SSCP Domain: Malicious Code

Target Audience
Expected Duration
Lesson Objectives
Course Number

In the modern world of computing, malicious code is becoming commonplace. Organizations and individuals must protect themselves from these attacks. This course provides a history of malicious code and details of how to recognize and analyze the effects of malcodes and infection vectors on a computing system using VMware testing and file capturing techniques. It also explains how to determine appropriate malcode evaluation and mitigation techniques to protect an enterprise environment. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains and covers the most recent key areas of knowledge as outlined in the Candidate Information Bulletin (CIB) effective date: February 1, 2012.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one year's professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)

Lesson Objectives

SSCP Domain: Malicious Code

  • recognize components of CARO-like names
  • recognize the main purpose of application security
  • identify types of malicious code
  • define the basic terms in malicious code
  • identify significant events in the evolution of malcode
  • order the significant events in the emergence of the Internet criminal marketplace
  • identify common methods used to spread malcodes
  • recognize social engineering attacks
  • determine which specific malcodes are attacking a system
  • determine the methods infection vectors have used to access a system
  • recognize types of attacks that are carried out on computing environments
  • describe best practices for implementing a security solution in an enterprise environment
  • implement appropriate malcode inspection processes
  • select appropriate malcode behavioral analysis methods
  • sequence the steps for using VMware to test malcode samples
  • identify techniques for capturing files from a computer
  • identify appropriate malcode mitigation policies for an enterprise environment
  • assess how malcodes and infection vectors attack a computing system
  • determine how to evaluate and mitigate malcodes in an enterprise environment
  • Course Number: