On September 15, 2024, ISC2 will update the SSCP credential exam. These updates are the result of the Job Task Analysis (JTA), which is an analysis of the current content of the credential evaluated by ISC2 members on a triennial cycle.
A title change is occurring for Domain 1. Security Operations and Administration will have a new title of Security Concepts and Practices.
|
Current (Effective November 15, 2021) |
New (Effective September 15, 2024) |
|
1 |
Security Operations and Administration |
Security Concepts and Practices |
16% |
2 |
Access Controls |
Access Controls |
15% |
3 |
Risk Identification, Monitoring, and Analysis |
Risk Identification, Monitoring, and Analysis |
15% |
4 |
Incident Response and Recovery |
Incident Response and Recovery |
14% |
5 |
Cryptography |
Cryptography |
9% |
6 |
Network and Communications Security |
Network and Communications Security |
16% |
7 |
Systems and Application Security |
Systems and Application Security
|
15% |
Total: |
100% |
For more information, please review the SSCP Exam Outline.
will the ISCP 2 Offical study guide change as well from third edition to fourth and how big of a change is the content
I'd like the access control chapter updated to clarify some stuff.... Access control is a broad topic, and the scenarios doesn't seem to be described to me very well so far. I'm not finished with the chapter, but between memory management, the lack of access control on home pc's, the home pc style operating systems in business applications, the internet and its links to our applications, cloud file management like blobs, google drive, business and industrial sectors, human machine interfaces....
These are some of my experiences. I understand that basic concepts like identification, authentication, authorization, least privilege, privilege creep are all very applicable when managing identities. However, access control is semantically broad and in a diversifying field. The big dogs are pushing for changes, and it is fair to say the Windows was not what a lot of business were looking for when it comes to access management. Now we are seeing new file management platforms all over the place. Hundreds of them. I was particularly interested in Microsoft blobs though. Then we have all these new asset/content managers out here that push marketing content onto social media. Platforms like sprinklr and hookle. Then we have all these security specialists talking about securing the gaps with SSPM's and using the right API's... The cyber security world doesn't seem to be talking much about what Amazon, Google, Microsoft, and other major companies are doing on their platforms though. So much has changed, and I feel like this chapter is a couple years behind or will need dramatically updated in the nearing future once the changes in file management stabilize. What does the next generation of file management look like?
I spent some time shopping, and couldn't find a company that could deliver my personal and professional wants when it comes to file management which is a different but still an applicable topic, I think...
Human machine interfaces are huge in today's automotive industry, which is very much access control. Which brings into the question of command centers and remote access to machines.
Then we have all the talk about sessions, tokens... I hear about big hacks all the time related to this stuff. Yet, I don't feel like I'm much more qualified to protect a company from certain hacks. Only disfunction maybe, but then again, I still feel like I'm very limited.
From a programming perspective. I want to override a low-level class and invoke authorization as an easy escape from the complicated topic. My head is spinning with experiences. Every way I look at it I see vulnerabilities that I can't confirm if today's technologies are even protecting and the more, I learn the less I feel confidence in today's architectures. Our technologies grew in complexity which prevents most from malicious activity, but the vulnerabilities are often still there.
I need you all to do that thing where you make us put everything into categories so a can organize my thoughts into your standards
Hello all, I have completed the course for SSCP certification and I am preparing for the exam on 5/30. How does the real exam compare to the exam at the end of the course? I have looked at other resources and there are questions that weren't discussed in the instruction. What other resources is everyone else using to prepare for the exam? I also have the ISC2 SSCP book of official practice tests. Is that a good resource? Thank you. Doug