课程概况
Pursue better IT security job opportunities and prove knowledge with confidence. The SSCP Professional Training Certificate shows employers you have the IT security foundation to defend against cyber attacks – and puts you on a clear path to earning SSCP certification.
Learn on your own schedule with 120-day access to content aligned with the latest (ISC)2 SSCP exam domains. We’re offering the complete online self-paced program for only $1,000 – a $200 savings when you get all domains bundled together.
3 Steps to Career Advancement
1. Register for the course
2. Gain access for 120 days
3. Register and sit for the SSCP certification exam
Upon completing the SSCP Professional Certificate, you will:
1. Complete six courses of preparing you to sit for the Systems Security Certified Practitioner (SSCP) certification exam as outlined below.
Course 1 – Access Controls
Course 2 – Security Operations and Administration
Course 3 – Risk Identification, Monitoring, and Analysis/Incident Response and Recovery
Course 4 – Cryptography
Course 5 – Network and Communication Security
Course 6 – Systems and Application Security
2. Receive a certificate of program completion.
3. Understand how to implement, monitor and administer an organization’s IT infrastructure in accordance with security policies and procedures that ensure data confidentiality, integrity and availability.
包含课程
课程1
Access Controls
Welcome to Access Controls!The Access Controls Course provides information pertaining to specify what users are permitted to do, the resources they are allowed to access, and what operations they are able to perform on a system. Access Controls help managers limit and monitor systems use at a user level or group membership. You will understand the different access control systems and how they should be implemented to protect the system and data using the different levels of confidentiality, integrity, and availability.
The Access Controls course provides information pertaining to specifying what users are permitted to do, the resources they are allowed to access, and what operations they are able to perform on a system. Access Controls help managers limit and monitor systems use at a user level, and is usually predefined based on authority level or group membership. You will understand the different access control systems and how they should be implemented to protect the system and data using the different levels of confidentiality, integrity, and availability.
Objectives
1. Describe how to implement Authentication mechanisms
2. Identify and operate internetwork trust architectures
3. Describe the process of administering identity management life cycle
4. Implement the different types of access controls (Subject/Object based)
课程2
Security Operations and Administration
Security operations and administration is the task of identifying an organization's information assets and the documentation needed for policy implementation, standards, procedures, and guidelines to ensure confidentiality, integrity, and availability. You will understand the process necessary for working with management and information owners, custodians, and users so that proper data classifications are defined. This will ensure the proper handling of all hard copy and electronic information.The Security operations and Administration course addresses basic security concepts and the application of those concepts in the day to day operation and administration of enterprise computer systems and the information that they host.Ethical considerations in general, and the (ISC)2 Code of Ethics in particular, provide the backdrop for any discussion of information security and SSCP candidates will be tested on both. Information security professionals often find themselves in positions of trust and must be beyond reproach in every way.Several core principles of information security stand above all others and this domain covers these principles in some depth. It can be said that the CIA triad of confidentiality, integrity and availability forms the basis for almost everything that we do in information security and the SSCP candidate must not only fully understand these principles but be able to apply them in all situations. additional security concepts covered in this domain include privacy, least privilege, non-repudiation and the separation of duties.
Course Objectives
1. Define Code of Ethics
2. Describe the security concepts
3. Document and operate security controls
4. Describe the asset management process
5. Implement compliance controls
6. Assess compliance controls
7. Describe the change management process
8. Contribute to the security awareness training program
9. Contribute to physical security operations
课程3
Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
Risk Identification, Monitoring, and Analysis: In the Risk Identification, Monitoring, and Analysis session, you will learn how to identify, measure, and control losses associated with adverse events. You will review, analyze, select, and evaluate safeguards for mitigating risk.You will learn processes for collecting information, providing methods of identifying security events, assigning priority levels, taking the appropriate actions, and reporting the findings to the correct individuals. After collection of the details from monitoring, we can analyze to determine if the system is being operated in accordance with accepted industry practices, and in compliance with organization policies and procedures. Incident Response and Recovery: In the Incident Response and Recovery Session, you will gain an understanding of how to handle incidents using consistent, applied approaches in order to resolve. Once an incident is identified, action will be necessary in order to resolve. We will examine processes such as damage recovery, data integrity and preservation, and the collection, handling, reporting, and prevention. You will be introduced to the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) concepts and how they can be utilized in order to mitigate damages, recover business operations, and avoid critical business interruption. Through the use of the DRP, you will understand the procedures for emergency response and post-disaster recovery.
Course Objectives
1. Describe the risk management process
2. Perform security assessment activities
3. Describe processes for operating and maintaining monitoring systems
4. Identify events of interest
5. Describe the various source systems
6. Interpret reporting findings from monitoring results
7. Describe the incident handling process
8. Contribute to the incident handling process based upon role within the organization
9. Describe the supporting role in forensics investigation processes
10. Describe the supporting role in the business continuity planning process
11. Describe the supporting role in the disaster recovery planning process
课程4
密码学
Welcome to Cryptography!Cryptography is the practice and study of techniques for securing communications in the presence of third parties. You will learn how to protect information in order to ensure its integrity, confidentiality, authenticity, and non-repudiation.
You will come out with a basic understanding of cryptographic concepts and how to apply them, implement secure protocols, key management concepts, key administration and validation, and Public Key Infrastructure.
Course Objectives
1. Apply the fundamental concepts of cryptography
2. Describe the difference between symmetric and asymmetric cryptography
3. Define the basic requirements for cryptography
4. Identify processes to support secure protocols
5. Describe the process for implementing cryptographic systems
6. Define key management concepts
7. Define Public Key Infrastructure
8. Identify processes for key administration and validation
9. Describe the implementation of secure protocols
课程5
Networks and Communications Security
Welcome to Networks and Communications Security Course!In the Networks and Communications Security Course, you will learn about the network structure, data transmission methods, transport formats, and the security measures used to maintain integrity, availability, authentication, and confidentiality of the information being transmitted.
Concepts for both public and private communication networks will be discussed.
Course Objectives
1. Describe network-related security issues
2. Identify protective measures for telecommunication technologies
3. Define processes for controlling network access
4. Identify processes for managing LAN-based security
5. Describe procedures for operating and configuring networked-based
security devices
6. Define procedures to implement and operate wireless technologies
课程6
Systems and Application Security
Welcome to Systems and Application Security Course!In the Systems and Application Security Course, you will gain an understanding of computer code that can be described as harmful or malicious. Both technical and non-technical attacks will be discussed. You will learn how an organization can protect itself from these attacks. You will learn concepts in endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments.
Objectives
1. Identify malicious code activity
2. Describe malicious code and the various countermeasures
3. Describe the processes for operating endpoint device security
4. Define mobile device management processes
5. Describe the process for configuring cloud security
6. Explain the process for securing big data systems
7. Summarize the process for securing virtual environments
课程项目
Each course includes a case study that will require students to put into practice the knowledge they have gained throughout each course. Successful completion of course projects will require the basic understanding of the topics covered and the ability to relate those topics to the real world. The objective of each project is to determine whether students have understood course concepts and are able to use them in a real world setting.
预备知识
This certificate is designed for people with strong technical skills and practical security knowledge. No specific background is required.
