cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mariatirado
Community Manager

SSCP Exam Changes – Effective September 2024

On September 15, 2024, ISC2 will update the SSCP credential exam. These updates are the result of the Job Task Analysis (JTA), which is an analysis of the current content of the credential evaluated by ISC2 members on a triennial cycle.  

 

A title change is occurring for Domain 1. Security Operations and Administration will have a new title of Security Concepts and Practices. 

  

 

Current (Effective November 15, 2021) 

New (Effective September 15, 2024) 

 

Security Operations and Administration 

Security Concepts and Practices 

16% 

Access Controls 

Access Controls 

15% 

Risk Identification, Monitoring, and Analysis 

Risk Identification, Monitoring, and Analysis 

15% 

Incident Response and Recovery 

Incident Response and Recovery 

14% 

Cryptography 

Cryptography 

9% 

Network and Communications Security 

Network and Communications Security 

16% 

Systems and Application Security 

Systems and Application Security 

 

15% 

Total: 

100% 

 

For more information, please review the SSCP Exam Outline.

6 Replies
Awalker
Newcomer I

will the ISCP 2 Offical study guide change as well from third edition to fourth and how big of a change is the content

franklim1990
Newcomer III

I'd like the access control chapter updated to clarify some stuff.... Access control is a broad topic, and the scenarios doesn't seem to be described to me very well so far. I'm not finished with the chapter, but between memory management, the lack of access control on home pc's, the home pc style operating systems in business applications, the internet and its links to our applications, cloud file management like blobs, google drive, business and industrial sectors, human machine interfaces....

 

These are some of my experiences. I understand that basic concepts like identification, authentication, authorization, least privilege, privilege creep are all very applicable when managing identities. However, access control is semantically broad and in a diversifying field. The big dogs are pushing for changes, and it is fair to say the Windows was not what a lot of business were looking for when it comes to access management. Now we are seeing new file management platforms all over the place. Hundreds of them. I was particularly interested in Microsoft blobs though. Then we have all these new asset/content managers out here that push marketing content onto social media. Platforms like sprinklr and hookle.  Then we have all these security specialists talking about securing the gaps with SSPM's and using the right API's... The cyber security world doesn't seem to be talking much about what Amazon, Google, Microsoft, and other major companies are doing on their platforms though. So much has changed, and I feel like this chapter is a couple years behind or will need dramatically updated in the nearing future once the changes in file management stabilize. What does the next generation of file management look like?

 

I spent some time shopping, and couldn't find a company that could deliver my personal and professional wants when it comes to file management which is a different but still an applicable topic, I think... 

 

Human machine interfaces are huge in today's automotive industry, which is very much access control. Which brings into the question of command centers and remote access to machines.

 

Then we have all the talk about sessions, tokens... I hear about big hacks all the time related to this stuff. Yet, I don't feel like I'm much more qualified to protect a company from certain hacks. Only disfunction maybe, but then again, I still feel like I'm very limited.

 

From a programming perspective. I want to override a low-level class and invoke authorization as an easy escape from the complicated topic. My head is spinning with experiences. Every way I look at it I see vulnerabilities that I can't confirm if today's technologies are even protecting and the more, I learn the less I feel confidence in today's architectures. Our technologies grew in complexity which prevents most from malicious activity, but the vulnerabilities are often still there.

 

I need you all to do that thing where you make us put everything into categories so a can organize my thoughts into your standards 

franklim1990
Newcomer III

https://www.itu.int/rec/T-REC-X.1252-202104-I/en

This visual aid on ITU makes more sense to me than the visual aid on page 97 of the SSCP reference book.
Doug_Day
Viewer

Hello all,  I have completed the course for SSCP certification and I am preparing for the exam on 5/30.  How does the real exam compare to the exam at the end of the course?  I have looked at other resources and there are questions that weren't discussed in the instruction.  What other resources is everyone else using to prepare for the exam?  I also have the ISC2 SSCP book of official practice tests.  Is that a good resource?  Thank you.  Doug

franklim1990
Newcomer III

Mike Chapelle has a course on LinkedIn. Aka lynda.com I have a 2 month free trial referral. If you want to go through his videos, just send me a private message.
terpsfanatic
Newcomer II

It looks like only the name of the first domain changed.  Does this mean that only the content of the questions in the first domain changed and/or did the exam weighting pct also change?

 

It looks like the ISC2 SSCP course materials reflected the Domain 1 name change.