(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide & Practice Tests Bundle

Klappentext Prepare effectively and efficiently for the challenging SSCP exam and a new career in systems security In the newly revised third edition of the (ISC)2 SSCP Study Guide & SSCP Practice Test Kit, a team of celebrated technical professionals and educators delivers a comprehensive and authoritative guide to preparing for the widely recognized and in-demand Systems Security Certified Practitioner certification exam. The included study resources and practice test material will prepare you to succeed on the challenging exam the first time. It will also help you build job-ready skills in security operations and administration, cryptography, network and communications security, access controls, risk identification, monitoring, and analysis, incident response and recovery, and systems and application security. With accessible coverage of every competency covered by the test, the (ISC)2 SSCP Study Guide & SSCP Practice Test Kit is an indispensable study aid for anyone preparing for the SSCP exam or seeking to expand their systems security skillset. Zusammenfassung Prepare effectively and efficiently for the challenging SSCP exam and a new career in systems security In the newly revised third edition of the (ISC)2 SSCP Study Guide & SSCP Practice Test Kit, a team of celebrated technical professionals and educators delivers a comprehensive and authoritative guide to preparing for the widely recognized and in-demand Systems Security Certified Practitioner certification exam. The included study resources and practice test material will prepare you to succeed on the challenging exam the first time. It will also help you build job-ready skills in security operations and administration, cryptography, network and communications security, access controls, risk identification, monitoring, and analysis, incident response and recovery, and systems and application security. With accessible coverage of every competency covered by the test, the (ISC)2 SSCP Study Guide & SSCP Practice Test Kit is an indispensable study aid for anyone preparing for the SSCP exam or seeking to expand their systems security skillset. Inhaltsverzeichnis Introduction xi Chapter 1 Security Operations and Administration (Domain 1) 1 Chapter 2 Access Controls (Domain 2) 21 Chapter 3 Risk Identification, Monitoring, and Analysis (Domain 3) 37 Chapter 4 Incident Response and Recovery (Domain 4) 61 Chapter 5 Cryptography (Domain 5) 79 Chapter 6 Network and Communications Security (Domain 6) 95 Chapter 7 Systems and Application Security (Domain 7) 119 Chapter 8 Practice Test 1 141 Chapter 9 Practice Test 2 169 Appendix Answers to Review Questions 197 Chapter 1: Security Operations and Administration (Domain 1) 198 Chapter 2: Access Controls (Domain 2) 204 Chapter 3: Risk Identification, Monitoring, and Analysis (Domain 3) 212 Chapter 4: Incident Response and Recovery (Domain 4) 221 Chapter 5: Cryptography (Domain 5) 229 Chapter 6: Network and Communications Security (Domain 6) 235 Chapter 7: Systems and Application Security (Domain 7) 246 Chapter 8: Practice Test 1 255 Chapter 9: Practice Test 2 269 Index 283 TEST BUNDLE TOC: Introduction xxv Assessment Test xlviii Part I Getting Started as an SSCP 1 Chapter 1 The Business Case for Decision Assurance and Information Security 3 Information: The Lifeblood of Business 4 Policy, Procedure, and Process: How Business Gets Business Done 10 Who Runs the Business? 20 Summary 24 Exam Essentials 24 Review Questions 26 Chapter 2 Information Security Fundamentals 33 The Common Needs for Privacy, Confidentiality, Integrity, and Availability 34 Training and Educating Everybody 47 SSCPs and Professional Ethics 47

Inhalt
Introduction xi

Chapter 1 Security Operations and Administration (Domain 1) 1

Chapter 2 Access Controls (Domain 2) 21

Chapter 3 Risk Identification, Monitoring, and Analysis (Domain 3) 37

Chapter 4 Incident Response and Recovery (Domain 4) 61

Chapter 5 Cryptography (Domain 5) 79

Chapter 6 Network and Communications Security (Domain 6) 95

Chapter 7 Systems and Application Security (Domain 7) 119

Chapter 8 Practice Test 1 141

Chapter 9 Practice Test 2 169

Appendix Answers to Review Questions 197

Chapter 1: Security Operations and Administration (Domain 1) 198

Chapter 2: Access Controls (Domain 2) 204

Chapter 3: Risk Identification, Monitoring, and Analysis (Domain 3) 212

Chapter 4: Incident Response and Recovery (Domain 4) 221

Chapter 5: Cryptography (Domain 5) 229

Chapter 6: Network and Communications Security (Domain 6) 235

Chapter 7: Systems and Application Security (Domain 7) 246

Chapter 8: Practice Test 1 255

Chapter 9: Practice Test 2 269

Index 283

**TEST BUNDLE TOC:

**

Introduction xxv

Assessment Test xlviii

Part I Getting Started as an SSCP 1

Chapter 1 The Business Case for Decision Assurance and Information Security 3

Information: The Lifeblood of Business 4

Policy, Procedure, and Process: How Business Gets Business Done 10

Who Runs the Business? 20

Summary 24

Exam Essentials 24

Review Questions 26

Chapter 2 Information Security Fundamentals 33

The Common Needs for Privacy, Confidentiality, Integrity, and Availability 34

Training and Educating Everybody 47

SSCPs and Professional Ethics 47

Summary 49

Exam Essentials 50

Review Questions 54

Part II Integrated Risk Management and Mitigation 61

Chapter 3 Integrated Information Risk Management 63

It's a Dangerous World 64

The Four Faces of Risk 75

Getting Integrated and Proactive with Information Defense 83

Risk Management: Concepts and Frameworks 89

Risk Assessment 95

Four Choices for Limiting or Containing Damage 107

Summary 114

Exam Essentials 114

Review Questions 120

Chapter 4 Operationalizing Risk Mitigation 127

From Tactical Planning to Information Security Operations 128

Operationalizing Risk Mitigation: Step by Step 134

The Ongoing Job of Keeping Your Baseline Secure 164

Ongoing, Continuous Monitoring 174

Reporting to and Engaging with Management 182

Summary 183

Exam Essentials 183

Review Questions 189

Part III The Technologies of Information Security 197

Chapter 5 Communications and Network Security 199

Trusting Our Communications in a Converged World 200

Internet Systems Concepts 206

Two Protocol Stacks, One Internet 218

Wireless Network Technologies 240

IP Addresses, DHCP, and Subnets 243

IPv4 vs. IPv6: Important Differences and Options 248

CIANA Layer by Layer 251

Securing Networks as Systems 262

Summary 273

Exam Essentials 273

Review Questions 280

Chapter 6 Identity and Access Control 285

Identity and Access: Two Sides of the Same CIANA+PS Coin 286

Identity Management Concepts 288

Access Control Concepts 295

Network Access Control 305

Implementing and Scaling IAM 310

User and Entity Behavior Analytics (UEBA) 329

Zero Trust Architectures 332

Summary 333

Exam Essentials 334

Review Questions 343

Chapter 7 Cryptography 349

Cryptography: What and Why 350

Building Blocks of Digital Cryptographic Systems 358

Keys and Key Management 367

"Why Isn't All of This Stuff Secret?" 373

Cryptography and CIANA+PS 375

Public Key Infrastructures 381

Applying Cryptography to Meet Different Needs 399

Managing Cryptographic Assets and Systems 405

Measures of Merit for Cryptographic Solutions 407

Attacks and Countermeasures 408

PKI and Trust: A Recap 418

On the Near Horizon 420

Summary 423

Exam Essentials 424

Review Questions 429

Chapter 8 Hardware and Systems Security 435

Infrastructure Security Is Baseline Management 437

Securing the Physical Context 442

Infrastructures 101 and Threat Modeling 444

Endpoint Security 457

Malware: Exploiting the Infrastructure's Vulnerabilities 462

Privacy and Secure Browsing 466

"The Sin of Aggregation" 469

Updating the Threat Model 469

Managing Your Systems' Security 470

Summary 471

Ex…