CISSP not technical enough for your career goals but you are looking for something that packs as much punch for hiring managers? If that is you then the SSCP is exactly what you are looking for. It really does give you the best of both worlds now lets get into the details about why.
The Systems Security Certification Practitioner (SSCP) certification is a venture of cyber-security experts at (ISC)2. The certification is considered an acknowledgment of the knowledge and skills required to manage (monitor and administer) the Organization’s IT infrastructure and securing critical assets through security best practices and policies.
SSCP FAST FACTS
- Introduced in the Year 2001
- Approved by Department of Defense (DoD)
- Compliant with ANSI/ISO/IEC Standard 17024
- Over 125,000 SSCP Professionals worldwide
- Exam Available in Three Languages (English, Japanese, Brazilian Portuguese) in 114 Countries (882 Locations)
WHO SHOULD BECOME SYSTEMS SECURITY CERTIFICATION PRACTITIONER?
SSCP is ideal for the professionals responsible for hands-on security operations regarding the critical assets of organizations. The professionals working on the following positions can greatly benefit from SSCP certification.
- Network Security Engineer
- Systems Engineer
- Security Consultant
- Security Specialist
- Systems Analyst
- Network Analyst
- Systems Administrator
- Security Analyst
- Security Administrator
- Database Administrator
HOW TO BECOME SYSTEMS SECURITY CERTIFICATION PRACTITIONER?
Candidates interested in SSCP certification must pass an SSCP exam.
SSCP Prerequisite: A minimum of 1 year of cumulative work experience in any of the seven domains of SSCP Common Body of Knowledge (CBK) is required to become eligible for the SSCP exam. Candidates having a degree in the following cyber-security programs are granted a one-year pre-requisite pathway (relaxation).
- Computer Science
- Computer Engineering
- Information Technology
- Management Information Systems (MIS)
- Computer Systems Engineering
Candidates without prior work experience or cyber-security degrees can become Associate of SSCP by successfully passing the exam. The associates earn the complete SSCP title after gaining at least 1 year of experience in the SSCP domains.
SSCP Exam format: SSCP exam is based on the seven domains mentioned in SSCP CBK. Following is the SSCP exam outline effective from November 2018.
Exam Questions: 125
Questions Format: Multiple Choice Questions
Exam Duration: 3 Hours
Passing Score: 700/1000
Available Languages: (i) English (ii) Japanese (iii) Brazilian Portuguese
Test Centers: Pearson VUE
SSCP CBK DOMAINS
Candidates interested in SSCP certification are tested in the following seven areas (domains) through the SSCP exam.
|Networks and Communications Security||16%|
|Systems and Applications Security||15%|
|Risk Identification, Monitoring, and Analysis||15%|
|Security Operations and Administration||15%|
|Incident Response and Recovery||13%|
Following is a brief overview of the seven domains covered in the SSCP exam.
DOMAIN 1: ACCESS CONTROL
- Implementing and maintaining authentication methods, such as single-factor authentication, multifactor authentication, federated access, device authentication, and single sign-on.
- Knowledge of internetwork trust architecture i-e trust relationships, extranet, and third party connections.
- Implementing different types of access controls like mandatory, discretionary, non-discretionary, subject-based, object-based, role-based, and attribute-based access control.
- Understanding of identity management lifecycle including authorization, proofing, provisioning, maintenance, entitlement, and IAM (Identity and Access Management) systems.
DOMAIN 2: NETWORKS AND COMMUNICATIONS SECURITY
- Understanding and applying networks fundamental concepts. This includes knowledge of the OSI model, TCP/IP model, network topologies, transmission media, network relationships, ports, and common network protocols.
- Knowledge of different types of network attacks and appropriate remediation.
- Information about network access control protocols and standards, network access control management, and remote access operation and configuration knowledge.
- Managing network security through the physical and logical placement of network devices, secure device management, and segmentation.
- Ability to run and configure network-based security devices, such as firewalls, routers, switches, Network Intrusion Detection System (NIDS), and Network Intrusion Prevention System (NIPS)
- Operating and configuring wireless technologies like NFC, Wifi, Bluetooth, etc.
DOMAIN 3: SYSTEMS AND APPLICATIONS SECURITY
- Identification and analysis of different types of malware (like rootkits, Trojans, viruses, ransomware, trapdoors, and backdoors) and malicious code
- Countermeasures against malware and malicious codes.
- Implementing endpoint device security through different techniques like firewalls, Hosts-based Intrusion Detection System (HIDS), endpoint encryption, devices whitelisting, etc.
- Knowledge of cloud security operation and configuration.
- Virtual environment operation and security
DOMAIN 4: RISK IDENTIFICATION, MONITORING, AND ANALYSIS
- Knowledge of risk management processes, frameworks, treatments, and reporting
- Ability to perform security assessment activities like security testing, scanning interpretation, results reporting, and remediation validation.
- Monitoring events (anomalies, unauthorized changes, intrusions, etc.), logging, source systems, and maintaining the monitoring systems.
- Analyzing results gathered through monitoring.
DOMAIN 5: SECURITY OPERATIONS AND ADMINISTRATION
- Compliance with (ISC)2 and the organizational code of ethics.
- Knowledge of essential security concepts like confidentiality, integrity, availability, accountability, non-repudiation, privacy, privileges, and segregation of duties.
- Implementing, maintaining, and documenting preventive, detective, deterrent, compensating, and corrective security controls.
- Knowledge of asset management lifecycle, data storage, hardware, and software inventory, and licensing.
- Implementation of technical, physical, and administrative controls.
- Compliance assessment through periodic audit and review.
- Executing change management process, identifying security impacts, and testing (or implementing) security patches and updates.
- Performing physical security operations like data center assessments and badging.
- Participation in security training and awareness programs.
DOMAIN 6: INCIDENT RESPONSE AND RECOVERY
- Knowledge of Incident response lifecycle (preparations, detection, containment, eradication, recovery, and future precautions.
- Understanding of legal and ethical principles of forensic investigations including evidence handling (first response, the chain of custody, preservation, etc.)
- Understanding and supporting disaster recovery plan (drp) and business recovery plan (brp).
DOMAIN 7: CRYPTOGRAPHY
- Knowledge of basic concepts of cryptography, such as encryption, symmetric and asymmetric encryption, encryption algorithms, salting, hashing, elliptic curve cryptography (ecc), and different types of cryptographic attacks.
- Understanding cryptography requirements (confidentiality, integrity, authenticity, data sensitivity, and regulatory).
- Knowledge of protocols like S/MIME, TLS, IPSec, and DKIM, and their limitations (vulnerabilities).
- Understanding Public Key Infrastructure (PKI) concepts like key management and web of trust.
SSCP ENDORSEMENT AND RENEWAL POLICY
Candidates who successfully pass SSCP exam are given a period of nine months to complete the endorsement process. The endorsement process is required to attest to the applicant’s experience and good standing in cyber-security industry. The attestation can be performed by any (ISC)2 members. Candidates who successfully earn the SSCP certification also become members of (ISC)2. SSCP certification is valid for a period of 3 years. SSCP holders can recertify themselves by earning sixty Continuing Professional Education (CPE) credits. (ISC)2 offers free CPE earning opportunities to professionals who participate in (ISC)2 webinars, attend events, write reviews, or publish (ISC)2 related articles in journals.