Finally, I wish to thank my wife Nancy. She saved my life and brought me peace. Her strength inspired me to say “yes” one more time when Jim called me, again, about doing this book, and she has kept both of us healthy and happy throughout. We go together, on adventures like writing, and on ones for which we do need to pack a pocket handkerchief.
About the Author
Michael S. Wills, SSCP, CISSP, CAMS, is Assistant Professor of Applied and Innovative Information Technologies at the College of Business, Embry-Riddle Aeronautical University—Worldwide, where he continues his graduate and undergraduate teaching and research in cybersecurity and information assurance.
Mike has also been an advisor on science and technology policy to the UK's Joint Intelligence Committee, Ministry of Justice, and Defense Science and Technology Laboratories, helping them to evolve an operational and policy consensus relating topics from cryptography and virtual worlds, through the burgeoning surveillance society, to the proliferation of weapons of mass disruption (not just “destruction”) and their effects on global, regional, national, and personal security. For a time, this had him sometimes known as the UK's nonresident expert on outer space law.
Mike has been supporting the work of (ISC)2 by writing, editing, and updating books, study guides, and course materials for both their SSCP and CISSP programs. He wrote the SSCP Official Study Guide 2nd Edition in 2019, followed quickly by the SSCP Official Common Book of Knowledge 5th Edition. He was lead author for the 2021 update of (ISC)2's official CISSP and SSCP training materials. Mike has also contributed to several industry roundtables and white papers on digital identity and cyber fraud detection and prevention and has been a panelist and webinar presenter on these and related topics for ACAMS.
Mike earned his BS and MS degrees in computer science, both with minors in electrical engineering, from Illinois Institute of Technology, and his MA in Defence Studies from King's College, London. He is a graduate of the Federal Chief Information Officer program at National Defense University and the Program Manager's Course at Defense Systems Management College.
Mike and his wife Nancy currently call Wexford, Ireland, their home. Living abroad since the end of the last century, they find new perspectives, shared values, and wonderful people wherever they go. As true digital nomads, it's getting time to move again. Where to? They'll find out when they get there.
About the Technical Editor
Graham Thornburrow-Dobson, CISSP, SSCP, is a security consultant and instructor with more than 30 years of experience in IT, with 20 years focused on IT security and related training.
Graham is an authorized (ISC)2 instructor who has delivered security training to a wide range of security professionals globally via both classroom-based and online training.
Graham has also been supporting the efforts of (ISC)2 in the continued development of their CISSP, SSCP, and ISSAP programs as both a writer and a technical editor.
Graham currently resides in Lincolnshire, United Kingdom. Graham would add more, but, hey, security!
Foreword
WELCOME TO THE OFFICIAL (ISC)2 SSCP CBK Reference! By picking up this book, you have demonstrated your commitment to continuing your professional education and have made the decision to take the next step in your career.
An (ISC)2 Systems Security Certified Practitioner (SSCP) credential shows an understanding of and proficiency with the hands-on technical work that is needed in the information security field. The certification is ideal for IT professionals responsible for the hands-on operational security of their organizations' critical assets, including those in positions such as network security engineers, systems administrators and engineers, security analysts, consultants and administrators, database administrators, and network analysts.
It demonstrates that you closely follow best practices, policies, and procedures in accordance with the SSCP Common Body of Knowledge. Whether you are using this guide to supplement your preparation to sit for the exam or you are an existing SSCP member using this as a reference, this book helps to facilitate the practical knowledge you need to assure strong information security for your organization's daily operations.
(ISC)2 promotes the development of information security professionals throughout the world. As an SSCP with all the benefits of (ISC)2 membership, you will become part of a global network of more than 160,000 certified professionals who are working to inspire a safe and secure cyber world. By becoming a member of (ISC)2 you will have also officially committed to ethical conduct that aligns with your position of trust as a cybersecurity professional.
Reflecting the most pertinent issues that security practitioners currently face, along with the best practices for mitigating those issues, The Official (ISC)2 SSCP CBK Reference offers step-by-step guidance through the seven different domains included in the exam, which are:
Access Controls
Security Operations and Administration
Risk Identification, Monitoring and Analysis
Incident Response and Recovery
Cryptography
Networks and Communications Security
Systems and Application Security
Drawing from a comprehensive, up-to-date global body of knowledge, this book prepares you to join thousands of practitioners worldwide who have obtained the SSCP. For those with proven technical skills and practical security knowledge, the SSCP certification is the ideal credential. The SSCP confirms the breadth and depth of practical security knowledge expected of those in hands-on operational IT roles. The certification provides industry-leading confirmation of a practitioner's ability to implement, monitor, and administer information security policies and procedures that ensure data confidentiality, integrity, and availability (CIA).
The goal for SSCP credential holders is to achieve the highest standard for cybersecurity expertise—managing multiplatform IT systems while keeping sensitive data secure. This becomes especially crucial in the era of digital transformation, where cybersecurity permeates virtually every data stream. Organizations that can demonstrate world-class cybersecurity capabilities and trusted transaction methods enable customer loyalty and fuel success.
The opportunity has never been greater for dedicated professionals like yourself to carve out a meaningful career and make a difference in their organizations. The Official (ISC)2 SSCP CBK Reference will be your constant companion in protecting and securing the critical data assets of your organization, and it will serve you for years to come as you progress in your career.
I wish you luck on the exam and success in your next step along your career path.
Best regards,
Clar Rosso, CEO, (ISC)2
Introduction