Systems Security Certified Practitioner (SSCP)
One of the best ways to further your career and strengthen the security of your company’s vital resources is to obtain a globally recognized IT security administration and operations certification, such as the SSCP. SSCP certification proves you have the advanced technical skills and knowledge to develop, manage and operate IT infrastructure utilizing security best practices, policies and procedures established by the cybersecurity experts at ISC2. Demonstrate your abilities, grow professionally, and win the backing of a network of top cybersecurity experts who are here to guide you all the way through your career.
Overview
An essential training program for IT workers looking to demonstrate their expertise in security is the SSCP course. In order to guarantee data confidentiality, integrity, and availability, this course gives students the skills they need to deploy, oversee, and manage IT infrastructure in compliance with accepted cybersecurity policies and procedures. Access controls, risk identification, incident response, cryptography, network security, and systems and application security are just a few of the security operations topics covered in the program. People who earn the SSCP Certification show that they have the technical know-how to address operational security issues and follow best practices. It offers a thorough understanding required to defend enterprises against cyber attacks and is a great first step for individuals hoping to pursue a career in cybersecurity.
What you will Learn in this Systems Security Certified Practitioner (SSCP) Course?
- Understand and apply various authentication methods to maintain secure access and identity management processes.
- Develop and support internetwork trust architectures and manage access control mechanisms effectively.
- Comprehend and implement ethical codes in security operations, ensuring compliance with industry standards.
- Document, implement, and maintain security controls while engaging in asset and change management processes.
- Conduct risk assessments, operate continuous monitoring systems, and analyze security data to mitigate threats.
- Support the incident response lifecycle, including forensic investigations, business continuity, and disaster recovery planning.
- Grasp fundamental and advanced concepts of cryptography, secure protocols, and Public Key Infrastructure (PKI).
- Understand networking principles, manage network security, and deploy countermeasures against network attacks.
- Secure communication technologies, including wireless network configurations and network-based security devices.
- Identify and mitigate risks associated with malicious code, secure endpoints, cloud environments, and virtual systems.
Who should take up this Systems Security Certified Practitioner (SSCP) Course?
- IT Security Analysts
- Network Security Engineers
- Systems Administrators
- Security Administrators
- Security Consultants/Specialists
- IT Auditors
- Information Security Officers
- IT/Security Practitioners
- Systems Analysts
- Database Administrators
- Government or military IT professionals and contractors
- Incident Response Handlers
- Risk/Threat/Vulnerability Analysts
- Security Operations Center (SOC) staff
Our Package
Domain 1: Access Controls
1. Implement and maintain authentication methods
• Single/multifactor authentication
• Single sign-on
• Device authentication
• Federated access
2. Support internetwork trust architectures
• Trust relationships (e.g., 1-way, 2-way, transitive)
• Extranet
• Third party connections
3. Participate in the identity management lifecycle
• Authorization
• Proofing
• Provisioning/de-provisioning
• Maintenance
• Entitlement
• Identity and Access Management (IAM) systems
4. Implement access controls
• Mandatory
• Non-discretionary
• Discretionary
• Role-based
• Attribute-based
• Subject-based
• Object-based
Domain 2: Security Operations and Administration
1. Comply with codes of ethics
• (ISC)² Code of Ethics
• Organizational code of ethics
2. Understand security concepts
• Confidentiality
• Integrity
• Availability
• Accountability
• Privacy
• Non-repudiation
• Least privilege
• Separation of duties
3. Document, implement, and maintain functional security controls
• Deterrent controls
• Preventative controls
• Detective controls
• Corrective controls
• Compensating controls
4. Participate in asset management
• Lifecycle (hardware, software, and data)
• Hardware inventory
• Software inventory and licensing
• Data storage
5. Implement security controls and assess compliance
• Technical controls (e.g., session timeout, password aging)
• Physical controls (e.g., mantrap, cameras, locks)
• Administrative controls (e.g., security policies and standards, procedures, baselines)
• Periodic audit and review
6. Participate in change management
• Execute change management process
• Identify security impact
• Testing /implementing patches, fixes, and updates (e.g., operating system, applications, SDLC)
• Participate in security awareness and training
Domain 3: Risk Identification, Monitoring,and Analysis
1. Understand the risk management process
• Risk visibility and reporting (e.g., risk register, sharing threat intelligence, Common Vulnerability
Scoring System
• (CVSS))
• Risk management concepts (e.g., impact assessments, threat modelling, Business Impact Analysis
(BIA))
• Risk management frameworks (e.g., ISO, NIST)
• Risk treatment (e.g., accept, transfer, mitigate, avoid, recast)
2. Perform security assessment activities
• Participate in security testing
• Interpretation and reporting of scanning and testing results
• Remediation validation
• Audit finding remediation
3. Operate and maintain monitoring systems (e.g., continuous monitoring)
• Events of interest (e.g., anomalies, intrusions, unauthorized changes, compliance monitoring)
• Logging
• Source systems
• Legal and regulatory concerns (e.g., jurisdiction, limitations, privacy)
4. Analyze monitoring results
• Security baselines and anomalies
• Visualizations, metrics, and trends (e.g., dashboards, timelines)
• Event data analysis
• Document and communicate findings (e.g., escalation)
Domain 4: Incident Response and Recovery
1. Support incident lifecycle
• Preparation
• Detection, analysis, and escalation
• Containment
• Eradication
• Recovery
• Lessons learned/implementation of new countermeasure
2. Understand and support forensic investigations
• Legal and ethical principles
• Evidence handling (e.g., first responder, triage, chain of custody, preservation of scene)
3. Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) activities
• Emergency response plans and procedures (e.g., information system contingency plan)
• Interim or alternate processing strategies
• Restoration planning
• Backup and redundancy implementation
• Testing and drills
Domain 5: Cryptography
1. Understand fundamental concepts of cryptography
• Hashing
• Salting
• Symmetric/asymmetric encryption/Elliptic Curve Cryptography (ECC)
• Non-repudiation (e.g., digital signatures/ certificates, HMAC, audit trail)
• Encryption algorithms (e.g., AES, RSA)
• Key strength (e.g., 256, 512, 1024, 2048-bit keys)
• Cryptographic attacks, cryptanalysis, and counter measures
2. Understand reasons and requirements for cryptography
• Confidentiality
• Integrity and authenticity
• Data sensitivity (e.g., PII, intellectual property, PHI)
• Regulatory
3. Understand and support secure protocols
• Services and protocols (e.g., IPSec, TLS, S/MIME, DKIM)
• Common use cases
• Limitations and vulnerabilities
4. Understand Public Key Infrastructure (PKI) systems Fundamental key management concepts (e.g., key rotation, key composition, key creation, exchange, revocation,
• escrow)
• Web of Trust (WOT) (e.g., PGP, GPG)
Domain 6: Network and Communications Security
1. Understand and apply fundamental concepts of networking
• OSI and TCP/IP models
• Network topographies (e.g., ring, star, bus, mesh, tree)
• Network relationships (e.g., peer to peer, client server)
• Transmission media types (e.g., fiber, wired, wireless)
• Commonly used ports and protocols
2. Understand network attacks and countermeasures (e.g., DDoS, man-in-the-middle, DNS poisoning)
3. Manage network access controls
• Network access control and monitoring (e.g., remediation, quarantine, admission)
• Network access control standards and protocols (e.g., IEEE 802.1X, Radius, TACACS)
• Remote access operation and configuration (e.g., thin client, SSL VPN, IPSec VPN, telework)
4. Manage network security
• Logical and physical placement of network devices (e.g., inline, passive)
• Segmentation (e.g., physical/logical, data/control plane, VLAN, ACLs)
• Secure device management
5. Operate and configure network-based security devices
• Firewalls and proxies (e.g., filtering methods)
• Network intrusion detection/prevention systems
• Routers and switches
• Traffic-shaping devices (e.g., WAN optimization, load balancing)
6. Operate and configure wireless technologies (e.g., bluetooth, NFC, WiFi)
• Transmission security
• Wireless security devices (e.g.,WIPS, WIDS)
Domain 7: Systems and Application Security
1. Identify and analyze malicious code and activity
• Malware (e.g., rootkits, spyware, scareware, ransomware, trojans, virus, worms, trapdoors, backdoors, and
• remote access trojans)
• Malicious code countermeasures (e.g., scanners, anti-malware, code signing, sandboxing)
• Malicious activity (e.g., insider threat, data theft, DDoS, botnet)
• Malicious activity countermeasures (e.g., user awareness, system hardening, patching,
sandboxing, isolation)
2. Implement and operate endpoint device security
• HIDS
• Host-based firewalls
• Application white listing
• Endpoint encryption
• Trusted Platform Module (TPM)
• Mobile Device Management (MDM) (e.g., COPE, BYOD)
• Secure browsing (e.g., sandbox)
3. Operate and configure cloud security
• Deployment models (e.g., public, private, hybrid, community)
• Service models (e.g., IaaS, PaaS and SaaS)
• Virtualization (e.g., hypervisor)
• Legal and regulatory concerns (e.g., privacy, surveillance, data ownership, jurisdiction,
eDiscovery)
• Data storage and transmission (e.g., archiving, recovery, resilience)
• Third party/outsourcing requirements (e.g., SLA, data portability, data destruction, auditing)
• Shared responsibility model
4. Operate and secure virtual environments
• Software-defined networking
• Hypervisor
• Virtual appliances
• Continuity and resilience
• Attacks and countermeasures
• Shared storage
Upcoming Batch
April 20th (Weekends)
FRI & SAT (4 Weeks)
08:30 PM to 01:00 AM (CDT)
April 18th (Weekdays)
MON – FRI (18 Days)
10:00 AM to 12:00 PM (CDT)
Systems Security Certified Practitioner (SSCP) FAQs
Q. What will I learn in the Systems Security Certified Practitioner (SSCP ) training?
Ans.
The SSCP course covers cybersecurity fundamentals, risk identification, incident response, encryption, network and access controls, and audits, equipping learners with practical skills for IT security roles.
Q. What are the career prospects after completing the Systems Security Certified Practitioner (SSCP ) training?
Ans.
Post-SSCP, individuals can target roles like Security Analyst, Systems Administrator, and Network Security Engineer, primarily in IT and cybersecurity sectors, with advancement to higher certifications and managerial positions.
Q. What are the prerequisites for enrolling in the Systems Security Certified Practitioner (SSCP) course?
Ans.
- Basic Understanding of Security Concepts: Familiarity with core security principles such as confidentiality, integrity, and availability.
- Fundamental IT Knowledge: A foundational understanding of computer systems, networking concepts, and the Internet.
- Working Knowledge of Computer Systems: Experience with using and managing operating systems, user environments, and software applications.
- Basic Networking Skills: An understanding of basic networking concepts, including TCP/IP protocols, network architecture, and secure network components.
- Familiarity with Access Control Concepts: Knowledge of authentication, authorization, and security mechanisms used to protect information.
- Awareness of Risk Management: Recognition of the importance of risk assessment and the basic concepts involved in risk management.
- Interest in Security Practices: A keen interest in learning about security policies, standards, procedures, and secure design principles.
- Ethical Mindset: An understanding of and commitment to ethical behavior in the cybersecurity field.
- Communication Skills: Basic communication skills necessary to document and explain security controls, incidents, and assessments.
Q. Which certification exam is linked with the Systems Security Certified Practitioner (SSCP ) course?
Ans.
The course Systems Security Certified Practitioner (SSCP ) is linked to SSCP exam.
Q. What is the duration of the Systems Security Certified Practitioner (SSCP) course?
Ans.
The duration of the course 40 hours.
Q. Is the Systems Security Certified Practitioner (SSCP ) course available online or in-person?
Ans.
The course is available both online and in-person.
Q. What is required for online training?
Ans.
A laptop, decent internet speed, a Headset with microphone is required.
Reviews
There are no reviews yet.