Sign In

Sign In here to pay AMFs, submit CPEs, update profile settings, review transactions, and more.

SSCP® CBK® Domains

NOTE: Effective April 15, 2015, the SSCP exam will be based on a new exam blueprint. Please refer to the Exam Outline and FAQs for details. 

The SSCP CBK consists of the following seven domains:

  • Access Controls – policies, standards and procedures that define who users are, what they can do, which resources and information they can access, and what operations they can perform on a system. 
    • Logical Access Controls - Subjects & Objects
    • Authentication Mechanisms
    • Access Control Concepts 
    • Internetwork Trust Architectures
    • Identity Management 
    • Cloud Computing 
  • Security Operations and Administration – identification of information assets and documentation of policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability.   
    • Code of Ethics
    • Security Administration
    • Change Management
    • Security Evaluation and Assistance
    • Security Awareness
    • Information Communication Technology Infrastructure
    • Endpoint Device Security
    • Data Management Policies
    • Security Concepts 
  • Monitoring and Analysis – determining system implementation and access in accordance with defined IT criteria. Collecting information for identification of, and response to, security breaches or events. 
    • Continuous Monitoring
    • Analysis of Monitoring Results 
  • Risk, Response and Recovery – the review, analysis and implementation processes essential to the identification, measurement and control of loss associated with unplanned adverse events.  
    • Risk Management Process
    • Security Assessment Activities
    • Incident Handling Analysis
    • Business Continuity Plan (BCP)
    • Disaster Recovery Plan (DRP) 
  • Cryptography – the protection of information using techniques that ensure its integrity, confidentiality, authenticity and non-repudiation, and the recovery of encrypted information in its original form. 
    • Concepts & Requirements of Cryptography 
    • Certificate and Key Management
    • Secure Protocols
  • Networks and Communications – the network structure, transmission methods and techniques, transport formats and security measures used to operate both private and public communication networks.  
    • Networks
    • Telecommunications
    • Remote Access
    • Firewalls & Proxies
    • Wireless & Cellular Technologies  
  • Malicious Code and Activity – countermeasures and prevention techniques for dealing with viruses, worms, logic bombs, Trojan horses and other related forms of intentionally created damaging code.
    • Malicious Code
    • Malicious Code Countermeasures
    • Malicious Activity
    • Malicious Activity Countermeasures

Download a copy of the SSCP Exam Outline.