Sign In

Sign In here to pay AMFs, submit CPEs, update profile settings, review transactions, and more.



SSCP® CBK® Domains

The SSCP domains are drawn from various information security topics within the (ISC)² CBK. Updated annually, the domains reflect the most up-to-date best practices worldwide, while establishing a common framework of terms and principles to discuss, debate and resolve matters pertaining to the profession.

  • Access Controls - Underlying principles of access control systems and how to implement, manage and secure those systems, including internetwork trust architectures, federated identity management, identity management lifecycle, and various access control frameworks.
    • Implement Authentication Mechanisms
    • Operate Internetwork Trust Architectures
    • Participate in the Identity-Management Lifecycle
    • Implement Access Controls
  • Security Operations and Administration - Identification of information assets and documentation of policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability.
    • Understand and Comply with Code of Ethics
    • Understand Security Concepts
    • Document and Operate Security Controls
    • Participate in Asset Management
    • Implement and Assess Compliance with Controls
    • Participate in Change Management
    • Participate in Security Awareness and Training
    • Participate in Physical Security Operations
  • Risk Identification, Monitoring, and Analysis - Identification, evaluation and prioritization of potential threats and the systematic application of resources to monitor, manage and mitigate those threats. Includes risk management concepts, assessment activities, and monitoring terminology, techniques and systems.
    • Understand the Risk Management Process
    • Perform Security Assessment Activities
    • Operate and Maintain Monitoring Systems
    • Analyze Monitoring Results
  • Incident Response and Recovery - Properly implement and exercise incident handling processes and procedures that provide rapid and consistent approach to addressing security incidents, supporting forensic investigations, Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP).
    • Participate in Incident Handling
    • Understand and Support Forensic Investigations
    • Understand and Support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
  • Cryptography - Understand common cryptographic concepts, methodologies, and technologies, including legal and regulatory requirements, key management concepts, public key infrastructure, and the implementation and use of secure protocols.
    • Understand and Apply Fundamental Concepts of Cryptography
    • Understand Requirements for Cryptography
    • Understand and Support Secure Protocols
    • Operate and Implement Cryptographic Systems
  • Networks and Communications Security - Encompasses network architecture, transmission methods, transport formats, control devices, and security measures used to maintain the confidentiality, integrity, and availability of the information transmitted over communication networks.
    • Understand Security Issues Related to Networks
    • Protect Telecommunications Technologies
    • Control Network Access
    • Manage LAN-based Security
    • Operate and Configure Network-based Security Devices
    • Implement and Operate Wireless Technologies
  • Systems and Application Security - Common attack vectors and associated countermeasures, including impact of virtualization, mobile devices, cloud computing, and Big Data vulnerabilities, configuration and security.
    • Identify and Analyze Malicious Code and Activity
    • Implement and Operate Endpoint Device Security
    • Operate and Configure Cloud Security
    • Secure Big Data Systems
    • Operate and Secure Virtual Environments

NOTE: Effective April 15, 2015, the SSCP exam will be based on a new exam blueprint. Please refer to the Exam Outline and FAQs for details.