SSCP (Systems Security Certified Practitioner)

Chapter 1: Introducing Security and Aligning Asset Management to Risk Management

• Classify information security and security concepts.
• Summarize components of the asset management lifecycle .
• Identify common risks and vulnerabilities.
• Provide examples of appropriate risk treatment.

Chapter 2: Understanding Risk Management Options and the Use of Access Controls to Protect Assets

• Provide examples of functional security controls and policies for identified scenarios.
• Classify various access control models.
• Identify components of the identity management lifecycle.
• Recognize access control and authentication methods.

Chapter 3: Cryptography

• Identify the fundamental concepts of cryptography driving requirements and benefits.
• Recognize symmetric encryption methods.
• Use asymmetric encryption methods.
• Examine Public-Key Infrastructure (PKI) systems and certificates.
• Summarize fundamental key management terms and concepts.
• Recognize how to implement secure protocols.
• Review methods of cryptanalytic attack.

Chapter 4: Securing Software, Data, and Endpoints

• Discuss software systems and application security.
• Recognize data security concepts and skills.
• Identify malicious code and countermeasures.
• Evaluate Mobile Device Management (MDM) and security issues with mobile and autonomous endpoints.
• Review attacks and countermeasures for virtual machines.

Chapter 5: Network and Communications Security

• Recognize layers of the OSI Model, their functions, and attacks present at each layer.
• Identify commonly used ports and protocols.
• Select appropriate countermeasures for various network attacks.
• Summarize best practices for establishing a secure networked environment.

Chapter 6: Cloud and Wireless Security

• Recall cloud security concepts and configurations.
• Recognize types of virtualization and cloud security considerations.
• Summarize the types of telecommunications and network access controls.

Chapter 7: Incident Detection and Response

• Review the steps for monitoring, incident detection, and data loss prevention using all source intelligence.
• Identify the elements of an incident response policy and members of the incident response team (IRT).
• Classify the SSCP’s role in supporting forensic investigations.

Chapter 8: Maturing Risk Management

• Identify operational aspects of change management.
• Summarize physical security considerations.
• Design a security education and awareness strategy.
• Recognize common security assessment activities.
• Classify the components of a business continuity plan and disaster recovery plan.

SSCP Exam and Testing:

For the SSCP certification, a candidate is required to have a minimum of 1 year of cumulative paid full-time work experience in one or more of the 7 domains of the SSCP CBK. If you do not have the required experience, you may still sit for the exam and become an Associate of (ISC)2 until you have gained the required experience. SSCP Exam Details

• Number of Questions: 125
• Passing Score: 700 points out of 1000
• Test Duration: 3 Hours
• Test Format: Multiple choice
• Test Delivery: (ISC)²

SSCP Certification Measures a Candidate’s Knowledge in Each of these 7 Domains:

1. Security Operations and Administration
2. Access Controls
3. Risk Identification, Monitoring, and Analysis
4. Incident Response and Recovery
5. Cryptography
6. Network and Communications Security
7. System and Application Security