Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 2
Table of Contents
Оглавление1 Cover
7 Foreword
8 Introduction ABOUT THIS BOOK WHERE DO YOU GO FROM HERE? LET'S GET STARTED! HOW TO CONTACT THE PUBLISHER NOTES
9 CHAPTER 1: Security Operations and Administration COMPLY WITH CODES OF ETHICS UNDERSTAND SECURITY CONCEPTS DOCUMENT, IMPLEMENT, AND MAINTAIN FUNCTIONAL SECURITY CONTROLS PARTICIPATE IN ASSET MANAGEMENT IMPLEMENT SECURITY CONTROLS AND ASSESS COMPLIANCE PARTICIPATE IN CHANGE MANAGEMENT PARTICIPATE IN SECURITY AWARENESS AND TRAINING PARTICIPATE IN PHYSICAL SECURITY OPERATIONS SUMMARY
10 CHAPTER 2: Access Controls ACCESS CONTROL CONCEPTS IMPLEMENT AND MAINTAIN AUTHENTICATION METHODS SUPPORT INTERNETWORK TRUST ARCHITECTURES PARTICIPATE IN THE IDENTITY MANAGEMENT LIFECYCLE IMPLEMENT ACCESS CONTROLS SUMMARY
11 CHAPTER 3: Risk Identification, Monitoring, and Analysis DEFEATING THE KILL CHAIN ONE SKIRMISH AT A TIME UNDERSTAND THE RISK MANAGEMENT PROCESS PERFORM SECURITY ASSESSMENT ACTIVITIES OPERATE AND MAINTAIN MONITORING SYSTEMS ANALYZE MONITORING RESULTS SUMMARY NOTES
12 CHAPTER 4: Incident Response and Recovery SUPPORT THE INCIDENT LIFECYCLE UNDERSTAND AND SUPPORT FORENSIC INVESTIGATIONS UNDERSTAND AND SUPPORT BUSINESS CONTINUITY PLAN AND DISASTER RECOVERY PLAN ACTIVITIES CIANA+PS AT LAYER 8 AND ABOVE SUMMARY
13 CHAPTER 5: Cryptography UNDERSTAND FUNDAMENTAL CONCEPTS OF CRYPTOGRAPHY CRYPTOGRAPHIC ATTACKS, CRYPTANALYSIS, AND COUNTERMEASURES UNDERSTAND THE REASONS AND REQUIREMENTS FOR CRYPTOGRAPHY UNDERSTAND AND SUPPORT SECURE PROTOCOLS UNDERSTAND PUBLIC KEY INFRASTRUCTURE SYSTEMS SUMMARY NOTES
14 CHAPTER 6: Network and Communications Security UNDERSTAND AND APPLY FUNDAMENTAL CONCEPTS OF NETWORKING IPV4 ADDRESSES, DHCP, AND SUBNETS IPV4 VS. IPV6: KEY DIFFERENCES AND OPTIONS UNDERSTAND NETWORK ATTACKS AND COUNTERMEASURES MANAGE NETWORK ACCESS CONTROLS MANAGE NETWORK SECURITY OPERATE AND CONFIGURE NETWORK-BASED SECURITY DEVICES OPERATE AND CONFIGURE WIRELESS TECHNOLOGIES SUMMARY NOTES
15 CHAPTER 7: Systems and Application Security SYSTEMS AND SOFTWARE INSECURITY INFORMATION SECURITY = INFORMATION QUALITY + INFORMATION INTEGRITY IDENTIFY AND ANALYZE MALICIOUS CODE AND ACTIVITY IMPLEMENT AND OPERATE ENDPOINT DEVICE SECURITY OPERATE AND CONFIGURE CLOUD SECURITY OPERATE AND SECURE VIRTUAL ENVIRONMENTS SUMMARY NOTES
16 Appendix: Cross-Domain Challenges PARADIGM SHIFTS IN INFORMATION SECURITY? PIVOT 1: TURN THE ATTACKERS' PLAYBOOKS AGAINST THEM PIVOT 2: CYBERSECURITY HYGIENE: THINK SMALL, ACT SMALL PIVOT 3: FLIP THE “DATA-DRIVEN VALUE FUNCTION” PIVOT 4: OPERATIONALIZE SECURITY ACROSS THE IMMEDIATE AND LONGER TERM PIVOT 5: ZERO-TRUST ARCHITECTURES AND OPERATIONS OTHER DANGERS ON THE WEB AND NET CURIOSITY AS COUNTERMEASURE NOTES
17 Index