The SSCP exam evaluates your expertise across seven security domains. Think of the domains as topics you need to master based on your professional experience and education.
Refer to the SSCP Exam Outline for a deeper dive into the SSCP domains.
1. Access Controls
- Implement and maintain authentication methods
- Support internetwork trust architectures
- Participate in the identity management lifecycle
- Implement access controls
2. Security Operations and Administration
- Comply with codes of ethics
- Understand security concepts
- Document, implement, and maintain functional security controls
- Participate in asset management
- Implement security controls and assess compliance
- Participate in change management
- Participate in security awareness and training
- Participate in physical security operations (e.g. data centre assessment, badging)
3. Risk Identification, Monitoring and Analysis
- Understand the risk management process
- Perform security assessment activities
- Operate and maintain monitoring systems (e.g. continuous monitoring)
- Analyse monitoring results
4. Incident Response and Recovery
- Support incident lifecycle
- Understand and support forensic investigations
- Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) activities
5. Cryptography
- Understand fundamental concepts of cryptography
- Understand reasons and requirements for cryptography
- Understand and support secure protocols
- Understand Public Key Infrastructure (PKI) systems
6. Network and Communications Security
- Understand and apply fundamental concepts of networking
- Understand network attacks and countermeasures (e.g. DDoS, man-in-the-middle, DNS poisoning)
- Manage network access controls
- Manage network security
- Operate and configure network-based security devices
- Operate and configure wireless technologies (e.g. bluetooth, NFC, WiFi)
7. Systems and Application Security
- Identify and analyse malicious code and activity
- Implement and operate endpoint device security
- Operate and configure cloud security
- Operate and secure virtual environments
About (ISC)²
(ISC)²: The world’s leading cybersecurity and IT security professional organisation.
(ISC)² is an international, not for profit membership association for information security leaders. It is committed to helping their members grow, learn and thrive. With more than 140,000 certified members, it empowers professionals who touch every aspect of information security.
Is your course supplied by an Official (ISC)² Training Provider?
Auldhouse is one of only a few in Australasia who offer official (ISC)² courseware and materials. You wouldn’t update your company’s security policies with versions that were 12-18 months out of date…. By choosing an Official Training Provider, you are guaranteed the very latest in defence strategies and content that is mapped directly to the exam.