logo

Systems Security Certified Practitioner (SSCP) (CS8521)

The Systems Security Certified Practitioner (SSCP) training is an intensive and comprehensive program designed to equip information security professionals with the knowledge and skills necessary to excel in the dynamic field of cybersecurity. This course offers a well-rounded curriculum that covers the essential domains of knowledge as specified by (ISC)², the International Information System Security Certification Consortium.

Throughout the training, participants will delve into the core principles, best practices, and cutting-edge techniques employed in securing IT infrastructures, safeguarding critical data, and mitigating security risks. The SSCP certification is ideal for individuals seeking to demonstrate their expertise in implementing, monitoring, and administering secure systems, networks, and applications in alignment with industry-recognized security standards.

Applicable solutions

Public class

Duration: 
5 days / 35 hours

Private class

Virtual classroom
Minimum no. of participants: 5
5 days / 35 hours
Price on request
English or French
Training plan: 

Module 1: Security Operations and Administration

  • Comply With Codes Of Ethics
    • Understand, Adhere to, and Promote Professional Ethics
    • (ISC)² Code of Ethics
    • Organizational Code of Ethics
  • Understand Security Concepts
    • Conceptual Models for Information Security
    • Confidentiality
    • Integrity
    • Availability
    • Accountability
    • Privacy
    • Nonrepudiation
    • Authentication
    • Safety
    • Fundamental Security Control Principles
    • Access Control and Need-to-Know
    • Job Rotation and Privilege Creep
  • Document, Implement, And Maintain Functional Security Controls
    • Deterrent Controls
    • Preventative Controls
    • Detective Controls
    • Corrective Controls
    • Compensating Controls
    • The Lifecycle of a Control
  • Participate In Asset Management
    • Asset Inventory
    • Lifecycle (Hardware, Software, and Data)
    • Hardware Inventory
    • Software Inventory and Licensing
    • Data Storage
  • Implement Security Controls And Assess Compliance
    • Technical Controls
    • Physical Controls
    • Administrative Controls
    • Periodic Audit and Review
  • Participate In Change Management
    • Execute Change Management Process
    • Identify Security Impact
    • Identify Security Impact
  • Participate In Security Awareness And Training
    • Security Awareness Overview
    • Competency as the Criterion
    • Build a Security Culture, One Awareness Step at a Time
  • Participate In Physical Security Operations
    • Physical Access Control
    • The Data Center
    • Service Level Agreements

Module 2: Access Controls

  • Access Control Concepts
    • Subjects and Objects
    • Privileges: What Subjects Can Do with Objects
    • Data Classification, Categorization, and Access Control
    • Access Control via Formal Security Models
  • Implement And Maintain Authentication Methods
    • Single-Factor/Multifactor Authentication
    • Accountability
    • Single Sign-On
    • Device Authentication
    • Federated Access
  • Support Internetwork Trust Architectures
    • Trust Relationships (One-Way, Two-Way, Transitive)
    • Extranet
    • Third-Party Connections
    • Zero Trust Architectures
  • Participate In The Identity Management Lifecycle
    • Authorization
    • Proofing
    • Provisioning/Deprovisioning
    • Identity and Access Maintenance
    • Entitlement
    • Identity and Access Management Systems
  • Implement Access Controls
    • Mandatory vs. Discretionary Access Control
    • Role-Based
    • Attribute-Based
    • Subject-Based
    • Object-Based

Module 3: Risk Identification, Monitoring, and Analysis

  • Defeating The Kill Chain One Skirmish At A Time
    • Kill Chains: Reviewing the Basics
    • Events vs. Incidents
  • Understand The Risk Management Process
    • Risk Visibility and Reporting
    • Risk Management Concepts
    • Risk Management Frameworks
    • Risk Treatment
  • Perform Security Assessment Activities
    • Security Assessment Workflow Management
    • Participate in Security Testing
    • Interpretation and Reporting of Scanning and Testing Results
    • Remediation Validation
    • Audit Finding Remediation
    • Manage the Architectures: Asset Management and Configuration Control
  • Operate And Maintain Monitoring Systems
    • Events of Interest
    • Logging
    • Source Systems
    • Legal and Regulatory Concerns
  • Analyze Monitoring Results
    • Security Baselines and Anomalies
    • Visualizations, Metrics, and Trends
    • Event Data Analysis
    • Document and Communicate Findings

Module 4: Incident Response and Recovery

  • Support The Incident Lifecycle
    • Think like a Responder
    • Physical, Logical, and Administrative Surfaces
    • Incident Response: Measures of Merit
    • The Lifecycle of a Security Incident
    • Preparation
    • Detection, Analysis, and Escalation
    • Containment
    • Eradication
    • Recovery
    • Lessons Learned; Implementation of New Countermeasures
    • Third-Party Considerations
  • Understand And Support Forensic Investigations
    • Legal and Ethical Principles
    • Logistics Support to Investigations
    • Evidence Handling
    • Evidence Collection
  • Understand And Support Business Continuity Plan And Disaster Recovery Plan Activities
    • Emergency Response Plans and Procedures
    • Interim or Alternate Processing Strategies
    • Restoration Planning
    • Backup and Redundancy Implementation
    • Data Recovery and Restoration
    • Training and Awareness
    • Testing and Drills
  • CIANA+PS At Layer 8 And Above
    • It Is a Dangerous World Out There
    • People Power and Business Continuity

Module 5: Cryptography

  • Understand Fundamental Concepts Of Cryptography
    • Building Blocks of Digital Cryptographic Systems
    • Hashing
    • Salting
    • Symmetric Block and Stream Ciphers
    • Stream Ciphers
    • EU ECRYPT
    • Asymmetric Encryption
    • Elliptical Curve Cryptography
    • Nonrepudiation
    • Digital Certificates
    • Encryption Algorithms
    • Key Strength
  • Cryptographic Attacks, Cryptanalysis, And Countermeasures
    • Cryptologic Hygiene as Countermeasures
    • Common Attack Patterns and Methods
    • Secure Cryptoprocessors, Hardware Security Modules, and Trusted Platform Modules
  • Understand The Reasons And Requirements For Cryptography
    • Confidentiality
    • Integrity and Authenticity
    • Data Sensitivity
    • Availability
    • Nonrepudiation
    • Authentication
    • Privacy
    • Safety
    • Regulatory and Compliance
    • Transparency and Auditability
    • Competitive Edge
  • Understand And Support Secure Protocols
    • Services and Protocols
    • Common Use Cases
    • Deploying Cryptography: Some Challenging Scenarios
    • Limitations and Vulnerabilities
  • Understand Public Key Infrastructure Systems
    • Fundamental Key Management Concepts
    • Hierarchies of Trust
    • Web of Trust

 Module 6: Network and Communications Security

  • Understand And Apply Fundamental Concepts Of Networking
    • Complementary, Not Competing, Frameworks
    • OSI and TCP/IP Models
    • OSI Reference Model
    • TCP/IP Reference Model
    • Converged Protocols
    • Software-Defined Networks
  • IPv4 Addresses, Dhcp, And Subnets
    • IPv4 Address Classes
    • Subnetting in IPv4
    • Running Out of Addresses?
  • IPv4 Vs. IPv6: Key Differences And Options
    • Network Topographies
    • Network Relationships
    • Transmission Media Types
    • Commonly Used Ports and Protocols
  • Understand Network Attacks And Countermeasures
    • CIANA+PS Layer by Layer
    • Common Network Attack Types
    • SCADA, IoT, and the Implications of Multilayer Protocols
  • Manage Network Access Controls
    • Network Access Control and Monitoring
    • Network Access Control Standards and Protocols
    • Remote Access Operation and Configuration
  • Manage Network Security
    • Logical and Physical Placement of Network Devices
    • Segmentation
    • Secure Device Management
  • Operate And Configure Network-Based Security Devices
    • Network Address Translation
    • Additional Security Device Considerations
    • Firewalls and Proxies
    • Network Intrusion Detection/Prevention Systems
    • Security Information and Event Management Systems
    • Routers and Switches
    • Network Security from Other Hardware Devices
    • Traffic-Shaping Devices
  • Operate And Configure Wireless Technologies
    • Wireless: Common Characteristics
    • Bluetooth
    • Near-Field Communications
    • Cellular/Mobile Phone Networks
    • Ad Hoc Wireless Networks
    • Transmission Security
    • Wireless Security Devices

 Module 7: Systems and Application Security

  • Systems And Software Insecurity
    • Software Vulnerabilities Across the Lifecycle
    • Risks of Poorly Merged Systems
    • Hard to Design It Right, Easy to Fix It?
    • Hardware and Software Supply Chain Security
    • Positive and Negative Models for Software Security
    • Is Blocked Listing Dead? Or Dying?
  • Information Security = Information Quality + Information Integrity
    • Data Modeling
    • Preserving Data Across the Lifecycle
  • Identify And Analyze Malicious Code And Activity
    • Malware
    • Malicious Code Countermeasures
    • Malicious Activity
    • Malicious Activity Countermeasures
  • Implement And Operate Endpoint Device Security
    • HIDS
    • Host-Based Firewalls
    • Allowed Lists: Positive Control for App Execution
    • Endpoint Encryption
    • Trusted Platform Module
    • Mobile Device Management
    • Secure Browsing
    • IoT Endpoint Security
    • Endpoint Security: EDR, MDR, XDR, UEM, and Others
  • Operate And Configure Cloud Security
    • Deployment Models
    • Service Models
    • Virtualization
    • Legal and Regulatory Concerns
    • Data Storage and Transmission
    • Third-Party/Outsourcing Requirements
    • Lifecycles in the Cloud
    • Shared Responsibility Model
    • Layered Redundancy as a Survival Strategy
  • Operate And Secure Virtual Environments
    • Hypervisor
    • Virtual Appliances
    • Continuity and Resilience
    • Attacks and Countermeasures
    • Shared Storage
Exclusives: 
  • One year access to the class recording
  • 300+ practice exam questions
  • One year subscription to the CodeRed platform containing thousands of cybersecurity videos
  • Course material accessible in electronic format
  • Certificate of attendance
Prerequisites: 

Knowledge in computer network principles and protocols used for systems communication. An asset would be to have CompTIA Security+ or Network+ certification.

Credentials information: 

Exam characteristics:

  • Preparing for the Systems Security Certified Practitioner (SSCP) certification
  • Cost: 250 USD
  • Questions type: Multiple choices
  • Skills measured
    • 1. Access Controls 16%
    • 2. Security Operations and Administration 15%
    • 3. Risk Identification, Monitoring, and Analysis 15%
    • 4. Incident Response and Recovery 13%
    • 5. Cryptography 10%
    • 6. Network and Communications Security 16%
    • 7. Systems and Application Security 15%
  • Duration: 3 hours
  • Number of questions: 125
  • Language: English
  • Passing score: 700/1000
  • All details...

Contact us for more information on pricing::

Eccentrix
Office: 1-888-718-9732
E-mail: info@eccentrix.ca

130, King Street West, Suite 1800
Toronto, Ontario M5X 1E3
www.eccentrix.ca