This course prepares a student to take the ISC2 Systems Security Certified Practitioner (SSCP) national certification exam.
Course Outline:
Chapter 1: Introduction
- About This Course
- What Is an SSCP?
- Using This Course
- Let’s Get Started!
Chapter 2: The Business Case for Decision Assurance and Information Security
- Information: The Lifeblood of Business
- Policy, Procedure, and Process: How Business Gets Business Done
- Who Runs the Business?
- Summary
- Exam Essentials
Chapter 3: Information Security Fundamentals
- The Common Needs for Privacy, Confidentiality, Integrity, and Availability
- Training and Educating Everybody
- SSCPs and Professional Ethics
- Summary
- Exam Essentials
Chapter 4: Integrated Information Risk Management
- It’s a Dangerous World
- The Four Faces of Risk
- Getting Integrated and Proactive with Information Defense
- Risk Management: Concepts and Frameworks
- Risk Assessment
- Four Choices for Limiting or Containing Damage
- Summary
- Exam Essentials
Chapter 5: Operationalizing Risk Mitigation
- From Tactical Planning to Information Security Operations
- Operationalizing Risk Mitigation: Step by Step
- The Ongoing Job of Keeping Your Baseline Secure
- Ongoing, Continuous Monitoring
- Reporting to and Engaging with Management
- Summary
- Exam Essentials
Chapter 6: Communications and Network Security
- Trusting Our Communications in a Converged World
- Internet Systems Concepts
- Two Protocol Stacks, One Internet
- Wireless Network Technologies
- IP Addresses, DHCP, and Subnets
- IPv4 vs. IPv6: Important Differences and Options
- CIANA Layer by Layer
- Securing Networks as Systems
- Summary
- Exam Essentials
Chapter 7: Identity and Access Control
- Identity and Access: Two Sides of the Same CIANA+PS Coin
- Identity Management Concepts
- Access Control Concepts
- Network Access Control
- Implementing and Scaling IAM
- User and Entity Behavior Analytics (UEBA)
- Zero Trust Architectures
- Summary
- Exam Essentials
Chapter 8: Cryptography
- Cryptography: What and Why
- Building Blocks of Digital Cryptographic Systems
- Keys and Key Management
- Modern Cryptography: Beyond the “Secret Decoder Ring”
- “Why Isn’t All of This Stuff Secret?”
- Cryptography and CIANA+PS
- Public Key Infrastructures
- Applying Cryptography to Meet Different Needs
- Managing Cryptographic Assets and Systems
- Measures of Merit for Cryptographic Solutions
- Attacks and Countermeasures
- PKI and Trust: A Recap
- On the Near Horizon
- Summary
- Exam Essentials
Chapter 9: Hardware and Systems Security
- Infrastructure Security Is Baseline Management
- Securing the Physical Context
- Infrastructures 101 and Threat Modeling
- Endpoint Security
- Malware: Exploiting the Infrastructure’s Vulnerabilities
- Privacy and Secure Browsing
- “The Sin of Aggregation”
- Updating the Threat Model
- Managing Your Systems’ Security
- Summary
- Exam Essentials
Chapter 10: Applications, Data, and Cloud Security
- It’s a Data-Driven World…At the Endpoint
- Software as Appliances
- Applications Lifecycles and Security
- CIANA+PS and Applications Software Requirements
- Application Vulnerabilities
- “Shadow IT:” The Dilemma of the User as Builder
- Information Quality and Information Assurance
- Protecting Data in Motion, in Use, and at Rest
- Into the Clouds: Endpoint App and Data Security Considerations
- Legal and Regulatory Issues
- Countermeasures: Keeping Your Apps and Data Safe and Secure
- Summary
- Exam Essentials
Chapter 11: Incident Response and Recovery
- Defeating the Kill Chain One Skirmish at a Time
- Harsh Realities of Real Incidents
- Incident Response Framework
- Preparation
- Detection and Analysis
- Containment and Eradication
- Recovery: Getting Back to Business
- Post-Incident Activities
- Summary
- Exam Essentials
Chapter 12: Business Continuity via Information Security and People Power
- What Is a Disaster?
- Surviving to Operate: Plan for It!
- Timelines for BC/DR Planning and Action
- Options for Recovery
- Cloud-Based “Do-Over” Buttons for Continuity, Security, and Resilience
- People Power for BC/DR
- Security Assessment: For BC/DR and Compliance
- Converged Communications: Keeping Them Secure During BC/DR Actions
- Summary
- Exam Essentials
Chapter 13: Cross-Domain Challenges
- Operationalizing Security Across the Immediate and Longer Term
- Supply Chains, Security, and the SSCP
- Other Dangers on the Web and Net
- On Our Way to the Future
- Enduring Lessons
- Your Next Steps
- At the Close
- Exam Essentials
All necessary course materials are included.
Certification(s):
This course prepares a student to take the ISC2 Systems Security Certified Practitioner (SSCP) national certification exam.