The Systems Security Certified Practitioner (SSCP) is a logical next step for many people that have cm the CompTIA Security+ and is often used by people as a stepping stone to the much more difficult CISSP certification. The SSCP certification is more technical than the CISSP, which has a much broader focus. Objectives for the SSCP are contained in the Candidate Information Bulletin (CIB) which you can get from this page.
This post is about the objectives that went live in 2012. New objectives will go live April 15th.
When will the new SSCP All-In-One be study guide be available?
This is controlled by the publisher and it is tentatively scheduled for a release data of November 1, 2015.
Here are some details on the certification:
SSCP Seven Domains
The SSCP has objectives listed in the following seven domains:
- Access Controls
- Malicious Code and Activity
- Monitoring and Analysis
- Networks and Communications
- Risk, Response and Recovery
- Security Operations and Administration
Candidates must have at least one year of direct full-time security work experience in one or more of these seven domains. After passing the exam, you’ll be required to submit a resume documenting this experience. Additionally, your application must be endorsed by someone that holds a certification with (ISC)2 and can attest to the accuracy of your resume. If you don’t know someone with a certification, you can still turn in your application, but it will take longer to complete the endorsement process.
If you don’t have the required experience, you can still take the exam and earn the Associate of (ISC)2 designation for the SSCP. You’ll then have two years to get the required experience and change this over to a fully certified SSCP.
Released ahead of schedule and now available:
SSCP Systems Security Certified Practitioner All-in-One Exam Guide
About the SSCP Exam
The exam includes 125 multiple choice questions with each question having four choices. Only 100 questions are graded and the additional 25 questions are used for research purposes but you won’t know questions are graded and which questions are research questions. In other words, answer them all as if they are graded questions. The questions are weighted with some questions more difficult than others. A passing score of 700 out of a possible 1000 points is required to pass.
The SSCP exam is now available as a computer based test in many areas. It is a proctored exam but because it is computer based, you don’t have to take it in a huge room with dozens or hundreds of others.
It is a paper-based exam. You’ll be given a test booklet and a bubble sheet to fill in your answers. For each question, you use the old-fashioned number 2 pencil to fill in the correct bubble. When you’re done, you turn in your answer sheet. You’ll get the results via email within 4 to 6 weeks after taking the exam. Expect to take it in a large ballroom in a hotel or some similar setting with other people taking exams such as the CISSP, or CSSLP exams. Several proctors will be walking around the room during the exam. You’ll have three hours to take the exam and this is strictly timed. If you need to take a break, you can usually walk to the back of the room and have a drink or snack if you brought it with you. Signout sheets are commonly used for people that need to use the restroom. However, all of this time still counts towards your three hours. Other exams are longer. For example, other people in the room will probably be taking the CISSP exam which is six hours long.
Registering for the SSCP Exam
The exam costs $300 if you’re taking it in the United States. If you register and pay for the exam at least 16 days earlier, you get a break and it only costs $250. You can view the full price list here which includes prices for all the exams and the cost in other countries and currencies.
When you’re ready to register for the exam, you can start the process here. During this process, you’ll be required to commit to abiding to the Code of Ethics. This is also included in the objectives for the exam so you should look this over before starting the registration process.