Cover
Title Page
Copyright
Acknowledgments
About the Author
About the Technical Editor
Introduction
About This Book
What Is an SSCP?
Using This Book
Major Changes in This Edition
Objective Map
Earning Your Certification
Congratulations! You're Now an SSCP. Now What?
Let's Get Started!
Assessment Test
Answers to Assessment Test
PART I: Getting Started as an SSCP
Chapter 1: The Business Case for Decision Assurance and Information Security
Information: The Lifeblood of Business
Policy, Procedure, and Process: How Business Gets Business Done
Who Runs the Business?
Summary
Exam Essentials
Review Questions
Chapter 2: Information Security Fundamentals
The Common Needs for Privacy, Confidentiality, Integrity, and Availability
Training and Educating Everybody
SSCPs and Professional Ethics
Summary
Exam Essentials
Review Questions
PART II: Integrated Risk Management and Mitigation
Chapter 3: Integrated Information Risk Management
It’s a Dangerous World
The Four Faces of Risk
Getting Integrated and Proactive with Information Defense
Risk Management: Concepts and Frameworks
Risk Assessment
Four Choices for Limiting or Containing Damage
Summary
Exam Essentials
Review Questions
Chapter 4: Operationalizing Risk Mitigation
From Tactical Planning to Information Security Operations
Operationalizing Risk Mitigation: Step by Step
The Ongoing Job of Keeping Your Baseline Secure
Ongoing, Continuous Monitoring
Reporting to and Engaging with Management
Summary
Exam Essentials
Review Questions
PART III: The Technologies of Information Security
Chapter 5: Communications and Network Security
Trusting Our Communications in a Converged World
Internet Systems Concepts
Two Protocol Stacks, One Internet
Wireless Network Technologies
IP Addresses, DHCP, and Subnets
IPv4 vs. IPv6: Important Differences and Options
CIANA Layer by Layer
Securing Networks as Systems
Summary
Exam Essentials
Review Questions
Chapter 6: Identity and Access Control
Identity and Access: Two Sides of the Same CIANA+PS Coin
Identity Management Concepts
Access Control Concepts
Network Access Control
Implementing and Scaling IAM
User and Entity Behavior Analytics (UEBA)
Zero Trust Architectures
Summary
Exam Essentials
Review Questions
Chapter 7: Cryptography
Cryptography: What and Why
Building Blocks of Digital Cryptographic Systems
Keys and Key Management
Modern Cryptography: Beyond the “Secret Decoder Ring”
“Why Isn't All of This Stuff Secret?”
Cryptography and CIANA+PS
Public Key Infrastructures
Applying Cryptography to Meet Different Needs
Managing Cryptographic Assets and Systems
Measures of Merit for Cryptographic Solutions
Attacks and Countermeasures
PKI and Trust: A Recap
On the Near Horizon
Summary
Exam Essentials
Review Questions
Chapter 8: Hardware and Systems Security
Infrastructure Security Is Baseline Management
Securing the Physical Context
Infrastructures 101 and Threat Modeling
Endpoint Security
Malware: Exploiting the Infrastructure's Vulnerabilities
Privacy and Secure Browsing
“The Sin of Aggregation”
Updating the Threat Model
Managing Your Systems' Security
Summary
Exam Essentials
Review Questions
Chapter 9: Applications, Data, and Cloud Security
It's a Data-Driven World…At the Endpoint
Software as Appliances
Applications Lifecycles and Security
CIANA+PS and Applications Software Requirements
Application Vulnerabilities
“Shadow IT:” The Dilemma of the User as Builder
Information Quality and Information Assurance
Protecting Data in Motion, in Use, and at Rest
Into the Clouds: Endpoint App and Data Security Considerations
Legal and Regulatory Issues
Countermeasures: Keeping Your Apps and Data Safe and Secure
Summary
Exam Essentials
Review Questions
PART IV: People Power: What Makes or Breaks Information Security
Chapter 10: Incident Response and Recovery
Defeating the Kill Chain One Skirmish at a Time
Harsh Realities of Real Incidents
Incident Response Framework
Preparation
Detection and Analysis
Containment and Eradication
Recovery: Getting Back to Business
Post-Incident Activities
Summary
Exam Essentials
Review Questions
Note
Chapter 11: Business Continuity via Information Security and People Power
What Is a Disaster?
Surviving to Operate: Plan for It!
Timelines for BC/DR Planning and Action
Options for Recovery
Cloud-Based “Do-Over” Buttons for Continuity, Security, and Resilience
People Power for BC/DR
Security Assessment: For BC/DR and Compliance
Converged Communications: Keeping Them Secure During BC/DR Actions
Summary
Exam Essentials
Review Questions
Chapter 12: Cross-Domain Challenges
Operationalizing Security Across the Immediate and Longer Term
Supply Chains, Security, and the SSCP
Other Dangers on the Web and Net
On Our Way to the Future
Enduring Lessons
Your Next Steps
At the Close
Exam Essentials
Review Questions
Appendix: Answers to Review Questions
Chapter 1: The Business Case for Decision Assurance and Information Security
Chapter 2: Information Security Fundamentals
Chapter 3: Integrated Information Risk Management
Chapter 4: Operationalizing Risk Mitigation
Chapter 5: Communications and Network Security
Chapter 6: Identity and Access Control
Chapter 7: Cryptography
Chapter 8: Hardware and Systems Security
Chapter 9: Applications, Data, and Cloud Security
Chapter 10: Incident Response and Recovery
Chapter 11: Business Continuity via Information Security and People Power
Chapter 12: Cross-Domain Challenges
Index