(ISC)² Systems Security Certified Practitioner (SSCP)

Course 1 - Introducing Security and Aligning Asset Management to Risk Management

In this course, we're going to start by discussing the security concepts, identifying corporate assets, and discussing the risk management process. Course 1 Learning Objectives After completing this course, the participant will be able to:  L1.1 - Classify information security and security concepts.   L1.2 - Summarize components of the asset management lifecycle.  L1.3 - Identify common risks and vulnerabilities.  L1.4 - Provide examples of appropriate risk treatment.  Course Agenda Module 1: Understand Security Concepts (Domain 1 - Security Operations and Administration) Module 2: Participate in Asset Management (Domain 1 - Security Operations and Administration) Module 3: Understand the Risk Management Process (Domain 3 - Risk Identification, Monitoring and Analysis) Module 4: Understand the Risk Treatment Process (Domain 3 - Risk Identification, Monitoring and Analysis) Who Should Take This Course: Beginners Experience Required: No prior experience required

Course 2: Understanding Risk Management Options and the Use of Access Controls to Protect Assets

In this course, we will focus on understanding risk management options and the use of access controls to protect assets. We will start by examining the basic steps that must be in place to develop a security culture within the organization and impacting policies. We will also look into how to write and use them to enforce security requirements. Then we will move on to the actual business of controlling how our systems, services, resources, and data can be accessed safely by authorized persons. We will also cover access control models like MAC, DAC, RBAC, and conclude the chapter with an examination of both LAN and WAN identity management. Course 2 Learning Objectives After completing this course, the participant will be able to:  L2.1 - Provide examples of the types of functional security controls and policies for identified scenarios.  L2.2 - Classify various access control models.  L2.3 - Identify components of identity management lifecycle.  L2.4 - Recognize access control and authentication methods. Course Agenda Module 1: Document, Implement, and Maintain Functional Security Controls (Domain 1 - Security Operations and Administration) Module 2: Access Controls Models (Domain 1 - Security Operations and Administration, Domain 2 - Access Controls) Module 3: Identity Management Lifecycle (Domain 2 - Access Controls) Module 4: Implement and Maintain Authentication Methods (Domain 2 - Access Controls, Domain 6 - Network and Communication Security) Who Should Take This Course: Beginners Experience Required: No prior experience required

Welcome to Cryptography!

Cryptography is the practice and study of techniques for securing communications in the presence of third parties. You will learn how to protect information in order to ensure its integrity, confidentiality, authenticity, and non-repudiation. You will come out with a basic understanding of cryptographic concepts and how to apply them, implement secure protocols, key management concepts, key administration and validation, and Public Key Infrastructure. Course Objectives 1. Apply the fundamental concepts of cryptography 2. Describe the difference between symmetric and asymmetric cryptography 3. Define the basic requirements for cryptography 4. Identify processes to support secure protocols 5. Describe the process for implementing cryptographic systems 6. Define key management concepts 7. Define Public Key Infrastructure 8. Identify processes for key administration and validation 9. Describe the implementation of secure protocols

Course 4: Securing Software, Data and End Points

Welcome to Course Four. As we know, most attacks against systems involve exploiting vulnerabilities in software that powers hardware. Additionally, attackers may exploit vulnerabilities in the underlying hardware, especially when that hardware is for the protected against being stolen or accessed with unauthorized use, but their real target and all the tax is data. Therefore, it's so critical, the total set of software powering an organization's business logic and processes must be kept secure. As we'll see in this chapter, the software provides a layered environment. Building from a core or kernel of trustworthy functions up through to the mobile code and executable content. This enables and empowers all web apps and remote data access. Security professionals need to appreciate securing software covers two very different, but closely related major tasks. They need to ensure that the Security Posture of that software is known and understood, as well as ensure the software is installed, maintained, and used in ways consistent with Security Posture or improve it over time. As we discussed in the previous chapter, Security Posture is the set of risks, vulnerabilities controls, and residual risks pertaining to an asset or system. We summarize the safety or risk of using an asset and the degree of reliance that can be placed on the results from a specific context or situation. In this course, we'll build on that foundation by looking more closely at how the data can be the target of an attack and part of exploiting other vulnerabilities in the system. We'll explore what security professionals, as non-programmers, can do to reduce the risk of such malformed input attacks. In course two, we also discussed the non-human user concept as a general way to view management and security of devices and software entities to protect those entities from threats to their integrity and to protect the overall system and individual assets from unauthorized behavior by those non-human users. In this chapter, we'll build on those concepts, as we dive into Endpoint Security Issues and Approaches. Course 4 Learning Objectives After completing this course, the participant will be able to:  L4.1 - Discuss software systems and application security. L4.2 - Recognize data security concepts and skills.  L4.3 - Identify malicious code and countermeasures.   L4.4 - Evaluate mobile device management (MDM) and security issues with mobile and autonomous endpoints. L4.5 - Review attacks and countermeasures for virtual machines. Course Agenda Module 1: Securing Software (Domain 1 - Security Operations and Administration, Domain 3 - Risk Identification, Monitoring and Analysis , Domain 7 - Systems and Application Security ) Module 2: Securing Data (Domain 1 - Security Operations and Administration, Domain 7 - Systems and Application Security ) Module 3: Identify and Analyze Malicious Code and Activity (Domain 7 - Systems and Application Security) Module 4: Implement and Operate Endpoint Security (Domain 7 - Systems and Application Security ) Module 5: Operate and Secure Virtual Environments (Domain 7 - Systems and Application Security , Domain 6 - Network and Communications Security)    Who Should Take This Course: Beginners Experience Required: No prior experience required