Systems Security Certified Practitioner (SSCP) (CS8521)

The (ISC)² Systems Security Certified Practitioner (SSCP) five-day course covers seven domains which they describe as 'the compendium of topics pertaining to an Information Systems Security Practitioner', the CBK (Common Body of Knowledge). The seven domains maps directly to the seven modules of this course listed below, it is referred to as a taxonomy or collection of past, present and future topics around Information Security.

The SSCP is aimed at security go-to-people, on the front line of a business dealing with technologies employed to protect Information. If you are responsible for implementing and maintaining countermeasures such as Firewalls, Intrusion Detection or Prevention, Anti-Virus solutions or Public Key Infrastructures and you want a certification to attest to your skills and professionalism within Information Security, this is it.

Pohađajte naše obuke iz oblasti informatičke bezbednosti u Beogradu, putem virtuelne učionice (online, uživo) ili u vašim prostorijama (on-site).

Specijalni popusti se odobravaju prilikom prijave više učesnika koji istovremeno pohađaju obuku iz vaše kompanije, državni i neprofitni sektor, itd. Kontaktirajte nas da biste saznali više.

Termini obuke

Trajanje obuke:

5 dana / 35 sati

Privatni trening

On-site / Online

Minimalan broj polaznika: 4

5 dana / 35 sati

Cena na zahtev

srpski ili engleski

Kontaktirajte nas

Plan obuke:

Module 1: Access Controls

Implement authentication mechanisms
- Single/multifactor authentication
- Single sign-on
- Offline authentication
- Device authentication
Operate internetwork trust architectures
- One-way trust
- Two-way trust
- Transitive trust
Administer identity management lifecycle
- Authorization
- Proofing
- Provisioning
- Maintenance
- Entitlement
Implement access controls
- Mandatory
- Non-discretionary
- Discretionary
- Role-based
- Attribute-based

Module 2: Security Operations

Understand and comply with Codes of Ethics
- (ISC)² code of ethics
- Organizational code of ethics
Understand security concepts
- Confidentiality
- Integrity
- Availability
- Non-repudiation
- Privacy
- Least privilege
- Separation of duties
- Defense-in-depth
- Risk-based controls
- Authorization and accountability
Document and operate security controls
- Deterrent controls
- Preventative
- Corrective
Participate in asset management
- Lifecycle
- Hardware
- Software
- Data
Implement and assess compilance with controls
- Technical controls
- Operational controls
- Managerial controls
Participate in change management duties
- Implementation and configuration management plan
- Security impact assessment
- System architecture/interoperability of systems
- Testing patches, fixes, and updates
Participate in security awareness and training
Participate in physical security operations

Module 3: Risk Identification, Monitoring, and Analysis

Understand the risk management process
- Risk management concepts
- Risk assessment
- Risk treatment
- Risk visibility and reporting
- Audit findings
Perform security assessment activities
- Participation in security and testing results
- Penetration testing
- Internal and external assessment
- Vulnerability scanning
- Interpretation and reporting of scanning and testing results
Operate and maintain monitoring systems
- Events of interest
- Logging
- Source systems
Analyze and report monitoring results
- Security analytics, metrics, and trends
- Visualization
- Event data analysis
- Communicate findings

Module 4: Incident Response and Recovery

Incident handling
- Discovery
- Escalation
- Reporting and feedback loops
- Incident response
- Implementation of countermeasures
Forensic investigations
Business continuity planning (BCP) and disaster recovery planning (DRP)
- Emergency response plans and procedures
- Interim or alternate processing strategies
- Restoration planning
- Backup and redundancy implementation
- Testing and drills

Module 5: Cryptography

Foundamental concepts of cryptography
- Evaluation of algorithms
- Hashing
- Salting
- Symmetric/asymmetric cryptography
- Digital signatures
- Non-repudiation
Requirements for cryptography
Secure protocols
Cryptographic systems
- Fundamental key management concepts
- Public key infrastructure
- Administration and validation
- Web of Trust
- Implementation of secure protocols

Module 6: Networks and Communications Security

Security issues related to networks
- OSI and TCP/IP models
- Network topographies and relationships
- Commonly used ports and protocols
Telecommunications technologies
- Converged communications
- VoIP
- POTS, PBX
- Cellular
- Attacks and countermeasures
Network access
- Access control and monitoring
- Access control standards and protocols
- Remote Access operation and configuration
- Attacks and countermeasures
LAN-based security
- Separation of data plane and control plane
- Segmentation
- MACsec
Secure device management
Network-based security devices
- Firewalls and proxies
- Network intrusion detection/prevention systems
- Routers and switches
- Traffic shaping devices
- Frameworks for data sharing
Wireless technologies
- Transmission security
- Wireless security devices
- Common vulnerabilities and countermeasures

Module 7: Systems and Application Security

Identify and analyze malicious code and activity
- Malicious code
- Malicious code countermeasures
- Malicious activity
- Malicious activity countermeasures
Implement and operate end-point device security
- HIDS
- Host-based firewalls
- Application white listing
- Endpoint encryption
- Trusted platform module
- Mobile device management
- Secure browsing
Operate and configure cloud security
- Operation models
- Service models
- Virtualization
- Legal and privacy concerns
- Data storage and transmission
- Third-party/outsourcing implications
Secure big data systems
- Application vulnerabilities
- Architecture or design vulnerabilities
Operate and secure virtual environments
- Software-defined network (SDN)
- Hypervisor
- Virtual appliances
- Continuity and resilience
- Attacks and countermeasures
- Shared storage