+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

The Official (ISC)2 SSCP CBK Reference. Edition No. 6

  • Book
  • 832 Pages
  • June 2022
  • John Wiley and Sons Ltd
  • ID: 5470983
The only official body of knowledge for SSCP - (ISC)2’s popular credential for hands-on security professionals - fully revised and updated 2021 SSCP Exam Outline.

Systems Security Certified Practitioner (SSCP) is an elite, hands-on cybersecurity certification that validates the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures. SSCP certification - fully compliant with U.S. Department of Defense Directive 8140 and 8570 requirements - is valued throughout the IT security industry. The Official (ISC)2 SSCP CBK Reference is the only official Common Body of Knowledge (CBK) available for SSCP-level practitioners, exclusively from (ISC)2, the global leader in cybersecurity certification and training.

This authoritative volume contains essential knowledge practitioners require on a regular basis. Accurate, up-to-date chapters provide in-depth coverage of the seven SSCP domains: Security Operations and Administration; Access Controls; Risk Identification, Monitoring and Analysis; Incident Response and Recovery; Cryptography; Network and Communications Security; and Systems and Application Security.

Designed to serve as a reference for information security professionals throughout their careers, this indispensable (ISC)2 guide: - Provides comprehensive coverage of the latest domains and objectives of the SSCP - Helps better secure critical assets in their organizations - Serves as a complement to the SSCP Study Guide for certification candidates

The Official (ISC)2 SSCP CBK Reference is an essential resource for SSCP-level professionals, SSCP candidates and other practitioners involved in cybersecurity.

Table of Contents

Foreword xxiii

Introduction xxv

Chapter 1: Security Operations and Administration 1

Comply with Codes of Ethics 2

Understand, Adhere to, and Promote Professional Ethics 3

(ISC)2 Code of Ethics 4

Organizational Code of Ethics 5

Understand Security Concepts 6

Conceptual Models for Information Security 7

Confidentiality 8

Integrity 15

Availability 17

Accountability 18

Privacy 18

Nonrepudiation 26

Authentication 27

Safety 28

Fundamental Security Control Principles 29

Access Control and Need-to-Know 34

Job Rotation and Privilege Creep 35

Document, Implement, and Maintain Functional Security Controls 37

Deterrent Controls 37

Preventative Controls 39

Detective Controls 39

Corrective Controls 40

Compensating Controls 41

The Lifecycle of a Control 42

Participate in Asset Management 43

Asset Inventory 44

Lifecycle (Hardware, Software, and Data) 47

Hardware Inventory 48

Software Inventory and Licensing 49

Data Storage 50

Implement Security Controls and Assess Compliance 56

Technical Controls 57

Physical Controls 58

Administrative Controls 61

Periodic Audit and Review 64

Participate in Change Management 66

Execute Change Management Process 68

Identify Security Impact 70

Testing/Implementing Patches, Fixes, and Updates 70

Participate in Security Awareness and Training 71

Security Awareness Overview 72

Competency as the Criterion 73

Build a Security Culture, One Awareness Step at a Time 73

Participate in Physical Security Operations 74

Physical Access Control 74

The Data Center 78

Service Level Agreements 79

Summary 82

Chapter 2: Access Controls 83

Access Control Concepts 85

Subjects and Objects 86

Privileges: What Subjects Can Do with Objects 88

Data Classification, Categorization, and Access Control 89

Access Control via Formal Security Models 91

Implement and Maintain Authentication Methods 94

Single-Factor/Multifactor Authentication 95

Accountability 114

Single Sign-On 116

Device Authentication 117

Federated Access 118

Support Internetwork Trust Architectures 120

Trust Relationships (One-Way, Two-Way, Transitive) 121

Extranet 122

Third-Party Connections 123

Zero Trust Architectures 124

Participate in the Identity Management Lifecycle 125

Authorization 126

Proofing 127

Provisioning/Deprovisioning 128

Identity and Access Maintenance 130

Entitlement 134

Identity and Access Management Systems 137

Implement Access Controls 140

Mandatory vs. Discretionary Access Control 141

Role-Based 142

Attribute-Based 143

Subject-Based 144

Object-Based 144

Summary 145

Chapter 3: Risk Identification, Monitoring, And Analysis 147

Defeating the Kill Chain One Skirmish at a Time 148

Kill Chains: Reviewing the Basics 151

Events vs. Incidents 155

Understand the Risk Management Process 156

Risk Visibility and Reporting 159

Risk Management Concepts 165

Risk Management Frameworks 185

Risk Treatment 195

Perform Security Assessment Activities 203

Security Assessment Workflow Management 204

Participate in Security Testing 206

Interpretation and Reporting of Scanning and Testing Results 215

Remediation Validation 216

Audit Finding Remediation 217

Manage the Architectures: Asset Management and Configuration Control 218

Operate and Maintain Monitoring Systems 220

Events of Interest 222

Logging 229

Source Systems 230

Legal and Regulatory Concerns 236

Analyze Monitoring Results 238

Security Baselines and Anomalies 240

Visualizations, Metrics, and Trends 243

Event Data Analysis 244

Document and Communicate Findings 245

Summary 246

Chapter 4: Incident Response and Recovery 247

Support the Incident Lifecycle 249

Think like a Responder 253

Physical, Logical, and Administrative Surfaces 254

Incident Response: Measures of Merit 254

The Lifecycle of a Security Incident 255

Preparation 257

Detection, Analysis, and Escalation 264

Containment 275

Eradication 277

Recovery 279

Lessons Learned; Implementation of New Countermeasures 283

Third-Party Considerations 284

Understand and Support Forensic Investigations 287

Legal and Ethical Principles 289

Logistics Support to Investigations 291

Evidence Handling 292

Evidence Collection 297

Understand and Support Business Continuity Plan and Disaster Recovery Plan Activities 306

Emergency Response Plans and Procedures 307

Interim or Alternate Processing Strategies 310

Restoration Planning 313

Backup and Redundancy Implementation 315

Data Recovery and Restoration 319

Training and Awareness 321

Testing and Drills 322

CIANA+PS at Layer 8 and Above 328

It Is a Dangerous World Out There 329

People Power and Business Continuity 333

Summary 333

Chapter 5: Cryptography 335

Understand Fundamental Concepts of Cryptography 336

Building Blocks of Digital Cryptographic Systems 339

Hashing 347

Salting 351

Symmetric Block and Stream Ciphers 353

Stream Ciphers 365

Eu Ecrypt 371

Asymmetric Encryption 371

Elliptical Curve Cryptography 380

Nonrepudiation 383

Digital Certificates 388

Encryption Algorithms 392

Key Strength 393

Cryptographic Attacks, Cryptanalysis, and Countermeasures 395

Cryptologic Hygiene as Countermeasures 396

Common Attack Patterns and Methods 401

Secure Cryptoprocessors, Hardware Security Modules, and Trusted Platform Modules 409

Understand the Reasons and Requirements for Cryptography 414

Confidentiality 414

Integrity and Authenticity 415

Data Sensitivity 417

Availability 418

Nonrepudiation 418

Authentication 420

Privacy 421

Safety 422

Regulatory and Compliance 423

Transparency and Auditability 423

Competitive Edge 424

Understand and Support Secure Protocols 424

Services and Protocols 425

Common Use Cases 437

Deploying Cryptography: Some Challenging Scenarios 442

Limitations and Vulnerabilities 444

Understand Public Key Infrastructure Systems 446

Fundamental Key Management Concepts 447

Hierarchies of Trust 459

Web of Trust 462

Summary 464

Chapter 6: Network and Communications Security 467

Understand and Apply Fundamental Concepts of Networking 468

Complementary, Not Competing, Frameworks 470

OSI and TCP/IP Models 471

OSI Reference Model 486

TCP/IP Reference Model 501

Converged Protocols 508

Software-Defined Networks 509

IPv4 Addresses, DHCP, and Subnets 510

IPv4 Address Classes 510

Subnetting in IPv4 512

Running Out of Addresses? 513

IPv4 vs. IPv6: Key Differences and Options 514

Network Topographies 516

Network Relationships 521

Transmission Media Types 525

Commonly Used Ports and Protocols 530

Understand Network Attacks and Countermeasures 536

CIANA+PS Layer by Layer 538

Common Network Attack Types 553

SCADA, IoT, and the Implications of Multilayer Protocols 562

Manage Network Access Controls 565

Network Access Control and Monitoring 568

Network Access Control Standards and Protocols 573

Remote Access Operation and Configuration 575

Manage Network Security 583

Logical and Physical Placement of Network Devices 586

Segmentation 587

Secure Device Management 591

Operate and Configure Network-Based Security Devices 593

Network Address Translation 594

Additional Security Device Considerations 596

Firewalls and Proxies 598

Network Intrusion Detection/Prevention Systems 605

Security Information and Event Management Systems 607

Routers and Switches 609

Network Security from Other Hardware Devices 610

Traffic-Shaping Devices 613

Operate and Configure Wireless Technologies 615

Wireless: Common Characteristics 616

Wi-Fi 624

Bluetooth 637

Near-Field Communications 638

Cellular/Mobile Phone Networks 639

Ad Hoc Wireless Networks 640

Transmission Security 642

Wireless Security Devices 645

Summary 646

Chapter 7: Systems and Application Security 649

Systems and Software Insecurity 650

Software Vulnerabilities Across the Lifecycle 654

Risks of Poorly Merged Systems 663

Hard to Design It Right, Easy to Fix It? 664

Hardware and Software Supply Chain Security 667

Positive and Negative Models for Software Security 668

Is Blocked Listing Dead? Or Dying? 669

Information Security = Information Quality + Information Integrity 670

Data Modeling 671

Preserving Data Across the Lifecycle 674

Identify and Analyze Malicious Code and Activity 678

Malware 679

Malicious Code Countermeasures 682

Malicious Activity 684

Malicious Activity Countermeasures 688

Implement and Operate Endpoint Device Security 689

HIDS 691

Host-Based Firewalls 692

Allowed Lists: Positive Control for App Execution 693

Endpoint Encryption 694

Trusted Platform Module 695

Mobile Device Management 696

Secure Browsing 697

IoT Endpoint Security 700

Endpoint Security: EDR, MDR, XDR, UEM, and Others 701

Operate and Configure Cloud Security 701

Deployment Models 702

Service Models 703

Virtualization 706

Legal and Regulatory Concerns 709

Data Storage and Transmission 716

Third-Party/Outsourcing Requirements 716

Lifecycles in the Cloud 717

Shared Responsibility Model 718

Layered Redundancy as a Survival Strategy 719

Operate and Secure Virtual Environments 720

Software-Defined Networking 723

Hypervisor 725

Virtual Appliances 726

Continuity and Resilience 727

Attacks and Countermeasures 727

Shared Storage 729

Summary 730

Appendix: Cross-Domain Challenges 731

Paradigm Shifts in Information Security? 732

Pivot 1: Turn the Attackers’ Playbooks Against Them 734

ATT&CK: Pivoting Threat Intelligence 734

Analysis: Real-Time and Retrospective 735

The SOC as a Fusion Center 737

All-Source, Proactive Intelligence: Part of the Fusion Center 738

Pivot 2: Cybersecurity Hygiene: Think Small, Act Small 739

CIS IG 1 for the SMB and SME 740

Hardening Individual Cybersecurity 740

Assume the Breach 742

Pivot 3: Flip the “Data-Driven Value Function” 743

Data-Centric Defense and Resiliency 744

Ransomware as a Service 745

Supply Chains, Security, and the SSCP 746

ICS, IoT, and SCADA: More Than SUNBURST 747

Extending Physical Security: More Than Just Badges and Locks 749

The IoRT: Robots Learning via the Net 750

Pivot 4: Operationalize Security Across the Immediate and Longer Term 751

Continuous Assessment and Continuous Compliance 752

SDNs and SDS 753

SOAR: Strategies for Focused Security Effort 755

A “DevSecOps” Culture: SOAR for Software Development 756

Pivot 5: Zero-Trust Architectures and Operations 757

FIDO and Passwordless Authentication 760

Threat Hunting, Indicators, and Signature Dependence 761

Other Dangers on the Web and Net 763

Surface, Deep, and Dark Webs 763

Deep and Dark: Risks and Countermeasures 764

DNS and Namespace Exploit Risks 765

Cloud Security: Edgier and Foggier 766

Curiosity as Countermeasure 766

Index 769

Authors

Mike Wills