logo

Systems Security Certified Practitioner (SSCP) (CS8521)

The Systems Security Certified Practitioner (SSCP) course covers the seven Common Body of Knowledge (CBK) domains designed by (ISC)² to be known by a computer security professional within five days.

The SSCP course is dedicated to IT professionals who are in charge of protecting technology and information. It introduces countermeasures such as firewalls, intrusion detection systems, anti-virus solutions and public key infrastructure (PKI). It prepares for the prestigious SSCP certification.

A preferential rate (-15%) applies to the regular cost for non-profit organizations, as well as the government sector. In addition, you can benefit from additional advantages through a corporate agreement when you need to train several people or teams in your company. Contact us for details.

Public class

Duration: 
5 days / 35 hours

Private class

Virtual classroom
Minimum no. of participants: 5
5 days / 35 hours
Price on request
English or French
Contact us
Training plan: 

Module 1: Access Controls

  • Implement authentication mechanisms
    • Single/multifactor authentication
    • Single sign-on
    • Offline authentication
    • Device authentication
  • Operate internetwork trust architectures
    • One-way trust
    • Two-way trust
    • Transitive trust
  • Administer identity management lifecycle
    • Authorization
    • Proofing
    • Provisioning
    • Maintenance
    • Entitlement
  • Implement access controls
    • Mandatory
    • Non-discretionary
    • Discretionary
    • Role-based
    • Attribute-based

Module 2: Security Operations

  • Understand and comply with Codes of Ethics
    • (ISC)² code of ethics
    • Organizational code of ethics
  • Understand security concepts
    • Confidentiality
    • Integrity
    • Availability
    • Non-repudiation
    • Privacy
    • Least privilege
    • Separation of duties
    • Defense-in-depth
    • Risk-based controls
    • Authorization and accountability
  • Document and operate security controls
    • Deterrent controls
    • Preventative
    • Corrective
  • Participate in asset management
    • Lifecycle
    • Hardware
    • Software
    • Data
  • Implement and assess compilance with controls
    • Technical controls
    • Operational controls
    • Managerial controls
  • Participate in change management duties
    • Implementation and configuration management plan
    • Security impact assessment
    • System architecture/interoperability of systems
    • Testing patches, fixes, and updates
  • Participate in security awareness and training
  • Participate in physical security operations

Module 3: Risk Identification, Monitoring, and Analysis

  • Understand the risk management process
    • Risk management concepts
    • Risk assessment
    • Risk treatment
    • Risk visibility and reporting
    • Audit findings
  • Perform security assessment activities
    • Participation in security and testing results
    • Penetration testing
    • Internal and external assessment
    • Vulnerability scanning
    • Interpretation and reporting of scanning and testing results
  • Operate and maintain monitoring systems
    • Events of interest
    • Logging
    • Source systems
  • Analyze and report monitoring results
    • Security analytics, metrics, and trends
    • Visualization
    • Event data analysis
    • Communicate findings

Module 4: Incident Response and Recovery

  • Incident handling
    • Discovery
    • Escalation
    • Reporting and feedback loops
    • Incident response
    • Implementation of countermeasures
  • Forensic investigations
  • Business continuity planning (BCP) and disaster recovery planning (DRP)
    • Emergency response plans and procedures
    • Interim or alternate processing strategies
    • Restoration planning
    • Backup and redundancy implementation
    • Testing and drills

Module 5: Cryptography

  • Foundamental concepts of cryptography
    • Evaluation of algorithms
    • Hashing
    • Salting
    • Symmetric/asymmetric cryptography
    • Digital signatures
    • Non-repudiation
  • Requirements for cryptography
  • Secure protocols
  • Cryptographic systems
    • Fundamental key management concepts
    • Public key infrastructure
    • Administration and validation
    • Web of Trust
    • Implementation of secure protocols

Module 6: Networks and Communications Security

  • Security issues related to networks
    • OSI and TCP/IP models
    • Network topographies and relationships
    • Commonly used ports and protocols
  • Telecommunications technologies
    • Converged communications
    • VoIP
    • POTS, PBX
    • Cellular
    • Attacks and countermeasures
  • Network access
    • Access control and monitoring
    • Access control standards and protocols
    • Remote Access operation and configuration
    • Attacks and countermeasures
  • LAN-based security
    • Separation of data plane and control plane
    • Segmentation
    • MACsec
  • Secure device management
  • Network-based security devices
    • Firewalls and proxies
    • Network intrusion detection/prevention systems
    • Routers and switches
    • Traffic shaping devices
    • Frameworks for data sharing
  • Wireless technologies
    • Transmission security
    • Wireless security devices
    • Common vulnerabilities and countermeasures

Module 7: Systems and Application Security

  • Identify and analyze malicious code and activity
    • Malicious code
    • Malicious code countermeasures
    • Malicious activity
    • Malicious activity countermeasures
  • Implement and operate end-point device security
    • HIDS
    • Host-based firewalls
    • Application white listing
    • Endpoint encryption
    • Trusted platform module
    • Mobile device management
    • Secure browsing
  • Operate and configure cloud security
    • Operation models
    • Service models
    • Virtualization
    • Legal and privacy concerns
    • Data storage and transmission
    • Third-party/outsourcing implications
  • Secure big data systems
    • Application vulnerabilities
    • Architecture or design vulnerabilities
  • Operate and secure virtual environments
    • Software-defined network (SDN)
    • Hypervisor
    • Virtual appliances
    • Continuity and resilience
    • Attacks and countermeasures
    • Shared storage

Appendix A: Answers to Sample Questions

Appendix B: DNSSEC Walkthrough

Appendix C: Glossary of Terms Related to the SSCP

Exclusives: 
  • One year access to the class recording
  • 300+ practice exam questions
  • One year subscription to the CodeRed platform containing thousands of cybersecurity videos
  • Course material accessible in electronic format
  • Certificate of attendance
View the complete list of exclusives offered for your course
Prerequisites: 

Knowledge in computer network principles and protocols used for systems communication. An asset would be to have CompTIA Security + or Network + certification.

Certification information: 

Exam characteristics:

  • Preparing for the Systems Security Certified Practitioner (SSCP) certification
  • Cost: 250 USD
  • Questions type: Multiple choices
  • Skills measured
    • 1. Access Controls 16%
    • 2. Security Operations and Administration 15%
    • 3. Risk Identification, Monitoring, and Analysis 15%
    • 4. Incident Response and Recovery 13%
    • 5. Cryptography 10%
    • 6. Network and Communications Security 16%
    • 7. Systems and Application Security 15%
  • Duration: 3 hours
  • Number of questions: 125
  • Language: English
  • Passing score: 700/1000
  • All details...
Follow-on trainings: 
Certified Information Systems Security Professional (CISSP) (CS8502)
Certified Cloud Security Professional (CCSP) (CS8527)
Audiences: 
Cyber Defense Specialist
Print

Contact us for more information on pricing::

Eccentrix
Office: 1-888-718-9732
E-mail: info@eccentrix.ca

130, King Street West, Suite 1800
Toronto, Ontario M5X 1E3
www.eccentrix.ca