ISC2 Systems Security Certified Practitioner (SSCP)

Advance Your IT Career with Cybersecurity Skills.

Gain Flexibility with Self-Paced Learning.

Instructor: ISC2 Education & Training

Access provided by Eli Lilly

40,905 already enrolled

7 course series

Earn a career credential that demonstrates your expertise

from 294 reviews of courses in this program

Beginner level

No prior experience required

4 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

7 course series

Earn a career credential that demonstrates your expertise

from 294 reviews of courses in this program

Beginner level

No prior experience required

4 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

What you'll learn

Implement, monitor and administer an organization’s IT infrastructure

Skills you'll gain

Tools you'll learn

Details to know

Shareable certificate

Add to your LinkedIn profile

Taught in English

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Advance your career with in-demand skills

Receive professional-level training from ISC2
Demonstrate your technical proficiency
Earn an employer-recognized certificate from ISC2

Specialization - 7 course series

Pursue better IT security job opportunities and prove knowledge with confidence. The SSCP Professional Training Certificate shows employers you have the IT security foundation to defend against cyber attacks – and puts you on a clear path to earning SSCP certification.

Upon completing the SSCP Professional Certificate, you will:

Complete seven courses of preparing you to sit for the Systems Security Certified Practitioner (SSCP) certification exam as outlined below.
1. Course 1 - Security Concepts and Practices
2. Course 2 - Access Controls
3. Course 3 - Risk Identification, Monitoring, and Analysis
4. Course 4 - Incident Response and Recovery
5. Course 5 - Cryptography
6. Course 6 - Network and Communications Security
7. Course 7 - Systems and Application Security
Receive a certificate of program completion.
Understand how to implement, monitor and administer an organization’s IT infrastructure in accordance with security policies and procedures that ensure data confidentiality, integrity and availability.

Applied Learning Project

Each course includes a final assessment and knowledge checks that will require students to put into practice the knowledge they have gained throughout each course. Successful completion of assessments will require the basic understanding of the topics covered and the ability to relate those topics to the real world.

Security Concepts and Practices

Course 1, 10 hours

What you'll learn

Course 1 - Security Concepts and Practices

This is the first course under the specialization SSCP. In this course, we will focus on the core aspects of security concepts and practice, starting with the importance of codes of ethics. We will then cover the basic principles of information security and move on to describe security controls, their implementation, maintenance, and assessment. We will also address the identification of corporate assets and the change management life cycle. We will then explain the importance of awareness and training and conclude with an exploration of physical security operations. Course 1 Learning Objectives After completing this course, the participant will be able to:  - Recall the ISC2 Code of Ethics. - Explain the importance of an organizational code of ethics in the cybersecurity profession. - Compare the security concepts of confidentiality, integrity, and availability. - Apply accountability in the implementation of certain data protection controls. - Explain the concept of non-repudiation. - Discuss the concept of least privilege. - Indicate the importance of segregation of duties. - Differentiate technical, physical, and administrative security controls. - Relate security controls to considerations of assessing compliance requirements and organizational needs. - Indicate the importance of periodic audit and review of security controls. - Categorize various control types or technologies based on their different roles as part of an overall security structure and posture. - Summarize the security of assets all through the stages of their life cycle. - Examine operational requirements of change management. - Categorize security education and awareness strategies. - Define measurements for gauging the effectiveness of a security education and awareness program. - Indicate strategies that security professionals can use to collaborate with physical security operations. Who Should Take This Course: Beginners Experience Required: No prior experience required

Skills you'll gain

Category: Change Control

Category: Security Management

Category: Security Awareness

Category: Data Ethics

Category: Cyber Security Policies

Category: Data Security

Category: Computer Security Awareness Training

Category: Cybersecurity

Category: Data Integrity

Category: Security Controls

Category: Safety and Security

Category: Identity and Access Management

Access Control

Course 2, 6 hours

What you'll learn

Course 2 - Access Controls

This is the second course under the specialization SSCP. In this course, we will examine the business of controlling how our systems, services, resources and data can be Safely accessed only by those authorized to do so. We will discuss authentication methods, trust, the identity management life cycle and access control models. Course 2 Learning Objectives After completing this course, the participant will be able to:  - Categorize identity and access management implementation authentication methods.  - Discuss the importance of trust from a security standpoint.  - Compare levels of trust among various relationships and internetwork architectures.  - Explain the implications of trust among third-party connections.  - Differentiate among the activities of the identity management life cycle.  - Categorize various access control models.  - Define the elements, methods, and processes used when administering access control models.  Who Should Take This Course: Beginners Experience Required: No prior experience required

Skills you'll gain

Category: Authentications

Category: Role-Based Access Control (RBAC)

Category: Data Access

Category: Identity and Access Management

Category: Authorization (Computing)

Category: Security Controls

Category: Security Awareness

Category: User Provisioning

Category: Multi-Factor Authentication

Risk Identification, Monitoring, and Analysis

Course 3, 6 hours

What you'll learn

Course 3 - Risk Identification, Monitoring and Analysis

This is the third course under the specialization SSCP In this course, we will explore how to manage the risks related to information systems. It is time to bring these ideas together in a context of continuous maturity modeling, measuring, and monitoring, which we will see is focused on the here and now. Risk alignment works best at the strategic, long-term level of planning; risk maturation, by contrast, can be most effective when considered in the day-to-day of business operations. This is sometimes called operationalizing the approach to risk management and maturation. Course 3 Learning Objectives After completing this course, the participant will be able to:  - Identify common risks and vulnerabilities. - Describe risk management concepts.  - Recognize risk management frameworks.  - Provide examples of appropriate risk tolerance.  - Provide examples of appropriate risk treatment.  - Identify risks of noncompliance with laws and regulations.  - Identify appropriate methods for risk management frameworks implementation.  - Indicate the range and scope of risk review.  - Identify the components of risk review.  - Describe vulnerability assessment activities used to examine all aspects of network and system security.  - Review the steps for monitoring, incident detection, and data loss prevention.  - Classify the use of tools that collect information about the IT environment to better examine the organization’s security posture.  - Identify events of interest to focus on those that may be part of an attack or intrusion.  - Select methods for managing log files.  - Describe tools and methods for analyzing the results of monitoring efforts.  - Identify communication requirements when documenting and reporting the results of monitoring security platforms.  Who Should Take This Course: Beginners Experience Required: No prior experience required

Skills you'll gain

Category: Security Information and Event Management (SIEM)

Category: Risk Management

Category: Vulnerability Management

Category: Business Risk Management

Category: Vulnerability Assessments

Category: Network Monitoring

Category: Risk Mitigation

Category: Operational Risk

Category: Risk Analysis

Category: Cyber Risk

Category: Threat Management

Category: Intrusion Detection and Prevention

Category: Security Controls

Category: Enterprise Risk Management (ERM)

Category: Compliance Management

Category: Law, Regulation, and Compliance

Category: Technical Communication

Category: Network Analysis

Category: Continuous Monitoring

Incident Response and Recovery

Course 4, 4 hours

What you'll learn

Course 4 - Incident Response and Recovery

This is the fourth course under the specialization SSCP In this course, we will focus on incident response and recovery. We will explore the incident life cycle as defined by NIST and continue with a deeper look at supporting forensic investigations. We will also extend these ideas and concepts around the theme of business continuity and disaster recovery. Course 4 Learning Objectives After completing this course, the participant will be able to:  - Identify the elements of an incident response policy and members of the incident response team (IRT).  - Evaluate the security professional’s role in supporting forensic investigations.   - Explain how the security professional supports activities of business continuity and disaster recovery planning. Who Should Take This Course: Beginners Experience Required: No prior experience required

Skills you'll gain

Category: Incident Response

Category: Digital Forensics

Category: Business Continuity

Category: Disaster Recovery

Category: Investigation

Category: Computer Security Incident Management

Category: Security Management

Category: Threat Detection

Category: Cybersecurity

Category: Cyber Threat Intelligence

Cryptography

Course 5, 6 hours

What you'll learn

Course 5 - Cryptography

This is the fifth course under the specialization SSCP. In this course, we will explore the field of cryptography, including public-key infrastructures (PKIs), certificates, and digital signing. Here we enter the realm of confidentiality, integrity, and availability, since we use cryptography to protect data from unauthorized disclosure and improper modification and use encryption to regulate the ability of users to log in to systems and applications. Course 5 Learning Objectives After completing this course, the participant will be able to:  - Recognize the impacts of cryptography on confidentiality, integrity, and authenticity.  - Determine the requirements for cryptography when handling sensitive data.  - Identify regulatory and industry best practices in cryptography.  - Define cryptography entropy.  - Differentiate common cryptographic techniques used to enhance the security of sensitive data including hashing, salting, symmetric/asymmetric encryption, and elliptic curve cryptography.  - Identify the features and requirements of nonrepudiation.  - Compare the strength of different encryption algorithms and keys.  - Describe the process of identifying and addressing cryptographic attacks.  - Define the features of and the implementation process of secure services and protocols.  - Discuss common use cases for secure services and protocols.  - Explain limitations and vulnerabilities in the implementation of secure protocols.  - Summarize fundamental key management concepts.  - Describe the features of the Web of Trust (WoT) in relation to cryptographic protocols.  Who Should Take This Course: Beginners Experience Required: No prior experience required

Skills you'll gain

Category: Cryptography

Category: Encryption

Category: Brute-force attacks

Category: Public Key Infrastructure

Category: Application Security

Category: Data Security

Category: Cryptographic Protocols

Category: Algorithms

Category: Cybersecurity

Category: Public Key Cryptography Standards (PKCS)

Category: Data Integrity

Category: Authentications

Category: Key Management

Network and Communications Security

Course 6, 7 hours

What you'll learn

Course 6 - Network and Communications Security

This is the sixth course under the specialization SSCP. This course includes an orientation to the network neighborhood via the OSI 7-Layer and TCP/IP models in the context of internetworking and communications. It also probes each of the seven layers of this combined protocol stack, introducing the key technologies at each layer and their normal uses. There is also information on various protocols that run on top of this architecture, as well as attack and defensive strategies and tactics. Additionally, discussed in this course is how to manage network security and secure wireless communications. Course 6 Learning Objectives After completing this course, the participant will be able to:  - Recognize layers of the OSI model, their functions and attacks present at each layer, and identify commonly used ports and protocols. - Select appropriate security controls for various network attacks. - Describe the tools used for network access control. - Summarize best practices for establishing a secure networked environment. - Understand how to configure and operate security devices such as firewalls and proxies. - Summarize the types of telecommunications and network access controls. Who Should Take This Course: Beginners Experience Required: No prior experience required

Skills you'll gain

Category: Firewall

Category: Network Security

Category: Wireless Networks

Category: OSI Models

Category: Network Protocols

Category: Authentications

Category: Network Administration

Category: Telecommunications

Category: Security Controls

Category: Network Infrastructure

Category: TCP/IP

Category: Intrusion Detection and Prevention

Category: Distributed Denial-Of-Service (DDoS) Attacks

Category: Proxy Servers

Category: Remote Access Systems

Systems and Application Security

Course 7, 11 hours

What you'll learn

Course 7 - Systems and Application Security

This is the seventh course under the specialization SSCP. This course discusses two major changes in recent years to how we use our data: going mobile and using the cloud. First, we use our data on the go by means of data services provided to our mobile phones, Wi-Fi, and other devices. Second, so many of the enhanced functions we take for granted in our daily personal and professional lives are made possible by cloud services, where our data is stored or processed.  Course 7 Learning Objectives After completing this course, the participant will be able to:  - Classify different types of malware. - Determine how to implement malware countermeasures. - Identify various types of malicious activities.  - Develop strategies for mitigating malicious activities.  - Describe various social engineering methods used by attackers.  - Explain the role of behavior analytics technologies in detecting and mitigating threats.  - Explain the role and functionality of host-based intrusion prevention system (HIPS), host-based intrusion detection system (HIDS), and host-based firewalls.  - Evaluate the benefits of application whitelisting in endpoint device security.  - Explain the concept of endpoint encryption and its role in endpoint security.  - Describe the role and functionality of Trusted Platform Module (TPM) technology in providing hardware-based security features.  - Identify the steps in implementing secure browsing practices using digital certificates and secure communication protocols.  - Explain the concept of endpoint detection and response (EDR) and its role in providing real-time monitoring, detection, investigation, and response capabilities to identify and mitigate advanced threats and security incidents on endpoint devices.  - Identify provisioning techniques for mobile devices.  - Explain the concept of containerization and how it contributes to effective mobile device management.  - Explain how encryption contributes to effective mobile device management.  - Describe the process of Mobile Application Management (MAM) to effectively manage the life cycle of mobile applications.  - Distinguish among public, private, hybrid, and community deployment models in cloud security.  - Distinguish among various service models and their impact on cloud security practices.  - Describe virtualization technologies and their role in maintaining cloud security.  - Identify legal and regulatory concerns related to cloud security.  - Determine strategies to implement data storage, processing, and transmission while maintaining cloud security.  - Explain the requirements and considerations associated with third-party services and outsourcing in cloud storage.  - Explain the concept of the shared responsibility model in cloud storage.  - Identify steps to manage and secure hypervisor environments.  - Explain how to deploy, configure, and maintain virtual appliances within virtualized environments.  - Determine the process for managing containerized environments.  - Describe the best practices of storage management in virtualized environments.  - Develop strategies for ensuring business continuity and resilience in virtualized environments.  - Analyze potential threats and attacks targeting virtual environments. Who Should Take This Course: Beginners Experience Required: No prior experience required