In this video, learn about the objectives of the Security and Risk Management domain of the CISSP exam.
- (ISC)2 provides a detailed curriculum for the SSCP exam. It organizes the content into seven domains of information security: access controls, security operations and administration, risk identification, monitoring, and analysis, incident response and recovery, cryptography, network and communications security, and systems and application security. If you'd like, take the time to look through the official exam objectives and get a sense for the things you'll learn as you prepare for the SSCP exam.
Chances are that you're already familiar with some topics, while others may be brand new to you. That's fine. This course is designed to give you all of the knowledge that you'll need to pass the SSCP exam no matter where you are in your security career. In this video and the six that follow, I'll walk you through each of the seven SSCP domains and give you just a quick flavor of what the exam covers. Once you're done with these brief introductions, I have an entire course ready and waiting for you on each one of these seven domains.
The first domain of the SSCP exam, access controls, makes up 16% of the questions on the test. Access controls are extremely important to security professionals because they ensure that information and resources stay out of unauthorized hands. This domain has four objectives. The first objective is that you be able to implement authentication mechanisms. Authentication is the process of ensuring that an individual is who they claim to be, and security professionals do this in a number of ways.
We'll cover authentication mechanisms as simple as passwords, and then explain how you can improve security by implementing multifactor authentication. As you work your way through the second objective, you'll learn how to operate internet work trust architectures. Now that phrase is a mouthful, but it's not as complex as it sounds. It just means that when we connect different networks together, we need to think carefully about how much they should trust each other. For example, if we connect two offices from the same company together, we'd have a much higher degree of trust than if we connected our network to a vendor's network.
In the third objective you'll learn about the identity management lifecycle. You'll learn about how security professionals manage identity from the first act of providing a new user with an account, through the ongoing management and monitoring of that account, and ending up with the deprovisioning of that account when the user eventually leaves the organization. And, finally, the fourth objective covers implementing access controls. This is where we'll get into some of the formal models governing access controls. You'll learn about different types of access control systems, and how to choose one that's most appropriate for your organization.
We'll cover all of this and more in the SSCP Access Controls course.
- Careers in information security
- Benefits of SSCP certification
- SSCP domains
- Question types
- Exam tips
- Continuing education requirements