Summary

Chapter 1 explored basic descriptions of the Systems Security Certified Practitioner candidate requirements and the construction of the test you will be taking. We've discussed the common body of knowledge and the existence of 10 domains that are used for testing in the two certification tracks provided by (ISC)²: the SSCP and the CISSP.

We've seen that the domains covered in the SSCP examination are primarily aimed at hands-on operations and the security requirements involved in the day-to-day environment. We also saw that the coverage within the CBK for topics of the CISSP examination emphasizes the administrative, planning, and management areas rather than the configuration and operation of the system. The seven domains that are tested in the SSCP examination received explanatory and introductory coverage, and we've learned what each of the domains covers. These tested domains are classified as:

• Access controls

• Administration

• Auditing and monitoring

• Risk, response, and recovery

• Cryptography

• Data communications

• Malicious code

During the course of this chapter, we've introduced many concepts that you will need to be prepared for in order to pass the exam. You need to know the principles of successful administration and the ability to plan in a number of different arenas such as incident response, risk management, business protection, handling of evidence trails, and methods to recover from disaster. You also need a very good understanding of network communications and the protocols that apply not only to the network but also to the applications that you'll use in daily operations. As we toured the domains, we found that you also must have a good knowledge of virus and malicious code creations and the ways to stop, detect, and thwart attacks using these devices. Finally, you need to know how to protect data through encryption methods, and we have discussed the areas in which these tools can help you provide a more secure operation.