This course prepares a student to take the ISC2 Systems Security Certified Practitioner (SSCP) national certification exam.
Course Outline:
Chapter 1: Introduction
- About This Course
- What Is an SSCP?
- Using This Course
- Objective Map
- Earning Your Certification
Chapter 2: The Business Case for Decision Assurance and Information Security
- Information: The Lifeblood of Business
- Policy, Procedure, and Process: How Business Gets Business Done
- Who Runs the Business?
- Summary
Chapter 3: Information Security Fundamentals
- The Common Needs for Privacy, Confidentiality, Integrity, and Availability
- Training and Educating Everybody
- SSCPs and Professional Ethics
- Summary
- Exam Essentials
Chapter 4: Integrated Risk Management and Mitigation
- It’s a Dangerous World
- The Four Faces of Risk
- Getting Integrated and Proactive with Information Defense
- Risk Management: Concepts and Frameworks
- Risk Assessment
- Four Choices for Limiting or Containing Damage
- Summary
- Exam Essentials
Chapter 5: Operationalizing Risk Mitigation
- From Tactical Planning to Information Security Operations
- Operationalizing Risk Mitigation: Step by Step
- The Ongoing Job of Keeping Your Baseline Secure
- Ongoing, Continuous Monitoring
- Reporting to and Engaging with Management
- Summary
- Exam Essentials
Chapter 6: Communications and Network Security
- Trusting Our Communications in a Converged World
- Internet Systems Concepts
- Two Protocol Stacks, One Internet
- IP Addresses, DHCP, and Subnets
- IPv4 vs. IPv6: Key Differences and Options
- CIANA Layer by Layer
- Securing Networks as Systems
- Summary
- Exam Essentials
Chapter 7: Identity and Access Control
- Identity and Access: Two Sides of the Same CIANA Coin
- Identity Management Concepts
- Access Control Concepts
- Network Access Control
- Implementing and Scaling IAM
- Zero Trust Architectures
- Summary
- Exam Essentials
Chapter 8: Cryptography
- Cryptography: What and Why
- Building Blocks of Digital Cryptographic Systems
- Keys and Key Management
- Modern Cryptography: Beyond the “Secret Decoder Ring”
- “Why Isn’t All of This Stuff Secret?”
- Cryptography and CIANA
- Public Key Infrastructures
- Other Protocols: Applying Cryptography to Meet Different Needs
- Measures of Merit for Cryptographic Solutions
- Attacks and Countermeasures
- On the Near Horizon
- Summary
- Exam Essentials
Chapter 9: Hardware and Systems Security
- Infrastructure Security Is Baseline Management
- Infrastructures 101 and Threat Modeling
- Malware: Exploiting the Infrastructure’s Vulnerabilities
- Privacy and Secure Browsing
- “The Sin of Aggregation”
- Updating the Threat Model
- Managing Your Systems’ Security
- Summary
- Exam Essentials
Chapter 10: Applications, Data, and Cloud Security
- It’s a Data-Driven World…At the Endpoint
- Software as Appliances
- Applications Lifecycles and Security
- CIANA and Applications Software Requirements
- Application Vulnerabilities
- “Shadow IT:” The Dilemma of the User as Builder
- Information Quality and Information Assurance
- Protecting Data in Motion, in Use, and at Rest
- Into the Clouds: Endpoint App and Data Security Considerations
- Legal and Regulatory Issues
- Countermeasures: Keeping Your Apps and Data Safe and Secure
- Summary
- Exam Essentials
Chapter 11: Incident Response and Recovery
- Defeating the Kill Chain One Skirmish at a Time
- Incident Response Framework
- Preparation
- Detection and Analysis
- Containment and Eradication
- Recovery: Getting Back to Business
- Post-Incident Activities
- Summary
- Exam Essentials
Chapter 12: Business Continuity via Information Security and People Power
- A Spectrum of Disruption
- Surviving to Operate: Plan for It!
- Cloud-Based “Do-Over” Buttons for Continuity, Security, and Resilience
- CIANA at Layer 8 and Above
- Summary
- Exam Essentials
Chapter 13: Risks, Issues, and Opportunities, Starting Tomorrow
- On Our Way to the Future
- CIA, CIANA, or CIANAPS?
- Enduring Lessons
- Your Next Steps
- At the Close
All necessary course materials are included.
Certification(s):
This course prepares a student to take the ISC2 Systems Security Certified Practitioner (SSCP) national certification exam.