Systems Security Certified Practitioner (SSCP) - Outline

Detailed Course Outline

Domain 1: Access Controls
  • Implement and maintain authentication methods
  • Support internetwork trust architectures
  • Participate in the identity management lifecycle
  • Implement access controls
Domain 2: Security Operations and Administration
  • Comply with codes of ethics
  • Understand security concepts
  • Document, implement, and maintain functional security controls
  • Participate in asset management
  • Implement security controls and assess compliance
  • Participate in change management
  • Participate in security awareness and training
  • Participate in physical security operations (e.g., data center assessment, badging)
Domain 3: Risk Identification, Monitoring, and Analysis
  • Understand the risk management process
  • Perform security assessment activities
  • Operate and maintain monitoring systems (e.g., continuous monitoring)
  • Analyze monitoring results
Domain 4: Incident Response and Recovery
  • Support incident lifecycle
  • Understand and support forensic investigations
  • Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) activities
Domain 5: Cryptography
  • Understand fundamental concepts of cryptography
  • Understand reasons and requirements for cryptography
  • Understand and support secure protocols
  • Understand Public Key Infrastructure (PKI) systems
Domain 6: Network and Communications Security
  • Understand and apply fundamental concepts of networking
  • Understand network attacks and countermeasures (e.g., DDoS, man-in-the-middle, DNS poisoning)
  • Manage network access controls
  • Manage network security
  • Operate and configure network-based security devices
  • Operate and configure wireless technologies (e.g., bluetooth, NFC, WiFi)
Domain 7: Systems and Application Security
  • Identify and analyze malicious code and activity
  • Implement and operate endpoint device security
  • Operate and configure cloud security
  • Operate and secure virtual environments