The Official (ISC)2 SSCP CBK Reference. Mike Wills

Чтение книги онлайн.

Читать онлайн книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills страница 15

The Official (ISC)2 SSCP CBK Reference - Mike Wills

Скачать книгу

reasons and requirements for cryptography.5.2 Apply cryptography concepts.5.3 Understand and implement secure protocols.5.4 Understand and support public key infrastructure (PKI) systems.

       Domain 6 Network and Communications Security The network structure, transmission methods and techniques, transport formats, and security measures used to operate both private and public communication networks:6.1 Understand and apply fundamental concepts of networking.6.2 Understand network attacks (e.g., distributed denial of service [DDoS], man-in-the-middle [MITM], Domain Name System [DNS] poisoning) and countermeasures (e.g., content delivery networks [CDN]).6.3 Manage network access controls.6.4 Manage network security.6.5 Operate and configure network-based security devices.6.6 Secure wireless communications.

       Domain 7 Systems and Application Security Countermeasures and prevention techniques for dealing with viruses, worms, logic bombs, Trojan horses, and other related forms of intentionally created damaging code:7.1 Identify and analyze malicious code and activity.7.2 Implement and operate endpoint device security.7.3 Administer Mobile Device Management (MDM).7.4 Understand and configure cloud security.7.5 Operate and maintain secure virtual environments.

       Appendix: Cross-Domain Challenges In 2020 and 2021, the world was rocked by the Covid-19 pandemic and a significant increase in the complexity, scale, and severity of cybercrime and cyber attacks on businesses, government services, and critical infrastructures. In response, information security professionals around the globe worked tirelessly to address incident response and recovery. They also worked to improve systems hardening and intrusion detection techniques. Many of the persistent (and pernicious) attack strategies exploit aspects of nearly every topic in every SSCP Domain. Here in the CBK, the appendix offers five sets of strategies that can help security professionals shift the offense-versus-defense struggle more into the defense's favor. These five shifts or pivots are:Turn the attackers' playbooks against them.Cybersecurity hygiene: think small, act small.Flip the “data-driven value function.”Operationalizing security across the immediate and longer term.Zero-trust architectures and operations.

      The appendix also helps put the challenges of maintaining information security at the interface between an organization's IT systems and its operational technology (OT) ones. Since 2019, cyber attacks on process controls, autonomous devices, smart buildings elements, and Internet of Things (IoT) systems have disrupted many organizations. The pressure is on for SSCPs and other information security professionals to better understand the security and safety issues related to how their organization's data actually makes physical actions take place; the appendix provides you some places to start.

      Using This Book to Defeat the Cybersecurity Kill Chain

      Your employers or clients have entrusted the safety and security of their information systems to you, as one of their on-site information security professionals. Those systems are under constant attack—not just the threat of attack. Each day, the odds are great that somebody is knocking at your electronic front doors, trying the e-window latches on your organization's web pages, and learning about your information systems and how you use them. That's reconnaissance in action, the first step in the cybersecurity kill chain.

Schematic illustration of MITRE's ATT&CK cybersecurity kill chain model © 2018 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

       FIGURE I.1 MITRE's ATT&CK cybersecurity kill chain model

      © 2018 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

      MITRE, Lockheed Martin, and others may give slightly different names to the different phases of their kill chain models. For example, MITRE's combines exploitation with installation, while emphasizing the persistent presence of the adversary inside your systems as they maintain their capabilities to quietly wreak havoc and achieve their objectives. The names of the phases aren't important; their underlying flow of ideas is what matters. To date, there does not seem to be any evidence that any given attacker has used exactly one planning model or another. There is abundant evidence, however, that defenders who do not understand these models pay for their ignorance—or, more precisely, their employers and clients do.

      Combining these two models gives us eight phases of the life of an APT's kill chain and suggests which domains of knowledge (and therefore which chapters) may be your first ports of call as you plan to detect, prevent, degrade, or defeat the individual tasks that might make up each step in such a kill chain's operation. These are shown in Table I.1.

       TABLE I.1 Kill Chain Phases Mapped to Chapters

KILL CHAIN PHASE ATTACK OPERATIONS DEFENSIVE OPTIONS
Reconnaissance All-source intelligence gathering to inform the attack: OSINT, scanning, early intrusion, social engineering All chapters: enhance overall risk/security posture, awareness, vigilance
Weaponization Select and prepare access techniques and pathways Chapters 2, 7
Delivery Email, USBs, URLs, access control gaps, etc. Chapters 1, 2, 5, 6, 7

Скачать книгу