The (ISC)2?? SSCP?? CBK?? Review Seminar Training Class

• Prepare for SSCP Certification based on the (ISC)² CBK
• Identify the access control standards and procedures that define users and user rights
• Explore security operations and administration policies that maintain confidentiality and availability
• Examine the risk, response and recovery processes essential for identifying and controlling information loss
• Recognize the cryptography principles for disguising information and ensuring information integrity
• Review core elements of network security including network structures and transmission methods

Introduction

• Overview of (ISC)² and the exam process
• Introduction to the AIC (availability, integrity, confidentiality) triad

Access Controls

Access control principles

• Least privilege, need to know, separation of duties
• Methods of identification and registration process
• User account maintenance and identity management

Hardening of systems

• Levels of access: system/desktop/network/data
• Patches and updates, ports, protocols
• Physical access controls: environmental controls
• Authentication: three factors of authentication
• Directories: LDAP, Active Directory, X.500, Kerberos
• IDS and IPS: monitoring and implementation
• Firewalls: circuit, stateful inspection, packet filtering
• Anti-virus: signature/heuristics/anomaly

Security Operations and Administration

Security administration

• Event logging: SYSLOG, log protection and analysis
• Information classification: compliance monitoring
• Managed security service provider for secured outsourcing
• Change management and configuration management
• Systems development: SDLC, security design and implementation
• Evaluation: penetration testing, vulnerability assessments

User Security Awareness

• Code of Ethics: Personal, corporate, professional ethics
• Certification and Accreditation: Purpose and process of certification
• Facility and Power Management: Equipment protection, UPS, generators, surge protectors

Analysis and Monitoring

• Audits: compliance and monitoring/social engineering
• Log management: correlation/clipping levels
• Monitoring systems: central management, retention periods for logs
• Secure configurations: password cracking, war driving, war dialing, unauthorized changes

Risk, Response, and Recovery

Risk management process and incident handling

• Risk assessment, risk mitigation, risk acceptance, SLE, ALE, ARO and countermeasures
• Security assessments: network scanning
• Response process, isolating networks, chain of evidence

Business Continuity

• Disaster recovery: definitions and tests
• Backups: SANS, RAID, fault-tolerant systems, frequency

Cryptography

Definitions

• Algorithms: symmetric/asymmetric ciphers and stream/block
• Business and security requirements
• Non-repudiation, confidentiality, integrity, authentication
• Certificates: X.509, PKCS, trust models, PKI
• Key recovery, generation, distribution, negotiation

Cryptographic Implementations

• Secure protocols: IPSEC, SSL, SSH
• Cryptanalysis: plaintext/cipher-based attacks
• Message inte
  Workshop Course
  Throughout this course, you get an in-depth review of the seven SSCP domains as outlined by the (ISC)² CBK. Workshops include:
  • Reviewing the seven SSCP domains including access controls, network security and cryptography
  • Uncovering areas to further develop and expand your exam preparedness
  • Investigating the latest information-system security issues, concerns and countermeasures
  • Reinforcing key areas of the CBK through numerous review sessions