Course Overview
The Systems Security Certified Practitioner (SSCP®) is the ideal certification for those with proven technical skills and practical| hands-on security knowledge in operational IT roles. It provides confirmation of a practitioner’s ability to implement| monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality| integrity and availability.
The broad spectrum of topics included in the SSCP body of knowledge ensure its relevancy across all disciplines in the field of information security.
Successful candidates are competent in the following seven domains:
• Security Operations and Administration
• Access Controls
• Risk Identification| Monitoring and Analysis
• Incident Response and Recovery
• Cryptography
• Network and Communications Security
• Systems and Application Security
Learning Objectives
Course Details
Domain 1: Security Operations and Administration
Comply with codes of ethics| » (ISC)² Code of Ethics| Organizational code of ethics
Understand security concepts| Confidentiality| Availability| Accountability | Privacy| Non-repudiation|
Least privilege| Segregation of duties (SoD)
Identify and implement security controls
Technical controls (e.g.| session timeout| password aging)
» Physical controls (e.g.| mantraps| cameras| locks)
Administrative controls (e.g.| security policies| standards| procedures| baselines)
» Assessing compliance| Periodic audit and review
Document and maintain functional security controls
» Deterrent| » Preventative| Detective| Corrective| and Compensating controls|
Participate in asset management lifecycle (hardware| software and data)
» Process| planning| design and initiation
.
Development/Acquisition| Inventory and licensing
Implementation/Assessment| Operation/Maintenance
Archiving and retention requirements
Disposal and destruction
Participate in change management lifecycle
Change management (e.g.| roles| responsibilities| processes)
Security impact analysis| Configuration management (CM)
Participate in implementing security awareness and training (e.g.| social engineering/
Collaborate with physical security operations (e.g.| data center assessment| badging)
Domain 2: Access Controls
Implement and maintain authentication methods
Single/Multi-factor authentication (MFA)
» Single sign-on (SSO) (e.g.| Active Directory Federation Services (ADFS)| OpenID Connect)
Device authentication
Federated access (e.g.| Open Authorization 2 (OAuth2)| Security Assertion Markup Language (SAML))
Support internetwork trust architectures
Trust relationships (e.g.| 1-way| 2-way| transitive| zero)
Internet| intranet and extranet| Third-party connections
Participate in the identity management lifecycle
Authorization| Proofing| Provisioning/De-provisioning| Maintenance| Entitlement
Identity and access management (IAM) systems
Understand and apply access controls|
.
Mandatory| Discretionary | Role-based (e.g.| attribute-| subject-| object-based)| Rule-based
Domain 3: Risk Identification| Monitoring
Understand the risk management process
Risk visibility and reporting (e.g.| risk register| sharing threat intelligence/Indicators of
Risk management concepts (e.g.| impact assessments| threat modelling)
Risk management frameworks (e.g.| International Organization for Standardization (ISO)|
Risk tolerance (e.g.| appetite)
Risk treatment (e.g.| accept| transfer| mitigate| avoid| ignore
Understand legal and regulatory concerns (e.g.| jurisdiction| limitations| privacy)
Participate in security assessment and vulnerability management activities
Security testing| Risk review (e.g.| internal| supplier| architecture| Vulnerability management lifecycle
Operate and monitor security platforms (e.g.| continuous monitoring)
Source systems (e.g.| applications| security appliances| network devices and hosts)
Events of interest (e.g.| anomalies| intrusions| unauthorized changes| compliance monitoring)
.
Log management| Event aggregation and correlation
Analyze monitoring results
Security baselines and anomalies
» Visualizations| metrics| and trends (e.g.| notifications| dashboards| timelines)
Event data analysis
Document and communicate findings (e.g.| escalation)
Domain 4: Incident Response and Recovery
Support incident lifecycle (e.g.| National Institute of Standards and Technology (NIST)|
Preparation| Detection| analysis and escalation
Containment| Eradication| Recovery| Lessons learned/Implementation of new countermeasure
Understand and support forensic investigations
Legal (e.g.| civil| criminal| administrative) and ethical principles
Evidence handling (e.g.| first responder| triage| chain of custody| preservation of scene)
Reporting of analysis
Understand and support business continuity plan (BCP) and disaster recovery plan (DRP)
Emergency response plans and procedures (e.g.| information systems contingency|
Interim or alternate processing strategies| Restoration planning
Backup and redundancy implementation
Testing and drills
Domain 5: Cryptography
Understand reasons and requirements for cryptography
Confidentiality| Integrity and authenticity
Data sensitivity (e.g.| personally identifiable information (PII)| intellectual property (IP)|
Regulatory and industry best practice (e.g.| Payment Card Industry Data Security Standards (PCI-DSS)|
Apply cryptography concepts
Hashing | Salting | Symmetric/Asymmetric encryption/Elliptic curve cryptography (ECC)
Non-repudiation (e.g.| digital signatures/certificates| Hash-based Message Authentication Code (HMAC)|
Strength of encryption algorithms and keys (e.g.| Advanced Encryption Standards (AES)|
Cryptographic attacks| cryptanalysis| and countermeasures (e.g.| quantum computing)
.
Understand and implement secure protocols
Services and protocols (e.g.| Internet Protocol Security (IPsec)| Transport Layer Security
Common use cases| Limitations and vulnerabilities
Understand and support public key infrastructure (PKI) systems
Web of Trust (WOT) (e.g.| Pretty Good Privacy (PGP)| GNU Privacy Guard (GPG)| blockchain)
Domain 6: Network and Communications Security
Understand and apply fundamental concepts of networking
Open Systems Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP)
Network topologies| Network relationships (e.g.| peer-to-peer (P2P)|
Transmission media types (e.g.| wired| wireless
Software-defined networking (SDN) (e.g.| Software-Defined Wide Area Network (SD-WAN)|
Commonly used ports and protocols
.
Understand network attacks (e.g.| distributed denial of service (DDoS)| man-in-the-middle
Manage network access controls
Network access controls| standards and protocols (e.g.| Institute of Electrical and Electronics Engineers
(IEEE) 802.1X| Remote Authentication Dial-In User Service (RADIUS)| Terminal Access Controller| Control System Plus (TACACS+))
Remote access operation and configuration (e.g.| thin client| virtual private network (VPN))
Manage network security| Logical and physical placement of network devices (e.g.| inline| passive| virtual)
Segmentation (e.g.| physical/logical| data/control plane| virtual local area network (VLAN)| access control list (ACL)| firewall zones| micro-segmentation) Secure device management
Operate and configure network-based security devices
Firewalls and proxies (e.g.| filtering methods| web application firewall (WAF)) Intrusion detection systems (IDS) and intrusion prevention systems (IPS)
Routers and switches| Traffic-shaping devices (e.g.| wide area network (WAN) optimization| load balancing)
Secure wireless communications| Technologies (e.g.| cellular network| Wi-Fi| Bluetooth| Near-Field Communication (NFC))
Authentication and encryption protocols (e.g.| Wired Equivalent Privacy (WEP)| Wi-Fi Protected Access| Internet of Things (IoT)
Domain 7: Systems and Application Security
Identify and analyze malicious code and activity
Malware (e.g.| rootkits| spyware| scareware|
Malware countermeasures (e.g.| scanners| antimalware| code signing)
Malicious activity (e.g.| insider threat| data
Malicious activity countermeasures (e.g.|
Social engineering (e.g.| phishing|
Behavior analytics (e.g.| machine learning|
Implement and operate endpoint device security
Host-based intrusion prevention system (HIPS)
Host-based firewalls| Application whitelisting
Endpoint encryption (e.g.| whole disk
Trusted Platform Module (TPM)| Secure browsing| Endpoint Detection and Response (EDR)
.
Administer Mobile Device Management (MDM)
Provisioning techniques (e.g.| corporate owned|
Containerization| Encryption| Mobile application management (MAM)
Understand and configure cloud security
Deployment models (e.g.| public| private| hybrid|
Service models (e.g.| Infrastructure as a Service
Virtualization (e.g.| hypervisor| Legal and regulatory concerns (e.g.| privacy| surveillance| data ownership| jurisdiction| eDiscovery)
Data storage| processing| and transmission (e.g.|
Third-party/outsourcing requirements (e.g.| service-level agreement (SLA)| data portability| data
Shared responsibility mode| Operate and maintain secure virtual environments
Hypervisor| Virtual appliances| Containers
Continuity and resilience| Attacks and countermeasures| Shared storage
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):