Mike Wills - The Official (ISC)2 SSCP CBK Reference
Здесь есть возможность читать онлайн «Mike Wills - The Official (ISC)2 SSCP CBK Reference» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.
- Название:The Official (ISC)2 SSCP CBK Reference
- Автор:
- Жанр:
- Год:неизвестен
- ISBN:нет данных
- Рейтинг книги:4 / 5. Голосов: 1
-
Избранное:Добавить в избранное
- Отзывы:
-
Ваша оценка:
- 80
- 1
- 2
- 3
- 4
- 5
The Official (ISC)2 SSCP CBK Reference: краткое содержание, описание и аннотация
Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «The Official (ISC)2 SSCP CBK Reference»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.
The Official (ISC)2 SSCP CBK Reference
SSCP Study Guide
The Official (ISC)2 SSCP CBK Reference
The Official (ISC)2 SSCP CBK Reference — читать онлайн ознакомительный отрывок
Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «The Official (ISC)2 SSCP CBK Reference», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.
Интервал:
Закладка:
Domain 7 Systems and Application Security Countermeasures and prevention techniques for dealing with viruses, worms, logic bombs, Trojan horses, and other related forms of intentionally created damaging code:7.1 Identify and analyze malicious code and activity.7.2 Implement and operate endpoint device security.7.3 Administer Mobile Device Management (MDM).7.4 Understand and configure cloud security.7.5 Operate and maintain secure virtual environments.
Appendix: Cross-Domain Challenges In 2020 and 2021, the world was rocked by the Covid-19 pandemic and a significant increase in the complexity, scale, and severity of cybercrime and cyber attacks on businesses, government services, and critical infrastructures. In response, information security professionals around the globe worked tirelessly to address incident response and recovery. They also worked to improve systems hardening and intrusion detection techniques. Many of the persistent (and pernicious) attack strategies exploit aspects of nearly every topic in every SSCP Domain. Here in the CBK, the appendixoffers five sets of strategies that can help security professionals shift the offense-versus-defense struggle more into the defense's favor. These five shifts or pivots are:Turn the attackers' playbooks against them.Cybersecurity hygiene: think small, act small.Flip the “data-driven value function.”Operationalizing security across the immediate and longer term.Zero-trust architectures and operations.
The appendixalso helps put the challenges of maintaining information security at the interface between an organization's IT systems and its operational technology (OT) ones. Since 2019, cyber attacks on process controls, autonomous devices, smart buildings elements, and Internet of Things (IoT) systems have disrupted many organizations. The pressure is on for SSCPs and other information security professionals to better understand the security and safety issues related to how their organization's data actually makes physical actions take place; the appendixprovides you some places to start.
Using This Book to Defeat the Cybersecurity Kill Chain
Your employers or clients have entrusted the safety and security of their information systems to you, as one of their on-site information security professionals. Those systems are under constant attack—not just the threat of attack. Each day, the odds are great that somebody is knocking at your electronic front doors, trying the e-window latches on your organization's web pages, and learning about your information systems and how you use them. That's reconnaissance in action, the first step in the cybersecurity kill chain.
As an SSCP you're no doubt aware of the cybersecurity kill chain, as a summary of how advanced persistent threat (APT) actors plan and conduct their attacks against many private and public organizations, their IT infrastructures, and their information assets and systems. Originally developed during the 1990s by applying military planning doctrines of effects-based targeting, this kill chain is similar to the value chain concept used by businesses and public-sector organizations around the world. Both value chains and kill chains start with the objective—the desired end state or result—and work backward, all the way back to choosing the right targets to attack in the first place. 1 Lockheed-Martin first published its cybersecurity kill chain in 2011; the MITRE Corporation, a federally funded research and development corporation (FFRDC), expanded on this in 2018 with its threat-based Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework. ATT&CK takes the kill chain concept down into the tactics, techniques, and procedures used by squad-level and individual soldiers in the field. (Note that in military parlance, planning flows from strategic, through operational, to tactical; but common business-speak usage flips the names of the last two steps, looking at business operations as being the point-of-contact steps with customers, and the tactical layer of planning translating strategic objectives into manageable, measurable, value-producing packages of work.) ATT&CK as a framework is shown in Figure I.1, highlighting the two major phases that defenders need to be aware of and engaged with: prestrike planning and the enterprise-level targeted strikes at your systems, your data, and your mission.

FIGURE I.1 MITRE's ATT&CK cybersecurity kill chain model
© 2018 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
MITRE, Lockheed Martin, and others may give slightly different names to the different phases of their kill chain models. For example, MITRE's combines exploitation with installation, while emphasizing the persistent presence of the adversary inside your systems as they maintain their capabilities to quietly wreak havoc and achieve their objectives. The names of the phases aren't important; their underlying flow of ideas is what matters. To date, there does not seem to be any evidence that any given attacker has used exactly one planning model or another. There is abundant evidence, however, that defenders who do not understand these models pay for their ignorance—or, more precisely, their employers and clients do.
Combining these two models gives us eight phases of the life of an APT's kill chain and suggests which domains of knowledge (and therefore which chapters) may be your first ports of call as you plan to detect, prevent, degrade, or defeat the individual tasks that might make up each step in such a kill chain's operation. These are shown in Table I.1.
TABLE I.1 Kill Chain Phases Mapped to Chapters
KILL CHAIN PHASE | ATTACK OPERATIONS | DEFENSIVE OPTIONS |
---|---|---|
Reconnaissance | All-source intelligence gathering to inform the attack: OSINT, scanning, early intrusion, social engineering | All chapters: enhance overall risk/security posture, awareness, vigilance |
Weaponization | Select and prepare access techniques and pathways | Chapters 2, 7 |
Delivery | Email, USBs, URLs, access control gaps, etc. | Chapters 1, 2, 5, 6, 7 |
Exploitation | Malware, rootkit exploits, live off the land | Chapters 2, 4, 6, 7 |
Installation | Backdoors, false or subverted user IDs | Chapters 2, 7 |
Command & Control | Privilege escalation, credential access; lateral movement; find, fix, select in-system targets | Chapters 1, 2, 4, 6 |
Execute the Attack | Exfiltrate; corrupt; encrypt for ransom; springboard to other targets | Chapters 4, 5 |
Maintain Hostile Presence | Continue to exploit target's systems and data; continue hiding one's tracks | Chapters 2, 4, 6, 7 |
You might be wondering why all chapters seem to apply to the Reconnaissance phase. The key to this is to recognize that the attacker will seek to find all possible sources of information about your organization, its business associates and relationships, its communications patterns, and its IT systems. APTs seek understanding of their targets' business and social networks, the “watering holes” where their people gather to collaborate with others in their trade or market. They'll try to suck up every unencrypted, unprotected, unsecured bit of anything that might be of use to them, as they determine your value to them as a set of exploitable opportunities. As the defender, this is your first clear opportunity to practice what insurance companies call “all-risks coverage” by exerting all possible efforts to identify, prioritize, and control all hazards that your systems and your organization might be exposed to.
Читать дальшеИнтервал:
Закладка:
Похожие книги на «The Official (ISC)2 SSCP CBK Reference»
Представляем Вашему вниманию похожие книги на «The Official (ISC)2 SSCP CBK Reference» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.
Обсуждение, отзывы о книге «The Official (ISC)2 SSCP CBK Reference» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.