SSCP (ISC)2 Systems Security Certified Practitioner Official Study Guide (häftad)

Fler böcker inom

Nätverkssäkerhet

Format: Häftad (Paperback / softback)
Språk: Engelska
Antal sidor: 576
Utgivningsdatum: 2015-10-27
Upplaga: 1
Förlag: Sybex Inc.,U.S.
Dimensioner: 228 x 177 x 50 mm
Vikt
Antal komponenter: 1
Komponenter: Contains 1 Digital online
ISBN: 9781119059653

Fully updated Study Guide for the SSCP This guide prepares you for the SSCP, Systems Security Certified Practitioner certification examination by focusing on the Common Body of Knowledge (CBK) as determined by ISC2 in seven high level topics. This Sybex Study Guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world practice, access to the Sybex online interactive learning environment and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions. Along with the book you also get access to Sybex's superior online interactive learning environment that includes: *125 question practice exam to help you identify where you need to study more. Get more than 90 percent of the answers correct, you're ready to take the certification exam. * More than 100 Electronic Flashcards to reinforce your learning and give you last minute test prep before the exam * A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam * Appendix of charts, tables, typical applications, and programs Coverage of all of the exam topics in the book means you'll be ready for: * Access Controls * Security Operations and Administration * Risk Identification, Monitoring and Analysis Incident Response and Recovery * Cryptography * Network and Communications Security * Systems and Application Security

Visa hela texten

ABOUT THE AUTHORS George "Buzz" Murphy, CISSP, CASP, SSCP is a cybersecurity professional who holds 26 IT and cybersecurity certifications from ISC2, CompTIA, and other prestigious industry organizations. A former technology training executive with Dell, he has held a top-secret security clearance in both US and NATO intelligence and has trained network cybersecurity ops for the U.S. Army, various government security agencies, and foreign military personnel. Buzz has addressed industrial and university groups as well as audiences at Comdex, NetWorld, and the National Computer Conference.

Introduction xxv Assessment Test xxxi Chapter 1 Information Security: The Systems Security Certified Practitioner Certification 1 About the (ISC)2 Organization 2 (ISC)2 History 3 Organizational Structure and Programs 3 Exams, Testing, and Certification 6 Certification Qualification: The SSCP Common Body of Knowledge 6 After Passing the Exam 8 Certification Maintenance 9 Types of IT Certifications? 10 About the Systems Security Certified Practitioner Certification 12 How Do I Use My SSCP Knowledge on the Job? 15 The SSCP Exam 17 Preparing for the Exam 17 Booking the Exam 21 Taking the Exam 22 Summary 25 Exam Essentials 25 Chapter 2 Security Basics: A Foundation 27 The Development of Security Techniques 28 Understanding Security Terms and Concepts 29 The Problem (Opportunity) and the Solution 29 Evolution of Items 31 Security Foundation Concepts 38 CIA Triad 38 Primary Security Categories 39 Access Control 40 Nonrepudiation 42 Risk 42 Prudent Man, Due Diligence, and Due Care 44 User Security Management 44 Least Privilege 45 AAA 45 Mandatory Vacation 46 Separation of Duties 46 M of N Requirement 46 Two-Man Rule 47 Job Rotation 48 Geographic Access Control 48 Temporal Access Control, Time of Day Control 48 Privacy 49 Transparency 49 Implicit Deny 50 Personal Device (BYOD) 51 Privilege Management, Privilege Life Cycle 51 Participating in Security Awareness Education 52 Types of Security Awareness Education Programs 52 Working with Human Resources and Stakeholders 53 Senior Executives 53 Customers, Vendors, and Extranet Users Security Awareness Programs 54 Summary 54 Exam Essentials 55 Written Lab 56 Review Questions 57 Chapter 3 Domain 1: Access Controls 61 What Are Controls? 62 What Should Be Protected? 63 Why Control Access? 64 Types of Access Controls 67 Physical Access Controls 67 Logical Access Controls 68 Administrative Access Controls 69 Identification 70 Authentication 72 Factors of Authentication 74 Single-Factor Authentication 84 Multifactor Authentication 84 Token-Based Access Controls 85 System-Level Access Controls 86 Discretionary Access Control (DAC) 86 Nondiscretionary Access Control 87 Mandatory Access Control 87 Administering Mandatory Access Control 89 Trusted Systems 90 Mandatory Access Control Architecture Models 91 Account-Level Access Control 94 Session-Level Access Control 104 View-Based Access Control 104 Data-Level Access Control 105 Contextual- or Content-Based Access Control 106 Physical Data and Printed Media Access Control 106 Assurance of Accountability 107 Manage Internetwork Trust Architectures 108 Cloud-Based Security 111 Summary 113 Exam Essentials 114 Written Lab 115 Review Questions 116 Chapter 4 Domain 2: Security Operations and Administration 121 Security Administration Concepts and Principles 122 Security Equation 123 Security Policies and Practices 124 Data Management Policies 143 Data States 144 Information Life Cycle Management 144 Information Classification Policy 144 Endpoint Device Security 148 Endpoint Health Compliance 148 Endpoint Defense 149 Endpoint Device Policy 149 Security Education and Awareness Training 150 Employee Security Training Policy 153 Employee Security Training program 154 Business Continuity Planning 157 Developing a Business Continuity Plan 160 Disaster Recovery Plans 165 Summary 173 Exam Essentials 174 Written Lab 175 Review Questions 176 Chapter 5 Domain 3: Risk Identification, Monitoring, and Analysis 181 Understanding the Risk Management Process 183 Defining Risk 183 Risk Management Process 184 Risk Management Frameworks and Guidance for Managing Risks 191 ISO/IEC 27005 191 NIST Special Publication 800-37 Revision 1