Cantitate/Preț
Produs

(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide: Sybex Study Guide

Autor Mike Wills
en Limba Engleză Paperback – 3 apr 2022
The only SSCP study guide officially approved by (ISC)2
The (ISC)2 Systems Security Certified Practitioner (SSCP) certification is a well-known vendor-neutral global IT security certification. The SSCP is designed to show that holders have the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures.
This comprehensive Official Study Guide--the only study guide officially approved by (ISC)2--covers all objectives of the seven SSCP domains.
  • Security Operations and Administration
  • Access Controls
  • Risk Identification, Monitoring, and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security
This updated Third Edition covers the SSCP exam objectives effective as of November 2021. Much of the new and more advanced knowledge expected of an SSCP is now covered in a new chapter Cross-Domain Challenges. If you're an information security professional or student of cybersecurity looking to tackle one or more of the seven domains of the SSCP, this guide gets you prepared to pass the exam and enter the information security workforce with confidence.
Citește tot Restrânge

Din seria Sybex Study Guide

Preț: 28068 lei

Preț vechi: 35085 lei
-20% Nou

Puncte Express: 421

Preț estimativ în valută:
5372 5580$ 4462£

Carte disponibilă

Livrare economică 11-25 ianuarie 25
Livrare express 31 decembrie 24 - 04 ianuarie 25 pentru 6328 lei

Preluare comenzi: 021 569.72.76

Specificații

ISBN-13: 9781119854982
ISBN-10: 1119854989
Pagini: 816
Dimensiuni: 187 x 234 x 46 mm
Greutate: 1.32 kg
Ediția:3rd Edition
Editura: Sybex
Seria Sybex Study Guide

Locul publicării:Hoboken, United States

Notă biografică

ABOUT THE AUTHOR Michael S. Wills, SSCP, CISSP, CAMS, is Assistant Professor of Applied Information Technologies in the College of Business at the Embry-Riddle Aeronautical University's Worldwide Campus. He has many years of experience designing, building, and operating cutting-edge secure systems, and wrote (ISC)²'s official training courses for both the SSCP and CISSP. He is also the creator of ERAU's Master of Science in Information Security and Assurance degree program.

Cuprins

Introduction xxv Assessment Test xlviii Part I Getting Started as an SSCP 1 Chapter 1 The Business Case for Decision Assurance and Information Security 3 Information: The Lifeblood of Business 4 Policy, Procedure, and Process: How Business Gets Business Done 10 Who Runs the Business? 20 Summary 24 Exam Essentials 24 Review Questions 26 Chapter 2 Information Security Fundamentals 33 The Common Needs for Privacy, Confidentiality, Integrity, and Availability 34 Training and Educating Everybody 47 SSCPs and Professional Ethics 47 Summary 49 Exam Essentials 50 Review Questions 54 Part II Integrated Risk Management and Mitigation 61 Chapter 3 Integrated Information Risk Management 63 It's a Dangerous World 64 The Four Faces of Risk 75 Getting Integrated and Proactive with Information Defense 83 Risk Management: Concepts and Frameworks 89 Risk Assessment 95 Four Choices for Limiting or Containing Damage 107 Summary 114 Exam Essentials 114 Review Questions 120 Chapter 4 Operationalizing Risk Mitigation 127 From Tactical Planning to Information Security Operations 128 Operationalizing Risk Mitigation: Step by Step 134 The Ongoing Job of Keeping Your Baseline Secure 164 Ongoing, Continuous Monitoring 174 Reporting to and Engaging with Management 182 Summary 183 Exam Essentials 183 Review Questions 189 Part III The Technologies of Information Security 197 Chapter 5 Communications and Network Security 199 Trusting Our Communications in a Converged World 200 Internet Systems Concepts 206 Two Protocol Stacks, One Internet 218 Wireless Network Technologies 240 IP Addresses, DHCP, and Subnets 243 IPv4 vs. IPv6: Important Differences and Options 248 CIANA Layer by Layer 251 Securing Networks as Systems 262 Summary 273 Exam Essentials 273 Review Questions 280 Chapter 6 Identity and Access Control 285 Identity and Access: Two Sides of the Same CIANA+PS Coin 286 Identity Management Concepts 288 Access Control Concepts 295 Network Access Control 305 Implementing and Scaling IAM 310 User and Entity Behavior Analytics (UEBA) 329 Zero Trust Architectures 332 Summary 333 Exam Essentials 334 Review Questions 343 Chapter 7 Cryptography 349 Cryptography: What and Why 350 Building Blocks of Digital Cryptographic Systems 358 Keys and Key Management 367 "Why Isn't All of This Stuff Secret?" 373 Cryptography and CIANA+PS 375 Public Key Infrastructures 381 Applying Cryptography to Meet Different Needs 399 Managing Cryptographic Assets and Systems 405 Measures of Merit for Cryptographic Solutions 407 Attacks and Countermeasures 408 PKI and Trust: A Recap 418 On the Near Horizon 420 Summary 423 Exam Essentials 424 Review Questions 429 Chapter 8 Hardware and Systems Security 435 Infrastructure Security Is Baseline Management 437 Securing the Physical Context 442 Infrastructures 101 and Threat Modeling 444 Endpoint Security 457 Malware: Exploiting the Infrastructure's Vulnerabilities 462 Privacy and Secure Browsing 466 "The Sin of Aggregation" 469 Updating the Threat Model 469 Managing Your Systems' Security 470 Summary 471 Exam Essentials 472 Review Questions 478 Chapter 9 Applications, Data, and Cloud Security 483 It's a Data-Driven World...At the Endpoint 484 Software as Appliances 487 Applications Lifecycles and Security 490 CIANA+PS and Applications Software Requirements 498 Application Vulnerabilities 504 "Shadow IT:" The Dilemma of the User as Builder 507 Information Quality and Information Assurance 511 Protecting Data in Motion, in Use, and at Rest 514 Into the Clouds: Endpoint App and Data Security Considerations 522 Legal and Regulatory Issues 533 Countermeasures: Keeping Your Apps and Data Safe and Secure 535 Summary 536 Exam Essentials 537 Review Questions 548 Part IV People Power: What Makes or Breaks Information Security 555 Chapter 10 Incident Response and Recovery 557 Defeating the Kill Chain One Skirmish at a Time 558 Harsh Realities of Real Incidents 564 Incident Response Framework 566 Preparation 571 Detection and Analysis 578 Containment and Eradication 584 Recovery: Getting Back to Business 587 Post-Incident Activities 590 Summary 594 Exam Essentials 595 Review Questions 601 Chapter 11 Business Continuity via Information Security and People Power 607 What Is a Disaster? 608 Surviving to Operate: Plan for It! 609 Timelines for BC/DR Planning and Action 615 Options for Recovery 617 Cloud- Based "Do- Over" Buttons for Continuity, Security, and Resilience 623 People Power for BC/DR 626 Security Assessment: For BC/DR and Compliance 633 Converged Communications: Keeping Them Secure During BC/DR Actions 634 Summary 637 Exam Essentials 637 Review Questions 641 Chapter 12 Cross-Domain Challenges 647 Operationalizing Security Across the Immediate and Longer Term 648 Supply Chains, Security, and the SSCP 657 Other Dangers on the Web and Net 662 On Our Way to the Future 666 Enduring Lessons 672 Your Next Steps 677 At the Close 678 Exam Essentials 678 Review Questions 683 Appendix Answers to Review Questions 689 Chapter 1: The Business Case for Decision Assurance and Information Security 690 Chapter 2: Information Security Fundamentals 693 Chapter 3: Integrated Information Risk Management 695 Chapter 4: Operationalizing Risk Mitigation 698 Chapter 5: Communications and Network Security 701 Chapter 6: Identity and Access Control 704 Chapter 7: Cryptography 707 Chapter 8: Hardware and Systems Security 709 Chapter 9: Applications, Data, and Cloud Security 712 Chapter 10: Incident Response and Recovery 715 Chapter 11: Business Continuity via Information Security and People Power 718 Chapter 12: Cross- Domain Challenges 722 Index 727