Systems Security Certified Practitioner (SSCP) (CS8521)

La formation Systems Security Certified Practitioner (SSCP) parcourt en cinq jours les sept domaines du Common Body of Knowledge (CBK) conçus par (ISC)² à connaitre par un professionnel de la sécurité informatique.

Le cours SSCP est dédié aux professionnels TI qui sont en charge de protéger la technologie et les informations. Il introduit les contremesures comme les pare-feux, les systèmes de détection d'intrusions, les solutions anti-virus et l'infrastructure de clé publique (PKI). Il prépare à la prestigieuse certification SSCP.

Suivez nos formations en cybersécurité en classe physique (Montréal, Québec, Ottawa) à vos bureaux (en classe privée) ou en ligne en direct (classe virtuelle).

Des tarifs spéciaux pourraient être applicables sur votre inscription (plusieurs participants de la même organisation, secteur gouvernemental, organismes à but non lucratif, etc.) - communiquez avec nous pour en savoir plus.

Classe publique

Montréal
 
À determiner
3150 $
 
Français
Québec
 
À determiner
2950 $
 
Français
Ottawa
 
À determiner
3150 $
 
Français
Classe virtuelle
 
À determiner
3150 $
 
Français
3150$
Durée: 
5 jours / 35 heures

Classe privée

À vos bureaux
5 jours / 35 heures
Prix sur demande
français ou anglais
Plan de formation: 

Module 1: Access Controls

  • Implement authentication mechanisms
    • Single/multifactor authentication
    • Single sign-on
    • Offline authentication
    • Device authentication
  • Operate internetwork trust architectures
    • One-way trust
    • Two-way trust
    • Transitive trust
  • Administer identity management lifecycle
    • Authorization
    • Proofing
    • Provisioning
    • Maintenance
    • Entitlement
  • Implement access controls
    • Mandatory
    • Non-discretionary
    • Discretionary
    • Role-based
    • Attribute-based

Module 2: Security Operations

  • Understand and comply with Codes of Ethics
    • (ISC)² code of ethics
    • Organizational code of ethics
  • Understand security concepts
    • Confidentiality
    • Integrity
    • Availability
    • Non-repudiation
    • Privacy
    • Least privilege
    • Separation of duties
    • Defense-in-depth
    • Risk-based controls
    • Authorization and accountability
  • Document and operate security controls
    • Deterrent controls
    • Preventative
    • Corrective
  • Participate in asset management
    • Lifecycle
    • Hardware
    • Software
    • Data
  • Implement and assess compilance with controls
    • Technical controls
    • Operational controls
    • Managerial controls
  • Participate in change management duties
    • Implementation and configuration management plan
    • Security impact assessment
    • System architecture/interoperability of systems
    • Testing patches, fixes, and updates
  • Participate in security awareness and training
  • Participate in physical security operations

Module 3: Risk Identification, Monitoring, and Analysis

  • Understand the risk management process
    • Risk management concepts
    • Risk assessment
    • Risk treatment
    • Risk visibility and reporting
    • Audit findings
  • Perform security assessment activities
    • Participation in security and testing  results
    • Penetration testing
    • Internal and external assessment
    • Vulnerability scanning
    • Interpretation and reporting of scanning and testing results
  • Operate and maintain monitoring systems
    • Events of interest
    • Logging
    • Source systems
  • Analyze and report monitoring results
    • Security analytics, metrics, and trends
    • Visualization
    • Event data analysis
    • Communicate findings

Module 4: Incident Response and Recovery

  • Incident handling
    • Discovery
    • Escalation
    • Reporting and feedback loops
    • Incident response
    • Implementation of countermeasures
  • Forensic investigations
  • Business continuity planning (BCP) and disaster recovery planning (DRP)
    • Emergency response plans and procedures
    • Interim or alternate processing strategies
    • Restoration planning
    • Backup and redundancy implementation
    • Testing and drills

Module 5: Cryptography

  • Fundamental concepts of cryptography
    • Evaluation of algorithms
    • Hashing
    • Salting
    • Symmetric/asymmetric cryptography
    • Digital signatures
    • Non-repudiation
  • Requirements for cryptography
  • Secure protocols
  • Cryptographic systems
    • Fundamental key management concepts
    • Public key infrastructure
    • Administration and validation
    • Web of Trust
    • Implementation of secure protocols

Module 6: Networks and Communications Security

  • Security issues related to networks
    • OSI and TCP/IP models
    • Network topographies and relationships
    • Commonly used ports and protocols
  • Telecommunications technologies
    • Converged communications
    • VoIP
    • POTS, PBX
    • Cellular
    • Attacks and countermeasures
  • Network access
    • Access control and monitoring
    • Access control standards and protocols
    • Remote Access operation and configuration
    • Attacks and countermeasures
  • LAN-based security
    • Separation of data plane and control plane
    • Segmentation
    • MACsec
  • Secure device management
  • Network-based security devices
    • Firewalls and proxies
    • Network intrusion detection/prevention systems
    • Routers and switches
    • Traffic shaping devices
    • Frameworks for data sharing
  • Wireless technologies
    • Transmission security
    • Wireless security devices
    • Common vulnerabilities and countermeasures

Module 7: Systems and Application Security

  • Identify and analyze malicious code and activity
    • Malicious code
    • Malicious code countermeasures
    • Malicious activity
    • Malicious activity countermeasures
  • Implement and operate end-point device security
    • HIDS
    • Host-based firewalls
    • Application white listing
    • Endpoint encryption
    • Trusted platform module
    • Mobile device management
    • Secure browsing
  • Operate and configure cloud security
    • Operation models
    • Service models
    • Virtualization
    • Legal and privacy concerns
    • Data storage and transmission
    • Third-party/outsourcing implications
  • Secure big data systems
    • Application vulnerabilities
    • Architecture or design vulnerabilities
  • Operate and secure virtual environments
    • Software-defined network (SDN)
    • Hypervisor
    • Virtual appliances
    • Continuity and resilience
    • Attacks and countermeasures
    • Shared storage

Appendix A: Answers to Sample Questions

Appendix B: DNSSEC Walkthrough

Appendix C: Glossary of Terms Related to the SSCP

Exclusivités: 
  • Un an d'accès à l'enregistrement vidéo de votre cours
  • 300+ questions pour pratique à l'examen
  • Matériel de cours accessible au format électronique
  • Certificat de présence
Pré-requis: 

Une connaissance en principes de réseaux informatiques et des protocoles utilisés pour la communication des systèmes. Un atout serait de posséder la certification CompTIA Security+ ou Network+.