O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Official (ISC)2 Guide to the SSCP CBK, 4th Edition

Book Description

The fourth edition of the Official (ISC)2® Guide to the SSCP CBK® is a comprehensive resource providing an in-depth look at the seven domains of the SSCP Common Body of Knowledge (CBK).  This latest edition provides an updated, detailed guide that is considered one of the best tools for candidates striving to become an SSCP. 

The book offers step-by-step guidance through each of SSCP’s domains, including best practices and techniques used by the world's most experienced practitioners. Endorsed by (ISC)² and compiled and reviewed by SSCPs and subject matter experts, this book brings together a global, thorough perspective to not only prepare for the SSCP exam, but it also provides a reference that will serve you well into your career.


Table of Contents

  1. Foreword
  2. Introduction
    1. Conventions
  3. Domain 1: Access Controls
    1. Objectives
    2. Access Control Concepts
    3. Implementing Access Controls
    4. Security Architecture and Models
    5. Implementing Authentication Mechanisms—Identification, Authentication, Authorization, and Accountability
    6. Comparing Internetwork Trust Architectures
    7. Trust Direction
    8. Administering the Identity Management Lifecycle
    9. Summary
    10. Sample Questions
    11. Notes
  4. Domain 2: Security Operations
    1. Objectives
    2. Code of Ethics
    3. Security Program Objectives: The C-I-A Triad and Beyond
    4. Disclosure Controls: Data Leakage Prevention
    5. Summary
    6. Sample Questions
    7. Notes
  5. Domain 3: Risk Identification, Monitoring, and Analysis
    1. Objectives
    2. Introduction to Risk Management
    3. Responding to an Audit
    4. Security Assessment Activities
    5. Operating and Maintaining Monitoring Systems
    6. Going Hands-on—Risk Identification Exercise
    7. Summary
    8. Sample Questions
    9. Notes
  6. Domain 4: Incident Response and Recovery
    1. Objectives
    2. Incident Handling
    3. Recovery and Business Continuity
    4. Summary
    5. Sample Questions
    6. Notes
  7. Domain 5: Cryptography
    1. Objectives
    2. Encryption Concepts
    3. Data Sensitivity and Regulatory Requirements
    4. Going Hands-on with Cryptography—Cryptography Exercise
    5. Summary
    6. Sample Questions
    7. End Notes
  8. Domain 6: Networks and Communications Security
    1. Objectives
    2. Security Issues Related to Networks
    3. Telecommunications Technologies
    4. Control Network Access
    5. LAN-Based Security
    6. Network-Based Security Devices
    7. Wireless Technologies
    8. Summary
    9. Sample Questions
    10. End Notes
  9. Domain 7: Systems and Application Security
    1. Objectives
    2. Identifying and Analyzing Malicious Code and Activity
    3. CIA Triad: Applicability to Malcode
    4. Vectors of Infection
    5. Spoofing, Phishing, Spam, and Botnets
    6. Malicious Web Activity
    7. Payloads
    8. Identifying Infections
    9. Behavioral Analysis of Malcode
    10. Malcode Mitigation
    11. Implementing and Operating End-Point Device Security
    12. Operating and Configuring Cloud Security
    13. Encryption
    14. Encryption Alternatives and Other Data Protection Technologies
    15. Securing Big Data Systems
    16. Operating and Securing Virtual Environments
    17. Summary
    18. Sample Questions
    19. End Notes
  10. Appendix A: Answers to Sample Questions
    1. Domain 1: Access Controls
    2. Domain 2: Security Operations
    3. Domain 3: Risk, Identification, Monitoring, and Analysis
    4. Domain 4: Incident Response and Recovery
    5. Domain 5: Cryptography
    6. Domain 6: Networks and Communications Security
    7. Domain 7: Systems and Application Security
  11. Appendix B: DNSSEC Walkthrough
    1. Hardware and Software Requirements
    2. Configuring the Test Lab
    3. Configuring DC1
    4. Configuring DNS1
    5. Signing a Zone on DC1 and Distributing Trust Anchors
  12. Appendix C: Glossary of Terms Related to the SSCP
  13. Title page
  14. Copyright
  15. About the Editors
  16. Credits
  17. EULA