols 370
WEP/WPA/WPA2 371 Wireless Networks 373 Cellular Network 375 WiMAX
375 Wireless MAN 376 Wireless WAN 377 Wireless LAN 377 Wireless
Mesh Network 377 Bluetooth 377 Wireless Network Attacks 378 Wireless
Access Points 378 Traffic Shaping Techniques and Devices 381 Quality of
Service 381 Summary 382 Exam Essentials 383 Written Lab 384
Review Questions 385
Chapter 9 Domain 7: Systems and Application Security
389 Understand Malicious Code and Apply Countermeasures 390 Malicious
Code Terms and Concepts 393 Managing Spam to Avoid Malware 401 Cookies
and Attachments 402 Malicious Code Countermeasures 405 Malicious
Add-Ons 409 Java Applets 409 ActiveX 410 User Threats and Endpoint
Device Security 410 General Workstation Security 411 Physical Security
416 Securing Mobile Devices and Mobile Device Management 426
Understand and Apply Cloud Security 428 Cloud Concepts and Cloud Security
429 Cloud Deployment Model Security 434 Cloud Service Model Security
436 Cloud Management Security 438 Cloud Legal and Privacy Concepts 442
Cloud Virtualization Security 449 Secure Data Warehouse and Big Data
Environments 449 Data Warehouse and Big Data Deployment and Operations 450
Securing the Data Warehouse and Data Environment 451 Secure
Software-Defined Networks and Virtual Environments 451 Software-Defined
Networks 452 Security Benefits and Challenges of Virtualization 455
Summary 457 Exam Essentials 458 Written Lab 459 Review Questions 460
Appendix A Answers to Written Labs 465
Chapter 2 466
Chapter 3 466
Chapter 4 467
Chapter 5 468
Chapter 6 468
Chapter 7 469
Chapter
8 470
Chapter 9 471 Appendix B Answers to Review Questions 473
Chapter 2 474
Chapter 3 475
Chapter 4 476
Chapter 5 478
Chapter 6
479
Chapter 7 481
Chapter 8 483
Chapter 9 484 Appendix C
Diagnostic Tools 487 Microsoft Baseline Security Analyzer 488 Using the
Tool 488 Microsoft Password Checker 491 Using the Tool 491 Internet
Explorer Phishing and Malicious Software Filter 492 Using the Tool 493
Manage Internet Cookies 494 Using the Tool 494 Observing Logs with
Event Viewer 495 Using the Tool 495 Viewing a Digital Certificate 497
Using the Tool 497 Monitoring PC Activities with Windows Performance
Monitor 500 Using the Tool 500 Analyzing Error Messages in Event Viewer
504 Using the Tool 504 Calculate Hash Values 508 Using the Tool 509
Index 511
ABOUT THE AUTHORS George "Buzz" Murphy, CISSP, CASP, SSCP is a cybersecurity professional who holds 26 IT and cybersecurity certifications from ISC2, CompTIA, and other prestigious industry organizations. A former technology training executive with Dell, he has held a top-secret security clearance in both US and NATO intelligence and has trained network cybersecurity ops for the U.S. Army, various government security agencies, and foreign military personnel. Buzz has addressed industrial and university groups as well as audiences at Comdex, NetWorld, and the National Computer Conference.
