Vendor:
ISC2 
Training Language:
Nederlands
Duration:
4 days
Category:
CISSP has long been the desired certification for the experienced security professional, preferably one with management responsibility. For IT professionals with less security experience or those primarily engaged in hands-on, operational security tasks, CISSP is less suitable, primarily due to the experience requirements.
SSCP was developed to provide this target group with relevant security knowledge. Participants in the SSCP training are often involved in the implementation, monitoring, and management of the IT infrastructure in accordance with information security guidelines, procedures, and requirements that must guarantee data confidentiality, integrity, and accessibility. CISSP and SSCP certified professionals speak the same security language but from their own perspectives, complementing each other in their different responsibilities.
SSCP also provides a complete overview of all operational security tasks and responsibilities, making it a useful training for almost any IT professional seeking an independent, internationally recognized security certification. SSCP is primarily a conceptual training that teaches you what and why things need to happen and how to ensure this tactically in policies. How you do this technically (hands-on) largely falls outside the scope of SSCP and is more found in alternatives like CompTIA Security+ or Certified Network Defender (CND).
As AI tools evolve from experimental to operational use, the SSCP Exam Outline has been adjusted to ensure that professionals can safely implement, monitor, and manage these technologies. By integrating AI topics into the seven SSCP domains, candidates are assessed on their ability to master the technical reality of AI - from securing automated access controls to deploying machine learning for real-time incident response.
In preparation for the SSCP training, you will receive the corresponding study materials, including practice questions, upon registration. This way, you will enter the classroom training better prepared and can ask more targeted questions based on the material covered to the experienced instructor. The result is an interactive course with more depth on the heavier topics. Our approach also increases your chances of passing the exam, with annual pass rates above 90%.
The SSCP training is classroom-based but can also be attended Live Online if desired. You will then attend the training live remotely with our own instructor, follow along with the notes on the whiteboard, participate in all labs, and can ask questions to both the trainer and your fellow participants. So, it's basically just like being present at the classroom training, but from your own location. If the Live Online training does not meet your expectations, you may attend the classroom training again free of charge within a year.
ISC2 Code of Ethics
Organisatorische gedragscode
Confidentiality
Integrity
Availability
Accountability
Non-repudiation
Least privilege
Segregation of duties (SoD)
Technische controls (bijv. firewalls, intrusion detection systems (IDS), access control lists (ACL))
Fysieke controls (bijv. mantraps, camera’s, sloten)
Administratieve controls (bijv. security policies, standaarden, procedures, baselines)
Beoordelen van compliance-eisen
Periodieke audits en reviews
Deterrent controls
Preventative controls
Detective controls
Corrective controls
Compensating controls
Proces, planning, ontwerp en initiatie
Ontwikkeling/Aanschaf (bijv. DevSecOps, testing)
Inventarisatie en licenties (bijv. open source, closed source)
Implementatie/Assessment
Operationeel beheer/Onderhoud/End of Life (EOL)
Archivering en bewaartermijnen
Verwijdering en vernietiging
Change management (bijv. rollen, verantwoordelijkheden, processen, communicatie, audit)
Security impactanalyse
Configuration management (CM)
Security awareness en training (bijv. social engineering, phishing, tabletop oefeningen, awareness communicatie)
Samenwerken met fysieke beveiliging (bijv. datacenter/facility assessments, badging & visitor management, beperkingen op persoonlijke apparaten)
Single/Multi-factor authentication (MFA)
Single sign-on (SSO) (bijv. ADFS, OpenID Connect)
Device authentication (bijv. certificaten, MAC-adres, TPM)
Federated access (bijv. OAuth2, SAML)
Trust relationships (bijv. one-way, two-way, transitive, zero)
Internet, intranet, extranet en demilitarized zone (DMZ)
Third-party koppelingen (bijv. API’s, app extensions, middleware)
Authorization
Proofing
Provisioning/De-provisioning
Monitoring, rapportage en onderhoud
Entitlement (bijv. rechten en resources)
Identity and access management (IAM)-systemen
Mandatory
Discretionary
Role-based (bijv. PAM)
Rule-based
Attribute-based
Risico-inzicht en rapportage (bijv. risk register, IOC’s, CVSS, MITRE ATT&CK)
Risicomanagementconcepten (bijv. impactanalyses, threat modeling)
Risicomanagementframeworks
Risicotolerantie (bijv. risk appetite)
Risicobehandeling (accept, transfer, mitigate, avoid)
Jurisdictie, beperkingen, privacy
Implementatie van frameworks
Security testing
Risicoreviews
Vulnerability management lifecycle (scanning, rapportage, analyse, remediation)
Securityplatformen beheren en monitoren
Bronsystemen (bijv. applicaties, netwerkdevices, hosts)
Relevante events (bijv. afwijkingen, ongeautoriseerde wijzigingen)
Log management
SIEM (monitoring, analyse, auditing)
Monitoringresultaten analyseren
Baselines en afwijkingen
Visualisaties, metrics en trends
Event data-analyse
Rapporteren en escaleren van bevindingen
Incident response lifecycle (bijv. NIST, ISO)
Voorbereiding
Detectie, analyse en escalatie
Containment
Eradication
Recovery
Post-incident activiteiten
Forensisch onderzoek begrijpen en ondersteunen
Juridische en ethische principes
Evidence handling (chain of custody, preservation)
Rapportage
Compliance met security policies
Business Continuity (BCP) en Disaster Recovery (DRP) ondersteunen
Noodprocedures en crisismanagement
Alternatieve verwerkingsstrategieën
Herstelplanning (RTO, RPO, MTD)
Back-up en redundantie
Testen en oefeningen
Confidentiality, integrity en authenticity
Gevoeligheid van data (PII, IP, PHI)
Wet- en regelgeving en best practices (bijv. PCI-DSS, ISO)
Entropy en (quantum) cryptografie
Hashing en salting
Symmetrische/asymmetrische encryptie, ECC
Non-repudiation (digitale handtekeningen, HMAC)
Sterkte van algoritmes (AES, RSA)
Cryptografische aanvallen
Services en protocollen
Use cases (bijv. VPN, web, betalingen)
Beperkingen en kwetsbaarheden
Key management (opslag, rotatie, vernietiging)
Web of Trust (WOT) (bijv. PGP, GPG, blockchain)
OSI- en TCP/IP-modellen
Netwerktopologieën
Netwerkrelaties (P2P, client-server)
Transmissiemedia
SDN en SD-WAN
Poorten en protocollen
Netwerkaanvallen (bijv. DDoS, MITM, DNS poisoning)
Countermeasures (bijv. firewalls, IDPS, CDN)
Network access controls (bijv. IEEE 802.1X, RADIUS, TACACS+)
Remote access (VPN, VDI)
Positionering van devices
Segmentatie (VLAN, ACL, micro-segmentation)
Secure device management
Firewalls, proxies, WAF, CASB
IDS/IPS
Routers en switches
NAC, DLP, UTM
Draadloze communicatie beveiligen (bijv. Wi-Fi, Bluetooth, NFC)
WPA, WPA2, WPA3, EAP
IoT beveiligen en monitoren (bijv. configuratie, isolatie, firmware, EOL)
Malware (bijv. ransomware, trojans, worms)
Countermeasures (anti-malware, isolatie)
Aanvalstypen (bijv. APT, DDoS, zero-day)
Social engineering (phishing, vishing, etc.)
Behavior analytics (AI, machine learning)
HIPS/HIDS
Host firewalls
Application whitelisting
Endpoint encryptie
TPM
Secure browsing
EDR
COPE, BYOD, MDM
Containerization en encryptie
Mobile application management
Deployment- en servicemodellen (IaaS, PaaS, SaaS)
Virtualisatie (hypervisor, VPC)
Juridische aspecten
Data lifecycle
SLA’s en outsourcing
Shared responsibility model
Hypervisors (Type 1 en 2)
Containers en virtual appliances
Continuïteit en resilience
Storage management
Aanvallen en countermeasures (bijv. VM escape, brute force)
CISSP has long been the desired certification for the experienced security professional, preferably one with management responsibility. For IT professionals with less security experience or those primarily engaged in hands-on, operational security tasks, CISSP is less suitable, primarily due to the experience requirements.
SSCP was developed to provide this target group with relevant security knowledge. Participants in the SSCP training are often involved in the implementation, monitoring, and management of the IT infrastructure in accordance with information security guidelines, procedures, and requirements that must guarantee data confidentiality, integrity, and accessibility. CISSP and SSCP certified professionals speak the same security language but from their own perspectives, complementing each other in their different responsibilities.
SSCP also provides a complete overview of all operational security tasks and responsibilities, making it a useful training for almost any IT professional seeking an independent, internationally recognized security certification. SSCP is primarily a conceptual training that teaches you what and why things need to happen and how to ensure this tactically in policies. How you do this technically (hands-on) largely falls outside the scope of SSCP and is more found in alternatives like CompTIA Security+ or Certified Network Defender (CND).
As AI tools evolve from experimental to operational use, the SSCP Exam Outline has been adjusted to ensure that professionals can safely implement, monitor, and manage these technologies. By integrating AI topics into the seven SSCP domains, candidates are assessed on their ability to master the technical reality of AI - from securing automated access controls to deploying machine learning for real-time incident response.
In preparation for the SSCP training, you will receive the corresponding study materials, including practice questions, upon registration. This way, you will enter the classroom training better prepared and can ask more targeted questions based on the material covered to the experienced instructor. The result is an interactive course with more depth on the heavier topics. Our approach also increases your chances of passing the exam, with annual pass rates above 90%.
The SSCP training is classroom-based but can also be attended Live Online if desired. You will then attend the training live remotely with our own instructor, follow along with the notes on the whiteboard, participate in all labs, and can ask questions to both the trainer and your fellow participants. So, it's basically just like being present at the classroom training, but from your own location. If the Live Online training does not meet your expectations, you may attend the classroom training again free of charge within a year.
ISC2 Code of Ethics
Organisatorische gedragscode
Confidentiality
Integrity
Availability
Accountability
Non-repudiation
Least privilege
Segregation of duties (SoD)
Technische controls (bijv. firewalls, intrusion detection systems (IDS), access control lists (ACL))
Fysieke controls (bijv. mantraps, camera’s, sloten)
Administratieve controls (bijv. security policies, standaarden, procedures, baselines)
Beoordelen van compliance-eisen
Periodieke audits en reviews
Deterrent controls
Preventative controls
Detective controls
Corrective controls
Compensating controls
Proces, planning, ontwerp en initiatie
Ontwikkeling/Aanschaf (bijv. DevSecOps, testing)
Inventarisatie en licenties (bijv. open source, closed source)
Implementatie/Assessment
Operationeel beheer/Onderhoud/End of Life (EOL)
Archivering en bewaartermijnen
Verwijdering en vernietiging
Change management (bijv. rollen, verantwoordelijkheden, processen, communicatie, audit)
Security impactanalyse
Configuration management (CM)
Security awareness en training (bijv. social engineering, phishing, tabletop oefeningen, awareness communicatie)
Samenwerken met fysieke beveiliging (bijv. datacenter/facility assessments, badging & visitor management, beperkingen op persoonlijke apparaten)
Single/Multi-factor authentication (MFA)
Single sign-on (SSO) (bijv. ADFS, OpenID Connect)
Device authentication (bijv. certificaten, MAC-adres, TPM)
Federated access (bijv. OAuth2, SAML)
Trust relationships (bijv. one-way, two-way, transitive, zero)
Internet, intranet, extranet en demilitarized zone (DMZ)
Third-party koppelingen (bijv. API’s, app extensions, middleware)
Authorization
Proofing
Provisioning/De-provisioning
Monitoring, rapportage en onderhoud
Entitlement (bijv. rechten en resources)
Identity and access management (IAM)-systemen
Mandatory
Discretionary
Role-based (bijv. PAM)
Rule-based
Attribute-based
Risico-inzicht en rapportage (bijv. risk register, IOC’s, CVSS, MITRE ATT&CK)
Risicomanagementconcepten (bijv. impactanalyses, threat modeling)
Risicomanagementframeworks
Risicotolerantie (bijv. risk appetite)
Risicobehandeling (accept, transfer, mitigate, avoid)
Jurisdictie, beperkingen, privacy
Implementatie van frameworks
Security testing
Risicoreviews
Vulnerability management lifecycle (scanning, rapportage, analyse, remediation)
Securityplatformen beheren en monitoren
Bronsystemen (bijv. applicaties, netwerkdevices, hosts)
Relevante events (bijv. afwijkingen, ongeautoriseerde wijzigingen)
Log management
SIEM (monitoring, analyse, auditing)
Monitoringresultaten analyseren
Baselines en afwijkingen
Visualisaties, metrics en trends
Event data-analyse
Rapporteren en escaleren van bevindingen
Incident response lifecycle (bijv. NIST, ISO)
Voorbereiding
Detectie, analyse en escalatie
Containment
Eradication
Recovery
Post-incident activiteiten
Forensisch onderzoek begrijpen en ondersteunen
Juridische en ethische principes
Evidence handling (chain of custody, preservation)
Rapportage
Compliance met security policies
Business Continuity (BCP) en Disaster Recovery (DRP) ondersteunen
Noodprocedures en crisismanagement
Alternatieve verwerkingsstrategieën
Herstelplanning (RTO, RPO, MTD)
Back-up en redundantie
Testen en oefeningen
Confidentiality, integrity en authenticity
Gevoeligheid van data (PII, IP, PHI)
Wet- en regelgeving en best practices (bijv. PCI-DSS, ISO)
Entropy en (quantum) cryptografie
Hashing en salting
Symmetrische/asymmetrische encryptie, ECC
Non-repudiation (digitale handtekeningen, HMAC)
Sterkte van algoritmes (AES, RSA)
Cryptografische aanvallen
Services en protocollen
Use cases (bijv. VPN, web, betalingen)
Beperkingen en kwetsbaarheden
Key management (opslag, rotatie, vernietiging)
Web of Trust (WOT) (bijv. PGP, GPG, blockchain)
OSI- en TCP/IP-modellen
Netwerktopologieën
Netwerkrelaties (P2P, client-server)
Transmissiemedia
SDN en SD-WAN
Poorten en protocollen
Netwerkaanvallen (bijv. DDoS, MITM, DNS poisoning)
Countermeasures (bijv. firewalls, IDPS, CDN)
Network access controls (bijv. IEEE 802.1X, RADIUS, TACACS+)
Remote access (VPN, VDI)
Positionering van devices
Segmentatie (VLAN, ACL, micro-segmentation)
Secure device management
Firewalls, proxies, WAF, CASB
IDS/IPS
Routers en switches
NAC, DLP, UTM
Draadloze communicatie beveiligen (bijv. Wi-Fi, Bluetooth, NFC)
WPA, WPA2, WPA3, EAP
IoT beveiligen en monitoren (bijv. configuratie, isolatie, firmware, EOL)
Malware (bijv. ransomware, trojans, worms)
Countermeasures (anti-malware, isolatie)
Aanvalstypen (bijv. APT, DDoS, zero-day)
Social engineering (phishing, vishing, etc.)
Behavior analytics (AI, machine learning)
HIPS/HIDS
Host firewalls
Application whitelisting
Endpoint encryptie
TPM
Secure browsing
EDR
COPE, BYOD, MDM
Containerization en encryptie
Mobile application management
Deployment- en servicemodellen (IaaS, PaaS, SaaS)
Virtualisatie (hypervisor, VPC)
Juridische aspecten
Data lifecycle
SLA’s en outsourcing
Shared responsibility model
Hypervisors (Type 1 en 2)
Containers en virtual appliances
Continuïteit en resilience
Storage management
Aanvallen en countermeasures (bijv. VM escape, brute force)
This training is scheduled as follows in the coming period. Missing a date? Feel free to contact us.
Location: TSTC Veenendaal - Klassikaal & Live Online
Location: TSTC Veenendaal - Klassikaal & Live Online
Location: TSTC Veenendaal - Klassikaal & Live Online
This training can also be taken as part of the below learning path(s). If you want to follow multiple titles from a learning path, please contact our advisors for a suitable bundle offer.
Train smarter, not harder. TSTC's unique approach guarantees the effective acquisition of skills and the greatest chance of success.
Learn more about TSTC
