SSCP Systems Security Certified Practitioner Course

Cyber Security Training Online & Onsite

Attend Our Classes From Home - No Software Needed - Learn More...

Cyber Security TrainingSSCP Systems Security Certified Practitioner

by Certstaffix® Training

Length: 5 day(s)      Public Class Price: $3100/person (USD)      Group Class Price: Request Quote      Course Category: Cyber Security


Cyber Security Training
The (ISC)2 Systems Security Certified Practitioner (SSCP) certification is a well-known vendor-neutral global IT security certification. The SSCP is designed to show that holders have the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures.  This course will cover all objectives of the seven SSCP domains:
  • Access Controls
  • Security Operations and Administration
  • Risk Identification, Monitoring, and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security

Certification exams are administered by third party testing companies such as Pearson Vue or Prometric. Our courses prepare you for the certification exam, which is an additional fee paid to the testing provider. You must contact Prometric, Pearson Vue or the corresponding testing provider to take a certification exam.
Course Description: Print It | Download PDF | Email It

  Public Classes - Live Online at Your Location or OursHow It Works

Certstaffix® Training public classes are instructor-led, live online training you attend from your home or work or in one of our local computer labs. Our live online instructors teach you from a remote location while being able to interact with students as in a traditional classroom setting.

  • A real, live instructor teaching you from another location
  • Hands-on learning with the software/skills you are being taught
  • Interaction with all students in the class at other locations
  • Any needed software for class provided in online lab environment
  • Easy assistance from the instructor

Click a class date below to register & view location/attendance options.



This course is available for private onsite training only.  Request a Quote


  Group Classes for Organizations - Onsite or Online How It Works

Have a group of employees needing the same training? Onsite training at your office or group live online classes are great solutions.  

  • An expert Instructor will either come to your office or deliver a private live online class to your students
  • Course can be customized to your training needs
  • Course is scheduled based on dates you provide (Subject to instructor availability)
  • We usually require about 4 weeks lead time to arrange a training session

  Detailed Course Topics

Course Description: Print It | Download PDF | Email It

Course Topics

Introduction

Part I Getting Started as an SSCP 1

Chapter 1 The Business Case for Decision Assurance and Information Security
Information: The Lifeblood of Business
Data, Information, Knowledge, Wisdom…
Information Is Not Information Technology
Policy, Procedure, and Process: How Business Gets Business Done
Who Is the Business?
“What’s Your Business Plan?”
Purpose, Intent, Goals, Objectives
Business Logic and Business Processes: Transforming Assets into Opportunity, Wealth, and Success
The Value Chain
Being Accountable
Who Runs the Business?
Owners and Investors
Boards of Directors
Managing or Executive Directors and the “C-Suite”
Layers of Function, Structure, Management, and Responsibility
Plans and Budgets, Policies, and Directives

Chapter 2 Information Security Fundamentals
The Common Needs for Privacy, Confidentiality, Integrity, and Availability
Privacy
Confidentiality
Integrity
Availability
Privacy vs. Security, or Privacy and Security?
CIA Needs of Individuals
Private Business’s Need for CIA
Government’s Need for CIA
The Modern Military’s Need for CIA
Do Societies Need CIA?
Training and Educating Everybody
SSCPs and Professional Ethics

Part II Integrated Risk Management and Mitigation

Chapter 3 Integrated Information Risk Management
It’s a Dangerous World
What Is Risk?
Risk: When Surprise Becomes Disruption
Information Security: Delivering Decision Assurance
“Common Sense” and Risk Management
The Four Faces of Risk
Outcomes-Based Risk
Process-Based Risk
Asset-Based Risk
Threat-Based (or Vulnerability-Based) Risk
Getting Integrated and Proactive with Information Defense
Trust, but Verify
Due Care and Due Diligence: Whose Jobs Are These?
Be Prepared: First, Set Priorities
Risk Management: Concepts and Frameworks
The SSCP and Risk Management
Plan, Do, Check, Act
Risk Assessment
Establish Consensus about Information Risk
Information Risk Impact Assessment
The Business Impact Analysis
From Assessments to Information Security Requirements
Four Choices for Limiting or Containing Damage
Deter
Detect
Prevent
Avoid

Chapter 4 Operationalizing Risk Mitigation
From Tactical Planning to Information Security Operations
Operationally Outthinking Your Adversaries
Getting Inside the Other Side’s OODA Loop
Defeating the Kill Chain
Operationalizing Risk Mitigation: Step by Step
Step 1: Assess the Existing Architectures
Step 2: Assess Vulnerabilities and Threats
Step 3: Select Risk Treatment and Controls
Step 4: Implement Controls
Step 5: Authorize: Senior Leader Acceptance and Ownership
The Ongoing Job of Keeping Your Baseline Secure
Build and Maintain User Engagement with Risk Controls
Participate in Security Assessments
Manage the Architectures: Asset Management and Configuration Control
Ongoing, Continuous Monitoring
Exploiting What Monitoring and Event Data Is Telling You
Incident Investigation, Analysis, and Reporting
Reporting to and Engaging with Management

Part III The Technologies of Information Security

Chapter 5 Communications and Network Security
Trusting Our Communications in a Converged World
Introducing CIANA
Threat Modeling for Communications Systems
Internet Systems Concepts
Datagrams and Protocol Data Units
Handshakes
Packets and Encapsulation
Addressing, Routing, and Switching
Network Segmentation
URLs and the Web
Topologies
“Best Effort” and Trusting Designs
Two Protocol Stacks, One Internet
Complementary, Not Competing, Frameworks
Layer 1: The Physical Layer
Layer 2: The Data Link Layer
Layer 3: The Network Layer
Layer 4: The Transport Layer
Layer 5: The Session Layer
Layer 6: The Presentation Layer
Layer 7: The Application Layer
Cross-Layer Protocols and Services
IP and Security
Layers or Planes?
Software-Defined Networks
Virtual Private Networks
A Few Words about Wireless
IP Addresses, DHCP, and Subnets
IPv4 Address Classes
Subnetting in IPv4
IPv4 vs. IPv6: Key Differences and Options
CIANA Layer by Layer
CIANA at Layer 1: Physical
CIANA at Layer 2: Data Link
CIANA at Layer 3: Network
CIANA at Layer 4: Transport
CIANA at Layer 5: Session
CIANA at Layer 6: Presentation
CIANA at Layer 7: Application
Securing Networks as Systems
A SOC Is Not a NOC
Tools for the SOC and the NOC
Integrating Network and Security Management

Chapter 6 Identity and Access Control
Identity and Access: Two Sides of the Same CIANA Coin
Identity Management Concepts
Identity Provisioning and Management
Identity and AAA
Access Control Concepts
Subjects and Objects—Everywhere!
Data Classification and Access Control
Bell-LaPadula and Biba Models
Role-Based
Attribute-Based
Subject-Based
Object-Based
Mandatory vs. Discretionary Access Control
Network Access Control
IEEE 802.1X Concepts
RADIUS Authentication
TACACS and TACACS+
Implementing and Scaling IAM
Choices for Access Control Implementations
“Built-in” Solutions?
Multifactor Authentication
Server-Based IAM
Integrated IAM systems
Zero Trust Architectures

Chapter 7 Cryptography
Cryptography: What and Why
Codes and Ciphers: Defining Our Terms
Cryptography, Cryptology, or…?
Building Blocks of Digital Cryptographic Systems
Cryptographic Algorithms
Cryptographic Keys
Hashing as One-Way Cryptography
A Race Against Time
“The Enemy Knows Your System”
Keys and Key Management
Key Storage and Protection
Key Revocation and Zeroization
Modern Cryptography: Beyond the “Secret Decoder Ring”
Symmetric Key Cryptography
Asymmetric Key (or Public Key) Cryptography
Hybrid Cryptosystems
Design and Use of Cryptosystems
Cryptanalysis (White Hat and Black Hat)
Cryptographic Primitives
Cryptographic Engineering
“Why Isn’t All of This Stuff Secret?”
Cryptography and CIANA
Confidentiality
Authentication
Integrity
Nonrepudiation
“But I Didn’t Get That Email…”
Availability
Public Key Infrastructures
Diffie-Hellman-Merkle Public Key Exchange
RSA Encryption and Key Exchange
ElGamal Encryption
Digital Signatures
Digital Certificates and Certificate Authorities
Hierarchies (or Webs) of Trust
Pretty Good Privacy
TLS
HTTPS
Symmetric Key Algorithms and PKI
PKI and Trust: A Recap
Other Protocols: Applying Cryptography to Meet Different Needs
IPSec
S/MIME
DKIM
Blockchain
Access Control Protocols
Measures of Merit for Cryptographic Solutions
Attacks and Countermeasures
Brute Force and Dictionary Attacks
Side Channel Attacks
Numeric (Algorithm or Key) Attacks
Traffic Analysis, “Op Intel,” and Social Engineering Attacks
Massively Parallel Systems Attacks
Supply Chain Vulnerabilities
The “Sprinkle a Little Crypto Dust on It” Fallacy
Countermeasures
On the Near Horizon
Pervasive and Homomorphic Encryption
Quantum Cryptography and Post–Quantum Cryptography
AI, Machine Learning, and Cryptography

Chapter 8 Hardware and Systems Security
Infrastructure Security Is Baseline Management
It’s About Access Control…
It’s Also About Supply Chain Security
Do Clouds Have Boundaries?
Infrastructures 101 and Threat Modeling
Hardware Vulnerabilities
Firmware Vulnerabilities
Operating Systems Vulnerabilities
Virtual Machines and Vulnerabilities
Network Operating Systems
MDM, COPE, and BYOD
BYOI? BYOC?
Malware: Exploiting the Infrastructure’s Vulnerabilities
Countering the Malware Threat
Privacy and Secure Browsing
“The Sin of Aggregation”
Updating the Threat Model
Managing Your Systems’ Security

Chapter 9 Applications, Data, and Cloud Security
It’s a Data-Driven World…At the Endpoint
Software as Appliances
Applications Lifecycles and Security
The Software Development Lifecycle (SDLC)
Why Is (Most) Software So Insecure?
Hard to Design It Right, Easy to Fix It?
CIANA and Applications Software Requirements
Positive and Negative Models for Software Security
Is Blacklisting Dead? Or Dying?
Application Vulnerabilities
Vulnerabilities Across the Lifecycle
Human Failures and Frailties
“Shadow IT:” The Dilemma of the User as Builder
Data and Metadata as Procedural Knowledge
Information Quality and Information Assurance
Information Quality Lifecycle
Preventing (or Limiting) the “Garbage In” Problem
Protecting Data in Motion, in Use, and at Rest
Data Exfiltration I: The Traditional Threat
Detecting Unauthorized Data Acquisition
Preventing Data Loss
Into the Clouds: Endpoint App and Data Security Considerations
Cloud Deployment Models and Information Security
Cloud Service Models and Information Security
Clouds, Continuity, and Resiliency
Clouds and Threat Modeling
Cloud Security Methods
SLAs, TORs, and Penetration Testing
Data Exfiltration II: Hiding in the Clouds
Legal and Regulatory Issues
Countermeasures: Keeping Your Apps and Data Safe and Secure

Part IV People Power: What Makes or Breaks Information Security

Chapter 10 Incident Response and Recovery
Defeating the Kill Chain One Skirmish at a Time
Kill Chains: Reviewing the Basics
Events vs. Incidents
Incident Response Framework
Incident Response Team: Roles and Structures
Incident Response Priorities
Preparation
Preparation Planning
Put the Preparation Plan in Motion
Are You Prepared?
Detection and Analysis
Warning Signs
Initial Detection
Timeline Analysis
Notification
Prioritization
Containment and Eradication
Evidence Gathering, Preservation, and Use
Constant Monitoring
Recovery: Getting Back to Business
Data Recovery
Post-Recovery: Notification and Monitoring
Post-Incident Activities
Learning the Lessons
Support Ongoing Forensics Investigations
Information and Evidence Retention
Information Sharing with the Larger IT Security Community

Chapter 11 Business Continuity via Information Security and People Power
A Spectrum of Disruption
Surviving to Operate: Plan for It!
Cloud-Based “Do-Over” Buttons for Continuity, Security, and Resilience
CIANA at Layer 8 and Above
It Is a Dangerous World Out There
People Power for Secure Communications
POTS and VoIP Security

Chapter 12 Risks, Issues, and Opportunities, Starting Tomorrow
On Our Way to the Future
Access Control and Zero Trust
AI, ML, BI, and Trustworthiness
Quantum Communications, Computing, and Cryptography
Paradigm Shifts in Information Security?
Perception Management and Information Security
Widespread Lack of Useful Understanding of Core Technologies
IT Supply Chain Vulnerabilities
Government Overreactions
CIA, CIANA, or CIANAPS?
Enduring Lessons
You Cannot Legislate Security
It’s About Managing Our Security and Our Systems
People Put It Together
Maintain Flexibility of Vision
Accountability—It’s Personal. Make It So.
Stay Sharp
Your Next Steps
At the Close
Course Description: Print It | Download PDF | Email It

Public Class Format

Certstaffix® Training public classes are instructor-led live online training you attend either from your home/work location or in one of our computer labs. Our live online instructors teach you from a remote location while being able to interact with you like in a traditional classroom.


Quality Instructors

Our instructors have many years of experience teaching adult learners in person and online.

Complete Lab Environment

Access to software required is provided in a lab environment during class.

Hands-on Learning

Most classes are not all lecture - you can learn by actually doing.


Small Classes

You get more attention from the instructor and classes flow more smoothly.

Post-Class Lab Access*

Access practice lab environment for 180 days after most classes*.


Low Cancellation Rate

Most classes run as scheduled.



*These courses do not have post-class lab environment access: Adobe, Salesforce, QuickBooks Online Edition, Google, HTML, WordPress, ITIL, Six Sigma, CompTIA, Project Management, SEO, Social Media.


Group Training

Have a group of employees needing the same training? Onsite training at your office or group live online classes are great solutions.

How Group Training Works





  • An expert Instructor will either come to your office or deliver a private live online class to your students
  • Course can be fully customized to your training needs
  • Each student receives a Course Manual with Practice Files (Materials provided before the class date)
  • If a course has a hands‐on lab, we provide access to the configured course software and files.
    (Requires a high‐speed internet connection and certain open ports on your firewall. You can perform a Connection Assessment Test here)
  • Course is scheduled based on dates you provide (Subject to instructor availability)
  • We usually require about 4 weeks lead time to arrange a training session
  • Training is completed in a convenient session(s) of your choosing
  • Two 15 minute breaks and one hour long break for lunch daily

Request a Free Quote

SSCP Systems Security Certified Practitioner Class Reviews

Here are a sample of Cyber Security class reviews from past students that have attended our Cyber Security training courses.



The (ISC)2 Systems Security Certified Practitioner (SSCP) certification is a well-known vendor-neutral global IT security certification. The SSCP is designed to show that holders have the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures.  This course will cover all objectives of the seven SSCP domains:
  • Access Controls
  • Security Operations and Administration
  • Risk Identification, Monitoring, and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security

Certification exams are administered by third party testing companies such as Pearson Vue or Prometric. Our courses prepare you for the certification exam, which is an additional fee paid to the testing provider. You must contact Prometric, Pearson Vue or the corresponding testing provider to take a certification exam.


Certstaffix® Class Reviews

Student Average:
4.35 out of 5 from 1 students

4.35 out of 5


- attended our Hacking: Resistance Techniques class



Please contact us if we do not yet have any reviews or you would like more.


View all Cyber Security training reviews

Cyber Security Courses By City:

       FL - Tampa       NC - Asheville       PA - York      
- - your home       FL - Winter Park       NC - Charlotte       PR - Puerto Rico      
AL - Birmingham       GA - Atlanta       NC - Greensboro       QC - Montreal      
AL - Huntsville       GA - Augusta       NC - Raleigh       RI - Providence      
AL - Mobile       GA - Columbus       NC - Winston-Salem       SC - Greenville      
AR - Bentonville       GA - Savannah       ND - Bismarck       SC - Myrtle Beach      
BC - Vancouver       HI - Honolulu       ND - Fargo       SC - North Charleston      
CA - Bakersfield       IA - Des Moines       NE - Lincoln       SK - Regina      
CA - Fresno       IA - Iowa City       NE - Omaha       SK - Saskatoon      
CA - Los Angeles       ID - Boise       NH - Bedford       TN - Chattanooga      
CA - Merced       IL - Chicago       NJ - Bridgewater       TN - Knoxville      
CA - Modesto       IL - Rockford       NM - Albuquerque       TN - Memphis      
CA - Napa       IN - Bloomington       NM - Las Cruces       TN - Nashville      
CA - Oakland       IN - Evansville       NM - Santa Fe       TX - Amarillo      
CA - Oxnard       IN - Fort Wayne       NS - Halifax       TX - Austin      
CA - Rancho Cucamonga       IN - Indianapolis       NV - Henderson       TX - Beaumont      
CA - Sacramento       IN - South Bend       NV - Reno       TX - Corpus Christi      
CA - Salinas       KS - Overland Park       NY - Albany       TX - Dallas      
CA - San Diego       KS - Topeka       NY - Buffalo       TX - El Paso      
CA - San Jose       KY - Lexington       NY - New York City       TX - Fort Worth      
CA - Santa Maria       KY - Louisville       NY - Rochester       TX - Houston      
CA - Santa Rosa       LA - Baton Rouge       NY - Syracuse       TX - Killeen      
CA - Stockton       LA - Lafayette       OH - Beavercreek       TX - Laredo      
CB - Caribbean       LA - New Orleans       OH - Cincinnati       TX - Longview      
CB - Kingston       LA - Shreveport       OH - Cleveland Heights       TX - Lubbock      
CB - Nassau       MA - Burlington       OH - Columbus       TX - McAllen      
CO - Boulder       MA - Springfield       OH - Toledo       TX - Midland      
CO - Colorado Springs       MA - Westborough       OH - Youngstown       TX - San Antonio      
CO - Denver       MB - Winnipeg       OK - Oklahoma City       TX - Tyler      
CT - Cheshire       MD - Laurel       OK - Tulsa       TX - Waco      
CT - New Haven       ME - Portland       ON - Ottawa       UT - Ogden      
CT - Stamford       MI - Ann Arbor       ON - Toronto       UT - Salt Lake City      
DC - Washington       MI - Flint       OR - Beaverton       VA - Charlottesville      
DE - Wilmington       MI - Grand Rapids       OR - Bend       VA - Glen Allen      
FL - Daytona Beach       MI - Lansing       OR - Eugene       VA - Harrisonburg      
FL - Fort Lauderdale       MI - Livonia       OR - Medford       VA - Roanoke      
FL - Fort Myers       MN - Minnetonka       OR - Salem       VA - Virginia Beach      
FL - Gainesville       MO - Columbia       PA - Allentown       VT - Burlington      
FL - Jacksonville       MO - St. Louis       PA - Erie       WA - Seattle      
FL - Lakeland       MS - Biloxi       PA - Harrisburg       WA - Spokane      
FL - Miami       MS - Jackson       PA - Malvern       WI - Eau Claire      
FL - Naples       MT - Billings       PA - Philadelphia       WI - Green Bay      
FL - Pensacola       MT - Montana       PA - Pittsburgh       WI - Madison      
FL - Sarasota       NB - Moncton       PA - Reading       WI - Milwaukee      
FL - Tallahassee       NB - Saint John       PA - Scranton-Wilkes Barre