Systems Security Certified Practitioner (SSCP) → <div class="sscp-cryptography-curriculum"> <h4 style="font-weight: 500; color: #333;">01. Compliance, Laws & Regulations</h4> <ul> <li>Protecting Sensitive Data: PII, PHI, and Intellectual Property</li> <li>Healthcare & Finance: Navigating HIPAA and PCI-DSS requirements</li> <li>International Standards: Implementing ISO security frameworks</li> <li>Legal Obligations: Understanding data privacy and protection laws</li> </ul> <h4 style="font-weight: 500; color: #333;">02. Cryptography Fundamentals</h4> <ul> <li>How Encryption Works: Transforming plaintext into ciphertext</li> <li>Symmetric vs. Asymmetric: Comparing shared keys and key pairs</li> <li>Encryption States: Protecting data At Rest and In Transit</li> <li>Encryption Strength: Understanding bit depth (128-bit vs. 256-bit)</li> <li>Common Algorithms: RSA, AES, and their specific use cases</li> </ul> <h4 style="font-weight: 500; color: #333;">03. Public Key Infrastructure (PKI)</h4> <ul> <li>Core Components: Public keys, Private keys, and Certificate Authorities (CA)</li> <li>Lifecycle Management: Key creation, storage, and secure destruction</li> <li>Real-world Applications: What uses PKI for identity and trust</li> <li>Secure Email & Files: Understanding PGP and GPG implementation</li> <li>Blockchain Technology: Decentralized ledgers and cryptographic integrity</li> </ul> <h4 style="font-weight: 500; color: #333;">04. Data Integrity & Non-Repudiation</h4> <ul> <li>Hashing: Ensuring data integrity with MD5, SHA-256, and Salting</li> <li>Digital Signatures: Verifying origin and ensuring Non-Repudiation</li> <li>HMAC: Hash-based Message Authentication Codes for secure signaling</li> <li>Digital Signature Encryption: How hashing and asymmetric keys work together</li> </ul> <h4 style="font-weight: 500; color: #333;">05. Security Protocols & Secure Communication</h4> <ul> <li>Network Security: IPsec for encrypted tunnel communications</li> <li>Web & Session Security: The evolution from SSL to TLS protocols</li> <li>Email Security: Implementing S/MIME and DKIM for message integrity</li> <li>Protocol Implementation: Configuring secure gateways and service endpoints</li> </ul> </div>

<div class="sscp-incident-curriculum"> <h4 style="font-weight: 500; color: #333;">01. & 02. Response Planning & First Steps</h4> <ul> <li>First Responder Roles: Immediate actions and point-of-contact lists</li> <li>Documenting the Response Plan: Who to call and how to engage</li> <li>Initial Assessment: Making contact and securing the perimeter</li> <li>Evidence Preservation: Recording changes and maintaining Chain of Custody</li> <li>Damage Containment: Disconnecting drives and isolating affected systems</li> </ul> <h4 style="font-weight: 500; color: #333;">03. Investigation & Recovery Operations</h4> <ul> <li>Severity Level Determination: Assessing the impact and scope of the breach</li> <li>Forensic Investigation: Analyzing Logs, Network Diagnostics, and Host AV</li> <li>Threat Elimination: Eradicating malware and neutralizing active threats</li> <li>Data Restoration: Pulling verified data from secure backups</li> <li>Documentation: Recording every action taken during the recovery phase</li> </ul> [Image of the Incident Response Lifecycle: Preparation, Detection, Containment, Eradication, and Recovery] <h4 style="font-weight: 500; color: #333;">04. Post-Incident Activity & Training</h4> <ul> <li>After-Action Reporting (AAR): Calculating damage costs and timelines</li> <li>Future Prevention: Documenting specific plans to mitigate repeat scenarios</li> <li>Personnel Training: Providing targeted education to avoid future incidents</li> <li>Continuous Improvement: Updating policies based on investigation findings</li> </ul> <h4 style="font-weight: 500; color: #333;">05. Backup Strategies & Methodology</h4> <ul> <li>How Backups Work: Understanding Archive Flags and data change tracking</li> <li>Backup Types: Comparing Full, Incremental, and Differential methods</li> <li>Scheduling Logic: Managing Daily, Weekly, and Monthly rotations</li> <li>Storage Locations: Pros and cons of Cloud vs. Tape vs. Offsite storage</li> </ul> <h4 style="font-weight: 500; color: #333;">06. Business Continuity & Disaster Recovery</h4> <ul> <li>Site Redundancy: Implementing Hot, Cold, and Warm backup sites</li> <li>High Availability (HA): Design patterns for resilient server architectures</li> <li>Testing Frameworks: Conducting Recovery Drills and Emergency Response tests</li> <li>BCP & DRP: Implementation, design, and continuous validation of plans</li> </ul> </div>

<div class="sscp-network-curriculum"> <h4 style="font-weight: 500; color: #333;">01. Network Components & Architecture</h4> <ul> <li>Core Infrastructure: Hosts, Servers, Routers, Switches, and Firewalls</li> <li>Security Devices: Detailed functions of IDS and IPS</li> <li>The OSI Model: 7 layers of communication and their specific functions</li> <li>The TCP/IP Model: Comparing and contrasting with the OSI reference</li> <li>Traffic Flow: Visualizing how data passes through the stack end-to-end</li> </ul> <h4 style="font-weight: 500; color: #333;">02. Protocols, Topologies & Routing</h4> <ul> <li>IP Stack Protocols: TCP, UDP, HTTP, DNS, and FTP</li> <li>Email Standards: SMTP, IMAP, and POP3 security</li> <li>Network Topologies: Mesh, Star, Bus, Ring, and Hybrid designs</li> <li>Switching: VLANs, Trunking, and Switchport security</li> <li>Routing & Access: Routing protocols, Load Balancing, and ACLs</li> <li>AAA Services: Implementing RADIUS and TACACS+ for central management</li> </ul> <h4 style="font-weight: 500; color: #333;">03. VPN Technologies & Remote Access</h4> <ul> <li>VPN Benefits: Encapsulation, Tunneling, and secure remote work</li> <li>Tunneling Protocols: L2TP, SSH, and PPTP</li> <li>VPN Deployment: IPsec, SSL VPN, Site-to-Site, and Client-based software</li> <li>The Connection Process: AAA, MFA, and secure tunnel establishment</li> </ul> <h4 style="font-weight: 500; color: #333;">04. Firewall Technologies & Network Defense</h4> <ul> <li>Firewall Policies: Rulesets, Whitelisting, and the “Implicit Deny” principle</li> <li>Core Technologies: NAT, Packet Filtering, and Stateful Inspection</li> <li>Network Segmentation: Designing and selecting appropriate DMZ architectures</li> <li>Best Practices: Logging, Change Management, and Patching</li> <li>Intrusion Detection/Prevention (IDPS): Signature matching and NIDS sensors</li> <li>Deception & Proxy: Using Honeypots and Proxy Servers effectively</li> </ul> <h4 style="font-weight: 500; color: #333;">05. Wireless & Mobile Communication Security</h4> <ul> <li>Wireless Standards: APs, Repeaters, and IBSS (Ad Hoc) vs. BSS topologies</li> <li>Encryption Protocols: Comparing WEP, WPA, WPA2, and EAP</li> <li>Wireless Threats: Evil Twins, MAC Spoofing, and War Driving prevention</li> <li>Radio Frequency Management: AP placement, signal strength, and interference</li> <li>Short-Range Tech: Bluetooth and NFC security considerations</li> </ul> <h4 style="font-weight: 500; color: #333;">06. Systems & Application Hardening</h4> <ul> <li>Network Attacks: Mitigating DDoS, Malware, Rootkits, and Social Engineering</li> <li>System Hardening: Baseline configurations, Imaging, and STIG compliance</li> <li>Host Security: Windows/Linux best practices, Patch Management, and BIOS passwords</li> <li>Endpoint Protection: Types of Anti-Virus, Host-based IDS, and Firewalls</li> <li>Mobile Management: BYOD vs. COPE policies, Containerization, and DLP</li> </ul> <h4 style="font-weight: 500; color: #333;">07. Virtualization & Cloud Infrastructure</h4> <ul> <li>Virtualization Components: Hypervisors, VMs, Virtual Switches, and Shared Storage</li> <li>Cloud Deployment Models: Public, Private, Hybrid, and Community</li> <li>Cloud Service Models: IaaS, PaaS, and SaaS responsibilities</li> <li>Cloud Governance: Data ownership, SLAs, and Data Portability</li> <li>Security in the Cloud: Data transmission encryption and outsourcing destruction</li> </ul> </div>

Log in

Systems Security Certified Practitioner (SSCP)

Curriculum

01. Exam Overview & Professional Ethics

02. Access Control & Security Basics

03. Physical & Administrative Security Controls

04. Control Categories & Compliance

05. Asset & Change Management

01. Authentication & Identity Methods

02. Access Control Models & Privileges

03. Advanced Authorization Architectures

04. Trust Relationships & Flow

05. Identity Management & Provisioning

01. Foundations of Risk Management

02. Risk Response & Enterprise Frameworks

03. Identifying Vulnerabilities & Security Testing

04. Incident Detection & Intrusion Analysis

05. Remediation, Reporting & Legal Constraints

01. & 02. Response Planning & First Steps

03. Investigation & Recovery Operations

04. Post-Incident Activity & Training

05. Backup Strategies & Methodology

06. Business Continuity & Disaster Recovery

01. Compliance, Laws & Regulations

02. Cryptography Fundamentals

03. Public Key Infrastructure (PKI)

04. Data Integrity & Non-Repudiation

05. Security Protocols & Secure Communication

01. Network Components & Architecture

02. Protocols, Topologies & Routing

03. VPN Technologies & Remote Access

04. Firewall Technologies & Network Defense

05. Wireless & Mobile Communication Security

06. Systems & Application Hardening

07. Virtualization & Cloud Infrastructure

Sales

Phone

Fax

WY Office: 1712 Pioneer Avenue, Suite 135 Cheyenne WY 82001

CA Office:1001 Wilshire Boulevard #1071 Los Angeles, CA 90017