Systems Security Certified Practitioner (SSCP)

Domain 1: Access Controls

• Implement and maintain authentication methods
• Support internetwork trust architectures
• Participate in the identity management lifecycle
• Implement access controls

Domain 2: Security Operations and Administration

• Comply with codes of ethics
• Understand security concepts
• Document, implement, and maintain functional security controls
• Participate in asset management
• Implement security controls and assess compliance
• Participate in change management
• Participate in security awareness and training
• Participate in physical security operations (e.g., data center assessment, badging)

Domain 3: Risk Identification, Monitoring, and Analysis

• Understand the risk management process
• Perform security assessment activities
• Operate and maintain monitoring systems (e.g., continuous monitoring)
• Analyze monitoring results

Domain 4: Incident Response and Recovery

• Support incident lifecycle
• Understand and support forensic investigations
• Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) activities

Domain 5: Cryptography

• Understand fundamental concepts of cryptography
• Understand reasons and requirements for cryptography
• Understand and support secure protocols
• Understand Public Key Infrastructure (PKI) systems

Domain 6: Network and Communications Security

• Understand and apply fundamental concepts of networking
• Understand network attacks and countermeasures (e.g., DDoS, man-in-the-middle, DNS poisoning)
• Manage network access controls
• Manage network security
• Operate and configure network-based security devices
• Operate and configure wireless technologies (e.g., bluetooth, NFC, WiFi)

Domain 7: Systems and Application Security

• Identify and analyze malicious code and activity
• Implement and operate endpoint device security
• Operate and configure cloud security
• Operate and secure virtual environments