I.       Overview:

Led by an (ISC)² authorized instructor, the Official (ISC)² SSCP CBK Training Seminar provides a comprehensive review of information security concepts and industry best practices, covering the 7 domains of the SSCP CBK:

• Access Controls
• Security Operations and Administration
• Risk Identification, Monitoring, and Analysis
• Incident Response and Recovery
• Cryptography
• Networks and Communications Security
• Systems and Application Security

Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. This interactive learning technique is based on sound adult learning theories.

This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the SSCP exam and features:

• Official (ISC)² courseware
• Taught by an authorized (ISC)² instructor
• Student handbook
• Collaboration with classmates
• Real-world learning activities and scenarios

II.    Duration: 40 hours.

III. Objectives:

-       Understand the different Access Control systems and how they should be implemented to protect the system and data using the different levels of confidentiality, integrity, and availability.

-       Understand the processes necessary for working with management and information owners, custodians, and users so that proper data classifications are defined. This will ensure the proper handling of all hard copy and electronic information as it is applied by the Security Operations and Administration.

-       The Risk Identification, Monitoring, and Analysis Domain identifies the how to identify, measure, and control losses associated with adverse events. You will review, analyze, select, and evaluate safeguards for mitigating risk.

-       Identify how to handle Incident Response and Recovery using consistent, applies approaches including the use of the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) concepts in order to mitigate damages, recover business operations, and avoid critical business interruption; and emergency response and post-disaster recovery.

-       Identify and differentiate key cryptographic concepts and how to apply them, implement secure protocols, key management concepts, key administration and validation, and Public Key Infrastructure as it applies to securing communications in the presence of third parties.

-       Define and identify the Networks and Communications Security needed to secure network structure, data transmission methods, transport formats, and the security measures used to maintain integrity, availability, authentication, and confidentiality of the information being transmitted.

-       The Systems and Application Security section identifies and defines technical and non-technical attacks and how an organization can protect itself from these attacks including the concepts in endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments.

IV. Intended Audience:

This training course is intended for those with proven technical skills and practical, hand-on security knowledge in operational IT roles. The candiate is required to have a minimum of 1 year of cumulative paid full-time work experience in 1 of the 7 domains of the SSCP CBK. The training seminar is ideal for those working in positions such as, but not limited to: 

-       Network Security Engineer

-       Systems/Network Administrator

-       Security Analyst

-       Systems Engineer

-       Security Consultant/Specialist

-       Security Administrator

-       Systems/Network Analyst

-       Database Administrator

V.    Course outlines:

1.        Access Controls

• Implement Authentication Mechanisms
• Operate Internetwork Trust Architectures
• Participate in Identity – Management Lifecycle
• Implement Access Controls

2.      Security Operations and Administration

• Understand and Comply with Code of Ethics
• Understand Security Concepts
• Document and Operate Security Controls
• Participate in Asset Management
• Implement and Assess Compliance with Controls
• Participate in Change Management
• Participate in Security Awareness and Training
• Participate in Physical Security Operations

3.      Risk Identification, Monitoring and Analysis

• Understand The Risk Management Process
• Perform Security Assessment Activities
• Operate and Maintain Monitoring Systems
• Analyze Monitoring Results

4.      Incident Response and Recovery

• Participate in Incident Handling
• Understand and Support Forensic Investigations
• Understand and Support Business Continuity Plan (BCP) And Disaster Recovery Plan (DRP)

5.      Cryptography       

• Understand and Apply Fundamental Concepts and Cryptography
• Understand Requirements for Cryptography
• Understand and Support Secure Protocols
• Operate and Implements Cryptographic Systems

6.      Networks and Communication Security       

• Understanding Security Issues Related to Networks
• Protect Telecommunications Technologies
• Control Network Access
• Manage LAN-Based Security
• Operate Configure Network-Based Security Devices
• Implement and Operate Wireless Technologies

7.      Systems and Application Security       

• Identify and Analyze Malicious Code Activity
• Implement and Operate in Point Device Security
• Operate Configure Cloud Security
• Secure Big Data Systems
• Operating Secure Virtual Environments