1 / 18

Exploring SSCP Domain 2 Security Operations and Administration for a Career in IT Security

Domain 2 of the SSCP certification exam is Security Operations and Administration. The Security Operations and Administration domain comprises a 15% weightage of the SSCP certification exam.

infosectrain1
Download Presentation

Exploring SSCP Domain 2 Security Operations and Administration for a Career in IT Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exploring SSCP Domain 2: Security Operations and Administration for a Career in IT Security www.infosectrain.com | sales@infosectrain.com

  2. Information is exposed to a large number and range of threats in an increasingly interconnected world. Due to the ever-increasing number of cyberattacks, security has become the prime concern in information technology. Information security can help protect an organization’s technology and information assets by preventing, detecting, and responding to attacks. This article will cover the second domain of the SSCP certification exam that deals with the various aspects related to security operations and administration. www.infosectrain.com | sales@infosectrain.com

  3. www.infosectrain.com | sales@infosectrain.com

  4. Domains of SSCP www.infosectrain.com | sales@infosectrain.com

  5. The seven domains covered by the SSCP certification exam are: • Domain 1: Access Controls (16%) • Domain 2: Security Operations and Administration (15%) • Domain 3: Risk Identification, Monitoring, and Analysis (15%) • Domain 4: Incident Response and Recovery (13%) • Domain 5: Cryptography (10%) • Domain 6: Network and Communications Security (16%) • Domain 7: Systems and Application Security (15%) www.infosectrain.com | sales@infosectrain.com

  6. Domain 2: Security Operations and Administration Domain 2 of the SSCP certification exam is Security Operations and Administration. The Security Operations and Administration domain comprises a 15% weightage of the SSCP certification exam. This domain is concerned with the availability, integrity, and confidentiality of information related to management staff, system owners, information managers, and end-users. This domain will discuss the availability to ensure accessibility to all hardware, software applications, and data throughout the system. It will also discuss integrity to protect systems from unauthorized, unanticipated, or unintentional modifications. Every business should have policies, standards, procedures, and guidelines that give recorded information to govern the organization’s actions and the behavior of the people it employs or interacts with. You will learn about change management, software and system patches and upgrades, and data management rules in this domain. It will also go over data classification and validate whether or not a security measure is working correctly. The subtopics covered in Security Operations and Administration domains are: www.infosectrain.com | sales@infosectrain.com

  7. Comply with codes of ethics • Understand security concepts • Document, implement and maintain functional security controls • Participate in asset management • Implement security controls and assess compliance • Participate in change management • Participate in security awareness and training • Participate in physical security operations www.infosectrain.com | sales@infosectrain.com

  8. 1. Comply with Codes of EthicsIn this subsection, we will understand what a code of ethics is. A code of ethics is a set of guidelines for professionals to conduct business honestly and ethically. This section will provide the ethical rules and best practices for maintaining honesty, integrity, and professionalism in an organization. In addition, the examination candidate must also agree to and sign the ISC2 Code of Ethics and non-disclosure agreement (NDA). 2. Understand Security ConceptsThis subsection will discuss the three core security targets, known as the CIA triad, confidentiality, integrity, and availability. These are the three things that businesses prefer to prevent. It will also cover the significance of the concepts of confidentiality, integrity, and availability and how to connect any other security topic to one of these three goals. It will also help you understand the basic security concepts such as accountability, privacy, non-repudiation, least privilege, and more. It will cover ‘separation of duties’ policies to ensure that no one person has too much authority and control. www.infosectrain.com | sales@infosectrain.com

  9. 3. Document, Implement and Maintain Functional Security ControlsThis subsection will look at different control types and recognize the need for layered security in our information systems. A single security countermeasure is never enough; we need layers upon layers of protection. We will understand various controls such as deterrent, preventive, corrective, detective, and compensating controls. 4. Participate in Asset ManagementThis subsection deals with the management of organizational IT assets and the processes involved in management. Asset management is the process of monitoring, deploying, maintaining, upgrading, and disposing of an organization’s assets as needed. It is an integral part of this domain. This section will cover the hardware, software, and data lifecycle of an organization in depth. It will go through the hardware and software inventory and licensing and various data storage capabilities available. www.infosectrain.com | sales@infosectrain.com

  10. 5. Implement Security Controls and Assess ComplianceIn this section, we will learn multistep processes to control access to an organization’s resources. It will cover the technical controls such as session timeout, password aging, and physical controls such as mantrap, cameras, locks, and more. It will also cover administrative controls such as security policies and standards, procedures, baseline security, and more. This section will also go through periodic audits and reviews. 6. Participate in Change ManagementWe will learn about the change management process and various components of change management processes in this subsection of the Security Operations and Administration domain. The discussion will be around the ways to execute the change management process. This domain will teach you how you can identify security impacts. Learn how to establish security practices throughout the enterprise. This section will also cover rules to test and implement patches, fixes, and various updates of operating systems, applications, SDLC, and more. www.infosectrain.com | sales@infosectrain.com

  11. 7. Participate in Security Awareness and TrainingThis subsection will go through how IT and security professionals avoid and mitigate user risk. Businesses can reduce help desk costs and protect their entire cybersecurity investment by implementing security awareness training. Professionals learn how to prevent phishing and other types of social engineering cyber attacks, spot potential malware behaviors, report possible security threats, follow company IT policies and best practices and comply with any applicable data privacy and compliance regulations by participating in security awareness training. 8. Participate in Physical Security OperationsWe will study how to participate in physical security, what physical security is, how to manage it, and how to apply and implement it inside an organization in this subsection. This section will cover physical security, building security, keys, locks, safes, communications and server rooms, restricted and work area security, fire prevention, detection and suppression, and more. www.infosectrain.com | sales@infosectrain.com

  12. SSCP with InfosecTrain Enroll in the SSCP certification training course at InfosecTrain. We are one of the leading security training providers in the world. With the help of our highly educated and trained instructors, you may earn prestigious ISC2 SSCP certifications. This training course will teach you how to apply basic security concepts to the day-to-day operation and administration of enterprise computer systems and stored data. www.infosectrain.com | sales@infosectrain.com

  13. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com

  14. Our Endorsements www.infosectrain.com | sales@infosectrain.com

  15. Why InfosecTrain Global Learning Partners Access to the recorded sessions Certified and Experienced Instructors Flexible modes of Training Post training completion Tailor Made Training www.infosectrain.com | sales@infosectrain.com

  16. Our Trusted Clients www.infosectrain.com | sales@infosectrain.com

  17. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

More Related