System Security Practitioner (SSCP)

Course Description

This course prepares students for the Systems Security Certified Practitioner (SSCP) certification offered by ISC2. It provides students with the knowledge and understanding of the internationally accepted common body of knowledge encompassing seven security domains including Access Controls; Security Operations & Administration; Risk Identification, Monitoring and Analysis; Incident Response and Recovery; Cryptography; Network and Communications Security; and Systems and Application Security, with practice provided to thoroughly prepare students for the SSCP certification exam offered by (ISC)2. The SSCP certification demonstrates the advanced technical skills and knowledge to implement, monitor and administer IT infrastructure using security best practices, policies and procedures established by the cybersecurity experts at ISC2. The course typically combines lecture and hands-on lab work — three hours of lecture and one hour of lab per week for three credit hours of lower-division college credit.

Learning Outcomes

Required Outcomes

Upon successful completion of this course, students will be able to:

• Apply core security concepts — compare the security concepts of confidentiality, integrity, and availability and recall the ISC2 Code of Ethics.
• Implement access controls — discuss authentication methods, trust, the identity management life cycle and access control models.
• Perform security operations and administration — describe security controls, their implementation, maintenance, and assessment, and the change management life cycle.
• Identify, monitor, and analyze risk — conduct security assessments, vulnerability identification, and continuous monitoring activities.
• Respond to and recover from incidents — apply incident handling procedures, forensic principles, and business continuity / disaster recovery concepts.
• Apply cryptography — explain encryption fundamentals, PKI, certificates, hashing, and digital signatures.
• Secure networks and communications — analyze network architecture, secure protocols, wireless security, and remote access.
• Secure systems and applications — identify and mitigate malware, perform security auditing, and apply systems monitoring and analysis to endpoints, servers, virtualized, and cloud environments.
• Prepare for the SSCP certification exam by demonstrating mastery of all seven ISC2 SSCP domains.

Optional Outcomes

• Evaluate cloud computing security models, shared responsibility, and securing cloud workloads.
• Assess cellular and mobile device security concerns and BYOD policies.
• Implement, monitor and administer AI technologies safely, including securing automated access controls and leveraging machine learning for real-time incident response.
• Analyze regulatory compliance frameworks (HIPAA, PCI-DSS, GDPR, FISMA) relevant to security operations.
• Develop and present a written security policy or risk assessment report.

Major Topics

Required Topics (Seven SSCP Domains)

• Domain 1 — Security Concepts and Practices: CIA triad, ISC2 Code of Ethics, security governance, controls, asset management, awareness/training, physical security.
• Domain 2 — Access Controls: authentication factors, single sign-on, federated identity, identity management lifecycle, MAC/DAC/RBAC/ABAC models, trust relationships.
• Domain 3 — Risk Identification, Monitoring, and Analysis: risk management frameworks, threat modeling, vulnerability assessment, log management, SIEM, indicators of compromise.
• Domain 4 — Incident Response and Recovery: incident handling lifecycle, digital forensics fundamentals, chain of custody, BCP/DRP.
• Domain 5 — Cryptography: symmetric/asymmetric algorithms, hashing, PKI, certificates, key management, secure protocols (TLS, IPsec).
• Domain 6 — Network and Communications Security: OSI/TCP-IP, firewalls, IDS/IPS, VPNs, wireless (WPA2/3), network segmentation, secure remote access.
• Domain 7 — Systems and Application Security: malware analysis and mitigation, endpoint protection, secure virtualization and cloud, application security, data security and DLP.

Optional Topics

• Hands-on labs with security tools (Wireshark, Nmap, Metasploit, Splunk).
• Penetration testing fundamentals and ethical hacking concepts.
• IoT and operational technology (OT/ICS) security.
• Zero Trust Architecture and modern network security models.
• AI/ML security applications and adversarial threats.

Resources & Tools

• Official ISC2 SSCP Study Guide and Official Practice Tests (Sybex/Wiley).
• ISC2 SSCP Certification Exam Outline (current PDF version) — primary alignment document.
• Virtualization platforms (VMware Workstation, VirtualBox, Hyper-V) for lab environments.
• Open-source security tools: Wireshark, Nmap, OpenVAS, Snort, Kali Linux, Security Onion.
• NIST Special Publications (SP 800-53, SP 800-61, SP 800-171) and the NIST Cybersecurity Framework.
• SSCP exam practice question banks and online flashcards.

Career Pathways

Successful completion of this course and the SSCP certification supports careers in operational cybersecurity. The SSCP is ideal for IT administrators, managers, directors and network security professionals responsible for the hands-on operational security of their organization's critical assets. Typical job titles include:

• Security Analyst / SOC Analyst
• Systems Administrator with security focus
• Network Security Engineer
• Security Administrator
• Information Assurance Technician
• Database Administrator (security-focused)

Job opportunities for SSCP-certified individuals are abundant, with roles often offering competitive salaries ranging from $66,000 to over $130,000 annually depending on experience, location, and responsibilities.

Special Information

Certification Preparation: This course is designed to prepare students for the ISC2 Systems Security Certified Practitioner (SSCP) certification examination. Candidates pursuing the full SSCP credential must possess a minimum of one year of full-time experience in one or more of the seven domains of the current SSCP Exam Outline; students who pass the exam without the required experience may earn the Associate of ISC2 designation while gaining the qualifying work experience.

DoD 8140 / 8570 Alignment: The SSCP is an approved baseline certification for U.S. Department of Defense cybersecurity workforce roles, supporting careers in federal contracting and military cybersecurity positions.

Recommended Background: Students should have some knowledge of other IT domains, including a basic working knowledge of network technologies; achieving the CompTIA Security+ certification, while not required, would also be beneficial.