{"product_id":"the-official-isc2-sscp-cbk-reference-9781119874867","title":"The Official Isc2 Sscp Cbk Reference","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cb\u003eThe only official body of knowledge for SSCP(ISC)2's popular credential for hands-on security professionalsfully revised and updated 2021 SSCP Exam Outline.\u003c\/b\u003e \u003cp\u003eSystems Security Certified Practitioner (SSCP) is an elite, hands-on cybersecurity certification that validates the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures. SSCP certificationfully compliant with U.S. Department of Defense Directive 8140 and 8570 requirementsis valued throughout the IT security industry. \u003ci\u003eThe Official (ISC)2 SSCP CBK Reference\u003c\/i\u003e is the only official Common Body of Knowledge (CBK) available for SSCP-level practitioners, exclusively from (ISC)2, the global leader in cybersecurity certification and training. \u003c\/p\u003e\u003cp\u003eThis authoritative volume contains essential knowledge practitioners require on a regular basis. Accurate, up-to-date chapters provide in-depth coverage of the seven SSCP domains: Security Operations and Administra\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003c\/p\u003e\u003cp\u003eForeword xxiii\u003c\/p\u003e \u003cp\u003eIntroduction xxv\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1: Security Operations and Administration 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eComply with Codes of Ethics 2\u003c\/p\u003e \u003cp\u003eUnderstand, Adhere to, and Promote Professional Ethics 3\u003c\/p\u003e \u003cp\u003e(ISC)2 Code of Ethics 4\u003c\/p\u003e \u003cp\u003eOrganizational Code of Ethics 5\u003c\/p\u003e \u003cp\u003eUnderstand Security Concepts 6\u003c\/p\u003e \u003cp\u003eConceptual Models for Information Security 7\u003c\/p\u003e \u003cp\u003eConfidentiality 8\u003c\/p\u003e \u003cp\u003eIntegrity 15\u003c\/p\u003e \u003cp\u003eAvailability 17\u003c\/p\u003e \u003cp\u003eAccountability 18\u003c\/p\u003e \u003cp\u003ePrivacy 18\u003c\/p\u003e \u003cp\u003eNonrepudiation 26\u003c\/p\u003e \u003cp\u003eAuthentication 27\u003c\/p\u003e \u003cp\u003eSafety 28\u003c\/p\u003e \u003cp\u003eFundamental Security Control Principles 29\u003c\/p\u003e \u003cp\u003eAccess Control and Need-to-Know 34\u003c\/p\u003e \u003cp\u003eJob Rotation and Privilege Creep 35\u003c\/p\u003e \u003cp\u003eDocument, Implement, and Maintain Functional Security Controls 37\u003c\/p\u003e \u003cp\u003eDeterrent Controls 37\u003c\/p\u003e \u003cp\u003ePreventative Controls 39\u003c\/p\u003e \u003cp\u003eDetective Controls 39\u003c\/p\u003e \u003cp\u003eCorrective Controls 40\u003c\/p\u003e \u003cp\u003eCompensating Controls 41\u003c\/p\u003e \u003cp\u003eThe Lifecycle of a Control 42\u003c\/p\u003e \u003cp\u003eParticipate in Asset Management 43\u003c\/p\u003e \u003cp\u003eAsset Inventory 44\u003c\/p\u003e \u003cp\u003eLifecycle (Hardware, Software, and Data) 47\u003c\/p\u003e \u003cp\u003eHardware Inventory 48\u003c\/p\u003e \u003cp\u003eSoftware Inventory and Licensing 49\u003c\/p\u003e \u003cp\u003eData Storage 50\u003c\/p\u003e \u003cp\u003eImplement Security Controls and Assess Compliance 56\u003c\/p\u003e \u003cp\u003eTechnical Controls 57\u003c\/p\u003e \u003cp\u003ePhysical Controls 58\u003c\/p\u003e \u003cp\u003eAdministrative Controls 61\u003c\/p\u003e \u003cp\u003ePeriodic Audit and Review 64\u003c\/p\u003e \u003cp\u003eParticipate in Change Management 66\u003c\/p\u003e \u003cp\u003eExecute Change Management Process 68\u003c\/p\u003e \u003cp\u003eIdentify Security Impact 70\u003c\/p\u003e \u003cp\u003eTesting\/Implementing Patches, Fixes, and Updates 70\u003c\/p\u003e \u003cp\u003eParticipate in Security Awareness and Training 71\u003c\/p\u003e \u003cp\u003eSecurity Awareness Overview 72\u003c\/p\u003e \u003cp\u003eCompetency as the Criterion 73\u003c\/p\u003e \u003cp\u003eBuild a Security Culture, One Awareness Step at a Time 73\u003c\/p\u003e \u003cp\u003eParticipate in Physical Security Operations 74\u003c\/p\u003e \u003cp\u003ePhysical Access Control 74\u003c\/p\u003e \u003cp\u003eThe Data Center 78\u003c\/p\u003e \u003cp\u003eService Level Agreements 79\u003c\/p\u003e \u003cp\u003eSummary 82\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2: Access Controls 83\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAccess Control Concepts 85\u003c\/p\u003e \u003cp\u003eSubjects and Objects 86\u003c\/p\u003e \u003cp\u003ePrivileges: What Subjects Can Do with Objects 88\u003c\/p\u003e \u003cp\u003eData Classification, Categorization, and Access Control 89\u003c\/p\u003e \u003cp\u003eAccess Control via Formal Security Models 91\u003c\/p\u003e \u003cp\u003eImplement and Maintain Authentication Methods 94\u003c\/p\u003e \u003cp\u003eSingle-Factor\/Multifactor Authentication 95\u003c\/p\u003e \u003cp\u003eAccountability 114\u003c\/p\u003e \u003cp\u003eSingle Sign-On 116\u003c\/p\u003e \u003cp\u003eDevice Authentication 117\u003c\/p\u003e \u003cp\u003eFederated Access 118\u003c\/p\u003e \u003cp\u003eSupport Internetwork Trust Architectures 120\u003c\/p\u003e \u003cp\u003eTrust Relationships (One-Way, Two-Way, Transitive) 121\u003c\/p\u003e \u003cp\u003eExtranet 122\u003c\/p\u003e \u003cp\u003eThird-Party Connections 123\u003c\/p\u003e \u003cp\u003eZero Trust Architectures 124\u003c\/p\u003e \u003cp\u003eParticipate in the Identity Management Lifecycle 125\u003c\/p\u003e \u003cp\u003eAuthorization 126\u003c\/p\u003e \u003cp\u003eProofing 127\u003c\/p\u003e \u003cp\u003eProvisioning\/Deprovisioning 128\u003c\/p\u003e \u003cp\u003eIdentity and Access Maintenance 130\u003c\/p\u003e \u003cp\u003eEntitlement 134\u003c\/p\u003e \u003cp\u003eIdentity and Access Management Systems 137\u003c\/p\u003e \u003cp\u003eImplement Access Controls 140\u003c\/p\u003e \u003cp\u003eMandatory vs. Discretionary Access Control 141\u003c\/p\u003e \u003cp\u003eRole-Based 142\u003c\/p\u003e \u003cp\u003eAttribute-Based 143\u003c\/p\u003e \u003cp\u003eSubject-Based 144\u003c\/p\u003e \u003cp\u003eObject-Based 144\u003c\/p\u003e \u003cp\u003eSummary 145\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3: Risk Identification, Monitoring, And Analysis 147\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDefeating the Kill Chain One Skirmish at a Time 148\u003c\/p\u003e \u003cp\u003eKill Chains: Reviewing the Basics 151\u003c\/p\u003e \u003cp\u003eEvents vs. Incidents 155\u003c\/p\u003e \u003cp\u003eUnderstand the Risk Management Process 156\u003c\/p\u003e \u003cp\u003eRisk Visibility and Reporting 159\u003c\/p\u003e \u003cp\u003eRisk Management Concepts 165\u003c\/p\u003e \u003cp\u003eRisk Management Frameworks 185\u003c\/p\u003e \u003cp\u003eRisk Treatment 195\u003c\/p\u003e \u003cp\u003ePerform Security Assessment Activities 203\u003c\/p\u003e \u003cp\u003eSecurity Assessment Workflow Management 204\u003c\/p\u003e \u003cp\u003eParticipate in Security Testing 206\u003c\/p\u003e \u003cp\u003eInterpretation and Reporting of Scanning and Testing Results 215\u003c\/p\u003e \u003cp\u003eRemediation Validation 216\u003c\/p\u003e \u003cp\u003eAudit Finding Remediation 217\u003c\/p\u003e \u003cp\u003eManage the Architectures: Asset Management and Configuration Control 218\u003c\/p\u003e \u003cp\u003eOperate and Maintain Monitoring Systems 220\u003c\/p\u003e \u003cp\u003eEvents of Interest 222\u003c\/p\u003e \u003cp\u003eLogging 229\u003c\/p\u003e \u003cp\u003eSource Systems 230\u003c\/p\u003e \u003cp\u003eLegal and Regulatory Concerns 236\u003c\/p\u003e \u003cp\u003eAnalyze Monitoring Results 238\u003c\/p\u003e \u003cp\u003eSecurity Baselines and Anomalies 240\u003c\/p\u003e \u003cp\u003eVisualizations, Metrics, and Trends 243\u003c\/p\u003e \u003cp\u003eEvent Data Analysis 244\u003c\/p\u003e \u003cp\u003eDocument and Communicate Findings 245\u003c\/p\u003e \u003cp\u003eSummary 246\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4: Incident Response and Recovery 247\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSupport the Incident Lifecycle 249\u003c\/p\u003e \u003cp\u003eThink like a Responder 253\u003c\/p\u003e \u003cp\u003ePhysical, Logical, and Administrative Surfaces 254\u003c\/p\u003e \u003cp\u003eIncident Response: Measures of Merit 254\u003c\/p\u003e \u003cp\u003eThe Lifecycle of a Security Incident 255\u003c\/p\u003e \u003cp\u003ePreparation 257\u003c\/p\u003e \u003cp\u003eDetection, Analysis, and Escalation 264\u003c\/p\u003e \u003cp\u003eContainment 275\u003c\/p\u003e \u003cp\u003eEradication 277\u003c\/p\u003e \u003cp\u003eRecovery 279\u003c\/p\u003e \u003cp\u003eLessons Learned; Implementation of New Countermeasures 283\u003c\/p\u003e \u003cp\u003eThird-Party Considerations 284\u003c\/p\u003e \u003cp\u003eUnderstand and Support Forensic Investigations 287\u003c\/p\u003e \u003cp\u003eLegal and Ethical Principles 289\u003c\/p\u003e \u003cp\u003eLogistics Support to Investigations 291\u003c\/p\u003e \u003cp\u003eEvidence Handling 292\u003c\/p\u003e \u003cp\u003eEvidence Collection 297\u003c\/p\u003e \u003cp\u003eUnderstand and Support Business Continuity Plan and Disaster Recovery Plan Activities 306\u003c\/p\u003e \u003cp\u003eEmergency Response Plans and Procedures 307\u003c\/p\u003e \u003cp\u003eInterim or Alternate Processing Strategies 310\u003c\/p\u003e \u003cp\u003eRestoration Planning 313\u003c\/p\u003e \u003cp\u003eBackup and Redundancy Implementation 315\u003c\/p\u003e \u003cp\u003eData Recovery and Restoration 319\u003c\/p\u003e \u003cp\u003eTraining and Awareness 321\u003c\/p\u003e \u003cp\u003eTesting and Drills 322\u003c\/p\u003e \u003cp\u003eCIANA+PS at Layer 8 and Above 328\u003c\/p\u003e \u003cp\u003eIt \u003ci\u003eI\u003cb\u003es \u003c\/b\u003e\u003c\/i\u003ea Dangerous World Out There 329\u003c\/p\u003e \u003cp\u003ePeople Power and Business Continuity 333\u003c\/p\u003e \u003cp\u003eSummary 333\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5: Cryptography 335\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstand Fundamental Concepts of Cryptography 336\u003c\/p\u003e \u003cp\u003eBuilding Blocks of Digital Cryptographic Systems 339\u003c\/p\u003e \u003cp\u003eHashing 347\u003c\/p\u003e \u003cp\u003eSalting 351\u003c\/p\u003e \u003cp\u003eSymmetric Block and Stream Ciphers 353\u003c\/p\u003e \u003cp\u003eStream Ciphers 365\u003c\/p\u003e \u003cp\u003eEu Ecrypt 371\u003c\/p\u003e \u003cp\u003eAsymmetric Encryption 371\u003c\/p\u003e \u003cp\u003eElliptical Curve Cryptography 380\u003c\/p\u003e \u003cp\u003eNonrepudiation 383\u003c\/p\u003e \u003cp\u003eDigital Certificates 388\u003c\/p\u003e \u003cp\u003eEncryption Algorithms 392\u003c\/p\u003e \u003cp\u003eKey Strength 393\u003c\/p\u003e \u003cp\u003eCryptographic Attacks, Cryptanalysis, and Countermeasures 395\u003c\/p\u003e \u003cp\u003eCryptologic Hygiene as Countermeasures 396\u003c\/p\u003e \u003cp\u003eCommon Attack Patterns and Methods 401\u003c\/p\u003e \u003cp\u003eSecure Cryptoprocessors, Hardware Security Modules, and Trusted Platform Modules 409\u003c\/p\u003e \u003cp\u003eUnderstand the Reasons and Requirements for Cryptography 414\u003c\/p\u003e \u003cp\u003eConfidentiality 414\u003c\/p\u003e \u003cp\u003eIntegrity and Authenticity 415\u003c\/p\u003e \u003cp\u003eData Sensitivity 417\u003c\/p\u003e \u003cp\u003eAvailability 418\u003c\/p\u003e \u003cp\u003eNonrepudiation 418\u003c\/p\u003e \u003cp\u003eAuthentication 420\u003c\/p\u003e \u003cp\u003ePrivacy 421\u003c\/p\u003e \u003cp\u003eSafety 422\u003c\/p\u003e \u003cp\u003eRegulatory and Compliance 423\u003c\/p\u003e \u003cp\u003eTransparency and Auditability 423\u003c\/p\u003e \u003cp\u003eCompetitive Edge 424\u003c\/p\u003e \u003cp\u003eUnderstand and Support Secure Protocols 424\u003c\/p\u003e \u003cp\u003eServices and Protocols 425\u003c\/p\u003e \u003cp\u003eCommon Use Cases 437\u003c\/p\u003e \u003cp\u003eDeploying Cryptography: Some Challenging Scenarios 442\u003c\/p\u003e \u003cp\u003eLimitations and Vulnerabilities 444\u003c\/p\u003e \u003cp\u003eUnderstand Public Key Infrastructure Systems 446\u003c\/p\u003e \u003cp\u003eFundamental Key Management Concepts 447\u003c\/p\u003e \u003cp\u003eHierarchies of Trust 459\u003c\/p\u003e \u003cp\u003eWeb of Trust 462\u003c\/p\u003e \u003cp\u003eSummary 464\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6: Network and Communications Security 467\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstand and Apply Fundamental Concepts of Networking 468\u003c\/p\u003e \u003cp\u003eComplementary, Not Competing, Frameworks 470\u003c\/p\u003e \u003cp\u003eOSI and TCP\/IP Models 471\u003c\/p\u003e \u003cp\u003eOSI Reference Model 486\u003c\/p\u003e \u003cp\u003eTCP\/IP Reference Model 501\u003c\/p\u003e \u003cp\u003eConverged Protocols 508\u003c\/p\u003e \u003cp\u003eSoftware-Defined Networks 509\u003c\/p\u003e \u003cp\u003eIPv4 Addresses, DHCP, and Subnets 510\u003c\/p\u003e \u003cp\u003eIPv4 Address Classes 510\u003c\/p\u003e \u003cp\u003eSubnetting in IPv4 512\u003c\/p\u003e \u003cp\u003eRunning Out of Addresses? 513\u003c\/p\u003e \u003cp\u003eIPv4 vs. IPv6: Key Differences and Options 514\u003c\/p\u003e \u003cp\u003eNetwork Topographies 516\u003c\/p\u003e \u003cp\u003eNetwork Relationships 521\u003c\/p\u003e \u003cp\u003eTransmission Media Types 525\u003c\/p\u003e \u003cp\u003eCommonly Used Ports and Protocols 530\u003c\/p\u003e \u003cp\u003eUnderstand Network Attacks and Countermeasures 536\u003c\/p\u003e \u003cp\u003eCIANA+PS Layer by Layer 538\u003c\/p\u003e \u003cp\u003eCommon Network Attack Types 553\u003c\/p\u003e \u003cp\u003eSCADA, IoT, and the Implications of Multilayer Protocols 562\u003c\/p\u003e \u003cp\u003eManage Network Access Controls 565\u003c\/p\u003e \u003cp\u003eNetwork Access Control and Monitoring 568\u003c\/p\u003e \u003cp\u003eNetwork Access Control Standards and Protocols 573\u003c\/p\u003e \u003cp\u003eRemote Access Operation and Configuration 575\u003c\/p\u003e \u003cp\u003eManage Network Security 583\u003c\/p\u003e \u003cp\u003eLogical and Physical Placement of Network Devices 586\u003c\/p\u003e \u003cp\u003eSegmentation 587\u003c\/p\u003e \u003cp\u003eSecure Device Management 591\u003c\/p\u003e \u003cp\u003eOperate and Configure Network-Based Security Devices 593\u003c\/p\u003e \u003cp\u003eNetwork Address Translation 594\u003c\/p\u003e \u003cp\u003eAdditional Security Device Considerations 596\u003c\/p\u003e \u003cp\u003eFirewalls and Proxies 598\u003c\/p\u003e \u003cp\u003eNetwork Intrusion Detection\/Prevention Systems 605\u003c\/p\u003e \u003cp\u003eSecurity Information and Event Management Systems 607\u003c\/p\u003e \u003cp\u003eRouters and Switches 609\u003c\/p\u003e \u003cp\u003eNetwork Security from Other Hardware Devices 610\u003c\/p\u003e \u003cp\u003eTraffic-Shaping Devices 613\u003c\/p\u003e \u003cp\u003eOperate and Configure Wireless Technologies 615\u003c\/p\u003e \u003cp\u003eWireless: Common Characteristics 616\u003c\/p\u003e \u003cp\u003eWi-Fi 624\u003c\/p\u003e \u003cp\u003eBluetooth 637\u003c\/p\u003e \u003cp\u003eNear-Field Communications 638\u003c\/p\u003e \u003cp\u003eCellular\/Mobile Phone Networks 639\u003c\/p\u003e \u003cp\u003eAd Hoc Wireless Networks 640\u003c\/p\u003e \u003cp\u003eTransmission Security 642\u003c\/p\u003e \u003cp\u003eWireless Security Devices 645\u003c\/p\u003e \u003cp\u003eSummary 646\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7: Systems and Application Security 649\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSystems and Software Insecurity 650\u003c\/p\u003e \u003cp\u003eSoftware Vulnerabilities Across the Lifecycle 654\u003c\/p\u003e \u003cp\u003eRisks of Poorly Merged Systems 663\u003c\/p\u003e \u003cp\u003eHard to Design It Right, Easy to Fix It? 664\u003c\/p\u003e \u003cp\u003eHardware and Software Supply Chain Security 667\u003c\/p\u003e \u003cp\u003ePositive and Negative Models for Software Security 668\u003c\/p\u003e \u003cp\u003eIs Blocked Listing Dead? Or Dying? 669\u003c\/p\u003e \u003cp\u003eInformation Security = Information Quality + Information Integrity 670\u003c\/p\u003e \u003cp\u003eData Modeling 671\u003c\/p\u003e \u003cp\u003ePreserving Data Across the Lifecycle 674\u003c\/p\u003e \u003cp\u003eIdentify and Analyze Malicious Code and Activity 678\u003c\/p\u003e \u003cp\u003eMalware 679\u003c\/p\u003e \u003cp\u003eMalicious Code Countermeasures 682\u003c\/p\u003e \u003cp\u003eMalicious Activity 684\u003c\/p\u003e \u003cp\u003eMalicious Activity Countermeasures 688\u003c\/p\u003e \u003cp\u003eImplement and Operate Endpoint Device Security 689\u003c\/p\u003e \u003cp\u003eHIDS 691\u003c\/p\u003e \u003cp\u003eHost-Based Firewalls 692\u003c\/p\u003e \u003cp\u003eAllowed Lists: Positive Control for App Execution 693\u003c\/p\u003e \u003cp\u003eEndpoint Encryption 694\u003c\/p\u003e \u003cp\u003eTrusted Platform Module 695\u003c\/p\u003e \u003cp\u003eMobile Device Management 696\u003c\/p\u003e \u003cp\u003eSecure Browsing 697\u003c\/p\u003e \u003cp\u003eIoT Endpoint Security 700\u003c\/p\u003e \u003cp\u003eEndpoint Security: EDR, MDR, XDR, UEM, and Others 701\u003c\/p\u003e \u003cp\u003eOperate and Configure Cloud Security 701\u003c\/p\u003e \u003cp\u003eDeployment Models 702\u003c\/p\u003e \u003cp\u003eService Models 703\u003c\/p\u003e \u003cp\u003eVirtualization 706\u003c\/p\u003e \u003cp\u003eLegal and Regulatory Concerns 709\u003c\/p\u003e \u003cp\u003eData Storage and Transmission 716\u003c\/p\u003e \u003cp\u003eThird-Party\/Outsourcing Requirements 716\u003c\/p\u003e \u003cp\u003eLifecycles in the Cloud 717\u003c\/p\u003e \u003cp\u003eShared Responsibility Model 718\u003c\/p\u003e \u003cp\u003eLayered Redundancy as a Survival Strategy 719\u003c\/p\u003e \u003cp\u003eOperate and Secure Virtual Environments 720\u003c\/p\u003e \u003cp\u003eSoftware-Defined Networking 723\u003c\/p\u003e \u003cp\u003eHypervisor 725\u003c\/p\u003e \u003cp\u003eVirtual Appliances 726\u003c\/p\u003e \u003cp\u003eContinuity and Resilience 727\u003c\/p\u003e \u003cp\u003eAttacks and Countermeasures 727\u003c\/p\u003e \u003cp\u003eShared Storage 729\u003c\/p\u003e \u003cp\u003eSummary 730\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix: Cross-Domain Challenges 731\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eParadigm Shifts in Information Security? 732\u003c\/p\u003e \u003cp\u003ePivot 1: Turn the Attackers’ Playbooks Against Them 734\u003c\/p\u003e \u003cp\u003eATT\u0026amp;CK: Pivoting Threat Intelligence 734\u003c\/p\u003e \u003cp\u003eAnalysis: Real-Time and Retrospective 735\u003c\/p\u003e \u003cp\u003eThe SOC as a Fusion Center 737\u003c\/p\u003e \u003cp\u003eAll-Source, Proactive Intelligence: Part of the Fusion Center 738\u003c\/p\u003e \u003cp\u003ePivot 2: Cybersecurity Hygiene: Think Small, Act Small 739\u003c\/p\u003e \u003cp\u003eCIS IG 1 for the SMB and SME 740\u003c\/p\u003e \u003cp\u003eHardening Individual Cybersecurity 740\u003c\/p\u003e \u003cp\u003eAssume the Breach 742\u003c\/p\u003e \u003cp\u003ePivot 3: Flip the “Data-Driven Value Function” 743\u003c\/p\u003e \u003cp\u003eData-Centric Defense and Resiliency 744\u003c\/p\u003e \u003cp\u003eRansomware as a Service 745\u003c\/p\u003e \u003cp\u003eSupply Chains, Security, and the SSCP 746\u003c\/p\u003e \u003cp\u003eICS, IoT, and SCADA: More Than SUNBURST 747\u003c\/p\u003e \u003cp\u003eExtending Physical Security: More Than Just Badges and Locks 749\u003c\/p\u003e \u003cp\u003eThe IoRT: Robots Learning via the Net 750\u003c\/p\u003e \u003cp\u003ePivot 4: Operationalize Security Across the Immediate and Longer Term 751\u003c\/p\u003e \u003cp\u003eContinuous Assessment and Continuous Compliance 752\u003c\/p\u003e \u003cp\u003eSDNs and SDS 753\u003c\/p\u003e \u003cp\u003eSOAR: Strategies for Focused Security Effort 755\u003c\/p\u003e \u003cp\u003eA “DevSecOps” Culture: SOAR for Software Development 756\u003c\/p\u003e \u003cp\u003ePivot 5: Zero-Trust Architectures and Operations 757\u003c\/p\u003e \u003cp\u003eFIDO and Passwordless Authentication 760\u003c\/p\u003e \u003cp\u003eThreat Hunting, Indicators, and Signature Dependence 761\u003c\/p\u003e \u003cp\u003eOther Dangers on the Web and Net 763\u003c\/p\u003e \u003cp\u003eSurface, Deep, and Dark Webs 763\u003c\/p\u003e \u003cp\u003eDeep and Dark: Risks and Countermeasures 764\u003c\/p\u003e \u003cp\u003eDNS and Namespace Exploit Risks 765\u003c\/p\u003e \u003cp\u003eCloud Security: Edgier and Foggier 766\u003c\/p\u003e \u003cp\u003eCuriosity as Countermeasure 766\u003c\/p\u003e \u003cp\u003eIndex 769\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":49407179981143,"sku":"9781119874867","price":48.75,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781119874867.jpg?v=1730498454","url":"https:\/\/bookcurl.com\/products\/the-official-isc2-sscp-cbk-reference-9781119874867","provider":"Book Curl","version":"1.0","type":"link"}