1 / 18

Exploring SSCP Domain 7 Systems and Application Security for a Career in IT Security

Domain 7 of the SSCP certification exam is Systems and Application Security. The Systems and Application Security domain comprise 15% of the total weightage in the SSCP certification exam.

infosectrain1
Download Presentation

Exploring SSCP Domain 7 Systems and Application Security for a Career in IT Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exploring SSCP Domain 7: Systems and Application Security for a Career in IT Security www.infosectrain.com | sales@infosectrain.com

  2. Malicious code refers to any code in any part of a software system designed to create unwanted effects, security breaches, or system harm. Malicious code is a hazard to application security that cannot be effectively handled by traditional antivirus software alone, necessitating more robust security measures. The Systems and Application Security domain are concerned with various countermeasures for various types of malware or malicious code that cause security breaches. This article will cover the seventh domain of SSCP: Network and Communications Security, and what you can expect in the SSCP exam from this domain. www.infosectrain.com | sales@infosectrain.com

  3. www.infosectrain.com | sales@infosectrain.com

  4. Domains of SSCP www.infosectrain.com | sales@infosectrain.com

  5. The seven SSCP domains are: • Domain 1: Access Controls (16%) • Domain 2: Security Operations and Administration (15%) • Domain 3: Risk Identification, Monitoring, and Analysis (15%) • Domain 4: Incident Response and Recovery (13%) • Domain 5: Cryptography (10%) • Domain 6: Network and Communications Security (16%) • Domain 7: Systems and Application Security (15%) www.infosectrain.com | sales@infosectrain.com

  6. Domain 7: Systems and Application Security Domain 7 of the SSCP certification exam is Systems and Application Security. The Systems and Application Security domain comprise 15% of the total weightage in the SSCP certification exam. This domain will introduce the necessity of securing endpoints from various malicious code attacks and how to use various countermeasures to lessen endpoint threats. Endpoints, such as host workstations, digital wireless devices, printers, scanners, and point-of-sale equipment, form the termination point of a network connection. This domain will also discuss implementing controls and countermeasures to identify and prevent malicious code from attacking the network and its hosts. The subtopics covered in the Systems and Application Security domain are: www.infosectrain.com | sales@infosectrain.com

  7. Identify and analyze malicious code and activity • Implement and operate endpoint device security • Operate and configure cloud security • Operate and secure virtual environments www.infosectrain.com | sales@infosectrain.com

  8. 1. Identify and Analyze Malicious Code and ActivityThis subsection will provide in-depth knowledge of malicious codes and malware and the various countermeasures like scanners, anti-malware, code signing, sandboxing, and more. This section teaches how to detect and identify malware and computer code that could compromise an organization’s IT systems. It also covers techniques for introducing these variants into systems and tools and processes for limiting exposure to this type of behavior, including user training to aid their efforts. It will discuss exploitation, insider threats, spoofing, phishing, spam, and botnets, as well as malicious web activity, payloads, malcode mitigation, and frequent mistakes. This domain will also discuss malicious activity countermeasures such as user awareness, system hardening, patching, sandboxing, isolation. www.infosectrain.com | sales@infosectrain.com

  9. 2. Implement and Operate Endpoint Device SecurityThis subsection will describe endpoint device security in detail and the processes to operate it. Today’s endpoint security systems are built to identify, assess, block quickly, and contain active attacks. Endpoint security is the technique of preventing malicious actors and threats from attacking entry points or endpoints of an end-user device such as desktops, laptops, and smartphones. The section will also cover the Mobile Device Management (MDM) process such as COPE, BYOD. It will discuss the benefits and drawbacks of Host-Based Intrusion Detection Systems (HIDS). The section will also cover various topics like host-based firewalls, application whitelisting, endpoint encryption, Trusted Platform Module (TPM), Mobile Device Management (MDM), and Secure Browsing. www.infosectrain.com | sales@infosectrain.com

  10. 3. Operate and Configure Cloud SecurityThis subsection will discuss the process for configuring cloud security. This section covers an introduction to the five essential characteristics of clouds, cloud deployment, and service models. It will cover virtualization and its different types. The area will also discuss the country-related legal and privacy concerns. The section will classify discovered sensitive data, mapping, the definition of controls, application of defined controls for Personally Identifiable Information (PII). It will also cover data storage and transmission, encryption, key management, masking/obfuscation and anonymization, data deletion procedures and mechanisms, and more. Lastly, the section will explain the shared responsibility model. www.infosectrain.com | sales@infosectrain.com

  11. 4. Operate and Secure Virtual EnvironmentsThis subsection will explain the process for securing virtual environments and big data systems. Virtualization allows users to share a single physical instance of any resource across several machines. Virtualization is a method by which we create a virtual environment of storage devices and server operating systems. This section will go through the Software-Defined Network (SDN) and how it works, virtual appliances, continuity and resilience, attacks and countermeasures, common virtualization attacks, secure virtualization recommendations, and best practices, and shared storage. www.infosectrain.com | sales@infosectrain.com

  12. SSCP with InfosecTrain Enroll in the SSCP certification training course at InfosecTrain. We are one of the leading security training providers in the world. With the help of our highly educated and trained instructors, you may earn prestigious (ISC)2 SSCP certifications. The SSCP certification training course will teach you about harmful or malicious computer code and how to defend your company from it, as well as endpoint device security, cloud infrastructure security, securing big data platforms, and securing virtual environments. www.infosectrain.com | sales@infosectrain.com

  13. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com

  14. Our Endorsements www.infosectrain.com | sales@infosectrain.com

  15. Why InfosecTrain Global Learning Partners Access to the recorded sessions Certified and Experienced Instructors Flexible modes of Training Post training completion Tailor Made Training www.infosectrain.com | sales@infosectrain.com

  16. Our Trusted Clients www.infosectrain.com | sales@infosectrain.com

  17. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

More Related