Systems Security Certified Practitioner (SSCP) – Outline

Detailed Course Outline

Access Controls – Underlying principles of access control systems and how to implement, manage and secure those systems, including internetwork trust architectures, federated identity management, identity management lifecycle, and various access control frameworks.

  • Implement Authentication Mechanisms
  • Operate Internetwork Trust Architectures
  • Par ticipate in the Identity-Management Lifecycle
  • Implement Access Controls


Security Operations and Administration – Identification of information assets and documentation of policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability.

  • Understand and Comply with Code of Ethics
  • Understand Security Concepts
  • Document and Operate Security Controls
  • Par ticipate in Asset Management
  • Implement and Assess Compliance with Controls
  • Par ticipate in Change Management
  • Par ticipate in Security Awareness and Training
  • Par ticipate in Physical Security Operations


Risk Identification, Monitoring and Analysis – Identification, evaluation and prioritization of potential threats and the systematic application of resources to monitor, manage and mitigate those threats. Includes risk management concepts,assessment activities, and monitoring terminology, techniques and systems.

  • Understand the Risk Management Process
  • Perform Security Assessment Activities
  • Operate and Maintain Monitoring Systems
  • Analyze Monitoring Results

Incident Response and Recovery – Properly implement and exercise incident handling processes and procedures that provide rapid and consistent approach to addressing security incidents, suppor ting forensic investigations, Business Continuity Planning (BCP) and Disaster Recover y Planning (DRP).

  • Par ticipate in Incident Handling
  • Understand and Suppor t Forensic Investigations
  • Understand and Suppor t Business Continuity
  • Plan (BCP) and Disaster Recover y Plan (DRP)

Cryptography – Understand common cr yptographic concepts, methodologies, and technologies, including legal and regulator y requirements, key management concepts, public key infrastructure, and the implementation and use of secure protocols.

  • Understand and Apply Fundamental Concepts of Cr yptography
  • Understand Requirements for Cr yptography
  • Understand and Suppor t Secure Protocols
  • Operate and Implement Cr yptographic Systems

Networks and Communications Security – Encompasses network architecture, transmission methods, transpor t formats, control devices, and security measures used to maintain the confidentiality, integrity, and availability of the information transmitted over communication networks.

  • Understand Security Issues Related to Networks
  • Protect Telecommunications Technologies
  • Control Network Access
  • Manage LAN-based Security
  • Operate and Configure Network-based Security Devices
  • Implement and Operate Wireless Technologies

Systems and Application Security – Common attack vectors and associated countermeasures, including impact of virtualization, mobile devices, cloud computing, and Big

  • Data vulnerabilities, configuration and security.
  • Identify and Analyze Malicious Code and Activity
  • Implement and Operate Endpoint Device
  • Security
  • Operate and Configure Cloud Security
  • Secure Big Data Systems
  • Operate and Secure Vir tual Environments