

SSCP: Systems Security Certified Practitioner
Course Information

Course Name
SSCP: Systems Security Certified Practitioner

Exam code
SSCP

Duration
5 Days
Certification
Overview
The Systems Security Certified Practitioner (SSCP®) provides a comprehensive review of the knowledge required to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability.
This training course will help students review and refresh their knowledge and identify areas they need to study for the SSCP exam. Content aligns with and comprehensively covers the seven domains of the (ISC)² SSCP Common Body of Knowledge (CBK®).
Audience Profile
The SSCP is ideal for IT administrators, managers, directors and network security professionals responsible for the hands-on operational security of their organization’s critical assets, including those in the following positions:
- Network Security Engineer
- Systems Administrator
- Security Analyst
- Systems Engineer
- Security Consultant/Specialist
- Security Administrator
- Systems/Network Analyst
- Database Administrator
- Health Information Manager
- Practice Manager
Prerequisites
This training course is intended for practitioners who have at least one year of cumulative, paid work experience in one or more of the seven domains of the (ISC)2 SSCP CBK and are pursuing SSCP training and certification to acquire the credibility and mobility to advance within their current information security careers.
At Course Completion
After completing this course, the student will be able to:
- Describe security and the alignment of asset management to risk
- Appraise risk management options and the use of access controls to protect assets.
- Examine the field of cryptography to secure information and communication.
- Build a security posture by securing software, data, and
- Apply network and communications security to establish a secure networked environment.
- Evaluate cloud and wireless
- Prepare for incident detection and
- Implement appropriate measures that contribute to the maturation of risk management.
Course Outline
- Comply with Codes of Ethics
- ISC2 Code of Ethics
- Organizational code of ethics
- Understand Security Concepts
- Confidentiality, Integrity, Availability
- Accountability, Non-repudiation
- Least privilege, Segregation of duties
- Identify and Implement Security Controls
- Technical, Physical, and Administrative controls
- Compliance requirements and periodic audits
- Document and Maintain Functional Security Controls
- Deterrent, Preventative, Detective, Corrective, Compensating controls
- Support and Implement Asset Management Lifecycle
- Planning, Design, Development, Acquisition, Implementation, Operation, Maintenance, End of Life, Archival, Retention, Disposal
- Support and Implement Change Management Lifecycle
- Roles, Responsibilities, Processes, Communications, Audit
- Security impact analysis, Configuration management
- Support and Implement Security Awareness and Training
- Social engineering, Phishing, Tabletop exercises, Awareness communications
- Collaborate with Physical Security Operations
- Data center/facility assessment, Badging, Visitor management, Personal device restrictions
- Implement and Maintain Authentication Methods
- Single/Multi-factor authentication (MFA)
- Single sign-on (SSO), Device authentication
- Federated access (e.g., OAuth2, SAML)
- Understand and Support Internetwork Trust Architectures
- Trust relationships, Internet, intranet, extranet, DMZ
- Third-party connections (e.g., API, app extensions, middleware)
- Identify and Assess Security Risks
- Risk assessment methodologies
- Threat, vulnerability, and impact analysis
- Implement and Manage Security Monitoring
- Security monitoring tools and techniques
- Continuous monitoring and reporting
- Conduct Security Audits and Assessments
- Audit planning, execution, and reporting
- Compliance assessments and gap analysis
- Develop and Implement Incident Response Plans
- Incident response lifecycle
- Roles and responsibilities during incidents
- Conduct Forensic Investigations
- Evidence collection and preservation
- Chain of custody and legal considerations
- Implement Business Continuity and Disaster Recovery Plans
- Continuity planning, recovery strategies
- Testing and maintenance of plans
- Understand Cryptographic Concepts
- Symmetric and asymmetric encryption
- Hashing, digital signatures, certificates
- Implement and Manage Cryptographic Solutions
- Key management practices
- Public Key Infrastructure (PKI)
- Ensure Compliance with Cryptographic Standards
- Cryptographic algorithms and protocols
- Regulatory requirements and industry standards
- Implement Secure Network Architecture
- Network segmentation, zoning, and isolation
- Secure network design principles
- Manage Network Security Controls
- Firewalls, intrusion detection/prevention systems (IDS/IPS)
- Virtual Private Networks (VPNs), proxies
- Ensure Secure Communication Channels
- Secure protocols (e.g., SSL/TLS, IPsec)
- Wireless security standards and practices
- Implement Secure Software Development Practices
- Secure coding standards
- Software development life cycle (SDLC)
- Manage Application Security Controls
- Application firewalls, code reviews
- Vulnerability scanning and remediation
- Ensure Secure System Configurations
- System hardening techniques
- Patch management and updates
Overview
Overview
The Systems Security Certified Practitioner (SSCP®) provides a comprehensive review of the knowledge required to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability.
This training course will help students review and refresh their knowledge and identify areas they need to study for the SSCP exam. Content aligns with and comprehensively covers the seven domains of the (ISC)² SSCP Common Body of Knowledge (CBK®).
Audience Profile
Audience Profile
The SSCP is ideal for IT administrators, managers, directors and network security professionals responsible for the hands-on operational security of their organization’s critical assets, including those in the following positions:
- Network Security Engineer
- Systems Administrator
- Security Analyst
- Systems Engineer
- Security Consultant/Specialist
- Security Administrator
- Systems/Network Analyst
- Database Administrator
- Health Information Manager
- Practice Manager
Prerequisities
Prerequisites
This training course is intended for practitioners who have at least one year of cumulative, paid work experience in one or more of the seven domains of the (ISC)2 SSCP CBK and are pursuing SSCP training and certification to acquire the credibility and mobility to advance within their current information security careers.
At Course Completion
At Course Completion
After completing this course, the student will be able to:
- Describe security and the alignment of asset management to risk
- Appraise risk management options and the use of access controls to protect assets.
- Examine the field of cryptography to secure information and communication.
- Build a security posture by securing software, data, and
- Apply network and communications security to establish a secure networked environment.
- Evaluate cloud and wireless
- Prepare for incident detection and
- Implement appropriate measures that contribute to the maturation of risk management.
Course Outline
Course Outline
- Comply with Codes of Ethics
- ISC2 Code of Ethics
- Organizational code of ethics
- Understand Security Concepts
- Confidentiality, Integrity, Availability
- Accountability, Non-repudiation
- Least privilege, Segregation of duties
- Identify and Implement Security Controls
- Technical, Physical, and Administrative controls
- Compliance requirements and periodic audits
- Document and Maintain Functional Security Controls
- Deterrent, Preventative, Detective, Corrective, Compensating controls
- Support and Implement Asset Management Lifecycle
- Planning, Design, Development, Acquisition, Implementation, Operation, Maintenance, End of Life, Archival, Retention, Disposal
- Support and Implement Change Management Lifecycle
- Roles, Responsibilities, Processes, Communications, Audit
- Security impact analysis, Configuration management
- Support and Implement Security Awareness and Training
- Social engineering, Phishing, Tabletop exercises, Awareness communications
- Collaborate with Physical Security Operations
- Data center/facility assessment, Badging, Visitor management, Personal device restrictions
- Implement and Maintain Authentication Methods
- Single/Multi-factor authentication (MFA)
- Single sign-on (SSO), Device authentication
- Federated access (e.g., OAuth2, SAML)
- Understand and Support Internetwork Trust Architectures
- Trust relationships, Internet, intranet, extranet, DMZ
- Third-party connections (e.g., API, app extensions, middleware)
- Identify and Assess Security Risks
- Risk assessment methodologies
- Threat, vulnerability, and impact analysis
- Implement and Manage Security Monitoring
- Security monitoring tools and techniques
- Continuous monitoring and reporting
- Conduct Security Audits and Assessments
- Audit planning, execution, and reporting
- Compliance assessments and gap analysis
- Develop and Implement Incident Response Plans
- Incident response lifecycle
- Roles and responsibilities during incidents
- Conduct Forensic Investigations
- Evidence collection and preservation
- Chain of custody and legal considerations
- Implement Business Continuity and Disaster Recovery Plans
- Continuity planning, recovery strategies
- Testing and maintenance of plans
- Understand Cryptographic Concepts
- Symmetric and asymmetric encryption
- Hashing, digital signatures, certificates
- Implement and Manage Cryptographic Solutions
- Key management practices
- Public Key Infrastructure (PKI)
- Ensure Compliance with Cryptographic Standards
- Cryptographic algorithms and protocols
- Regulatory requirements and industry standards
- Implement Secure Network Architecture
- Network segmentation, zoning, and isolation
- Secure network design principles
- Manage Network Security Controls
- Firewalls, intrusion detection/prevention systems (IDS/IPS)
- Virtual Private Networks (VPNs), proxies
- Ensure Secure Communication Channels
- Secure protocols (e.g., SSL/TLS, IPsec)
- Wireless security standards and practices
- Implement Secure Software Development Practices
- Secure coding standards
- Software development life cycle (SDLC)
- Manage Application Security Controls
- Application firewalls, code reviews
- Vulnerability scanning and remediation
- Ensure Secure System Configurations
- System hardening techniques
- Patch management and updates
