The Official (ISC)2 SSCP CBK Reference

Cover
Title Page
Copyright Page
Acknowledgments
About the Author
About the Technical Editor
Contents at a Glance
Contents
Introduction
	About This Book
		The SSCP Seven Domains
		Using This Book to Defeat the Cybersecurity Kill Chain
	Where Do You Go from Here?
		The SSCP CBK and Your Professional Growth Path
		Maintaining the SSCP Certification
		Join a Local Chapter
	Let’s Get Started!
	How to Contact the Publisher
Chapter 1 Security Operations and Administration
	Comply with Codes of Ethics
		Understand, Adhere to, and Promote Professional Ethics
		(ISC)2 Code of Ethics
		Organizational Code of Ethics
	Understand Security Concepts
		Conceptual Models for Information Security
		Confidentiality
		Integrity
		Availability
		Accountability
		Privacy
		Nonrepudiation
		Authentication
		Safety
		Fundamental Security Control Principles
		Access Control and Need-to-Know
		Job Rotation and Privilege Creep
	Document, Implement, and Maintain Functional Security Controls
		Deterrent Controls
		Preventative Controls
		Detective Controls
		Corrective Controls
		Compensating Controls
		The Lifecycle of a Control
	Participate in Asset Management
		Asset Inventory
		Lifecycle (Hardware, Software, and Data)
		Hardware Inventory
		Software Inventory and Licensing
		Data Storage
	Implement Security Controls and Assess Compliance
		Technical Controls
		Physical Controls
		Administrative Controls
		Periodic Audit and Review
	Participate in Change Management
		Execute Change Management Process
		Identify Security Impact
		Testing/Implementing Patches, Fixes, and Updates
	Participate in Security Awareness and Training
		Security Awareness Overview
		Competency as the Criterion
		Build a Security Culture, One Awareness Step at a Time
	Participate in Physical Security Operations
		Physical Access Control
		The Data Center
		Service Level Agreements
	Summary
Chapter 2 Access Controls
	Access Control Concepts
		Subjects and Objects
		Privileges: What Subjects Can Do with Objects
		Data Classification, Categorization, and Access Control
		Access Control via Formal Security Models
	Implement and Maintain Authentication Methods
		Single-Factor/Multifactor Authentication
		Accountability
		Single Sign-On
		Device Authentication
		Federated Access
	Support Internetwork Trust Architectures
		Trust Relationships (One-Way, Two-Way, Transitive)
		Extranet
		Third-Party Connections
		Zero Trust Architectures
	Participate in the Identity Management Lifecycle
		Authorization
		Proofing
		Provisioning/Deprovisioning
		Identity and Access Maintenance
		Entitlement
		Identity and Access Management Systems
	Implement Access Controls
		Mandatory vs. Discretionary Access Control
		Role-Based
		Attribute-Based
		Subject-Based
		Object-Based
	Summary
Chapter 3 Risk Identification, Monitoring, and Analysis
	Defeating the Kill Chain One Skirmish at a Time
		Kill Chains: Reviewing the Basics
		Events vs. Incidents
	Understand the Risk Management Process
		Risk Visibility and Reporting
		Risk Management Concepts
		Risk Management Frameworks
		Risk Treatment
	Perform Security Assessment Activities
		Security Assessment Workflow Management
		Participate in Security Testing
		Interpretation and Reporting of Scanning and Testing Results
		Remediation Validation
		Audit Finding Remediation
		Manage the Architectures: Asset Management and Configuration Control
	Operate and Maintain Monitoring Systems
		Events of Interest
		Logging
		Source Systems
		Legal and Regulatory Concerns
	Analyze Monitoring Results
		Security Baselines and Anomalies
		Visualizations, Metrics, and Trends
		Event Data Analysis
		Document and Communicate Findings
	Summary
Chapter 4 Incident Response and Recovery
	Support the Incident Lifecycle
		Think like a Responder
		Physical, Logical, and Administrative Surfaces
		Incident Response: Measures of Merit
		The Lifecycle of a Security Incident
		Preparation
		Detection, Analysis, and Escalation
		Containment
		Eradication
		Recovery
		Lessons Learned; Implementation of New Countermeasures
		Third-Party Considerations
	Understand and Support Forensic Investigations
		Legal and Ethical Principles
		Logistics Support to Investigations
		Evidence Handling
		Evidence Collection
	Understand and Support Business Continuity Plan and Disaster Recovery Plan Activities
		Emergency Response Plans and Procedures
		Interim or Alternate Processing Strategies
		Restoration Planning
		Backup and Redundancy Implementation
		Data Recovery and Restoration
		Training and Awareness
		Testing and Drills
	CIANA+PS at Layer 8 and Above
		It Is a Dangerous World Out There
		People Power and Business Continuity
	Summary
Chapter 5 Cryptography
	Understand Fundamental Concepts of Cryptography
		Building Blocks of Digital Cryptographic Systems
		Hashing
		Salting
		Symmetric Block and Stream Ciphers
		Stream Ciphers
		EU ECRYPT
		Asymmetric Encryption
		Elliptical Curve Cryptography
		Nonrepudiation
		Digital Certificates
		Encryption Algorithms
		Key Strength
	Cryptographic Attacks, Cryptanalysis, and Countermeasures
		Cryptologic Hygiene as Countermeasures
		Common Attack Patterns and Methods
		Secure Cryptoprocessors, Hardware Security Modules, and Trusted Platform Modules
	Understand the Reasons and Requirements for Cryptography
		Confidentiality
		Integrity and Authenticity
		Data Sensitivity
		Availability
		Nonrepudiation
		Authentication
		Privacy
		Safety
		Regulatory and Compliance
		Transparency and Auditability
		Competitive Edge
	Understand and Support Secure Protocols
		Services and Protocols
		Common Use Cases
		Deploying Cryptography: Some Challenging Scenarios
		Limitations and Vulnerabilities
	Understand Public Key Infrastructure Systems
		Fundamental Key Management Concepts
		Hierarchies of Trust
		Web of Trust
	Summary
Chapter 6 Network and Communications Security
	Understand and Apply Fundamental Concepts of Networking
		Complementary, Not Competing, Frameworks
		OSI and TCP/IP Models
		OSI Reference Model
		TCP/IP Reference Model
		Converged Protocols
		Software-Defined Networks
	IPv4 Addresses, DHCP, and Subnets
		IPv4 Address Classes
		Subnetting in IPv4
		Running Out of Addresses?
	IPv4 vs. IPv6: Key Differences and Options
		Network Topographies
		Network Relationships
		Transmission Media Types
		Commonly Used Ports and Protocols
	Understand Network Attacks and Countermeasures
		CIANA+PS Layer by Layer
		Common Network Attack Types
		SCADA, IoT, and the Implications of Multilayer Protocols
	Manage Network Access Controls
		Network Access Control and Monitoring
		Network Access Control Standards and Protocols
		Remote Access Operation and Configuration
	Manage Network Security
		Logical and Physical Placement of Network Devices
		Segmentation
		Secure Device Management
	Operate and Configure Network-Based Security Devices
		Network Address Translation
		Additional Security Device Considerations
		Firewalls and Proxies
		Network Intrusion Detection/Prevention Systems
		Security Information and Event Management Systems
		Routers and Switches
		Network Security from Other Hardware Devices
		Traffic-Shaping Devices
	Operate and Configure Wireless Technologies
		Wireless: Common Characteristics
		Wi-Fi
		Bluetooth
		Near-Field Communications
		Cellular/Mobile Phone Networks
		Ad Hoc Wireless Networks
		Transmission Security
		Wireless Security Devices
	Summary
Chapter 7 Systems and Application Security
	Systems and Software Insecurity
		Software Vulnerabilities Across the Lifecycle
		Risks of Poorly Merged Systems
		Hard to Design It Right, Easy to Fix It?
		Hardware and Software Supply Chain Security
		Positive and Negative Models for Software Security
		Is Blocked Listing Dead? Or Dying?
	Information Security = Information Quality + Information Integrity
		Data Modeling
		Preserving Data Across the Lifecycle
	Identify and Analyze Malicious Code and Activity
		Malware
		Malicious Code Countermeasures
		Malicious Activity
		Malicious Activity Countermeasures
	Implement and Operate Endpoint Device Security
		HIDS
		Host-Based Firewalls
		Allowed Lists: Positive Control for App Execution
		Endpoint Encryption
		Trusted Platform Module
		Mobile Device Management
		Secure Browsing
		IoT Endpoint Security
	Operate and Configure Cloud Security
		Deployment Models
		Service Models
		Virtualization
		Legal and Regulatory Concerns
		Data Storage and Transmission
		Third-Party/Outsourcing Requirements
		Lifecycles in the Cloud
		Shared Responsibility Model
		Layered Redundancy as a Survival Strategy
	Operate and Secure Virtual Environments
		Software-Defined Networking
		Hypervisor
		Virtual Appliances
		Continuity and Resilience
		Attacks and Countermeasures
		Shared Storage
		Summary
Appendix: Cross-Domain Challenges
	Paradigm Shifts in Information Security?
	Pivot 1: Turn the Attackers’ Playbooks against Them
		ATT&CK: Pivoting Threat Intelligence
		Analysis: Real-Time and Retrospective
		The SOC as a Fusion Center
		All-Source, Proactive Intelligence: Part of the Fusion Center
	Pivot 2: Cybersecurity Hygiene: Think Small, Act Small
		CIS IG 1 for the SMB and SME
		Hardening Individual Cybersecurity
		Assume the Breach
	Pivot 3: Flip the “Data-Driven Value Function”
		Data-Centric Defense and Resiliency
		Ransomware as a Service
		Supply Chains, Security, and the SSCP
		ICS, IoT, and SCADA: More Than SUNBURST
		Extending Physical Security: More Than Just Badges and Locks
		The IoRT: Robots Learning via the Net
	Pivot 4: Operationalize Security Across the Immediate and Longer Term
		Continuous Assessment and Continuous Compliance
		SDNs and SDS
		SOAR: Strategies for Focused Security Effort
		A “DevSecOps” Culture: SOAR for Software Development
	Pivot 5: Zero-Trust Architectures and Operations
		FIDO and Passwordless Authentication
		Threat Hunting, Indicators, and Signature Dependence
	Other Dangers on the Web and Net
		Surface, Deep, and Dark Webs
		Deep and Dark: Risks and Countermeasures
		DNS and Namespace Exploit Risks
		Cloud Security: Edgier and Foggier
	Curiosity as Countermeasure
Index
EULA