You might be wondering why all chapters seem to apply to the Reconnaissance phase. The key to this is to recognize that the attacker will seek to find all possible sources of information about your organization, its business associates and relationships, its communications patterns, and its IT systems. APTs seek understanding of their targets' business and social networks, the “watering holes” where their people gather to collaborate with others in their trade or market. They'll try to suck up every unencrypted, unprotected, unsecured bit of anything that might be of use to them, as they determine your value to them as a set of exploitable opportunities. As the defender, this is your first clear opportunity to practice what insurance companies call “all-risks coverage” by exerting all possible efforts to identify, prioritize, and control all hazards that your systems and your organization might be exposed to.
The attack execution phase, by contrast, must rely heavily on your organization's ability to detect and respond in real time, or as close to real time as you can manage. Industry-wide, we're not doing too well on this front. It takes businesses and organizations an average of 190 days to detect an intrusion into their IT systems, according to research for IBM Security done by the Ponemon Institute in 2021.2 On average, worldwide, any given business may suffer as much as $3.86 million USD in losses due to a data breach attack. A ransom attack, however, can demand $50 million USD or more in payouts. Those firms that have chosen not to pay off their attackers have reportedly suffered even greater losses. The same research conducted by Ponemon, by the way, demonstrates that having an effective security incident response plan in place, with first responders properly trained and equipped, can save at least $340,000 per incident.
As an SSCP, you've got your work cut out for you. Let this book be one of the many sources of knowledge, experience, and information you can count on, before, during, and after intruders start to target your organization's information, its systems, and its very existence.
WHERE DO YOU GO FROM HERE?
The world of information systems security is constantly changing. You need to continually grow your skills and keep up with the latest changes in the ways that businesses and organizations use the Internet and information technologies, as well as how the threat actors continually evolve to find new and different ways to exploit our systems against us. As a digital citizen of the 21st century, staying current—staying on the cutting edge of change, if not sometimes on the bleeding edge of it—is part of how you meet your due care and due diligence responsibilities to your clients, to your employers, and to the larger society around you. As a recognized member of that profession, the world expects you to stay sharp, stay focused, and stay informed.
That journey begins with this book, which provides you with a tangible foundation for your learning, exploration, and discovery. As a resource, this book provides the following strengths:
It provides context. The domain-based structure maps concepts, ideas, problems, and solutions into a comfortable, straightforward framework that should make it easier to find what you need when you need it and find it positioned in a proper context. This book grounds you in the fundamental concepts, principles, design standards, and practices that are an invaluable resource.
It extends your memory, as all reference works can do, as it shows you best practices in action, focused on the essentials and, again, in context.
It provides clarity that can help you quickly orient to an issue or situation, while establishing links in your mind's eye to other related or important information.
The SSCP CBK and Your Professional Growth Path
As an international, nonprofit membership association with more than 160,000 members, (ISC)2 has worked since its inception in 1989 to serve the needs for standardization and certification in the cybersecurity workplaces around the world. Since then, (ISC)2's founders and members have been shaping the information security profession and have developed the following information security certifications:
Certified Information Systems Security Professional (CISSP): The CISSP is an experienced professional who holds the most globally recognized standard of achievement in the industry and is the first information security credential to meet the strict conditions of ISO/IEC Standard 17024. The CISSP certification has three concentrations:Certified Information Systems Security Professional: Information Systems Security Architecture Professional (CISSP: ISSAP): The CISSP-ISSAP is a chief security architect, analyst, or other professional who designs, builds, and oversees the implementation of network and computer security for an organization. The CISSP-ISSAP may work as an independent consultant or other professional who provides operational guidance and direction to support business strategies.Certified Information Systems Security Professional: Information Systems Security Engineering Professional (CISSP-ISSEP): The CISSP-ISSEP can effectively incorporate security into all facets of business operations.Certified Information Systems Security Professional: Information Systems Security Management Professional (CISSP-ISSMP): The CISSP-ISSMP is a cybersecurity manager who demonstrates deep management and leadership skills and excels at establishing, presenting, and governing information security programs.
Systems Security Certified Practitioner (SSCP): The SSCP is a high-value practitioner who demonstrates technical skills in implementing, monitoring, and administering IT infrastructure using information security policies and procedures. The SSCP's commitment to continuous learning and practice ensures consistent information assurance.
Certified Cloud Security Professional (CCSP): The CCSP is a globally recognized professional who demonstrates expertise and implements the highest standards in cloud security.
Certified Authorization Professional (CAP): The CAP is a leader in information security and aligns information systems with the risk management framework (RMF). The CAP certification covers the RMF at an extensive level, and it's the only certification under the DoD 8570/DoD 8140 Approved Baseline Certifications that aligns to each of the RMF steps.
Certified Secure Software Lifecycle Professional (CSSLP): The CSSLP is an internationally recognized professional with the ability to incorporate security practices—authentication, authorization, and auditing—into each phase of the software development lifecycle (SDLC).
HealthCare Information Security and Privacy Practitioner (HCISPP): The HCISSP is a skilled practitioner who combines information security with healthcare security and privacy best practices and techniques.
Each of these certifications has its own requirements for documented full-time experience in its requisite topic areas.
Newcomers to information security who have not yet had supervised work experience in the topic areas can take and pass the SSCP exam and then become recognized as Associates of (ISC)2. Associates then have two years to attain the required experience to become full members of (ISC)2.
Maintaining the SSCP Certification
SSCP credentials are maintained in good standing by participating in various activities and gaining continuing professional education credits (CPEs). CPEs are obtained through numerous methods such as reading books, attending seminars, writing papers or articles, teaching classes, attending security conventions, and participating in many other qualifying activities. Visit the (ISC)2 website for additional information concerning the definition of CPEs.
Join a Local Chapter
As an SSCP, you've become one of more than 160,000 members worldwide. They, like you, are there to share in the knowledge, experience, and opportunity to help