Plan obuke
Module 1: Security Operations and Administration
- Comply With Codes Of Ethics
- Understand, Adhere to, and Promote Professional Ethics
(ISC)² Code of Ethics - Organizational Code of Ethics
- Understand Security Concepts
- Conceptual Models for Information Security
- Confidentiality
- Integrity
- Availability
- Accountability
- Privacy
- Nonrepudiation
- Authentication
- Safety
- Fundamental Security Control Principles
- Access Control and Need-to-Know
- Job Rotation and Privilege Creep
- Document, Implement, And Maintain Functional Security
- Controls
- Deterrent Controls
- Preventative Controls
- Detective Controls
- Corrective Controls
- Compensating Controls
- The Lifecycle of a Control
- Participate In Asset Management
- Asset Inventory
- Lifecycle (Hardware, Software, and Data)
- Hardware Inventory
- Software Inventory and Licensing
- Data Storage
- Implement Security Controls And Assess Compliance
- Technical Controls
- Physical Controls
- Administrative Controls
- Periodic Audit and Review
- Participate In Change Management
- Execute Change Management Process
- Identify Security Impact
- Identify Security Impact
- Participate In Security Awareness And Training
- Security Awareness Overview
- Competency as the Criterion
- Build a Security Culture, One Awareness Step at a Time
- Participate In Physical Security Operations
- Physical Access Control
- The Data Center
- Service Level Agreements
Module 2: Access Controls
- Access Control Concepts
- Subjects and Objects
- Privileges: What Subjects Can Do with Objects
- Data Classification, Categorization, and Access Control
- Access Control via Formal Security Models
- Implement And Maintain Authentication Methods
- Single-Factor/Multifactor Authentication
- Accountability
- Single Sign-On
- Device Authentication
- Federated Access
- Support Internetwork Trust Architectures
- Trust Relationships (One-Way, Two-Way, Transitive)
- Extranet
- Third-Party Connections
- Zero Trust Architectures
- Participate In The Identity Management Lifecycle
- Authorization
- Proofing
- Provisioning/Deprovisioning
- Identity and Access Maintenance
- Entitlement
- Identity and Access Management Systems
- Implement Access Controls
- Mandatory vs. Discretionary Access Control
- Role-Based
- Attribute-Based
- Subject-Based
- Object-Based
Module 3: Risk Identification, Monitoring, and Analysis
- Defeating The Kill Chain One Skirmish At A Time
- Kill Chains: Reviewing the Basics
- Events vs. Incidents
- Understand The Risk Management Process
- Risk Visibility and Reporting
- Risk Management Concepts
- Risk Management Frameworks
- Risk Treatment
- Perform Security Assessment Activities
- Security Assessment Workflow Management
- Participate in Security Testing
- Interpretation and Reporting of Scanning and Testing Results
- Remediation Validation
- Audit Finding Remediation
- Manage the Architectures: Asset Management and Configuration Control
- Operate And Maintain Monitoring Systems
- Events of Interest
- Logging
- Source Systems
- Legal and Regulatory Concerns
- Analyze Monitoring Results
- Security Baselines and Anomalies
- Visualizations, Metrics, and Trends
- Event Data Analysis
- Document and Communicate Findings
Module 4: Incident Response and Recovery
- Support The Incident Lifecycle
- Think like a Responder
- Physical, Logical, and Administrative Surfaces
- Incident Response: Measures of Merit
- The Lifecycle of a Security Incident
- Preparation
- Detection, Analysis, and Escalation
- Containment
- Eradication
- Recovery
- Lessons Learned; Implementation of New Countermeasures
Third-Party Considerations - Understand And Support Forensic Investigations
- Legal and Ethical Principles
- Logistics Support to Investigations
- Evidence Handling
- Evidence Collection
- Understand And Support Business Continuity Plan And Disaster Recovery Plan Activities
- Emergency Response Plans and Procedures
- Interim or Alternate Processing Strategies
- Restoration Planning
- Backup and Redundancy Implementation
- Data Recovery and Restoration
- Training and Awareness
- Testing and Drills
- CIANA+PS At Layer 8 And Above
- It Is a Dangerous World Out There
- People Power and Business Continuity
Module 5: Cryptography
- Understand Fundamental Concepts Of Cryptography
- Building Blocks of Digital Cryptographic Systems
- Hashing
- Salting
- Symmetric Block and Stream Ciphers
- Stream Ciphers
- EU ECRYPT
- Asymmetric Encryption
- Elliptical Curve Cryptography
- Nonrepudiation
- Digital Certificates
- Encryption Algorithms
- Key Strength
- Cryptographic Attacks, Cryptanalysis, And
- Countermeasures
- Cryptologic Hygiene as Countermeasures
- Common Attack Patterns and Methods
- Secure Cryptoprocessors, Hardware Security Modules, and Trusted Platform Modules
- Understand The Reasons And Requirements For
- Cryptography
- Confidentiality
- Integrity and Authenticity
- Data Sensitivity
- Availability
- Nonrepudiation
- Authentication
- Privacy
- Safety
- Regulatory and Compliance
- Transparency and Auditability
- Competitive Edge
- Understand And Support Secure Protocols
- Services and Protocols
- Common Use Cases
- Deploying Cryptography: Some Challenging Scenarios Limitations and Vulnerabilities
- Understand Public Key Infrastructure Systems
- Fundamental Key Management Concepts
- Hierarchies of Trust
- Web of Trust
Module 6: Network and Communications Security
- Understand And Apply Fundamental Concepts Of
- Networking
- Complementary, Not Competing, Frameworks
- OSI and TCP/IP Models
- OSI Reference Model
- TCP/IP Reference Model
- Converged Protocols
- Software-Defined Networks
- IPv4 Addresses, Dhcp, And Subnets
- IPv4 Address Classes
- Subnetting in IPv4
- Running Out of Addresses?
- IPv4 Vs. IPv6: Key Differences And Options
- Network Topographies
- Network Relationships
- Transmission Media Types
- Commonly Used Ports and Protocols
- Understand Network Attacks And Countermeasures
- CIANA+PS Layer by Layer
- Common Network Attack Types
- SCADA, IoT, and the Implications of Multilayer Protocols
- Manage Network Access Controls
- Network Access Control and Monitoring
- Network Access Control Standards and Protocols
- Remote Access Operation and Configuration
- Manage Network Security
- Logical and Physical Placement of Network Devices
- Segmentation
- Secure Device Management
- Operate And Configure Network-Based Security Devices
- Network Address Translation
- Additional Security Device Considerations
- Firewalls and Proxies
- Network Intrusion Detection/Prevention Systems
- Security Information and Event Management Systems
- Routers and Switches
- Network Security from Other Hardware Devices
- Traffic-Shaping Devices
- Operate And Configure Wireless Technologies
- Wireless: Common Characteristics
- Bluetooth
- Near-Field Communications
- Cellular/Mobile Phone Networks
- Ad Hoc Wireless Networks
- Transmission Security
- Wireless Security Devices
Module 7: Systems and Application Security
- Systems And Software Insecurity
- Software Vulnerabilities Across the Lifecycle
- Risks of Poorly Merged Systems
- Hard to Design It Right, Easy to Fix It?
- Hardware and Software Supply Chain Security
- Positive and Negative Models for Software Security
- Is Blocked Listing Dead? Or Dying?
- Information Security = Information Quality + Information
- Integrity
- Data Modeling
- Preserving Data Across the Lifecycle
- Identify And Analyze Malicious Code And Activity
- Malware
- Malicious Code Countermeasures
- Malicious Activity
- Malicious Activity Countermeasures
- Implement And Operate Endpoint Device Security
- HIDS
- Host-Based Firewalls
- Allowed Lists: Positive Control for App Execution
- Endpoint Encryption
- Trusted Platform Module
- Mobile Device Management
- Secure Browsing
- IoT Endpoint Security
- Endpoint Security: EDR, MDR, XDR, UEM, and Others
- Operate And Configure Cloud Security
- Deployment Models
- Service Models
- Virtualization
- Legal and Regulatory Concerns
- Data Storage and Transmission
- Third-Party/Outsourcing Requirements
- Lifecycles in the Cloud
- Shared Responsibility Model
- Layered Redundancy as a Survival Strategy
- Operate And Secure Virtual Environments
- Hypervisor
- Virtual Appliances
- Continuity and Resilience
- Attacks and Countermeasures
- Shared Storage
Materijali za čitanje i slajdovi za prezentacije u učionici su na engleskom jeziku.
Preporučeno predznanje
- Osnovno razumevanje bezbednosti informacija: Učesnici treba da imaju osnovno znanje o konceptima bezbednosti informacija, uključujući upravljanje rizicima, kontrolu pristupa i bezbednosne operacije.
- Iskustvo u informatici ili srodnim oblastima: Iako nije striktno obavezno, korisno je imati najmanje jednu godinu kumulativnog profesionalnog iskustva u jednom ili više od sedam SSCP domena, kao što su kontrola pristupa, bezbednosne operacije i administracija, identifikacija i analiza rizika, odgovor na incidente i oporavak, kriptografija, bezbednost mreža i komunikacija, i bezbednost sistema i aplikacija.
- Poznavanje mreža i IT infrastrukture: Preporučuje se osnovno razumevanje mrežnih principa (TCP/IP, firewall-ovi, VPN) i IT infrastrukture za razumevanje tehnički složenijih aspekata kursa.
- Motivacija za sajber bezbednost: Snažna zainteresovanost za učenje praksi sajber bezbednosti i želja za izgradnjom karijere u bezbednosti informacija su neophodni.
- Nije potrebna sertifikacija: Za razliku od drugih naprednih sertifikacija, ne postoje formalni sertifikacioni preduslovi za pohađanje SSCP kursa, što ga čini dostupnim širem spektru IT profesionalaca.
Ovi preduslovi su dizajnirani da garantuju da su učesnici spremni da se angažuju sa materijalom kursa i efikasno primene ono što nauče.
Stručno usavršavanje i sertifikacija
Karakteristike ispita
- Priprema za Systems Security Certified Practitioner (SSCP) sertifikaciju
- Cena: 250 USD
- Tipovi pitanja: Višestruki izbor
- Trajanje: 3 sata
- Broj pitanja: 125
- Prolazna ocena: 700/1000
Teme ispita
- Kontrole pristupa
- Bezbednosne operacije i administracija
- Identifikacija, praćenje i analiza rizika
- Odgovor i oporavak u slučaju incidenta
- Kriptografija
- Bezbednost mreža i komunikacija
- Bezbednost sistema i aplikacija
SSCP obuka za sertifikaciju (CS8521)
Obuka Systems Security Certified Practitioner (SSCP) (CS8521) je dizajnirana za IT profesionalce koji žele da razviju i potvrde svoje veštine u operativnoj bezbednosti. Ova svetski priznata sertifikacija, koju nudi (ISC)², demonstrira vašu ekspertizu u implementaciji, praćenju i upravljanju IT bezbednosnim merama. Obuka pokriva sedam osnovnih domena bezbednosti, pružajući učesnicima sveobuhvatno razumevanje osnovnih principa sajber bezbednosti.
Kroz interaktivne sesije i praktične vežbe, učesnici se pripremaju da postižu izvrsnost u svojim ulogama i uspešno dobiju SSCP sertifikaciju. Ova akreditacija uspostavlja vašu ekspertizu u oblasti IT bezbednosnih operacija.
Zašto odabrati SSCP obuku?
Organizacije se suočavaju sa rastućim bezbednosnim izazovima koji zahtevaju kvalifikovane profesionalce za zaštitu IT sistema i kritičnih podataka. SSCP sertifikacija potvrđuje vašu ekspertizu u operativnoj bezbednosti i poboljšava vašu sposobnost upravljanja, praćenja i administracije bezbednih sistema.
Ova obuka vas opremava potrebnim veštinama za postizanje izvrsnosti u ulogama kao što su sistemski administrator, bezbednosni analitičar i mrežni administrator. Dobijanje SSCP sertifikacije vas pozicionira kao pouzdanog profesionalca u dinamičnoj oblasti sajber bezbednosti.
Veštine koje ćete steći tokom obuke
- Duboko razumevanje operativne bezbednosti
Ovladajte sa sedam domena Common Body of Knowledge (CBK) SSCP-a, uključujući kontrole pristupa, bezbednosne operacije i kriptografiju. - Odgovor na incidente i oporavak nakon katastrofe
Naučite da efikasno odgovarate na bezbednosne incidente i dizajnirate robusne planove oporavka za minimizovanje prekida. - Administracija bezbednih sistema i mreža
Steknite ekspertizu u upravljanju i obezbeđivanju IT infrastruktura za zaštitu od sajber pretnji koje se razvijaju. - Praćenje i audit bezbednosti
Razvijte potrebne veštine za praćenje sistema, sprovođenje audita i garantovanje usklađenosti sa bezbednosnim politikama. - Priprema za SSCP sertifikacioni ispit
Steknite znanja i pouzdanje potrebno za uspešno polaganje SSCP sertifikacionog ispita, demonstrirajući tako vaše ovladavanje IT bezbednošću.
Interaktivna obuka koju vode sertifikovani eksperti
SSCP obuku vode sertifikovani instruktori sa velikim iskustvom u IT bezbednosnim operacijama. Učesnici imaju koristi od praktičnih laboratorija, stvarnih scenarija i studija slučaja koji povezuju teoriju sa konkretnim primenama.
Kome je namenjena ova obuka?
Ova obuka je idealna za:
- IT profesionalce odgovorne za obezbeđivanje IT sistema i mreža
- Bezbednosne analitičare koji upravljaju merama operativne bezbednosti
- Sistemske administratore koji žele da prodube svoja znanja u IT bezbednosti
- Pojedince koji se pripremaju za SSCP sertifikacioni ispit
Unapredite svoju karijeru sa SSCP sertifikacijom
Obuka Systems Security Certified Practitioner (SSCP) (CS8521) vas opremava veštinama i znanjima potrebnim za postizanje izvrsnosti u IT bezbednosnim operacijama. Prijavite se već danas da dobijete svetski priznatu sertifikaciju i unapredite svoju karijeru u sajber bezbednosti.
Često postavljana pitanja - obuka za SSCP sertifikaciju (FAQ)
Koje teme se obrađuju u SSCP obuci?
Obuka uključuje kontrole pristupa, kriptografiju, upravljanje rizicima, odgovor na incidente i bezbednosne operacije.
Koji su preduslovi za SSCP sertifikaciju?
Kandidati moraju imati najmanje jednu godinu profesionalnog iskustva u jednom ili više od sedam domena CBK SSCP-a.
Koje prednosti pruža SSCP sertifikacija?
Ona potvrđuje vašu ekspertizu u IT bezbednosnim operacijama, poboljšavajući vaše karijerne perspektive u sajber bezbednosti.
Ko priznaje SSCP sertifikaciju?
SSCP sertifikacija je svetski priznata i cenjena od strane organizacija iz različitih sektora.
Da li je obuka usklađena sa SSCP sertifikacionim ispitom?
Da, sadržaj kursa je potpuno usklađen sa ciljevima SSCP sertifikacionog ispita.