A system security certified professional (SSCP) is a vendor-neutral beginner certification that evaluates, tests and certifies an individual’s abilities in implementing and managing information security. SSCP certification is developed, maintained and monitored by the International Information Systems Security Certification Consortium ((ISC)2) for entry-level candidates seeking a career or skills in information security.
You must pass the test and provide one year of work experience to be eligible for the certification.
The SSCP is sponsored by the International Information System Security Certification Consortium, or (ISC)². Certification requirements include 1 year of experience in the field, a single 125-question test taken over 3 hours taken onsite or online with proctors, plus a fee.
The SSCP is considered the younger sibling of the more well-known CISSP (Certified Information Systems Security Professional) certification, also sponsored by (ISC)², which requires four years of experience in the field as well as a more intensive exam.
The Systems Security Certified Practitioner (SSCP) certification exam is composed of questions from seven domains: - Access Controls (16%) - Security Operations and Administration (15%) - Risk Identification, Monitoring, and Analysis (15%) - Incident Response and Recovery (13%) - Cryptography (10%) - Network and Communications Security (16%) - Systems and Application Security (15%)
To earn the SSCP certification, you need to have a minimum of at least one year of cumulative paid full-time work experience in one or more of the seven (ISC)2 SSCP domains. The domains are as follows: - Access Controls - Security Operations and Administration - Risk Identification, Monitoring, and Analysis - Incident Response and Recovery - Cryptography - Network and Communications Security - Systems and Application Security
These domains represent the seven major categories of information in the SSCP Common Body of Knowledge (CBK).
Maintaining Your SSCP Certification After you’ve earned the SSCP certification, you’re required to recertify every three years. The primary method of doing this is by acquiring 60 continuing professional education (CPE) credits every three years, with a minimum of 10 CPEs earned each year. Security constantly changes, and earning CPEs is one of the ways security professionals keep abreast of current security trends. The CPE requirement is a surprise to some people, but many professions use the same concept. As an example, medical doctors are required to complete a minimum number of continuing medical education (CME) credits to maintain their medical licenses. (ISC)2 categorizes CPE credits as Group A credits and Group B credits. Group A credits are for activities directly related to one of the domains in the CBK. Group B credits are optional and are earned for activities that are outside of the domain, but can still enhance a member’s general professional skills and competencies. You typically earn one CPE credit for each hour you spend in a related activity. Group A credits can be earned by attending educational/training courses and seminars, attending conferences, attending vendor presentations, completing some academic courses, and preparing for a presentation, lecture, or training event. Some examples of Group B credits include attending a management course and participating in project planning activities. This is not an exhaustive list, but instead just a few examples.
To maintain your SSCP certification, you must earn the following CPE credits: - At least 10 Group A CPEs annually - At least 60 CPE credits during a three-year certification period - At least 40 Group A CPE credits during a three-year certification period - As many as 20 Group B CPE credits during a three-year certification period
(ISC)2 has added an alternative to the one year of experience requirement. If you don’t have the experience but do have a bachelors or masters degree in a cybersecurity program, you can use that instead. The degree must be from an accredited college or university and either focused on cybersecurity or in one of the preapproved degree programs listed by (ISC)2.
A score of 700 out of a possible 1,000 points is required to pass the exam. However, that doesn’t necessarily mean that you’ll pass the exam if you answer 70 out of 100 graded questions correctly, because questions aren’t weighted the same. Out of the 100 valid questions, some questions may be worth 10 points, more difficult questions may be worth more than 10 points, and easier questions may be worth less. Just as (ISC)2 doesn’t tell you which questions are graded, it doesn’t advertise the actual value of any question.
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.