logo

Systems Security Certified Practitioner (SSCP) (CS8521)

The (ISC)² Systems Security Certified Practitioner (SSCP) five-day course covers seven domains which they describe as 'the compendium of topics pertaining to an Information Systems Security Practitioner', the CBK (Common Body of Knowledge). The seven domains maps directly to the seven modules of this course listed below, it is referred to as a taxonomy or collection of past, present and future topics around Information Security.

The SSCP is aimed at security go-to-people, on the front line of a business dealing with technologies employed to protect Information. If you are responsible for implementing and maintaining countermeasures such as Firewalls, Intrusion Detection or Prevention, Anti-Virus solutions or Public Key Infrastructures and you want a certification to attest to your skills and professionalism within Information Security, this is it.

Pohađajte naše obuke iz oblasti informatičke bezbednosti u Beogradu, putem virtuelne učionice (online, uživo) ili u vašim prostorijama (on-site).

Specijalni popusti se odobravaju prilikom prijave više učesnika koji istovremeno pohađaju obuku iz vaše kompanije, državni i neprofitni sektor, itd. Kontaktirajte nas da biste saznali više.

Termini obuke

Trajanje obuke: 
5 dana / 35 sati

Privatni trening

On-site / Online
Minimalan broj polaznika: 4
5 dana / 35 sati
Cena na zahtev
srpski ili engleski
Plan obuke: 

Module 1: Access Controls

  • Implement authentication mechanisms
    • Single/multifactor authentication
    • Single sign-on
    • Offline authentication
    • Device authentication
  • Operate internetwork trust architectures
    • One-way trust
    • Two-way trust
    • Transitive trust
  • Administer identity management lifecycle
    • Authorization
    • Proofing
    • Provisioning
    • Maintenance
    • Entitlement
  • Implement access controls
    • Mandatory
    • Non-discretionary
    • Discretionary
    • Role-based
    • Attribute-based

Module 2: Security Operations

  • Understand and comply with Codes of Ethics
    • (ISC)² code of ethics
    • Organizational code of ethics
  • Understand security concepts
    • Confidentiality
    • Integrity
    • Availability
    • Non-repudiation
    • Privacy
    • Least privilege
    • Separation of duties
    • Defense-in-depth
    • Risk-based controls
    • Authorization and accountability
  • Document and operate security controls
    • Deterrent controls
    • Preventative
    • Corrective
  • Participate in asset management
    • Lifecycle
    • Hardware
    • Software
    • Data
  • Implement and assess compilance with controls
    • Technical controls
    • Operational controls
    • Managerial controls
  • Participate in change management duties
    • Implementation and configuration management plan
    • Security impact assessment
    • System architecture/interoperability of systems
    • Testing patches, fixes, and updates
  • Participate in security awareness and training
  • Participate in physical security operations

Module 3: Risk Identification, Monitoring, and Analysis

  • Understand the risk management process
    • Risk management concepts
    • Risk assessment
    • Risk treatment
    • Risk visibility and reporting
    • Audit findings
  • Perform security assessment activities
    • Participation in security and testing results
    • Penetration testing
    • Internal and external assessment
    • Vulnerability scanning
    • Interpretation and reporting of scanning and testing results
  • Operate and maintain monitoring systems
    • Events of interest
    • Logging
    • Source systems
  • Analyze and report monitoring results
    • Security analytics, metrics, and trends
    • Visualization
    • Event data analysis
    • Communicate findings

Module 4: Incident Response and Recovery

  • Incident handling
    • Discovery
    • Escalation
    • Reporting and feedback loops
    • Incident response
    • Implementation of countermeasures
  • Forensic investigations
  • Business continuity planning (BCP) and disaster recovery planning (DRP)
    • Emergency response plans and procedures
    • Interim or alternate processing strategies
    • Restoration planning
    • Backup and redundancy implementation
    • Testing and drills

Module 5: Cryptography

  • Foundamental concepts of cryptography
    • Evaluation of algorithms
    • Hashing
    • Salting
    • Symmetric/asymmetric cryptography
    • Digital signatures
    • Non-repudiation
  • Requirements for cryptography
  • Secure protocols
  • Cryptographic systems
    • Fundamental key management concepts
    • Public key infrastructure
    • Administration and validation
    • Web of Trust
    • Implementation of secure protocols

Module 6: Networks and Communications Security

  • Security issues related to networks
    • OSI and TCP/IP models
    • Network topographies and relationships
    • Commonly used ports and protocols
  • Telecommunications technologies
    • Converged communications
    • VoIP
    • POTS, PBX
    • Cellular
    • Attacks and countermeasures
  • Network access
    • Access control and monitoring
    • Access control standards and protocols
    • Remote Access operation and configuration
    • Attacks and countermeasures
  • LAN-based security
    • Separation of data plane and control plane
    • Segmentation
    • MACsec
  • Secure device management
  • Network-based security devices
    • Firewalls and proxies
    • Network intrusion detection/prevention systems
    • Routers and switches
    • Traffic shaping devices
    • Frameworks for data sharing
  • Wireless technologies
    • Transmission security
    • Wireless security devices
    • Common vulnerabilities and countermeasures

Module 7: Systems and Application Security

  • Identify and analyze malicious code and activity
    • Malicious code
    • Malicious code countermeasures
    • Malicious activity
    • Malicious activity countermeasures
  • Implement and operate end-point device security
    • HIDS
    • Host-based firewalls
    • Application white listing
    • Endpoint encryption
    • Trusted platform module
    • Mobile device management
    • Secure browsing
  • Operate and configure cloud security
    • Operation models
    • Service models
    • Virtualization
    • Legal and privacy concerns
    • Data storage and transmission
    • Third-party/outsourcing implications
  • Secure big data systems
    • Application vulnerabilities
    • Architecture or design vulnerabilities
  • Operate and secure virtual environments
    • Software-defined network (SDN)
    • Hypervisor
    • Virtual appliances
    • Continuity and resilience
    • Attacks and countermeasures
    • Shared storage

Appendix A: Answers to Sample Questions

Appendix B: DNSSEC Walkthrough

Appendix C: Glossary of Terms Related to the SSCP

Benefiti: 
  • Video snimak predavanja u periodu od 180 dana posle kraja obuke

  • Materijal u elektronskom obliku

  • Sertifikat o pohađanju kursa

O sertifikaciji: 

Ispit:

  • Priprema za Systems Security Certified Practitioner (SSCP) sertifikaciju
  • Cena: 250 USD
  • Vrste pitanja: Višestruki izbor i napredna inovativna pitanja
  • Struktura ispita
    • 1. Access Controls 16%
    • 2. Security Operations and Administration 15%
    • 3. Risk Identification, Monitoring, and Analysis 15%
    • 4. Incident Response and Recovery 13%
    • 5. Cryptography 10%
    • 6. Network and Communications Security 16%
    • 7. Systems and Application Security 15%
  • Trajanje: 3 sata
  • Broj pitanja: 125
  • Jezik: engleski
  • Prolazna ocena: 700/1000
  • Svi detalji...

Kontaktirajte nas za više informacija o ceni:

Eccentrix
Office: +381 11 71 38 192
Mobile: +381 69 3138 100
E-mail: Ivana.Velickovic@eccentrix.rs

Milutina Milankovića 9đ,
11070 Novi Beograd
www.eccentrix.rs

Eccentrix
Office: +381 11 71 38 192
Mobile: +381 65 2390 001
E-mail: Jelena.Der@eccentrix.rs

Milutina Milankovića 9đ,
11070 Novi Beograd
www.eccentrix.rs