Official (ISC)2 Guide to the SSCP CBK, Second Edition / Edition 2


The (ISC) r Systems Security Certified Practitioner (SSCPr) certification is one of the most important credentials an information security practitioner can have. Having helped thousands of people around the world obtain this distinguished certification, the bestselling Official (ISC)2 Guide to the SSCP CBKr has quickly become the book that many of today's security practitioners depend on to attain and maintain the required competence in the seven domains of the (ISC) CBK. Picking up where the popular first edition left off, the Official (ISC)2 Guide to the SSCP CBK, Second Edition brings together leading IT security tacticians from around the world to discuss the critical role that policy, procedures, standards, and guidelines play within the overall information security management infrastructure. Offering step-by-step guidance through the seven domains of the SSCP CBK, the text:
• Presents widely recognized best practices and techniques used by the world's most experienced administrators
• Uses accessible language, bulleted lists, tables, charts, and diagrams to facilitate a clear understanding
• Prepares you to join the thousands of practitioners worldwide who have obtained (ISC) certification Through clear descriptions accompanied by easy-to-follow instructions and self-assessment questions, this book will help you establish the product-independent understanding of information security fundamentals required to attain SSCP certification. Following certification it will be a valuable guide to addressing real-world security implementation challenges.

Read More Show Less

Product Details

  • ISBN-13: 9781136586668
  • Publisher: Taylor & Francis, Inc.
  • Publication date: 4/27/2007
  • Series: (ISC)2 Press Series
  • Sold by: Barnes & Noble
  • Format: eTextbook
  • Edition number: 2
  • Pages: 467
  • File size: 5 MB

Meet the Author

Harold F. Tipton, currently an independent consultant, was a past president of the International Information System Security Certification Consortium and a director of computer security for Rockwell International Corporation for about 15 years. He initiated the Rockwell computer and data security program in 1977 and then continued to administer, develop, enhance, and expand the program to accommodate the control needs produced by technological advances until his retirement from Rockwell in 1994.

Tipton has been a member of the Information Systems Security Association (ISSA) since 1982. He was the president of the Los Angeles chapter in 1984, and the president of the national organization of ISSA (1987–1989). He was added to the ISSA Hall of Fame and the ISSA Honor Role in 2000.

Tipton was a member of the National Institute for Standards and Technology (NIST), the Computer and Telecommunications Security Council, and the National Research Council Secure Systems Study Committee (for the National Academy of Science). He received his BS in engineering from the U.S. Naval Academy and his MA in personnel administration from George Washington University; he also received his certificate in computer science from the University of California, Irvine. He is a certified information system security professional (CISSP), ISSAP, & ISSMP.

He has published several papers on information security issues for Auerbach Publications (Handbook of Information Security Management, Data Security Management, and Information Security Journal), National Academy of Sciences (Computers at Risk), Data Pro Reports, Elsevier, and ISSA (Access).

He has been a speaker at all the major information security conferences including the Computer Security Institute, the ISSA Annual Working Conference, the Computer Security Workshop, MIS Conferences, AIS Security for Space Operations, DOE Computer Security Conference, National Computer Security Conference, IIA Security Conference, EDPAA, UCCEL Security & Audit Users Conference, and Industrial Security Awareness Conference.

He has conducted/participated in information security seminars for (ISC)2, Frost & Sullivan, UCI, CSULB, System Exchange Seminars, and the Institute for International Research. He participated in the Ernst & Young video "Protecting Information Assets." He is currently serving as the editor of the Handbook of Information Security Management (Auerbach). He chairs the (ISC)2 CBK Committees and the QA Committee. He received the Computer Security Institute’s Lifetime Achievement Award in 1994, the (ISC)2’s Hal Tipton Award in 2001 and the (ISC)2 Founders Award in 2009.

Read More Show Less

Table of Contents

Access Controls; Paul Henry
Access Control Concepts
Architecture Models
Identification, Authentication, Authorization, and Accountability
Remote Access Methods
Other Access Control Areas
Sample Questions

Cryptography; Christopher M. Nowell
The Basics
Symmetric Cryptography
General Cryptography
Specific Hashes
Specific Protocols
Sample Questions

Malicious Code; Ken Dunham
Introduction to Windows Malcode Security Management
Malcode Naming Conventions and Types
Brief History of Malcode
Vectors of Infection
Identifying Infections
Behavioral Analysis of Malcode
Malcode Mitigation
Sample Questions

Monitoring and Analysis; Mike Mackrill
Policy, Controls, and Enforcement
Sample Questions

Networks and Telecommunications; Eric Waxvik and Samuel Chun
Introduction to Networks and Telecommunications
Network Protocols and Security Characteristics
Data Communications and Network Infrastructure Components and Security Characteristics
Wireless Local Area Networking
Sample Questions

Security Operations and Administration; C. Karen Stopford
Security Program Objectives: The C-I-A Triad
Code of Ethics
Security Best Practices
Designing a Security Architecture
Security Program Frameworks
Aligning Business, IT, and Security
Security Architecture and Models
Access Control Models
Identity and Access Management
Managing Privileged User Accounts
Outsourcing Security and Managed Security Service Providers
Business Partner Security Controls
Security Policies, Standards, Guidelines, and Procedures
Considerations for Safeguarding Confidentiality
Privacy and Monitoring
Information Life Cycle
Protecting Confidentiality and Information Classification
Information Handling Policy
Information Collection
Secure Information Storage
Secure Output
Record Retention and Disposal
Disclosure Controls: Data Leakage Prevention
Secure Application Development
Web Application Vulnerabilities and Secure Development Practices
Implementation and Release Management
Systems Assurance and Controls Validation
Certification and Accreditation
Security Assurance Rating: Common Criteria
Change Control
Configuration Management
Patch Management
Monitoring System Integrity
Endpoint Protection
Thin Client Implementations
Security Awareness and Training
Review Questions

Risk, Response, and Recovery; Chris Trautwein
Introduction to Risk Management
Incident Response

Appendix: Questions and Answers
Access Controls
Malicious Code
Monitoring and Analysis
Networks and Telecommunications
Risk, Response, and Recovery
Security Operations and Administration


Read More Show Less

Customer Reviews

Average Rating 4.5
( 6 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)