Systems Security Certified Practitioner (SSCP) → <div class="sscp-incident-curriculum"> <h4 style="font-weight: 500; color: #333;">01. & 02. Response Planning & First Steps</h4> <ul> <li>First Responder Roles: Immediate actions and point-of-contact lists</li> <li>Documenting the Response Plan: Who to call and how to engage</li> <li>Initial Assessment: Making contact and securing the perimeter</li> <li>Evidence Preservation: Recording changes and maintaining Chain of Custody</li> <li>Damage Containment: Disconnecting drives and isolating affected systems</li> </ul> <h4 style="font-weight: 500; color: #333;">03. Investigation & Recovery Operations</h4> <ul> <li>Severity Level Determination: Assessing the impact and scope of the breach</li> <li>Forensic Investigation: Analyzing Logs, Network Diagnostics, and Host AV</li> <li>Threat Elimination: Eradicating malware and neutralizing active threats</li> <li>Data Restoration: Pulling verified data from secure backups</li> <li>Documentation: Recording every action taken during the recovery phase</li> </ul> [Image of the Incident Response Lifecycle: Preparation, Detection, Containment, Eradication, and Recovery] <h4 style="font-weight: 500; color: #333;">04. Post-Incident Activity & Training</h4> <ul> <li>After-Action Reporting (AAR): Calculating damage costs and timelines</li> <li>Future Prevention: Documenting specific plans to mitigate repeat scenarios</li> <li>Personnel Training: Providing targeted education to avoid future incidents</li> <li>Continuous Improvement: Updating policies based on investigation findings</li> </ul> <h4 style="font-weight: 500; color: #333;">05. Backup Strategies & Methodology</h4> <ul> <li>How Backups Work: Understanding Archive Flags and data change tracking</li> <li>Backup Types: Comparing Full, Incremental, and Differential methods</li> <li>Scheduling Logic: Managing Daily, Weekly, and Monthly rotations</li> <li>Storage Locations: Pros and cons of Cloud vs. Tape vs. Offsite storage</li> </ul> <h4 style="font-weight: 500; color: #333;">06. Business Continuity & Disaster Recovery</h4> <ul> <li>Site Redundancy: Implementing Hot, Cold, and Warm backup sites</li> <li>High Availability (HA): Design patterns for resilient server architectures</li> <li>Testing Frameworks: Conducting Recovery Drills and Emergency Response tests</li> <li>BCP & DRP: Implementation, design, and continuous validation of plans</li> </ul> </div>

<div class="sscp-risk-curriculum"> <h4 style="font-weight: 500; color: #333;">01. Foundations of Risk Management</h4> <ul> <li>Core Definitions: Differentiating Risk, Risk Management, and Vulnerability</li> <li>Calculating Risk Levels: Probability x Loss formulas</li> <li>Asset Valuation: Determining the quantitative and qualitative value of assets</li> <li>Key Risk Indicators (KRI): Monitoring metrics that signal potential threats</li> </ul> <h4 style="font-weight: 500; color: #333;">02. Risk Response & Enterprise Frameworks</h4> <ul> <li>Strategic Responses: Avoidance, Transference, Acceptance, and Mitigation</li> <li>Enterprise Risk Management Frameworks (RMF): NIST 800-171, CMMC, and COBIT</li> <li>Vulnerability Management Planning: Tool selection and assessment strategies</li> </ul> <h4 style="font-weight: 500; color: #333;">03. Identifying Vulnerabilities & Security Testing</h4> <ul> <li>Scanning & Discovery: Utilizing Vulnerability Scanners and identifying Network flaws</li> <li>Security Assessment: Internal vs. External Penetration Testing</li> <li>Hardening Standards: Implementing Security Technical Implementation Guides (STIGs)</li> <li>Baseline Management: Establishing “Normal” to identify system anomalies</li> </ul> <h4 style="font-weight: 500; color: #333;">04. Incident Detection & Intrusion Analysis</h4> <ul> <li>Continuous Monitoring: Role of IDS/IPS in real-time threat detection</li> <li>Indicators of Intrusion: Identifying missing files, changed permissions, and system crashes</li> <li>Network Anomalies: Repeated login failures and unusual geographic activity</li> <li>Metrics and Data Analysis: Leveraging logs and event triggers for forensics</li> </ul> <h4 style="font-weight: 500; color: #333;">05. Remediation, Reporting & Legal Constraints</h4> <ul> <li>Remediation Lifecycle: Planning, making changes, and deploying countermeasures</li> <li>Post-Incident Activity: After-Action Reporting (AAR) and continuous improvement</li> <li>Compliance & Privacy: Understanding laws and regulations governing data security</li> <li>Legal Restraints: Navigating privacy laws during monitoring and investigations</li> </ul> </div>

<div class="sscp-cryptography-curriculum"> <h4 style="font-weight: 500; color: #333;">01. Compliance, Laws & Regulations</h4> <ul> <li>Protecting Sensitive Data: PII, PHI, and Intellectual Property</li> <li>Healthcare & Finance: Navigating HIPAA and PCI-DSS requirements</li> <li>International Standards: Implementing ISO security frameworks</li> <li>Legal Obligations: Understanding data privacy and protection laws</li> </ul> <h4 style="font-weight: 500; color: #333;">02. Cryptography Fundamentals</h4> <ul> <li>How Encryption Works: Transforming plaintext into ciphertext</li> <li>Symmetric vs. Asymmetric: Comparing shared keys and key pairs</li> <li>Encryption States: Protecting data At Rest and In Transit</li> <li>Encryption Strength: Understanding bit depth (128-bit vs. 256-bit)</li> <li>Common Algorithms: RSA, AES, and their specific use cases</li> </ul> <h4 style="font-weight: 500; color: #333;">03. Public Key Infrastructure (PKI)</h4> <ul> <li>Core Components: Public keys, Private keys, and Certificate Authorities (CA)</li> <li>Lifecycle Management: Key creation, storage, and secure destruction</li> <li>Real-world Applications: What uses PKI for identity and trust</li> <li>Secure Email & Files: Understanding PGP and GPG implementation</li> <li>Blockchain Technology: Decentralized ledgers and cryptographic integrity</li> </ul> <h4 style="font-weight: 500; color: #333;">04. Data Integrity & Non-Repudiation</h4> <ul> <li>Hashing: Ensuring data integrity with MD5, SHA-256, and Salting</li> <li>Digital Signatures: Verifying origin and ensuring Non-Repudiation</li> <li>HMAC: Hash-based Message Authentication Codes for secure signaling</li> <li>Digital Signature Encryption: How hashing and asymmetric keys work together</li> </ul> <h4 style="font-weight: 500; color: #333;">05. Security Protocols & Secure Communication</h4> <ul> <li>Network Security: IPsec for encrypted tunnel communications</li> <li>Web & Session Security: The evolution from SSL to TLS protocols</li> <li>Email Security: Implementing S/MIME and DKIM for message integrity</li> <li>Protocol Implementation: Configuring secure gateways and service endpoints</li> </ul> </div>

Log in

Systems Security Certified Practitioner (SSCP)

Curriculum

01. Exam Overview & Professional Ethics

02. Access Control & Security Basics

03. Physical & Administrative Security Controls

04. Control Categories & Compliance

05. Asset & Change Management

01. Authentication & Identity Methods

02. Access Control Models & Privileges

03. Advanced Authorization Architectures

04. Trust Relationships & Flow

05. Identity Management & Provisioning

01. Foundations of Risk Management

02. Risk Response & Enterprise Frameworks

03. Identifying Vulnerabilities & Security Testing

04. Incident Detection & Intrusion Analysis

05. Remediation, Reporting & Legal Constraints

01. & 02. Response Planning & First Steps

03. Investigation & Recovery Operations

04. Post-Incident Activity & Training

05. Backup Strategies & Methodology

06. Business Continuity & Disaster Recovery

01. Compliance, Laws & Regulations

02. Cryptography Fundamentals

03. Public Key Infrastructure (PKI)

04. Data Integrity & Non-Repudiation

05. Security Protocols & Secure Communication

01. Network Components & Architecture

02. Protocols, Topologies & Routing

03. VPN Technologies & Remote Access

04. Firewall Technologies & Network Defense

05. Wireless & Mobile Communication Security

06. Systems & Application Hardening

07. Virtualization & Cloud Infrastructure

Sales

Phone

Fax

WY Office: 1712 Pioneer Avenue, Suite 135 Cheyenne WY 82001

CA Office:1001 Wilshire Boulevard #1071 Los Angeles, CA 90017