SSCP systems security certified practitioner : exam guide : all in one

Get complete coverage of all the material on the Systems Security Certified Practitioner (SSCP) exam inside this comprehensive resource. Written by a leading IT security certification and training expert, this authoritative guide addresses all seven SSCP domains as developed by the International Inf...

Descripción completa

Detalles Bibliográficos
Otros Autores:	Gibson, Darril Author (author), Rogers, Bobby E. (-)
Formato:	Libro electrónico
Idioma:	Inglés
Publicado:	[Place of publication not identified] McGraw Hill 2012
Edición:	1st edition
Colección:	All-In-One
Materias:	Computer networks > Examinations > Security measures > Study guides Telecommunications engineers > Certification Electrical & Computer Engineering Engineering & Applied Sciences Telecommunications
Ver en Biblioteca Universitat Ramon Llull:	https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628827306719

Tabla de Contenidos:

Cover
Contents
Acknowledgments
Introduction
Chapter 1 Security Fundamentals
Reviewing the Requirements for SSCP
Registering for the Exam
Have One Year of Experience
Passing the Exam
Maintaining Your SSCP Certification
Understanding the Main Goals of Information Security
Availability
Integrity
Confidentiality
Exploring Fundamentals of Security
Defense in Depth
AAAs of Security
Accountability
Nonrepudiation
Least Privilege
Separation of Duties
Due Diligence
Due Care
Questions
Answers
Chapter 2 Access Controls
Comparing Identification and Authentication
Authentication
Three Factors of Authentication
Single Sign-on Authentication
Centralized Verse Decentralized Authentication
Offline Authentication
One-Time Passwords
Implementing Access Controls
Comparing Subjects and Objects
Logical Access Control
Physical Access Control
Access Control Models
DAC
Non-DAC
MAC
RBAC
Implementing Identity Management
Provisioning
Maintenance
De-provisioning
Entitlement
Understanding Cloud Computing
Virtualization
Storage
Privacy and Data Control
Compliance
Questions
Answers
Chapter 3 Basic Networking and Communications
The OSI Model
The Physical Layer (Layer 1)
The Data Link Layer (Layer 2)
The Network Layer (Layer 3)
The Transport Layer (Layer 4)
The Session Layer (Layer 5)
The Presentation Layer (Layer 6)
The Application Layer (Layer 7)
Comparing the OSI and TCP/IP Models
Network Topographies
Ethernet
Bus
Star
Token Ring
Reviewing Basic Protocols and Ports
Address Resolution Protocol
Internet Control Message Protocol
Internet Group Message Protocol
Dynamic Host Configuration Protocol
Simple Network Management Protocol.
HyperText Transfer Protocol and HyperText Transfer Protocol Secure
Domain Name System
Network File System
File Transfer Protocols
Tunneling Protocols
Routing Protocols
Telnet
Secure Shell
Internet Protocol Security
Secure Sockets Layer and Transport Layer Security
E-mail Protocols
Network News Transfer Protocol
Electronic Data Interchange
Mapping Well-Known Ports to Protocols
Comparing Internetwork Architectures
Comparing Public and Private IP Addresses
Using NAT
Exploring Wireless Technologies
Comparing WEP, WPA, and WPA2
Wireless Device Administrator Password
Wireless Service Set Identifier
MAC Filtering
Bluetooth
Radio-Frequency Identification
GSM
3G
WiMAX
NFC
Protecting Mobile Devices
Questions
Answers
Chapter 4 Advanced Networking and Communications
Understanding Telecommunications
Internet Connections
VoIP
Securing Phones
Understanding Firewalls
Packet Filtering Firewall
Stateful Inspection Firewall
Application Firewall
Defense Diversity
Comparing Network-based and Host-based Firewalls
Using Proxy Servers
Exploring Remote Access Solutions
Risks and Vulnerabilities
Tunneling Protocols
Authentication
Access and Admission Control
Questions
Answers
Chapter 5 Attacks
Comparing Attackers
Hackers and Crackers
Insiders
Script Kiddies
Phreaks
Exploring Attack Types
DoS
DDoS
Botnets and Zombies
Spam
Sniffing Attack
Ping Sweep
Port Scan
Salami
Man-in-the-Middle
Session Hijacking
Replay
Buffer Overflow Attacks
Scareware and Ransomware
Password Attacks
Covert Channel
Cramming
Zero Day Exploits
Advanced Persistent Threat
Understanding Social Engineering
Piggybacking
Impersonation
Dumpster Diving
Shoulder Surfing
Phishing.
Spear Phishing and Whaling
Vishing
Smishing
Pharming
Social Networking Attacks
Raising User Awareness Through Training
Questions
Answers
Chapter 6 Malicious Code and Activity
Identifying Malicious Code
Virus
Worm
Trojan Horse
Logic Bomb
Keylogger
Rootkits
Mobile Code
Trapdoors and Backdoors
Spyware
Malware Hoaxes
Understanding Malicious Web Activity
Software Security
Injection
Cross Site Scripting
Cross Site Request Forgery
Implementing Malicious Code Countermeasures
Antivirus Software
Keeping AV Signatures Up to Date
Keep Operating Systems Up to Date
Spam Filters
Content-Filtering Appliances
Least Privilege
Educate Users
Beware of Shortened Links
Sign Up for E-mail Alerts
Common Vulnerabilities and Exposures
Questions
Answers
Chapter 7 Risk, Response, and Recovery
Defining Risk
Identifying Threats
Understanding Vulnerabilities
Understanding Impact
Managing Risk
Residual Risk
Identifying Assets
Performing Risk Assessments
Risk Assessment Steps
Quantitative Analysis
Qualitative Analysis
Address Findings
Responding to Incidents
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Post-incident Activity
Questions
Answers
Chapter 8 Monitoring and Analysis
Intrusion Detection Systems
IDS Alerts
Network-based Intrusion Detection Systems
Host-based Intrusion Detection Systems
Intrusion Prevention Systems
Detection Methods
Detection Systems and Logs
Detecting Unauthorized Changes
SEMs, SIMs, and SIEMs
Security Assessments
Vulnerability Assessments
Penetration Tests
Questions
Answers
Chapter 9 Controls and Countermeasures
Using Controls, Safeguards, and Countermeasures
Understanding the Goals of Controls
Preventive.
Detective
Corrective
Other Controls
Comparing the Classes of Controls
Management/Administrative
Technical
Operational/Physical
Exploring Some Basic Controls
System Hardening
Policies, Standards, Procedures, and Guidelines
Response Plans
Change Control and Configuration Management
Testing Patches, Fixes, and Updates
Endpoint Device Security
User Awareness and Training Programs
Understanding Fault Tolerance
Fault Tolerance for Disks
Failover Clusters
Redundant Connections
Understanding Backups
Full Backups
Full/Incremental Backup Strategy
Full/Differential Backup Strategy
Questions
Answers
Chapter 10 Auditing
Understanding Auditing and Accountability
Accountability
Auditing with Logs
Clipping Levels
Understanding Audit Trails
Exploring Audit Logs
Operating System Logs
*Nix Logs
Proxy Server Logs
Firewall Logs
The Review of Logs
Logs Stored on Remote Systems
Audit Log Management
Performing Security Audits
Password Audit
Security Policy Audit
ISACA
Exploring PCI DSS Requirements
Physical Access Audit
Understanding Configuration Management
Imaging
Group Policy
Understanding Change Management
Questions
Answers
Chapter 11 Security Operations
Managing Data
Data Classification
Identifying Classifications
Cradle-to-Grave Protection
Data at Rest and Data in Motion
Data Management Policies
Understanding Databases
Data Inference
Regulatory Requirements
Training
Asset Management
Hardware
Software
Data
Certification and Accreditation
Certification, Accreditation, and Security Assessments
Common Criteria
Using a Risk Management Framework
Understanding Security within the System Development Life Cycle
Questions
Answers.
Chapter 12 Security Administration and Planning
Understanding Security Policies
Security Policy Characteristics
Enforcing Security Policies
Value of a Security Policy
Understanding Code of Ethics
Policy Awareness
Updating Security Policies
Understanding Business Continuity Plans
Business Impact Analysis
Disaster Recovery Plan
Comparing a BCP and a DRP
Alternate Locations
Identifying Security Organizations
NIST
US-CERT
CERT/CC
Questions
Answers
Chapter 13 Legal Issues
Exploring Computer Forensics
First Responders and Preserving the Scene
Three Phases of a Computer Forensics Investigation
Forensic Evidence Guiding Principles
Volatile Data
Comparing Computer Abuse and Computer Crime
Understanding Fraud and Embezzlement Crime
Mandatory Vacations
Job Rotation
Understanding Privacy Issues
European Directives
California Supreme Court Rules That Zip Codes Are PII
Connecticut's Public Act No. 08-167
Children's Online Privacy Protection
California Online Privacy Protection Act of 2003
Questions
Answers
Chapter 14 Cryptography
An Overview of Cryptography Concepts
Enforcing Integrity with Hashing
Hashing Algorithms Provide One-Way Encryption
Hashing Algorithms
Verifying a Hash
Exploring Symmetric Encryption
ROT13
Comparing Block and Stream Ciphers
Advanced Encryption Standard
Other Symmetric Encryption Algorithms
Exploring Asymmetric Encryption
Secure Sockets Layer
Protecting E-mail with S/MIME
Other Encryption Schemes
Steganography
IPsec
Public Key Infrastructure
Certificates
Certification Authority
Comparing Cryptanalysis Attacks
Known Plaintext Attack
Cipher Text Attack
Questions
Answers
Appendix: About the CD
Glossary
A
B
C
D
E
F
G
H
I
J
K.
L.

SSCP systems security certified practitioner : exam guide : all in one

Ejemplares similares