+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

CC Certified in Cybersecurity Study Guide. Edition No. 1. Sybex Study Guide

  • Book

  • 256 Pages
  • January 2024
  • John Wiley and Sons Ltd
  • ID: 5863991

Prepare for the ISC2 Certified in Cybersecurity exam, as well as a new career in cybersecurity, with this effective study guide. Complete with full color illustrations!

In Certified in Cybersecurity Study Guide, veteran IT and cybersecurity educator Mike Chapple delivers a one-stop resource for anyone planning to pursue the ISC2 Certified in Cybersecurity credential, as well as those getting ready to take on a challenging and rewarding new career in cybersecurity. The author walks you through the info you’ll need to succeed on both the exam and in your first day at a cybersecurity-focused job, using full-color illustrations to highlight and emphasize the concepts discussed inside.

Complete with an online practice test, this book comprehensively covers every competency and domain tested by the new exam, including security principles, business continuity, disaster recovery, incident response, access control concepts, network security, and security operations. You’ll also find:

  • Efficient and lean content, ensuring you get up-to-speed as quickly as possible
  • Bite-sized chapters that break down essential topics into manageable and accessible lessons
  • Complimentary online access to Sybex’ celebrated online learning environment, which comes with practice questions, a complete glossary of common industry terminology, and more

A clear and effective pathway to the Certified in Cybersecurity credential, as well as a fresh career in cybersecurity, the Certified in Cybersecurity Study Guide offers the foundational knowledge, skills, and abilities you need to get started in an exciting and rewarding career.

Table of Contents

Introduction xvii

Part I Domain 1: Security Principles 1

Chapter 1 Confidentiality, Integrity, Availability, and Non-repudiation 3

The CIA Triad 4

Non-repudiation 7

Chapter 2 Authentication and Authorization 11

Access Control Process 11

Password Policies 13

Authentication Factors 16

Chapter 3 Privacy 23

Privacy 23

Privacy Management Framework 25

Chapter 4 Risk Management 35

Risk Types 35

Risk Identification and Assessment 37

Risk Treatment Strategies 39

Risk Profile and Tolerance 40

Chapter 5 Security Controls 45

What Are Security Controls? 45

Categorizing Security Controls 46

Chapter 6 Ethics 51

Corporate Ethics Codes 51

ISC2 Code of Ethics 52

Ethics Complaint Procedure 54

Chapter 7 Security Governance Processes 59

Security Policies and Procedures 59

Laws and Regulations 61

Chapple213832_ftoc.indd 13 22-11-2023 12:53:06

Part II Domain 2: Business Continuity (bc), Disaster Recovery (dr) & Incident Response (ir) Concepts 65

Chapter 8 Business Continuity 67

Business Continuity Planning 67

Business Continuity Controls 69

High Availability and Fault Tolerance 71

Chapter 9 Disaster Recovery 79

Disaster Recovery Planning 79

Backups 81

Disaster Recovery Sites 83

Testing Disaster Recovery Plans 85

Chapter 10 Incident Response 89

Creating an Incident Response Program 89

Building an Incident Response Team 91

Incident Communications Plan 92

Incident Identification and Response 93

Part III Domain 3: Access Controls Concepts 99

Chapter 11 Physical Access Controls 101

Physical Facilities 101

Designing for Security 104

Visitor Management 106

Physical Security Personnel 106

Chapter 12 Logical Access Controls 111

Authorization 111

Account Types 114

Non- repudiation 115

Part IV Domain 4: Network Security 119

Chapter 13 Computer Networking 121

Network Types 121

TCP/IP Networking 122

IP Addressing 124

Network Ports and Applications 128

Securing Wi- Fi Networks 129

Chapter 14 Network Threats and Attacks 137

Malware 137

Eavesdropping Attacks 139

Denial- of- Service Attacks 140

Side- Channel Attacks 142

Chapter 15 Threat Identification and Prevention 145

Antivirus Software 145

Intrusion Detection and Prevention 146

Firewalls 148

Vulnerability Scanning 149

Chapter 16 Network Security Infrastructure 155

Data Center Protection 156

Network Security Zones 158

Switches, WAPs, and Routers 159

Network Segmentation 161

Virtual Private Networks 162

Network Access Control 163

Internet of Things 165

Chapter 17 Cloud Computing 169

Cloud Computing 169

Cloud Deployment Models 171

Cloud Service Categories 172

Security and the Shared Responsibility Model 174

Automation and Orchestration 174

Vendor Relationships 175

Part V Domain 5: Security Operations 179

Chapter 18 Encryption 181

Cryptography 181

Encryption Algorithms 183

Uses of Encryption 186

Hash Functions 187

Chapter 19 Data Handling 193

Data Life Cycle 193

Data Classification 196

Chapter 20 Logging and Monitoring 201

Logging 201

Log Monitoring 202

Chapter 21 Configuration Management 207

Configuration Management 207

Configuration Vulnerabilities 208

Chapter 22 Best Practice Security Policies 213

Acceptable Use Policy 213

Data Handling Policy 214

Password Policy 214

Bring Your Own Device Policy 214

Privacy Policy 214

Change Management Policy 215

Chapter 23 Security Awareness Training 219

Social Engineering 219

Security Education 221

Index 227

Authors

Mike Chapple University of Notre Dame.