The (ISC)2 Systems Security Certified Practitioner (SSCP) certification covers seven domains which they describe as 'the compendium of topics pertaining to an Information Systems Security Practitioner', the CBK (Common Body of Knowledge). The seven domains maps directly to the seven modules of this course listed below, it is referred to as a taxonomy or collection of past, present and future topics around Information Security.
The SSCP is aimed at security go-to-people, on the front line of a business dealing with technologies employed to protect Information. If you are responsible for implementing and maintaining countermeasures such as Firewalls, Intrusion Detection or Prevention, Anti-Virus solutions or Public Key Infrastructures and you want a certification to attest to your skills and professionalism within Information Security, this is it.
Leads to Certification
The (ISC)2 SSCP exam is not a part of the course.
(ISC)² are completing the final stages of implementing Computer-Based Testing (CBT) for all certification exams throughout 2012 to create a better user experience for a larger pool of candidates and greater global exam accessibility. Candidates can begin registering for Computer-Based Testing (CBT) for the CISSP, CISSP concentrations and the SSCP certification exams via CBT worldwide beginning June 1, 2012, with the ability to sit for an exam as early as the next day.
To book the new CBT exam requires the candidate to acquire a Pearson VUE testing voucher. Please note, the price of the voucher is not included in the RRP of this course
Beginning September 1, 2012, (ISC)² will no longer offer paper-based testing (PBT) for any of its certification exams except for candidates located in areas outside of a 75-mile radius from an approved testing center and on a case-by-case basis. August 24, 2012 is the last day candidates can register to sit for regularly scheduled PBT exams occurring through August 31, 2012.
This credential is ideal of those who have already obtained or are working towards positions such as: Security Administrators; Security Systems Analysts and Network Security Administrators.
It may also be of interest to those who desire a better understanding of security, but do not have a direct security role, examples of these could include: System Administrators; Network Administrators; Systems Analysts; Auditors and Database Administrators.
Required experience: one year working in the Information Security arena, covering at least one of the domains from the SSCP CBK. Proof of this must be supplied to (ISC)2
If you do not have the experience right now, you could pass the exam and obtain Associate of (ISC)2 status. You would then obtain full SSCP when you complete the experience required and are approved by (ISC)2. This course will consolidate delegates knowledge across the CBK but successful exam candidates should be prepared to read around the subjects covered to strengthen their knowledge before taking the exam, a recommended reading list of approved (ISC)2 books can be downloaded in the form of a 'Candidate Information Bulletin' from www.isc2.org.
The full requirements for talking and obtaining SSCP certification can be found at http://www.isc2.org
Why should I complete this certification before CISSP?
- SSCP maps to just over half of the CISSP required knowledge, so it is great as a precursor or certification path to follow if you intend on obtaining CISSP in the future.
- Build a relationship with (ISC)2 and use the many member benefits to manage and improve your career as a Information Security professional.
- SSCP allows you to waive one year of the 5 years experience required to pass CISSP, (other certifications can also allow this).
Module 1: Access Controls
- Identification Authentication Authorisation and Accounting
- Logical Access Controls (Subjects accessing Objects)
- Implementing Authentication
- Access Control Models, MAC, DAC, NDAC and RBAC
- TCSEC, ITSEC and Common Criteria
Module 2: Cryptography
- Public Key Infrastructure's
- Confidentiality and Integrity
- Digital Signatures
- Transmission Security
Module 3: Malicious Code and Activity
- Viruses, Trojan's, Worms and their characteristics
- Anatomy of an attack
- Hackers and Crackers
- Incident detection and prevention, tools and techniques
Module 4: Monitoring and Analysis
- Security Auditing and Frameworks
- Vulnerability and Penetration Testing
- IDS and IPS and Firewalls
- Logging and Monitoring
Module 5: Networks and Communications
- OSI and Networking Technologies
- TCP/IP and LAN based protocols
- Remote Access Protocols
- Wireless Security
Module 6: Risk, Response and Recovery
- Risk Management
- Business Continuity Planning
- Disaster Recovery Planning
- Incident Response and Forensics
Module 7: Security Operations and Administration
- Policies, Standards and Guidelines
- Change and Configuration Management
- System Development Lifecycle
- Security best practices
The (ISC)2 Systems Security Certified Practitioner (SSCP
The exam is not a part of the course, delegates will be required to book their own exam through (ISC)2 and should reference www.isc2.org for a schedule.