Systems Security Certified Practitioner (SSCP)

Course Overview

The SSCP certification is the ideal credential for those with proven technical skills and practical security knowledge in hands-on operational IT roles. It provides industry-leading confirmation of a practitioner’s ability to implement, monitor, and administer IT infrastructure by information security policies and procedures that ensure data confidentiality, integrity, and availability.

The SSCP indicates a practitioner’s technical ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

SSCP complies with the stringent requirements of ANSI/ISO/IEC Standard 17024.

Target Audience

· Database Administrator

· Network Security Engineer

· Security Administrator

· Security Analyst

· Security Consultant/Specialist

· Systems Administrator

· Systems Engineer

· Systems/Network Analyst

Pre-Requisites

· To be SSCP certified, a candidate should pass the exam and have a minimum of 1 year of cumulative paid full-time work experience in one or more of the seven domains of the SSCP CBK..

Course Duration : 5 Days

Exam Information

· Duration : 3 Hours

· Number of questions : 125

· Question format : Multiple Choice

· Passing marks : 700 out of 1000

· Exam language : English, Japanese, and Brazilian Portuguese

Course Objectives

· Access Controls

· Security Operations and Administration

· Risk Identification, Monitoring, and Analysis

· Incident Response and Recovery

· Cryptography

· Network and Communications Security

· Systems and Application Security

Course Syllabus

Domain 1: Access Controls

· Comply with codes of ethics

· Understand security concepts

· Document, implement, and maintain functional security controls

· Participate in asset management

· Implement security controls and assess compliance

· Participate in change management

· Participate in security awareness and training

· Participate in physical security operations (e.g., data center assessment, badging)

Domain 2: Security Operations and Administration

· Implement and maintain authentication methods

· Support internetwork trust architectures

· Participate in the identity management lifecycle

· Implement access controls

Domain 3: Risk Identification, Monitoring, and Analysis

· Understand the risk management process

· Perform security assessment activities

· Operate and maintain monitoring systems (e.g., continuous monitoring)

· Analyze monitoring results

Domain 4: Incident Response and Recovery

· Support incident lifecycle

· Understand and support forensic investigations

· Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) activities

Domain 5: Cryptography

· Understand fundamental concepts of cryptography

· Understand reasons and requirements for cryptography

· Understand and support secure protocols

· Understand Public Key Infrastructure (PKI) systems

Domain 6: Network and Communications Security

· Understand and apply fundamental concepts of networking

· Understand network attacks and countermeasures (e.g., DDoS, man-in-the-middle, DNS poisoning)

· Manage network access controls

· Manage network security

· Operate and configure network-based security devices

· Operate and configure wireless technologies (e.g., bluetooth, NFC, WiFi)

Domain 7: Systems and Application Security

· Identify and analyze malicious code and activity

· Implement and operate endpoint device security

· Operate and configure cloud security

· Operate and secure virtual environments