If you’re pursuing the SSCP certification, you probably want to know about SSCP differences in the current version compared with the previous version. Many people have queried me about this and I’ve passed on these notes. I’m posting them here so that they can help anyone.
Many people pursue the SSCP right after passing the Security+ exam, and to lay a foundation for the CISSP exam.
The SSCP Systems Security Certified Practitioner Exam Guide: All-In-One first edition is currently available. It covers the objectives for the previous objectives, but doesn’t cover the added objectives.
The second edition of the SSCP Systems Security Certified Practitioner All-in-One Exam Guide is due out by mid October, 2015.
| 2015 Version | 2012 Version |
|---|---|
However, if you want to take the exam sooner, you can use these notes to fill in the gaps with some self-study.
SSCP Differences Effective April 15th
This blog post discussed changes to the SSCP and CISSP exams effective April 15th, 2015. As a summary, they are:
- The 2012 version expired on midnight April 14th.
- The 2015 version went live on April 15th.
- The domain names have changed slightly as shown in the following table:
| 2015 Version | 2012 Version |
|---|---|
| 1) Access Controls | 1) Access Controls |
| 2) Security Operations and Administration | 2) Security Operations & Administration |
| 3) Risk Identification, Monitoring, and Analysis | 3) Monitoring and Analysis |
| 4) Incident Response and Recovery | 4) Risk, Response, and Recovery |
| 5) Cryptography | 5) Cryptography |
| 6) Networks and Communications Security | 6) Networks and Communications |
| 7) Systems and Application Security | 7) Malicious Code & Activity |
SSCP Differences Semi-new Topics
The following topics were implied in the 2012 candidate information bulletin (CIB), but are spelled out more specifically in the 2015 objectives.
SSCP Differences Domain 1 Access Controls
Area B. Operate Internetwork Trust Architectures (e.g. extranet, third=party connections, federated access)
- B. 1. One-way trust relationships
- B. 2, Two-way trust relationships
- B. 3 Transitive trust
- Think of these in the context of a federation, or federated access.
SSCP Differences Domain 6 Network and Communications Security
Area E. Operate and Configure Network-Based Security Devices
- E. 4. Traffic shaping devices (e.g. WAN optimization)
SSCP Differences Domain 7 Risk Identification, Monitoring, and Analysis
Area C. Operate and Configure Cloud Security
There is an increased emphasis on cloud security. You might like to look at:
Read about deployment models (public, private, community, and hybrid) and service models SaaS, PaaS, and IaaS.
In the Cloud Computing Security Requirements Guide, Figure 1 is highly relevant in relation to security.
Area D. Secure Big Data Systems
- Do a little research on Big Data
Area E. Operate and Secure Virtual Environments
- There is an increased emphasis on virtualization. This has expanded significantly in the last few years beyond just servers to networking, such as software defined networking.
SSCP Differences New topics
The following topics are new in the 2015 CIB.
SSCP Differences Domain 1 Access Controls
Area D. Implement Access Controls (e.g. subject-based, object-based
- D.5 Attribute-based access control (ABAC). This is often used with software defined networking (SDN).
SSCP Differences Domain 5 Cryptography
Area A. Understand and Apply Fundamental Concepts of Cryptography
- A. 1. Hashing
- NIST picked SHA-3 as a standard so I recommend you look it up.
- A. 2. Salting.
- Recommend looking at bcrypt and PBKDF2 and how both help prevent rainbow table attacks using salting.
Area D. Operate and Implement Cryptographic Systems
- D. 5. Implementation of secure protocols (e.g. IPsec, SSL/TLS, S/MIME)
- SSL is all but dead due to POODLE (Padding Oracle On Downgraded Legacy Encryption). Some estimates indicate that 99% of the websites have switched over to TLS by now. Recommend looking up POODLE related to SSL.
SSCP Differences Domain 6 Network and Communications Security
Area B. Protect Telecommunications Technologies.
- B. 1 Converged Communications.
- Recommend researching on unified communications (which is the marketing buzzword for converged communications).
Area D. Manage LAN-based Security
- D.1. Separation of data plane and control plane
- This refers directly to software defined networking so recommend looking up these terms.
- D. 3. Secure device management.
- There is an increased emphasis on bring your own device (BYOD) and corporate-owned, personally enabled (COPE) devices so I recommend looking them up.
Area F. Implement and Operate Wireless Technologies
- F. 2. Wireless security devices (e.g. dedicated/integrated WIPS, WIDS)
- WIDS and WIPS are new so I recommend looking them up.
- Also recommend looking up 802.11ac as an update to 802.11n.
If self-study isn’t your thing, you can pre-order the SSCP Systems Security Certified Practitioner All-in-One Exam Guide.
Is there any chance of ordering the .pdf ahead of time from you? My employer is forcing me to take the exam in October, and that cuts it real close to the projected availability date. I have your 2012 edition already, but wouldn’t mind buying the .pdf earlier so I have the new material.
Thanks!
Sorry Mike, but no. Even if I had a PDF of the full book, it would compromise my relationship with the publisher if I began distributing it.
The book arrived yesterday. Like the first one, it’s a goldmine! (I’ll review it on Amazon when I get a chance). Just in time for my exam that I’m taking on Saturday! So I have an entire book to digest in two days. Luckily it’s only the new material that I really need. I really wish you designed the actual test questions…you don’t try to trip us up!
Suggestion for the third edition: perhaps a short blurb somewhere highlighting the changes (I wasn’t able to find such a blurb). I have to hunt & peck for the changes. Perhaps it’s my unique situation that is the reason I’m looking for it.
A definite 5-star book. Thanks!
-Mike
Glad you received and you like it. Thanks for the suggestion, but the publisher thought that highlighting changes would have a very limited lifetime – someone taking the exam in 2016 wouldn’t be concerned about the changes as much as you are right now.
Good luck on the exam.
Darril
Is this book just CD-ROM? Or is it a self reading book?
It’s a full hard back book, but with a CD. I realize the Amazon page includes Multimedia CD text, but it’s a full book.
The publisher has told me that the book is shipping to the printer later this month (August) and should be available for purchase in September.
This is extremely useful.
Thank you, Darril.