CONGRATULATIONS ON CHOOSING TO become a Systems Security Certified Practitioner (SSCP)! In making this choice, you're signing up to join the professionals who strive to keep our information-based modern world safe, secure, and reliable. SSCPs and other information security professionals help businesses and organizations keep private data private and help to ensure that published and public-facing information stays unchanged and unhacked.
Whether you are new to the fields of information security, information assurance, or cybersecurity, or you've been working with these concepts, tools, and ideas for some time now, this book is here to help you grow your knowledge, skills, and abilities as a systems security professional.
Let's see how!
ABOUT THIS BOOK
You're here because you need a ready reference source of ideas, information, knowledge, and experience about information systems security. Users of earlier editions of the CBK describe it as the place to go when you need to look up something about bringing your systems or networks back up and online—when you can't exactly Google it. As a first responder in an information security incident, you may need to rely on what you know and what you've got at hand as you characterize, isolate, and contain an intruder and their malware or other causal agents. This book cannot answer all of the questions you'll have in real time, but it may just remind you of important concepts as well as critical details when you need them. As with any reference work, it can help you think your way through to a solution. By taking key definitions and concepts and operationalizing them, showing how they work in practice, this book can enrich the checklists, troubleshooting guides, and task-focused procedures that you may already be using in your work.
The SSCP Seven Domains
This book directly reflects the SSCP Common Body of Knowledge, which is the comprehensive framework that (ISC)2 has developed to express what security professionals should have working knowledge of. These domains include theoretical knowledge, industry best practices, and applied skills and techniques. Chapter by chapter, this book takes you through these domains, with major headings within each chapter being your key to finding what you need when you need it. Topics that are covered in more than one domain will be found within sections or subsections in each chapter as appropriate.
This Sixth Edition has been updated to reflect (ISC)2's Domain Content Outline, released in November 2021. This outline update changed the relative order of the first two domains, but largely kept the topics within each domain the same. Revisions, clarifications, and additions have been made throughout, while a new Appendix brings topics from across those Domains together to provide you assistance with today's thorniest of information security challenges.
(ISC)2 is committed to helping members learn, grow, and thrive. The Common Body of Knowledge (CBK) is the comprehensive framework that helps it fulfill this commitment. The CBK includes all the relevant subjects a security professional should be familiar with, including skills, techniques, and best practices. (ISC)2 uses the various domains of the CBK to test a certificate candidate's levels of expertise in the most critical aspects of information security. You can see this framework in the SSCP Exam Outline at https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/2021/SSCP-Exam-Outline-English-Nov-2021.ashx?la=en&hash=ABCB9E34548D2E8170ADA04EAAD3003F5577D3F5
Successful candidates are competent in the following seven domains:
Domain 1 Security Operations and Administration Identification of information assets and documentation of policies, standards, procedures, and guidelines that ensure confidentiality, integrity, and availability, such as:1.1 Comply with codes of ethics.1.2 Understand security concepts.1.3 Identify and implement security controls.1.4 Document and maintain functional security controls.1.5 Participate in asset management lifecycle (hardware, software, and data).1.6 Participate in change management lifecycle.1.7 Participate in implementing security awareness and training (e.g., social engineering/phishing).1.8 Collaborate with physical security operations (e.g., data center assessment, badging).
Domain 2 Access Controls Policies, standards, and procedures that define users (human and nonhuman) as entities with identities that are approved to use an organization's systems and information assets, what they can do, which resources and information they can access, and what operations they can perform on a system, such as:2.1 Implement and maintain authentication methods.2.2 Support internetwork trust architectures.2.3 Participate in the identity management lifecycle.2.4 Understand and apply access controls.
Domain 3 Risk Identification, Monitoring, and Analysis Risk identification is the review, analysis, and implementation of processes essential to the identification, measurement, and control of loss associated with unplanned adverse events.Monitoring and analysis are determining system implementation and access in accordance with defined IT criteria. This involves collecting information for identification of, and response to, security breaches or events, such as:3.1 Understand the risk management process.3.2 Understand legal and regulatory concerns (e.g., jurisdiction, limitations, privacy).3.3 Participate in security assessment and vulnerability management activities.3.4 Operate and monitor security platforms (e.g., continuous monitoring).3.5 Analyze monitoring results.
Domain 4 Incident Response and Recovery Prevent. Detect. Respond. Recover. Incident response and recovery focus on the near real-time actions that must take place if the organization is to survive a cyberattack or other information security incident, get back into operation, and continue as a viable entity. In this domain, the SSCP gains an understanding of how to handle incidents using consistent, applied approaches within a framework of business continuity planning (BCP) and disaster recovery planning (DRP). These approaches are utilized to mitigate damages, recover business operations, and avoid critical business interruption:4.1 Support incident lifecycle (e.g., National Institute of Standards and Technology [NIST], International Organization for Standardization [ISO]).4.2 Understand and support forensic investigations.4.3 Understand and support business continuity plan (BCP) and disaster recovery plan (DRP) activities.
Domain 5 Cryptography The protection of information using techniques that ensure its integrity, confidentiality, authenticity, and nonrepudiation, and therecovery of encrypted information in its original form:5.1 Understand reasons and requirements for cryptography.5.2 Apply cryptography concepts.5.3 Understand and implement secure protocols.5.4 Understand and support public key infrastructure (PKI) systems.
Domain 6 Network and Communications Security The network structure, transmission methods and techniques, transport formats, and security measures used to operate both private and public communication networks:6.1 Understand and apply fundamental concepts of networking.6.2 Understand network attacks (e.g., distributed denial of service [DDoS], man-in-the-middle [MITM], Domain Name System [DNS] poisoning) and countermeasures (e.g., content delivery networks [CDN]).6.3 Manage network access controls.6.4 Manage network security.6.5 Operate and configure network-based security devices.6.6 Secure wireless communications.
Domain 7 Systems and Application Security Countermeasures and prevention techniques for dealing with viruses, worms, logic bombs, Trojan horses, and other related forms of intentionally created damaging code:7.1 Identify and analyze malicious code and activity.7.2 Implement and operate endpoint device security.7.3 Administer Mobile Device Management (MDM).7.4 Understand and configure cloud security.7.5 Operate and maintain secure virtual environments.
Appendix: Cross-Domain Challenges In 2020 and 2021, the world was rocked by the Covid-19 pandemic and a significant increase in the complexity, scale, and severity of cybercrime and cyber attacks on businesses, government services, and critical infrastructures. In response, information security professionals around the globe worked tirelessly to address incident response and recovery. They also worked to improve systems hardening and intrusion detection techniques. Many of the persistent (and pernicious) attack strategies exploit aspects of nearly every topic in