Beware of a Voice Message Phishing Scam on WhatsApp.pptx
Exploring SSCP Domain 2 Security Operations and Administration for a Career in IT Security.pptx
1. Exploring SSCP Domain 2: Security Operations and
Administration for a Career in IT Security
www.infosectrain.com | sales@infosectrain.com
2. www.infosectrain.com | sales@infosectrain.com
Information is exposed to a large number and range of threats
in an increasingly interconnected world. Due to the ever-
increasing number of cyberattacks, security has become the
prime concern in information technology. Information security
can help protect an organization’s technology and information
assets by preventing, detecting, and responding to attacks. This
article will cover the second domain of the SSCP certification
exam that deals with the various aspects related to security
operations and administration.
5. www.infosectrain.com | sales@infosectrain.com
The seven domains covered by the SSCP certification exam are:
•Domain 1: Access Controls (16%)
•Domain 2: Security Operations and Administration (15%)
•Domain 3: Risk Identification, Monitoring, and Analysis (15%)
•Domain 4: Incident Response and Recovery (13%)
•Domain 5: Cryptography (10%)
•Domain 6: Network and Communications Security (16%)
•Domain 7: Systems and Application Security (15%)
6. www.infosectrain.com | sales@infosectrain.com
Domain 2: Security Operations and Administration
Domain 2 of the SSCP certification exam is Security Operations and
Administration. The Security Operations and Administration domain comprises a
15% weightage of the SSCP certification exam. This domain is concerned with the
availability, integrity, and confidentiality of information related to management
staff, system owners, information managers, and end-users. This domain will
discuss the availability to ensure accessibility to all hardware, software
applications, and data throughout the system. It will also discuss integrity to
protect systems from unauthorized, unanticipated, or unintentional modifications.
Every business should have policies, standards, procedures, and guidelines that
give recorded information to govern the organization’s actions and the behavior of
the people it employs or interacts with. You will learn about change management,
software and system patches and upgrades, and data management rules in this
domain. It will also go over data classification and validate whether or not a
security measure is working correctly. The subtopics covered in Security
Operations and Administration domains are:
7. www.infosectrain.com | sales@infosectrain.com
•Comply with codes of ethics
•Understand security concepts
•Document, implement and maintain functional security controls
•Participate in asset management
•Implement security controls and assess compliance
•Participate in change management
•Participate in security awareness and training
•Participate in physical security operations
8. www.infosectrain.com | sales@infosectrain.com
1. Comply with Codes of Ethics
In this subsection, we will understand what a code of ethics is. A code of
ethics is a set of guidelines for professionals to conduct business honestly
and ethically. This section will provide the ethical rules and best practices for
maintaining honesty, integrity, and professionalism in an organization. In
addition, the examination candidate must also agree to and sign the ISC2
Code of Ethics and non-disclosure agreement (NDA).
2. Understand Security Concepts
This subsection will discuss the three core security targets, known as the CIA
triad, confidentiality, integrity, and availability. These are the three things
that businesses prefer to prevent. It will also cover the significance of the
concepts of confidentiality, integrity, and availability and how to connect any
other security topic to one of these three goals. It will also help you
understand the basic security concepts such as accountability, privacy, non-
repudiation, least privilege, and more. It will cover ‘separation of duties’
policies to ensure that no one person has too much authority and control.
9. www.infosectrain.com | sales@infosectrain.com
3. Document, Implement and Maintain Functional Security
Controls
This subsection will look at different control types and recognize
the need for layered security in our information systems. A single
security countermeasure is never enough; we need layers upon
layers of protection. We will understand various controls such as
deterrent, preventive, corrective, detective, and compensating
controls.
4. Participate in Asset Management
This subsection deals with the management of organizational IT
assets and the processes involved in management. Asset
management is the process of monitoring, deploying, maintaining,
upgrading, and disposing of an organization’s assets as needed. It is
an integral part of this domain. This section will cover the
hardware, software, and data lifecycle of an organization in depth.
It will go through the hardware and software inventory and
licensing and various data storage capabilities available.
10. www.infosectrain.com | sales@infosectrain.com
5. Implement Security Controls and Assess Compliance
In this section, we will learn multistep processes to control access to
an organization’s resources. It will cover the technical controls such as
session timeout, password aging, and physical controls such as
mantrap, cameras, locks, and more. It will also cover administrative
controls such as security policies and standards, procedures, baseline
security, and more. This section will also go through periodic audits
and reviews.
6. Participate in Change Management
We will learn about the change management process and various
components of change management processes in this subsection of
the Security Operations and Administration domain. The discussion
will be around the ways to execute the change management process.
This domain will teach you how you can identify security impacts.
Learn how to establish security practices throughout the enterprise.
This section will also cover rules to test and implement patches, fixes,
and various updates of operating systems, applications, SDLC, and
more.
11. www.infosectrain.com | sales@infosectrain.com
7. Participate in Security Awareness and Training
This subsection will go through how IT and security professionals avoid
and mitigate user risk. Businesses can reduce help desk costs and protect
their entire cybersecurity investment by implementing security
awareness training. Professionals learn how to prevent phishing and
other types of social engineering cyber attacks, spot potential malware
behaviors, report possible security threats, follow company IT policies and
best practices and comply with any applicable data privacy and
compliance regulations by participating in security awareness training.
8. Participate in Physical Security Operations
We will study how to participate in physical security, what physical
security is, how to manage it, and how to apply and implement it inside
an organization in this subsection. This section will cover physical security,
building security, keys, locks, safes, communications and server rooms,
restricted and work area security, fire prevention, detection and
suppression, and more.
12. www.infosectrain.com | sales@infosectrain.com
SSCP with InfosecTrain
Enroll in the SSCP certification training course at InfosecTrain.
We are one of the leading security training providers in the
world. With the help of our highly educated and trained
instructors, you may earn prestigious ISC2 SSCP certifications.
This training course will teach you how to apply basic security
concepts to the day-to-day operation and administration of
enterprise computer systems and stored data.
13. About InfosecTrain
• Established in 2016, we are one of the finest
Security and Technology Training and
Consulting company
• Wide range of professional training programs,
certifications & consulting services in the IT
and Cyber Security domain
• High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com | sales@infosectrain.com
15. Why InfosecTrain Global Learning Partners
Flexible modes
of Training
Tailor Made
Training
Post training
completion
Certified and
Experienced Instructors
Access to the
recorded
sessions
www.infosectrain.com | sales@infosectrain.com
18. Contact us
Get your workforce reskilled
by our certified and
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 /
UK : +44 7451 208413
sales@infosectrain.com
www.infosectrain.com