Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 15

This book directly reflects the SSCP Common Body of Knowledge, which is the comprehensive framework that (ISC)² has developed to express what security professionals should have working knowledge of. These domains include theoretical knowledge, industry best practices, and applied skills and techniques. Chapter by chapter, this book takes you through these domains, with major headings within each chapter being your key to finding what you need when you need it. Topics that are covered in more than one domain will be found within sections or subsections in each chapter as appropriate.

This Sixth Edition has been updated to reflect (ISC)²'s Domain Content Outline, released in November 2021. This outline update changed the relative order of the first two domains, but largely kept the topics within each domain the same. Revisions, clarifications, and additions have been made throughout, while a new Appendix brings topics from across those Domains together to provide you assistance with today's thorniest of information security challenges.

(ISC)² is committed to helping members learn, grow, and thrive. The Common Body of Knowledge (CBK) is the comprehensive framework that helps it fulfill this commitment. The CBK includes all the relevant subjects a security professional should be familiar with, including skills, techniques, and best practices. (ISC)² uses the various domains of the CBK to test a certificate candidate's levels of expertise in the most critical aspects of information security. You can see this framework in the SSCP Exam Outline at https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/2021/SSCP-Exam-Outline-English-Nov-2021.ashx?la=en&hash=ABCB9E34548D2E8170ADA04EAAD3003F5577D3F5

Successful candidates are competent in the following seven domains:

 Domain 1 Security Operations and Administration Identification of information assets and documentation of policies, standards, procedures, and guidelines that ensure confidentiality, integrity, and availability, such as:1.1 Comply with codes of ethics.1.2 Understand security concepts.1.3 Identify and implement security controls.1.4 Document and maintain functional security controls.1.5 Participate in asset management lifecycle (hardware, software, and data).1.6 Participate in change management lifecycle.1.7 Participate in implementing security awareness and training (e.g., social engineering/phishing).1.8 Collaborate with physical security operations (e.g., data center assessment, badging).

 Domain 2 Access Controls Policies, standards, and procedures that define users (human and nonhuman) as entities with identities that are approved to use an organization's systems and information assets, what they can do, which resources and information they can access, and what operations they can perform on a system, such as:2.1 Implement and maintain authentication methods.2.2 Support internetwork trust architectures.2.3 Participate in the identity management lifecycle.2.4 Understand and apply access controls.

 Domain 3 Risk Identification, Monitoring, and Analysis Risk identification is the review, analysis, and implementation of processes essential to the identification, measurement, and control of loss associated with unplanned adverse events.Monitoring and analysis are determining system implementation and access in accordance with defined IT criteria. This involves collecting information for identification of, and response to, security breaches or events, such as:3.1 Understand the risk management process.3.2 Understand legal and regulatory concerns (e.g., jurisdiction, limitations, privacy).3.3 Participate in security assessment and vulnerability management activities.3.4 Operate and monitor security platforms (e.g., continuous monitoring).3.5 Analyze monitoring results.

 Domain 4 Incident Response and Recovery Prevent. Detect. Respond. Recover. Incident response and recovery focus on the near real-time actions that must take place if the organization is to survive a cyberattack or other information security incident, get back into operation, and continue as a viable entity. In this domain, the SSCP gains an understanding of how to handle incidents using consistent, applied approaches within a framework of business continuity planning (BCP) and disaster recovery planning (DRP). These approaches are utilized to mitigate damages, recover business operations, and avoid critical business interruption:4.1 Support incident lifecycle (e.g., National Institute of Standards and Technology [NIST], International Organization for Standardization [ISO]).4.2 Understand and support forensic investigations.4.3 Understand and support business continuity plan (BCP) and disaster recovery plan (DRP) activities.

 Domain 5 Cryptography The protection of information using techniques that ensure its integrity, confidentiality, authenticity, and nonrepudiation, and therecovery of encrypted information in its original form:5.1 Understand reasons and requirements for cryptography.5.2 Apply cryptography concepts.5.3 Understand and implement secure protocols.5.4 Understand and support public key infrastructure (PKI) systems.

 Domain 6 Network and Communications Security The network structure, transmission methods and techniques, transport formats, and security measures used to operate both private and public communication networks:6.1 Understand and apply fundamental concepts of networking.6.2 Understand network attacks (e.g., distributed denial of service [DDoS], man-in-the-middle [MITM], Domain Name System [DNS] poisoning) and countermeasures (e.g., content delivery networks [CDN]).6.3 Manage network access controls.6.4 Manage network security.6.5 Operate and configure network-based security devices.6.6 Secure wireless communications.

 Domain 7 Systems and Application Security Countermeasures and prevention techniques for dealing with viruses, worms, logic bombs, Trojan horses, and other related forms of intentionally created damaging code:7.1 Identify and analyze malicious code and activity.7.2 Implement and operate endpoint device security.7.3 Administer Mobile Device Management (MDM).7.4 Understand and configure cloud security.7.5 Operate and maintain secure virtual environments.

 Appendix: Cross-Domain Challenges In 2020 and 2021, the world was rocked by the Covid-19 pandemic and a significant increase in the complexity, scale, and severity of cybercrime and cyber attacks on businesses, government services, and critical infrastructures. In response, information security professionals around the globe worked tirelessly to address incident response and recovery. They also worked to improve systems hardening and intrusion detection techniques. Many of the persistent (and pernicious) attack strategies exploit aspects of nearly every topic in every SSCP Domain. Here in the CBK, the appendix offers five sets of strategies that can help security professionals shift the offense-versus-defense struggle more into the defense's favor. These five shifts or pivots are:Turn the attackers' playbooks against them.Cybersecurity hygiene: think small, act small.Flip the “data-driven value function.”Operationalizing security across the immediate and longer term.Zero-trust architectures and operations.

The appendix also helps put the challenges of maintaining information security at the interface between an organization's IT systems and its operational technology (OT) ones. Since 2019, cyber attacks on process controls, autonomous devices, smart buildings elements, and Internet of Things (IoT) systems have disrupted many organizations. The pressure is on for SSCPs and other information security professionals to better understand the security and safety issues related to how their organization's data actually makes physical actions take place; the appendix provides you some places to start.