Training plan
Module 1: Security Operations and Administration
- Comply With Codes Of Ethics
- Understand, Adhere to, and Promote Professional Ethics
(ISC)² Code of Ethics - Organizational Code of Ethics
- Understand Security Concepts
- Conceptual Models for Information Security
- Confidentiality
- Integrity
- Availability
- Accountability
- Privacy
- Nonrepudiation
- Authentication
- Safety
- Fundamental Security Control Principles
- Access Control and Need-to-Know
- Job Rotation and Privilege Creep
- Document, Implement, And Maintain Functional Security
- Controls
- Deterrent Controls
- Preventative Controls
- Detective Controls
- Corrective Controls
- Compensating Controls
- The Lifecycle of a Control
- Participate In Asset Management
- Asset Inventory
- Lifecycle (Hardware, Software, and Data)
- Hardware Inventory
- Software Inventory and Licensing
- Data Storage
- Implement Security Controls And Assess Compliance
- Technical Controls
- Physical Controls
- Administrative Controls
- Periodic Audit and Review
- Participate In Change Management
- Execute Change Management Process
- Identify Security Impact
- Identify Security Impact
- Participate In Security Awareness And Training
- Security Awareness Overview
- Competency as the Criterion
- Build a Security Culture, One Awareness Step at a Time
- Participate In Physical Security Operations
- Physical Access Control
- The Data Center
- Service Level Agreements
Module 2: Access Controls
- Access Control Concepts
- Subjects and Objects
- Privileges: What Subjects Can Do with Objects
- Data Classification, Categorization, and Access Control
- Access Control via Formal Security Models
- Implement And Maintain Authentication Methods
- Single-Factor/Multifactor Authentication
- Accountability
- Single Sign-On
- Device Authentication
- Federated Access
- Support Internetwork Trust Architectures
- Trust Relationships (One-Way, Two-Way, Transitive)
- Extranet
- Third-Party Connections
- Zero Trust Architectures
- Participate In The Identity Management Lifecycle
- Authorization
- Proofing
- Provisioning/Deprovisioning
- Identity and Access Maintenance
- Entitlement
- Identity and Access Management Systems
- Implement Access Controls
- Mandatory vs. Discretionary Access Control
- Role-Based
- Attribute-Based
- Subject-Based
- Object-Based
Module 3: Risk Identification, Monitoring, and Analysis
- Defeating The Kill Chain One Skirmish At A Time
- Kill Chains: Reviewing the Basics
- Events vs. Incidents
- Understand The Risk Management Process
- Risk Visibility and Reporting
- Risk Management Concepts
- Risk Management Frameworks
- Risk Treatment
- Perform Security Assessment Activities
- Security Assessment Workflow Management
- Participate in Security Testing
- Interpretation and Reporting of Scanning and Testing Results
- Remediation Validation
- Audit Finding Remediation
- Manage the Architectures: Asset Management and Configuration Control
- Operate And Maintain Monitoring Systems
- Events of Interest
- Logging
- Source Systems
- Legal and Regulatory Concerns
- Analyze Monitoring Results
- Security Baselines and Anomalies
- Visualizations, Metrics, and Trends
- Event Data Analysis
- Document and Communicate Findings
Module 4: Incident Response and Recovery
- Support The Incident Lifecycle
- Think like a Responder
- Physical, Logical, and Administrative Surfaces
- Incident Response: Measures of Merit
- The Lifecycle of a Security Incident
- Preparation
- Detection, Analysis, and Escalation
- Containment
- Eradication
- Recovery
- Lessons Learned; Implementation of New Countermeasures
Third-Party Considerations - Understand And Support Forensic Investigations
- Legal and Ethical Principles
- Logistics Support to Investigations
- Evidence Handling
- Evidence Collection
- Understand And Support Business Continuity Plan And Disaster Recovery Plan Activities
- Emergency Response Plans and Procedures
- Interim or Alternate Processing Strategies
- Restoration Planning
- Backup and Redundancy Implementation
- Data Recovery and Restoration
- Training and Awareness
- Testing and Drills
- CIANA+PS At Layer 8 And Above
- It Is a Dangerous World Out There
- People Power and Business Continuity
Module 5: Cryptography
- Understand Fundamental Concepts Of Cryptography
- Building Blocks of Digital Cryptographic Systems
- Hashing
- Salting
- Symmetric Block and Stream Ciphers
- Stream Ciphers
- EU ECRYPT
- Asymmetric Encryption
- Elliptical Curve Cryptography
- Nonrepudiation
- Digital Certificates
- Encryption Algorithms
- Key Strength
- Cryptographic Attacks, Cryptanalysis, And
- Countermeasures
- Cryptologic Hygiene as Countermeasures
- Common Attack Patterns and Methods
- Secure Cryptoprocessors, Hardware Security Modules, and Trusted Platform Modules
- Understand The Reasons And Requirements For
- Cryptography
- Confidentiality
- Integrity and Authenticity
- Data Sensitivity
- Availability
- Nonrepudiation
- Authentication
- Privacy
- Safety
- Regulatory and Compliance
- Transparency and Auditability
- Competitive Edge
- Understand And Support Secure Protocols
- Services and Protocols
- Common Use Cases
- Deploying Cryptography: Some Challenging Scenarios Limitations and Vulnerabilities
- Understand Public Key Infrastructure Systems
- Fundamental Key Management Concepts
- Hierarchies of Trust
- Web of Trust
Module 6: Network and Communications Security
- Understand And Apply Fundamental Concepts Of
- Networking
- Complementary, Not Competing, Frameworks
- OSI and TCP/IP Models
- OSI Reference Model
- TCP/IP Reference Model
- Converged Protocols
- Software-Defined Networks
- IPv4 Addresses, Dhcp, And Subnets
- IPv4 Address Classes
- Subnetting in IPv4
- Running Out of Addresses?
- IPv4 Vs. IPv6: Key Differences And Options
- Network Topographies
- Network Relationships
- Transmission Media Types
- Commonly Used Ports and Protocols
- Understand Network Attacks And Countermeasures
- CIANA+PS Layer by Layer
- Common Network Attack Types
- SCADA, IoT, and the Implications of Multilayer Protocols
- Manage Network Access Controls
- Network Access Control and Monitoring
- Network Access Control Standards and Protocols
- Remote Access Operation and Configuration
- Manage Network Security
- Logical and Physical Placement of Network Devices
- Segmentation
- Secure Device Management
- Operate And Configure Network-Based Security Devices
- Network Address Translation
- Additional Security Device Considerations
- Firewalls and Proxies
- Network Intrusion Detection/Prevention Systems
- Security Information and Event Management Systems
- Routers and Switches
- Network Security from Other Hardware Devices
- Traffic-Shaping Devices
- Operate And Configure Wireless Technologies
- Wireless: Common Characteristics
- Bluetooth
- Near-Field Communications
- Cellular/Mobile Phone Networks
- Ad Hoc Wireless Networks
- Transmission Security
- Wireless Security Devices
Module 7: Systems and Application Security
- Systems And Software Insecurity
- Software Vulnerabilities Across the Lifecycle
- Risks of Poorly Merged Systems
- Hard to Design It Right, Easy to Fix It?
- Hardware and Software Supply Chain Security
- Positive and Negative Models for Software Security
- Is Blocked Listing Dead? Or Dying?
- Information Security = Information Quality + Information
- Integrity
- Data Modeling
- Preserving Data Across the Lifecycle
- Identify And Analyze Malicious Code And Activity
- Malware
- Malicious Code Countermeasures
- Malicious Activity
- Malicious Activity Countermeasures
- Implement And Operate Endpoint Device Security
- HIDS
- Host-Based Firewalls
- Allowed Lists: Positive Control for App Execution
- Endpoint Encryption
- Trusted Platform Module
- Mobile Device Management
- Secure Browsing
- IoT Endpoint Security
- Endpoint Security: EDR, MDR, XDR, UEM, and Others
- Operate And Configure Cloud Security
- Deployment Models
- Service Models
- Virtualization
- Legal and Regulatory Concerns
- Data Storage and Transmission
- Third-Party/Outsourcing Requirements
- Lifecycles in the Cloud
- Shared Responsibility Model
- Layered Redundancy as a Survival Strategy
- Operate And Secure Virtual Environments
- Hypervisor
- Virtual Appliances
- Continuity and Resilience
- Attacks and Countermeasures
- Shared Storage
Recommended Prerequisite Knowledge
- Basic Understanding of Information Security: Participants should have a foundational knowledge of information security concepts, including risk management, access control, and security operations.
- Experience in IT or Related Fields: While not strictly mandatory, it is beneficial to have at least one year of cumulative work experience in one or more of the seven SSCP domains, such as access controls, security operations and administration, risk identification and analysis, incident response and recovery, cryptography, network and communications security, and systems and application security.
- Familiarity with Networking and IT Infrastructure: A basic understanding of networking principles (TCP/IP, firewalls, VPNs) and IT infrastructure is recommended to grasp the more technical aspects of the course.
- Interest in Cybersecurity: A strong interest in learning about cybersecurity practices and the desire to build a career in information security is essential.
- No Certification Required: Unlike other advanced certifications, there are no formal certification prerequisites to attend the SSCP class, making it accessible to a wider range of IT professionals.
These prerequisites are designed to ensure that participants are prepared to engage with the course material and apply what they learn effectively.
Credentials and certification
Exam features
- Preparation for the Systems Security Certified Practitioner (SSCP) certification
- Cost: 250 USD
- Questions Format: Multiple choice
- Duration: 3 hours
- Number of Questions: 125
- Passing Score: 700/1000
Exam topics
- Access Controls
- Security Operations and Administration
- Risk Identification, Monitoring, and Analysis
- Incident Response and Recovery
- Cryptography
- Network and Communications Security
- Systems and Application Security
Eccentrix Corner article/publication
Systems Security Certified Practitioner (SSCP) (CS8521)
The Systems Security Certified Practitioner (SSCP) (CS8521) training is tailored for IT professionals who seek to develop and validate their skills in operational security. This globally recognized certification, offered by (ISC)², demonstrates your proficiency in implementing, monitoring, and managing IT security measures. The training covers seven essential domains of security, equipping participants with a comprehensive understanding of key cybersecurity principles.
Through interactive sessions and practical exercises, participants are prepared to excel in their roles and successfully achieve the SSCP certification. This credential establishes your expertise in the field of IT security operations.
Why Choose the SSCP Certification Training?
Organizations face growing security challenges that require skilled professionals to safeguard IT systems and protect critical data. The SSCP certification validates your operational security expertise and enhances your ability to manage, monitor, and administer secure systems.
This training equips you with the skills to excel in roles such as systems administrator, security analyst, and network administrator. Earning the SSCP credential positions you as a trusted professional in the dynamic field of cybersecurity.
Key Skills Developed in the Training
Comprehensive understanding of operational security
Master the seven domains of the SSCP Common Body of Knowledge (CBK), including access controls, security operations, and cryptography.Incident response and disaster recovery
Learn to respond effectively to security incidents and design robust recovery plans to minimize operational downtime.System and network security administration
Gain expertise in managing and securing IT infrastructures to protect against evolving cyber threats.Security monitoring and auditing
Develop the skills to monitor systems, conduct audits, and ensure compliance with security policies.Preparation for the SSCP certification exam
Acquire the knowledge and confidence to succeed in the SSCP certification exam, demonstrating your proficiency in IT security.
Interactive Training by Certified Experts
The SSCP training is delivered by certified instructors with extensive experience in IT security operations. Participants benefit from hands-on labs, real-world scenarios, and case studies that bridge theoretical knowledge with practical applications.
Who Should Attend?
This training is ideal for:
- IT professionals responsible for securing IT systems and networks
- Security analysts managing operational security measures
- Systems administrators seeking advanced knowledge in IT security
- Individuals preparing for the SSCP certification exam
Advance Your Career with SSCP Certification
The Systems Security Certified Practitioner (SSCP) (CS8521) training equips you with the skills and knowledge to excel in IT security operations. Enroll today to earn a globally recognized certification and elevate your career in cybersecurity.
Frequently asked questions - SSCP certification training (FAQ)
What topics are covered in the SSCP training?
The training includes access controls, cryptography, risk management, incident response, and security operations.
What are the prerequisites for the SSCP certification?
Candidates should have at least one year of professional experience in one or more of the seven domains of the SSCP CBK.
What are the benefits of earning the SSCP certification?
The certification validates your expertise in IT security operations, enhancing career prospects in cybersecurity.
Who recognizes the SSCP certification?
The SSCP is globally recognized and valued by organizations across various industries.
Is this training aligned with the SSCP certification exam?
Yes, the course content is fully aligned with the objectives of the SSCP certification exam.