Prepare for the ISC2 Certified in Cybersecurity exam, as well as a new career in cybersecurity, with this effective study guide. Complete with full color illustrations!
In Certified in Cybersecurity Study Guide, veteran IT and cybersecurity educator Mike Chapple delivers a one-stop resource for anyone planning to pursue the ISC2 Certified in Cybersecurity credential, as well as those getting ready to take on a challenging and rewarding new career in cybersecurity. The author walks you through the info you’ll need to succeed on both the exam and in your first day at a cybersecurity-focused job, using full-color illustrations to highlight and emphasize the concepts discussed inside.
Complete with an online practice test, this book comprehensively covers every competency and domain tested by the new exam, including security principles, business continuity, disaster recovery, incident response, access control concepts, network security, and security operations. You’ll also find:
- Efficient and lean content, ensuring you get up-to-speed as quickly as possible
- Bite-sized chapters that break down essential topics into manageable and accessible lessons
- Complimentary online access to Sybex’ celebrated online learning environment, which comes with practice questions, a complete glossary of common industry terminology, and more
A clear and effective pathway to the Certified in Cybersecurity credential, as well as a fresh career in cybersecurity, the Certified in Cybersecurity Study Guide offers the foundational knowledge, skills, and abilities you need to get started in an exciting and rewarding career.
Table of Contents
Introduction xvii
Part I Domain 1: Security Principles 1
Chapter 1 Confidentiality, Integrity, Availability, and Non-repudiation 3
The CIA Triad 4
Non-repudiation 7
Chapter 2 Authentication and Authorization 11
Access Control Process 11
Password Policies 13
Authentication Factors 16
Chapter 3 Privacy 23
Privacy 23
Privacy Management Framework 25
Chapter 4 Risk Management 35
Risk Types 35
Risk Identification and Assessment 37
Risk Treatment Strategies 39
Risk Profile and Tolerance 40
Chapter 5 Security Controls 45
What Are Security Controls? 45
Categorizing Security Controls 46
Chapter 6 Ethics 51
Corporate Ethics Codes 51
ISC2 Code of Ethics 52
Ethics Complaint Procedure 54
Chapter 7 Security Governance Processes 59
Security Policies and Procedures 59
Laws and Regulations 61
Chapple213832_ftoc.indd 13 22-11-2023 12:53:06
Part II Domain 2: Business Continuity (bc), Disaster Recovery (dr) & Incident Response (ir) Concepts 65
Chapter 8 Business Continuity 67
Business Continuity Planning 67
Business Continuity Controls 69
High Availability and Fault Tolerance 71
Chapter 9 Disaster Recovery 79
Disaster Recovery Planning 79
Backups 81
Disaster Recovery Sites 83
Testing Disaster Recovery Plans 85
Chapter 10 Incident Response 89
Creating an Incident Response Program 89
Building an Incident Response Team 91
Incident Communications Plan 92
Incident Identification and Response 93
Part III Domain 3: Access Controls Concepts 99
Chapter 11 Physical Access Controls 101
Physical Facilities 101
Designing for Security 104
Visitor Management 106
Physical Security Personnel 106
Chapter 12 Logical Access Controls 111
Authorization 111
Account Types 114
Non- repudiation 115
Part IV Domain 4: Network Security 119
Chapter 13 Computer Networking 121
Network Types 121
TCP/IP Networking 122
IP Addressing 124
Network Ports and Applications 128
Securing Wi- Fi Networks 129
Chapter 14 Network Threats and Attacks 137
Malware 137
Eavesdropping Attacks 139
Denial- of- Service Attacks 140
Side- Channel Attacks 142
Chapter 15 Threat Identification and Prevention 145
Antivirus Software 145
Intrusion Detection and Prevention 146
Firewalls 148
Vulnerability Scanning 149
Chapter 16 Network Security Infrastructure 155
Data Center Protection 156
Network Security Zones 158
Switches, WAPs, and Routers 159
Network Segmentation 161
Virtual Private Networks 162
Network Access Control 163
Internet of Things 165
Chapter 17 Cloud Computing 169
Cloud Computing 169
Cloud Deployment Models 171
Cloud Service Categories 172
Security and the Shared Responsibility Model 174
Automation and Orchestration 174
Vendor Relationships 175
Part V Domain 5: Security Operations 179
Chapter 18 Encryption 181
Cryptography 181
Encryption Algorithms 183
Uses of Encryption 186
Hash Functions 187
Chapter 19 Data Handling 193
Data Life Cycle 193
Data Classification 196
Chapter 20 Logging and Monitoring 201
Logging 201
Log Monitoring 202
Chapter 21 Configuration Management 207
Configuration Management 207
Configuration Vulnerabilities 208
Chapter 22 Best Practice Security Policies 213
Acceptable Use Policy 213
Data Handling Policy 214
Password Policy 214
Bring Your Own Device Policy 214
Privacy Policy 214
Change Management Policy 215
Chapter 23 Security Awareness Training 219
Social Engineering 219
Security Education 221
Index 227