Official (ISC)2 Guide to the SSCP CBK 2nd Revised Edition

Description

Features

# Walks you step-by-step through the seven domains of the SSCP CBK

# Presents best-practices garnered through years of experience by leading organizations from around the world

# Uses clear dialogue, bulleted lists, tables, charts, and diagrams to build a thorough understanding of essential concepts

# Supplies authoritative guidance from leaders in information security implementation

# Prepares you to join the thousands of professionals worldwide who have obtained an (ISC) certification

Summary

The (ISC) Systems Security Certified Practitioner (SSCP) certification is one of the most important credentials an information security practitioner can have. Having helped thousands of people around the world obtain this distinguished certification, the bestselling Official (ISC)2 Guide to the SSCP CBK has quickly become the book that many of today's security practitioners depend on to attain and maintain the required competence in the seven domains of the (ISC) CBK.

Picking up where the popular first edition left off, the Official (ISC)2 Guide to the SSCP CBK, Second Edition brings together leading IT security tacticians from around the world to discuss the critical role that policy, procedures, standards, and guidelines play within the overall information security management infrastructure. Offering step-by-step guidance through the seven domains of the SSCP CBK, the text:

    * Presents widely recognized best practices and techniques used by the world's most experienced administrators

    * Uses accessible language, bulleted lists, tables, charts, and diagrams to facilitate a clear understanding

    * Prepares you to join the thousands of practitioners worldwide who have obtained (ISC) certification

Through clear descriptions accompanied by easy-to-follow instructions and self-assessment questions, this book will help you establish the product-independent understanding of information security fundamentals required to attain SSCP certification. Following certification it will be a valuable guide to addressing real-world security implementation challenges.

CONTENTS:

Access Controls; Paul Henry

Access Control Concepts

Architecture Models

Identification, Authentication, Authorization, and Accountability

Remote Access Methods

Other Access Control Areas

Sample Questions

Cryptography; Christopher M. Nowell

The Basics

Symmetric Cryptography

General Cryptography

Specific Hashes

Specific Protocols

X.509

Sample Questions

Malicious Code; Ken Dunham

Introduction to Windows Malcode Security Management

Malcode Naming Conventions and Types

Brief History of Malcode

Vectors of Infection

Payloads

Identifying Infections

Behavioral Analysis of Malcode

Malcode Mitigation

Sample Questions

Monitoring and Analysis; Mike Mackrill

Policy, Controls, and Enforcement

Audit

Monitoring

Sample Questions

Networks and Telecommunications; Eric Waxvik and Samuel Chun

Introduction to Networks and Telecommunications

Network Protocols and Security Characteristics

Data Communications and Network Infrastructure Components and Security Characteristics

Wireless Local Area Networking

Sample Questions

Security Operations and Administration; C. Karen Stopford

Security Program Objectives: The C-I-A Triad

Code of Ethics

Security Best Practices

Designing a Security Architecture

Security Program Frameworks

Aligning Business, IT, and Security

Security Architecture and Models

Access Control Models

Identity and Access Management

Managing Privileged User Accounts

Outsourcing Security and Managed Security Service Providers

Business Partner Security Controls

Security Policies, Standards, Guidelines, and Procedures

Considerations for Safeguarding Confidentiality

Privacy and Monitoring

Information Life Cycle

Protecting Confidentiality and Information Classification

Information Handling Policy

Information Collection

Secure Information Storage

Secure Output

Record Retention and Disposal

Disclosure Controls: Data Leakage Prevention

Secure Application Development

Web Application Vulnerabilities and Secure Development Practices

Implementation and Release Management

Systems Assurance and Controls Validation

Certification and Accreditation

Security Assurance Rating: Common Criteria

Change Control

Configuration Management

Patch Management

Monitoring System Integrity

Endpoint Protection

Thin Client Implementations

Metrics

Security Awareness and Training

Review Questions

References

Risk, Response, and Recovery; Chris Trautwein

Introduction to Risk Management

Incident Response

Forensics

Recovery

Appendix: Questions and Answers

Access Controls

Cryptography

Malicious Code

Monitoring and Analysis

Networks and Telecommunications

Risk, Response, and Recovery

Security Operations and Administration

Index