(ISC)² Systems Security Certified Practitioner (SSCP)

Security operations and administration is the task of identifying an organization’s information assets and the documentation needed for policy implementation, standards, procedures, and guidelines to ensure confidentiality, integrity, and availability. You will understand the process necessary for working with management and information owners, custodians, and users so that proper data classifications are defined. This will ensure the proper handling of all hard copy and electronic information.

The Security operations and Administration course addresses basic security concepts and the application of those concepts in the day to day operation and administration of enterprise computer systems and the information that they host.Ethical considerations in general, and the (ISC)2 Code of Ethics in particular, provide the backdrop for any discussion of information security and SSCP candidates will be tested on both. Information security professionals often find themselves in positions of trust and must be beyond reproach in every way.

Several core principles of information security stand above all others and this domain covers these principles in some depth. It can be said that the CIA triad of confidentiality, integrity and availability forms the basis for almost everything that we do in information security and the SSCP candidate must not only fully understand these principles but be able to apply them in all situations. additional security concepts covered in this domain include privacy, least privilege, non-repudiation and the separation of duties.

Course objectives:

1. Define Code of Ethics
2. Describe the security concepts
3. Document and operate security controls
4. Describe the asset management process
5. Implement compliance controls
6. Assess compliance controls
7. Describe the change management process
8. Contribute to the security awareness training program
9. Contribute to physical security operations

Risk Identification, Monitoring, and Analysis: In the Risk Identification, Monitoring, and Analysis session, you will learn how to identify, measure, and control losses associated with adverse events. You will review, analyze, select, and evaluate safeguards for mitigating risk.You will learn processes for collecting information, providing methods of identifying security events, assigning priority levels, taking the appropriate actions, and reporting the findings to the correct individuals. After collection of the details from monitoring, we can analyze to determine if the system is being operated in accordance with accepted industry practices, and in compliance with organization policies and procedures.

Incident Response and Recovery: In the Incident Response and Recovery Session, you will gain an understanding of how to handle incidents using consistent, applied approaches in order to resolve. Once an incident is identified, action will be necessary in order to resolve. We will examine processes such as damage recovery, data integrity and preservation, and the collection, handling, reporting, and prevention. You will be introduced to the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) concepts and how they can be utilized in order to mitigate damages, recover business operations, and avoid critical business interruption. Through the use of the DRP, you will understand the procedures for emergency response and post-disaster recovery.

Course objectives:

1. Describe the risk management process
2. Perform security assessment activities
3. Describe processes for operating and maintaining monitoring systems
4. Identify events of interest
5. Describe the various source systems
6. Interpret reporting findings from monitoring results
7. Describe the incident handling process
8. Contribute to the incident handling process based upon role within the organization
9. Describe the supporting role in forensics investigation processes
10. Describe the supporting role in the business continuity planning process
11. Describe the supporting role in the disaster recovery planning process

Welcome to Cryptography! Cryptography is the practice and study of techniques for securing communications in the presence of third parties. You will learn how to protect information in order to ensure its integrity, confidentiality, authenticity, and non-repudiation. You will come out with a basic understanding of cryptographic concepts and how to apply them, implement secure protocols, key management concepts, key administration and validation, and Public Key Infrastructure.

Course objectives:

1. Apply the fundamental concepts of cryptography
2. Describe the difference between symmetric and asymmetric cryptography
3. Define the basic requirements for cryptography
4. Identify processes to support secure protocols
5. Describe the process for implementing cryptographic systems
6. Define key management concepts
7. Define Public Key Infrastructure
8. Identify processes for key administration and validation
9. Describe the implementation of secure protocols

Welcome to Networks and Communications Security Course! In the Networks and Communications Security Course, you will learn about the network structure, data transmission methods, transport formats, and the security measures used to maintain integrity, availability, authentication, and confidentiality of the information being transmitted. Concepts for both public and private communication networks will be discussed.

Course objectives:

1. Describe network-related security issues
2. Identify protective measures for telecommunication technologies
3. Define processes for controlling network access
4. Identify processes for managing LAN-based security
5. Describe procedures for operating and configuring networked-based security devices
6. Define procedures to implement and operate wireless technologies

Welcome to Systems and Application Security Course! In the Systems and Application Security Course, you will gain an understanding of computer code that can be described as harmful or malicious. Both technical and non-technical attacks will be discussed. You will learn how an organization can protect itself from these attacks. You will learn concepts in endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments.

Course objectives:

1. Identify malicious code activity
2. Describe malicious code and the various countermeasures
3. Describe the processes for operating endpoint device security
4. Define mobile device management processes
5. Describe the process for configuring cloud security
6. Explain the process for securing big data systems
7. Summarize the process for securing virtual environments