SlideShare a Scribd company logo

Exploring SSCP Domain 2 Security Operations and Administration for a Career in IT Security.pptx

Download as PPTX, PDF
I
Infosectrain3

Domain 2 of the SSCP certification exam is Security Operations and Administration.

Education
1 of 18
Exploring SSCP Domain 2: Security Operations and Administration for a Career in IT Security www.infosectrain.com | sales@infosectrain.com
www.infosectrain.com | sales@infosectrain.com Information is exposed to a large number and range of threats in an increasingly interconnected world. Due to the ever- increasing number of cyberattacks, security has become the prime concern in information technology. Information security can help protect an organization’s technology and information assets by preventing, detecting, and responding to attacks. This article will cover the second domain of the SSCP certification exam that deals with the various aspects related to security operations and administration.
www.infosectrain.com | sales@infosectrain.com
www.infosectrain.com | sales@infosectrain.com Domains of SSCP
www.infosectrain.com | sales@infosectrain.com The seven domains covered by the SSCP certification exam are: •Domain 1: Access Controls (16%) •Domain 2: Security Operations and Administration (15%) •Domain 3: Risk Identification, Monitoring, and Analysis (15%) •Domain 4: Incident Response and Recovery (13%) •Domain 5: Cryptography (10%) •Domain 6: Network and Communications Security (16%) •Domain 7: Systems and Application Security (15%)
www.infosectrain.com | sales@infosectrain.com Domain 2: Security Operations and Administration Domain 2 of the SSCP certification exam is Security Operations and Administration. The Security Operations and Administration domain comprises a 15% weightage of the SSCP certification exam. This domain is concerned with the availability, integrity, and confidentiality of information related to management staff, system owners, information managers, and end-users. This domain will discuss the availability to ensure accessibility to all hardware, software applications, and data throughout the system. It will also discuss integrity to protect systems from unauthorized, unanticipated, or unintentional modifications. Every business should have policies, standards, procedures, and guidelines that give recorded information to govern the organization’s actions and the behavior of the people it employs or interacts with. You will learn about change management, software and system patches and upgrades, and data management rules in this domain. It will also go over data classification and validate whether or not a security measure is working correctly. The subtopics covered in Security Operations and Administration domains are:
www.infosectrain.com | sales@infosectrain.com •Comply with codes of ethics •Understand security concepts •Document, implement and maintain functional security controls •Participate in asset management •Implement security controls and assess compliance •Participate in change management •Participate in security awareness and training •Participate in physical security operations
www.infosectrain.com | sales@infosectrain.com 1. Comply with Codes of Ethics In this subsection, we will understand what a code of ethics is. A code of ethics is a set of guidelines for professionals to conduct business honestly and ethically. This section will provide the ethical rules and best practices for maintaining honesty, integrity, and professionalism in an organization. In addition, the examination candidate must also agree to and sign the ISC2 Code of Ethics and non-disclosure agreement (NDA). 2. Understand Security Concepts This subsection will discuss the three core security targets, known as the CIA triad, confidentiality, integrity, and availability. These are the three things that businesses prefer to prevent. It will also cover the significance of the concepts of confidentiality, integrity, and availability and how to connect any other security topic to one of these three goals. It will also help you understand the basic security concepts such as accountability, privacy, non- repudiation, least privilege, and more. It will cover ‘separation of duties’ policies to ensure that no one person has too much authority and control.
www.infosectrain.com | sales@infosectrain.com 3. Document, Implement and Maintain Functional Security Controls This subsection will look at different control types and recognize the need for layered security in our information systems. A single security countermeasure is never enough; we need layers upon layers of protection. We will understand various controls such as deterrent, preventive, corrective, detective, and compensating controls. 4. Participate in Asset Management This subsection deals with the management of organizational IT assets and the processes involved in management. Asset management is the process of monitoring, deploying, maintaining, upgrading, and disposing of an organization’s assets as needed. It is an integral part of this domain. This section will cover the hardware, software, and data lifecycle of an organization in depth. It will go through the hardware and software inventory and licensing and various data storage capabilities available.
www.infosectrain.com | sales@infosectrain.com 5. Implement Security Controls and Assess Compliance In this section, we will learn multistep processes to control access to an organization’s resources. It will cover the technical controls such as session timeout, password aging, and physical controls such as mantrap, cameras, locks, and more. It will also cover administrative controls such as security policies and standards, procedures, baseline security, and more. This section will also go through periodic audits and reviews. 6. Participate in Change Management We will learn about the change management process and various components of change management processes in this subsection of the Security Operations and Administration domain. The discussion will be around the ways to execute the change management process. This domain will teach you how you can identify security impacts. Learn how to establish security practices throughout the enterprise. This section will also cover rules to test and implement patches, fixes, and various updates of operating systems, applications, SDLC, and more.
www.infosectrain.com | sales@infosectrain.com 7. Participate in Security Awareness and Training This subsection will go through how IT and security professionals avoid and mitigate user risk. Businesses can reduce help desk costs and protect their entire cybersecurity investment by implementing security awareness training. Professionals learn how to prevent phishing and other types of social engineering cyber attacks, spot potential malware behaviors, report possible security threats, follow company IT policies and best practices and comply with any applicable data privacy and compliance regulations by participating in security awareness training. 8. Participate in Physical Security Operations We will study how to participate in physical security, what physical security is, how to manage it, and how to apply and implement it inside an organization in this subsection. This section will cover physical security, building security, keys, locks, safes, communications and server rooms, restricted and work area security, fire prevention, detection and suppression, and more.
www.infosectrain.com | sales@infosectrain.com SSCP with InfosecTrain Enroll in the SSCP certification training course at InfosecTrain. We are one of the leading security training providers in the world. With the help of our highly educated and trained instructors, you may earn prestigious ISC2 SSCP certifications. This training course will teach you how to apply basic security concepts to the day-to-day operation and administration of enterprise computer systems and stored data.
About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com
Our Endorsements www.infosectrain.com | sales@infosectrain.com
Why InfosecTrain Global Learning Partners Flexible modes of Training Tailor Made Training Post training completion Certified and Experienced Instructors Access to the recorded sessions www.infosectrain.com | sales@infosectrain.com
Our Trusted Clients www.infosectrain.com | sales@infosectrain.com
Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

Recommended

Turning off Autofill.pdf
Turning off Autofill.pdfTurning off Autofill.pdf
Turning off Autofill.pdfInfosectrain3
 
Targeted Ransomware.pdf
Targeted Ransomware.pdfTargeted Ransomware.pdf
Targeted Ransomware.pdfInfosectrain3
 
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdfExploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdfInfosectrain3
 
LoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfLoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfInfosectrain3
 
Security tips for Travelers.pdf
Security tips for Travelers.pdfSecurity tips for Travelers.pdf
Security tips for Travelers.pdfInfosectrain3
 
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdfThreat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdfInfosectrain3
 
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfSOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfInfosectrain3
 
The Cyber Villains.pdf
The Cyber Villains.pdfThe Cyber Villains.pdf
The Cyber Villains.pdfInfosectrain3
 

Recommended

Turning off Autofill.pdf
Turning off Autofill.pdfTurning off Autofill.pdf
Turning off Autofill.pdfInfosectrain3
 
Targeted Ransomware.pdf
Targeted Ransomware.pdfTargeted Ransomware.pdf
Targeted Ransomware.pdfInfosectrain3
 
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdfExploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdfInfosectrain3
 
LoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfLoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfInfosectrain3
 
Security tips for Travelers.pdf
Security tips for Travelers.pdfSecurity tips for Travelers.pdf
Security tips for Travelers.pdfInfosectrain3
 
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdfThreat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdfInfosectrain3
 
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfSOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfInfosectrain3
 
The Cyber Villains.pdf
The Cyber Villains.pdfThe Cyber Villains.pdf
The Cyber Villains.pdfInfosectrain3
 
Types of Servers in Computing.pdf
Types of Servers in Computing.pdfTypes of Servers in Computing.pdf
Types of Servers in Computing.pdfInfosectrain3
 
Types of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdfTypes of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdfInfosectrain3
 
Google's AI Red Team.pdf
Google's AI Red Team.pdfGoogle's AI Red Team.pdf
Google's AI Red Team.pdfInfosectrain3
 
A to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdfA to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdfInfosectrain3
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptxInfosectrain3
 
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptxInterview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptxInfosectrain3
 
Interview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptxInterview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptxInfosectrain3
 
IBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptxIBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptxInfosectrain3
 
How to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptxHow to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptxInfosectrain3
 
How to Analyze Data (1).pptx
How to Analyze Data (1).pptxHow to Analyze Data (1).pptx
How to Analyze Data (1).pptxInfosectrain3
 
How DNS Works.pptx
How DNS Works.pptxHow DNS Works.pptx
How DNS Works.pptxInfosectrain3
 
Frequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptxFrequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptxInfosectrain3
 
Exploring SAML 2.0-based federation in AWS.pptx
Exploring SAML 2.0-based federation in AWS.pptxExploring SAML 2.0-based federation in AWS.pptx
Exploring SAML 2.0-based federation in AWS.pptxInfosectrain3
 
Cybersecurity Threats and Attacks A Challenge to the IT Sector.pptx
Cybersecurity Threats and Attacks A Challenge to the IT Sector.pptxCybersecurity Threats and Attacks A Challenge to the IT Sector.pptx
Cybersecurity Threats and Attacks A Challenge to the IT Sector.pptxInfosectrain3
 
CompTIA CySA+ domains and their Weightage.pptx
CompTIA CySA+ domains and their Weightage.pptxCompTIA CySA+ domains and their Weightage.pptx
CompTIA CySA+ domains and their Weightage.pptxInfosectrain3
 
CND v2 Training.pptx
CND v2 Training.pptxCND v2 Training.pptx
CND v2 Training.pptxInfosectrain3
 
Cluster Analysis in Data Science.pptx
Cluster Analysis in Data Science.pptxCluster Analysis in Data Science.pptx
Cluster Analysis in Data Science.pptxInfosectrain3
 
Cloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptxCloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptxInfosectrain3
 
CISSP Vs. CISA Which is better for you.pptx
CISSP Vs. CISA Which is better for you.pptxCISSP Vs. CISA Which is better for you.pptx
CISSP Vs. CISA Which is better for you.pptxInfosectrain3
 
Beware of a Voice Message Phishing Scam on WhatsApp.pptx
Beware of a Voice Message Phishing Scam on WhatsApp.pptxBeware of a Voice Message Phishing Scam on WhatsApp.pptx
Beware of a Voice Message Phishing Scam on WhatsApp.pptxInfosectrain3
 

More Related Content

More from Infosectrain3

Types of Servers in Computing.pdf
Types of Servers in Computing.pdfTypes of Servers in Computing.pdf
Types of Servers in Computing.pdfInfosectrain3
 
Types of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdfTypes of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdfInfosectrain3
 
Google's AI Red Team.pdf
Google's AI Red Team.pdfGoogle's AI Red Team.pdf
Google's AI Red Team.pdfInfosectrain3
 
A to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdfA to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdfInfosectrain3
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptxInfosectrain3
 
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptxInterview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptxInfosectrain3
 
Interview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptxInterview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptxInfosectrain3
 
IBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptxIBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptxInfosectrain3
 
How to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptxHow to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptxInfosectrain3
 
How to Analyze Data (1).pptx
How to Analyze Data (1).pptxHow to Analyze Data (1).pptx
How to Analyze Data (1).pptxInfosectrain3
 
Frequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptxFrequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptxInfosectrain3
 
Exploring SAML 2.0-based federation in AWS.pptx
Exploring SAML 2.0-based federation in AWS.pptxExploring SAML 2.0-based federation in AWS.pptx
Exploring SAML 2.0-based federation in AWS.pptxInfosectrain3
 
Cybersecurity Threats and Attacks A Challenge to the IT Sector.pptx
Cybersecurity Threats and Attacks A Challenge to the IT Sector.pptxCybersecurity Threats and Attacks A Challenge to the IT Sector.pptx
Cybersecurity Threats and Attacks A Challenge to the IT Sector.pptxInfosectrain3
 
CompTIA CySA+ domains and their Weightage.pptx
CompTIA CySA+ domains and their Weightage.pptxCompTIA CySA+ domains and their Weightage.pptx
CompTIA CySA+ domains and their Weightage.pptxInfosectrain3
 
CND v2 Training.pptx
CND v2 Training.pptxCND v2 Training.pptx
CND v2 Training.pptxInfosectrain3
 
Cluster Analysis in Data Science.pptx
Cluster Analysis in Data Science.pptxCluster Analysis in Data Science.pptx
Cluster Analysis in Data Science.pptxInfosectrain3
 
Cloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptxCloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptxInfosectrain3
 
CISSP Vs. CISA Which is better for you.pptx
CISSP Vs. CISA Which is better for you.pptxCISSP Vs. CISA Which is better for you.pptx
CISSP Vs. CISA Which is better for you.pptxInfosectrain3
 
Beware of a Voice Message Phishing Scam on WhatsApp.pptx
Beware of a Voice Message Phishing Scam on WhatsApp.pptxBeware of a Voice Message Phishing Scam on WhatsApp.pptx
Beware of a Voice Message Phishing Scam on WhatsApp.pptxInfosectrain3
 

More from Infosectrain3 (20)

Types of Servers in Computing.pdf
Types of Servers in Computing.pdfTypes of Servers in Computing.pdf
Types of Servers in Computing.pdf
 
Types of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdfTypes of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdf
 
Google's AI Red Team.pdf
Google's AI Red Team.pdfGoogle's AI Red Team.pdf
Google's AI Red Team.pdf
 
A to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdfA to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdf
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptxInterview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
 
Interview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptxInterview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptx
 
IBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptxIBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptx
 
How to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptxHow to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptx
 
How to Analyze Data (1).pptx
How to Analyze Data (1).pptxHow to Analyze Data (1).pptx
How to Analyze Data (1).pptx
 
How DNS Works.pptx
How DNS Works.pptxHow DNS Works.pptx
How DNS Works.pptx
 
Frequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptxFrequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptx
 
Exploring SAML 2.0-based federation in AWS.pptx
Exploring SAML 2.0-based federation in AWS.pptxExploring SAML 2.0-based federation in AWS.pptx
Exploring SAML 2.0-based federation in AWS.pptx
 
Cybersecurity Threats and Attacks A Challenge to the IT Sector.pptx
Cybersecurity Threats and Attacks A Challenge to the IT Sector.pptxCybersecurity Threats and Attacks A Challenge to the IT Sector.pptx
Cybersecurity Threats and Attacks A Challenge to the IT Sector.pptx
 
CompTIA CySA+ domains and their Weightage.pptx
CompTIA CySA+ domains and their Weightage.pptxCompTIA CySA+ domains and their Weightage.pptx
CompTIA CySA+ domains and their Weightage.pptx
 
CND v2 Training.pptx
CND v2 Training.pptxCND v2 Training.pptx
CND v2 Training.pptx
 
Cluster Analysis in Data Science.pptx
Cluster Analysis in Data Science.pptxCluster Analysis in Data Science.pptx
Cluster Analysis in Data Science.pptx
 
Cloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptxCloud Security Issues and Challenge.pptx
Cloud Security Issues and Challenge.pptx
 
CISSP Vs. CISA Which is better for you.pptx
CISSP Vs. CISA Which is better for you.pptxCISSP Vs. CISA Which is better for you.pptx
CISSP Vs. CISA Which is better for you.pptx
 
Beware of a Voice Message Phishing Scam on WhatsApp.pptx
Beware of a Voice Message Phishing Scam on WhatsApp.pptxBeware of a Voice Message Phishing Scam on WhatsApp.pptx
Beware of a Voice Message Phishing Scam on WhatsApp.pptx
 

Exploring SSCP Domain 2 Security Operations and Administration for a Career in IT Security.pptx

  • 1. Exploring SSCP Domain 2: Security Operations and Administration for a Career in IT Security www.infosectrain.com | sales@infosectrain.com
  • 2. www.infosectrain.com | sales@infosectrain.com Information is exposed to a large number and range of threats in an increasingly interconnected world. Due to the ever- increasing number of cyberattacks, security has become the prime concern in information technology. Information security can help protect an organization’s technology and information assets by preventing, detecting, and responding to attacks. This article will cover the second domain of the SSCP certification exam that deals with the various aspects related to security operations and administration.
  • 5. www.infosectrain.com | sales@infosectrain.com The seven domains covered by the SSCP certification exam are: •Domain 1: Access Controls (16%) •Domain 2: Security Operations and Administration (15%) •Domain 3: Risk Identification, Monitoring, and Analysis (15%) •Domain 4: Incident Response and Recovery (13%) •Domain 5: Cryptography (10%) •Domain 6: Network and Communications Security (16%) •Domain 7: Systems and Application Security (15%)
  • 6. www.infosectrain.com | sales@infosectrain.com Domain 2: Security Operations and Administration Domain 2 of the SSCP certification exam is Security Operations and Administration. The Security Operations and Administration domain comprises a 15% weightage of the SSCP certification exam. This domain is concerned with the availability, integrity, and confidentiality of information related to management staff, system owners, information managers, and end-users. This domain will discuss the availability to ensure accessibility to all hardware, software applications, and data throughout the system. It will also discuss integrity to protect systems from unauthorized, unanticipated, or unintentional modifications. Every business should have policies, standards, procedures, and guidelines that give recorded information to govern the organization’s actions and the behavior of the people it employs or interacts with. You will learn about change management, software and system patches and upgrades, and data management rules in this domain. It will also go over data classification and validate whether or not a security measure is working correctly. The subtopics covered in Security Operations and Administration domains are:
  • 7. www.infosectrain.com | sales@infosectrain.com •Comply with codes of ethics •Understand security concepts •Document, implement and maintain functional security controls •Participate in asset management •Implement security controls and assess compliance •Participate in change management •Participate in security awareness and training •Participate in physical security operations
  • 8. www.infosectrain.com | sales@infosectrain.com 1. Comply with Codes of Ethics In this subsection, we will understand what a code of ethics is. A code of ethics is a set of guidelines for professionals to conduct business honestly and ethically. This section will provide the ethical rules and best practices for maintaining honesty, integrity, and professionalism in an organization. In addition, the examination candidate must also agree to and sign the ISC2 Code of Ethics and non-disclosure agreement (NDA). 2. Understand Security Concepts This subsection will discuss the three core security targets, known as the CIA triad, confidentiality, integrity, and availability. These are the three things that businesses prefer to prevent. It will also cover the significance of the concepts of confidentiality, integrity, and availability and how to connect any other security topic to one of these three goals. It will also help you understand the basic security concepts such as accountability, privacy, non- repudiation, least privilege, and more. It will cover ‘separation of duties’ policies to ensure that no one person has too much authority and control.
  • 9. www.infosectrain.com | sales@infosectrain.com 3. Document, Implement and Maintain Functional Security Controls This subsection will look at different control types and recognize the need for layered security in our information systems. A single security countermeasure is never enough; we need layers upon layers of protection. We will understand various controls such as deterrent, preventive, corrective, detective, and compensating controls. 4. Participate in Asset Management This subsection deals with the management of organizational IT assets and the processes involved in management. Asset management is the process of monitoring, deploying, maintaining, upgrading, and disposing of an organization’s assets as needed. It is an integral part of this domain. This section will cover the hardware, software, and data lifecycle of an organization in depth. It will go through the hardware and software inventory and licensing and various data storage capabilities available.
  • 10. www.infosectrain.com | sales@infosectrain.com 5. Implement Security Controls and Assess Compliance In this section, we will learn multistep processes to control access to an organization’s resources. It will cover the technical controls such as session timeout, password aging, and physical controls such as mantrap, cameras, locks, and more. It will also cover administrative controls such as security policies and standards, procedures, baseline security, and more. This section will also go through periodic audits and reviews. 6. Participate in Change Management We will learn about the change management process and various components of change management processes in this subsection of the Security Operations and Administration domain. The discussion will be around the ways to execute the change management process. This domain will teach you how you can identify security impacts. Learn how to establish security practices throughout the enterprise. This section will also cover rules to test and implement patches, fixes, and various updates of operating systems, applications, SDLC, and more.
  • 11. www.infosectrain.com | sales@infosectrain.com 7. Participate in Security Awareness and Training This subsection will go through how IT and security professionals avoid and mitigate user risk. Businesses can reduce help desk costs and protect their entire cybersecurity investment by implementing security awareness training. Professionals learn how to prevent phishing and other types of social engineering cyber attacks, spot potential malware behaviors, report possible security threats, follow company IT policies and best practices and comply with any applicable data privacy and compliance regulations by participating in security awareness training. 8. Participate in Physical Security Operations We will study how to participate in physical security, what physical security is, how to manage it, and how to apply and implement it inside an organization in this subsection. This section will cover physical security, building security, keys, locks, safes, communications and server rooms, restricted and work area security, fire prevention, detection and suppression, and more.
  • 12. www.infosectrain.com | sales@infosectrain.com SSCP with InfosecTrain Enroll in the SSCP certification training course at InfosecTrain. We are one of the leading security training providers in the world. With the help of our highly educated and trained instructors, you may earn prestigious ISC2 SSCP certifications. This training course will teach you how to apply basic security concepts to the day-to-day operation and administration of enterprise computer systems and stored data.
  • 13. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com
  • 14. Our Endorsements www.infosectrain.com | sales@infosectrain.com
  • 15. Why InfosecTrain Global Learning Partners Flexible modes of Training Tailor Made Training Post training completion Certified and Experienced Instructors Access to the recorded sessions www.infosectrain.com | sales@infosectrain.com
  • 16. Our Trusted Clients www.infosectrain.com | sales@infosectrain.com
  • 17.
  • 18. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com