Official (ISC)2 Guide to the SSCP CBK: 2nd Edition (Hardback) book cover

Official (ISC)2 Guide to the SSCP CBK

2nd Edition

Edited by Harold F. Tipton

Auerbach Publications

468 pages | 40 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781439804834
pub: 2010-12-08
eBook (VitalSource) : 9780429228360
pub: 2010-12-08
from $43.98

FREE Standard Shipping!


The (ISC)²® Systems Security Certified Practitioner (SSCP®) certification is one of the most important credentials an information security practitioner can have. Having helped thousands of people around the world obtain this distinguished certification, the bestselling Official (ISC)2 Guide to the SSCP CBK® has quickly become the book that many of today’s security practitioners depend on to attain and maintain the required competence in the seven domains of the (ISC)² CBK.

Picking up where the popular first edition left off, the Official (ISC)2 Guide to the SSCP CBK, Second Edition brings together leading IT security tacticians from around the world to discuss the critical role that policy, procedures, standards, and guidelines play within the overall information security management infrastructure. Offering step-by-step guidance through the seven domains of the SSCP CBK, the text:

  • Presents widely recognized best practices and techniques used by the world's most experienced administrators
  • Uses accessible language, bulleted lists, tables, charts, and diagrams to facilitate a clear understanding
  • Prepares you to join the thousands of practitioners worldwide who have obtained (ISC)² certification

Through clear descriptions accompanied by easy-to-follow instructions and self-assessment questions, this book will help you establish the product-independent understanding of information security fundamentals required to attain SSCP certification. Following certification it will be a valuable guide to addressing real-world security implementation challenges.

Table of Contents

Access Controls; Paul Henry

Access Control Concepts

Architecture Models

Identification, Authentication, Authorization, and Accountability

Remote Access Methods

Other Access Control Areas

Sample Questions

Cryptography; Christopher M. Nowell

The Basics

Symmetric Cryptography

General Cryptography

Specific Hashes

Specific Protocols


Sample Questions

Malicious Code; Ken Dunham

Introduction to Windows Malcode Security Management

Malcode Naming Conventions and Types

Brief History of Malcode

Vectors of Infection


Identifying Infections

Behavioral Analysis of Malcode

Malcode Mitigation

Sample Questions

Monitoring and Analysis; Mike Mackrill

Policy, Controls, and Enforcement



Sample Questions

Networks and Telecommunications; Eric Waxvik and Samuel Chun

Introduction to Networks and Telecommunications

Network Protocols and Security Characteristics

Data Communications and Network Infrastructure Components and Security Characteristics

Wireless Local Area Networking

Sample Questions

Security Operations and Administration; C. Karen Stopford

Security Program Objectives: The C-I-A Triad

Code of Ethics

Security Best Practices

Designing a Security Architecture

Security Program Frameworks

Aligning Business, IT, and Security

Security Architecture and Models

Access Control Models

Identity and Access Management

Managing Privileged User Accounts

Outsourcing Security and Managed Security Service Providers

Business Partner Security Controls

Security Policies, Standards, Guidelines, and Procedures

Considerations for Safeguarding Confidentiality

Privacy and Monitoring

Information Life Cycle

Protecting Confidentiality and Information Classification

Information Handling Policy

Information Collection

Secure Information Storage

Secure Output

Record Retention and Disposal

Disclosure Controls: Data Leakage Prevention

Secure Application Development

Web Application Vulnerabilities and Secure Development Practices

Implementation and Release Management

Systems Assurance and Controls Validation

Certification and Accreditation

Security Assurance Rating: Common Criteria

Change Control

Configuration Management

Patch Management

Monitoring System Integrity

Endpoint Protection

Thin Client Implementations


Security Awareness and Training

Review Questions


Risk, Response, and Recovery; Chris Trautwein

Introduction to Risk Management

Incident Response



Appendix: Questions and Answers

Access Controls


Malicious Code

Monitoring and Analysis

Networks and Telecommunications

Risk, Response, and Recovery

Security Operations and Administration


About the Editor

Harold F. Tipton, currently an independent consultant, was a past president of the International Information System Security Certification Consortium and a director of computer security for Rockwell International Corporation for about 15 years. He initiated the Rockwell computer and data security program in 1977 and then continued to administer, develop, enhance, and expand the program to accommodate the control needs produced by technological advances until his retirement from Rockwell in 1994.

Tipton has been a member of the Information Systems Security Association (ISSA) since 1982. He was the president of the Los Angeles chapter in 1984, and the president of the national organization of ISSA (1987–1989). He was added to the ISSA Hall of Fame and the ISSA Honor Role in 2000.

Tipton was a member of the National Institute for Standards and Technology (NIST), the Computer and Telecommunications Security Council, and the National Research Council Secure Systems Study Committee (for the National Academy of Science). He received his BS in engineering from the U.S. Naval Academy and his MA in personnel administration from George Washington University; he also received his certificate in computer science from the University of California, Irvine. He is a certified information system security professional (CISSP), ISSAP, & ISSMP.

He has published several papers on information security issues for Auerbach Publications (Handbook of Information Security Management, Data Security Management, and Information Security Journal), National Academy of Sciences (Computers at Risk), Data Pro Reports, Elsevier, and ISSA (Access).

He has been a speaker at all the major information security conferences including the Computer Security Institute, the ISSA Annual Working Conference, the Computer Security Workshop, MIS Conferences, AIS Security for Space Operations, DOE Computer Security Conference, National Computer Security Conference, IIA Security Conference, EDPAA, UCCEL Security & Audit Users Conference, and Industrial Security Awareness Conference.

He has conducted/participated in information security seminars for (ISC)2, Frost & Sullivan, UCI, CSULB, System Exchange Seminars, and the Institute for International Research. He participated in the Ernst & Young video "Protecting Information Assets." He is currently serving as the editor of the Handbook of Information Security Management (Auerbach). He chairs the (ISC)2 CBK Committees and the QA Committee. He received the Computer Security Institute’s Lifetime Achievement Award in 1994, the (ISC)2’s Hal Tipton Award in 2001 and the (ISC)2 Founders Award in 2009.

About the Series

(ISC)2 Press

Learn more…

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Networking / General
COMPUTERS / Security / General
COMPUTERS / Certification Guides / General