Skip to main content

SSCP (ISC)2 Systems Security Certified Practitioner Official Study Guide

SSCP (ISC)2 Systems Security Certified Practitioner Official Study Guide

George Murphy

ISBN: 978-1-119-05995-0

Sep 2015

576 pages

$39.99

Description

Fully updated Study Guide for the SSCP

This guide prepares you for the SSCP, Systems Security Certified Practitioner certification examination by focusing on the Common Body of Knowledge (CBK) as determined by ISC2 in seven high level topics. This Sybex Study Guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world practice, access to the Sybex online interactive learning environment and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.

Along with the book you also get access to Sybex's superior online interactive learning environment that includes:

  • 125 question practice exam to help you identify where you need to study more. Get more than 90 percent of the answers correct, you're ready to take the certification exam.
  • More than 100 Electronic Flashcards to reinforce your learning and give you last minute test prep before the exam
  • A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam
  • Appendix of charts, tables, typical applications, and programs

Coverage of all of the exam topics in the book means you'll be ready for:

  • Access Controls
  • Security Operations and Administration
  • Risk Identification, Monitoring and Analysis Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security

Related Resources

Introduction xxv

Assessment Test xxxi

Chapter 1 Information Security: The Systems Security Certified Practitioner Certification 1

About the (ISC)2 Organization 2

(ISC)2 History 3

Organizational Structure and Programs 3

Exams, Testing, and Certification 6

Certification Qualification: The SSCP Common Body of Knowledge 6

After Passing the Exam 8

Certification Maintenance 9

Types of IT Certifications? 10

About the Systems Security Certified Practitioner Certification 12

How Do I Use My SSCP Knowledge on the Job? 15

The SSCP Exam 17

Preparing for the Exam 17

Booking the Exam 21

Taking the Exam 22

Summary 25

Exam Essentials 25

Chapter 2 Security Basics: A Foundation 27

The Development of Security Techniques 28

Understanding Security Terms and Concepts 29

The Problem (Opportunity) and the Solution 29

Evolution of Items 31

Security Foundation Concepts 38

CIA Triad 38

Primary Security Categories 39

Access Control 40

Nonrepudiation 42

Risk 42

Prudent Man, Due Diligence, and Due Care 44

User Security Management 44

Least Privilege 45

AAA 45

Mandatory Vacation 46

Separation of Duties 46

M of N Requirement 46

Two-Man Rule 47

Job Rotation 48

Geographic Access Control 48

Temporal Access Control, Time of Day Control 48

Privacy 49

Transparency 49

Implicit Deny 50

Personal Device (BYOD) 51

Privilege Management, Privilege Life Cycle 51

Participating in Security Awareness Education 52

Types of Security Awareness Education Programs 52

Working with Human Resources and Stakeholders 53

Senior Executives 53

Customers, Vendors, and Extranet Users Security Awareness Programs 54

Summary 54

Exam Essentials 55

Written Lab 56

Review Questions 57

Chapter 3 Domain 1: Access Controls 61

What Are Controls? 62

What Should Be Protected? 63

Why Control Access? 64

Types of Access Controls 67

Physical Access Controls 67

Logical Access Controls 68

Administrative Access Controls 69

Identification 70

Authentication 72

Factors of Authentication 74

Single-Factor Authentication 84

Multifactor Authentication 84

Token-Based Access Controls 85

System-Level Access Controls 86

Discretionary Access Control (DAC) 86

Nondiscretionary Access Control 87

Mandatory Access Control 87

Administering Mandatory Access Control 89

Trusted Systems 90

Mandatory Access Control Architecture Models 91

Account-Level Access Control 94

Session-Level Access Control 104

View-Based Access Control 104

Data-Level Access Control 105

Contextual- or Content-Based Access Control 106

Physical Data and Printed Media Access Control 106

Assurance of Accountability 107

Manage Internetwork Trust Architectures 108

Cloud-Based Security 111

Summary 113

Exam Essentials 114

Written Lab 115

Review Questions 116

Chapter 4 Domain 2: Security Operations and Administration 121

Security Administration Concepts and Principles 122

Security Equation 123

Security Policies and Practices 124

Data Management Policies 143

Data States 144

Information Life Cycle Management 144

Information Classification Policy 144

Endpoint Device Security 148

Endpoint Health Compliance 148

Endpoint Defense 149

Endpoint Device Policy 149

Security Education and Awareness Training 150

Employee Security Training Policy 153

Employee Security Training program 154

Business Continuity Planning 157

Developing a Business Continuity Plan 160

Disaster Recovery Plans 165

Summary 173

Exam Essentials 174

Written Lab 175

Review Questions 176

Chapter 5 Domain 3: Risk Identification, Monitoring, and Analysis 181

Understanding the Risk Management Process 183

Defining Risk 183

Risk Management Process 184

Risk Management Frameworks and Guidance for Managing Risks 191

ISO/IEC 27005 191

NIST Special Publication 800-37 Revision 1 192

NIST Special Publication 800-39 194

Risk Analysis and Risk Assessment 194

Risk Analysis 195

Risk Assessments 199

Managing Risks 202

Treatment Plan 202

Risk Treatment 202

Risk Treatment Schedule 203

Risk Register 205

Risk Visibility and Reporting 207

Enterprise Risk Management 207

Continuous Monitoring 208

Security Operations Center 209

Threat Intelligence 210

Analyzing Monitoring Results 211

Security Analytics, Metrics, and Trends 212

Event Data Analysis 213

Visualization 214

Communicating Findings 215

Summary 216

Exam Essentials 217

Written Lab 218

Review Questions 219

Chapter 6 Domain 4: Incident Response and Recovery 223

Event and Incident Handling Policy 224

Standards 225

Procedures 225

Guidelines 226

Creating and Maintaining an Incident Response Plan 226

Law Enforcement and Media Communication 229

Building in Incident Response Team 231

Incident Response Records 232

Security Event Information 233

Incident Response Containment and Restoration 233

Implementation of Countermeasures 235

Understanding and Supporting Forensic Investigations 235

Incident Scene 236

Volatility of Evidence 237

Forensic Principles 237

Chain of Custody 238

Proper Investigation and Analysis of Evidence 238

Interpretation and Reporting Assessment Results 239

Understanding and Supporting the Business Continuity Plan and the Disaster Recovery Plan 240

Emergency Response Plans and Procedures 240

Business Continuity Planning 240

Disaster Recovery Planning 242

Interim or Alternate Processing Strategies 245

Restoration Planning 247

Backup and Redundancy Implementation 247

Business Continuity Plan and Disaster Recovery Plan Testing and Drills 252

Summary 253

Exam Essentials 254

Written Lab 255

Review Questions 256

Chapter 7 Domain 5: Cryptography 261

Concepts and Requirements of Cryptography 263

Terms and Concepts Used in Cryptography 263

Cryptographic Systems and Technology 272

Data Classification and Regulatory Requirements 297

Public Key Infrastructure and Certificate Management 299

Key Management 303

Key Generation 303

Key Distribution 303

Key Encrypting Keys 304

Key Retrieval 304

Secure Protocols 306

IPsec 306

Summary 311

Exam Essentials 311

Written Lab 313

Review Questions 314

Chapter 8 Domain 6: Networks and Communications 317

Network Models 318

TCP/IP and OSI Reference Models 319

Network Design Topographies 330

Network Topology Models 330

Network Connection Models 334

Media Access Models 335

Ports and Protocols 336

Ports 336

Common Protocols 338

Converged Network Communications 340

Network Monitoring and Control 341

Continuous Monitoring 341

Network Monitors 341

Managing Network Logs 342

Access Control Protocols and Standards 343

Remote Network Access Control 343

Remote User Authentication Services 346

RADIUS 347

TACACS/TACACS+/XTACACS 347

Local User Authentication Services 348

LDAP 348

Kerberos 348

Single Sign-On 350

Network Segmentation 351

Subnetting 352

Virtual Local Area Networks 353

Demilitarized Zones 353

Network Address Translation 354

Securing Devices 355

MAC Filtering and Limiting 356

Disabling Unused Ports 356

Security Posture 356

Firewall and Proxy Implementation 357

Firewalls 357

Firewall Rules 359

Network Routers and Switches 361

Routers 361

Switches 363

Intrusion Detection and Prevention Devices 363

Intrusion Detection Systems 364

Intrusion Prevention Systems 364

Wireless Intrusion Prevention Systems 365

Comparing Intrusion Detection Systems and Intrusion

Prevention Systems 366

Spam Filter to Prevent Email Spam 368

Telecommunications Remote Access 368

Network Access Control 368

Wireless & Cellular Technologies 369

IEEE 802.11x Wireless Protocols 370

WEP/WPA/WPA2 371

Wireless Networks 373

Cellular Network 375

WiMAX 375

Wireless MAN 376

Wireless WAN 377

Wireless LAN 377

Wireless Mesh Network 377

Bluetooth 377

Wireless Network Attacks 378

Wireless Access Points 378

Traffic Shaping Techniques and Devices 381

Quality of Service 381

Summary 382

Exam Essentials 383

Written Lab 384

Review Questions 385

Chapter 9 Domain 7: Systems and Application Security 389

Understand Malicious Code and Apply Countermeasures 390

Malicious Code Terms and Concepts 393

Managing Spam to Avoid Malware 401

Cookies and Attachments 402

Malicious Code Countermeasures 405

Malicious Add-Ons 409

Java Applets 409

ActiveX 410

User Threats and Endpoint Device Security 410

General Workstation Security 411

Physical Security 416

Securing Mobile Devices and Mobile

Device Management 426

Understand and Apply Cloud Security 428

Cloud Concepts and Cloud Security 429

Cloud Deployment Model Security 434

Cloud Service Model Security 436

Cloud Management Security 438

Cloud Legal and Privacy Concepts 442

Cloud Virtualization Security 449

Secure Data Warehouse and

Big Data Environments 449

Data Warehouse and Big Data Deployment and Operations 450

Securing the Data Warehouse and Data Environment 451

Secure Software-Defined Networks and Virtual Environments 451

Software-Defined Networks 452

Security Benefits and Challenges of Virtualization 455

Summary 457

Exam Essentials 458

Written Lab 459

Review Questions 460

Appendix A Answers to Written Labs 465

Chapter 2 466

Chapter 3 466

Chapter 4 467

Chapter 5 468

Chapter 6 468

Chapter 7 469

Chapter 8 470

Chapter 9 471

Appendix B Answers to Review Questions 473

Chapter 2 474

Chapter 3 475

Chapter 4 476

Chapter 5 478

Chapter 6 479

Chapter 7 481

Chapter 8 483

Chapter 9 484

Appendix C Diagnostic Tools 487

Microsoft Baseline Security Analyzer 488

Using the Tool 488

Microsoft Password Checker 491

Using the Tool 491

Internet Explorer Phishing and Malicious Software Filter 492

Using the Tool 493

Manage Internet Cookies 494

Using the Tool 494

Observing Logs with Event Viewer 495

Using the Tool 495

Viewing a Digital Certificate 497

Using the Tool 497

Monitoring PC Activities with Windows Performance Monitor 500

Using the Tool 500

Analyzing Error Messages in Event Viewer 504

Using the Tool 504

Calculate Hash Values 508

Using the Tool 509

Index 511

ChapterPageDetailsDatePrint Run
IntroductionxxxError in Text
Introduction, page xxx, before Electronic Flashcards
Add the following Heading (heading size/level as How Do I Use This Book on page xxix:
Interactive Online Learning Environment and Test Bank
Add the following text paragraph after the new heading:
The interactive online learning environment that accompanies this book is available at sybextestbanks.wiley.com. Go to this site to register and get access to the following study tools for this book:
5 Oct 2015

150Error in Text
In line 6:

Currently Reads:
BYOB policy

Should Read:
BYOD policy
04 Nov 2015

199Error in Text
In ?Scanning Tools? paragraph:

Currently Reads:
Active scans are scams that are initiated for a particular purpose

Should Read:
Active scans are scans that are initiated for a particular purpose
04 Nov 2015

221Error in Text
In question 15, answer C:

Currently Reads:
Arisk assessment is the last result of the risk management process.

Should Read:
A risk assessment is the last result of the risk management process.
04 Nov 2015

458Error in Text
In Endpoint Hardening paragraph:

Currently Reads:
Endpoint Hardening Know the reasons for and various methods of endpoint heartening.

Should Read:
Endpoint Hardening Know the reasons for and various methods of endpoint Hardening.
04 Nov 2015

Appendix B481Errata in Text
Answer to chapter 7 review question 5 should be:
5. B. Data encrypted with a user?s public key can be encrypted only by the user?s private key.This would not normally be in an organization?s encryption policy. Options A, C, and D are all reasonable items to include in an organization?s encryption policy.
8-Mar-17