In cybersecurity, the digital perimeter often gets all the attention, but the simplest breach often starts with a physical lapse. Physical Security—specifically Site Access and Entry Controls—is a critical administrative control (Domain 1) that protects personnel, hardware, and, most importantly, the data stored on those physical assets. For the SSCP, you must understand how to […]
SSCP Day 6: Guarding the Physical Data: Media Protection
The focus of cybersecurity often lies on digital controls—firewalls and cloud encryption. However, the data stored on physical media (USB drives, backup tapes, hard drives, or even printouts) is often the most vulnerable. Media Protection Procedures are the administrative controls (Domain 1) that dictate how organizations must handle these physical assets to maintain confidentiality and […]
SSCP Day 5: Out with the Old, Securely: Lifecycle Management and Disposal
Once an asset has been identified and classified, the security work shifts to managing it through its entire lifespan—and most critically, its death. Asset Lifecycle Management is the administrative control (Domain 1) that ensures security remains consistent from the day an asset is purchased until the day it is securely destroyed. For the SSCP, you […]
SSCP Day 4: Securing What You Own: Asset Management
Before you can protect your data, you must know where it lives. The Asset Management process is the foundational administrative control (Domain 1) that addresses this challenge. It is the practice of tracking and managing the life cycle of every asset—be it a laptop, a server, or a critical database—that holds value and requires protection. […]
Seeing the Season with New Eyes: Reflections on “Christmas: The Things We May Have Missed”
The reflection on “Christmas: The Things We May Have Missed” uncovers the often overlooked aspects of the Nativity story, emphasizing God’s intentionality in every detail. The nine-day devotional encourages a deeper understanding of Christmas beyond commercialism, inviting readers to recognize the miraculous nature of the Incarnation and find gratitude in unexpected moments.
SSCP Day 3: Controlling the Chaos: Change Management Process
In the world of cybersecurity, stability is key. Every time a system is updated, a firewall rule is modified, or a server is patched, the organization introduces risk. The Change Management Process is the administrative control (Domain 1) designed to minimize this risk by ensuring that all system modifications are documented, reviewed, tested, and approved […]
SSCP Day 2: Beyond Compliance: The Critical Difference Between Security Awareness and Training
For the SSCP, or any security practitioner, understanding human controls is just as important as configuring a firewall. Too often, organizations use the terms “Security Awareness” and “Security Training” interchangeably, but they serve fundamentally different purposes in a robust security program. As an administrative control (Domain 1), your policies must mandate both, but with distinct […]
SSCP Day 1: Who’s Who in Security: Understanding the Core Roles
In cybersecurity, defense isn’t just about firewalls and encryption; it’s about people and processes. Before you implement a single technical control, you need clear administrative controls that define who is responsible for what. This concept, often called separation of duties, is essential for preventing fraud, limiting human error, and ensuring accountability. For the SSCP, you […]
ISC2 SSCP (Systems Security Certified Practitioner) Study Guide
The SSCP certification validates your hands-on ability to implement, monitor, and administer security controls in an IT infrastructure. The exam is highly focused on operational security and technical application. Domain 1: Security Operations and Administration (15%) This domain covers the foundational rules and processes that govern security within an organization. Domain 2: Access Controls (16%) […]
ISC2 SSCP 120-Day Weekday Study Plan
This schedule breaks down the seven SSCP domains and the final review strategy into 120 sessions. The weighting of the domains has been used to approximate the number of days assigned to each area. Day Domain 90-Minute Session Focus Week 1: D1 – Security Operations & Administration (15%) Day 1 D1 Security Roles (CISO, Analyst, […]