Top of Page
 
CCSP

SSCP - The Premier Security Administrator Certification

What you need to know about the SSCP exam and certification


Register for Exam   View Exam Outline

Become an SSCP – Systems Security Certified Practitioner

Earning a globally recognized advanced security administration and operations certification like the SSCP is a great way to grow your career and better secure your organization’s critical assets.

SSCP certification demonstrates you have the advanced technical skills and knowledge to implement, monitor and administer IT infrastructure using security best practices, policies and procedures established by the cybersecurity experts at (ISC)².

Prove your skills, advance your career, and gain the support of a community of cybersecurity leaders here to help you throughout your career.

Looking for more assistance as you navigate the SSCP certification for yourself or team members? Download the SSCP Ultimate Guide or learn more about our SSCP education.

Get New Pricing for Training Free SSCP Ultimate Guide

Who Earns the SSCP?

The SSCP is ideal for IT administrators, managers and network security professionals responsible for the hands-on operational security of their organization’s critical assets, including those in the following positions:

  • Network Security Engineer
  • Systems Administrator
  • Security Analyst
  • Systems Engineer
  • Security Consultant/Specialist
  • Security Administrator
  • Systems/Network Analyst
  • Database Administrator
Unsure if the SSCP is right for you? The (ISC)² Qualification Pathfinder can help you identify the certifications that best align with your career goals.

Work in government? See how the SSCP meets the U.S. Department of Defense (DoD) Directive 8570.1.

Commit. Plan. Succeed.Commit. Plan. Succeed.

Certification, Education and Membership

Earning the SSCP

Before you begin your journey to SSCP certification, it’s important to familiarize yourself with the (ISC)² certification process. Earning the SSCP – or any (ISC)² certification – requires much more than passing a challenging exam that measures your mastery and skill across the relevant domains and subject matter. (ISC)² exams are experiential based, which means they evaluate candidates’ knowledge, skills and abilities gained over years of on-the-job, in-the-field application of the tools, concepts and practices that other cybersecurity professionals deem essential for an SSCP. 

Prior to an SSCP candidate sitting for an exam, the expectation is they will meet the SSCP Experience Requirements and have at least one year of cumulative, paid work experience in one or more of the seven domains of the (ISC)² SSCP Common Body of Knowledge (CBK). Candidates may satisfy the one year of work experience requirement if they earn a degree in computer science or similar field. While you may sit for and pass the SSCP exam before earning the prerequisite years of experience, you cannot earn your certification until you have gained the required work experience (learn more about our Associate of (ISC)²  program if you do not yet meet the experience requirements). 

Once an exam is passed, validation of your work experience is accomplished through the endorsement process. You will receive an email with your official exam results and instructions to begin endorsement. This process requires an assessment by (ISC)² Member Services of your submitted work experience and a formal endorsement from another (ISC)² member.

After the endorsement process is complete, you are required to commit to and fully support the (ISC)² Code of Ethics:

  • Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • Act honorably, honestly, justly, responsibly, and legally.
  • Provide diligent and competent service to principles.
  • Advance and protect the profession.

You will then be notified via email that you can pay your first Annual Maintenance Fee (AMF) of U.S. $125 to begin your three-year certification cycle.

Finally, (ISC)² certification is often a career-long commitment for many cybersecurity professionals. Maintaining your SSCP extends well beyond passing the exam. It requires earning continuing professional education (CPE) credits that ensure your skills remain current and also demonstrates to employers and your peers that you are committed to your ongoing professional development.

The SSCP Exam Process

All candidates should familiarize themselves with (ISC)² exam policies and procedures. Learn everything you need to know before, during and after your exam, including exam fees, exam scoring and formatting, the exam agreement, how to request special accommodations, how to reschedule an exam and much more.

Learn More

What to Expect on the SSCP Exam

Exam outlines are available for all (ISC)² certifications, and they provide details on the domains covered by each exam. Visit the SSCP Exam Outline and explore the domains covered by the exam.

Effective November 1, 2021, the SSCP exam will be based on a new exam outline. Some domain names and weights will change. Please refer to our FAQs for details.

SSCP Exam Outline

Register for the SSCP Exam

All SSCP exams are administered by our exclusive global partner Pearson VUE. If you’re ready to pursue the SSCP certification, commit yourself now by registering for the exam. You can find details on testing locations, policies, accommodations and more on the Pearson VUE website.

Register Now

Strengthen Your Cybersecurity Skills

The Official (ISC)² SSCP training provides a comprehensive review of the knowledge required to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability. This training course will help students review and refresh their knowledge and identify areas they need to study for the SSCP exam. Taught by an (ISC)²-authorized instructor, the course features:

  • Official (ISC)² courseware
  • Interactive flash cards
  • Post-course assessment with 125 questions
  • Collaboration with classmates
    *not currently available for self-paced course
  • Real-world learning activities and scenarios
  • Labs
    *available for online instructor-led only

Who Should Attend

The training seminar is ideal for those working in positions such as but not limited to:

  • Network Security Engineer
  • Systems/Network Administrator
  • Security Analyst
  • Systems Engineer
  • Security Consultant/Specialist
  • Security Administrator
  • Systems/Network Analyst
  • Database Administrator
 

Course Agenda

  • Domain 1: Access Controls
  • Domain 2: Security Operations and Administration
  • Domain 3: Risk Identification, Monitoring and Analysis
  • Domain 4: Incident Response and Recovery
  • Domain 5: Cryptography
  • Domain 6: Network and Communications Security
  • Domain 7: Systems and Application Security

Please Note: Effective November 1, 2021, the SSCP exam will be based on a new exam outline. Some domain names and weights will change. Please refer to the SSCP Exam Outline and our FAQs for details.

Course Delivery Methods

 

Course Objectives

After completing this course, the student will be able to:

  • Understand the different Access Control systems and how they should be implemented to protect the system and data using the different levels of confidentiality, integrity, and availability
  • Understand the processes necessary for working with management and information owners, custodians, and users so that proper data classifications are defined. This will ensure the proper handling of all hard copy and electronic information as it is applied by the Security Operations and Administration
  • The Risk Identification, Monitoring, and Analysis Domain identifies the how to identify, measure, and control losses associated with adverse events. You will review, analyze, select, and evaluate safeguards for mitigating risk
  • Identify how to handle Incident Response and Recovery using consistent, applies approaches including the use of the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) concepts in order to mitigate damages, recover business operations, and avoid critical business interruption; and emergency response and post-disaster recovery
  • Identify and differentiate key cryptographic concepts and how to apply them, implement secure protocols, key management concepts, key administration and validation, and Public Key Infrastructure as it applies to securing communications in the presence of third parties
  • Define and identify the Networks and Communications Security needed to secure network structure, data transmission methods, transport formats, and the security measures used to maintain integrity, availability, authentication, and confidentiality of the information being transmitted
  • The Systems and Application Security section identifies and defines technical and non-technical attacks and how an organization can protect itself from these attacks including the concepts in endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments

Continue Your Professional Journey

Once you earn your (ISC)² certification, you are a member of our association.

As an (ISC)² member, you never stop learning and growing. We provide access to a full suite of benefits and resources to help enable your continuing education and development to keep you ahead of the latest threats, best practices and industry trends. Learn more about how certification is just the first step in your (ISC)² membership and how you can take advantage of:

  • Enriching professional development and volunteer opportunities
  • Peer-to-peer networking and best-practice sharing
  • (ISC)² Security Congress annual cybersecurity conference
  • Professional recognition and awards programs
  • Discounts on leading industry event registration, learning materials, services and more.

 

Learn About Membership

Before you begin your journey to SSCP certification, it’s important to familiarize yourself with the (ISC)² certification process. Earning the SSCP – or any (ISC)² certification – requires much more than passing a challenging exam that measures your mastery and skill across the relevant domains and subject matter. (ISC)² exams are experiential based, which means they evaluate candidates’ knowledge, skills and abilities gained over years of on-the-job, in-the-field application of the tools, concepts and practices that other cybersecurity professionals deem essential for an SSCP. 

Prior to an SSCP candidate sitting for an exam, the expectation is they will meet the SSCP Experience Requirements and have at least one year of cumulative, paid work experience in one or more of the seven domains of the (ISC)² SSCP Common Body of Knowledge (CBK). Candidates may satisfy the one year of work experience requirement if they earn a degree in computer science or similar field. While you may sit for and pass the SSCP exam before earning the prerequisite years of experience, you cannot earn your certification until you have gained the required work experience (learn more about our Associate of (ISC)²  program if you do not yet meet the experience requirements). 

Once an exam is passed, validation of your work experience is accomplished through the endorsement process. You will receive an email with your official exam results and instructions to begin endorsement. This process requires an assessment by (ISC)² Member Services of your submitted work experience and a formal endorsement from another (ISC)² member.

After the endorsement process is complete, you are required to commit to and fully support the (ISC)² Code of Ethics:

  • Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • Act honorably, honestly, justly, responsibly, and legally.
  • Provide diligent and competent service to principles.
  • Advance and protect the profession.

You will then be notified via email that you can pay your first Annual Maintenance Fee (AMF) of U.S. $125 to begin your three-year certification cycle.

Finally, (ISC)² certification is often a career-long commitment for many cybersecurity professionals. Maintaining your SSCP extends well beyond passing the exam. It requires earning continuing professional education (CPE) credits that ensure your skills remain current and also demonstrates to employers and your peers that you are committed to your ongoing professional development.

All candidates should familiarize themselves with (ISC)² exam policies and procedures. Learn everything you need to know before, during and after your exam, including exam fees, exam scoring and formatting, the exam agreement, how to request special accommodations, how to reschedule an exam and much more.

Learn More

What to Expect on the SSCP Exam

Exam outlines are available for all (ISC)² certifications, and they provide details on the domains covered by each exam. Visit the SSCP Exam Outline and explore the domains covered by the exam.

Effective November 1, 2021, the SSCP exam will be based on a new exam outline. Some domain names and weights will change. Please refer to our FAQs for details.

SSCP Exam Outline

Register for the SSCP Exam

All SSCP exams are administered by our exclusive global partner Pearson VUE. If you’re ready to pursue the SSCP certification, commit yourself now by registering for the exam. You can find details on testing locations, policies, accommodations and more on the Pearson VUE website.

Register Now

The Official (ISC)² SSCP training provides a comprehensive review of the knowledge required to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability. This training course will help students review and refresh their knowledge and identify areas they need to study for the SSCP exam. Taught by an (ISC)²-authorized instructor, the course features:

  • Official (ISC)² courseware
  • Interactive flash cards
  • Post-course assessment with 125 questions
  • Collaboration with classmates
    *not currently available for self-paced course
  • Real-world learning activities and scenarios
  • Labs
    *available for online instructor-led only

Who Should Attend

The training seminar is ideal for those working in positions such as but not limited to:

  • Network Security Engineer
  • Systems/Network Administrator
  • Security Analyst
  • Systems Engineer
  • Security Consultant/Specialist
  • Security Administrator
  • Systems/Network Analyst
  • Database Administrator
 

Course Agenda

  • Domain 1: Access Controls
  • Domain 2: Security Operations and Administration
  • Domain 3: Risk Identification, Monitoring and Analysis
  • Domain 4: Incident Response and Recovery
  • Domain 5: Cryptography
  • Domain 6: Network and Communications Security
  • Domain 7: Systems and Application Security

Please Note: Effective November 1, 2021, the SSCP exam will be based on a new exam outline. Some domain names and weights will change. Please refer to the SSCP Exam Outline and our FAQs for details.

Course Delivery Methods

 

Course Objectives

After completing this course, the student will be able to:

  • Understand the different Access Control systems and how they should be implemented to protect the system and data using the different levels of confidentiality, integrity, and availability
  • Understand the processes necessary for working with management and information owners, custodians, and users so that proper data classifications are defined. This will ensure the proper handling of all hard copy and electronic information as it is applied by the Security Operations and Administration
  • The Risk Identification, Monitoring, and Analysis Domain identifies the how to identify, measure, and control losses associated with adverse events. You will review, analyze, select, and evaluate safeguards for mitigating risk
  • Identify how to handle Incident Response and Recovery using consistent, applies approaches including the use of the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) concepts in order to mitigate damages, recover business operations, and avoid critical business interruption; and emergency response and post-disaster recovery
  • Identify and differentiate key cryptographic concepts and how to apply them, implement secure protocols, key management concepts, key administration and validation, and Public Key Infrastructure as it applies to securing communications in the presence of third parties
  • Define and identify the Networks and Communications Security needed to secure network structure, data transmission methods, transport formats, and the security measures used to maintain integrity, availability, authentication, and confidentiality of the information being transmitted
  • The Systems and Application Security section identifies and defines technical and non-technical attacks and how an organization can protect itself from these attacks including the concepts in endpoint device security, cloud infrastructure security, securing big data systems, and securing virtual environments

Once you earn your (ISC)² certification, you are a member of our association.

As an (ISC)² member, you never stop learning and growing. We provide access to a full suite of benefits and resources to help enable your continuing education and development to keep you ahead of the latest threats, best practices and industry trends. Learn more about how certification is just the first step in your (ISC)² membership and how you can take advantage of:

  • Enriching professional development and volunteer opportunities
  • Peer-to-peer networking and best-practice sharing
  • (ISC)² Security Congress annual cybersecurity conference
  • Professional recognition and awards programs
  • Discounts on leading industry event registration, learning materials, services and more.

 

Learn About Membership

Ok