The Official (ISC)2 SSCP CBK Reference

The only official body of knowledge for SSCP—(ISC)2’s popular credential for hands-on security professionals—fully revised and updated. Systems Security Certified Practitioner (SSCP) is an elite, hands-on cybersecurity certification that validates the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures. SSCP certification—fully compliant with U.S. Department of Defense Directive 8140 and 8570 requirements—is valued throughout the IT security industry. The Official (ISC)2 SSCP CBK Reference is the only official Common Body of Knowledge (CBK) available for SSCP-level practitioners, exclusively from (ISC)2, the global leader in cybersecurity certification and training. This authoritative volume contains essential knowledge practitioners require on a regular basis. Accurate, up-to-date chapters provide in-depth coverage of the seven SSCP domains: Access Controls; Security Operations and Administration; Risk Identification, Monitoring and Analysis; Incident Response and Recovery; Cryptography; Network and Communications Security; and Systems and Application Security. Designed to serve as a reference for information security professionals throughout their careers, this indispensable (ISC)2guide: Provides comprehensive coverage of the latest domains and objectives of the SSCP Helps better secure critical assets in their organizations Serves as a complement to the SSCP Study Guide for certification candidates The Official (ISC)2 SSCP CBK Reference is an essential resource for SSCP-level professionals, SSCP candidates and other practitioners involved in cybersecurity.

Table of Contents:
Foreword xxi Introduction xxiii Chapter 1: Access Controls 1 Access Control Concepts 3 Subjects and Objects 4 Privileges: What Subjects Can Do with Objects 6 Data Classification and Access Control 7 Access Control via Formal Security Models 9 Implement and Maintain Authentication Methods 12 Single-Factor/Multifactor Authentication 13 Accountability 32 Single Sign-On 34 Device Authentication 35 Federated Access 36 Support Internetwork Trust Architectures 38 Trust Relationships (One-Way, Two-Way, Transitive) 39 Extranet 40 Third-Party Connections 41 Zero Trust Architectures 42 Participate in the Identity Management Lifecycle 43 Authorization 44 Proofing 45 Provisioning/Deprovisioning 46 Identity and Access Maintenance 48 Entitlement 52 Identity and Access Management Systems 55 Implement Access Controls 58 Mandatory, Discretionary, and Nondiscretionary 59 Role-Based 61 Attribute-Based 62 Subject-Based 62 Object-Based 62 Summary 63 Chapter 2: Security Operations and Administration 65 Comply with Codes of Ethics 66 Understand, Adhere to, and Promote Professional Ethics 67 (ISC)2 Code of Ethics 68 Organizational Code of Ethics 69 Understand Security Concepts 70 Conceptual Models for Information Security 71 Confidentiality 72 Integrity 79 Availability 81 Accountability 82 Privacy 82 Nonrepudiation 90 Authentication 91 Safety 92 Key Control Principles 93 Access Control and Need-to-Know 98 Job Rotation and Privilege Creep 99 Document, Implement, and Maintain Functional Security Controls 101 Deterrent Controls 101 Preventative Controls 103 Detective Controls 103 Corrective Controls 104 Compensating Controls 105 The Lifecycle of a Control 106 Participate in Asset Management 107 Asset Inventory 108 Lifecycle (Hardware, Software, and Data) 111 Hardware Inventory 112 Software Inventory and Licensing 113 Data Storage 114 Implement Security Controls and Assess Compliance 120 Technical Controls 121 Physical Controls 122 Administrative Controls 125 Periodic Audit and Review 128 Participate in Change Management 130 Execute Change Management Process 132 Identify Security Impact 134 Testing/Implementing Patches, Fixes, and Updates 134 Participate in Security Awareness and Training 135 Security Awareness Overview 136 Competency as the Criterion 137 Build a Security Culture, One Awareness Step at a Time 137 Participate in Physical Security Operations 138 Physical Access Control 138 The Data Center 142 Service Level Agreements 143 Summary 146 Chapter 3: Risk Identification, Monitoring, and Analysis 147 Defeating the Kill Chain One Skirmish at a Time 148 Kill Chains: Reviewing the Basics 151 Events vs. Incidents 155 Understand the Risk Management Process 156 Risk Visibility and Reporting 159 Risk Management Concepts 165 Risk Management Frameworks 185 Risk Treatment 195 Perform Security Assessment Activities 203 Security Assessment Workflow Management 204 Participate in Security Testing 206 Interpretation and Reporting of Scanning and Testing Results 215 Remediation Validation 216 Audit Finding Remediation 217 Manage the Architectures: Asset Management and Configuration Control 218 Operate and Maintain Monitoring Systems 220 Events of Interest 222 Logging 229 Source Systems 230 Legal and Regulatory Concerns 236 Analyze Monitoring Results 238 Security Baselines and Anomalies 240 Visualizations, Metrics, and Trends 243 Event Data Analysis 244 Document and Communicate Findings 245 Summary 246 Chapter 4: Incident Response and Recovery 247 Support the Incident Lifecycle 249 Think like a Responder 253 Physical, Logical, and Administrative Surfaces 254 Incident Response: Measures of Merit 254 The Lifecycle of a Security Incident 255 Preparation 257 Detection, Analysis, and Escalation 264 Containment 275 Eradication 277 Recovery 279 Lessons Learned; Implementation of New Countermeasures 283 Third-Party Considerations 284 Understand and Support Forensic Investigations 287 Legal and Ethical Principles 289 Logistics Support to Investigations 291 Evidence Handling 292 Evidence Collection 297 Understand and Support Business Continuity Plan and Disaster Recovery Plan Activities 306 Emergency Response Plans and Procedures 307 Interim or Alternate Processing Strategies 310 Restoration Planning 313 Backup and Redundancy Implementation 315 Data Recovery and Restoration 319 Training and Awareness 321 Testing and Drills 322 CIANA at Layer 8 and Above 328 It is a Dangerous World Out There 329 People Power and Business Continuity 332 Summary 333 Chapter 5: Cryptography 335 Understand Fundamental Concepts of Cryptography 336 Building Blocks of Digital Cryptographic Systems 339 Hashing 347 Salting 351 Symmetric Block and Stream Ciphers 353 Stream Ciphers 365 EU ECRYPT 371 Asymmetric Encryption 371 Elliptical Curve Cryptography 380 Nonrepudiation 383 Digital Certificates 388 Encryption Algorithms 392 Key Strength 393 Cryptographic Attacks, Cryptanalysis, and Countermeasures 395 Cryptologic Hygiene as Countermeasures 396 Common Attack Patterns and Methods 401 Secure Cryptoprocessors, Hardware Security Modules, and Trusted Platform Modules 409 Understand the Reasons and Requirements for Cryptography 414 Confidentiality 414 Integrity and Authenticity 415 Data Sensitivity 417 Availability 418 Nonrepudiation 418 Authentication 420 Privacy 421 Safety 422 Regulatory 423 Transparency and Auditability 423 Competitive Edge 424 Understand and Support Secure Protocols 424 Services and Protocols 425 Common Use Cases 437 Deploying Cryptography: Some Challenging Scenarios 442 Limitations and Vulnerabilities 444 Understand Public Key Infrastructure Systems 446 Fundamental Key Management Concepts 447 Hierarchies of Trust 459 Web of Trust 462 Summary 464 Chapter 6: Network and Communications Security 467 Understand and Apply Fundamental Concepts of Networking 468 Complementary, Not Competing, Frameworks 470 OSI and TCP/IP Models 471 OSI Reference Model 486 TCP/IP Reference Model 501 Converged Protocols 508 Software-Defined Networks 509 IPv4 Addresses, DHCP, and Subnets 510 IPv4 Address Classes 510 Subnetting in IPv4 512 Running Out of Addresses? 513 IPv4 vs. IPv6: Key Differences and Options 514 Network Topographies 516 Network Relationships 521 Transmission Media Types 525 Commonly Used Ports and Protocols 530 Understand Network Attacks and Countermeasures 536 CIANA+PS Layer by Layer 538 Common Network Attack Types 553 SCADA, IoT, and the Implications of Multilayer Protocols 562 Manage Network Access Controls 565 Network Access Control and Monitoring 568 Network Access Control Standards and Protocols 573 Remote Access Operation and Configuration 575 Manage Network Security 583 Logical and Physical Placement of Network Devices 586 Segmentation 587 Secure Device Management 591 Operate and Configure Network-Based Security Devices 593 Network Address Translation 594 Additional Security Device Considerations 596 Firewalls and Proxies 598 Network Intrusion Detection/Prevention Systems 605 Security Information and Event Management Systems 607 Routers and Switches 609 Network Security from Other Hardware Devices 610 Traffic-Shaping Devices 613 Operate and Configure Wireless Technologies 615 Wireless: Common Characteristics 616 Wi-Fi 624 Bluetooth 637 Near-Field Communications 638 Cellular/Mobile Phone Networks 639 Ad Hoc Wireless Networks 640 Transmission Security 642 Wireless Security Devices 645 Summary 646 Chapter 7: Systems and Application Security 649 Systems and Software Insecurity 650 Software Vulnerabilities Across the Lifecycle 654 Risks of Poorly Merged Systems 663 Hard to Design It Right, Easy to Fix It? 664 Hardware and Software Supply Chain Security 667 Positive and Negative Models for Software Security 668 Is Blacklisting Dead? Or Dying? 669 Information Security = Information Quality + Information Integrity 670 Data Modeling 671 Preserving Data Across the Lifecycle 674 Identify and Analyze Malicious Code and Activity 678 Malware 679 Malicious Code Countermeasures 682 Malicious Activity 684 Malicious Activity Countermeasures 688 Implement and Operate Endpoint Device Security 689 HIDS 691 Host-Based Firewalls 692 Application White Listing 693 Endpoint Encryption 694 Trusted Platform Module 695 Mobile Device Management 696 Secure Browsing 697 IoT Endpoint Security 700 Operate and Configure Cloud Security 701 Deployment Models 702 Service Models 703 Virtualization 706 Legal and Regulatory Concerns 709 Data Storage and Transmission 716 Third-Party/Outsourcing Requirements 716 Lifecycles in the Cloud 717 Shared Responsibility Model 718 Layered Redundancy as a Survival Strategy 719 Operate and Secure Virtual Environments 720 Software-Defined Networking 723 Hypervisor 725 Virtual Appliances 726 Continuity and Resilience 727 Attacks and Countermeasures 727 Shared Storage 729 Summary 730 Index 731