SSCP 5 day course agenda
Day One:
Security Operations and Administration
 Implement Security administration
 Maintain adherence to security policies, baselines, standards, and procedures
 Validate security controls
 Data classification (e.g., control, handling, categorization)
 Participate in Change Management
 Participate in the implementation of Configuration Management Plan
 Review the impact of changes to the environment
 Test patches, fixes, and updates
 Provide security evaluation and assistance to the organization (e.g., product
evaluation, data flow management)
 Participate in Security Awareness Education
 Adhere to Code of Ethics
 Understand and comply with (ISC) 2 code of ethics
 Understand and comply with the organizational code of ethics
 Assess the infrastructure using appropriate tools
 Understand concepts of endpoint device security
Access Controls
 Implement Logical Access controls in Terms of Subjects
 Requirements for access controls
 Account creation and maintenance
 Implement Logical Access Controls in Terms of Objects
 Requirements for access controls
 Object groups
 Implement Authentication techniques (e.g., single/multi-factor authentication, single
sign-on, offline authentication)
 Apply Access Control Concepts (e.g., Discretionary Access Control (DAC), least
privilege, and separation of duties)
 Manage Internetwork Trust Architectures (e.g., extranet, third party connections)
Day Two:
Complete Access Controls session from Day One
Malicious Code and Activity
 Identify Malicious Code
 Viruses
 Worms
 Trojan Horses
 Rootkits
 Malware & Backdoors
 Botnets
 Logic Bombs
 Mobile Code
 Implement Malicious code Countermeasures
 Scanners (e.g., heuristic, integrity checker, signatures)
 Anti-malware
 Containment & Remediation
 Software Security (e.g., code signing, application review)
 Identify Malicious Activity (e.g., social engineering, insider threat, data theft)
 Implement Malicious Activity Countermeasures (e.g., user awareness, system
hardening)
Day Three:
Cryptography
 Understand Application of Cryptography (e.g., hashing, encryption mechanisms,
performance)
 Understand Requirements for Cryptography (e.g., data sensitivity, regulatory
requirements, end-user training)
 Understand Concepts of Certificates and Key Management
 Administration and validation
 Standards
 Understand Secure Protocols (e.g., IPSec, SSL/TLS, S/MIME)
Risk response and Recovery
 Understand Risk Management Process
 Understand concepts (e.g., threats, vulnerabilities)
 Participate in risk assessment
 Support milgation activity
 Participate in Security Assessments
 Scan for Vulnerabilities
 Participate in penetration testing
 Revise security configurations of infrastructure
 Address audit findings
 Participate in incident handling analysis
 Understand the concepts of incident handling (e.g., discovery, escalation,
reporting)
 Understand the concept of evidence handling (e.g., chain of custody)
 Participate in the implementation of countermeasures
 Understand forensic investigation techniques
 Differentiate between a Business Continuity Plan (BCP) and a Disaster Recovery
Plan (DRP)
 Components of a Business Continuity Plan (BCP)
 Disaster Recovery Plan (DRP)
Day Four:
Networks and Communications
 Understand Networks
 OSI and TCP/IP models
 Architecture and relationships (e.g., address translation, defense in depth, IP
addressing)
 Protocols
 Admission control (e.g., NAC, remediation, quarantine)
 Understand Telecommunications
 Technology (e.g., VoLP, facsimile, PSTN)
 Vulnerabilities
 Understand remote Access
 Methods
 Technology (e.g., thin client, SSL/VPN)
 Vulnerabilities
 Understand Firewalls and Proxies
 Methods (e.g., application filtering, packet filtering)
 Types (e.g., host based, stateful)
 Vulnerabilities
 Understand Wireless Technology
 Protocols (e.g., WPA, WPA2, TKIP)
 Technology (e.g., Bluetooth, RFID, 802.11)
 Vulnerabilites
Day Five:
Monitoring and Analysis
 Maintain Effective Monitoring Systems
 Monitor Intrusion Detection/Prevention Systems
 Monitor event correlation systems (e.g., SIM, SEM, SIEM)
 Review systems for unauthorized changes (e.g., file integrity checkers, honeypots)
 Monitor deviations form normal activity (e.g., white lists, anomaly detection,
profiling)
 Analyze Monitoring Results (e.g., review and analysis of logs and reports, false
positives, communicate findings)
Practice Examination and Review