SSCP Domain: Access Controls


Overview/Description
Target Audience
Expected Duration
Lesson Objectives
Course Number



Overview/Description
With the increasing growth of the Internet and networks in general being used for business, security is an important issue. A key aspect of business security is controlling which users have access to what resources, and which operations they can perform. The mechanism for controlling these aspects is Access Control. This courses examines how to determine appropriate access controls, architecture models, authentication techniques and access methods. It explains access control systems, their differences and implementations and how they protect services and data. This course also demonstrates attack methods used to bypass access control systems and describes account management procedures and key access control concepts. The course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains and covers the most recent key areas of knowledge as outlined in the Candidate Information Bulletin (CIB) effective date: February 1, 2012.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one year's professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)
2.5

Lesson Objectives

SSCP Domain: Access Controls

  • identify the most appropriate access controls for particular situations
  • recognize the considerations for access control subjects and access control objects
  • select appropriate access control architecture models for particular situations
  • recognize access control architecture models
  • determine the most appropriate access controls to use in a particular scenario
  • determine the most appropriate access control architecture model to use in a particular scenario
  • describe knowledge and ownership based authentication methods
  • describe the components of an identity management solution
  • describe characteristics-based authentication methods
  • describe multifactor authentication methods
  • recognize the advantages of single sign-on systems (SSOs) for authentication
  • describe how Kerberos is used for authentication
  • select the most appropriate access control methodology to use in a particular situation
  • rank portable devices according to the amount of data they can remove from a network
  • describe security risks and mitigation techniques for virtual platforms
  • describe the phases of a cloud computing data cycle
  • determine the most appropriate authentication technique to use in a particular scenario
  • determine the most appropriate access method to implement in a particular scenario
  • Course Number:
    sp_sycp_a01_it_enus