SSCP (Systems Security Certified Practitioner)

SSCP (Systems Security Certified Practitioner)

by Michael J. Shannon
Released August 2017
Publisher(s): Pearson
ISBN: 0134838483

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

14 hours of video instruction to learn everything you need to know about the Systems Security Certified Practitioner (SSCP) certification exam.

Overview
SSCP (Systems Security Certified Practitioner) Complete Video Course provides 14 hours of comprehensive video that teaches you everything you need to know get up and running with systems security. (ISC)2’s SSCP exam is a solid introductory certification in IT security and this comprehensive video course walks you through every topic on the exam blueprint so you can learn about system security from the ground up and also gain the knowledge and skills you need to pass the SSCP exam. Full of live trainer discussions, hands-on demos, whiteboard work, and deep dive discussions, this course covers security fundamentals and principles in a way that is easy to access.

Description
SSCP (Systems Security Certified Practitioner) Complete Video Course is a unique video product that teaches you the fundamentals of system security while also covering every objective in the SSCP certification exam so you can learn everything needed to pass the test and also the knowledge and skills you need to advance your cybersecurity career. The (ISC)2 SSCP exam is a vendor neutral world-recognized certification that endorses your IT security knowledge. It is also the a great way to start your path toward CISSP certification, which is the next step through (ISC)2.

The video lessons in this course review each exam objective, so you can use it as a complete study tool for taking the SSCP exam.

Topics include:

  • Access Controls
  • Security Operations and Administration
  • Risk Identification, Monitoring and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security

About the Instructor
Michael J Shannon began his IT career when he transitioned from a recording studio engineer to network technician for a major telecommunications company in the early 90’s. He soon began to focus on security and was one of the first 10 people to attain the HIPAA Certified Security Specialist. Throughout his 30 years in IT he has worked as an employee, contractor, trainer and consultant for a number of companies including Platinum Technologies, Fujitsu, IBM, State Farm, Pearson, MindSharp, Thomson/NetG, and Skillsoft among others. Mr. Shannon has authored several books, training manuals, published articles, and produced dozens of CBT titles over the years as well. For security purposes, he has attained the CISSP, CCNP Security, SSCP, Security+, and ITIL Intermediate SO and RCV certifications. He is also a licensed insurance agent specializing in cyber insurance on behalf of large insurers and numerous companies throughout Texas.

Skill Level
Beginning

What You Will Learn

  • Key concepts for all the objectives on the SSCP exam
  • Security and cybersecurity fundamentals and principles

Who Should Take This Course
The target audience for this course consists of systems/network/application security professionals that are preparing for the SSCP Exam. A secondary audience consists of any IT professional who wants to gain a broad understanding of how to secure modern enterprises.

Table of Contents
Module 1: Security Operations and Administration
Lesson 1: Overview of SSCP and the (ISC)2 Code of Ethics
Lesson 2: Security Terminology and Policy
Lesson 3: Security Administration

Module 2: Risk Identification, Monitoring and Analysis
Lesson 4: Risk Management and Assessment
Lesson 5: Security Operations
Module 3: Access Controls
Lesson 6: Access Controls (Part 1)
Lesson 7: Access Controls (Part 2)

Module 4: Network and Communications Security
Lesson 8: Types of Attacks
Lesson 9: Network Protocols and Services
Lesson 10: Infrastructure Device Protection
Lesson 11: Overview of Security Devices
Lesson 12: Wireless Technology and Security

Module 5: Cryptography
Lesson 13: Cryptography (Part 1)
Lesson 14: Cryptography (Part 2)

Module 6: Systems and Application Security
Lesson 15: Malware Threats
Lesson 16: Identifying Malware and IoCs
Lesson 17: Endpoint Security
Lesson 18: Systems and Application Security

Module 7: Incident Response and Recovery
Lesson 19: Incident Response and Recovery
Lesson 20: Exam Tips and Techniques

About LiveLessons Video Training
LiveLessons Video Training series publishes hundreds of hands-on, expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. This professional and personal technology video series features world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, IBM Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include IT Certification, Programming, Web Development, Mobile Development, Home and Office Technologies, Business and Management, and more. View all LiveLessons on InformIT at http://www.informit.com/livelessons.

Table of contents

  1. Introduction
    1. SSCP (Systems Security Certified Practitioner): Introduction
  2. Module 1: Security Operations and Administration
    1. Module Introduction
  3. Lesson 1: Overview of SSCP and the (ISC)2 Code of Ethics
    1. Learning objectives
    2. 1.1 Who Is (ISC)2?
    3. 1.2 The Systems Security Certified Practitioner (SSCP) Certification
    4. 1.3 SSCP Exam Overview
    5. 1.4 (ISC)2 Code of Ethics
    6. Summary
  4. Lesson 2: Security Terminology and Policy
    1. Learning objectives
    2. 2.1 The Threat Landscape
    3. 2.2 Risks and Vulnerabilities
    4. 2.3 Threats and Threat Agents
    5. 2.4 Motivations and Means
    6. 2.5 Indicators of Compromise (IOCs)
    7. 2.6 Countermeasures and Mitigation
    8. 2.7 The Security Triad
    9. 2.8 The Written Security Policy
    10. Summary
  5. Lesson 3: Security Administration
    1. Learning objectives
    2. 3.1 Asset Management
    3. 3.2 Change Management
    4. 3.3 Configuration Management
    5. 3.4 Security Impact Assessment
    6. 3.5 Security Awareness and Training
    7. 3.6 Physical Security Operations
    8. 3.7 AUP Policy Enforcement
    9. Summary
  6. Module 2: Risk Identification, Monitoring and Analysis
    1. Module Introduction
  7. Lesson 4: Risk Management and Assessment
    1. Learning objectives
    2. 4.1 Risk Management Concepts
    3. 4.2 Handling Risk
    4. 4.3 Qualitative Risk Assessment
    5. 4.4 Quantitative Risk Assessment
    6. 4.5 Risk Visibility and Reporting
    7. 4.6 Auditing Findings for Continual Improvement
    8. Summary
  8. Lesson 5: Security Operations
    1. Learning objectives
    2. 5.1 Importance of Continuous Monitoring
    3. 5.2 Syslog
    4. 5.3 SNMPv3
    5. 5.4 NetFlow
    6. 5.5 Security Analytics, Metrics and Trends
    7. 5.6 Visualization
    8. 5.7 Event Data Analysis
    9. 5.8 Communicating Findings
    10. Summary
  9. Module 3: Access Controls
    1. Module Introduction
  10. Lesson 6: Access Controls (Part 1)
    1. Learning objectives
    2. 6.1 AAA Defined
    3. 6.2 Authentication Factors
    4. 6.3 Internetwork Trust Architectures
    5. 6.4 Trust Relationships
    6. 6.5 Subject-based versus Object-based
    7. 6.6 MAC versus DAC
    8. 6.7 Role-based and Attribute-based
    9. 6.8 Identity Management Lifecycle
    10. Summary
  11. Lesson 7: Access Controls (Part 2)
    1. Learning objectives
    2. 7.1 IEEE 802.1X
    3. 7.2 802.1AE MAC Security
    4. 7.3 RADIUS
    5. 7.4 TACACS+
    6. 7.5 Network Admission Control
    7. 7.6 Remote-Access Teleworkers
    8. 7.7 IPSec VPN
    9. 7.8 SSL/TLS VPN
    10. Summary
  12. Module 4: Network and Communications Security
    1. Module Introduction
  13. Lesson 8: Types of Attacks
    1. Learning objectives
    2. 8.1 Social Engineering
    3. 8.2 Spoofing
    4. 8.3 Denial-of-Service and DDoS
    5. 8.4 Botnets
    6. 8.5 ZeroDay Attacks and APTs
    7. 8.6 Buffer Overflow and Injection
    8. 8.7 Reflection and Amplification
    9. 8.8 Poisoning
    10. 8.9 Phishing, Pharming, and Spam
    11. 8.10 Hijacking
    12. Summary
  14. Lesson 9: Network Protocols and Services
    1. Learning objectives
    2. 9.1 The OSI Model
    3. 9.2 The TCP/IP Model
    4. 9.3 Physical Topologies
    5. 9.4 Logical Topologies
    6. 9.5 Common Protocols and Services
    7. 9.6 Physical Security
    8. 9.7 Securing Layers 2-4
    9. 9.8 Securing Layers 5-7
    10. Summary
  15. Lesson 10: Infrastructure Device Protection
    1. Learning objectives
    2. 10.1 Overview of Network Infrastructure Protection
    3. 10.2 Hardening the Device Planes
    4. 10.3 Types of Security Controls
    5. 10.4 Categories of Security Controls
    6. 10.5 Segmentation and Zoning
    7. 10.6 Secure Device Management
    8. 10.7 Device Protection Best Practices
    9. Summary
  16. Lesson 11: Overview of Security Devices
    1. Learning objectives
    2. 11.1 Security Router
    3. 11.2 Security Switches
    4. 11.3 Firewalls
    5. 11.4 Proxies
    6. 11.5 NIDS and NIPS
    7. 11.6 VPN Gateways
    8. 11.7 Content Security Appliances
    9. 11.8 Traffic-shaping Devices
    10. Summary
  17. Lesson 12: Wireless Technology and Security
    1. Learning objectives
    2. 12.1 Overview of Wireless Technology
    3. 12.2 Transmission Security
    4. 12.3 Common Wireless Attacks
    5. 12.4 Basic Countermeasures
    6. 12.5 Wireless Infrastructure Devices
    7. 12.6 Protecting Wireless Endpoints
    8. Summary
  18. Module 5: Cryptography
    1. Module Introduction
  19. Lesson 13: Cryptography (Part 1)
    1. Learning objectives
    2. 13.1 Introduction to Cryptology
    3. 13.2 Ciphers
    4. 13.3 Block versus Stream Ciphers
    5. 13.4 Encryption
    6. 13.5 Symmetric Key Systems
    7. 13.6 Asymmetric Key Systems
    8. 13.7 Hashing and Integrity
    9. Summary
  20. Lesson 14: Cryptography (Part 2)
    1. Learning objectives
    2. 14.1 Key Management
    3. 14.2 Digital Signatures
    4. 14.3 Web of Trust
    5. 14.4 Public Key Infrastructure
    6. 14.5 X.509v3 Certificates
    7. 14.6 CA Trusts and Certificate Chaining
    8. 14.7 Expiration, Revocation and Suspension
    9. 14.8 Implementation of Secure Protocols
    10. Summary
  21. Module 6: Systems and Application Security
    1. Module Introduction
  22. Lesson 15: Malware Threats
    1. Learning objectives
    2. 15.1 Viruses
    3. 15.2 Worms
    4. 15.3 Trojan Horse (RATs)
    5. 15.4 Ransomware and Cryptoware
    6. 15.5 Backdoors
    7. 15.6 Logic Bombs
    8. 15.7 Keyloggers
    9. 15.8 Spyware
    10. 15.9 Stegomalware
    11. Summary
  23. Lesson 16: Identifying Malware and IoCs
    1. Learning objectives
    2. 16.1 Identifying Malicious Code
    3. 16.2 Indications of Compromise (IoCs)
    4. 16.3 Survey of Attack Tools and Kits
    5. 16.4 Malicious Code Countermeasures
    6. 16.5 Malicious Activity Countermeasures
    7. Summary
  24. Lesson 17: Endpoint Security
    1. Learning objectives
    2. 17.1 Host-based IDS (HIDS)
    3. 17.2 Personal Security Suites
    4. 17.3 Endpoint Encryption
    5. 17.4 Advanced Endpoint Systems
    6. 17.5 Virtualization and Thin Clients
    7. 17.6 Protecting Detached Storage
    8. 17.7 Secure Browsing
    9. 17.8 Mobile Device Security Management
    10. Summary
  25. Lesson 18: Systems and Application Security
    1. Learning objectives
    2. 18.1 Application Security
    3. 18.2 Mitigating Architecture and Design Vulnerabilities
    4. 18.3 Service Models
    5. 18.4 Data Storage and Transmission
    6. 18.5 Third-party and Outsourcing
    7. 18.6 Virtualization Security Overview
    8. 18.7 Cloud Computing Models
    9. 18.8 Operate and Secure Virtual Environments
    10. 18.9 Securing Big Data Systems
    11. 18.10 Legal and Privacy Concerns
    12. Summary
  26. Module 7: Incident Response and Recovery
    1. Module Introduction
  27. Lesson 19: Incident Response and Recovery
    1. Learning objectives
    2. 19.1 Participating in Incident Handling
    3. 19.2 Incident Handling Lifecycle
    4. 19.3 Supporting Forensic Investigations
    5. 19.4 Understanding BCPs and DRPs
    6. 19.5 Emergency Response
    7. 19.6 Restoration Planning
    8. 19.7 Implementing Backups and Redundancy
    9. 19.8 Testing and Drills
    10. Summary
  28. Summary
    1. SSCP (Systems Security Certified Practitioner): Summary

Product information

  • Title: SSCP (Systems Security Certified Practitioner)
  • Author(s): Michael J. Shannon
  • Release date: August 2017
  • Publisher(s): Pearson
  • ISBN: 0134838483