ISC2 Systems Security Certified Practitioner® (SSCP®)

The goal of this five-day accelerated SSCP certification course is to provide IT and information security professionals with a fully-immersed, zero-distraction, all-inclusive SSCP training experience.

You'll develop the expertise to tackle the operational demands and responsibilities of a security practitioner, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

SSCP was designed to recognise an international standard for practitioners of information security [IS] and understanding of a Common Body of Knowledge (CBK). It focuses on practices, roles and responsibilities as defined by experts from major IS industries. Certification can enhance an IS career and provide added credibility.

Your SSCP training course encompasses the ISC2 SSCP CBK Review Seminar, intense hands-on instruction, meals, and accommodation.

SSCP accreditation provides information security personnel and their employers with international credibility. It also gives their employers a reliable measure of professional competence.

At Firebrand, we are proud to be an official ISC2 Preferred Training Partner:

• We are guaranteed to adhere to stringent technical pre-screening practices: candidates that do not have the necessary work and education experience my be subject to decertification;
• We guarantee the highest quality of education and customer satisfaction: candidates are able to contact ISC2 directly for program quality assurance;
• We utilise ISC2 instructors trained directly by the consortium: many SSCP instructors participated in the actual development of the SSCP CBK;
• We employ only official ISC2 courseware and materials, which are the product of extensive work from SSCPs, CISSPs, ISC2 Instructors, and Subject Matter Experts.

This course prepares you to sit the SSCP exam, covered by your Firebrand Certification Guarantee.

This accelerated training course is designed for those with proven technical skills and practical, hands-on security knowledge in operational IT roles, such as:

• Network Security Engineer
• Systems/Network Administrator
• Security Analyst
• Systems Engineer
• Security Consultant/Specialist
• Security Administrator
• Systems/Network Analyst
• Database Administrator

ISC2 Premier Training Partner

At Firebrand, we are proud to be an Official Training Premier Partner of ISC2 for 2025 in recognition of our commitment to delivering world-class training, certification, and professional development opportunities for Cybersecurity professionals.

This course covers the seven domains of the SSCP Common Body of Knowledge (CBK):

Domain 1: Access Controls

1.1 Implement and maintain authentication methods

• Single/multifactor authentication
• Single sign-on
• Device authentication
• Federated access

1.2 Support internetwork trust architectures

• Trust relationships (e.g., 1-way, 2-way, transitive)
• Extranet
• Third party connections

1.3 Participate in the identity management lifecycle

• Authorisation
• Proofing
• Provisioning/de-provisioning
• Maintenance
• Entitlement
• Identity and Access Management (IAM) systems

1.4 Implement access controls

• Mandatory
• Non-discretionary
• Discretionary
• Role-based
• Attribute-based
• Subject-based
• Object-based

Domain 2: Security Operations and Administration

2.1 Comply with codes of ethics

• ISC2 Code of Ethics
• Organisational code of ethics

2.2 Understand security concepts

2.3 Document, implement, and maintain functional security controls

• Deterrent controls
• Preventative controls
• Detective controls
• Corrective controls
• Compensating controls

2.4 Participate in asset management

• Lifecycle (hardware, software, and data)
• Hardware inventory
• Software inventory and licensing
• Data storage

2.5 Implement security controls and assess compliance

• Technical controls (e.g., session timeout, password aging)
• Physical controls (e.g., mantrap, cameras, locks)
• Administrative controls (e.g., security policies and standards, procedures, baselines)
• Periodic audit and review
• Confidentiality
• Integrity
• Availability
• Accountability
• Privacy
• Non-repudiation
• Least privilege
• Separation of duties

2.6 Participate in change management

• Execute change management process
• Identify security impact
• Testing /implementing patches, fixes, and updates (e.g., operating system, applications, SDLC)

2.7 Participate in security awareness and training

2.8 Participate in physical security operations (e.g., data centre assessment, badging)

Domain 3: Risk Identification, Monitoring, and Analysis

3.1 Understand the risk management process

• Risk visibility and reporting (e.g., risk register, sharing threat intelligence, Common Vulnerability Scoring System (CVSS))
• Risk management concepts (e.g., impact assessments, threat modelling, Business Impact Analysis (BIA))
• Risk management frameworks (e.g., ISO, NIST)
• Risk treatment (e.g., accept, transfer, mitigate, avoid, recast)

3.2 Perform security assessment activities

• Participate in security testing
• Interpretation and reporting of scanning and testing results
• Remediation validation
• Audit finding remediation

3.3 Operate and maintain monitoring systems (e.g., continuous monitoring)

• Events of interest (e.g., anomalies, intrusions, unauthorised changes, compliance monitoring)
• Logging
• Source systems
• Legal and regulatory concerns (e.g., jurisdiction, limitations, privacy)

3.4 Analyse monitoring results

• Security baselines and anomalies
• Visualisations, metrics, and trends (e.g., dashboards, timelines)
• Event data analysis
• Document and communicate findings (e.g., escalation)

Domain 4: Incident Response and Recovery

4.1 Support incident lifecycle

• Preparation
• Detection, analysis, and escalation
• Containment
• Eradication
• Recovery
• Lessons learned/implementation of new countermeasure

4.2 Understand and support forensic investigations

• Legal and ethical principles
• Evidence handling (e.g., first responder, triage, chain of custody, preservation of scene)

4.3 Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) activities

• Emergency response plans and procedures (e.g., information system contingency plan)
• Interim or alternate processing strategies
• Restoration planning
• Backup and redundancy implementation
• Testing and drills

Domain 5: Cryptography

5.1 Understand fundamental concepts of cryptography

5.2 Understand reasons and requirements for cryptography

5.3 Understand and support secure protocols

5.4 Understand Public Key Infrastructure (PKI) systems

• Fundamental key management concepts (e.g., key rotation, key composition, key creation, exchange, revocation, escrow)
• Web of Trust (WOT) (e.g., PGP, GPG)
• Hashing
• Salting
• Symmetric/asymmetric encryption/Elliptic Curve Cryptography (ECC)
• Non-repudiation (e.g., digital signatures/ certificates, HMAC, audit trail)
• Encryption algorithms (e.g., AES, RSA)
• Key strength (e.g., 256, 512, 1024, 2048 bit keys)
• Cryptographic attacks, cryptanalysis, and counter measures
• Confidentiality
• Integrity and authenticity
• Data sensitivity (e.g., PII, intellectual property, PHI)
• Regulatory
• Services and protocols (e.g., IPSec, TLS, S/MIME, DKIM)
• Common use cases
• Limitations and vulnerabilities

6.1 Understand and apply fundamental concepts of networking

6.2 Understand network attacks and countermeasures (e.g., DDoS, man-in-the-middle, DNS poisoning)

6.3 Manage network access controls

• Network access control and monitoring (e.g., remediation, quarantine, admission)
• Network access control standards and protocols (e.g., IEEE 802.1X, Radius, TACACS)
• Remote access operation and configuration (e.g., thin client, SSL VPN, IPSec VPN, telework)

6.4 Manage network security

• Logical and physical placement of network devices (e.g., inline, passive)
• Segmentation (e.g., physical/logical, data/control plane, VLAN, ACLs)
• Secure device management 6.5 Operate and configure network-based security devices
• Firewalls and proxies (e.g., filtering methods)
• Network intrusion detection/prevention systems
• Routers and switches
• Traffic-shaping devices (e.g., WAN optimisation, load balancing)

6.6 Operate and configure wireless technologies (e.g., bluetooth, NFC, WiFi)

• Transmission security
• Wireless security devices (e.g.,WIPS, WIDS)
• Domain 6: Network and Communications Security
• OSI and TCP/IP models
• Network topographies (e.g., ring, star, bus, mesh, tree)
• Network relationships (e.g., peer to peer, client server)
• Transmission media types (e.g., fiber, wired, wireless)
• Commonly used ports and protocols

Domain 7: Systems and Application Security

7.1 Identify and analyse malicious code and activity Malware (e.g., rootkits, spyware, scareware, ransomware, trojans, virus, worms, trapdoors, backdoors, and remote access trojans)

• Malicious code countermeasures (e.g., scanners, anti-malware, code signing, sandboxing)
• Malicious activity (e.g., insider threat, data theft, DDoS, botnet)
• Malicious activity countermeasures (e.g., user awareness, system hardening, patching, sandboxing, isolation)

7.2 Implement and operate endpoint device security

7.3 Operate and configure cloud security

7.4 Operate and secure virtual environments

• HIDS
• Host-based firewalls
• Application white listing
• Endpoint encryption
• Trusted Platform Module (TPM)
• Mobile Device Management (MDM) (e.g., COPE, BYOD)
• Secure browsing (e.g., sandbox)
• Deployment models (e.g., public, private, hybrid, community)
• Service models (e.g., IaaS, PaaS and SaaS)
• Virtualisation (e.g., hypervisor)
• Legal and regulatory concerns (e.g., privacy, surveillance, data ownership, jurisdiction, eDiscovery)
• Data storage and transmission (e.g., archiving, recovery, resilience)
• Third party/outsourcing requirements (e.g., SLA, data portability, data destruction, auditing)
• Shared responsibility model
• Software-defined networking
• Hypervisor
• Virtual appliances
• Continuity and resilience
• Attacks and countermeasures
• Shared storage

There are no formal prerequisites to attend the SSCP course. However, it is recommended that students have some knowledge of other IT domains, including a basic working knowledge of Network technologies. Achieving the CompTIA Security+ certification, while not required, would also be beneficial.

In order to attain the SSCP certification, delegates require a minimum of one year's cumulative paid full-time work experience in one or more of the seven domains covered in the SSCP CBK. Valid experience includes information systems security-related work performed, or work that requires information security knowledge and involves direct application of that knowledge.

If you do not have the required experience, you may still sit for the exam and become an Associate of ISC2 until you have gained the required experience.

On this accelerated course, you'll prepare for and sit your official SSCP exam at the Firebrand Training Centre, covered by your Certification Guarantee:

• Length of exam: 3 hours
• Number of questions: 125
• Question format: Multiple choice
• Passing grade: 700 of 1000 points

To qualify for this Cyber Security certification, you must pass the exam and have at least one year of cumulative, paid work experience in one or more of the seven domains of the ISC2 SSCP Common Body of Knowledge (CBK), or a degree (Bachelors or Masters) in a recognised Cyber Security program.

If you don't have the required experience to become an SSCP, you can become an Associate of ISC2 by successfully passing the SSCP examination. You will then have two years to earn the one year required experience.

SSCP recertification is required every three years. You can maintain the certification by meeting all ISC2 SSCP renewal requirements.