🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
SSCP
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
SSCP ISC2 Coming Soon

SSCP

The SSCP certification course teaches practitioners how to implement, monitor, and administer security operations, access controls, risk analysis, incident response, and cryptography, ensuring robust protection of organizational assets.

180
Minutes
125
Questions
700/1000
Passing Score
$249
Exam Cost

Who Should Take This

Mid‑level IT professionals, such as security analysts, system administrators, or network engineers with at least one year of hands‑on experience in security domains, should enroll to validate their expertise, deepen their practical skills, and advance toward senior security roles and contribute to organizational resilience.

What's Covered

1 All seven domains of the ISC2 Systems Security Certified Practitioner (SSCP) exam: Domain 1 Security Operations and Administration
2 , Domain 2 Access Controls
3 , Domain 3 Risk Identification, Monitoring, and Analysis
4 , Domain 4 Incident Response and Recovery
5 , Domain 5 Cryptography
6 , Domain 6 Network and Communications Security
7 , and Domain 7 Systems and Application Security

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

74 learning goals
1 Domain 1: Security Operations and Administration
3 topics

Security Administration Concepts

  • Identify the components of security governance including policies, standards, procedures, baselines, and guidelines and describe how they form a hierarchical governance framework.
  • Describe the legal and regulatory compliance requirements including GDPR, HIPAA, PCI DSS, SOX, FISMA, and GLBA and identify their applicability to organizational security programs.
  • Apply organizational security policies to implement administrative controls including acceptable use policies, data classification schemes, and security awareness program requirements.
  • Describe the ISC2 Code of Ethics canons and explain how professional ethics obligations apply to security practitioners handling sensitive information and incident response duties.

Asset and Change Management

  • Implement asset management procedures including hardware and software inventory tracking, asset classification, ownership assignment, and lifecycle management from acquisition to disposal.
  • Apply change management processes including request submission, impact assessment, change advisory board review, implementation scheduling, and post-change verification.
  • Implement configuration management controls using baselines, configuration items, CMDBs, and automated compliance scanning to maintain secure system states.
  • Analyze configuration drift reports to identify unauthorized changes, assess security impact, and determine corrective actions to restore compliant baseline configurations.

Security Awareness and Training

  • Implement security awareness training programs that include role-based content, phishing simulations, social engineering recognition, and measurable effectiveness metrics.
  • Evaluate security awareness program effectiveness by analyzing phishing simulation click rates, incident reporting frequency, and training completion metrics to identify improvement areas.
2 Domain 2: Access Controls
3 topics

Access Control Models and Implementation

  • Describe access control models including DAC, MAC, RBAC, ABAC, and rule-based access control and identify the enforcement mechanisms and trust assumptions of each model.
  • Implement role-based access control by defining role hierarchies, assigning permissions to roles, mapping users to roles, and enforcing separation of duties constraints.
  • Apply the principles of least privilege, need-to-know, and separation of duties when configuring user and service account permissions across enterprise systems.
  • Analyze access control policy violations to determine root causes including misconfigured permissions, privilege creep, and inadequate access review processes.

Authentication and Identity Management

  • Implement multi-factor authentication using combinations of knowledge factors, possession factors (hardware tokens, smart cards), and biometric factors (fingerprint, iris, facial recognition).
  • Configure single sign-on (SSO) and federated identity solutions using SAML 2.0, OAuth 2.0, OpenID Connect, and Kerberos protocols for enterprise authentication.
  • Implement identity lifecycle management processes including automated provisioning, periodic access reviews, privilege recertification, and timely deprovisioning upon termination.
  • Evaluate authentication system logs to detect credential-based attacks including brute force, credential stuffing, pass-the-hash, and Kerberoasting attempts.

Privileged Access Management

  • Describe privileged access management (PAM) concepts including privileged account discovery, session recording, just-in-time access, and password vaulting solutions.
  • Implement privileged account controls including administrative account separation, break-glass procedures, credential rotation policies, and session monitoring for elevated access.
3 Domain 3: Risk Identification, Monitoring, and Analysis
4 topics

Risk Assessment and Treatment

  • Identify risk management frameworks including NIST SP 800-37, ISO 27005, OCTAVE, and FAIR and describe the risk assessment methodologies each prescribes.
  • Apply qualitative and quantitative risk analysis techniques including risk matrices, single loss expectancy, annual loss expectancy, and annualized rate of occurrence to prioritize organizational risks.
  • Evaluate risk treatment options — avoidance, mitigation, transfer, and acceptance — to recommend the most cost-effective strategy for a given organizational risk scenario.

Vulnerability Management

  • Implement vulnerability management processes including asset discovery, vulnerability scanning, prioritization using CVSS scores, remediation tracking, and verification scanning.
  • Describe threat intelligence sources including CVE databases, MITRE ATT&CK framework, ISACs, open-source intelligence feeds, and vendor security advisories.
  • Analyze vulnerability scan results to differentiate between true vulnerabilities, false positives, and informational findings and prioritize remediation based on risk context and exploitability.

Security Monitoring and Event Analysis

  • Configure SIEM systems to collect, normalize, correlate, and alert on security events from heterogeneous log sources including servers, firewalls, IDS/IPS, and endpoints.
  • Identify indicators of compromise (IoCs) including unusual network traffic, suspicious file hashes, anomalous login patterns, and command-and-control beacon signatures.
  • Analyze security monitoring data to correlate events across multiple sources, identify attack patterns using kill chain methodology, and determine incident scope and severity.

Penetration Testing and Security Assessment

  • Describe penetration testing methodologies including black-box, white-box, and gray-box approaches and identify the phases of reconnaissance, scanning, exploitation, and reporting.
  • Evaluate penetration test findings to assess the severity of discovered vulnerabilities, validate exploitability, and recommend remediation priorities aligned with organizational risk tolerance.
4 Domain 4: Incident Response and Recovery
3 topics

Incident Response Operations

  • Describe the NIST SP 800-61 incident response lifecycle phases and identify the key activities, roles, and deliverables required at each phase.
  • Implement incident detection and triage procedures including event classification, severity assignment, escalation criteria, and initial containment actions.
  • Apply containment strategies including network isolation, account disabling, system quarantine, and DNS sinkholing to limit the spread of security incidents.
  • Execute eradication and recovery procedures including malware removal, system reimaging, patch deployment, and service restoration with integrity verification.

Forensics and Evidence Handling

  • Describe digital forensics principles including order of volatility, chain of custody, evidence integrity, and the importance of forensic imaging before analysis.
  • Apply evidence collection procedures that preserve chain of custody, maintain forensic integrity using write-blockers and hash verification, and support potential legal proceedings.
  • Analyze post-incident forensic findings to reconstruct attack timelines, identify indicators of compromise, determine root causes, and generate actionable lessons-learned recommendations.

Business Continuity and Disaster Recovery

  • Describe business continuity planning concepts including business impact analysis, maximum tolerable downtime, recovery time objectives, and recovery point objectives.
  • Implement backup and recovery strategies including full, incremental, and differential backups with appropriate rotation schemes, offsite storage, and cloud-based disaster recovery.
  • Evaluate disaster recovery plan testing results from tabletop exercises, functional tests, and full-interruption tests to identify gaps and recommend improvements.
5 Domain 5: Cryptography
3 topics

Cryptographic Concepts and Algorithms

  • Describe symmetric encryption algorithms including AES-128/256, 3DES, and ChaCha20 and identify their key sizes, block modes (CBC, GCM, CTR), and appropriate use cases.
  • Describe asymmetric encryption algorithms including RSA, Diffie-Hellman, DSA, and Elliptic Curve Cryptography and explain key exchange, digital signatures, and key size comparisons.
  • Identify cryptographic hash functions including SHA-256, SHA-3, HMAC, and bcrypt and describe their applications in integrity verification, password storage, and message authentication.
  • Apply cryptographic algorithm selection criteria to choose appropriate symmetric, asymmetric, or hashing algorithms based on security requirements, performance constraints, and compliance mandates.

Public Key Infrastructure

  • Describe PKI components including certificate authorities, registration authorities, certificate revocation lists, OCSP responders, and certificate lifecycle management.
  • Implement digital certificate operations including certificate signing requests, certificate installation, renewal scheduling, and revocation procedures using CRL and OCSP.
  • Analyze PKI trust chain failures to diagnose certificate validation errors including expired certificates, untrusted root CAs, revoked certificates, and name mismatch issues.

Cryptographic Applications

  • Implement data-at-rest encryption using full-disk encryption (BitLocker, LUKS), file-level encryption, and database encryption (TDE) to protect stored sensitive information.
  • Apply cryptographic key management practices including key generation, distribution, storage, rotation, escrow, recovery, and destruction per NIST SP 800-57 guidelines.
6 Domain 6: Network and Communications Security
4 topics

Network Architecture and Security Devices

  • Describe the OSI and TCP/IP network models and identify security-relevant protocols, services, and vulnerabilities at each layer including ARP, IP, TCP, DNS, and HTTP.
  • Implement network security zones using firewalls, DMZs, VLANs, network access control (NAC), and micro-segmentation to enforce defense-in-depth network architecture.
  • Configure intrusion detection and prevention systems including signature-based, anomaly-based, and behavioral detection modes in both network-based (NIDS/NIPS) and host-based (HIDS/HIPS) deployments.
  • Evaluate network security architecture designs to identify segmentation weaknesses, firewall rule misconfigurations, and inadequate monitoring coverage across network zones.

Secure Communication Protocols

  • Implement VPN solutions using IPsec (IKEv2, ESP, AH) and TLS/SSL for site-to-site and remote-access secure communications including split tunneling and full tunnel configurations.
  • Configure TLS/SSL for web services including certificate deployment, cipher suite selection, protocol version enforcement (TLS 1.2+), and HSTS implementation.
  • Implement secure email protocols including S/MIME, PGP, SPF, DKIM, and DMARC to protect email confidentiality, integrity, and sender authentication.

Wireless and Mobile Security

  • Describe wireless security standards including WPA2-Enterprise, WPA3, and 802.1X authentication and identify vulnerabilities in legacy wireless protocols (WEP, WPA-PSK).
  • Implement wireless network security controls including SSID management, rogue AP detection, wireless IDS, and certificate-based authentication for enterprise Wi-Fi deployments.
  • Apply mobile device management (MDM) and mobile application management (MAM) controls including device enrollment, containerization, remote wipe, and app whitelisting policies.

Network Attack Mitigation

  • Identify network-based attacks including DDoS, man-in-the-middle, ARP poisoning, DNS spoofing, BGP hijacking, and SSL stripping and describe their attack vectors and indicators.
  • Analyze network packet captures and flow data to identify ongoing attacks, reconstruct attack sequences, and determine the scope of network compromise.
7 Domain 7: Systems and Application Security
3 topics

Systems Hardening

  • Implement operating system hardening procedures including removing unnecessary services, applying CIS benchmarks, configuring host-based firewalls, and enforcing security baselines.
  • Apply patch management processes including patch identification, testing, prioritization by severity, deployment scheduling, and verification across Windows, Linux, and macOS environments.
  • Implement endpoint protection solutions including antivirus, EDR, host-based IDS/IPS, application whitelisting, and data loss prevention (DLP) agents.
  • Evaluate system hardening effectiveness by comparing current configurations against security baselines, identifying compliance gaps, and recommending remediation priorities.

Application Security

  • Identify common application vulnerabilities from the OWASP Top 10 including injection, broken authentication, XSS, insecure deserialization, and security misconfiguration.
  • Describe secure software development lifecycle (SSDLC) phases including security requirements, threat modeling, secure coding practices, security testing, and secure deployment.
  • Apply web application security controls including input validation, output encoding, parameterized queries, CSRF tokens, content security policies, and secure session management.
  • Analyze application security testing results from SAST, DAST, and SCA tools to prioritize vulnerability remediation based on exploitability, data sensitivity, and business impact.

Cloud and Virtualization Security

  • Describe cloud service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid, community) and identify the shared responsibility model for security in each.
  • Implement cloud security controls including identity federation, encryption of data at rest and in transit, network security groups, and cloud access security broker (CASB) policies.
  • Apply virtualization security practices including hypervisor hardening, VM escape prevention, container security scanning, and virtual network isolation to protect multi-tenant environments.
  • Evaluate cloud security posture by assessing compliance with cloud security benchmarks (CIS), reviewing IAM policies, and analyzing cloud audit logs for security misconfigurations.

Scope

Included Topics

  • All seven domains of the ISC2 Systems Security Certified Practitioner (SSCP) exam: Domain 1 Security Operations and Administration (16%), Domain 2 Access Controls (15%), Domain 3 Risk Identification, Monitoring, and Analysis (15%), Domain 4 Incident Response and Recovery (14%), Domain 5 Cryptography (10%), Domain 6 Network and Communications Security (16%), and Domain 7 Systems and Application Security (14%).
  • Associate-level security operations knowledge including security administration, access control implementation, risk assessment techniques, vulnerability management, incident handling procedures, cryptographic concepts and implementations, network security protocols, and systems hardening practices aligned to SSCP exam objectives.
  • Practical security topics including identity and access management, security monitoring and SIEM operations, vulnerability scanning, penetration testing awareness, business continuity planning, disaster recovery operations, PKI implementation, wireless security, cloud security fundamentals, secure SDLC practices, and endpoint protection.
  • Scenario-based reasoning requiring selection and implementation of appropriate security controls, risk mitigation strategies, incident response procedures, and compliance verification activities.

Not Covered

  • Advanced cryptanalysis, post-quantum cryptography research, and mathematical proofs of cryptographic algorithm security beyond practitioner-level understanding.
  • Enterprise security architecture design, TOGAF-level architecture frameworks, and strategic security program development reserved for CISSP-level certification.
  • Advanced malware reverse engineering, exploit development, and offensive security tool development beyond awareness-level knowledge.
  • Vendor-specific product administration for proprietary SIEM, EDR, or firewall platforms beyond conceptual understanding.
  • Legal proceedings, expert witness testimony protocols, and advanced digital forensic chain-of-custody procedures beyond incident handler awareness.

Official Exam Page

Learn more at ISC2

Visit

SSCP is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

(ISC)²®, CISSP®, CCSP®, SSCP®, CSSLP®, and all (ISC)² certification marks are registered trademarks of (ISC)². (ISC)² does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.