The Official (ISC)2 SSCP CBK Reference. Mike Wills

Чтение книги онлайн.

Читать онлайн книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills страница 17

The Official (ISC)2 SSCP CBK Reference - Mike Wills

Скачать книгу

is a globally recognized professional who demonstrates expertise and implements the highest standards in cloud security.

       Certified Authorization Professional (CAP): The CAP is a leader in information security and aligns information systems with the risk management framework (RMF). The CAP certification covers the RMF at an extensive level, and it's the only certification under the DoD 8570/DoD 8140 Approved Baseline Certifications that aligns to each of the RMF steps.

       Certified Secure Software Lifecycle Professional (CSSLP): The CSSLP is an internationally recognized professional with the ability to incorporate security practices—authentication, authorization, and auditing—into each phase of the software development lifecycle (SDLC).

       HealthCare Information Security and Privacy Practitioner (HCISPP): The HCISSP is a skilled practitioner who combines information security with healthcare security and privacy best practices and techniques.

      Each of these certifications has its own requirements for documented full-time experience in its requisite topic areas.

      Newcomers to information security who have not yet had supervised work experience in the topic areas can take and pass the SSCP exam and then become recognized as Associates of (ISC)2. Associates then have two years to attain the required experience to become full members of (ISC)2.

      Maintaining the SSCP Certification

      SSCP credentials are maintained in good standing by participating in various activities and gaining continuing professional education credits (CPEs). CPEs are obtained through numerous methods such as reading books, attending seminars, writing papers or articles, teaching classes, attending security conventions, and participating in many other qualifying activities. Visit the (ISC)2 website for additional information concerning the definition of CPEs.

      Join a Local Chapter

      As an SSCP, you've become one of more than 160,000 members worldwide. They, like you, are there to share in the knowledge, experience, and opportunity to help accomplish the goals and objectives of being an information security professional. Nearly 12,500 of your fellow members participate in local area chapters, and (ISC)2 has over 140 local chapters around the world. You can find one in your area by visiting www.isc2.org/Chapters.

      Chapter membership earns you CPE credits and can make you eligible for special discounts on (ISC)2 products and programs.

      This book is for you. This is your journey map, your road atlas, and your handbook. Make it work for you.

      Choose your own course through it, based on what you need on the job today and every day.

      Go for it.

      If you believe you've found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

      In order to submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission”.

      1 1 I had the privilege of developing and teaching some of these evolving concepts at the U.S. National Defense University's School of Information Warfare and Strategy, 1998-2000. At the School, we made extensive use of the “Strategic Information Warfare” series of publications by Roger C. Molander and others at the RAND Corporation, which were exploring this backward chain from desired strategic effect to the “kill effect” required of attacks on information and information systems.

      2 2 Ponemon Institute LLC, for IBM Security. “2021 Cost of a Data Breach Study: Global Overview.” Other sources, particularly business news media in India and Asia, have claimed as high as 220 days for this average, but there is little hard data to support this larger claim. Either way, this is seriously bad news.

      THIS IS WHERE THE planning hits reality; it's in the day to day of information security operations that you see every decision made during the threat assessments and the risk mitigation plans being live-fire tested by your co-workers, customers, legitimate visitors, and threat actors alike. Whether you're an on-shift watch-stander in a security operations center (SOC) or network operations center (NOC) or you work a pattern of normal business hours and days, you'll be exposed to the details of information security in action.

      There is a common thread running through all aspects of this topic: supporting business functions by incorporating security policy and practices with normal daily activities. This involves maintaining an accurate and detailed asset inventory, tracking the security posture and readiness of information technology (IT) assets through the use of configuration/change management, and ensuring personnel are trained and given adequate support for their own safety and security.

      This chapter will address all these aspects of security operations. The practitioner is advised, however, to not see this as a thorough treatment of all these concepts, each of which could be (and has been) the subject of an entire book (or books) by themselves; for each topic that is unfamiliar, you should look at the following content as an introduction only and pursue a more detailed review of related subject matter.

      NOTE The countries and regions that an organization operates in may have varying, distinct, and at times conflicting legal systems. Beyond considerations of written laws and regulations, the active functioning of court systems and regulatory bodies often has intricate, myriad applications in the real world that extend far beyond how things are codified in written laws. These factors become even more varied and complex when an organization

Скачать книгу