back

Systems Security Certified Practitioner (2022)

SSCP27 H 4 M

Just you? Training a whole team? There's an ITProTV plan that fits.

Start Training Today
Episodes
Episodes
  • The SSCP Toolbox
    • Course Overview
    • What is the SSCP Toolbox?
    • Who are you?
    • What does your study plan look like?
    • What is your timeline?
  • Security Operations and Administration
    • Comply with Codes of Ethics
    • Understand Security Concepts
    • Identify & Implement Security Controls
    • Functional Security Controls
    • The Asset Management Lifecycle - First Half
    • The Asset Management Lifecycle - Second Half
    • The Change Management Lifecycle
    • Implementing Security Awareness & Training
    • Collaborate with Physical Security Operations
    • Security Operations & Administration - Key Points
  • Access Controls
    • Single/Multi-factor Authentication (MFA)
    • Single Sign-On (SSO)
    • Spotlight on Kerberos
    • Device Authentication
    • Federated Access
    • Support Internetwork Trust Architectures
    • The Identity Management Lifecycle
    • Understand and Apply Access Controls
    • Understand Security Models
    • Access Controls - Key Points
  • Risk Identification, Monitoring & Analysis
    • Risk Management Concepts - Vocabulary
    • Spotlight on Business Impact Analysis (BIA)
    • Risk Management Concepts - Impact Assessments
    • Risk Management Concepts - Threat Modeling
    • Risk Management Concepts - Threat Intelligence
    • Risk Tolerance & Treatment
    • Risk Management Frameworks
    • Spotlight on the Risk Management Framework (RMF)
    • Risk Visibility & Reporting
    • Legal & Regulatory Concerns
    • Spotlight on the GDPR
    • Security Assessment & Vulnerability Management
    • Spotlight on Risk Review
    • Operate & Monitor Security Platforms
    • Analyze Monitoring Results
    • Risk Identification, Monitoring & Analysis - Key Points
  • Incident Response and Recovery
    • Support the Incident Lifecycle
    • Forensic Investigations - Legal
    • Forensic Investigations - Evidence Handling
    • BCP & DRP - Planning
    • BCP & DRP - Backup & Redundancy
    • BCP & DRP - Alternate Strategies
    • BCP & DRP - Testing & Drills
    • Incident Response & Recovery - Key Points
  • Cryptography
    • Reasons & Requirements for Cryptography
    • Cryptography Concepts - Hashing & Salting
    • Cryptography Concepts - Encryption
    • Cryptography Concepts - Non-repudiation
    • Spotlight on Secure Protocols
    • Spotlight on IPsec
    • Public Key Infrastructure (PKI) Systems
    • Cryptography Concepts - Cryptographic Attacks
    • Cryptography - Key Points
  • Network and Communications Security
    • Spotlight on the OSI Model
    • Spotlight on Internet Protocol (IP) networking
    • Topologies, Relationships & Transmission Types
    • Software-Defined Networking (SDN)
    • Network Attacks
    • Manage Network Access Controls
    • Manage Network Security
    • Network-based Security Devices
    • Secure Wireless Communications
    • Network & Communications Security - Key Points
  • Systems and Application Security
    • Malicious Code & Activity
    • Implement & Operate Endpoint Device Security
    • Administer Mobile Device Management (MDM)
    • Cloud Security - Basics
    • Cloud Security - Legal & Regulatory Concerns
    • Cloud Security - Data
    • Cloud Security - Third party & outsourcing
    • Secure Virtual Environments
    • Systems and Application Security - Key Points

Course Overview

6 M

itprotv course thumbnailitprotv course thumbnailitprotv course thumbnail
  • Episode Description
  • Transcript

You're watching ITProTV. [MUSIC] >> Hello everybody and welcome to the overview for the SSCP course. My name is Adam Gordon, an edutainer here at ITProTV. You can think of me as your success guide, as we're gonna take a journey together throughout the course, helping you to prepare for, understand everything you need to know to take and pass the SSCP exam. You can see the SSCP is considered to be the Premier Security Administration Certification from ISC squared currently in market. Our course is gonna cover all of the domains, we'll talk about those in just a minute and what they are, that you need to focus on in order to prepare for the exam. Now, the SSCP has been around for some time. I've been teaching SSCP material along with many of the other ISC squared certification courses for a very, very long time. I actually have held the SSCP since it first became available in the market, and I've been involved with not only development of curriculum for this and other ISC squared certifications, but I've also been involved as a member of the ISC squared certification community for a very long time. Hopefully you will be as you complete your journey and successfully taken passed your exam. It is the first step on the road for many IT security professionals towards higher level certifications, and it's important to think about that as we look to get started. All right, let's take a look at what those domains are actually going to be like, there are seven of them overall. We wanna take a look just at a high level at what they are, and then we're gonna zoom in a little bit in just a moment just to see them in more detail. But I wanna point out while we're looking at the page here, down at the bottom the green box that says SSCP exam outline, you can download a copy of the exam outline directly from ISC squared, it's free, it's PDF. We're gonna follow that outline in the course, so it's already been reproduced for you as we go on our journey together. But if you like to reference a simple document, we invite you to go ahead and do that right from the website. Let's take a closer look at the seven domains, so we can see what they are and really just have a moment to understand what's in them and understand how we're gonna approach them. As we zoom in, you'll be able to see that they indeed are going to encompass a very large amount of, let's say material and coverage area we often talk about in this CISSP exam, the more senior level exam for IT security professionals that ISC squared has. We often talk about the domain and the coverage of the domains as being mile wide and an inch deep. As we look at them, not quite mile wide and an inch deep here with SSCP, but across seven domains we are gonna have an opportunity to discuss a lot of important themes, ideas, approaches, methodologies, and the information that you're gonna need to know to synthesize and apply in order to be able to be successful on the exam. We'll see in Domain One security operations and administration that we're gonna be able to talk about the ways in which is an IT security professional, we approach implementing security within organizations and how we offer that guidance necessary to do so effectively. As we move to Domain Two, access controls, we think about identity and access management, privileged access management, access control models and a lot of other things relevant to the identity of management across an organization. In Domain Three, risk identification monitoring and analysis. We're gonna take a look at and talk about the foundational, fundamental things that allow us to build information security management systems and think about enterprise security architectures. We'll frame risk, understand the analysis methodologies associated with doing so, business impact analysis, for instance, security impact analysis, privacy impact analysis among others. We'll talk about how we can leverage those methodologies along with a fundamental definition and understanding of risk via NIST SP 830-R1 reference document that gives us the vocabulary to discuss and understand risk within an organization. So move to Domain Four, incident response and recovery, we'll narrow our focus and be really aligned with the ideas of business continuity and disaster recovery. So, BCDR, what are those approaches? How do we address incident response? What's that methodological and process-driven flow that allows us to be effective in not only identifying, but ultimately containing and then remediating those incidents when they occur. We can see in Domain Five, cryptography, well, the name implies what we're gonna be doing there, we'll be focusing on cryptography, understand hopefully both the symmetric and asymmetric approaches associated with cryptography. Take a look at different algorithms and of course the secure protocols that can be used aligned with cryptography to ensure secure communication. Things like ITSEC for instance, we'll leverage that as we get in Domain Six, network communications and security. We'll talk more broadly about how we establish secure communications, ITSEC, of course, will be part of that conversation. Again, but so will things like VPNs and the use of the secure methodologies and the secure approaches that allow us to communicate but to do so in fundamentally secure ways of focusing on confidentiality as well as integrity, two of the three pillars that make up what we call the iron triangle or the CIA triad, confidentiality, integrity but also availability. And finally in Domain Seven, systems and application security, we'll round out our conversations, talking about things like the system or software, development life cycles, how we can approach development and understand system architecture, baking security in from the ground up in order to ensure that we are doing the right things, giving the right guidance and mitigating risk wherever possible. I'm looking forward to have you join me on this journey, so take a look at all seven domains, but also talk about the ways in which you can synthesize and apply that information. As we wrap up our overview, what I wanna make sure you understand is that it's gonna be a great opportunity for us to spend time, deal with and understand how we can approach these issues, focus on your success for the SSCP journey ahead. But also we're gonna have fun and do a lot of really interesting things. I look forward to that journey, I hope you do as well. I'm gonna go get ready, all you have to do to join me, stop watching this episode and jump right into the course. I'll see you there. Take care everybody, see you soon. >> Thank you for watching ITProTV.