Exploring SSCP Domain 2 Security Operations And Administration For A Career In IT Security

Exploring SSCP Domain 2 Security Operations and Administration for a Career in IT Security

131 views

Embed
Email

From

Username or Email (please add comma after each username or email)

Name	Email

Back

Menu 3

Eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.

Infosectrain

Uploaded on Jan 1, 2022

Category Education

Domain 2 of the SSCP certification exam is Security Operations and Administration. The Security Operations and Administration domain comprises a 15% weightage of the SSCP certification exam.

Category Education

Comments

Exploring SSCP Domain 2 Security Operations and Administration for a Career in IT Security
Exploring SSCP Domain 2: Security Operations and
Administration for a Career in IT Security
www.infosectrain.com | [email protected]
Information is exposed to a large number and range of threats
in an increasingly interconnected world. Due to the ever-
increasing number of cyberattacks, security has become the
prime concern in information technology. Information security
can help protect an organization’s technology and information
assets by preventing, detecting, and responding to attacks. This
article will cover the second domain of the SSCP certification
exam that deals with the various aspects related to security
operations and administration.
www.infosectrain.com | [email protected]
www.infosectrain.com | [email protected]
Domains of SSCP
www.infosectrain.com | [email protected]
The seven domains covered by the SSCP certification exam are:
•Domain 1: Access Controls (16%)
•Domain 2: Security Operations and Administration (15%)
•Domain 3: Risk Identification, Monitoring, and Analysis (15%)
•Domain 4: Incident Response and Recovery (13%)
•Domain 5: Cryptography (10%)
•Domain 6: Network and Communications Security (16%)
•Domain 7: Systems and Application Security (15%)
www.infosectrain.com | [email protected]
Domain 2: Security Operations and Administration
Domain 2 of the SSCP certification exam is Security Operations and Administration.
The Security Operations and Administration domain comprises a 15% weightage of
the SSCP certification exam. This domain is concerned with the availability,
integrity, and confidentiality of information related to management staff, system
owners, information managers, and end-users. This domain will discuss the
availability to ensure accessibility to all hardware, software applications, and data
throughout the system. It will also discuss integrity to protect systems from
unauthorized, unanticipated, or unintentional modifications. Every business
should have policies, standards, procedures, and guidelines that give recorded
information to govern the organization’s actions and the behavior of the people it
employs or interacts with. You will learn about change management, software and
system patches and upgrades, and data management rules in this domain. It will
also go over data classification and validate whether or not a security measure is
working correctly. The subtopics covered in Security Operations and
Administration domains are:
www.infosectrain.com | [email protected]
•Comply with codes of ethics
•Understand security concepts
•Document, implement and maintain functional security controls
•Participate in asset management
•Implement security controls and assess compliance
•Participate in change management
•Participate in security awareness and training
•Participate in physical security operations
www.infosectrain.com | [email protected]
1. Comply with Codes of Ethics
In this subsection, we will understand what a code of ethics is. A code of
ethics is a set of guidelines for professionals to conduct business honestly and
ethically. This section will provide the ethical rules and best practices for
maintaining honesty, integrity, and professionalism in an organization. In
addition, the examination candidate must also agree to and sign the ISC2
Code of Ethics and non-disclosure agreement (NDA).
2. Understand Security Concepts
This subsection will discuss the three core security targets, known as the CIA
triad, confidentiality, integrity, and availability. These are the three things that
businesses prefer to prevent. It will also cover the significance of the
concepts of confidentiality, integrity, and availability and how to connect any
other security topic to one of these three goals. It will also help you
understand the basic security concepts such as accountability, privacy, non-
repudiation, least privilege, and more. It will cover ‘separation of duties’
policies to ensure that no one person has too much authority and control.
www.infosectrain.com | [email protected]
3. Document, Implement and Maintain Functional Security
Controls
This subsection will look at different control types and recognize
the need for layered security in our information systems. A single
security countermeasure is never enough; we need layers upon
layers of protection. We will understand various controls such as
deterrent, preventive, corrective, detective, and compensating
controls.
4. Participate in Asset Management
This subsection deals with the management of organizational IT
assets and the processes involved in management. Asset
management is the process of monitoring, deploying, maintaining,
upgrading, and disposing of an organization’s assets as needed. It is
an integral part of this domain. This section will cover the
hardware, software, and data lifecycle of an organization in depth.
It will go through the hardware and software inventory and
licensing and various data storage capabilities available.
www.infosectrain.com | [email protected]
5. Implement Security Controls and Assess Compliance
In this section, we will learn multistep processes to control access to
an organization’s resources. It will cover the technical controls such as
session timeout, password aging, and physical controls such as
mantrap, cameras, locks, and more. It will also cover administrative
controls such as security policies and standards, procedures, baseline
security, and more. This section will also go through periodic audits
and reviews.
6. Participate in Change Management
We will learn about the change management process and various
components of change management processes in this subsection of
the Security Operations and Administration domain. The discussion
will be around the ways to execute the change management process.
This domain will teach you how you can identify security impacts.
Learn how to establish security practices throughout the enterprise.
This section will also cover rules to test and implement patches, fixes,
and various updates of operating systems, applications, SDLC, and
more.
www.infosectrain.com | [email protected]
7. Participate in Security Awareness and Training
This subsection will go through how IT and security professionals avoid
and mitigate user risk. Businesses can reduce help desk costs and protect
their entire cybersecurity investment by implementing security awareness
training. Professionals learn how to prevent phishing and other types of
social engineering cyber attacks, spot potential malware behaviors, report
possible security threats, follow company IT policies and best practices
and comply with any applicable data privacy and compliance regulations
by participating in security awareness training.
8. Participate in Physical Security Operations
We will study how to participate in physical security, what physical
security is, how to manage it, and how to apply and implement it inside
an organization in this subsection. This section will cover physical security,
building security, keys, locks, safes, communications and server rooms,
restricted and work area security, fire prevention, detection and
suppression, and more.
www.infosectrain.com | [email protected]
SSCP with InfosecTrain
Enroll in the SSCP certification training course at InfosecTrain.
We are one of the leading security training providers in the
world. With the help of our highly educated and trained
instructors, you may earn prestigious ISC2 SSCP certifications.
This training course will teach you how to apply basic security
concepts to the day-to-day operation and administration of
enterprise computer systems and stored data.
www.infosectrain.com | [email protected]
About InfosecTrain
• Established in 2016, we are one of the finest
Security and Technology Training and
Consulting company
• Wide range of professional training programs,
certifications & consulting services in the IT
and Cyber Security domain
• High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com | [email protected]
Our Endorsements
www.infosectrain.com | [email protected]
Why InfosecTrain Global Learning Partners
Certified and Flexible modes Access to the
Experienced Instructors of Training recorded
sessions
Post training Tailor Made
completion Training
www.infosectrain.com | [email protected]
Our Trusted Clients
www.infosectrain.com | [email protected]

Contact us
Get your workforce reskilled
by our certified and
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-221-
1127 / UK : +44 7451 208413
[email protected]
www.infosectrain.com