Systems Security Certified Practitioner Course Outline
The Systems Security Certified Practitioner training course will explore the seven domains that feature the Common Body of Knowledge. The domains encompass a range of IT security areas whereby knowledge is essential.
Domain 1: Security Operations and Administration
Module 1: Comply with Codes of Ethics
- (ISC)² Code of Ethics
- Organisational Code of Ethics
Module 2: Understand Security Concepts
- Confidentiality
- Integrity
- Availability
- Accountability
- Privacy
- Non-repudiation
- Least Privilege
- Separation of Duties (SoD)
Module 3: Identify and Implement Security Controls
- Technical Controls
- Physical Controls
- Administrative Controls
- Assessing Compliance
- Periodic Audit and Review
Module 4: Document and Maintain Functional Security Controls
- Deterrent Controls
- Preventative Controls
- Detective Controls
- Corrective Controls
- Compensating Controls
Module 5: Participate in Asset Management Lifecycle
- Process, Planning, Design, and Initiation
- Development/Acquisition
- Inventory and Licensing
- Operation/Maintenance
- Archiving and Retention Requirements
- Disposal and Destruction
Module 6: Participate in Change Management Lifecycle
- Change Management
- Security Impact Analysis
- Configuration Management (CM)
Module 7: Participate in Implementing Security Awareness and Training
Module 8: Collaborate with Physical Security Operations
- Overview
- Data Centre Assessment
- Badging
Domain 2: Access Controls
Module 9: Implement and Maintain Authentication Methods
- Single/Multi-factor Authentication (MFA)
- Single Sign-On (SSO)
- Device Authentication
- Federated Access
Module 10: Support Internetwork Trust Architectures
- Trust Relationships
- Internet, Intranet, Extranet
- Third Party Connections
Module 11: Participate in the Identity Management Lifecycle
- Authorisation
- Proofing
- Provisioning/ De-provisioning
- Maintenance
- Entitlement
- Identity and Access Management (IAM) System
Module 12: Understand and Apply Access Controls
- Mandatory
- Discretionary
- Role Based
- Rule Based
Domain 3: Risk Identification, Monitoring, and Analysis
Module 13: Understand the Risk Management Process
- Risk Visibility and Reporting
- Risk Management Concepts
- Risk Management Frameworks
- Risk Tolerance
- Risk Treatment
Module 14: Understand Legal and Regulatory Concerns
Module 15: Participate in Security Assessment and Vulnerability Management Activities
- Security Testing
- Risk Review
- Vulnerability Management Lifecycle
Module 16: Operate and Monitor Security Platforms
- Source System
- Event of Interest
- Log Management
- Event Aggregation and Correlation
Module 17: Analyse Monitoring Results
- Security Baseline and Anomalies
- Visualisation, Metrics, and Trends
- Event Data Analysis
- Document and Communicate Findings
Domain 4: Incident Response and Recovery
Module 18: Support Incident Lifecycle
- Preparation
- Detection, Analysis, Escalation
- Containment
- Eradication
- Recovery
- Lesson Learned/ Implementation of New Countermeasure
Module 19: Understand and Support Forensic Investigations
- Legal and Ethical Principles
- Evidence Handling
- Reporting of Analysis
Module 20: Understand and Support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
- Emergency Response Plans and Procedures
- Interim or Alternative Processing Strategies
- Restoration Planning
- Backup and Redundancy Implementation
- Testing and Drills
Domain 5: Cryptography
Module 21: Understand Cryptography
- Confidentiality
- Integrity and Authenticity
- Data Sensitivity
- Regulatory and Industry Best Practice
Module 22: Apply Cryptography Concepts
- Hashing
- Salting
- Symmetric/Asymmetric Encryption/Elliptic Curve Cryptography (ECC)
- Non-Repudiation
- Strength of Encryption Algorithms and Keys
- Cryptographic Attacks Cryptanalysis and Countermeasures
Module 23: Understand and Implement Secure Protocols
- Services and Protocols
- Common Use Cases
- Limitations and Vulnerabilities
Module 24: Understand Public Key Infrastructure (PKI)
- Fundamental Key Management Concepts
- Web of Trust
Domain 6: Network and Communication Security
Module 25: Understand and Apply Fundamental Concepts of Networking
- Open System Interconnections and Transmission Control Protocol/Internet Protocol Models
- Network Topologies
- Network Relationships
- Transmission Media Types
- Software-defined Networking (SDN)
- Commonly Used Ports and Protocols
Module 26: Understand Network Attacks
Module 27: Manage Network Access Controls
- Network Access Controls, Standards and Protocols
- Remote Access Operation and Configuration
Module 28: Manage Network Security
- Logical and Physical Placement of Network Devices
- Segmentation
- Secure Device Management
Module 29: Operate and Configure Network-based Security Devices
- Firewalls and Proxies
- Network Intrusion Detection/Prevention Systems
- Routers and Switches
- Routers and Switches
- Traffic Shaping Devices
Module 30: Secure Wireless Communications
- Technologies
- Authentication and Encryption Protocols
- Internet of Things (IOT)
Domain 7: Systems and Application Security
Module 31: Identity and Analyse Malicious Code and Activity
- Malware
- Malware Countermeasures
- Malicious Activity
- Malicious Activity Countermeasures
Module 32: Implement and Operate Endpoint Device Security
- Host-Based Intrusion Prevention System (HIPS)
- Host-Based Firewalls
- Application Whitelisting
- Endpoint Encryption
- Trusted Platform Module (TPM)
- Secure Browsing
- Endpoint Detection and Response (EDR)
Module 33: Administer Mobile Device Management (MDM)
- Provisioning Techniques
- Containerisation
- Encryption
- Mobile Application Management (MAM)
Module 34: Understand and Configure Cloud Security
- Deployment Models
- Service Models
- Virtualisation
- Legal and Regulatory Concerns
- Data Storage, Processing, and Transmission
- Third Party/Outsourcing Requirements
- Shared Responsibility Model
Module 35: Operate and Maintain Secure Virtual Environments
- Hypervisor
- Virtual Appliances
- Containers
- Continuity and Resilience
- Attacks and Countermeasures
- Shared Storage