ISC2 Systems Security Certified Practitioner (SSCP)

The Systems Security Certified Practitioner (SSCP) certification is ideal for individuals with technical skills and practical, hands-on security knowledge in operational IT roles. It validates the ability to implement, monitor, and administer IT infrastructure in line with information security policies and procedures. The SSCP covers seven domains:

1. Security Operations and Administration
2. Access Controls
3. Risk Identification, Monitoring, and Analysis
4. Incident Response and Recovery
5. Cryptography
6. Network and Communications Security
7. Systems and Application Security

Candidates must have at least one year of cumulative work experience in one or more of these domains, or they can become an Associate of ISC2 by passing the SSCP exam and then have two years to earn the required experience.

The SSCP exam lasts four hours, consists of 150 multiple-choice questions, and requires a passing score of 700 out of 1000 points. It’s available in several languages and can be taken at a Pearson VUE Testing Center. The weight given to each domain in the exam is as follows:

1. Security Operations and Administration: 16%
2. Access Controls: 15%
3. Risk Identification, Monitoring, and Analysis: 15%
4. Incident Response and Recovery: 14%
5. Cryptography: 9%
6. Network and Communications Security: 16%
7. Systems and Application Security: 15%

Each domain has specific sub-topics and knowledge areas that candidates are expected to understand, such as ethical codes, authentication methods, risk management, incident response, cryptography concepts, network security, and more.

The SSCP certification is accredited and complies with ANSI/ISO/IEC Standard 17024. It undergoes regular updates through a Job Task Analysis (JTA) process to ensure it remains relevant to the roles and responsibilities of information security professionals.