Build an incident response program

Contents

• Introduction Introduction

  • Earning your SSCP

    1m 10s
• 1. The SSCP Exam 1. The SSCP Exam

  • The SSCP exam

    1m 8s
  • Is the SSCP right for you?

    3m 34s
  • Careers in information security

    3m 45s
  • Value of certification

    3m 12s
  • Study resources

    1m 26s
• 2. Inside the SSCP Exam 2. Inside the SSCP Exam

  • Registering for the exam

    2m 53s
  • (Locked)
    Exam environment

    3m 17s
  • (Locked)
    Question types

    4m 20s
  • (Locked)
    Passing the SSCP exam

    2m 12s
• 3. Preparing for the Exam 3. Preparing for the Exam

  • Exam tips

    1m 43s
  • (Locked)
    Meeting the experience requirement

    3m 41s
  • (Locked)
    Continuing education requirements

    5m 6s
• 4. Domain 1: Security Concepts and Practices 4. Domain 1: Security Concepts and Practices

  • (Locked)
    Overview of the Security Concepts and Practices Domain

    48s
• 5. Security Concepts 5. Security Concepts

  • The goals of information security

    2m 8s
  • (Locked)
    Confidentiality

    2m 8s
  • (Locked)
    Integrity

    3m 6s
  • (Locked)
    Availability

    1m 46s
  • (Locked)
    Accountability

    2m 24s
  • (Locked)
    Need to know and least privilege

    2m 33s
  • (Locked)
    Segregation of duties (SoD)

    3m 17s
  • (Locked)
    Privacy compliance

    4m 6s
  • (Locked)
    Employee privacy

    1m 54s
  • (Locked)
    Ethics

    1m 34s
• 6. Resource Security 6. Resource Security

  • (Locked)
    Physical asset management

    2m 43s
  • (Locked)
    Software licensing

    3m 6s
  • (Locked)
    Change and configuration management

    4m 3s
• 7. Data Security 7. Data Security

  • (Locked)
    Understanding data security

    3m 8s
  • (Locked)
    Data security policies

    5m 1s
  • (Locked)
    Data security roles

    4m 51s
  • (Locked)
    Limiting data collection

    2m 45s
  • (Locked)
    The data lifecycle

    5m 3s
• 8. Security Standards 8. Security Standards

  • (Locked)
    Developing security baselines

    3m 55s
  • (Locked)
    Leveraging industry standards

    1m 52s
  • (Locked)
    Customizing security standards

    2m 14s
• 9. Security Controls 9. Security Controls

  • (Locked)
    Security control selection and implementation

    5m 13s
  • (Locked)
    Control and risk frameworks

    9m 1s
  • (Locked)
    Security policy framework

    4m 47s
  • (Locked)
    DevOps and DevSecOps

    3m 55s
• 10. Assessing Security Controls 10. Assessing Security Controls

  • (Locked)
    Collect security process data

    3m 36s
  • (Locked)
    Management review

    2m 54s
  • (Locked)
    Security metrics

    3m 2s
  • (Locked)
    Audits and assessments

    5m 15s
  • (Locked)
    Control management

    2m 31s
• 11. Awareness and Training 11. Awareness and Training

  • (Locked)
    Security awareness and training

    5m 55s
  • (Locked)
    Compliance training

    3m 3s
  • (Locked)
    User habits

    3m 9s
  • (Locked)
    Social engineering

    5m 26s
  • (Locked)
    Measuring compliance and security posture

    1m 45s
• 12. Physical Security 12. Physical Security

  • (Locked)
    Site and facility design

    3m 25s
  • (Locked)
    Data center environmental controls

    3m 48s
  • (Locked)
    Data center environmental protection

    5m 9s
  • (Locked)
    Physical access control

    4m 56s
  • (Locked)
    Visitor management

    1m 43s
• 13. Domain 2: Access Controls 13. Domain 2: Access Controls

  • (Locked)
    Overview of the Access Controls Domain

    34s
• 14. Identity and Access Management 14. Identity and Access Management

  • (Locked)
    Access controls

    2m 58s
  • (Locked)
    Identification, authentication, and authorization

    3m 33s
• 15. Identification 15. Identification

  • (Locked)
    Usernames and access cards

    3m 23s
  • (Locked)
    Biometrics

    2m 41s
  • (Locked)
    Registration and identity proofing

    4m 13s
• 16. Authentication 16. Authentication

  • (Locked)
    Authentication factors

    3m 28s
  • (Locked)
    Multifactor authentication

    2m 35s
  • (Locked)
    Something you have

    3m 15s
  • (Locked)
    Password authentication protocols

    3m 10s
  • (Locked)
    SSO and federation

    3m 34s
  • (Locked)
    Internetwork trust architectures

    2m 5s
  • (Locked)
    Third-party connections

    2m 28s
  • (Locked)
    Zero-trust network architectures

    3m 51s
  • (Locked)
    SAML

    2m 35s
  • (Locked)
    OAuth and OpenID Connect

    2m 51s
  • (Locked)
    Device authentication

    6m 48s
• 17. Identity Management Lifecycle 17. Identity Management Lifecycle

  • (Locked)
    Understand account and privilege management

    3m 8s
  • (Locked)
    Account policies

    3m 31s
  • (Locked)
    Password policies

    4m 21s
  • (Locked)
    Manage roles

    3m 44s
  • (Locked)
    Monitoring, reporting, and maintenance

    3m 37s
  • (Locked)
    Provisioning and deprovisioning

    3m 45s
• 18. Authorization 18. Authorization

  • (Locked)
    Understand authorization

    4m 2s
  • (Locked)
    Mandatory access controls

    2m 34s
  • (Locked)
    Discretionary access controls

    2m 28s
  • (Locked)
    Access control lists

    4m 47s
  • (Locked)
    Advanced authorization concepts

    5m 20s
• 19. Domain 3: Risk Identification, Monitoring, and Analysis 19. Domain 3: Risk Identification, Monitoring, and Analysis

  • (Locked)
    Overview of the Risk Identification, Monitoring, and Analysis Domain

    41s
• 20. Risk Management 20. Risk Management

  • (Locked)
    Risk assessment

    4m 38s
  • (Locked)
    Quantitative risk assessment

    6m 19s
  • (Locked)
    Risk management

    4m 18s
  • (Locked)
    Ongoing risk management

    2m 30s
  • (Locked)
    Risk management frameworks

    3m 55s
  • (Locked)
    Risk visibility and reporting

    3m 3s
• 21. Threat Modeling 21. Threat Modeling

  • (Locked)
    Threat intelligence

    3m 21s
  • (Locked)
    Managing threat indicators

    3m 52s
  • (Locked)
    Intelligence sharing

    2m 28s
  • (Locked)
    Identifying threats

    2m 25s
  • (Locked)
    Automating threat intelligence

    3m 49s
  • (Locked)
    Threat hunting

    3m 50s
  • (Locked)
    MITRE ATT&CK

    2m 25s
• 22. Understanding Vulnerability Types 22. Understanding Vulnerability Types

  • (Locked)
    Vulnerability impacts

    5m 20s
  • (Locked)
    Supply chain vulnerabilities

    4m 21s
  • (Locked)
    Configuration vulnerabilities

    3m 48s
  • (Locked)
    Architectural vulnerabilities

    2m 14s
• 23. Vulnerability Scanning 23. Vulnerability Scanning

  • (Locked)
    What is vulnerability management?

    5m 2s
  • (Locked)
    Identifying scan targets

    4m 28s
  • (Locked)
    Scan configuration

    5m 22s
  • (Locked)
    Scan perspective

    4m 26s
  • (Locked)
    SCAP

    2m 34s
  • (Locked)
    CVSS

    3m 31s
  • (Locked)
    Interpreting CVSS scores

    3m 18s
  • (Locked)
    Analyzing scan reports

    3m 59s
  • (Locked)
    Correlating scan results

    2m 33s
• 24. Legal and Regulatory Concerns 24. Legal and Regulatory Concerns

  • (Locked)
    Legal and compliance risks

    2m 4s
  • (Locked)
    Legal definitions

    2m 51s
  • (Locked)
    Data privacy

    4m 13s
  • (Locked)
    Data breaches

    2m 21s
• 25. Security Monitoring 25. Security Monitoring

  • (Locked)
    Monitoring log files

    5m 38s
  • (Locked)
    Security information and event management

    4m 45s
  • (Locked)
    Continuous security monitoring

    4m 13s
  • (Locked)
    Visualization and reporting

    2m 58s
  • (Locked)
    Compliance monitoring

    3m 16s
  • (Locked)
    Legal and ethical issues in monitoring

    2m 26s
• 26. Domain 4: Incident Response and Recovery 26. Domain 4: Incident Response and Recovery

  • (Locked)
    Overview of the Incident Response and Recovery Domain

    31s
• 27. Incident Management 27. Incident Management

  • (Locked)
    Build an incident response program

    4m 13s
  • (Locked)
    Creating an incident response team

    2m 34s
  • (Locked)
    Incident communications plan

    2m 44s
  • (Locked)
    Incident detection

    4m 30s
  • (Locked)
    Escalation and notification

    2m 30s
  • (Locked)
    Mitigation

    2m 25s
  • (Locked)
    Containment techniques

    3m
  • (Locked)
    Incident eradication and recovery

    5m 37s
  • (Locked)
    Validation

    2m 24s
  • (Locked)
    Post-incident activities

    4m 16s
  • (Locked)
    Incident response exercises

    1m 59s
• 28. Investigations and Forensics 28. Investigations and Forensics

  • (Locked)
    Conducting investigations

    4m 8s
  • (Locked)
    Evidence types

    3m 29s
  • (Locked)
    Introduction to forensics

    3m 21s
  • (Locked)
    System and file forensics

    4m 25s
  • (Locked)
    Network forensics

    4m 16s
  • (Locked)
    Software forensics

    4m 56s
  • (Locked)
    Mobile device forensics

    1m 11s
  • (Locked)
    Embedded device forensics

    2m 33s
  • (Locked)
    Chain of custody

    1m 52s
  • (Locked)
    Reporting and documenting incidents

    3m 33s
  • (Locked)
    Electronic discovery (ediscovery)

    3m 7s
• 29. Business Continuity 29. Business Continuity

  • (Locked)
    Business continuity planning

    3m 14s
  • (Locked)
    Business continuity controls

    3m 37s
  • (Locked)
    High availability and fault tolerance

    5m 27s
• 30. Disaster Recovery 30. Disaster Recovery

  • (Locked)
    Disaster recovery planning

    4m 17s
  • (Locked)
    Backups

    4m 16s
  • (Locked)
    Restoring backups

    2m 14s
  • (Locked)
    Disaster recovery sites

    3m 25s
  • (Locked)
    Testing BC/DR plans

    3m 6s
  • (Locked)
    After action reports

    2m 40s
• 31. Emergency Response 31. Emergency Response

  • (Locked)
    Building an emergency response plan

    1m 6s
• 32. Domain 5: Cryptography 32. Domain 5: Cryptography

  • (Locked)
    Overview of the Cryptography Domain

    31s
• 33. Encryption 33. Encryption

  • (Locked)
    Understanding encryption

    2m 44s
  • (Locked)
    Symmetric and asymmetric cryptography

    4m 12s
  • (Locked)
    Goals of cryptography

    3m 57s
  • (Locked)
    Codes and ciphers

    3m 1s
  • (Locked)
    Choosing encryption algorithms

    3m 23s
  • (Locked)
    The perfect encryption algorithm

    3m 19s
  • (Locked)
    The cryptographic lifecycle

    2m 31s
• 34. Symmetric Cryptography 34. Symmetric Cryptography

  • (Locked)
    Data encryption standard

    2m 49s
  • (Locked)
    3DES

    2m 49s
  • (Locked)
    AES, Blowfish, and Twofish

    5m 40s
  • (Locked)
    RC4

    1m 58s
  • (Locked)
    Steganography

    3m 52s
• 35. Asymmetric Cryptography 35. Asymmetric Cryptography

  • (Locked)
    Rivest-Shamir-Adleman (RSA)

    2m 48s
  • (Locked)
    PGP and GnuPG

    1m 59s
  • (Locked)
    Elliptic curve and quantum cryptography

    2m 41s
• 36. Key Management 36. Key Management

  • (Locked)
    Cryptographic key security

    2m 42s
  • (Locked)
    Key exchange

    2m 40s
  • (Locked)
    Diffie-Hellman

    4m 27s
  • (Locked)
    Key escrow

    2m 56s
  • (Locked)
    Key stretching

    1m 40s
• 37. Public Key Infrastructure 37. Public Key Infrastructure

  • (Locked)
    Trust models

    2m 49s
  • (Locked)
    PKI and digital certificates

    4m 1s
  • (Locked)
    Hash functions

    7m 28s
  • (Locked)
    Digital signatures

    3m 50s
  • (Locked)
    Create a digital certificate

    4m 53s
  • (Locked)
    Revoke a digital certificate

    1m 41s
  • (Locked)
    Certificate stapling

    2m 27s
  • (Locked)
    Certificate authorities

    6m 22s
  • (Locked)
    Certificate subjects

    3m 33s
  • (Locked)
    Certificate types

    2m 54s
  • (Locked)
    Certificate formats

    1m 29s
• 38. Transport Encryption 38. Transport Encryption

  • (Locked)
    TLS and SSL

    3m 36s
  • (Locked)
    IPSec

    2m 53s
  • (Locked)
    Securing common protocols

    8m 1s
  • (Locked)
    DKIM

    2m 6s
  • (Locked)
    Tor and perfect forward secrecy

    5m 17s
  • (Locked)
    Blockchain

    1m 43s
• 39. Cryptanalytic Attacks 39. Cryptanalytic Attacks

  • (Locked)
    Brute-force attacks

    2m 56s
  • (Locked)
    Knowledge-based attacks

    2m 41s
  • (Locked)
    Limitations of encryption algorithms

    2m 42s
• 40. Domain 6: Network and Communications Security 40. Domain 6: Network and Communications Security

  • (Locked)
    Overview of the Network and Communications Security Domain

    43s
• 41. TCP/IP Networking 41. TCP/IP Networking

  • (Locked)
    Introducing TCP/IP

    5m 20s
  • (Locked)
    IP addressing and DHCP

    4m 1s
  • (Locked)
    Domain Name System (DNS)

    4m 30s
  • (Locked)
    Network ports

    3m 43s
  • (Locked)
    ICMP

    3m 23s
  • (Locked)
    Network topologies

    3m 3s
  • (Locked)
    Network relationships

    2m 52s
• 42. Network Security Devices 42. Network Security Devices

  • (Locked)
    Routers, switches, and bridges

    3m 11s
  • (Locked)
    Firewalls

    6m 17s
  • (Locked)
    Proxy servers

    2m 46s
  • (Locked)
    Load balancers

    4m 19s
  • (Locked)
    VPNs and VPN concentrators

    4m 39s
  • (Locked)
    Network intrusion detection and prevention

    5m 13s
  • (Locked)
    Protocol analyzers

    7m
  • (Locked)
    Content distribution networks

    3m 50s
  • (Locked)
    Traffic shaping and WAN optimization

    1m 46s
  • (Locked)
    Unified threat management

    1m 57s
• 43. Secure Network Design 43. Secure Network Design

  • (Locked)
    Public and private addressing

    5m 57s
  • (Locked)
    Subnetting

    3m 4s
  • (Locked)
    Security zones

    3m 59s
  • (Locked)
    VLANs and network segmentation

    2m 22s
  • (Locked)
    Security device placement

    6m 29s
  • (Locked)
    Software-defined networking (SDN)

    4m 21s
  • (Locked)
    Transmission media

    1m 48s
• 44. Network Security Technologies 44. Network Security Technologies

  • (Locked)
    Restricting network access

    2m 11s
  • (Locked)
    Network access control

    4m 36s
  • (Locked)
    RADIUS and TACACS

    3m 41s
  • (Locked)
    Firewall rule management

    4m 15s
  • (Locked)
    Router configuration security

    4m 10s
  • (Locked)
    Switch configuration security

    3m 48s
  • (Locked)
    Maintaining network availability

    2m 34s
  • (Locked)
    Network monitoring

    3m 45s
  • (Locked)
    SNMP

    2m 58s
  • (Locked)
    Isolating sensitive systems

    2m 1s
• 45. Remote Network Access 45. Remote Network Access

  • (Locked)
    Remote network access

    5m 17s
  • (Locked)
    Desktop and application virtualization

    2m 52s
• 46. Wireless Networking 46. Wireless Networking

  • (Locked)
    Understanding wireless networking

    2m 56s
  • (Locked)
    Wireless encryption

    2m 56s
  • (Locked)
    Wireless authentication

    4m 49s
  • (Locked)
    Wireless signal propagation

    2m 55s
  • (Locked)
    Wireless networking equipment

    1m 47s
• 47. Network Attacks 47. Network Attacks

  • (Locked)
    Denial of service attacks

    4m 20s
  • (Locked)
    Eavesdropping attacks

    4m 12s
  • (Locked)
    DNS attacks

    3m 39s
  • (Locked)
    Layer 2 attacks

    2m 5s
  • (Locked)
    Network address spoofing

    3m 40s
  • (Locked)
    Wireless attacks

    3m 3s
  • (Locked)
    Propagation attacks

    4m 22s
  • (Locked)
    Preventing rogues and evil twins

    2m 52s
  • (Locked)
    Disassociation attacks

    2m 11s
  • (Locked)
    Understanding Bluetooth and NFC attacks

    2m 4s
• 48. Domain 7: Systems and Application Security 48. Domain 7: Systems and Application Security

  • (Locked)
    Overview of the Systems and Application Security Domain

    38s
• 49. Malware 49. Malware

  • (Locked)
    Comparing viruses, worms, and trojans

    5m 7s
  • (Locked)
    Malware payloads

    6m 24s
  • (Locked)
    Understanding backdoors and logic bombs

    4m 4s
  • (Locked)
    Looking at advanced malware

    3m 1s
  • (Locked)
    Understanding botnets

    2m 55s
  • (Locked)
    Code signing

    2m 7s
• 50. Understanding Attackers 50. Understanding Attackers

  • (Locked)
    Cybersecurity adversaries

    5m 6s
  • (Locked)
    Preventing insider threats

    2m 45s
  • (Locked)
    Attack vectors

    4m 6s
  • (Locked)
    Zero-days and the Advanced Persistent Threat

    3m 25s
• 51. Social Engineering Attacks 51. Social Engineering Attacks

  • (Locked)
    Social engineering

    5m 36s
  • (Locked)
    Impersonation attacks

    5m 24s
  • (Locked)
    Identity fraud and pretexting

    3m
  • (Locked)
    Watering hole attacks

    2m 56s
  • (Locked)
    Physical social engineering

    2m 33s
• 52. Web Application Attacks 52. Web Application Attacks

  • (Locked)
    OWASP Top Ten

    4m 45s
  • (Locked)
    Application security

    4m 18s
  • (Locked)
    Preventing SQL injection

    4m 22s
  • (Locked)
    Understanding cross-site scripting

    3m 14s
  • (Locked)
    Request forgery

    4m 6s
  • (Locked)
    Defending against directory traversal

    3m 4s
  • (Locked)
    Overflow attacks

    3m 20s
  • (Locked)
    Explaining cookies and attachments

    4m 7s
  • (Locked)
    Session hijacking

    4m 48s
  • (Locked)
    Code execution attacks

    2m 44s
• 53. Host Security 53. Host Security

  • (Locked)
    Operating system security

    8m 53s
  • (Locked)
    Malware prevention

    4m 15s
  • (Locked)
    Application management

    5m 59s
  • (Locked)
    Host-based network security controls

    7m 48s
  • (Locked)
    File integrity monitoring

    4m 53s
  • (Locked)
    Data loss prevention

    6m 8s
  • (Locked)
    Endpoint monitoring

    2m 54s
• 54. Hardware Security 54. Hardware Security

  • (Locked)
    Hardware encryption

    5m 29s
  • (Locked)
    Hardware and firmware security

    4m 37s
  • (Locked)
    Peripheral security

    2m 58s
• 55. Mobile Device Security 55. Mobile Device Security

  • (Locked)
    Mobile connection methods

    4m 7s
  • (Locked)
    Mobile device security

    3m 7s
  • (Locked)
    Mobile device management

    7m 16s
  • (Locked)
    Mobile device tracking

    3m 11s
  • (Locked)
    Mobile application management

    3m 58s
  • (Locked)
    Mobile security enforcement

    3m 56s
  • (Locked)
    Bring Your Own Device (BYOD)

    4m 40s
  • (Locked)
    Mobile deployment models

    2m 59s
• 56. Embedded Systems Security 56. Embedded Systems Security

  • (Locked)
    Industrial control systems

    5m 9s
  • (Locked)
    Internet of Things

    3m 6s
  • (Locked)
    Securing smart devices

    3m 43s
  • (Locked)
    Secure networking for smart devices

    2m 23s
• 57. Cloud Computing 57. Cloud Computing

  • (Locked)
    What is the cloud?

    3m 52s
  • (Locked)
    Cloud activities and the Cloud Reference Architecture

    2m 50s
  • (Locked)
    Cloud deployment models

    2m 42s
  • (Locked)
    Cloud service categories

    6m 6s
  • (Locked)
    Virtualization

    4m 44s
  • (Locked)
    Cloud compute resources

    7m 43s
  • (Locked)
    Cloud storage

    2m 59s
  • (Locked)
    Containers

    1m 54s
• 58. Cloud Issues 58. Cloud Issues

  • (Locked)
    Security and privacy concerns in the cloud

    2m 49s
  • (Locked)
    Data sovereignty

    2m 34s
  • (Locked)
    Cloud access security brokers

    5m 15s
  • (Locked)
    Operational concerns in the cloud

    4m 16s
• Conclusion Conclusion

  • (Locked)
    Preparing for the exam

    28s