Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
3Activity

Table Of Contents

Access Controls
Introduction
Identification
Authentication
Authorization
Requirements
Group Profiles
Object Groups
Access Control Concepts
Access Control Formal Models
Other Discretionary Access Control Considerations
Other Access Control Considerations
Operating System Hardening
Patch Management
Vulnerability Management
Sample Questions
Security Operations and Administration
What Is “Security Administration”?
Fundamentals of Information Security
The A-I-C Triad
Availability
Integrity
Compliance with Policy Infrastructure
Security Event Logs
Information Security Compliance Liaison
Remediation
Security Administration: Data Classification
Marking and Labeling
Labels
Assurance and Enforcement
Identity Management
Security Administration: Configuration Management
What Is Configuration Management (CM)?
Why Is CM Important?
Change Control Roles in CM
Baselines
Baseline Measurements
Change Management Process
Concept of Risk-Based, Cost-Effective Controls
Validation of Security Controls
Impact of Security Environment Changes
Patches, Fixes, and Updates Validation
Secure System Development Life Cycle
The System Development Life Cycle
Risk Assessment
Selecting Tools/Techniques for Risk Assessment
Risk Assessment Steps
Risk Management
Risk Avoidance
Risk Transfer
Risk Mitigation
Risk Acceptance
Software Development Methods
The Waterfall Model
Requirements Analysis and Definition
System and Software Design
Development
Testing and Implementation
Operation and Maintenance
The Iterative Development Model
The Exploratory Model
The Rapid Application Development (RAD) Model
The Spiral Model
The Computer Aided Software Engineering (CASE) Model
Extreme Programming
Security Management Planning
Creating the Security Statement
Security Policy Creation and Maintenance
Security Policy Implementation
Security Procedure Development and Documentation
Organization Security Evaluation and Assistance
The Protection Profile
Modes of Operation
Compartmented Mode
Multilevel Secure Mode (MLS)
Operating Utilities and Software
The Central Processing Unit
Memory
Service Level Agreement Compliance
User Security Awareness Education
Security Awareness
Security Training
Security Education
Code of Ethics
Code of Ethics (ISC)2
Acceptable Use Policy
Security Administration: Policies, Standards, and Guidelines
Implementing Security Requirements Guidance
Certification and Accreditation Process Concepts
Systems Accreditation
System Certification Effort Support
Security Administration: Security Control Architecture
Evaluation Criteria
Trusted Computer System Evaluation Criteria
Security Best Practices Implementation
Basic Security Mechanisms
Analysis and Monitoring
Section 1: Security Auditing
Security Auditing Overview
Post Audit Activities
Security Framework
Security Controls
ISO 17799 Information
Section 2: Security Testing
Security Testing Overview
Reconnaissance and Network Mapping Techniques
Vulnerability and Penetration Testing Techniques
Penetration Testing High-Level Steps
Penetration Testing — NT Host Enumeration Example
Section 3: Security Monitoring
Security Monitoring Concepts — Why Are Systems Attacked?
IDS Monitoring Technologies and Methods
Logging, Log Storage, and Analysis
Techniques Used to Evade Monitoring
Implementation Issues for Monitoring
Risk, Response, and Recovery
Section 1: Risk Management
Elements of Risk Management
Risk Management Definitions
Risk Management Overview
Frequency of Risk Analysis
Controls
Section 2: Response
Business Continuity Planning
BIA Models
Recovery Planning
Recovery Categories
Disaster Recovery
Subscription Service Alternatives
Incident Response
Reviewing System Logs
Computer Incident Response Issues
Limited Examinations
Incident Response Procedures (Specific to Windows NT/2000)
Preparation
Detection
Strategy
Containment
Notification
Investigation
Forensic Duplication
Steps in Acquisition
Recovery, Response, and Follow-up
Video Forensics
Section 3: Recovery
Recovery Time
Recovery Objectives
Recovery Time Objective
Recovery Resources
Related Processes
IT Management Role during Recovery
IT Management Role after Recovery
Verify and Update Procedures
Windows NT
References
Useful Web Sites
Cryptography
Business and Security Requirements for Cryptography
Confidentiality
Non-Repudiation (Digital Signatures)
Principles of Certificates and Key Management
Issuing and Validating
Hash Function and Data Integrity
Secure Protocols
SSL/TLS
SHTTP
IPSEC
Networks and Telecommunications
Introduction to Networks and Telecommunications
The Basic OSI Model: Its Security Strengths and Weaknesses
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
DOD TCP/IP Model
Network Topologies and Their Security Issues
WAN Access and Its Security Issues
Transport Layer Security Protocols
Application Layer Security
Physical Transmission Medias
Different Transmission Medias
The Enterprise Network Environment and Its Vulnerabilities
Hubs
Bridges
Switches
Layer 2 Switch
Layer 3 Switch
Access Points
Routers
Firewalls
Identification and Authentication for Remote Users
Wireless Introduction
Securing the IT Infrastructure
Domains of IT Security Responsibility
Defining Standard and Enhanced Security Requirements
Implementing Standard and Enhanced Security Solutions
References and Useful Web Sites
Malicious Code
Information Protection Requirements
A History of Computer Viruses
Virus Characteristics
Why Care?
Denial of Service Attacks
Spoofing Attacks
Attacks and Exploits Using Malformed Data
How Active Content Operates
JavaScript and Visual Basic Script
Java Active Code
Structure and Focus of Malicious Code Attacks
Phases of an Attack
Reconnaissance and Probing
DNS Commands and Tools
ICMP and Related TCP/IP Tools
Using SNMP Tools
Port Scanning and Port Mapping
Security Probes
Use of Spyware and Backdoor Trojans
Access and Privilege Escalation
Password Capturing and Cracking
Eavesdropping, Data Collection, and Theft
Hackers, Crackers, and Other Perpetrators
What’s in a Name?
Where Do Threats Come From?
Social Engineering
Exploits from the Internet
How Can I Protect against These Attacks
Application Defenses
Operating System Defenses (Hardening the OS)
Network Infrastructure Defenses
Incident Detection Tools and Techniques
Intrusion Detection Systems
Types of Anti-Virus (Anti-Malware) Software
Classes of Honeypots
Attack Prevention Tools and Techniques
Safe Recovery Techniques and Practices
Policy Considerations
Implementing Effective Software Engineering Best Practices
Answers to Sample Questions
Domain 1: Access Controls
Domain 2: Security Operations and Administration
Domain 3: Analysis and Monitoring
Domain 4: Risk, Response, and Recovery
Domain 5: Cryptography
Domain 6: Networks and Telecommunications
Domain 7: Malicious Code
1 — Access Controls
Key Areas of Knowledge
2 — Security Operations and Administration
Overview
3 — Analysis and Monitoring
4 — Risk, Response, and Recovery
5 — Cryptography
6 — Networks and Telecommunications
7 — Malicious Code
General Examination Information
Glossary
Index
0 of .
Results for:
No results containing your search query
P. 1
Official (ISC) Guide to the SSCP

Official (ISC) Guide to the SSCP

Ratings: (0)|Views: 552|Likes:

More info:

Published by: Pedro Moriqui Ohoya Ueno on Nov 05, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

01/24/2013

pdf

text

original

You're Reading a Free Preview
Pages 13 to 14 are not shown in this preview.
You're Reading a Free Preview
Pages 27 to 333 are not shown in this preview.
You're Reading a Free Preview
Pages 346 to 363 are not shown in this preview.
You're Reading a Free Preview
Pages 376 to 388 are not shown in this preview.
You're Reading a Free Preview
Pages 401 to 609 are not shown in this preview.

Activity (3)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Jawaid Iqbal liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->