Table of Contents

1. Cover
2. Title Page
3. Copyright
4. Acknowledgments
5. About the Author
6. About the Technical Editor
7. Introduction
   1. About This Book
   2. What Is an SSCP?
   3. Using This Book
   4. Major Changes in This Edition
   5. Objective Map
   6. Earning Your Certification
   7. Congratulations! You're Now an SSCP. Now What?
   8. Let's Get Started!
   9. Assessment  Test
   10. Answers to Assessment  Test
8. PART I: Getting Started as an SSCP
   1. Chapter 1: The Business Case for Decision Assurance and Information Security
      1. Information: The Lifeblood of Business
      2. Policy, Procedure, and Process: How Business Gets Business Done
      3. Who Runs the Business?
      4. Summary
      5. Exam Essentials
      6. Review Questions
   2. Chapter 2: Information Security Fundamentals
      1. The Common Needs for Privacy, Confidentiality, Integrity, and Availability
      2. Training and Educating Everybody
      3. SSCPs and Professional Ethics
      4. Summary
      5. Exam Essentials
      6. Review Questions
9. PART II: Integrated Risk Management and Mitigation
   1. Chapter 3: Integrated Information Risk Management
      1. It’s a Dangerous World
      2. The Four Faces of Risk
      3. Getting Integrated and Proactive with Information Defense
      4. Risk Management: Concepts and Frameworks
      5. Risk Assessment
      6. Four Choices for Limiting or Containing Damage
      7. Summary
      8. Exam Essentials
      9. Review Questions
   2. Chapter 4: Operationalizing Risk Mitigation
      1. From Tactical Planning to Information Security Operations
      2. Operationalizing Risk Mitigation: Step by Step
      3. The Ongoing Job of Keeping Your Baseline Secure
      4. Ongoing, Continuous Monitoring
      5. Reporting to and Engaging with Management
      6. Summary
      7. Exam Essentials
      8. Review Questions
10. PART III: The Technologies of Information Security
    1. Chapter 5: Communications and Network Security
       1. Trusting Our Communications in a Converged World
       2. Internet Systems Concepts
       3. Two Protocol Stacks, One Internet
       4. Wireless Network Technologies
       5. IP Addresses, DHCP, and Subnets
       6. IPv4 vs. IPv6: Important Differences and Options
       7. CIANA Layer by Layer
       8. Securing Networks as Systems
       9. Summary
       10. Exam Essentials
       11. Review Questions
    2. Chapter 6: Identity and Access Control
       1. Identity and Access: Two Sides of the Same CIANA+PS Coin
       2. Identity Management Concepts
       3. Access Control Concepts
       4. Network Access Control
       5. Implementing and Scaling IAM
       6. User and Entity Behavior Analytics (UEBA)
       7. Zero Trust Architectures
       8. Summary
       9. Exam Essentials
       10. Review Questions
    3. Chapter 7: Cryptography
       1. Cryptography: What and Why
       2. Building Blocks of Digital Cryptographic Systems
       3. Keys and Key Management
       4. Modern Cryptography: Beyond the “Secret Decoder Ring”
       5. “Why Isn't All of This Stuff Secret?”
       6. Cryptography and CIANA+PS
       7. Public Key Infrastructures
       8. Applying Cryptography to Meet Different Needs
       9. Managing Cryptographic Assets and Systems
       10. Measures of Merit for Cryptographic Solutions
       11. Attacks and Countermeasures
       12. PKI and Trust: A Recap
       13. On the Near Horizon
       14. Summary
       15. Exam Essentials
       16. Review Questions
    4. Chapter 8: Hardware and Systems Security
       1. Infrastructure Security Is Baseline Management
       2. Securing the Physical Context
       3. Infrastructures 101 and Threat Modeling
       4. Endpoint Security
       5. Malware: Exploiting the Infrastructure's Vulnerabilities
       6. Privacy and Secure Browsing
       7. “The Sin of Aggregation”
       8. Updating the Threat Model
       9. Managing Your Systems' Security
       10. Summary
       11. Exam Essentials
       12. Review Questions
    5. Chapter 9: Applications, Data, and Cloud Security
       1. It's a Data-Driven World…At the Endpoint
       2. Software as Appliances
       3. Applications Lifecycles and Security
       4. CIANA+PS and Applications Software Requirements
       5. Application Vulnerabilities
       6. “Shadow IT:” The Dilemma of the User as Builder
       7. Information Quality and Information Assurance
       8. Protecting Data in Motion, in Use, and at Rest
       9. Into the Clouds: Endpoint App and Data Security Considerations
       10. Legal and Regulatory Issues
       11. Countermeasures: Keeping Your Apps and Data Safe and Secure
       12. Summary
       13. Exam Essentials
       14. Review Questions
11. PART IV: People Power: What Makes or Breaks Information Security
    1. Chapter 10: Incident Response and Recovery
       1. Defeating the Kill Chain One Skirmish at a Time
       2. Harsh Realities of Real Incidents
       3. Incident Response Framework
       4. Preparation
       5. Detection and Analysis
       6. Containment and Eradication
       7. Recovery: Getting Back to Business
       8. Post-Incident Activities
       9. Summary
       10. Exam Essentials
       11. Review Questions
       12. Note
    2. Chapter 11: Business Continuity via Information Security and People Power
       1. What Is a Disaster?
       2. Surviving to Operate: Plan for It!
       3. Timelines for BC/DR Planning and Action
       4. Options for Recovery
       5. Cloud-Based “Do-Over” Buttons for Continuity, Security, and Resilience
       6. People Power for BC/DR
       7. Security Assessment: For BC/DR and Compliance
       8. Converged Communications: Keeping Them Secure During BC/DR Actions
       9. Summary
       10. Exam Essentials
       11. Review Questions
    3. Chapter 12: Cross-Domain Challenges
       1. Operationalizing Security Across the Immediate and Longer Term
       2. Supply Chains, Security, and the SSCP
       3. Other Dangers on the Web and Net
       4. On Our Way to the Future
       5. Enduring Lessons
       6. Your Next Steps
       7. At the Close
       8. Exam Essentials
       9. Review Questions
12. Appendix: Answers to Review Questions
    1. Chapter 1: The Business Case for Decision Assurance and Information Security
    2. Chapter 2: Information Security Fundamentals
    3. Chapter 3: Integrated Information Risk Management
    4. Chapter 4: Operationalizing Risk Mitigation
    5. Chapter 5: Communications and Network Security
    6. Chapter 6: Identity and Access Control
    7. Chapter 7: Cryptography
    8. Chapter 8: Hardware and Systems Security
    9. Chapter 9: Applications, Data, and Cloud Security
    10. Chapter 10: Incident Response and Recovery
    11. Chapter 11: Business Continuity via Information Security and People Power
    12. Chapter 12: Cross-Domain Challenges
13. Index
14. End User License Agreement

List of Tables

1. Introduction
   1. TABLE I.1 Objective Map
2. Chapter 5
   1. TABLE 5.1 OSI and TCP/IP side by side
   2. TABLE 5.2 OSI 7-layer model and TCP/IP 4-layer model in context
   3. TABLE 5.3 Common TCP/IP ports and protocols
   4. TABLE 5.4 IPv4 address classes
   5. TABLE 5.5 Address classes and CIDR

List of Illustrations

1. Chapter 1
   1. FIGURE 1.1 The knowledge pyramid
   2. FIGURE 1.2 Messaging at passenger screening (notional)
   3. FIGURE 1.3 The value chain
   4. FIGURE 1.4 Ishikawa (or “fishbone”) diagram for a value process
   5. FIGURE 1.5 The organization chart as pyramid (traditional view)
   6. FIGURE 1.6 The inverted pyramid supports work at the gemba
2. Chapter 3
   1. FIGURE 3.1 Vulnerability leads to failure, which leads to impact
   2. FIGURE 3.2 Four faces of risk, viewed together
   3. FIGURE 3.3 The layered view
   4. FIGURE 3.4 NIST RMF areas of concern
   5. FIGURE 3.5 NIST RMF phased approach
   6. FIGURE 3.6 ISO 31000:2018 Conceptual RMF
   7. FIGURE 3.7 PDCA cycle diagram (simple), with subcycles
3. Chapter 4
   1. FIGURE 4.1 John Boyd’s OODA loop
   2. FIGURE 4.2 Risk mitigation major steps
4. Chapter 5
   1. FIGURE 5.1 Wrapping: layer-by-layer encapsulation
   2. FIGURE 5.2 Bus topology
   3. FIGURE 5.3 Ring network topology
   4. FIGURE 5.4 Star (or tree) network topology
   5. FIGURE 5.5 Mesh network topology (fully connected)
   6. FIGURE 5.6 Data Link layer frame format
   7. FIGURE 5.7 IPv4 packet format
   8. FIGURE 5.8 Easy OSI mnemonics
   9. FIGURE 5.9 Changes to the packet header from IPv4 to IPv6
5. Chapter 6
   1. FIGURE 6.1 Subjects and objects
   2. FIGURE 6.2 US-CERT Traffic Light Protocol for information classification and...
   3. FIGURE 6.3 Bell-LaPadula (a) vs. Biba access control models (b)
   4. FIGURE 6.4 Crossover error rate (where FAR equals FRR)
   5. FIGURE 6.5 Overall access control system error rates trade space
   6. FIGURE 6.6 Digital identity and credentials process model (from NIST SP 800-...
   7. FIGURE 6.7 UEBA security in operation (conceptual)
6. Chapter 7
   1. FIGURE 7.1 The basics of encoding, encrypting, decrypting, and decoding
   2. FIGURE 7.2 Substitution and transposition
   3. FIGURE 7.3 Comparing hashing and encryption as functions
   4. FIGURE 7.4 Chains of trust
   5. FIGURE 7.5 Certification path validation algorithm
   6. FIGURE 7.6 The blockchain concept
   7. FIGURE 7.7 Crypto family tree
7. Chapter 8
   1. FIGURE 8.1 Notional datacenter design
   2. FIGURE 8.2 Is this firmware update good news?
8. Chapter 9
   1. FIGURE 9.1 Waterfall software development lifecycle model
9. Chapter 10
   1. FIGURE 10.1 Incident triage and response process
   2. FIGURE 10.2 ATT&CK enterprise framework (partial)
   3. FIGURE 10.3 Incident response process
   4. FIGURE 10.4 NIST 800-61 incident response flow
   5. FIGURE 10.5 Incident Handling Checklist
10. Chapter 11
    1. FIGURE 11.1 Continuity of operations planning and supporting planning proces...
    2. FIGURE 11.2 Timelines for incident response, recovery, and continuity
    3. FIGURE 11.3 Beyond the seventh layer

Guide

1. Cover Page
2. Title Page
3. Copyright
4. Acknowledgments
5. About the Author
6. About the Technical Editor
7. Introduction
8. TABLE of Contents
9. Begin Reading
10. Appendix: Answers to Review Questions
11. Index
12. WILEY END USER LICENSE AGREEMENT