The official (ISC)2 guide to the SSCP CBK /

Mostrar otras versiones (1)

The (ISC) 2 Systems Security Certified Practitioner (SSCP) certification is one of the most popular and ideal credential for those wanting to expand their security career and highlight their security skills. If you are looking to embark on the journey towards your (SSCP) certification then the Offic...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Otros Autores: Gordon, Adam (IT professional) (Editor ), Hernandez, Steven (Editor )
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Indianapolis, IN : Sybex, [2016]
Edición:Third edition.
Temas:
Electronic data processing personnel > Certification.
Telecommunications engineers > Certification.
Computer security > Examinations > Study guides.
Computer networks > Security measures > Examinations > Study guides.
Sécurité informatique > Examens > Guides de l'étudiant.
Réseaux d'ordinateurs > Sécurité > Mesures > Examens > Guides de l'étudiant.
Computer networks > Security measures > Examinations.
Computer security > Examinations.
Study guides.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • The Official (ISC)2® Guide to the SSCP® CBK®; Foreword; Introduction; Domain 1: Access Controls; Objectives; Access Control Concepts; Applying Logical Access Control in Terms of Subjects; Applying Logical Access Control in Terms of Objects or Object Groups; Implementing Access Controls; Discretionary Access Control; Role-Based Access Controls; Nondiscretionary Access Control; Mandatory Access Control; Attribute-Based Access Control; Security Architecture and Models; Bell-LaPadula Confidentiality Model 8; Biba9 and Clark-Wilson Integrity Models10; Additional Models
  • Implementing Authentication Mechanisms-Identification, Authentication, Authorization, and AccountabilityIdentification (Who Is the Subject?); Authentication (Proof of Identity); Authorization; Authentication Using Kerberos; User/Device Authentication Policies; Comparing Internetwork Trust Architectures; Internet; Intranet; Extranet; Demilitarized Zone (DMZ); Trust Direction; One-Way Trust; Two-Way Trust; Trust Transitivity; Administering the Identity Management Lifecycle; Authorization; Proofing; Provisioning; Maintenance; Entitlement; Summary; Sample Questions; Notes
  • Domain 2: Security OperationsObjectives; Code of Ethics; Code of Ethics Preamble; Code of Ethics Canons; Applying a Code of Ethics to Security Practitioners; Security Program Objectives: The C-I-A Triad and Beyond; Confidentiality; Integrity; Availability; Non-Repudiation; Privacy; Security Best Practices; Designing a Security Architecture; Secure Development and Acquisition Lifecycles; System Vulnerabilities, Secure Development, and Acquisition Practices; Hardware/Software; Data; Disclosure Controls: Data Leakage Prevention; Technical Controls ; Operational Controls; Managerial Controls
  • Implementation and Release ManagementSystems Assurance and Controls Validation; Change Control and Management; Configuration Management; Security Impact Assessment; System Architecture/Interoperability of Systems; Patch Management; Monitoring System Integrity; Security Awareness and Training; Interior Intrusion Detection Systems; Building and Inside Security; Securing Communications and Server Rooms; Restricted and Work Area Security; Data Center Security; Summary; Sample Questions; Notes; Domain 3: Risk, Identification, Monitoring, and Analysis; Objectives; Introduction to Risk Management
  • Risk Management ConceptsSecurity Auditing Overview; Responding to an Audit; Exit Interview; Presentation of Audit Findings; Management Response; Security Assessment Activities; Vulnerability Scanning and Analysis; Penetration Testing; Operating and Maintaining Monitoring Systems; Security Monitoring Concepts; Attackers; Intrusions; Events; Types of Monitoring; Log Files; Source Systems; Security Analytics, Metrics, and Trends; Visualization; Event Data Analysis; Communication of Findings; Going Hands-on-Risk Identification Exercise; Virtual Testing Environment; Creating the Environment

Ejemplares similares