Who Should Read This Book?

Although the Systems Security Certified Practitioner certification has been offered by (ISC)² for many years, in 2015 the Common Body of Knowledge (CBK), which forms the foundation for the exam, was substantially modified. To keep the certification relevant with the rapid developments in the industry, the (ISC)² organization regularly undertakes a program to ascertain the new skills required by the individuals holding its certification. It has been estimated that as much as 25 to 30 percent of new information has been added to various (ISC)² certifications during this process. As should be expected, the SSCP exam was changed to reflect the additional information and knowledge required of candidates. These changes were announced as recently as the first quarter of 2015. Although other exam preparation sources may contain adequate information for past examinations, they may not offer the complete scope of the new information as contained in this book.

The SSCP: Systems Security Certified Practitioner Study Guide is intended for candidates wishing to achieve the Systems Security Certified Practitioner certification. It is a comprehensive exam preparation guide to assist you in understanding the various concepts that will be included on the exam. Although deep technical knowledge and work experience are not required to pass the examination, it is necessary to have a basic understanding of security technologies such as networking, client/server architecture, and the devices and controls used to reduce risk to organizations. This book covers items such as network telecommunications as well as cryptography in very down-to-earth, easy-to-understand language that makes comprehension and information retention easy and painless.

What Is Covered in This Book

This textbook is a comprehensive review of all of the subjects you should be familiar with prior to taking the SSCP certification exam. It generally follows the exam outline as expressed by the (ISC)² organization. Various learning tools will be used, such as examples and typical applications of many of the concepts. You will also read case studies of successful and sometimes not-so-successful real-world examples. Each chapter will include notes that will elaborate in a little more detail about a concept as well as a number of exam points that serve as detailed reminders of important concepts that are important to remember.

As you will see, this book is not a condensed “exam notes guide” type of book. Instead, it comprehensively covers the different subjects and categories of information that a practicing SSCP should know, not only to pass the certification examination but also to apply in the workplace.

To successfully pass this certification examination as well as any future (ISC)² certification examination, it is important not to just memorize the material but to learn and understand the topics. If you understand the material and how it's applied, you will always be successful on an examination.

1. Chapter 1: Information Security: The Systems Security Certified Practitioner Certification This chapter introduces the SSCP examination candidate to the requirements and preparation required to sit for the exam. It familiarizes the you with the (ISC)² organization, the requirements you must meet to take the examination, examination registration procedures, the (ISC)² SSCP endorsement requirements, the continuing education requirements (CEU), and the annual fee.

   In this chapter you will learn what to expect at the examination center and how to plan for your examination day. Through the years, many other individuals have taken technical examinations similar to the SSCP certification examination. In this chapter, you will learn many of their successful study techniques so that you may be equally as successful when preparing for the examination.

2. Chapter 2: Security Basics: A Foundation The SSCP certification examination consists of 125 multiple-choice questions concerning the (ISC)² organization's SSCP Common Body of Knowledge (CBK). This body of knowledge consist of seven domains, or separate sections of information. Chapter 2 introduces you to the concepts of access control and a large number of related terms and definitions. It begins with a description of the CIA triad, which is the foundation for enterprise IT security. The discussion includes an understanding of security terms and concepts. You will see that some of these concepts have various permutations over time such as the wireless security protocols of WEP, WPA, and eventually WPA2 that we use today.
3. Chapter 3: Domain 1: Access Controls Protecting enterprise resources is a major part of the job description of an IT security professional. In this chapter, you will learn in detail how access controls are selected and implemented to protect resources from unauthorized use or entry. You will learn the importance of identification, authentication, authorization, logging, and accountability. You will understand that various access control techniques, such as discretionary access control as well as nondiscretionary access control in the form of mandatory access control and roll-based access control may be implemented in various situations throughout an enterprise.
4. Chapter 4: Domain 2: Security Operations and Administration Every enterprise must have policies, standards, procedures, and guidelines that provide documented information that guides the actions of the organization as well as the individuals it employs or interacts with. Chapter 4 will introduce you to the concept of information availability, integrity, and confidentiality as it applies to management personnel, system owners, information managers, and end users throughout an organization. In this chapter, you will come to understand change management as well as applying patches and updates to software and systems and complying with data management policies. This chapter will also cover data classification and the importance of validating that a security control is operating effectively.
5. Chapter 5: Domain 3: Risk Identification, Monitoring, and Analysis Potential threats pose risks to every organization. This chapter introduces organized assessment techniques to provide ongoing threat identification and monitoring. You will learn the importance of implementing controls to mitigate or reduce threats or vulnerabilities, which thereby reduces overall risk to the organization.

   This chapter includes a discussion of risk management concepts, the assessment of risk, and typical techniques organizations use to address risks, such as buying insurance, reducing risk, and possibly avoiding risk altogether. You will also learn the importance of discovering events and incidents as they are occurring through monitoring and reviewing log files as well as the techniques of participating in both risk reduction and risk response activities.

6. Chapter 6: Domain 4: Incident Response and Recovery There are several key tasks that may become the responsibility or assignment of the security practitioner. Some of these tasks can involve actions and activities in response to an incident or emergency situation. In this chapter, you will be introduced to the techniques of incident handling (which include investigations, reporting, and escalation) as well as digital forensic concepts. You will learn the actions required of a first responder, including the requirements concerning protection of an incident scene, evidence acquisition and handling, and restoring the environment to a state prior to the incident.

   This chapter will also cover the creation of a business continuity plan as well as a disaster recovery plan, both of which are required by an enterprise to be used during a disaster event. And finally, the importance of testing the plans and providing exercises and drills for the participants will be discussed.

7. Chapter 7: Domain 5: Cryptography Confidentiality, as a leg of the CIA triad, is a major responsibility of all of the individuals in IT security as well as the SSCP. This chapter will introduce you to the concepts and requirements of confidentiality and how to provide it using cryptographic methods. Cryptographic algorithms, the use of keys, and the types of cryptographic systems will be discussed in detail, but in a way that will be easy to understand. You will discover that every time an individual logs into an e-commerce website, most of the concepts covered in this chapter, such as public-key infrastructure, will be utilized.

   You will gain an understanding of the use of digital certificates, how to provide integrity for data, and what techniques can be used so that data is protected when it is at rest or in transit. Finally, you will learn how authentication can be provided by cryptographic means as well as how to ensure that the sender of a message can't deny that they sent the message, which is referred to as nonrepudiation.

8. Chapter 8: Domain 6: Networks and Communications IT networks comprise numerous hardware devices that are assembled using various methods and resulting in network models called topologies. Network devices make use of signaling techniques referred to as telecommunications to transfer data between users and through devices. In Chapter 8, you will be introduced to network models and hardware devices as well as the structure of data that flows over the networks and through these devices.

   This chapter will cover wireless and cellular technologies including the concepts of Bring Your Own Device and the connection of personal digital devices to the enterprise network. It will conclude with a discussion of converged network communications such as voice and media over the digital network and the prioritization of information that transverses a network.

9. Chapter 9: Domain 7: Systems and Application Security Forming the termination point of a network connection are endpoints such as, for example, host workstations, digital wireless devices, printers, scanners, and devices like point-of-sale equipment. Chapter 9 will introduce you to the importance of securing endpoints against many types of malicious code attacks and how to apply various countermeasures to mitigate the threat of endpoint attacks.

   You will also become familiar with cloud security and many of the new requirements concerning data transmission between a user and the cloud and data storage in a cloud environment. The chapter includes a discussion about the importance of virtualization, not only in a local IT data center but also throughout the cloud environment.

   The chapter will conclude with a discussion of data warehousing and big data environments, including a description of the use of thousands of processors in parallel to analyze big data and derive usable information, including trend analysis, the analysis of weather, and scientific applications.

10. Appendix A: Answers to the Written Labs As an additional learning technique, you will find at the end of each chapter a series of five questions that require you to think through an answer in an essay-type format. You will be asked to define the difference between two techniques, for example, or to explain the use of something covered in the chapter. This is an opportunity for you to write out a brief description of your understanding of the concepts that were covered in the chapter. In Appendix A, you will find brief answers to each of the written lab questions. You can compare your answers with these as a review and to determine if further reading and studying is required.
11. Appendix B: Answers to Review Questions In this appendix, you will find the answers to each of the review questions found at the end of each chapter.
12. Appendix C: Diagnostic Tools The role of the security practitioner can be that of a hands-on technician who utilizes various tools and techniques to analyze and solve problems. This appendix outlines a number of diagnostic tools that are available to the security practitioner. You can practice using any of these tools to gain a better understanding of their application when used in analysis and problem solving.

How Do I Use This Book?

This book is simple to use and simple to read. It offers straightforward explanations of all of the SSCP exam topics. Along the way, there are many Exam Points, which are tidbits of information that are important to understand and remember while preparing for the exam.

1. Pre-study Assessment Exam The pre-study assessment exam is a short 10-question quiz on some basic topics that are contained in the book. This will give you an idea of not only of some of the topics in the book but also your current level of understanding. Don't worry, after reading the book, you'll understand every question on the assessment exam.
2. Notes and Case Studies Various notes and case studies are included throughout each chapter to point out relevant, real-world applications of some of the topics. The notes will draw your attention to important issues and changes in the security landscape or specific items of interest concerning the topics in each chapter.
3. Exam Points Exam Points are important facts and pieces of information that are important to know for the examination. They are sprinkled throughout this book in every chapter. You should understand the fact or the theory but also consider the application of the technique.
4. Chapter Review Questions To test your knowledge as you proceed through the book, there are 20 review questions at the end of each chapter. As you finish each chapter, answer the review questions and then check your answers. Should you get a question wrong, you can go back to reread the section that deals with the subject to ensure that you answer correctly the next time.
5. Electronic Flashcards Flashcards are excellent for memory and information retention. They may be used to rapidly test your memory and recall of various topics, terms, and definitions. These are similar to the flashcards you might have used when you were in school. You can answer them on your PC or download them onto a personal device for convenient reviewing.
6. Test Engine The website also contains the Sybex Test Engine. Using the sample exam and this custom test engine, you can identify areas in which you might require additional study. You'll notice that the practice examination is worded a little differently than the questions at the end of the chapters. The SSCP examination might give you a short scenario and require you to think about the application of the concept rather than just provide a term and ask you to define it.

   An examination question quite often will ask you to apply the concept. For example, a question might be worded, “Bill is in the Dallas office of ABC Corporation while Tom is in their sales office in Chicago. Bill needs to send data over an untrusted network to Tom. Which of the following options best describes the technique he should use?”

7. Glossary of Terms An extensive glossary of terms is included on the website. You can view these on your PC or easily download them to a personal device for quick and easy reference. I suggest, in the first pass, read the question and respond with the answer. In the next pass, read the answers and determine what the topic is. Remember, exam questions might be phrased by giving you the definition and asking for the term or by giving you the term and asking for the definition. For instance, an exam question may be as follows: When using IPsec, which of the following best describes the services performed by the authentication header (AH)? Or, it may be worded like this: When using IPsec, authentication and integrity is performed by which of the following? Authentication header is the correct answer. Notice that both of these questions refer to the same information.