En cliquant sur "Accepter ", vous acceptez le stockage de cookies sur votre appareil pour améliorer la navigation sur le site, analyser l'utilisation du site et contribuer à nos efforts de marketing. Consulter nos Politique de confidentialité pour plus d'information.
Le cours Systems Security Certified Practitioner (SSCP) parcourt en cinq jours les sept domaines du Common Body of Knowledge (CBK) conçus par (ISC)² à connaitre par un professionnel de la sécurité informatique. La formation SSCP est dédié aux professionnels TI qui sont en charge de protéger la technologie et les informations. Il introduit les contremesures comme les pare-feux, les systèmes de détection d'intrusions, les solutions anti-virus et l'infrastructure de clé publique (PKI). Il prépare à la prestigieuse certification SSCP.
PRÉ-REQUIS:
Une connaissance en principes de réseaux informatiques et des protocoles utilisés pour la communication des systèmes. Un atout serait de posséder la certification CompTIA Security+ ou Network+.
Contenu du cours
Module 1: Access Controls
Implement authentication mechanisms
Single/multifactor authentication
Single sign-on
Offline authentication
Device authentication
Operate internetwork trust architectures
One-way trust
Two-way trust
Transitive trust
Administer identity management lifecycle
Authorization
Proofing
Provisioning
Maintenance
Entitlement
Implement access controls
Mandatory
Non-discretionary
Discretionary
Role-based
Attribute-based
Module 2: Security Operations
Understand and comply with Codes of Ethics
(ISC)² code of ethics
Organizational code of ethics
Understand security concepts
Confidentiality
Integrity
Availability
Non-repudiation
Privacy
Least privilege
Separation of duties
Defense-in-depth
Risk-based controls
Authorization and accountability
Document and operate security controls
Deterrent controls
Preventative
Corrective
Participate in asset management
Lifecycle
Hardware
Software
Data
Implement and assess compilance with controls
Technical controls
Operational controls
Managerial controls
Participate in change management duties
Implementation and configuration management plan
Security impact assessment
System architecture/interoperability of systems
Testing patches, fixes, and updates
Participate in security awareness and training
Participate in physical security operations
Module 3: Risk Identification, Monitoring, and Analysis
Understand the risk management process
Risk management concepts
Risk assessment
Risk treatment
Risk visibility and reporting
Audit findings
Perform security assessment activities
Participation in security and testing results
Penetration testing
Internal and external assessment
Vulnerability scanning
Interpretation and reporting of scanning and testing results
Operate and maintain monitoring systems
Events of interest
Logging
Source systems
Analyze and report monitoring results
Security analytics, metrics, and trends
Visualization
Event data analysis
Communicate findings
Module 4: Incident Response and Recovery
Incident handling
Discovery
Escalation
Reporting and feedback loops
Incident response
Implementation of countermeasures
Forensic investigations
Business continuity planning (BCP) and disaster recovery planning (DRP)
Emergency response plans and procedures
Interim or alternate processing strategies
Restoration planning
Backup and redundancy implementation
Testing and drills
Module 5: Cryptography
Fundamental concepts of cryptography
Evaluation of algorithms
Hashing
Salting
Symmetric/asymmetric cryptography
Digital signatures
Non-repudiation
Requirements for cryptography
Secure protocols
Cryptographic systems
Fundamental key management concepts
Public key infrastructure
Administration and validation
Web of Trust
Implementation of secure protocols
Module 6: Networks and Communications Security
Security issues related to networks
OSI and TCP/IP models
Network topographies and relationships
Commonly used ports and protocols
Telecommunications technologies
Converged communications
VoIP
POTS, PBX
Cellular
Attacks and countermeasures
Network access
Access control and monitoring
Access control standards and protocols
Remote Access operation and configuration
Attacks and countermeasures
LAN-based security
Separation of data plane and control plane
Segmentation
MACsec
Secure device management
Network-based security devices
Firewalls and proxies
Network intrusion detection/prevention systems
Routers and switches
Traffic shaping devices
Frameworks for data sharing
Wireless technologies
Transmission security
Wireless security devices
Common vulnerabilities and countermeasures
Module 7: Systems and Application Security
Identify and analyze malicious code and activity
Malicious code
Malicious code countermeasures
Malicious activity
Malicious activity countermeasures
Implement and operate end-point device security
HIDS
Host-based firewalls
Application white listing
Endpoint encryption
Trusted platform module
Mobile device management
Secure browsing
Operate and configure cloud security
Operation models
Service models
Virtualization
Legal and privacy concerns
Data storage and transmission
Third-party/outsourcing implications
Secure big data systems
Application vulnerabilities
Architecture or design vulnerabilities
Operate and secure virtual environments
Software-defined network (SDN)
Hypervisor
Virtual appliances
Continuity and resilience
Attacks and countermeasures
Shared storage
Appendix A: Answers to Sample Questions
Appendix B: DNSSEC Walkthrough
Appendix C: Glossary of Terms Related to the SSCP
Inscription
Systems Security Certified Practitioner (SSCP) (CS8521)
Merci!
Un membre de notre équipe vous contactera pour confirmer votre inscription.
Une erreur est survenue. Veillez-nous contacter directement via info@solti.ca.
