Certified in Cybersecurity (CC)
The Certified in Cybersecurity (CC) certification is a credential offered by various organizations and institutions to individuals who demonstrate proficiency and knowledge in cybersecurity practices and principles.
The CC certification is designed to validate the skills and expertise of cybersecurity professionals. It indicates that an individual possesses the necessary knowledge and abilities to effectively protect systems, networks, and data from cyber threats.
Certified in Cybersecurity (CC) will prove to employers you have the foundational knowledge, skills and abilities necessary for an entry- or junior-level cybersecurity role. It will signal your understanding of fundamental security best practices, policies and procedures, as well as your willingness and ability to learn more and grow on the job.
There are five domains covered on the exam.
• Security Principles
• Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
• Access Controls Concepts
• Network Security
• Security Operations
- Chief Information Security Officer
- Chief Information Officer
- Director of Security
- IT Director/Manager
- Security Systems Engineer
- Security Analyst
- Security Manager
- Security Auditor
- Security Architect
- Security Consultant
- Network Architect
Pre-Requisites
There are no specific prerequisites to take the exam. It is recommended that candidates have basic information technology (IT) knowledge. No work experience in cybersecurity or any formal educational diploma/degree is required. The next step in the candidate’s career would drive to earning ISC2 expert-level certifications, which require experience in the field.
Exam Information
Exam Name | Certified in Cybersecurity (CC) |
Exam Type | Multiple-choice Questions |
Total Questions | 100 |
Exam Duration | 2 Hours |
Passing Score | 700 out of 1000 |
Languages | English, Chinese, Japanese, Korean, German, Spanish |
Testing center | Pearson VUE Testing Center |
Course Duration : 12 Hours
Course Syllabus
1.1 Understand the security concepts of information assurance
» Confidentiality
» Integrity
» Availability
» Authentication (e.g., methods of authentication, multi-factor authentication (MFA))
» Non-repudiation
» Privacy
1.2 Understand the risk management process
» Risk management (e.g., risk priorities, risk tolerance)
» Risk identification, assessment and treatment
1.3 Understand security controls
» Technical controls
» Administrative controls
» Physical controls
1.4 Understand (ISC)² Code of Ethics
» Professional code of conduct
1.5 Understand governance processes
» Policies
» Procedures
» Standards
» Regulations and laws
Understand business continuity (BC)
» Purpose
» Importance
» Components
2.2 Understand disaster recovery (DR)
» Purpose
» Importance
» Components
2.3 Understand incident response
» Purpose
» Importance
» Components
3.1 Understand physical access controls
» Physical security controls (e.g., badge systems, gate entry, environmental design)
» Monitoring (e.g., security guards, closed-circuit television (CCTV), alarm systems, logs)
» Authorized versus unauthorized personnel
3.2 Understand logical access controls
» Principle of least privilege
» Segregation of duties
» Discretionary access control (DAC)
» Mandatory access control (MAC)
» Role-based access control (RBAC)
4.1 Understand computer networking
» Networks (e.g., Open Systems Interconnection (OSI) model, Transmission Control Protocol/Internet Protocol (TCP/IP) model, Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6), WiFi)
» Ports
» Applications
4.2 Understand network threats and attacks
» Types of threats (e.g., distributed denial-of-service (DDoS), virus, worm, Trojan, man-in-the-middle (MITM), side-channel)
» Identification (e.g., intrusion detection system (IDS), host-based intrusion detection system (HIDS), network intrusion detection system (NIDS))
» Prevention (e.g., antivirus, scans, firewalls, intrusion prevention system (IPS))
4.3 Understand network security infrastructure
» On-premises (e.g., power, data center/closets, Heating, Ventilation, and Air Conditioning (HVAC), environmental, fire suppression, redundancy, memorandum of understanding (MOU)/memorandum of agreement (MOA))
» Design (e.g., network segmentation (demilitarized zone (DMZ), virtual local area network (VLAN), virtual private network (VPN), micro-segmentation), defense in depth, Network Access Control (NAC) (segmentation for embedded systems, Internet of Things (IoT))
» Cloud (e.g., service-level agreement (SLA), managed service provider (MSP), Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), hybrid)
5.1 Understand data security
» Encryption (e.g., symmetric, asymmetric, hashing)
» Data handling (e.g., destruction, retention, classification, labeling)
» Logging and monitoring security events
5.2 Understand system hardening
» Configuration management (e.g., baselines, updates, patches)
5.3 Understand best practice security policies
» Data handling policy
» Password policy
» Acceptable Use Policy (AUP)
» Bring your own device (BYOD) policy
» Change management policy (e.g., documentation, approval, rollback)
» Privacy policy
5.4 Understand security awareness training
» Purpose/concepts (e.g., social engineering, password protection)
» Importance
- Career Advancement: Boost your credibility and open doors to lucrative job opportunities in the rapidly growing field of cybersecurity.
- Skill Validation: Demonstrate your expertise and proficiency in safeguarding digital assets, enhancing your professional reputation.
- Industry Recognition: Gain recognition from employers, clients, and peers as a trusted cybersecurity professional with a certified skill set.
- Stay Ahead of Threats: Stay updated with the latest security trends, techniques, and best practices, equipping you to tackle evolving cyber threats effectively.
- Networking Opportunities: Connect with a vibrant community of cybersecurity experts, fostering collaboration, knowledge sharing, and career growth.
Up-coming Schedule:
Please contact us to know about the upcoming schedule.