Systems Security Certified Practitioner (SSCP)
Systems Security Certified Practitioner (SSCP) 2021
SSCP 2021: Asset & Change Management Lifecycles
it_spsscp21_03_enus
SSCP 2021: Authentication & Trust Architectures
it_spsscp21_07_enus
SSCP 2021: Basic Security Concepts
it_spsscp21_01_enus
SSCP 2021: Business Continuity Planning
it_spsscp21_12_enus
SSCP 2021: Endpoint Protection and Mobile Device Management
it_spsscp21_17_enus
SSCP 2021: Fundamental Networking Concepts
it_spsscp21_13_enus
SSCP 2021: Identity Management & Access Control Models
it_spsscp21_08_enus
SSCP 2021: Incident Response & Forensics
it_spsscp21_11_enus
SSCP 2021: Malware & Countermeasures
it_spsscp21_16_enus
SSCP 2021: Network Attacks & Countermeasures
it_spsscp21_14_enus
SSCP 2021: Physical Security Operations
it_spsscp21_04_enus
SSCP 2021: Risk Management
it_spsscp21_09_enus
SSCP 2021: Secure Protocols & Public Key Infrastructure (PKI)
it_spsscp21_06_enus
SSCP 2021: Secure Virtual & Cloud Environments
it_spsscp21_18_enus
SSCP 2021: Secure Wireless Communication
it_spsscp21_15_enus
SSCP 2021: Security & Vulnerability Assessment
it_spsscp21_10_enus
SSCP 2021: Security Controls
it_spsscp21_02_enus
SSCP 2021: Understanding & Applying Cryptography
it_spsscp21_05_enus
SSCP 2021: Asset & Change Management Lifecycles
Lesson Objectives
SSCP 2021: Asset & Change Management Lifecycles
- discover the key concepts covered in this course
- outline how process, planning, design, and initiation apply to the first phase of the asset management lifecycle
- define and compare development and acquisition and outline the processes and considerations involved in both
- describe best practices, methodologies, and processes involved in inventory and licensing
- summarize what comprises an implementation and assessment policy, give examples of policy types, and outline how to develop an information security policy
- describe the operation and maintenance phase of asset lifecycle management with reference to archiving and retention requirements
- list some asset disposal and destruction options
- define configuration management and outline the practices and tools involved
- describe each of the six change management lifecycle phases
- summarize the key concepts covered in this course
Overview/Description
As a security practitioner, assessing risk and applying controls is a fundamental part of the job description. However, doing so becomes pretty challenging if you don't know the value and priority of all physical and logical assets. Solid comprehension of the well-established lifecycles and architectures involved in both asset and change management will help you implement all your security initiatives smartly. In this course, examine the processes and best practices involved in each of the asset and change management lifecycle phases. When you've finished, you'll know the best way to implement each of these phases within the context of your own business. This course explores topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.
As a security practitioner, assessing risk and applying controls is a fundamental part of the job description. However, doing so becomes pretty challenging if you don't know the value and priority of all physical and logical assets. Solid comprehension of the well-established lifecycles and architectures involved in both asset and change management will help you implement all your security initiatives smartly. In this course, examine the processes and best practices involved in each of the asset and change management lifecycle phases. When you've finished, you'll know the best way to implement each of these phases within the context of your own business. This course explores topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.
Target
Prerequisites: none
SSCP 2021: Authentication & Trust Architectures
Lesson Objectives
SSCP 2021: Authentication & Trust Architectures
- discover the key concepts covered in this course
- compare single, dual, and multi-factor authentication
- describe what's involved in single-sign-on and federated access, recognizing the role of identity providers, directory services, AWS SSO, SAML, OAuth, and OpenID Connect
- define device authentication and outline various options and mechanisms, namely Azure AD, endpoint authentication, and 802.1X PNAC
- describe what trust relationships are used for, as well as what Zero Trust means
- summarize what comprises the following internetwork connections: the Internet, intranets, and extranets
- summarize the key concepts covered in this course
Overview/Description
As a security professional, you'll likely have been exposed to the concept of origin authentication. However, in today's modern environment of mobile devices, the Internet of Things, and embedded systems, more robust authentication, authorization, and identity management methods are imperative. Use this course to comprehend how single and multi-factor authentication, single sign-on (SSO), device authentication, and federated access work. Examine the use of trust relationships between domains and what's meant by Zero Trust. And distinguish between various internetwork connections such as the Internet, intranets, and extranets. Upon course completion, you'll be able to detail how and why these authentication mechanisms and trust architectures are used. You'll also be one step closer to being prepared to take the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
As a security professional, you'll likely have been exposed to the concept of origin authentication. However, in today's modern environment of mobile devices, the Internet of Things, and embedded systems, more robust authentication, authorization, and identity management methods are imperative. Use this course to comprehend how single and multi-factor authentication, single sign-on (SSO), device authentication, and federated access work. Examine the use of trust relationships between domains and what's meant by Zero Trust. And distinguish between various internetwork connections such as the Internet, intranets, and extranets. Upon course completion, you'll be able to detail how and why these authentication mechanisms and trust architectures are used. You'll also be one step closer to being prepared to take the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
SSCP 2021: Basic Security Concepts
Lesson Objectives
SSCP 2021: Basic Security Concepts
- discover the key concepts covered in this course
- describe what comprises the (ISC)² Code of Ethics and an organizational code of ethics
- define what's meant by confidentiality in a security context and outline how to include it in your security practices
- define what's meant by integrity in a security context and outline how to include it in your security practices
- define what's meant by availability in a security context and outline how to include it in your security practices
- define what's meant by accountability in a security context and outline how to include it in your security practices
- define what's meant by privacy in a security context and outline how to include it in your security practices
- define what's meant by non-repudiation in a security context and outline how to include it in your security practices
- define what's meant by least privilege in a security context and outline how to include it in your security practices
- define what's meant by the segregation of duties in a security context and outline how to include it in your security practices
- summarize the key concepts covered in this course
Overview/Description
Most candidates for the (ISC)² Systems Security Certified Practitioner (SSCP) exam will have the required one year of paid job experience. So the basic security concepts are most likely a review for most learners. However, simply defining the technology is not enough. Candidates must be able to grasp how the following principles are implemented: (ISC)² Code of Ethics, confidentiality, integrity, availability, accountability, privacy, non-repudiation, least privilege, and segregation of duties (SoD). Take this course to explore how you would apply these principles to your own daily security operations. Upon completion, you'll have a solid knowledge of the topics covered in Domain 1: Security Operations and Administration of the (ISC)² SSCP 2021 CBK, preparing you to take the exam.
Most candidates for the (ISC)² Systems Security Certified Practitioner (SSCP) exam will have the required one year of paid job experience. So the basic security concepts are most likely a review for most learners. However, simply defining the technology is not enough. Candidates must be able to grasp how the following principles are implemented: (ISC)² Code of Ethics, confidentiality, integrity, availability, accountability, privacy, non-repudiation, least privilege, and segregation of duties (SoD). Take this course to explore how you would apply these principles to your own daily security operations. Upon completion, you'll have a solid knowledge of the topics covered in Domain 1: Security Operations and Administration of the (ISC)² SSCP 2021 CBK, preparing you to take the exam.
Target
Prerequisites: none
SSCP 2021: Business Continuity Planning
Lesson Objectives
SSCP 2021: Business Continuity Planning
- discover the key concepts covered in this course
- outline what's involved in business continuity planning and continuity of operations
- describe what's involved in business impact analysis
- summarize several backup and restore options
- define disaster recovery planning and summarize its lifecycle
- compare disaster recovery tests and drills
- summarize the key concepts covered in this course
Overview/Description
When dealing with security, preparation is key. A variety of disasters could happen to most organizations at any moment, and the impact that could have on data and systems could be detrimental. There are many measures and processes to help recover from a disaster. Use this course to learn a handful of them. Explore the main elements of business continuity planning (BCP), also called continuity of operations (COOP). See what's involved in business impact analysis and disaster recovery planning. And examine various backup and restore methods. Upon course completion, you'll know several strategies to ensure a business continues to function after a disaster. This course's objectives line up with those in Domain 4: Incident Response and Recovery of the SSCP CBK and will help you prepare for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
When dealing with security, preparation is key. A variety of disasters could happen to most organizations at any moment, and the impact that could have on data and systems could be detrimental. There are many measures and processes to help recover from a disaster. Use this course to learn a handful of them. Explore the main elements of business continuity planning (BCP), also called continuity of operations (COOP). See what's involved in business impact analysis and disaster recovery planning. And examine various backup and restore methods. Upon course completion, you'll know several strategies to ensure a business continues to function after a disaster. This course's objectives line up with those in Domain 4: Incident Response and Recovery of the SSCP CBK and will help you prepare for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
SSCP 2021: Endpoint Protection and Mobile Device Management
Lesson Objectives
SSCP 2021: Endpoint Protection and Mobile Device Management
- discover the key concepts covered in this course
- describe what personal firewalls as well as host-based intrusion detection systems (HIDS) and host-based intrusion prevention systems (HIPS) are used for
- detail what's involved in application whitelisting, endpoint encryption, whole disk encryption, boot integrity, secure browsing and the purpose of self-encrypting drives, hardware root of trust, and SEAndroid
- describe what endpoint detection and response (EDR) tools are used for and the characteristics of next-generation endpoint protection, Network Access Control and endpoint protection, and cloud-based EDR
- compare mobile provisioning techniques, including CYOD (Choose Your Own Device) and BYOD (Bring Your Own Device)
- summarize activities, challenges, and solution requirements related to mobile device management (MDM) and enterprise mobility management (EMM)
- outline what's involved in mobile application management (MAM)
- summarize the key concepts covered in this course
Overview/Description
The first decade of the 21st century saw an explosion in the use of various mobile devices and cloud service providers in the enterprise. With this came a new challenge for security professionals from which several techniques and tools were developed. Get to grips with the many terms and activities related to endpoint protection and mobile device management in this vocational course. Explore what's involved in host-based intrusion prevention systems (HIPS) and host-based intrusion detection systems (HIDS). Examine endpoint encryption, protection, detection, and response. And study mobile provisioning and mobile device and application management. Upon course completion, you'll be familiar with the best techniques for protecting various devices and systems. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
The first decade of the 21st century saw an explosion in the use of various mobile devices and cloud service providers in the enterprise. With this came a new challenge for security professionals from which several techniques and tools were developed. Get to grips with the many terms and activities related to endpoint protection and mobile device management in this vocational course. Explore what's involved in host-based intrusion prevention systems (HIPS) and host-based intrusion detection systems (HIDS). Examine endpoint encryption, protection, detection, and response. And study mobile provisioning and mobile device and application management. Upon course completion, you'll be familiar with the best techniques for protecting various devices and systems. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
SSCP 2021: Fundamental Networking Concepts
Lesson Objectives
SSCP 2021: Fundamental Networking Concepts
- discover the key concepts covered in this course
- compare the OSI and TCP/IP reference models
- describe network topologies, relationships, and media types
- define software-defined networking (SDN) and SD-WAN
- compare common ports and protocols using an AWS network access control list
- summarize what comprises IEEE (Institute of Electrical and Electronic Engineers) 802.1X architecture and RADIUS (Remote Authentication Dial-In User Service) authentication services
- detail the characteristics of terminal access controller access-control system plus (TACACS+)
- outline what remote access connectivity and virtual private networks (VPNs) are used for
- summarize the key concepts covered in this course
Overview/Description
Historically speaking, the vast majority of security practitioners, technicians, engineers, and architects come from the field of local and wide area networking. This factor, as well as the importance of protecting data-in-transit, makes networking a critical knowledge area. Use this course to get to grips with several networking concepts and methodologies. Learn to distinguish between the OSI and TCP/IP reference models. Explore network topologies, relationships, and media types. See what's meant by software-defined networking (SDN), Remote Authentication Dial-In User Service (RADIUS), and terminal access controller access-control system plus (TACACS+), among other terms. Examine commonly used ports and protocols. And look into remote access connectivity and virtual private networks (VPNs). Upon course completion, you'll be familiar with several fundamental networking concepts and network access control methodologies. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Historically speaking, the vast majority of security practitioners, technicians, engineers, and architects come from the field of local and wide area networking. This factor, as well as the importance of protecting data-in-transit, makes networking a critical knowledge area. Use this course to get to grips with several networking concepts and methodologies. Learn to distinguish between the OSI and TCP/IP reference models. Explore network topologies, relationships, and media types. See what's meant by software-defined networking (SDN), Remote Authentication Dial-In User Service (RADIUS), and terminal access controller access-control system plus (TACACS+), among other terms. Examine commonly used ports and protocols. And look into remote access connectivity and virtual private networks (VPNs). Upon course completion, you'll be familiar with several fundamental networking concepts and network access control methodologies. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
SSCP 2021: Identity Management & Access Control Models
Lesson Objectives
SSCP 2021: Identity Management & Access Control Models
- discover the key concepts covered in this course
- summarize the authorization aspect of identity management and distinguish it from authentication
- describe the proofing aspect of identity management and outline the NIST proofing requirement
- describe the provisioning and de-provisioning aspects of identity management and name examples of automated provisioning services
- summarize the maintenance aspect of identity management and outline two samples of an identity management lifecycle
- outline the entitlement aspect of identity management and describe potential tasks involved
- illustrate the AWS IAM services for identity and access management
- compare several types of access control models, namely mandatory, discretionary, role-based, and rule-based
- define the Bell-LaPadula and Biba access control models
- summarize the key concepts covered in this course
Overview/Description
Whether you manage one or thousands of digital identities, the expectation for regulatory compliance, top-level security, and speedy access control will be the same. The importance of access control is reinforced by Domain 2 of the SSCP exam, representing 15% of the overall subject matter. Among other topics, this domain covers the identity management lifecycle and access control models. Use this course to gain a clear comprehension of the various aspects of identity management, namely authorization, proofing, provisioning, de-provisioning, maintenance, and entitlement. Furthermore, explore several types of access control models, including role-based and rule-based, and investigate the Bell-LaPadula and Biba mandatory access confidentiality and integrity models. Upon course completion, you'll recognize the identity management and access control techniques needed in your organization. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Whether you manage one or thousands of digital identities, the expectation for regulatory compliance, top-level security, and speedy access control will be the same. The importance of access control is reinforced by Domain 2 of the SSCP exam, representing 15% of the overall subject matter. Among other topics, this domain covers the identity management lifecycle and access control models. Use this course to gain a clear comprehension of the various aspects of identity management, namely authorization, proofing, provisioning, de-provisioning, maintenance, and entitlement. Furthermore, explore several types of access control models, including role-based and rule-based, and investigate the Bell-LaPadula and Biba mandatory access confidentiality and integrity models. Upon course completion, you'll recognize the identity management and access control techniques needed in your organization. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
SSCP 2021: Incident Response & Forensics
Lesson Objectives
SSCP 2021: Incident Response & Forensics
- discover the key concepts covered in this course
- describe the preparation and selection stages of the incident response lifecycle
- describe the analysis and escalation stages of the incident response lifecycle
- describe the containment and eradication stages of the incident response lifecycle
- describe the recovery and reporting stages of the incident response lifecycle
- define legal and ethical principles of cyber forensic investigations
- outline how to handle cyber forensic evidence effectively
- summarize how to report on a cyber forensic investigation
- summarize the key concepts covered in this course
Overview/Description
Unprecedented events such as the Y2K bug and terrorist attacks, along with increasing cybercrime pervasiveness and sophistication, have meant that since the early 2000s, a security team's ability to recover from a disaster has moved from a bonus to non-negotiable. There are several phases to incident response, from preparation to forensic investigations and beyond. A competent security professional needs to know all of them. Use this course to learn what's involved in the incident response lifecycle phases of preparation, detection, analysis, escalation, containment, eradication, recovery, and lessons learned. As you advance, explore essential aspects of cyber forensic investigations, such as handling evidence and reporting. Upon completion, you'll know the multiple facets of incident response and cyber forensics. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Unprecedented events such as the Y2K bug and terrorist attacks, along with increasing cybercrime pervasiveness and sophistication, have meant that since the early 2000s, a security team's ability to recover from a disaster has moved from a bonus to non-negotiable. There are several phases to incident response, from preparation to forensic investigations and beyond. A competent security professional needs to know all of them. Use this course to learn what's involved in the incident response lifecycle phases of preparation, detection, analysis, escalation, containment, eradication, recovery, and lessons learned. As you advance, explore essential aspects of cyber forensic investigations, such as handling evidence and reporting. Upon completion, you'll know the multiple facets of incident response and cyber forensics. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
SSCP 2021: Malware & Countermeasures
Lesson Objectives
SSCP 2021: Malware & Countermeasures
- discover the key concepts covered in this course
- detail what's meant by different forms of malware, including rootkits, spyware, scareware, ransomware, trojans, viruses, worms, and trapdoors
- outline what's involved in using vulnerability scanners, antimalware, and code signing as malware countermeasures
- describe different malicious activities, including insider threats, data theft, zero-day exploits, web-based attacks, and advanced persistent threats
- summarize what's involved in various countermeasures to malicious activities, including user awareness, system hardening, patching, isolation, and data loss prevention
- detail what's entailed in advanced countermeasures that use behavior analytics tools and machine learning, artificial intelligence (AI), and data analytics
- summarize the key concepts covered in this course
Overview/Description
To secure systems and applications appropriately, security practitioners must first recognize the various types of malicious code and activity. After this, they need to execute the best measures to counter these exploits. Use this theory-based course to recognize multiple types of exploits and malware and their most common countermeasures. Explore malware variants, such as rootkits, spyware, scareware, and ransomware. Examine countermeasures involving scanners, antimalware, and code signing. Then, study malicious activities, such as insider threats, data theft, zero-day exploits, and advanced persistent threats (APTs). And discover their various countermeasures, such as system hardening, patching, and data loss prevention (DLP). Lastly, investigate advanced mitigation techniques that involve behavioral and data analytics, machine learning, and artificial intelligence. Upon completion, you'll be able to identify and analyze malicious code and activity. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
To secure systems and applications appropriately, security practitioners must first recognize the various types of malicious code and activity. After this, they need to execute the best measures to counter these exploits. Use this theory-based course to recognize multiple types of exploits and malware and their most common countermeasures. Explore malware variants, such as rootkits, spyware, scareware, and ransomware. Examine countermeasures involving scanners, antimalware, and code signing. Then, study malicious activities, such as insider threats, data theft, zero-day exploits, and advanced persistent threats (APTs). And discover their various countermeasures, such as system hardening, patching, and data loss prevention (DLP). Lastly, investigate advanced mitigation techniques that involve behavioral and data analytics, machine learning, and artificial intelligence. Upon completion, you'll be able to identify and analyze malicious code and activity. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
SSCP 2021: Network Attacks & Countermeasures
Lesson Objectives
SSCP 2021: Network Attacks & Countermeasures
- discover the key concepts covered in this course
- name and describe several types of network attacks
- outline what's involved in the placement of network devices with reference to zones and segmentation
- configure access control lists
- outline how to securely manage devices
- illustrate how firewalls and proxies are used
- define content delivery networking and summarize what cloud-based load balancers are used for
- compare IDS (intrusion detection system) and IPS (intrusion prevention system) sensors
- outline how to secure routers and switches
- summarize the key concepts covered in this course
Overview/Description
A critical aspect of risk and security management is having a clear picture of the present threatscape. This involves knowledge of threats actors, exploits, vulnerabilities, and malware along with countermeasures that include various technical, physical, and managerial controls. Take this course to learn to recognize several types of network attacks. Examine various methods for managing network security, from network device placement to configuring access control lists and using firewalls and proxies. Furthermore, learn how to secure network-based security devices as well as routers and switches. Then, delve into content delivery networking, cloud-based load balancers, and intrusion detection and prevention. Upon course completion, you'll know what's involved in both network attacks and countermeasures. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
A critical aspect of risk and security management is having a clear picture of the present threatscape. This involves knowledge of threats actors, exploits, vulnerabilities, and malware along with countermeasures that include various technical, physical, and managerial controls. Take this course to learn to recognize several types of network attacks. Examine various methods for managing network security, from network device placement to configuring access control lists and using firewalls and proxies. Furthermore, learn how to secure network-based security devices as well as routers and switches. Then, delve into content delivery networking, cloud-based load balancers, and intrusion detection and prevention. Upon course completion, you'll know what's involved in both network attacks and countermeasures. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
SSCP 2021: Physical Security Operations
Lesson Objectives
SSCP 2021: Physical Security Operations
- discover the key concepts covered in this course
- name different physical barrier types and recognize what they're used for
- name some security techniques involving signage, cameras, and surveillance and describe how they're used
- name some personnel controls and recognize some key considerations when using them
- describe how different locks for physical security work, including biometric, electronic, physical, and cable locks, and outline how intruders break them
- recognize various methods and techniques for fire detection, suppression, and prevention and summarize the types of fire extinguishers
- list different types of lighting and describe different types of sensors
- describe what comprises different types of secure areas, including where they're typically used, their downsides, and key requirements for usage
- describe various environmental controls, including in what situations they're used, their downsides, and key usage requirements
- summarize the key concepts covered in this course
Overview/Description
Although on the surface, choosing physical controls may seem common sense and subjective, there are likely options and considerations you're unaware of. Furthermore, SSCP exam candidates must have a broad knowledge of these controls to pass the exam. Use this course to explore, in detail, the many categories and types of physical security controls, including barriers, such as gate types; surveillance, such as camera types; types of locks and sensors; secure areas, such as Faraday cages; and environmental controls, such as air gaps. Upon course completion, you'll be able to customize your physical security methods to suit your organization. This course covers subtopic 1.8 from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.
Although on the surface, choosing physical controls may seem common sense and subjective, there are likely options and considerations you're unaware of. Furthermore, SSCP exam candidates must have a broad knowledge of these controls to pass the exam. Use this course to explore, in detail, the many categories and types of physical security controls, including barriers, such as gate types; surveillance, such as camera types; types of locks and sensors; secure areas, such as Faraday cages; and environmental controls, such as air gaps. Upon course completion, you'll be able to customize your physical security methods to suit your organization. This course covers subtopic 1.8 from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.
Target
Prerequisites: none
SSCP 2021: Risk Management
Lesson Objectives
SSCP 2021: Risk Management
- discover the key concepts covered in this course
- describe various risk visibility and reporting methods
- outline how to assess vulnerabilities and the impact and magnitude of their exploitation
- list and define threat modeling techniques, such as VAST and STRIDE, and compare quantitative and qualitative risk analysis
- compare risk management frameworks from organizations such as ISO, NIST, and more
- name and describe several methods for treating or handling risk
- describe various legal and regulatory risk issues that affect risk management
- describe how to carry out security awareness and training
- summarize the key concepts covered in this course
Overview/Description
If a threat agent exploits an IT asset's vulnerability, then the consequences for a business could be detrimental. In IT security terms, the likelihood of this happening and the potential impact if it did constitutes the concept of risk. Those responsible for the operational security of assets need to know how to reduce risk sufficiently. Use this course to learn the many ways to identify, assess, and manage risk related to IT infrastructure. Explore, in detail, various risk management techniques, such as risk visibility and reporting, threat modeling, and risk treatment. Examine legal and regulatory concerns when managing risk. And see how to implement organizational security awareness and training. Upon completion, you'll know how to bring risk magnitude down to a pre-defined acceptable level. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
If a threat agent exploits an IT asset's vulnerability, then the consequences for a business could be detrimental. In IT security terms, the likelihood of this happening and the potential impact if it did constitutes the concept of risk. Those responsible for the operational security of assets need to know how to reduce risk sufficiently. Use this course to learn the many ways to identify, assess, and manage risk related to IT infrastructure. Explore, in detail, various risk management techniques, such as risk visibility and reporting, threat modeling, and risk treatment. Examine legal and regulatory concerns when managing risk. And see how to implement organizational security awareness and training. Upon completion, you'll know how to bring risk magnitude down to a pre-defined acceptable level. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
SSCP 2021: Secure Protocols & Public Key Infrastructure (PKI)
Lesson Objectives
SSCP 2021: Secure Protocols & Public Key Infrastructure (PKI)
- discover the key concepts covered in this course
- summarize the characteristics and features of IP Security (IPsec), outline what it's used for, and list the various IPsec security profiles (policies)
- outline how Transport Layer Security (TLS) works and describe what SSL/TLS and HTTPS are used for
- compare how S/MIME and DKIM are used for email security
- recognize the function of various key management concepts, such as storage, rotation, composition, generation, destruction, exchange, revocation, and escrow
- define the web of trust concept and describe a web of trust scenario
- describe how Public Key Infrastructure (PKI) works, the characteristics of two certificate authority (CA) trust models, and the rationale behind certificate revocation and suspension
- summarize the key concepts covered in this course
Overview/Description
Early on in the development of TCP/IP and the application layer protocols and services, it was decided not no build native security but rather to add new secure mechanisms and protocols. The aim was to maintain internetworking and interoperability without adding too much overhead. Knowing how these protocols work and how you can implement them will change how you protect your organization's information. Use this course to get abreast of some of the most vital secure protocols and their implementation along with other core services, such as key management, web of trust (WOT), and Public Key Infrastructure (PKI). Upon course completion, you'll be able to detail how and why these protocols and services are used. This course will help you in the lead-up to taking the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Early on in the development of TCP/IP and the application layer protocols and services, it was decided not no build native security but rather to add new secure mechanisms and protocols. The aim was to maintain internetworking and interoperability without adding too much overhead. Knowing how these protocols work and how you can implement them will change how you protect your organization's information. Use this course to get abreast of some of the most vital secure protocols and their implementation along with other core services, such as key management, web of trust (WOT), and Public Key Infrastructure (PKI). Upon course completion, you'll be able to detail how and why these protocols and services are used. This course will help you in the lead-up to taking the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
SSCP 2021: Secure Virtual & Cloud Environments
Lesson Objectives
SSCP 2021: Secure Virtual & Cloud Environments
- discover the key concepts covered in this course
- describe virtualization and hypervisor technology
- detail the weaknesses, vulnerabilities, and countermeasures of virtualization
- compare cloud deployment and service models, namely Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS) and public, private, community, and hybrid cloud models
- describe the legal aspects of cloud computing and associated regulatory issues
- identify cloud data storage options and security concerns at AWS
- recognize common security services at AWS
- summarize the key concepts covered in this course
Overview/Description
The security landscape changes in tandem with the evolution of technology. As virtualization and cloud computing have emerged, so have associated security tools, techniques, and regulations. Ensure your security knowledge is up-to-date with this advanced exam preparatory course. Learn about hypervisors, virtual appliances, and containers. Examine continuity and resilience, attacks and countermeasures, and legal and regulatory concerns. Explore what's involved in shared and data storage, deployment and service models, processing, and transmission. Delve into third-party/outsourcing requirements, data portability, data destruction, and auditing. And finally, investigate the cloud computing shared responsibility model. When you're done, you'll know how to secure technologies related to virtualization and cloud computing. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
The security landscape changes in tandem with the evolution of technology. As virtualization and cloud computing have emerged, so have associated security tools, techniques, and regulations. Ensure your security knowledge is up-to-date with this advanced exam preparatory course. Learn about hypervisors, virtual appliances, and containers. Examine continuity and resilience, attacks and countermeasures, and legal and regulatory concerns. Explore what's involved in shared and data storage, deployment and service models, processing, and transmission. Delve into third-party/outsourcing requirements, data portability, data destruction, and auditing. And finally, investigate the cloud computing shared responsibility model. When you're done, you'll know how to secure technologies related to virtualization and cloud computing. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
SSCP 2021: Secure Wireless Communication
Lesson Objectives
SSCP 2021: Secure Wireless Communication
- discover the key concepts covered in this course
- describe various wireless technologies including 802.11 standards, 5G, Bluetooth, Radio Frequency Identification (RFID), Near Field Communication (NFC), and Zigbee
- define distinctive attributes of Wi-Fi, wireless LANs, and wireless LAN controllers (WLC)
- compare wireless authentication and encryption mechanisms and protocols including Wi-Fi Protected Access (WPA), WPA2, Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), and WPA3
- describe extensible authentication protocols like eap-fast and eap-tls
- outline internet-of-things (IoT) technologies and security considerations
- summarize the key concepts covered in this course
Overview/Description
Network and communications security is part of the SSCP Domain 6 objectives and includes the important topic of securing wireless communication. Use this course to learn about the key features of wireless networking technologies and the security vulnerabilities you need to consider. Examine key aspects about the operation of wireless technologies on the network including common wireless 802.11 standards and their distinguishing characteristics, and explore cellular, Wi-Fi, Bluetooth, and Near-Field Communication (NFC). Learn about the role of authentication and encryption protocols like WPA, WPA2, WPA3, and Extensible Authentication Protocol (EAP) as used on the network. Finally, learn how to secure various Internet of Things (IoT) devices including embedded devices and software-on-a-chip technology. Upon course completion, you'll know what's involved in securing wireless communication and devices. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
SSCP 2021: Security & Vulnerability Assessment
Lesson Objectives
SSCP 2021: Security & Vulnerability Assessment
- discover the key concepts covered in this course
- describe several security testing techniques and the activities they involve
- recognize how risk review should be conducted and describe the processes involved in two risk review models
- define each stage of the vulnerability management life cycle, outline how penetration testing works, and identify various penetration testing frameworks and common web vulnerabilities
- describe monitoring source systems and events
- distinguish between SIEM and SOAR systems
- outline how to analyze monitoring results and generate reports
- summarize the key concepts covered in this course
Overview/Description
Once you've assessed an organization's risks, you need to implement continuous visibility and reporting to understand risk evolution. Furthermore, once you've established security policies and controls, you need to test and evaluate them to confirm their efficacy. To meet these goals, security practitioners need to know how to uncover vulnerabilities, identify events of interest, monitor logs, and analyze metrics. Use this course to learn security and vulnerability assessment techniques and methodologies. Explore security testing, risk review, and vulnerability management. Examine data logging and event aggregation. Learn how to implement monitoring and event data analysis. And see how to document and communicate findings. Upon completion, you'll be able to identify, monitor, and analyze security risks. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Once you've assessed an organization's risks, you need to implement continuous visibility and reporting to understand risk evolution. Furthermore, once you've established security policies and controls, you need to test and evaluate them to confirm their efficacy. To meet these goals, security practitioners need to know how to uncover vulnerabilities, identify events of interest, monitor logs, and analyze metrics. Use this course to learn security and vulnerability assessment techniques and methodologies. Explore security testing, risk review, and vulnerability management. Examine data logging and event aggregation. Learn how to implement monitoring and event data analysis. And see how to document and communicate findings. Upon completion, you'll be able to identify, monitor, and analyze security risks. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
SSCP 2021: Security Controls
Lesson Objectives
SSCP 2021: Security Controls
- discover the key concepts covered in this course
- define administrative controls and outline how they might be implemented
- define technical controls and outline how they might be implemented
- define physical controls and differentiate among administrative, technical, and physical security controls
- define deterrent controls and list some examples
- define preventative controls and list some examples
- define detective controls and list some examples
- define corrective controls and list some examples
- define compensating controls and list some examples
- summarize the key concepts covered in this course
Overview/Description
When an organization decides to mitigate risk as part of a handling strategy, they will, in essence, raise the difficulty or resistance to threat actors using various security controls. If your role involves upholding the operational security of your organization's most coveted assets, you must be familiar with the many types of controls available. Use this course to become familiar with security control categories and the controls that fall within them. Among others, explore administrative controls, like security policies and procedures; technical controls, like device hardening and application firewalls; and physical controls, like surveillance equipment and security personnel. When you're done, you'll be able to decide the security controls you should implement in your organization. This course covers topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.
When an organization decides to mitigate risk as part of a handling strategy, they will, in essence, raise the difficulty or resistance to threat actors using various security controls. If your role involves upholding the operational security of your organization's most coveted assets, you must be familiar with the many types of controls available. Use this course to become familiar with security control categories and the controls that fall within them. Among others, explore administrative controls, like security policies and procedures; technical controls, like device hardening and application firewalls; and physical controls, like surveillance equipment and security personnel. When you're done, you'll be able to decide the security controls you should implement in your organization. This course covers topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.
Target
Prerequisites: none
SSCP 2021: Understanding & Applying Cryptography
Lesson Objectives
SSCP 2021: Understanding & Applying Cryptography
- discover the key concepts covered in this course
- define and compare cryptography and cryptanalysis, outline cryptographic services, list levels of encryption, and describe ciphers and cryptographic key types
- describe reasons and use cases for cryptography
- define and compare hashing and salting
- describe how symmetric key cryptosystems work and summarize what's meant by block ciphers and stream ciphers
- describe how asymmetric key cryptosystems work and summarize different types of key exchanges, such as Diffie-Hellman
- outline the components of digital signatures and certificates and name some certificate validation types
- define cryptanalysis and outline how various crypto attacks work
- name and describe various advanced cryptosystems
- summarize the key concepts covered in this course
Overview/Description
Although cryptography isn't covered until domain 5 of the SSCP CBK, potential exam candidates and security professionals will benefit from foundational knowledge of cryptosystems early in their training. Use this course to grasp the reasons and requirements for cryptography in safe-guarding information, including regulations and governance. Investigate cryptographic techniques, such as hashing and salting, symmetric and asymmetric encryption, and elliptic curve cryptography. Discover what's involves in digital signatures and certificates. Explore cryptographic attacks, cryptanalysis, and countermeasures. And delve into advanced cryptosystems, such as quantum computing and blockchain. Upon course completion, you'll be aware of the various traditional and modern cryptology techniques used to protect data and communications. This course will help you in the lead-up to taking the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Although cryptography isn't covered until domain 5 of the SSCP CBK, potential exam candidates and security professionals will benefit from foundational knowledge of cryptosystems early in their training. Use this course to grasp the reasons and requirements for cryptography in safe-guarding information, including regulations and governance. Investigate cryptographic techniques, such as hashing and salting, symmetric and asymmetric encryption, and elliptic curve cryptography. Discover what's involves in digital signatures and certificates. Explore cryptographic attacks, cryptanalysis, and countermeasures. And delve into advanced cryptosystems, such as quantum computing and blockchain. Upon course completion, you'll be aware of the various traditional and modern cryptology techniques used to protect data and communications. This course will help you in the lead-up to taking the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
Target
Prerequisites: none
