O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Official (ISC)2 Guide to the SSCP CBK, 3rd Edition

Book Description

The (ISC)2 Systems Security Certified Practitioner (SSCP) certification is one of the most popular and ideal credential for those wanting to expand their security career and highlight their security skills. If you are looking to embark on the journey towards your (SSCP) certification then the Official (ISC)2 Guide to the SSCP CBK is your trusted study companion. This step-by-step, updated 3rd Edition provides expert instruction and extensive coverage of all 7 domains and makes learning and retaining easy through real-life scenarios, sample exam questions, illustrated examples, tables, and best practices and techniques. Endorsed by (ISC)² and compiled and reviewed by leading experts, you will be confident going into exam day. Easy-to-follow content guides you through 

  • Major topics and subtopics within the 7 domains
  • Detailed description of exam format
  • Exam registration and administration policies

Clear, concise, instruction from SSCP certified experts will provide the confidence you need on test day and beyond. Official (ISC)2 Guide to the SSCPCBKis your ticket to becoming a Systems Security Certified Practitioner (SSCP) and more seasoned information security practitioner.

Table of Contents

  1. Domain 1: Access Controls Notes
    1. Objectives
    2. Access Control Concepts
    3. Implementing Access Controls
    4. Security Architecture and Models
    5. Implementing Authentication Mechanisms—Identification, Authentication, Authorization, and Accountability
    6. Comparing Internetwork Trust Architectures
    7. Trust Direction
    8. Administering the Identity Management Lifecycle
    9. Summary
    10. Sample Questions
  2. Domain 2: Security Operations
    1. Objectives
    2. Code of Ethics
    3. Security Program Objectives: The C-I-A Triad and Beyond
    4. Disclosure Controls: Data Leakage Prevention
    5. Summary
    6. Sample Questions
    7. Notes
  3. Domain 3: Risk, Identification, Monitoring, and Analysis
    1. Objectives
    2. Responding to an Audit
    3. Security Assessment Activities
    4. Operating and Maintaining Monitoring Systems
    5. Going Hands-on—Risk Identification Exercise
    6. Summary
    7. Sample Questions
    8. Notes
  4. Domain 4: Incident Response and Recovery
    1. Objectives
    2. Incident Handling
    3. Recovery and Business Continuity
    4. Summary
    5. Sample Questions
    6. Notes
  5. Domain 5: Cryptography
    1. Objectives
    2. Encryption Concepts
    3. Data Sensitivity and Regulatory Requirements
    4. Going Hands-On with Cryptography—Cryptography Exercise
    5. Summary
    6. Sample Questions
    7. End Notes
  6. Domain 6: Networks and Communications Security
    1. Objectives
    2. Security Issues Related to Networks
    3. Telecommunications Technologies
    4. Control Network Access
    5. LAN-Based Security
    6. Network-Based Security Devices
    7. Wireless Technologies
    8. Summary
    9. Sample Questions
    10. End Notes
  7. Domain 7: Systems and Application Security
    1. Objectives
    2. Identifying and Analyzing Malicious Code and Activity
    3. CIA Triad: Applicability to Malcode
    4. Vectors of Infection
    5. Spoofing, Phishing, Spam, and Botnets
    6. Malicious Web Activity
    7. Payloads
    8. Identifying Infections
    9. Behavioral Analysis of Malcode
    10. Malcode Mitigation
    11. Implementing and Operating End-Point Device Security
    12. Operating and Configuring Cloud Security
    13. Encryption
    14. Encryption Alternatives and Other Data Protection Technologies
    15. Securing Big Data Systems
    16. Operating and Securing Virtual Environments
    17. Summary
    18. Sample Questions
    19. End Notes
  8. Appendix A: Answers to Sample Questions
    1. Domain 1: Access Controls
    2. Domain 2: Security Operations
    3. Domain 3: Risk, Identification, Monitoring, and Analysis
    4. Domain 4: Incident Response and Recovery
    5. Domain 5: Cryptography
    6. Domain 6: Networks and Communications Security
    7. Domain 7: Systems and Application Security
  9. Appendix B: DNSSEC Walkthrough
    1. Hardware and Software Requirements
    2. Configuring the Test Lab
    3. Configuring DC1
    4. Configuring DNS1
    5. Signing a Zone on DC1 and Distributing Trust Anchors
  10. Appendix C: Glossary of Terms Related to the SSCP
  11. Titlepage
  12. Copyright
  13. About the Editors
  14. Foreword
  15. Introduction
  16. End-User License Agreement