Overview
Pursue better IT security job opportunities and prove knowledge with confidence. The SSCP Professional Training Certificate shows employers you have the IT security foundation to defend against cyber attacks – and puts you on a clear path to earning SSCP certification.
Learn on your own schedule with 120-day access to content aligned with the latest ISC2 SSCP exam domains.
3 Steps to Career Advancement
1. Register for the course
2. Gain access for 120 days
3. Register and sit for the SSCP certification exam
Upon completing the SSCP Professional Certificate, you will:
1. Complete seven courses of preparing you to sit for the Systems Security Certified Practitioner (SSCP) certification exam as outlined below.
Course 1 - Security Concepts and Practices
Course 2 - Access Control
Course 3 - Risk Identification, Monitoring, and Analysis
Course 4 - Incident Response and Recovery
Course 5 - Cryptography
Course 6 - Network and Communications Security
Course 7 - Systems and Application Security
2. Receive a certificate of program completion.
3. Understand how to implement, monitor and administer an organization’s IT infrastructure in accordance with security policies and procedures that ensure data confidentiality, integrity and availability.
Syllabus
Course 1: Security Concepts and Practices
- Offered by ISC2. Course 1 - Security Concepts and Practices This is the first course under the specialization SSCP. In this course, we ... Enroll for free.
Course 2: Access Control
- Offered by ISC2. Course 2 - Access Controls This is the second course under the specialization SSCP. In this course, we will examine the ... Enroll for free.
Course 3: Risk Identification, Monitoring, and Analysis
- Offered by ISC2. Course 3 - Risk Identification, Monitoring and Analysis This is the third course under the specialization SSCP In this ... Enroll for free.
Course 4: Incident Response and Recovery
- Offered by ISC2. Course 4 - Incident Response and Recovery This is the fourth course under the specialization SSCP In this course, we ... Enroll for free.
Course 5: Cryptography
- Offered by ISC2. Course 5 - Cryptography This is the fifth course under the specialization SSCP. In this course, we will explore the ... Enroll for free.
Course 6: Network and Communications Security
- Offered by ISC2. Course 5: Network and Communications Security Welcome to course five: network and communication security. As we know, the ... Enroll for free.
Course 7: Systems and Application Security
- Offered by ISC2. Course 7 - Systems and Application Security This is the seventh course under the specialization SSCP. This course ... Enroll for free.
- Offered by ISC2. Course 1 - Security Concepts and Practices This is the first course under the specialization SSCP. In this course, we ... Enroll for free.
Course 2: Access Control
- Offered by ISC2. Course 2 - Access Controls This is the second course under the specialization SSCP. In this course, we will examine the ... Enroll for free.
Course 3: Risk Identification, Monitoring, and Analysis
- Offered by ISC2. Course 3 - Risk Identification, Monitoring and Analysis This is the third course under the specialization SSCP In this ... Enroll for free.
Course 4: Incident Response and Recovery
- Offered by ISC2. Course 4 - Incident Response and Recovery This is the fourth course under the specialization SSCP In this course, we ... Enroll for free.
Course 5: Cryptography
- Offered by ISC2. Course 5 - Cryptography This is the fifth course under the specialization SSCP. In this course, we will explore the ... Enroll for free.
Course 6: Network and Communications Security
- Offered by ISC2. Course 5: Network and Communications Security Welcome to course five: network and communication security. As we know, the ... Enroll for free.
Course 7: Systems and Application Security
- Offered by ISC2. Course 7 - Systems and Application Security This is the seventh course under the specialization SSCP. This course ... Enroll for free.
Courses
-
Course 4 - Incident Response and Recovery This is the fourth course under the specialization SSCP In this course, we will focus on incident response and recovery. We will explore the incident life cycle as defined by NIST and continue with a deeper look at supporting forensic investigations. We will also extend these ideas and concepts around the theme of business continuity and disaster recovery. Course 4 Learning Objectives After completing this course, the participant will be able to: - Identify the elements of an incident response policy and members of the incident response team (IRT). - Evaluate the security professional’s role in supporting forensic investigations. - Explain how the security professional supports activities of business continuity and disaster recovery planning. Who Should Take This Course: Beginners Experience Required: No prior experience required
-
Course 2 - Access Controls This is the second course under the specialization SSCP. In this course, we will examine the business of controlling how our systems, services, resources and data can be Safely accessed only by those authorized to do so. We will discuss authentication methods, trust, the identity management life cycle and access control models. Course 2 Learning Objectives After completing this course, the participant will be able to: - Categorize identity and access management implementation authentication methods. - Discuss the importance of trust from a security standpoint. - Compare levels of trust among various relationships and internetwork architectures. - Explain the implications of trust among third-party connections. - Differentiate among the activities of the identity management life cycle. - Categorize various access control models. - Define the elements, methods, and processes used when administering access control models. Who Should Take This Course: Beginners Experience Required: No prior experience required
-
Course 5 - Cryptography This is the fifth course under the specialization SSCP. In this course, we will explore the field of cryptography, including public-key infrastructures (PKIs), certificates, and digital signing. Here we enter the realm of confidentiality, integrity, and availability, since we use cryptography to protect data from unauthorized disclosure and improper modification and use encryption to regulate the ability of users to log in to systems and applications. Course 5 Learning Objectives After completing this course, the participant will be able to: - Recognize the impacts of cryptography on confidentiality, integrity, and authenticity. - Determine the requirements for cryptography when handling sensitive data. - Identify regulatory and industry best practices in cryptography. - Define cryptography entropy. - Differentiate common cryptographic techniques used to enhance the security of sensitive data including hashing, salting, symmetric/asymmetric encryption, and elliptic curve cryptography. - Identify the features and requirements of nonrepudiation. - Compare the strength of different encryption algorithms and keys. - Describe the process of identifying and addressing cryptographic attacks. - Define the features of and the implementation process of secure services and protocols. - Discuss common use cases for secure services and protocols. - Explain limitations and vulnerabilities in the implementation of secure protocols. - Summarize fundamental key management concepts. - Describe the features of the Web of Trust (WoT) in relation to cryptographic protocols. Who Should Take This Course: Beginners Experience Required: No prior experience required
-
Course 5: Network and Communications Security Welcome to course five: network and communication security. As we know, the explosive growth in networks, connectivity, and communications has paved the way for unprecedented transformation of business, personal, and government services into electronic, web enabled forms. This growth in e-business and e-commerce greatly expanded the threat surface. Fraudsters, criminals, unscrupulous business competitors, nation states, and non-nation state actors can take harmful actions against others worldwide. For decades, the world has operated on what is basically a network monoculture. One set of protocols and standards are used to power most of the internet, the worldwide, web e-commerce, and e-business. These standards include the open systems interconnection seven layer model from international organization for standardization and transmission. And the control protocol over internet protocol model from internet engineering taskforce. Almost every laptop, many smart devices, and other such end points use these standards to communicate with servers, and applications, and businesses, and governments. Therefore these models, or protocol stacks become our map of the threat surface. Security professionals need to have a solid understanding of modern networks and internet work concepts, techniques, technologies, and security issues. Their work is like police patrols, because they need to be familiar with the neighborhood's environment. Security professionals need to know the best ways to keep the neighborhood secure and to defend against attacks. The need for such a policing mentality is particularly urgent if the company has limited or no remote visibility into its operational technology systems. For this course, in module one, we start with a brief orientation to the network neighborhood, through the open systems interconnection seven layer, and transmission control protocol over internet protocol models. Then, we dive into all eight layers of this combined protocol stack. Introducing the key technologies at each layer and their regular use. In module two, we look at the various protocols that run on top of this architecture. In module three, we focus on attack and defensive strategies and tactics and build on the industry leading approach to put threat surface analysis into both the attackers and defenders operational context. In the last module, we bring these ideas together into a network security management and monitoring perspective. Now, let's discuss these four modules in detail. Course 5 Learning Objectives After completing this course, the participant will be able to: L5.1 - Recognize layers of the OSI model, their functions and attacks present at each layer. L5.2 - Identify commonly used ports and protocols. L5.3 - Select appropriate countermeasures for various network attacks. L5.4 - Summarize best practices for establishing a secure networked environment. Course Agenda Module 1: Apply the Fundamental Concepts of Networking (Domain 6 - Network and Communications Security) Module 2: Securing Ports and Protocols (Domain 6 - Network and Communications Security) Module 3: Network Attacks and Countermeasures (Domain 6 - Network and Communications Security) Module 4: Manage Network Security (Domain 6 - Network and Communications Security) Who Should Take This Course: Beginners Experience Required: No prior experience required
-
Course 3 - Risk Identification, Monitoring and Analysis This is the third course under the specialization SSCP In this course, we will explore how to manage the risks related to information systems. It is time to bring these ideas together in a context of continuous maturity modeling, measuring, and monitoring, which we will see is focused on the here and now. Risk alignment works best at the strategic, long-term level of planning; risk maturation, by contrast, can be most effective when considered in the day-to-day of business operations. This is sometimes called operationalizing the approach to risk management and maturation. Course 3 Learning Objectives After completing this course, the participant will be able to: - Identify common risks and vulnerabilities. - Describe risk management concepts. - Recognize risk management frameworks. - Provide examples of appropriate risk tolerance. - Provide examples of appropriate risk treatment. - Identify risks of noncompliance with laws and regulations. - Identify appropriate methods for risk management frameworks implementation. - Indicate the range and scope of risk review. - Identify the components of risk review. - Describe vulnerability assessment activities used to examine all aspects of network and system security. - Review the steps for monitoring, incident detection, and data loss prevention. - Classify the use of tools that collect information about the IT environment to better examine the organization’s security posture. - Identify events of interest to focus on those that may be part of an attack or intrusion. - Select methods for managing log files. - Describe tools and methods for analyzing the results of monitoring efforts. - Identify communication requirements when documenting and reporting the results of monitoring security platforms. Who Should Take This Course: Beginners Experience Required: No prior experience required
-
Course 1 - Security Concepts and Practices This is the first course under the specialization SSCP. In this course, we will focus on the core aspects of security concepts and practice, starting with the importance of codes of ethics. We will then cover the basic principles of information security and move on to describe security controls, their implementation, maintenance, and assessment. We will also address the identification of corporate assets and the change management life cycle. We will then explain the importance of awareness and training and conclude with an exploration of physical security operations. Course 1 Learning Objectives After completing this course, the participant will be able to: - Recall the ISC2 Code of Ethics. - Explain the importance of an organizational code of ethics in the cybersecurity profession. - Compare the security concepts of confidentiality, integrity, and availability. - Apply accountability in the implementation of certain data protection controls. - Explain the concept of non-repudiation. - Discuss the concept of least privilege. - Indicate the importance of segregation of duties. - Differentiate technical, physical, and administrative security controls. - Relate security controls to considerations of assessing compliance requirements and organizational needs. - Indicate the importance of periodic audit and review of security controls. - Categorize various control types or technologies based on their different roles as part of an overall security structure and posture. - Summarize the security of assets all through the stages of their life cycle. - Examine operational requirements of change management. - Categorize security education and awareness strategies. - Define measurements for gauging the effectiveness of a security education and awareness program. - Indicate strategies that security professionals can use to collaborate with physical security operations. Who Should Take This Course: Beginners Experience Required: No prior experience required
-
Course 7 - Systems and Application Security This is the seventh course under the specialization SSCP. This course discusses two major changes in recent years to how we use our data: going mobile and using the cloud. First, we use our data on the go by means of data services provided to our mobile phones, Wi-Fi, and other devices. Second, so many of the enhanced functions we take for granted in our daily personal and professional lives are made possible by cloud services, where our data is stored or processed. Course 7 Learning Objectives After completing this course, the participant will be able to: - Classify different types of malware. - Determine how to implement malware countermeasures. - Identify various types of malicious activities. - Develop strategies for mitigating malicious activities. - Describe various social engineering methods used by attackers. - Explain the role of behavior analytics technologies in detecting and mitigating threats. - Explain the role and functionality of host-based intrusion prevention system (HIPS), host-based intrusion detection system (HIDS), and host-based firewalls. - Evaluate the benefits of application whitelisting in endpoint device security. - Explain the concept of endpoint encryption and its role in endpoint security. - Describe the role and functionality of Trusted Platform Module (TPM) technology in providing hardware-based security features. - Identify the steps in implementing secure browsing practices using digital certificates and secure communication protocols. - Explain the concept of endpoint detection and response (EDR) and its role in providing real-time monitoring, detection, investigation, and response capabilities to identify and mitigate advanced threats and security incidents on endpoint devices. - Identify provisioning techniques for mobile devices. - Explain the concept of containerization and how it contributes to effective mobile device management. - Explain how encryption contributes to effective mobile device management. - Describe the process of Mobile Application Management (MAM) to effectively manage the life cycle of mobile applications. - Distinguish among public, private, hybrid, and community deployment models in cloud security. - Distinguish among various service models and their impact on cloud security practices. - Describe virtualization technologies and their role in maintaining cloud security. - Identify legal and regulatory concerns related to cloud security. - Determine strategies to implement data storage, processing, and transmission while maintaining cloud security. - Explain the requirements and considerations associated with third-party services and outsourcing in cloud storage. - Explain the concept of the shared responsibility model in cloud storage. - Identify steps to manage and secure hypervisor environments. - Explain how to deploy, configure, and maintain virtual appliances within virtualized environments. - Determine the process for managing containerized environments. - Describe the best practices of storage management in virtualized environments. - Develop strategies for ensuring business continuity and resilience in virtualized environments. - Analyze potential threats and attacks targeting virtual environments. Who Should Take This Course: Beginners Experience Required: No prior experience required
Taught by
ISC2 Education & Training