SSCP Certification Curriculum Outline

SSCP Domain: Access Controls

Overview/Description
With the increasing growth of the Internet and networks in general being used for business, security is an important issue. A key aspect of business security is controlling which users have access to what resources, and which operations they can perform. The mechanism for controlling these aspects is Access Control. This courses examines how to determine appropriate access controls, architecture models, authentication techniques and access methods. It explains access control systems, their differences and implementations and how they protect services and data. This course also demonstrates attack methods used to bypass access control systems and describes account management procedures and key access control concepts. The course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one years professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)
2.5

Lesson Objectives

SSCP Domain: Access Controls

Identify the most appropriate access controls for particular situations

Recognize the considerations for access control subjects and access control objects

Select appropriate access control architecture models for particular situations

Recognize access control architecture models

Determine the most appropriate access controls to use in a particular scenario

Determine the most appropriate access control architecture model to use in a particular scenario

Describe knowledge and ownership based authentication methods

Describe the components of an identity management solution

Describe characteristics-based authentication methods

Describe multifactor authentication methods

Recognize the advantages of single sign-on systems (SSOs) for authentication

Describe how Kerberos is used for authentication

Select the most appropriate access control methodology to use in a particular situation

Rank portable devices according to the amount of data they can remove from a network

Describe security risks and mitigation techniques for virtual platforms

Describe the phases of a cloud computing data cycle

Determine the most appropriate authentication technique to use in a particular scenario

Determine the most appropriate access method to implement in a particular scenario

Course Number:
sp_sycp_a01_it_enus

Back to List

SSCP Domain: Cryptography

Overview/Description
In modern business and IT, keeping information secure and/or proving from where it originated can be key aspects of success. Cryptography provides the tools necessary to guarantee confidentiality and authenticity in the digital age. This course provides the learner with an understanding of the applications of symmetric and public key cryptography and when they are required as well as concepts such as key management and secure ciphers and protocols. The course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one years professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)
2.0

Lesson Objectives

SSCP Domain: Cryptography

Define the principal cryptographic terms

Describe the classic modes of operation for block ciphers

Describe newer standardized modes of operation for block ciphers

Identify appropriate uses for stream ciphers and one time pads

Recognize characteristics of digital signatures

Describe how to implement a public key infrastructure

Identify the components of a public key infrastructure

Determine the most appropriate mode of operation to employ in a particular scenario

Implement a Public Key Infrastructure for a particular scenario

Describe types of cryptographic attacks

Recognize how cryptographic algorithms are used

Determine the most appropriate hash algorithm to use

Distinguish between types of secure protocol

Recognize specific cryptographic attacks

Determine the most appropriate cryptographic functions to use in a particular scenario

Course Number:
sp_sycp_a02_it_enus

Back to List

SSCP Domain: Malicious Code

Overview/Description
In the modern world of computing, malicious code is becoming commonplace. Organizations and individuals must protect themselves from these attacks. This course provides a history of malicious code and details of how to recognize and analyze the effects of malcodes and infection vectors on a computing system using VMware testing and file capturing techniques. It also explains how to determine appropriate malcode evaluation and mitigation techniques to protect an enterprise environment. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one years professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)
3.0

Lesson Objectives

SSCP Domain: Malicious Code

Recognize components of CARO-like names

Recognize the main purpose of application security

Identify types of malicious code

Define the basic terms in malicious code

Identify significant events in the evolution of malcode

Order the significant events in the emergence of the Internet criminal marketplace

Identify common methods used to spread malcodes

Recognize social engineering attacks

Determine which specific malcodes are attacking a system

Determine the methods infection vectors have used to access a system

Recognize types of attacks that are carried out on computing environments

Describe best practices for implementing a security solution in an enterprise environment

Implement appropriate malcode inspection processes

Select appropriate malcode behavioral analysis methods

Sequence the steps for using VMware to test malcode samples

Identify techniques for capturing files from a computer

Identify appropriate malcode mitigation policies for an enterprise environment

Assess how malcodes and infection vectors attack a computing system

Determine how to evaluate and mitigate malcodes in an enterprise environment

Course Number:
sp_sycp_a03_it_enus

Back to List

SSCP Domain: Monitoring and Analysis Part 1

Overview/Description
Current business practices demand a certain amount of due diligence with regards to keeping track of system events pertaining to security. This course on security monitoring and analysis provides the learner with an understanding of the requirements and procedures that are components of a secure business environment. In the fast paced business world of today, secure and reliable communication within your corporation and with outside networks is mandatory. This course covers such topics as authentication, data integrity, transport formats and transmission methods. As an SSCP candidate, you are expected to show understanding of these aspects of secure communications in the digital age. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one years professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)
2.0

Lesson Objectives

SSCP Domain: Monitoring and Analysis Part 1

Recognize techniques for ensuring compliance to a security framework

Match components of a security network to their descriptions

Identify controls to help enforce a security policy

Recognize how to monitor a secured system

Identify the domains of security responsibility

Describe common SNMP security issues and recommended security solutions

Recognize how to implement a security framework

Describe how to monitor a security framework

Identify the characteristics of active and passive monitoring systems

Define the key terms used to discuss monitoring technologies

Recognize when to implement network-based and host-based intrusion detection and prevention systems

Identify the motivation behind a system attack

Distinguish between intrusions and events in a security framework

Determine the appropriate intrusion detection and prevention system for a particular scenario

Course Number:
sp_sycp_a04_it_enus

Back to List

SSCP Domain – Monitoring and Analysis Part 2

Overview/Description
Current business practices demand a certain amount of due diligence with regards to keeping track of system events pertaining to security. This course on security monitoring and analysis provides the learner with an understanding of the requirements and procedures that are components of a secure business environment. The course examines how to determine appropriate methods to protect hosts and networks within a business environment, how to test them for vulnerability and how to determine appropriate methods for carrying out a security penetration test. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one years professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)
2.0

Lesson Objectives

SSCP Domain – Monitoring and Analysis Part 2

Describe features of vulnerability testing software

Select appropriate methods for protecting hosts

Recognize how to implement advanced firewall testing

Identify qualities of Internet perimeter systems

Describe traffic types and conditions that a monitoring system in an IDS environment should cover

Recognize the implications of war driving for network security

Determine appropriate methods to protect hosts and test them for vulnerability

Determine appropriate methods to protect networks and test them for vulnerability

Identify important considerations for planning a penetration test

Describe reconnaissance information gathering techniques

Describe common network mapping based information gathering techniques

Describe how to exploit systems during a penetration test

Describe how to perform a penetration test

Determine appropriate methods for carrying out a security penetration test

Course Number:
sp_sycp_a05_it_enus

Back to List

SSCP Domain : Networks and Telecommunications Part 1

Overview/Description
In the fast paced business world of today, secure and reliable communication within your corporation and with outside networks is mandatory. This course covers various aspects of secure digital communications including authentication, data integrity, transport formats and transmission methods. This course teaches the learner about network topology schemes and application and transport layer security protocols such as S/MIME and SSL. It shows how to optimize network level security to protect against DoS attacks using IP addressing techniques and SMTP, ICMP and authentication protocols. The course also examines how to optimize WAN access and security methods and how to maximize physical transmission methods and data integrity in an enterprise environment. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one years professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)
2.0

Lesson Objectives

SSCP Domain : Networks and Telecommunications Part 1

Recognize the layers of the DoD model

Describe commonly implemented network topology schemes

Recognize the features and components of application and transport layer security protocols

Match IP addressing methods and security features to examples of their use

Recognize when to use common network layer protocols

Identify common Network level attacks

Select an appropriate authentication protocol for a particular scenario

Specify an appropriate tunneling protocol for a particular scenario

Assess the network infrastructure security for a given scenario

Optimize a network level security solution

Identify optimal SOHO network solutions

Describe WAN solutions and protocols

Describe network infrastructure components

Analyze WAN access and security methods

Optimize WAN and physical infrastructure transmission and security

Course Number:
sp_sycp_a06_it_enus

Back to List

SSCP Domain : Networks and Telecommunications Part 2

Overview/Description
In the fast paced business world of today, secure and reliable communication within your corporation and with outside networks is mandatory. This course covers such topics as authentication and data integrity with a focus on wireless communications and new messaging and exchange technologies. This course teaches the learner how to optimize security standards, policies and procedures for LAN, WAN and WLAN enterprise environment IT infrastructures. The course explains network vulnerabilities, VPNs, the IEEE 802 security standards, IDS solutions and best practices for deploying wireless APs and for configuring firewalls. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one years professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)
2.5

Lesson Objectives

SSCP Domain : Networks and Telecommunications Part 2

Identify components of a LAN

Recognize important LAN security considerations

Describe clientless VPNs

Describe common firewall types and configuration considerations

Recognize IDS solutions and monitoring techniques

Optimize a network enterprise environment security infrastructure

Describe the most widely used 802.11 standards

Identify best practices for deploying wireless APs and recognize WLAN security vulnerabilities

Describe security considerations for WiMAX implementations

Describe security considerations for Bluetooth connections and mobile networks

Identify mitigation techniques for RFID and NFC security issues

Recognize methods of securing wireless networks from outside attacks

Describe how the use of new technologies can expose an enterprise environment to attack

Recognize how to secure the seven domains of an IT infrastructure

Recognize security countermeasures that can be implemented in a network environment

Optimize an enterprise environment WLAN security infrastructure

Optimize security standards, policies and procedures for an enterprise environment

Course Number:
sp_sycp_a07_it_enus

Back to List

SSCP Domain : Security Operations and Administration Part 1

Overview/Description
Information is often at the core of business, and maintaining the security of that information in the digital age is of utmost importance. This course provides the learner with the skills needed to identify and organize essential information in an organization, and how to document and implement policies, standards, procedures and guidelines. These skills will ensure confidentiality, integrity and availability of core business information. This course teaches the learner about the importance of Confidentiality, Integrity and Availability (The C-I-A Triad) and how to determine appropriate methods for dealing with security and threats. It teaches how to assess and optimize your own security plan and program. The course also demonstrates the importance of Ethics in Business Security. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one years professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)
2.5

Lesson Objectives

SSCP Domain : Security Operations and Administration Part 1

Describe the objectives that effective security controls should meet

Describe security architecture design best practices

Describe the PDCA improvement cycle for an ISMS

Identify features the ISO/SEC 27002 security standards framework

Describe how to manage identity and access and privileged user accounts

Recognize the considerations for managing outsourced security partners

Assess a security programs objectives, architecture and framework

Determine appropriate measures for managing identify, access and privileged accounts and for selecting an MSSP

Describe the phases of a policy life cycle

Recognize security standards and baselines

Describe industry standards and open standards

Describe the importance of well documented security procedures

Recognize the main responsibilities of a security officer in the security plan development process

Identify confidentiality protection methods

Recognize important considerations for information classification

Assess security policies and standards

Optimize security procedures and plans and determine appropriate information protection and classification methods

Course Number:
sp_sycp_a08_it_enus

Back to List

SSCP Domain : Security Operations and Administration Part 2

Overview/Description
Information is often at the core of business, and maintaining the security of that information in the digital age is of utmost importance. This course provides the learner with the skills needed to identify and organize essential information in an organization, and how to document and implement policies, standards, procedures and guidelines. These skills will ensure confidentiality, integrity and availability of core business information. This course examines the secure storage of data as well as encryption, retention, sanitization and disposal of data. It teaches the learner the fundamentals of secure application development and demonstrates common web vulnerabilities. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one years professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)
1.5

Lesson Objectives

SSCP Domain : Security Operations and Administration Part 2

Describe the key methods for maintaining confidential information security

Recognize appropriate techniques for restricting sensitive data access

Identify key management policy considerations

Propose appropriate techniques for destroying magnetic media

Identify key considerations for handling sensitive data

Describe the functions of a data leakage prevention strategy

Describe common methodologies for deploying software applications

Recognize the most commonly exploited vulnerabilities of web applications

Describe how to implement guidelines for protecting against web vulnerabilities

Assess the data and information security program for a particular scenario

Optimize the application development process for a particular scenario

Course Number:
sp_sycp_a09_it_enus

Back to List

SSCP Domain – Security Operations and Administration Part 3

Overview/Description
Information is often at the core of business, and maintaining the security of that information in the digital age is of utmost importance. This course provides the learner with the skills needed to identify and organize essential information in an organization, and how to document and implement policies, standards, procedures and guidelines. These skills will ensure confidentiality, integrity and availability of core business information. This course teaches the learner about Software Release Management and Deployment. It examines Accreditation and Assurance as well as Change Control and Configuration Management and demonstrates Endpoint Security and Metrics for Measuring Security. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one years professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)
2.0

Lesson Objectives

SSCP Domain – Security Operations and Administration Part 3

Recognize how to implement a release management policy

Select appropriate EAL levels to evaluate an information system for certification and accreditation

Describe the software certification and accreditation process

Recognize appropriate configuration management techniques for a particular scenario

Describe the steps of the patch management process

Describe endpoint security management solutions

Identify important endpoint security considerations

Recognize how to measure security performance using metrics

Identify critical success factors for security awareness programs

Analyze application deployment security measures for a particular scenario

Optimize endpoint security and security awareness

Course Number:
sp_sycp_a10_it_enus

Back to List

SSCP Domain : Risk, Response, and Recovery

Overview/Description
With more and more business success relying on secure and guaranteed access to data, having plans and policies in place to manage risks and recover from disasters is pivotal. This course provides the learner with the knowledge to provide data redundancy and handling incidents and risks. This course teaches the learner how to identify the threats and vulnerabilities that can put information systems at risk and how to optimize a risk assessment and management system to protect resources. It covers risk limitation and mitigation and the security incident handling process. The course covers business continuity planning and shows how to design an effective disaster contingency plan and an optimized data recovery and restoration methodology. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one years professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)
3.0

Lesson Objectives

SSCP Domain : Risk, Response, and Recovery

Recognize threats and vulnerabilities that expose information technology systems to risk

Define key risk management concepts

Recognize key factors for improving a risk management system

Specify appropriate risk limitation controls for a particular scenario

Describe a security incident detection and analysis process

Describe a security incident containment and eradication process

Identify key considerations for gathering and handling evidence

Optimize a risk assessment methodology for a particular scenario

Determine appropriate risk and incident handling methods for a particular scenario

Describe a business impact analysis process

Define key business impact analysis concepts

Select an appropriate disaster recovery site for a particular scenario

Identify key considerations for disaster recovery planning

Describe disaster plan testing methodologies

Identify an appropriate data backup rotation schedule for a particular scenario

Identify features of high-availability and load-balancing clustering

Select an appropriate RAID level for a particular scenario

Optimize a disaster planning process for a particular scenario

Analyze a data backup and restoration methodology

Course Number:
sp_sycp_a11_it_enus

Back to List