Course Overview
The Systems Security Certified Practitioner (SSCP) is the ideal certification for those with proven technical skills and practical, hands-on security knowledge in operational IT roles. It provides confirmation of a practitioner’s ability to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability.
Who should attend
The SSCP is ideal for IT administrators, managers, directors and network security professionals responsible for the hands-on operational security of their organization’s critical assets, including those in the following positions:
- Network Security Engineer
- Systems Administrator
- Security Analyst
- Systems Engineer
- Security Consultant/Specialist
- Security Administrator
- Systems/Network Analyst
- Database Administrator
- Health Information Manager
- Practice Manager
Certifications
This course is part of the following Certifications:
Prerequisites
Candidates must have a minimum of 1 year cumulative work experience in 1 or more of the 7 domains of the SSCP CBK. A 1 year prerequisite pathway will be granted for candidates who received a degree (bachelors or masters) in a cybersecurity program.
A candidate that doesn’t have the required experience to become an SSCP may become an Associate of ISC2 by successfully passing the SSCP examination. The Associate of ISC2 will then have 2 years to earn the 1 year required experience.
Outline: Systems Security Certified Practitioner (SSCP)
Domain 1: Security Operations and Administration
- Comply with codes of ethics
- Understand security concepts
- Identify and implement security controls
- Document and maintain functional security controls
- Participate in asset management lifecycle
- Participate in change management lifecycle
- Participate in implementing security awareness and training
- Collaborate with physical security operations
Domain 2: Access Controls
- Implement and maintain authentication methods
- Support internetwork trust architectures
- Participate in the identity management lifecycle
- Understand and apply access controls
Domain 3: Risk Identification, Monitoring, and Analysis
- Understand the risk management process
- Understand legal and regulatory concerns
- Participate in security assessment and vulnerability management activities
- Operate and monitor security platforms
- Analyze monitoring results
Domain 4: Incident Response and Recovery
- Support incident lifecycle
- Understand and support forensic investigations
- Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) activities
Domain 5: Cryptography
- Understand cryptography
- Apply cryptography concepts
- Understand and implement secure protocols
- Understand Public Key Infrastructure (PKI) systems
Domain 6: Network and Communication Security
- Understand and apply fundamental concepts of networking
- Understand network attacks and countermeasures (e.g., DDoS, man-in-the-middle, DNS poisoning)
- Manage network access controls
- Manage network security
- Operate and configure network-based security devices
- Secure wireless communications
Domain 7: Systems and Application Security
- Identify and analyze malicious code and activity
- Implement and operate endpoint device security
- Administer Mobile Device Management (MDM)
- Understand and configure cloud security
- Operate and maintain secure virtual environments