The Official (ISC)²® Systems Security Certified Practitioner (SSCP®) training provides a comprehensive review of the knowledge required to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability.
This training course will help students review and refresh their knowledge and identify areas they need to study for the SSCP exam. Content aligns with and comprehensively covers the seven domains of the (ISC)² SSCP Common Body of Knowledge (CBK®).
We use courseware developed by (ISC)² –creator of the SSCP CBK –to ensure your training is relevant and up-to-date. The instructors are verified security experts who hold the SSCP and have completed intensive training to teach (ISC)² content.
Who is it for?
This training course is intended for practitioners who have at least one year of cumulative, paid work experience in one or more of the seven domains of the (ISC)2 SSCP CBK and are pursuing SSCP training and certification to acquire the credibility and mobility to advance within their current information security careers. This training is ideal for those with technical skills and practical, hand-on security knowledge working in operational IT positions.
Attendees should meet the following prerequisites:
- Candidates must have a minimum of 1-year cumulative work experience in 1 or more of the 7 domains of the SSCP CBK
- A candidate that doesn’t have the required experience to become an SSCP may become an Associate of (ISC)² by successfully passing the SSCP examination. The Associate of (ISC)² will then have 2 years to earn the 1 year required experience.
Recommended as preparation for the following exam:
- (ISC)² Certified Information Systems Security Professional Exam
Gaining this accreditation is not just about passing the exam, there are a number of other criteria that need to be met including 1 year of cumulative, paid work experience in one or more of the seven domains of the ISC)²® SSCP CBK . Full details can be found at https://www.isc2.org/Certifications/SSCP
Those without the required experience can take the exam to become an Associate of (ISC)² while working towards the experience needed for full certification
The CSSLP exam takes four hours to complete and consists of 175 multiple choice questions. Candidates need to achieve a minimum of 700 out of 1000 points to pass the exam and gain the certification.
Of the exam:
- Exam length: 3 hours
- Number of questions: 100-150
- Format: Multiple choice and advanced innovative questions
- Passing grade: 700 out of 1000 points
- Language: English
- Domain 1: Security and Risk Management – 15%
- Domain 2: Asset Security – 10%
- Domain 3: Security Architecture and Engineering – 13%
- Domain 4: Communication and Network Security – 13%
- Domain 5: Identity and Access Management (IAM) – 13%
- Domain 6: Security Assessment and Testing – 12%
- Domain 7: Security Operations – 13%
- Domain 8: Software Development Security – 11%
Please note an exam voucher is included as part of this course
After completing this course, you should be able to:
- Understand the different Access Control systems and how they should be implemented to protect the system and data using the different levels of confidentiality, integrity, and availability.
- Understand the processes necessary for working with management and information owners, custodians, and users so that proper data classifications are defined. This will ensure the proper handling of all hard copy and electronic information as it is applied by the Security Operations and Administration.
- The Risk Identification, Monitoring, and Analysis Domain identifies the how to identify, measure, and control losses associated with adverse events. You will review, analyze, select, and evaluate safeguards for mitigating risk.
- Identify how to handle Incident Response and Recovery using consistent, applies approaches including the use of the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) concepts in order to mitigate damages, recover business operations, and avoid critical business interruption; and emergency response and post-disaster recovery.
- Identify and differentiate key cryptographic concepts and how to apply them, implement secure protocols, key management concepts, key administration and validation, and Public Key Infrastructure as it applies to securing communications in the presence of third parties.
- Define and identify the Networks and Communications Security needed to secure network structure, data transmission methods, transport formats, and the security measures used to maintain integrity, availability, authentication, and confidentiality of the information being transmitted.
- The Systems and Application Security section identifies and defines technical and non-technical attacks and how an organization can protect itself from these attacks including the concepts in endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments.