# # # #

Service Center

ISC2 SSCP Certification Training Courses Live Classes,    

With the increasing growth of the Internet and networks in general being used for business, security is an important issue. A key aspect of business security is controlling which users have access to what resources, and which operations they can perform. The mechanism for controlling these aspects is Access Control. This courses examines how to determine appropriate access controls, architecture models, authentication techniques and access methods. It explains access control systems, their differences and implementations and how they protect services and data.

This certification training course also demonstrates attack methods used to bypass access control systems and describes account management procedures and key access control concepts. The course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC )2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one year's professional experience in one of the seven SSCP CBK Domains is required for certification.

Training Time
Over 30 Hours

SSCP Certification Training Course Includes
 Full Multi Media Training
 Online Training can be temporarily downloaded to your hard drive for off line viewing
 Interactive Labs and Exercises
 Printable Transcripts of all lessons - no need for books that don't map to the training
 Test Preps- Hundreds of practice exams online
 Certificate of Completion

Course Details
Access Controls

  • Using access control objects and Architecture Models
  • Knowledge and ownership based authentication methods
  • The components of an identity management solution
  • Characteristics-based authentication  and Multifactor authentication methods
  • Advantages of single sign-on systems (SSOs) for authentication
  • How Kerberos is used for authentication
  • Access control methodology to use in a particular situation
  • Security risks and mitigation techniques for virtual platforms
  • Phases of a cloud computing data cycle
  • Authentication technique to use in a particular scenario

Cryptography

  • Principal cryptographic terms
  • Classic modes of operation for block ciphers
  • Uses for stream ciphers and one time pads
  • Digital signatures
  • How to implement a public key infrastructure
  • Implement a Public Key Infrastructure for a particular scenario
  • Types of cryptographic attacks and recognize how algorithms are used
  • Hash algorithm to use
  • Types of secure protocol

Malicious Code

  • Components of CARO-like names
  • Types of malicious code
  • Events in the evolution of malcode
  • Significant events in the emergence of the Internet criminal marketplace
  • Common methods used to spread malcodes
  • Social engineering attacks
  • Methods infection vectors have used to access a system
  • Best practices for implementing a security solution in an enterprise environment
  • Malcode inspection processes
  • Steps for using VMware to test malcode samples
  • Techniques for capturing files from a computer
  • How malcodes and infection vectors attack a computing system

Monitoring and Analysis Part 1

  • Components of a security network to their descriptions
  • Controls to help enforce a security policy
  • Domains of security responsibility
  • SNMP security issues and recommended security solutions
  • Manage a security framework
  • Active and passive monitoring systems
  • Network-based and host-based intrusion detection and prevention systems

Monitoring and Analysis Part 2

  • Vulnerability testing software
  • Methods for protecting hosts
  • Implement advanced firewall testing
  • Internet perimeter systems
  • Monitoring system in an IDS environment
  • Protect hosts\Networks and test them for vulnerability
  • Considerations for planning a penetration test
  • How to exploit systems during a penetration test

Networks and Telecommunications Part 1

  • Layers of the DoD model
  • Match IP addressing methods and security features to examples of their use
  • Common network layer protocols and Attacks
  • Tunneling protocol for a particular scenario
  • Optimize a network level security solution
  • SOHO network solutions
  • WAN solutions and protocols

Networks and Telecommunications Part 2

  • LAN security considerations
  • Clientless VPNs
  • Firewall types and configuration considerations
  • IDS solutions and monitoring techniques
  • Most widely used 802.11 standards
  • Best practices for deploying wireless APs and recognize WLAN security vulnerabilities
    WiMAX implementations
  • Bluetooth connections and mobile networks
  • RFID and NFC security issues
  • Secure the seven domains of an IT infrastructure
  • Optimize an enterprise environment WLAN security infrastructure

Security Operations and Administration Part 1

  • Security architecture design best practices
  • PDCA improvement cycle for an ISMS
  • The ISO/SEC 27002 security standards framework
  • How to manage identity and access and privileged user accounts
  • Appropriate measures for managing identify, access and privileged accounts and selecting an MSSP
  • Phases of a policy life cycle
  • The importance of well documented security procedures
  • The main responsibilities of a security officer in the security plan development process
    Security policies and standards

Security Operations and Administration Part 2

  • Methods for maintaining confidential information security
  • Techniques for restricting sensitive data access
  • Management policy considerations
  • Destroying magnetic media
  • Keys to handling sensitive data
  • Data leakage prevention strategies
  • Common methods for deploying software applications
  • Common vulnerabilities of web applications
  • Guidelines for protection against web vulnerabilities
  • Data and information security program
  • Application development process

Security Operations and Administration Part 3

  • Learn to implement a release management policy
  • Evaluate an information system for certification and accreditation with appropriate EAL levels
  • Discover the software certification and accreditation process
  • Appropriate configuration management techniques
  • Steps of the patch management process
  • Important endpoint security management solutions and considerations
  • Use metrics to measure security performance
  • Success factors for security awareness programs
  • Application deployment security measures analysis
  • Endpoint security and security awareness

Risk, Response, and Recovery

  • Risks, threats and vulnerabilities that information technology systems are exposed to
  • Risk management concepts
  • Factors for improving a risk management system
  • Appropriate risk limitation controls
  • Security incident detection and analysis process
  • Security incident containment and eradication process
  • Gathering and handling evidence
  • Risk assessment methodology
  • Learn to determine proper risk and incident handling methods
  • Business impact analysis process
  • Impact analysis concepts
  • Select a disaster recovery site
  • Disaster recovery planning
  • Testing methodologies of a disaster plan
  • Data backup rotation schedules
  • High-availability and load-balancing clustering
  • Appropriate RAID levels
  • Disaster planning process optimization
  • Analyze a data backup and restoration methodology