Introduction xxv Assessment Test xxxi Chapter 1 Information Security: The Systems Security Certified Practitioner Certification 1 About the (ISC)2 Organization 2 (ISC)2 History 3 Organizational Structure and Programs 3 Exams, Testing, and Certification 6 Certification Qualification: The SSCP Common Body of Knowledge 6 After Passing the Exam 8 Certification Maintenance 9 Types of IT Certifications? 10 About the Systems Security Certified Practitioner Certification 12 How Do I Use My SSCP Knowledge on the Job? 15 The SSCP Exam 17 Preparing for the Exam 17 Booking the Exam 21 Taking the Exam 22 Summary 25 Exam Essentials 25 Chapter 2 Security Basics: A Foundation 27 The Development of Security Techniques 28 Understanding Security Terms and Concepts 29 The Problem (Opportunity) and the Solution 29 Evolution of Items 31 Security Foundation Concepts 38 CIA Triad 38 Primary Security Categories 39 Access Control 40 Nonrepudiation 42 Risk 42 Prudent Man, Due Diligence, and Due Care 44 User Security Management 44 Least Privilege 45 AAA 45 Mandatory Vacation 46 Separation of Duties 46 M of N Requirement 46 Two-Man Rule 47 Job Rotation 48 Geographic Access Control 48 Temporal Access Control, Time of Day Control 48 Privacy 49 Transparency 49 Implicit Deny 50 Personal Device (BYOD) 51 Privilege Management, Privilege Life Cycle 51 Participating in Security Awareness Education 52 Types of Security Awareness Education Programs 52 Working with Human Resources and Stakeholders 53 Senior Executives 53 Customers, Vendors, and Extranet Users Security Awareness Programs 54 Summary 54 Exam Essentials 55 Written Lab 56 Review Questions 57 Chapter 3 Domain 1: Access Controls 61 What Are Controls? 62 What Should Be Protected? 63 Why Control Access? 64 Types of Access Controls 67 Physical Access Controls 67 Logical Access Controls 68 Administrative Access Controls 69 Identification 70 Authentication 72 Factors of Authentication 74 Single-Factor Authentication 84 Multifactor Authentication 84 Token-Based Access Controls 85 System-Level Access Controls 86 Discretionary Access Control (DAC) 86 Nondiscretionary Access Control 87 Mandatory Access Control 87 Administering Mandatory Access Control 89 Trusted Systems 90 Mandatory Access Control Architecture Models 91 Account-Level Access Control 94 Session-Level Access Control 104 View-Based Access Control 104 Data-Level Access Control 105 Contextual- or Content-Based Access Control 106 Physical Data and Printed Media Access Control 106 Assurance of Accountability 107 Manage Internetwork Trust Architectures 108 Cloud-Based Security 111 Summary 113 Exam Essentials 114 Written Lab 115 Review Questions 116 Chapter 4 Domain 2: Security Operations and Administration 121 Security Administration Concepts and Principles 122 Security Equation 123 Security Policies and Practices 124 Data Management Policies 143 Data States 144 Information Life Cycle Management 144 Information Classification Policy 144 Endpoint Device Security 148 Endpoint Health Compliance 148 Endpoint Defense 149 Endpoint Device Policy 149 Security Education and Awareness Training 150 Employee Security Training Policy 153 Employee Security Training program 154 Business Continuity Planning 157 Developing a Business Continuity Plan 160 Disaster Recovery Plans 165 Summary 173 Exam Essentials 174 Written Lab 175 Review Questions 176 Chapter 5 Domain 3: Risk Identification, Monitoring, and Analysis 181 Understanding the Risk Management Process 183 Defining Risk 183 Risk Management Process 184 Risk Management Frameworks and Guidance for Managing Risks 191 ISO/IEC 27005 191 NIST Special Publication 800-37 Revision 1 192 NIST Special Publication 800-39 194 Risk Analysis and Risk Assessment 194 Risk Analysis 195 Risk Assessments 199 Managing Risks 202 Treatment Plan 202 Risk Treatment 202 Risk Treatment Schedule 203 Risk Register 205 Risk Visibility and Reporting 207 Enterprise Risk Management 207 Continuous Monitoring 208 Security Operations Center 209 Threat Intelligence 210 Analyzing Monitoring Results 211 Security Analytics, Metrics, and Trends 212 Event Data Analysis 213 Visualization 214 Communicating Findings 215 Summary 216 Exam Essentials 217 Written Lab 218 Review Questions 219 Chapter 6 Domain 4: Incident Response and Recovery 223 Event and Incident Handling Policy 224 Standards 225 Procedures 225 Guidelines 226 Creating and Maintaining an Incident Response Plan 226 Law Enforcement and Media Communication 229 Building in Incident Response Team 231 Incident Response Records 232 Security Event Information 233 Incident Response Containment and Restoration 233 Implementation of Countermeasures 235 Understanding and Supporting Forensic Investigations 235 Incident Scene 236 Volatility of Evidence 237 Forensic Principles 237 Chain of Custody 238 Proper Investigation and Analysis of Evidence 238 Interpretation and Reporting Assessment Results 239 Understanding and Supporting the Business Continuity Plan and the Disaster Recovery Plan 240 Emergency Response Plans and Procedures 240 Business Continuity Planning 240 Disaster Recovery Planning 242 Interim or Alternate Processing Strategies 245 Restoration Planning 247 Backup and Redundancy Implementation 247 Business Continuity Plan and Disaster Recovery Plan Testing and Drills 252 Summary 253 Exam Essentials 254 Written Lab 255 Review Questions 256 Chapter 7 Domain 5: Cryptography 261 Concepts and Requirements of Cryptography 263 Terms and Concepts Used in Cryptography 263 Cryptographic Systems and Technology 272 Data Classification and Regulatory Requirements 297 Public Key Infrastructure and Certificate Management 299 Key Management 303 Key Generation 303 Key Distribution 303 Key Encrypting Keys 304 Key Retrieval 304 Secure Protocols 306 IPsec 306 Summary 311 Exam Essentials 311 Written Lab 313 Review Questions 314 Chapter 8 Domain 6: Networks and Communications 317 Network Models 318 TCP/IP and OSI Reference Models 319 Network Design Topographies 330 Network Topology Models 330 Network Connection Models 334 Media Access Models 335 Ports and Protocols 336 Ports 336 Common Protocols 338 Converged Network Communications 340 Network Monitoring and Control 341 Continuous Monitoring 341 Network Monitors 341 Managing Network Logs 342 Access Control Protocols and Standards 343 Remote Network Access Control 343 Remote User Authentication Services 346 RADIUS 347 TACACS/TACACS+/XTACACS 347 Local User Authentication Services 348 LDAP 348 Kerberos 348 Single Sign-On 350 Network Segmentation 351 Subnetting 352 Virtual Local Area Networks 353 Demilitarized Zones 353 Network Address Translation 354 Securing Devices 355 MAC Filtering and Limiting 356 Disabling Unused Ports 356 Security Posture 356 Firewall and Proxy Implementation 357 Firewalls 357 Firewall Rules 359 Network Routers and Switches 361 Routers 361 Switches 363 Intrusion Detection and Prevention Devices 363 Intrusion Detection Systems 364 Intrusion Prevention Systems 364 Wireless Intrusion Prevention Systems 365 Comparing Intrusion Detection Systems and Intrusion Prevention Systems 366 Spam Filter to Prevent Email Spam 368 Telecommunications Remote Access 368 Network Access Control 368 Wireless & Cellular Technologies 369 IEEE 802.11x Wireless Protocols 370 WEP/WPA/WPA2 371 Wireless Networks 373 Cellular Network 375 WiMAX 375 Wireless MAN 376 Wireless WAN 377 Wireless LAN 377 Wireless Mesh Network 377 Bluetooth 377 Wireless Network Attacks 378 Wireless Access Points 378 Traffic Shaping Techniques and Devices 381 Quality of Service 381 Summary 382 Exam Essentials 383 Written Lab 384 Review Questions 385 Chapter 9 Domain 7: Systems and Application Security 389 Understand Malicious Code and Apply Countermeasures 390 Malicious Code Terms and Concepts 393 Managing Spam to Avoid Malware 401 Cookies and Attachments 402 Malicious Code Countermeasures 405 Malicious Add-Ons 409 Java Applets 409 ActiveX 410 User Threats and Endpoint Device Security 410 General Workstation Security 411 Physical Security 416 Securing Mobile Devices and Mobile Device Management 426 Understand and Apply Cloud Security 428 Cloud Concepts and Cloud Security 429 Cloud Deployment Model Security 434 Cloud Service Model Security 436 Cloud Management Security 438 Cloud Legal and Privacy Concepts 442 Cloud Virtualization Security 449 Secure Data Warehouse and Big Data Environments 449 Data Warehouse and Big Data Deployment and Operations 450 Securing the Data Warehouse and Data Environment 451 Secure Software-Defined Networks and Virtual Environments 451 Software-Defined Networks 452 Security Benefits and Challenges of Virtualization 455 Summary 457 Exam Essentials 458 Written Lab 459 Review Questions 460 Appendix A Answers to Written Labs 465 Chapter 2 466 Chapter 3 466 Chapter 4 467 Chapter 5 468 Chapter 6 468 Chapter 7 469 Chapter 8 470 Chapter 9 471 Appendix B Answers to Review Questions 473 Chapter 2 474 Chapter 3 475 Chapter 4 476 Chapter 5 478 Chapter 6 479 Chapter 7 481 Chapter 8 483 Chapter 9 484 Appendix C Diagnostic Tools 487 Microsoft Baseline Security Analyzer 488 Using the Tool 488 Microsoft Password Checker 491 Using the Tool 491 Internet Explorer Phishing and Malicious Software Filter 492 Using the Tool 493 Manage Internet Cookies 494 Using the Tool 494 Observing Logs with Event Viewer 495 Using the Tool 495 Viewing a Digital Certificate 497 Using the Tool 497 Monitoring PC Activities with Windows Performance Monitor 500 Using the Tool 500 Analyzing Error Messages in Event Viewer 504 Using the Tool 504 Calculate Hash Values 508 Using the Tool 509 Index 511
