 |
| |
|
|
| |
|
|
| |
|
|
| |
SSCP
(System Security Certified Professional) |
|
| |
This vendor-neutral certification is offered by:
International Information Systems Security Certification
Consortium (ISC2)
Framingham, MA, USA
Phone: 888-333-4458
Email: info@isc2.org |
|
| |
|
|
| |
 |
Certification
Summary: |
|
| |
For individuals involved in network and systems security
administratration who are responsible for developing the
information security policies, standards, and procedures
and managing their implementation across various hardware
and software programs in their organization. |
|
| |
|
|
| |
|
Initial
requirements: |
|
| |
Must pass the SSCP Certification examination which consists
of 125 multiple-choice questions in the areas of Access
Controls, Administration, Audit and Monitoring, Risk,
Response and Recovery, Cryptography, Data Communications,
and Malicious Code/Malware. Candidates must also subscribe
to the (ISC)2 Code of Ethics and have at least 1 year
of cumulative work experience in one or more of the seven
test domains in information systems [IS] security |
|
| |
|
|
| |
|
Continuing
requirements: |
|
| |
Recertification is required every 3 years, with on-going
requirements for maintaining your credentials in good
standing. This is primarily accomplished through continuing
professional education [CPE] and the earning of 60 CPE
credits every three years. There is also an annual maintenance
fee of $65 per year. |
|
| |
|
|
| |
|
Details: |
|
| |
The SSCP program was developed using guidelines from the
National Commission of Certifying Agencies (NCCA) which
provides the basis for a National Organization for Competency
Assurance (NOCA) certification. The guidelines require
an extensive job delineation study to establish an accurate
definition of the profession and identify the knowledge,
skills and abilities (KSAs) required of its practitioners.
The study identified seven key practice areas which were
further expanded upon to form The Information Systems
Security Administrator Common Body of Knowledge (CBK).
The CBK embodies the commonly held knowledge about the
security administration profession including the terms,
practices, principles, procedures and concepts that make
up the practice. It is the basis for all SSCP training
and testing materials.
|
|
| |
|
|
| |
 |
|
| |
|
Course
outline: |
|
 |
| |
|
An
information systems security administrator is expected
to have knowledge in each of the seven practice areas,
including an understanding of the governing principles,
individual components and applicable technologies used
to implement, monitor and maintain each practice area.
The CBK covers the following seven knowledge areas:
|
|
| |
|
|
|
| |
|
Access
Control |
|
| |
|
The
access controls area includes the mechanisms that allow
a system manager to specify what users and processes can
do, which resources they can access, and what operations
they can perform.
|
|
| |
|
|
|
| |
|
Administration |
|
| |
|
The administration area encompasses the security principles,
policies, standards, procedures and guidelines used to
identify, classify and ensure the confidentiality, integrity
and availability of an organization's information assets.
It also includes roles and responsibilities, configuration
management, change control, security awareness, and the
application of accepted industry practices.
|
|
| |
|
|
|
| |
|
Audit
and Monitoring |
|
| |
|
The
monitoring area includes those mechanisms, tools and facilities
used to identify, classify, prioritize, respond to, and
report on security events and vulnerabilities. The audit
function provides the ability to determine if the system
is being operated in accordance with accepted industry
practices, and in compliance with specific organizational
policies, standards, and procedures. |
|
| |
|
|
|
| |
|
Risk,
Response and Recovery |
|
| |
|
The
risk, response and recovery area encompasses the roles
of a security administrator in the risk analysis, emergency
response, disaster recovery and business continuity processes,
including the assessment of system vulnerabilities, the
selection and testing of safeguards, and the testing of
recovery plans and procedures. It also addresses knowledge
of incident handling include the acquisition, protection
and storage of evidence. |
|
| |
|
|
|
| |
|
Cryptography |
|
| |
|
The
cryptography area addresses the principles, means and
methods used to disguise information to ensure its integrity,
confidentiality, authenticity and non-repudiation. |
|
| |
|
|
|
| |
|
Data
Communications |
|
| |
|
The
data communications area encompasses the structures, transmission
methods, transport formats and security measures used
to provide integrity, availability, authentication and
confidentiality for data transmitted over private and
public communications paths. |
|
| |
|
|
|
| |
|
Malicious
Code |
|
| |
|
The
malicious code area encompasses the principles, means
and methods used by programs, applications and code segments
to infect, abuse or otherwise impact the proper operation
of an information processing system or network. |
|
| |
|
|
|
| |
|
These
seven areas make up the core examination. Specialty examinations
vary in content based on the individual products they
represent. The core examination consists of multiple-choice
questions. The specialty exams consist of scenario type
questions.
|
|
| |
|
|
|
| |
|
|
| |
|
Course
Material |
|
| |
|
CISSP/SSCP Certification at SecureNode includes Hands-on
Lab and exam study guides to fully prepare for the certification
exam and a challenging career in Information Security.
|
|
| |
|
|
|
| |
|
Who
Should Attend
|
|
| |
|
The CISSP certification is meant for IT managers, security
policy writers, network administrators and InfoSec consultants.
All of these groups stand to gain from mastering the wide
range of topics included in the ten domains of the Common
Body of Knowledge. To attend the CISSP class, students
must first qualify to take the CISSP exam by showing 3
years of cumulative experience in one or more of the 10
domains of the common body of knowledge.
|
|
| |
|
|
|
| |
|
Prerequisites: |
|
| |
|
As
of 1/2003, this exam may requires a candidate to have
four year degree in certain cases. Please visit www.isc2.org
for more details. |
|
| |
|
|
|
| |
|
Register
for the Class |
|
| |
|
|
| |
|
Duration:
40 hours |
|
| |
|
|
| |
|
Pricing
: |
|
| |
|
Cost
- $3500
|
|
| |
|
|
| |
|
Contact
for more details : |
|
| |
|
SecureNode
Inc., |
|
| |
|
http://www.securenode.com |
|
| |
|
email:
info@securenode.com |
|
| |
|
Phone:
1-408.292.7700 |
|
