(SSCP) Systems Security Certified Practitioner, 2nd Edition

(SSCP) Systems Security Certified Practitioner, 2nd Edition

by Michael Gregg
Released October 2022
Publisher(s): Pearson
ISBN: 0137646763

Watch it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

15 hours of video instruction to learn everything you need to know about the Systems Security Certified Practitioner (SSCP) certification exam. Includes the new content covering the 2022 update.

Overview

SSCP (Systems Security Certified Practitioner) Complete Video Course provides 15 hours of comprehensive video that teaches you everything you need to know to get up and running with systems security. The content in this title has been updated to include coverage of the all-new topics in the 2022 exam release. The (ISC)2 SSCP exam is a solid introductory certification in IT security, and this comprehensive video course walks you through every topic on the exam blueprint so you can learn about system security from the ground up and gain the knowledge and skills you need to pass the SSCP exam. Full of live trainer discussions, hands-on demos, whiteboard work, and deep-dive discussions, this course covers security fundamentals and principles in a way that is easy to access.

This video course covers every objective in the SSCP certification exam so you can use it as a complete study tool to pass the test, including the updates in the 2022 exam release, along with the knowledge and skills you need to advance your cybersecurity career. The (ISC)2 SSCP exam is a vendor-neutral world-recognized certification that endorses your IT security knowledge. It is also a great way to start your path toward CISSP certification, which is the next step through (ISC)2.

Topics include

  • Access controls
  • Security operations and administration
  • Risk identification, monitoring, and analysis
  • Incident response and recovery
  • Cryptography
  • Network and communications security
  • Systems and application security

About the Instructor

As the CEO of Superior Solutions, Inc., a Houston-based IT security consulting and auditing firm, Michael Gregg has more than 20 years of experience in information security and risk management. He holds two associate’s degrees, a bachelor’s degree, and a master’s degree. Some of the certifications he holds include CISSP, SSCP, MCSE, CTT+, A+, N+, Security+, CASP, CCNA, GSEC, CEH, CHFI, CEI, CISA, CISM, and CGEIT.

In addition to his experience with performing security audits and assessments, Gregg has authored or coauthored more than 20 books, including Certified Ethical Hacker Exam Prep (Que), CISSP Exam Cram 2 (Que), and Security Administrator Street Smarts (Sybex). He has testified before US Congress, his articles have been published on IT websites, and he has been sourced as an industry expert for CBS, ABC, CNN, Fox News and the New York Times. He has created more than 15 security-related courses and training classes for various companies and universities. Although audits and assessments are where he spends the bulk of his time, teaching and contributing to the written body of IT security knowledge are how Michael believes he can give something back to the community that has given him so much.

He is a board member for Habitat for Humanity and when not working, Michael enjoys traveling and restoring muscle cars.

Skill Level

  • Beginner

What You Will Learn

  • Key concepts for all the objectives on the SSCP exam
  • Security and cybersecurity fundamentals and principles

Who Should Take This Course

The target audience for this course consists of systems/network/application security professionals who are preparing for the SSCP exam. A secondary audience consists of any IT professional who wants to gain a broad understanding of how to secure modern enterprises.

Course Requirements

There are no prerequisites for this course, although fundamental networking knowledge is recommended.

About LiveLessons Video Training

LiveLessons Video Training series publishes hundreds of hands-on, expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. This professional and personal technology video series features world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, IBM Press, Pearson IT Certification, Sams, and Que. Topics include IT Certification, Programming, Web Development, Mobile Development, Home and Office Technologies, Business and Management, and more. View all LiveLessons on InformIT at http://www.informit.com/livelessons.

Table of contents

  1. Introduction
    1. Systems Security Certified Practitioner (SSCP): Introduction
  2. Module 1: Security Operations and Administration
    1. Module introduction
  3. Lesson 1: Fundamental Security Concepts
    1. Learning objectives
    2. 1.1 (ISC)² Code of Ethics
    3. 1.2 Understand Security Concepts
    4. 1.3 Identify and Implement Security Controls
    5. 1.4 Document and Maintain Functional Security Controls
  4. Lesson 2: Security Management Lifecycles
    1. Learning objectives
    2. 2.1 Initiation and Development or Acquisition Phases
    3. 2.2 Implementation and Operation Phases
    4. 2.3 Archiving and Disposal Phases
    5. 2.4 Change and Configuration Management
  5. Lesson 3: Security Awareness and Training
    1. Learning objectives
    2. 3.1 Security Training During Onboarding
    3. 3.2 Continual Security Awareness
    4. 3.3 Security Education for the Enterprise
  6. Lesson 4: Collaborate with Physical Security Operations
    1. Learning objectives
    2. 4.1 Defense-in-Depth
    3. 4.2 Campus Physical Security
    4. 4.3 Facility Physical Security
    5. 4.4 Operational Physical Security
  7. Module 2: Practical Cryptography
    1. Module introduction
  8. Lesson 5: Cryptography Use Cases
    1. Learning objectives
    2. 5.1 The CIAN Model
    3. 5.2 Data Sensitivity Cases
    4. 5.3 Regulatory Use Cases
  9. Lesson 6: Applied Cryptographic Concepts
    1. Learning objectives
    2. 6.1 Cryptographic Hashing and HMACs
    3. 6.2 Salt and Pepper
    4. 6.3 Symmetric vs. Asymmetric Cryptosystems
    5. 6.4 Digital Signatures
    6. 6.5 Strength of Encryption Algorithms and Keys
    7. 6.6 Cryptographic Attacks and Cryptanalysis
  10. Lesson 7: Public Key Infrastructure
    1. Learning objectives
    2. 7.1 Web of Trust
    3. 7.2 Digital Certificates
    4. 7.3 Internet PKI
    5. 7.4 Fundamental Key Management Concepts
  11. Lesson 8: Understand Secure Protocols
    1. Learning objectives
    2. 8.1 Services and Protocols
    3. 8.2 Common Use Cases
    4. 8.3 Limitations and Vulnerabilities
  12. Module 3: Access Controls
    1. Module introduction
  13. Lesson 9: Implement and Maintain Authentication Methods
    1. Learning objectives
    2. 9.1 Single/Multi-factor Authentication (MFA)
    3. 9.2 Single Sign-on (SSO) and Federated Access
    4. 9.3 Device Authentication
  14. Lesson 10: Support Internetwork Trust Architectures
    1. Learning objectives
    2. 10.1 Trust Relationships
    3. 10.2 Internet, Intranet, and Extranet
    4. 10.3 Third-party Connections
  15. Lesson 11: The Identity Management Lifecycle
    1. Learning objectives
    2. 11.1 Authorization and Proofing
    3. 11.2 Provisioning and De-Provisioning
    4. 11.3 Maintenance and Entitlement
    5. 11.4 Identity and Access Management (IAM) Systems
  16. Lesson 12: Understand and Apply Access Controls
    1. Learning objectives
    2. 12.1 Mandatory Access Controls (MAC)
    3. 12.2 Discretionary Access Controls
    4. 12.3 Role-Based Access Controls (RBAC)
    5. 12.4 Rule-Based Access Controls (ACLs)
  17. Module 4: Risk Identification, Monitoring and Analysis
    1. Module introduction
  18. Lesson 13: The Risk Management Process
    1. Learning objectives
    2. 13.1 Risk Management Concepts and Terminology
    3. 13.2 Risk Treatment and Tolerance
    4. 13.3 Qualitative vs. Quantitative Risk Analysis
    5. 13.4 Risk Management Frameworks
    6. 13.5 Regulatory and Legal Concerns
  19. Lesson 14: Vulnerability Assessment and Management
    1. Learning objectives
    2. 14.1 Vulnerability Management Lifecycle
    3. 14.2 Vulnerability Assessment Tools and Methods
    4. 14.3 Security Testing and Risk Review
  20. Lesson 15: Security Testing and Risk Review
    1. Learning objectives
    2. 15.1 Source Systems
    3. 15.2 Events of Interest
    4. 15.3 Log Management
    5. 15.4 Event Aggregation and Correlation
  21. Lesson 16: Risk Identification, Monitoring, and Analysis
    1. Learning objectives
    2. 16.1 Security Baselines and Anomalies
    3. 16.2 Visualizations, Metrics, and Trends
    4. 16.3 Document and Communicate Findings
  22. Module 5: Network and Communications Security
    1. Module introduction
  23. Lesson 17: Fundamental Networking Concepts
    1. Learning objectives
    2. 17.1 OSI and TCP/IP Reference Models
    3. 17.2 Network Topologies and Relationships
    4. 17.3 Commonly Used Ports and Protocols
    5. 17.4 Transmission Media Types
    6. 17.5 Software-Defined Networking (SDN)
  24. Lesson 18: Network Attacks
    1. Learning objectives
    2. 18.1 Spoofing and Flooding
    3. 18.2 Denial of Service and Botnets
    4. 18.3 MitM and Poisoning
    5. 18.4 Wireless Attacks
  25. Lesson 19: Network Access Controls
    1. Learning objectives
    2. 19.1 RADIUS and TACACS+
    3. 19.2 IEEE 802.1x PNAC
    4. 19.3 Remote Access Security
    5. 19.4 IPsec v4 and v6
  26. Lesson 20: Manage Network Security
    1. Learning objectives
    2. 20.1 Security Device Placement
    3. 20.2 Zoning and Segmentation
    4. 20.3 Secure Routers
    5. 20.4 Secure Switches
  27. Lesson 21: Network Security Device Operation
    1. Learning objectives
    2. 21.1 Firewalls and Proxies
    3. 21.2 IDS and IPS
    4. 21.3 Traffic Shaping
  28. Lesson 22: Secure Wireless Communication
    1. Learning objectives
    2. 22.1 Survey of Wireless Technologies
    3. 22.2 Authentication and Encryption Protocols
    4. 22.3 Internet of Things (IoT)
  29. Module 6: Systems and Application Security
    1. Module introduction
  30. Lesson 23: Identify Malicious Code and Actions
    1. Learning objectives
    2. 23.1 Survey of Malware
    3. 23.2 Malware Countermeasures
    4. 23.3 Survey of Malicious Exploits and Activity
    5. 23.4 Malware Activity Countermeasures
    6. 23.5 Social Engineering and Countermeasures
  31. Lesson 24: Implement Endpoint Security
    1. Learning objectives
    2. 24.1 HIPS and Host-based Firewalls
    3. 24.2 Endpoint Encryption and TPM
    4. 24.3 Secure Browsers
    5. 24.4 Endpoint Detection and Response (EDR)
  32. Lesson 25: Enterprise Mobility Management (EMM)
    1. Learning objectives
    2. 25.1 MDM vs. MAM
    3. 25.2 Provisioning Techniques
    4. 25.3 Containerization and Encryption
    5. 25.4 Mobile Application Management (MAM)
  33. Lesson 26: Cloud Security
    1. Learning objectives
    2. 26.1 Service and Deployment Models
    3. 26.2 Legal and Regulatory Concerns
    4. 26.3 Data Storage, Processing, and Transmission
    5. 26.4 Third-party and Outsourcing Requirements
  34. Lesson 27: Operate Secure Virtual Environments
    1. Learning objectives
    2. 27.1 Types of Hypervisors
    3. 27.2 Containers
    4. 27.3 Virtual Appliance Continuity and Resilience
    5. 27.4 Attacks and Countermeasures
  35. Module 7: Incident Response and Recovery
    1. Module introduction
  36. Lesson 28: Incident Response Lifecycle
    1. Learning objectives
    2. 28.1 Preparation
    3. 28.2 Detection, Analysis, and Escalation
    4. 28.3 Containment and Eradication
    5. 28.4 Recovery and Lessons Learned
  37. Lesson 29: Forensic Investigations
    1. Learning objectives
    2. 29.1 Legal and Ethical Principles
    3. 29.2 Evidence Handling
    4. 29.3 Reporting of Analysis
  38. Lesson 30: Business Continuity Planning
    1. Learning objectives
    2. 30.1 Business Impact Analysis (BIA)
    3. 30.2 Backup, Redundancy, and Restoration
    4. 30.3 Disaster Recovery Planning (DRP)
    5. 30.4 Testing and Drills
  39. Summary
    1. Systems Security Certified Practitioner (SSCP): Summary

Product information

  • Title: (SSCP) Systems Security Certified Practitioner, 2nd Edition
  • Author(s): Michael Gregg
  • Release date: October 2022
  • Publisher(s): Pearson
  • ISBN: 0137646763