Systems Security Certified Practitioner (SSCP)

Course Details
Domain 1: Security Operations and Administration
Comply with codes of ethics| » (ISC)² Code of Ethics| Organizational code of ethics
Understand security concepts| Confidentiality| Availability| Accountability | Privacy| Non-repudiation|
Least privilege| Segregation of duties (SoD)
Identify and implement security controls
Technical controls (e.g.| session timeout| password aging)
» Physical controls (e.g.| mantraps| cameras| locks)
Administrative controls (e.g.| security policies| standards| procedures| baselines)
» Assessing compliance| Periodic audit and review
Document and maintain functional security controls
» Deterrent| » Preventative| Detective| Corrective| and Compensating controls|
Participate in asset management lifecycle (hardware| software and data)
» Process| planning| design and initiation
.
Development/Acquisition| Inventory and licensing
Implementation/Assessment| Operation/Maintenance
Archiving and retention requirements
Disposal and destruction
Participate in change management lifecycle
Change management (e.g.| roles| responsibilities| processes)
Security impact analysis| Configuration management (CM)
Participate in implementing security awareness and training (e.g.| social engineering/
Collaborate with physical security operations (e.g.| data center assessment| badging)
Domain 2: Access Controls
Implement and maintain authentication methods
Single/Multi-factor authentication (MFA)
» Single sign-on (SSO) (e.g.| Active Directory Federation Services (ADFS)| OpenID Connect)
Device authentication
Federated access (e.g.| Open Authorization 2 (OAuth2)| Security Assertion Markup Language (SAML))
Support internetwork trust architectures
Trust relationships (e.g.| 1-way| 2-way| transitive| zero)
Internet| intranet and extranet| Third-party connections
Participate in the identity management lifecycle
Authorization| Proofing| Provisioning/De-provisioning| Maintenance| Entitlement
Identity and access management (IAM) systems
Understand and apply access controls|
.
Mandatory| Discretionary | Role-based (e.g.| attribute-| subject-| object-based)| Rule-based
Domain 3: Risk Identification| Monitoring
Understand the risk management process
Risk visibility and reporting (e.g.| risk register| sharing threat intelligence/Indicators of
Risk management concepts (e.g.| impact assessments| threat modelling)
Risk management frameworks (e.g.| International Organization for Standardization (ISO)|
Risk tolerance (e.g.| appetite)
Risk treatment (e.g.| accept| transfer| mitigate| avoid| ignore
Understand legal and regulatory concerns (e.g.| jurisdiction| limitations| privacy)
Participate in security assessment and vulnerability management activities
Security testing| Risk review (e.g.| internal| supplier| architecture| Vulnerability management lifecycle
Operate and monitor security platforms (e.g.| continuous monitoring)
Source systems (e.g.| applications| security appliances| network devices and hosts)
Events of interest (e.g.| anomalies| intrusions| unauthorized changes| compliance monitoring)
.
Log management| Event aggregation and correlation
Analyze monitoring results
Security baselines and anomalies
» Visualizations| metrics| and trends (e.g.| notifications| dashboards| timelines)
Event data analysis
Document and communicate findings (e.g.| escalation)
Domain 4: Incident Response and Recovery
Support incident lifecycle (e.g.| National Institute of Standards and Technology (NIST)|
Preparation| Detection| analysis and escalation
Containment| Eradication| Recovery| Lessons learned/Implementation of new countermeasure
Understand and support forensic investigations
Legal (e.g.| civil| criminal| administrative) and ethical principles
Evidence handling (e.g.| first responder| triage| chain of custody| preservation of scene)
Reporting of analysis
Understand and support business continuity plan (BCP) and disaster recovery plan (DRP)
Emergency response plans and procedures (e.g.| information systems contingency|
Interim or alternate processing strategies| Restoration planning
Backup and redundancy implementation
Testing and drills
Domain 5: Cryptography
Understand reasons and requirements for cryptography
Confidentiality| Integrity and authenticity
Data sensitivity (e.g.| personally identifiable information (PII)| intellectual property (IP)|
Regulatory and industry best practice (e.g.| Payment Card Industry Data Security Standards (PCI-DSS)|
Apply cryptography concepts
Hashing | Salting | Symmetric/Asymmetric encryption/Elliptic curve cryptography (ECC)
Non-repudiation (e.g.| digital signatures/certificates| Hash-based Message Authentication Code (HMAC)|
Strength of encryption algorithms and keys (e.g.| Advanced Encryption Standards (AES)|
Cryptographic attacks| cryptanalysis| and countermeasures (e.g.| quantum computing)
.
Understand and implement secure protocols
Services and protocols (e.g.| Internet Protocol Security (IPsec)| Transport Layer Security
Common use cases| Limitations and vulnerabilities
Understand and support public key infrastructure (PKI) systems
Web of Trust (WOT) (e.g.| Pretty Good Privacy (PGP)| GNU Privacy Guard (GPG)| blockchain)
Domain 6: Network and Communications Security
Understand and apply fundamental concepts of networking
Open Systems Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP)
Network topologies| Network relationships (e.g.| peer-to-peer (P2P)|
Transmission media types (e.g.| wired| wireless
Software-defined networking (SDN) (e.g.| Software-Defined Wide Area Network (SD-WAN)|
Commonly used ports and protocols
.
Understand network attacks (e.g.| distributed denial of service (DDoS)| man-in-the-middle
Manage network access controls
Network access controls| standards and protocols (e.g.| Institute of Electrical and Electronics Engineers
(IEEE) 802.1X| Remote Authentication Dial-In User Service (RADIUS)| Terminal Access Controller| Control System Plus (TACACS+))
Remote access operation and configuration (e.g.| thin client| virtual private network (VPN))
Manage network security| Logical and physical placement of network devices (e.g.| inline| passive| virtual)
Segmentation (e.g.| physical/logical| data/control plane| virtual local area network (VLAN)| access control list (ACL)| firewall zones| micro-segmentation) Secure device management
Operate and configure network-based security devices
Firewalls and proxies (e.g.| filtering methods| web application firewall (WAF)) Intrusion detection systems (IDS) and intrusion prevention systems (IPS)
Routers and switches| Traffic-shaping devices (e.g.| wide area network (WAN) optimization| load balancing)
Secure wireless communications| Technologies (e.g.| cellular network| Wi-Fi| Bluetooth| Near-Field Communication (NFC))
Authentication and encryption protocols (e.g.| Wired Equivalent Privacy (WEP)| Wi-Fi Protected Access| Internet of Things (IoT)
Domain 7: Systems and Application Security
Identify and analyze malicious code and activity
Malware (e.g.| rootkits| spyware| scareware|
Malware countermeasures (e.g.| scanners| antimalware| code signing)
Malicious activity (e.g.| insider threat| data
Malicious activity countermeasures (e.g.|
Social engineering (e.g.| phishing|
Behavior analytics (e.g.| machine learning|
Implement and operate endpoint device security
Host-based intrusion prevention system (HIPS)
Host-based firewalls| Application whitelisting
Endpoint encryption (e.g.| whole disk
Trusted Platform Module (TPM)| Secure browsing| Endpoint Detection and Response (EDR)
.
Administer Mobile Device Management (MDM)
Provisioning techniques (e.g.| corporate owned|
Containerization| Encryption| Mobile application management (MAM)
Understand and configure cloud security
Deployment models (e.g.| public| private| hybrid|
Service models (e.g.| Infrastructure as a Service
Virtualization (e.g.| hypervisor| Legal and regulatory concerns (e.g.| privacy| surveillance| data ownership| jurisdiction| eDiscovery)
Data storage| processing| and transmission (e.g.|
Third-party/outsourcing requirements (e.g.| service-level agreement (SLA)| data portability| data
Shared responsibility mode| Operate and maintain secure virtual environments
Hypervisor| Virtual appliances| Containers
Continuity and resilience| Attacks and countermeasures| Shared storage