CC Certified in Cybersecurity Study Guide (Sybex Study Guide)

Cover
Title Page
Copyright Page
Acknowledgments
About the Author
About the Technical Editor
Contents at a Glance
Contents
Introduction
CC Certification
Taking the CC Exam
Computer-Based Testing Environment
Exam Retake Policy
Recertification Requirements
Using the Online Practice Test
How to Contact the Publisher
Part I Domain 1: Security Principles
Chapter 1 Confidentiality, Integrity, Availability, and Non-repudiation: Objective 1.1 Understand the Security Concepts of Information Assurance
The CIA Triad
Confidentiality
Integrity
Availability
Non-repudiation
Chapter 2 Authentication and Authorization: Objective 1.1 Understand the Security Concepts of Information Assurance
Access Control Process
Identification
Authentication
Authorization
Accounting
Digital Access Control
Password Policies
Password Length
Password Complexity
Password Expiration
Password History
Password Resets
Password Reuse
Password Managers
Authentication Factors
Something You Know
Something You Are
Something You Have
Multi-factor Authentication
Chapter 3 Privacy: Objective 1.1 Understand the Security Concepts of Information Assurance
Privacy
Types of Private Information
Expectation of Privacy
Privacy Management Framework
Management
Agreement, Notice, and Communication
Collection and Creation
Use, Retention, and Disposal
Access
Disclosure to Third Parties
Security for Privacy
Data Integrity and Quality
Monitoring and Enforcement
Chapter 4 Risk Management: Objective 1.2 Understand the Risk Management Process
Risk Types
Internal and External Risks
Multiparty Risks
Specific Risks
Risk Identification and Assessment
The Language of Risk
Ranking Risks
Risk Treatment Strategies
Risk Avoidance
Risk Transference
Risk Mitigation
Risk Acceptance
Risk Profile and Tolerance
Chapter 5 Security Controls: Objective 1.3 Understand Security Controls
What Are Security Controls?
Categorizing Security Controls
Purpose Categories
Mechanism of Action Categories
Chapter 6 Ethics: Objective 1.4 Understand ISC2 Code of Ethics
Corporate Ethics Codes
ISC2 Code of Ethics
Canon 1
Canon 2
Canon 3
Canon 4
Ethics Complaint Procedure
Chapter 7 Security Governance Processes: Objective 1.5 Understand Governance Processes
Security Policies and Procedures
Security Policies
Security Standards
Security Guidelines
Security Procedures
Laws and Regulations
Part II Domain 2: Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
Chapter 8 Business Continuity: Objective 2.1 Understand Business Continuity (BC)
Business Continuity Planning
BCP Scope Definition
Business Impact Analysis
Business Continuity Controls
Single Point of Failure Analysis
Other Continuity Risks
High Availability and Fault Tolerance
High Availability
Fault Tolerance
Storage
Networking Components
Redundancy Through Diversity
Chapter 9 Disaster Recovery: Objective 2.2 Understand Disaster Recovery (DR)
Disaster Recovery Planning
Types of Disasters
Initial Response
Assessment
Disaster Recovery Metrics
Training and Awareness
Backups
Backup Media
Backup Types
Disaster Recovery Sites
Hot Sites
Cold Sites
Warm Sites
Offsite Storage
Alternate Business Processes
Testing Disaster Recovery Plans
Read-Throughs
Walk-Throughs
Simulations
Parallel Tests
Full Interruption Tests
Chapter 10 Incident Response: Objective 2.3 Understand Incident Response
Creating an Incident Response Program
Building an Incident Response Team
Team Composition
Training and Testing
Incident Communications Plan
Internal Communications
External Communications
Secure Communications
Incident Identification and Response
Security Data Sources
Correlating Security Information
Receiving Incident Reports
Responding to Incidents
Part III Domain 3: Access Controls Concepts
Chapter 11 Physical Access Controls: Objective 3.1 Understand Physical Access Controls
Physical Facilities
Data Centers
Server Rooms
Media Storage Facilities
Evidence Storage Rooms
Wiring Closets
Designing for Security
Visitor Management
Physical Security Personnel
Security Personnel
Security Protocols
Chapter 12 Logical Access Controls: Objective 3.2 Understand Logical Access Controls
Authorization
Least Privilege
Segregation of Duties
Authorization Models
Account Types
User Accounts
Administrator Accounts
Guest Accounts
Shared/Generic Accounts
Service Accounts
Non-repudiation
Part IV Domain 4: Network Security
Chapter 13 Computer Networking: Objective 4.1 Understand Computer Networking
Network Types
TCP/IP Networking
Internet Protocol
Transmission Control Protocol
User Datagram Protocol
Internet Control Message Protocol
OSI Model
IP Addressing
Identifying Valid IPv4 Addresses
Domain Name System
Network Ports and Applications
Securing Wi-Fi Networks
Disable SSID Broadcasting
Change Default Passwords
Authenticate Wi-Fi Users
Wireless Encryption
Chapter 14 Network Threats and Attacks: Objective 4.2 Understand Network Threats and Attacks
Malware
Viruses
Worms
Trojan Horses
Eavesdropping Attacks
On-Path Attacks
Denial-of-Service Attacks
Side-Channel Attacks
Chapter 15 Threat Identification and Prevention: Objective 4.2 Understand Network Threats and Attacks
Antivirus Software
Intrusion Detection and Prevention
Intrusion Detection
Intrusion Prevention
Environments Monitored
Classification Errors
Detection Techniques
Firewalls
Vulnerability Scanning
Network Vulnerability Scanning
Application Scanning
Web Application Scanning
Chapter 16 Network Security Infrastructure: Objective 4.3 Understand Network Security Infrastructure
Data Center Protection
Air Temperature
Humidity
Fire
Network Security Zones
Switches, WAPs, and Routers
Switches
WAPs
Routers
Network Segmentation
Virtual Private Networks
Network Access Control
Role-Based Access Control
Posture Checking
Internet of Things
IoT Security
Chapter 17 Cloud Computing: Objective 4.3 Understand Network Security Infrastructure
Cloud Computing
Drivers for Cloud Computing
Cloud Deployment Models
Private Cloud
Public Cloud
Hybrid Cloud
Community Cloud
Cloud Service Categories
Software as a Service (SaaS)
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Desktop as a Service (DaaS)
Security and the Shared Responsibility Model
Automation and Orchestration
Vendor Relationships
Managed Service Providers
Vendor Agreements
Part V Domain 5: Security Operations
Chapter 18 Encryption: Objective 5.1 Understand Data Security
Cryptography
Encrypting Data
Decrypting Data
Encryption Algorithms
Symmetric Encryption
Asymmetric Encryption
Uses of Encryption
Data at Rest
Data in Transit
Hash Functions
MD5
SHA
Chapter 19 Data Handling: Objective 5.1 Understand Data Security
Data Life Cycle
Create
Store
Use
Share
Archive
Destroy
Data Classification
Classification Schemes
Labeling
Chapter 20 Logging and Monitoring: Objective 5.1 Understand Data Security
Logging
Log Monitoring
Chapter 21 Configuration Management: Objective 5.2 Understand System Hardening
Configuration Management
Baselines
Version Control
Configuration Vulnerabilities
Default Configurations
Weak Security Settings
Cryptographic Weaknesses
Patch and Update Management
Account Management
Chapter 22 Best Practice Security Policies: Objective 5.3 Understand Best Practice Security Policies
Acceptable Use Policy
Data Handling Policy
Password Policy
Bring Your Own Device Policy
Privacy Policy
Change Management Policy
Chapter 23 Security Awareness Training: Objective 5.4 Understand Security Awareness Training
Social Engineering
Authority and Trust
Intimidation
Consensus and Social Proof
Scarcity
Urgency
Familiarity and Liking
Security Education
Index
EULA