The Systems Security Certified Practitioner (SSCP) Domains

Overview/Description
To recognize the concepts that make up the Access Controls SSCP domain

Target Audience
Candidates who plan to take the International Information Systems Security Certification Consortium's (ISC)2 Systems Security Certified Practitioner (SSCP) certification exam or IT professionals who want an introduction to the concepts and practices of information system security

Lesson Objectives

Access Controls

• define access control and recognize access control types and models.
• recognize how access control is implemented.
• recognize the way in which the authentication protocol Kerberos works.
• identify the mechanisms used to ensure Information Assurance.
• identify suitable access control solutions.

Overview/Description
To identify security administration requirements and outline how they are met

Lesson Objectives

Administration

• identify the features of the security development life cycle.
• outline the policies and practices used to secure an information system and its environment.
• identify the function of a roadmap in security administration and outline the activities required to develop one for an organization.
• outline technologies used in organizations to secure information and information systems.
• implement suitable security mechanisms.
• outline best practices for security administration in a network.
• identify the requirements for a security awareness program and outline how it can be implemented in an organization.
• implement a successful security awareness program.

Overview/Description
To outline the tools and mechanisms for system security monitoring and auditing

Lesson Objectives

Auditing and Monitoring

• identify the role of auditing.
• identify the types of data collected during an audit and outline how it is processed.
• outline the methods and tools involved in conducting a security audit.
• identify features of the audit process.
• outline the different types of monitoring and the tools associated with each type.
• recognize the need to develop an effective incident response program.
• identify incident response features.

Overview/Description
To outline risk management and identify best practices for handling risk and ensuring business continuity

Lesson Objectives

Risk, Response, and Recovery

• define risk and identify the strategies used to manage it.
• identify methods and tools used to perform risk analysis.
• identify the steps and activities of a risk assessment methodology.
• identify the mechanisms used when responding to a security attack.
• identify the features of contingency plans and disaster recovery plans.
• identify appropriate solutions for business continuity.
• identify the roles and tools involved in computer forensics.

Overview/Description
To define cryptograhy and identify its use in ensuring the confidentiality, integrity, authenticity, and non-repudiation of information
 

Lesson Objectives

Understanding Cryptography

• recognize how encryption developed and identify the process and types involved.
• identify the block cipher modes of operation and the different block cipher algorithims.
• to identify the role of hashes and digital signatures in protecting the integrity of encrypted data.
• recognize encryption processes.
• identify the various methods of key management.
• identify the features of the general hierarchical model of public key infrastructure and the top-down hierarchical SET public key infrastructure.
• identify the types and features of encryption protocols.
• identify various types of cryptographic attack.

Overview/Description
To identify the standards and technology used in data communication

Lesson Objectives  

Data Communications

• identify the types of signals and transmission media used to transfer data information.
• identify the attributes of various network deployments.
• identify the topologies and standards used in networking.
• identify the layers of the OSI and TCP/IP network communication models.
• identify common network devices.
• identify types of network attacks and the methods used to mitigate them.
• identify ways to secure a network from given attacks.

Overview/Description
To identify types of malicious code and the protection used to defend against it

Lesson Objectives

Malicious Code

• identify types and characteristics of malicious code.
• identify the mechanisms and best practices used to counter malicious code attacks.
• identify malicious code protection products and the mechanisms they use.
• identify how to defend against malicious code.