SSCP Domain : Risk, Response, and Recovery

Target Audience
Expected Duration
Lesson Objectives
Course Number

With more and more business success relying on secure and guaranteed access to data, having plans and policies in place to manage risks and recover from disasters is pivotal. This course provides the learner with the knowledge to provide data redundancy and handling incidents and risks. This course teaches the learner how to identify the threats and vulnerabilities that can put information systems at risk and how to optimize a risk assessment and management system to protect resources. It covers risk limitation and mitigation and the security incident handling process. The course covers business continuity planning and shows how to design an effective disaster contingency plan and an optimized data recovery and restoration methodology. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC)2 for its Systems Security Certified Practitioner (SSCP) certification. The SSCP credential certifies student expertise in 7 different knowledge domains and covers the most recent key areas of knowledge as outlined in the Candidate Information Bulletin (CIB) effective date: February 1, 2012.

Target Audience
Experienced IT professionals with a basic knowledge of network and communications protocols and equipment seeking to pass the System Security Certified Practitioner (SSCP) exam, or otherwise gain knowledge in assessing, planning, implementing and managing IT security in an enterprise environment. A minimum of one year's professional experience in one of the seven SSCP CBK Domains is required for certification.

Expected Duration (hours)

Lesson Objectives

SSCP Domain : Risk, Response, and Recovery

  • recognize threats and vulnerabilities that expose information technology systems to risk
  • define key risk management concepts
  • recognize key factors for improving a risk management system
  • specify appropriate risk limitation controls for a particular scenario
  • describe a security incident detection and analysis process
  • describe a security incident containment and eradication process
  • identify key considerations for gathering and handling evidence
  • optimize a risk assessment methodology for a particular scenario
  • determine appropriate risk and incident handling methods for a particular scenario
  • describe a business impact analysis process
  • define key business impact analysis concepts
  • select an appropriate disaster recovery site for a particular scenario
  • identify key considerations for disaster recovery planning
  • describe disaster plan testing methodologies
  • identify an appropriate data backup rotation schedule for a particular scenario
  • identify features of high-availability and load-balancing clustering
  • select an appropriate RAID level for a particular scenario
  • optimize a disaster planning process for a particular scenario
  • analyze a data backup and restoration methodology
  • Course Number: