ISC2 SSCP Exam (Systems Security Certified Practioner) Detailed InformationSSCP
® - Systems Security Certified Practitioner
Operational Excellence in Information Security
certification is the ideal credential for those with proven technical skills and practical security knowledge in hands-on operational IT roles. It provides industry-leading confirmation of a practitioner’s ability to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability.
indicates a practitioner’s technical ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.
is ideal for those working in or towards positions such as, but not limited to:
Network Security Engineer
Globally Recognized Proficiency in Information Security
Offered by (ISC)², the world leader in educating and certifying security professionals worldwide, SSCP
s benefit from a global network of 110,000 certified members and valuable resources and support to help them to continually develop and advance in their careers.
credential draws from a comprehensive, up-to-date global body of knowledge that ensures candidates have the right information security knowledge and skills to be successful in IT operational roles. It demonstrates competency in the following CBK Domains:
Security Operations and Administration
Risk Identification, Monitoring, and Analysis
Incident Response and Recovery
Network and Communications Security
Systems and Application Security
Length of exam 3 hours
Number of questions 125
Question format Multiple choice questions
Passing grade 700 out of 1000 points
Exam languages English, Japanese, and Brazilian Portuguese
Testing center Pearson Vue Testing Center
Official (ISC)² Guide to the SSCP
Official (ISC)² SSCP
Official Study App
Official (ISC)² Training
®- Why Certify
Without the Right People, No Organization is Secure
Attacks on organizations’ information assets continue to escalate while attackers also refine and improve their tactics. Employers know that the best way to combat these assaults starts with qualified information security staff armed with appropriate practices and controls. Easier said than done.
That’s why organizations and professionals, across the globe, turn to (ISC)²®, the only not-for-profit body charged with maintaining, administering and certifying information security professionals via the compendium of industry best practices known as the (ISC)² CBK® -- the premier resource for information security professionals worldwide.
Certification Helps the Professional
Demonstrates proven technical ability gained through hands-on operational experience or technical roles
Confirms breadth and depth of hands-on technical knowledge expected by employers, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more
Bolsters standing career and offers a differentiator, with enhanced credibility and marketability for desirable opportunities
Indicates commitment to the field and ongoing relevancy through continuing professional education and understanding of the most current best practices
As a member of (ISC)², provides access to valuable career resources, such as networking and ideas exchange with peers
Certification Helps the Enterprise
Strengthens security posture with qualified practitioners who have proven hands-on technical ability to competently handle day-to-day responsibilities to secure the organization’s data
Increases organizational understanding and implementation of best practices, as indicated by the (ISC)² CBK, the premier resource for information security professionals worldwide
Improves information security coherence across the organization with practitioners that speak the same language across disciplines and have cross-department perspective
Increases organizational integrity in the eyes of clients and other stakeholders
Enables access to a network of global industry and subject matter/domain experts
Satisfies certification mandate requirements for service providers and subcontractors
Ensures practitioners stay current on emerging and changing technologies, and security issues related to these technologies through the continuing professional education requirements
How to Get Your SSCP
Here are the steps to get your SSCP
certification from (ISC)²:
1. Obtain the Required Experience
Valid experience includes information systems security-related work performed, or work that requires information security knowledge and involves direct application of that knowledge. For the SSCP
certification, a candidate is required to have a minimum of 1 year of cumulative paid full-time work experience in one or more of the 7 domains of the SSCP
CBK. If you do not have the required experience, you may still sit for the exam and become an Associate of (ISC)² until you have gained the required experience.
2. Schedule the Exam
Create an account at Pearson Vue and schedule your exam. The SSCP
exam is available in English, Japanese, and Portuguese.
Complete the Examination Agreement, attesting to the truth of your assertions regarding professional experience, and legally committing to the adherence of the (ISC)² Code of Ethics.
Review the Candidate Background Questions.
Submit the examination fee.
3. Pass the Exam
Pass the SSCP
examination with a scaled score of 700 points or greater. Read the Exam Scoring FAQs .
4. Complete the Endorsement Process
Once you are notified that you have successfully passed the examination, you will be required to have your application endorsed before the credential can be awarded. An endorsement form for this purpose must be completed and signed by an (ISC)² certified professional who is an active member, and who is able to attest to your professional experience. With the Endorsement Time limit, you are required to become certified within 9 months of the date of your exam OR become an Associate of (ISC)². If you do not become certified or an Associate of (ISC)² within 9 months of the date of your exam you will be required to retake the exam in order to become certified. [(ISC)² can act as an endorser for you if you cannot find a certified individual to act as one.] Please refer to the Endorsement Assistance Guidelines for additional information about the endorsement requirements.
5. Maintain the Certification
Recertification is required every 3 years by meeting all renewal requirements, which include:
Earn and submit a minimum of 20 continuing professional education (CPE) credits each year of the 3-year certification cycle and total of 60 CPE credits by the end of the 3-year certification cycle
Pay the annual maintenance fee (AMF) of US$65 each year of the 3-year certification for a total cycle for a total of US$195
Abide by the (ISC)² Code of Ethics
For more details concerning the SSCP
annual maintenance and renewal requirements, please contact (ISC)² Member Services at email@example.com.
Passing candidates will be randomly selected and audited by (ISC)² Member Services prior to issuance of any certificate. Multiple certifications may result in a candidate being audited more than once.
examination domains and weights are:
1. Access Control
2. Security Operations and Administration
3. Risk Identification, Monitoring and Analysis
4. Incidence Response, and Recovery
6. Network and Communication Security
7. Systems and Applications Security
Access Controls - Underlying principles of access control systems and how to implement, manage and secure those systems, including internetwork trust architectures, federated identity management, identity management lifecycle, and various access control frameworks.
Implement Authentication Mechanisms
Operate Internetwork Trust Architectures
Participate in the Identity-Management Lifecycle
Implement Access Controls
Security Operations and Administration - Identification of information assets and documentation of policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability.
Understand and Comply with Code of Ethics
Understand Security Concepts
Document and Operate Security Controls
Participate in Asset Management
Implement and Assess Compliance with Controls
Participate in Change Management
Participate in Security Awareness and Training
Participate in Physical Security Operations
Risk Identification, Monitoring, and Analysis - Identification, evaluation and prioritization of potential threats and the systematic application of resources to monitor, manage and mitigate those threats. Includes risk management concepts, assessment activities, and monitoring terminology, techniques and systems.
Understand the Risk Management Process
Perform Security Assessment Activities
Operate and Maintain Monitoring Systems
Analyze Monitoring Results
Incident Response and Recovery - Properly implement and exercise incident handling processes and procedures that provide rapid and consistent approach to addressing security incidents, supporting forensic investigations, Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP).
Participate in Incident Handling
Understand and Support Forensic Investigations
Understand and Support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
Cryptography - Understand common cryptographic concepts, methodologies, and technologies, including legal and regulatory requirements, key management concepts, public key infrastructure, and the implementation and use of secure protocols.
Understand and Apply Fundamental Concepts of Cryptography
Understand Requirements for Cryptography
Understand and Support Secure Protocols
Operate and Implement Cryptographic Systems
Networks and Communications Security - Encompasses network architecture, transmission methods, transport formats, control devices, and security measures used to maintain the confidentiality, integrity, and availability of the information transmitted over communication networks.
Understand Security Issues Related to Networks
Protect Telecommunications Technologies
Control Network Access
Manage LAN-based Security
Operate and Configure Network-based Security Devices
Implement and Operate Wireless Technologies
Systems and Application Security - Common attack vectors and associated countermeasures, including impact of virtualization, mobile devices, cloud computing, and Big Data vulnerabilities, configuration and security.
Identify and Analyze Malicious Code and Activity
Implement and Operate Endpoint Device Security
Operate and Configure Cloud Security
Secure Big Data Systems
Operate and Secure Virtual Environments