As a candidate for the Systems Security Certified Practitioner certification from (ISC)2, you should be familiar with the (ISC)2 organization and the examination requirements, registration procedures, endorsement requirements, and continuing education and annual fee requirements. In addition to introducing you to the requirements, this chapter will help you prepare for the examination. You will learn about various successful study techniques used by other candidates as well as how to register for the exam.
It is important for you to relax and do your best work. By knowing what to expect during your time at the examination center and by being prepared, you will be at ease and will be able to concentrate on the examination subject.
The International Information Systems Security Certification Consortium (ISC)2 is a not-for-profit organization formed in 1989 to offer standardized vendor-neutral certification programs for the computer security industry. The first certification offered by the organization was the Certified Information Systems Security Professional (CISSP) certification. It was based upon a Common Body of Knowledge (CBK). The original CBK was intended to be all-encompassing, taking into consideration every aspect of information security from technical networking, information security models, and theory to physical security, such as fire extinguishers, perimeter lighting, and fences. The Systems Security Certified Practitioner (SSCP) credential was launched in 2001. It was intended as a foundational security credential requiring slightly less in-depth knowledge and a much more limited job experience criteria.
A key element central to the foundation of (ISC)2 is a Code of Ethics. Every member of the (ISC)2 organization, including candidates sitting for any of the certification examinations, must agree to and sign the Code of Ethics. It warrants that the members of the (ISC)2 organization adhere to the highest standards of conduct in the performance of their security duties.
Today, (ISC)2 is a global entity spanning more than 150 countries worldwide with membership totaling in excess of 100,000 members. The organization has been referred to as the “largest IT security organization in the world.”
As the stand-alone PC era evolved into an era of networking during the early 1980s, it became evident that there was a need for network security standardization. Security professionals required the ability to describe their problems and solutions with common terminology. Concepts, tools, and techniques had to be shared between individuals on a worldwide basis to solve common problems and take advantage of shared opportunities. Although during this time various vendors coined terms and definitions specific to their products or sector of the industry, a desire arose for a vendor-neutral body of knowledge and a methodology for granting credentials for individuals who exhibited the knowledge and competence required of the IT security industry.
(ISC)2 was founded during the summer of 1989 as a nonprofit organization to address the needs of IT security industry. The organization immediately began organizing a collection of topics relevant to the IT security industry. These topics were structured into a framework of concepts and terminology, with contributions from IT professionals around the world. The framework of ideas, terms, and concepts now known as the Common Body of Knowledge (CBK) allowed individuals from security practitioners to those in academia to discuss, create, and improve the IT security industry as it has evolved through the years.
(ISC)2 has evolved into a multifaceted organization offering numerous certifications and credential programs. The organization also offers an outreach program where members can use (ISC)2 tools and information to educate themselves and others and to increase the awareness of cyber crime in their local communities. Every year, tens of thousands attend an annual (ISC)2 Security Congress, which features seminars and exhibits. Central to the organization is the continuous education of its members. During the year, numerous seminars, webinars, and other training sessions are available for (ISC)2 members.
The award of a CISSP certification is a global recognition that an individual has proven knowledge in the security information field and has attained a high level of information understanding and professional competence. The CISSP certification has met all of the requirements of the ISO/IEC 17024 standard.
(ISC)2 has principal offices in the United States and additional offices in London, Hong Kong, and Tokyo. Major corporations around the world seek out and employ individuals with (ISC)2 certifications.
With over 93,000 certified IT professionals located in over 135 countries worldwide, the (ISC)2 organization has set the standard around the world as the leader in IT security certifications.
The SSCP certification has been accredited by the American National Standards Institute (ANSI). The certification is in compliance with the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 17024 standard.
In the aftermath of the September 11, 2001, terrorist attacks and with cybersecurity threats surfacing virtually every day around the world, the United States Department of Defense (DoD) has determined that information security and assurance is of paramount importance to the national security of United States. To provide a basis for enterprise-wide standardization to train, certify, and manage the DoD Information Assurance (IA) workforce, The department issued DoD Directive (DoDD) 8570.1.
DoDD 8570.1, enacted in 2004 and rolled out in 2005, is always evolving. Since 2005, major advancements in technology and cybersecurity have occurred, leading to the newest DoDD, 8140. DoDD 8140 was launched in the first quarter of 2015, retiring 8570.1 in full. DoDD 8140 is based on the National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) standard. DoDD 8140 will update DoDD 8570.1, adding additional categories and further defining job roles for better training.
The 8140 directive stipulates a much broader scope than the original 8570.1 document by stating that a person that comes in contact with DoD information must abide by 8140 framework standards. The 8140 document does not concentrate on specific job roles as in the 8570.1 but instead lists categories of job tasks that may be performed by any individual throughout the defense industry.
The 8140 directive consists of several main categories that are further broken down into tasks or special areas. Job skills, training, and focus areas are better defined using this category system. There are seven main categories that have tasks or special areas of their own. The main categories are as follows (see Figure 1.1):
The SSCP certified individual may be employed at many of these job types but most specifically in the Protect and Defend job category. The jobs and skill requirements in this category center on securing and defending against cyber-related attacks. Computer Network Defense, Computer Network Defense Infrastructure Support, Incident Response, Security Program Management, and Vulnerability Assessment and Management are the special areas in this category.
Why certify? Certification represents a mark of achievement and indicates that the individual has attained the required knowledge through personal study, classroom work, or laboratory applications and has passed a requisite examination of sufficient difficulty to thoroughly assess depth of knowledge. To many, the certification represents a milestone in an individual's career. It illustrates diligence, hard work, and a strong desire for self-improvement.
The importance of a certification is a reflection of the esteem and recognition of the institution or organization granting the certification. Hiring officials must recognize the certification as a representation of diligence and hard work on behalf of the individual and also a clear testament to the overall knowledge and skill set as evaluated by an examination. The concept of certifications eliminates the requirement of the hiring official having to “test” the job candidate or having to evaluate their depth of knowledge by some manner.
(ISC)2 has developed, in association with industry experts, a Common Body of Knowledge (CBK) that the certified SSCP individual must know to adequately perform the typical duties required by the job position for which they were hired. In this body of information are seven general categories referred to as domains.
The SSCP CBK consists of the following seven domains:
The use of encryption methods to protect valuable information from access, ensure data integrity, authenticity, and create non-repudiation and proof of message origin.
The candidate must also demonstrate at least one year of paid cumulative employment experience in an IT security position. Cumulative means that over your working career you spent some time performing the duties within one or more of the seven domains. When listing your experience, combine all of your experiences from any “work” endeavor to obtain a combined amount of experience time. If in doubt, you are invited to call (ISC)2 and speak with the representatives about meeting your work experience requirements. You will find that they are extremely friendly and helpful.
If you lack the required work experience, you may still take the examination and become an Associate of (ISC)2 until you have gained the required work experience time on the job.
Once you take and pass the exam, you must complete an application and have the application endorsed before you will be awarded the SSCP credential. You may also download the SSCP Applicant Endorsement Assistance Form from the (ISC)2 website for endorsement information. The endorsement form may be completed and signed by an (ISC)2 certified professional who is an active member. During the completion of the endorsement form, the certified professional will attest to your professional experience. If you do not have access to an (ISC)2 certified professional, you may send all materials to (ISC)2, which can act as an endorser for you.
With the endorsement form, you will be asked to send a resume illustrating your total work experience. This type of resume is different from a resume used to gain employment with a firm. (ISC)2 specifically wants to know the length of time you spent gaining experience in any of the SSCP domains. To provide this information, include the name of the company, your title, and two to three sentences concerning your job. Below the brief job description, clearly state one or more of the SSCP domains for which this employment position offered experience. Indicate the start date and end date in whole months. For instance, list a date as May 2014 to November 2014, seven months. Remember that (ISC)2 requires “cumulative” experience. This may be represented by different periods within the same company, time spent on several different projects, or time employed in a number of different companies.
Although you may have passed the SSCP certification exam, you may not use the SSCP credential or logo until you specifically receive notification with a congratulatory email from (ISC)2. It is important when communicating with (ISC)2 or anyone else to not use the SSCP logo or the letters behind your name until you have been authorized to do so. Should you include SSCP on the previously mentioned resume, it would be returned to you with removal instructions.
The (ISC)2 certification is valid for three years. Recertification or continued certification requires that the credentials be kept in good standing. Each certified member is required to submit continuing professional education (CPE) credits (referred to as CPEs) annually over the three-year period. A total of 60 CPE credits are required during the three-year period with a minimum of 10 CPE credits to be posted annually. More information on qualifying CPE credits is available on the (ISC)2 SSCP website. If you are ever in doubt about whether a CPE qualifies, you can call and talk to the friendly folks at (ISC)2.
The concept of requiring continuing professional education is an effort to keep the skill levels of various professionals such as lawyers, doctors, nurses, and IT professionals current and up-to-date with the latest concepts and knowledge in the industry. Individuals may take classes, conduct security courses, write articles or books, attend seminars or workshops, or attend security conventions. All of these activities afford learning experiences to the individual.
As part of certification maintenance, an annual maintenance fee (AMF) of $65 is due each year.
There are three general types of IT certifications.
Professional association certifications usually have a body of knowledge (BOK) established by the professional association. This body of knowledge is usually quite extensive, encompassing a broad range of topics with which the candidate must be familiar. Professional associations also require members to remain in good standing by paying annual maintenance fees or dues and abide by various rules, bylaws, or codes of conduct.
Typical professional associations include those for IT professionals, accountants, lawyers, medical professionals, project managers, engineers, and many other business, industrial, and service professions. Becoming a member of a professional association is by design a difficult task reserved for those who truly deserve the credential.
Generally, all types of certification organizations award their certification on an all-or-nothing basis. The candidate either passes or fails the examination. There is no such thing as “kind of” a CPA in the accounting profession.
A wide variety of talents are required in the IT security industry. It is not unusual for entry-level positions to be of a technical nature, where individuals learn a wide variety of skills as associates, hardware technicians, help desk analysts, network support associates, and incident responders. Many of these individuals perform the tasks of practitioners. Practitioners generally work in the field and have detailed experience or knowledge of networking devices, situational monitoring, and operational software. The SSCP certification is designed for the IT security professional practitioner.
Those in managerial positions require a greater overview of corporate IT systems and must correlate the goals and mission of the enterprise with the design and security of the IT systems and information. Generally these individuals are less nuts and bolts oriented and much more policy driven in a large-scale environment. The CISSP certification is ideal for IT managers, consultants, and senior staff responsible for information security and assuredness within an organization.
(ISC)2 offers a number of specialty certifications for the IT professional.
The Systems Security Certified Practitioner (SSCP) certification is a foundational certification with an emphasis on technical or practical knowledge. For example, it is intended for the person in an active role of systems maintenance, incident detection and response, and other tasks involving equipment support and risk control. The SSCP certification documents the knowledge of an individual and can be displayed on business cards, resumes, and other promotional materials.
The SSCP certification demonstrates that the individual has proficiency with IT security knowledge. The certification ensures that the candidate has the requisite knowledge to apply security concepts, tools, and procedures required during security incidents and that the individual can monitor systems and establish safeguards against threats to an organization.
The SSCP certification exam is open to all individuals who are working toward positions like the following within the IT security profession:
The SSCP certification is an ideal beginning point for those seeking a career in information security technology. It is an ideal introduction to many of the subjects required on future exams, such as the CISSP. (For the knowledge requirements, see the section “Certification Qualification: The SSCP Common Body of Knowledge” earlier in this chapter.)
The SSCP certification is ideal if you are seeking to improve your information security skills or seeking a position advancement or promotion. The seven SSCP CBK domains cover all of the major topics required by an entry-level IT security professional. These are the same topics covered in greater depth in much more advanced exams.
It is common for an IT security individual to be employed in a position that requires knowledge of only one or two of the domains. It is possible that several of the domains may be quite foreign. Studying for this certification establishes a foundation of knowledge that allows for career advancement, job rotation, management potential, and recognition as a well-rounded IT security professional.
Ideally, the SSCP candidate has at least one year cumulative work experience in one or more of the seven SSCP CBK domains. After the candidate passes the examination, however, this work experience is not necessary to immediately become a member of (ISC)2. Individuals may become an Associate of (ISC)2 until they gain the necessary one year of work experience.
Generally, an interest and a desire to become involved in the fastest-growing segment of the IT industry is all that is necessary to pursue certification. Any prior experience with programming, networking, hardware or software, databases, software applications, or general computer use within an organization is all that is required or desired as a launching point for the SSCP credential.
You will find that the SSCP CBK domains encompass a broad range of topics. What is required is that you have a general understanding of the subject matter and be able to answer examination questions as to the application and definitions of these concepts.
The SSCP candidate must complete the endorsement process after successfully completing the examination. The endorsement process has an time limit of nine months after the date of the exam or after the individual becomes an Associate of (ISC)2. If you do not obtain an endorsement within the nine-month endorsement time limit, you will be required to retake the exam in order to become certified.
The following steps are required for endorsement:
LinkedIn.com
. In the event you cannot find an (ISC)2 certified individual to act as an endorser, (ISC)2 can act as an endorser for you. Please see the endorsement assistant guidelines on the (ISC)2 website for additional information about the endorsement requirements.Credentials are maintained in good standing by participating in various activities and gaining professional continuing professional education credits (CPEs). CPEs are obtained through numerous methods such as reading books, attending seminars, writing papers or articles, teaching classes, attending security conventions, and participating in many other qualifying activities. For additional information concerning the definition of CPEs, visit the (ISC)2 website.
Individuals are required to post a minimum of 20 CPE credits each year on the (ISC)2 member website. Generally, the CPE credit posted will be recognized immediately by the system, but it's also subject to random audit. Please note that any CPEs accomplished prior to being awarded the SSCP certification may not be claimed. If an individual accomplishes more than 20 CPEs during one year, the remainder may be carried forward to the following year. The (ISC)2 website describes CPEs as items gained external to your current employment duties.
An annual membership fee (AMF) of US$65 is required each year. The membership time frame is an annual cycle beginning on the member's certification anniversary date.
A great many people use the SSCP certification as a stepping stone in their IT security career. In many cases, this may be the first certification obtained. Each of the SSCP CBK domains is foundational information that will show up in greater depth or granularity in many other IT security certifications. Depending upon the current career track, you may pursue vendor-specific certifications or vendor-neutral certifications to further your knowledge and recognition within the IT security industry. After obtaining the requisite years of work experience, you are encouraged to seek the prestigious CISSP credential from (ISC)2.
The Systems Security Certified Practitioner will have the knowledge and awareness of many aspects of protecting and defending cyber systems. This will include an awareness of access control, risk mitigation, change control, and network protection as well as many other knowledge areas that may be employed on the job.
It is important for the SSCP to understand the methods of security protection, hardware, and software systems involved and the tasks and procedures that the practioner may be assigned to perform. The use of your SSCP training will provide you with the skills to be able to confidently and competently perform duties in a professional manner.
The (ISC)2 organization is recognized worldwide as offering the most prestigious IT security certifications. Through the requisite learning process, extensive examination, work history evaluation, subscription to the (ISC)2 ethics statement, and annual maintenance through continuing education, employers and others throughout the industry recognize and revere the certifications.
Obtaining the SSCP certification is a career milestone. Once awarded, the SSCP letter designation may follow your name on business cards, stationery, and signature lines. You may proudly display the (ISC)2 SSCP logo and have it associated with your professional work. You will receive a signed, full-color, gold-foil-embossed certificate as illustrated in Figure 1.2, which may be framed and proudly displayed in your office or work area. You will be further identified by an (ISC)2 member number, which is printed on your certificate. At any time, employers may validate your certifications through the (ISC)2 organization.
All (ISC)2 members are encouraged to actively participate within their organization and throughout their community. (ISC)2 offers numerous training opportunities such as webinars, magazines, and emails as well as seminars, symposiums, and a security congress. There are think-tank roundtables, local events, and the Global Academic Program (GAP). All of these activities are explained on the (ISC)2 website.
As an SSCP, you will be recognized as having attained a certain level of expertise and IT security knowledge. Company managers, supervisors, team leaders, and other individuals may seek you out for insight on how IT security impacts their specific projects or duties in the enterprise as a whole.
(ISC)2 members are also encouraged to participate in community programs by spreading the word of IT security. Each member is encouraged to participate in the (ISC)2 sponsored Safe and Secure Online Program. The Safe and Secure program features a security seminar that can be presented to schoolchildren, churches, organizations, and other general groups of people interested in IT and online security. (ISC)2 supplies all of the manuals and booklets and facilitator guides required to conduct the seminars.
The (ISC)2 organization has numerous local chapters around the world. You can locate them by accessing the chapter directory on the (ISC)2 website. Various chapters may be titled as an (ISC)2 CISSP chapter, but do not let that deter you. Feel free to contact the chapter manager or membership manager and invite yourself to their meeting. Participating in (ISC)2 chapter meetings will allow you to meet and network with many of the top IT security professionals in the area. Organization dues are minimal, and usually each chapter offers a speaker or a program at each meeting. You do not have to hold a current credential prior to visiting a chapter meeting. Chapter meetings are a great place to learn about the IT security industry, and many of the individuals within a chapter can be approached for study suggestions, subject questions, or even mentoring or tutoring.
The SSCP exam is a skills and knowledge security exam sponsored by (ISC)2. The exam is focused on understanding key security concepts.
You may expect some situation questions, which describe a situation and ask for the action that you would take in this situation. All acronyms will be spelled out, such as, for instance, access control list (ACL). Many questions will ask for the MOST correct or LEAST correct or use logical operators such as NOT, ALWAYS, BEST, TRUE, or FALSE. You should carefully read and understand any questions that contain any qualifier word. In most cases, this word with be in all capital letters, but carefully read any question, whether or not there are capitalized words.
It is important to remember that you are not penalized for wrong answers. Even if it is a guess, make sure every question has a marked answer.
Passing Score Passing score is 700 out of a possible 1,000. It is reported that the questions are weighted values. This means you may be required to have more or less than 70 correct to pass the exam. The examination is pass/fail.
You can prepare for the SSCP examination through a variety of activities and techniques:
For additional information concerning classroom-based training, online training, or private training, email education@(ISC)
2.org
or call 1.866.462.4777 or +1.703.781.6781 outside the United States.
Although it's nice to use the (ISC)2 training products, please do not think that they are necessary. The majority of individuals who have passed the SSCP exam have done so by self-studying and reading.
As you may remember from high school or college, studying for any exam takes time and diligence. Not only must you read through the material, but you must be able to understand the topics and concepts to adequately be able to answer the questions. The challenge on a certification exam such as the SSCP is the broad scope of the information contained in seven domains. While some of the material will seem easy and logical, it may be very easy to become bogged down in other topics.
Finding a location to study is not always easy in our busy lives. The place you select should be private and quiet. This examination is not something that you can study for in a local coffee shop. If you find yourself easily distracted by sounds, many sporting goods stores offer inexpensive earplugs or hearing protection headphones that may reduce the distraction from noise in your study location. If you must select between a location with noise and a location with people coming and going, choose the noisy location with privacy and use earplugs rather than being tempted to look up every time somebody passes by.
Through our high school and college years, many of us developed a variety of study techniques, habits, and learning methods, some better than others. It is a proven fact that we learn differently. We all have five senses, and some of us make use of these senses in different ways. The following list includes some personal study techniques shared over the years by college students who were studying technical or complex subjects.
YouTube.com
have allowed the ability to view a short presentation on a specific subject. These presentations can last from a few minutes to an hour or more. While some presenters are better than others, the ability to view a presentation, especially a short one, has its advantages as a learning technique. A typical YouTube video on IPsec is at www.youtube.com/watch?v=rwu8GG_rw
.If you use this technique, envision reading material as if you had to explain the concept to your boss, a committee at work, or even a family member. This allows you to dissect the information and then reform it in your own words so that you can verbally explain it. While you're doing this, jot down some talking points or “lecture notes” on your notepad for your made-up presentation.
When studying, it is easy to become immersed in the subject, especially if you are researching or watching a video. It is important to remember the scope of the SSCP exam subject matter. The exam covers only the terms and definitions of security concepts. This is an entry-level examination in IT security for individuals with one year of experience. It is very easy to find an incredible amount of very detailed information on any IT security subject and become very frustrated.
It is easy to become distracted in our everyday lives. There are always demands from our jobs, family matters, personal problems, and even procrastination. As with any project, it's always beneficial to create a time frame for accomplishing a project or activities within the project. You might start by establishing an examination date. If you're prone to procrastination, even go so far as to book the exam and pay for the examination voucher. Once you have set the examination date, you have the ability to work backward to schedule your study activities. This may assist you in keeping focused on the task of becoming an SSCP.
The SSCP examination may be scheduled and taken at a Pearson VUE professional testing center. To schedule an exam, go to the (ISC)2 website. You will then be redirected to the Pearson VUE scheduling site. Please note that the (ISC)2 utilizes the Pearson Professional Centers. The Pearson Professional Centers provide for greater security and candidate authentication. In any metropolitan area, there may be only a few of the Professional Centers compared to many regular Pearson VUE testing centers.
Make sure you read and understand the cancellation, reschedule, and refund policy concerning the examination. Since this is a three-hour examination, exams will begin at only certain times during the day, and in some testing locations, exams may be offered only a few times each month. In the event that you have difficulty finding a Pearson Professional Center, click the Pearson VUE customer service link on the Pearson VUE scheduling website.
While on the Pearson VUE exam scheduling website, you'll see that the SSCP examination is offered in a number of languages. You may select the language of your choice. The examination is available in the following languages:
An exam voucher may be attained and fees paid during the scheduling process on the Pearson VUE website. Vouchers may be obtained in bulk on the (ISC)2 website. This is ideal for companies that are scheduling a number of people for various exams. Of course, the more vouchers purchased, the greater the discount.
It is very important to understand the Pearson VUE exam reschedule and cancellation policy. This policy is stated on the Pearson VUE website and is reiterated after you have scheduled the exam and purchased the voucher. It's advisable to immediately contact Pearson VUE if you have a conflict with the exam date and/or time.
These policies were in effect at the date of publication of this text. You are advised to contact the Pearson VUE website for up-to-date information.
You will be asked to read the (ISC)2 Candidate Background Qualifications. The acknowledgement question on the website is as follows:
*I have read and acknowledge that I am eligible for certification with (ISC)2 based on the criteria outlined on
https://www.isc2.org/candidate-background.aspx
○ I am eligible for certification
(ISC)2 requires that the examination candidate agree to and sign the Code of Ethics and a nondisclosure agreement (NDA). The NDA is on the Pearson VUE website at www.pearsonvue.com/isc2/isc2_nda.pdf
. It is highly recommended that you read it prior to getting to the exam location. At the very beginning of the exam, you will be presented with the NDA, and you will have 5 minutes to read and accept the agreement. If the 5-minute time limit expires, you will not be able to take the exam and all exam fees will be forfeited.
Many of us like to plan ahead. We like to know what to expect. When taking exams, it is important to not create added stress through surprises. In the following sections, you will learn about some best practices and what to expect during your visit to the examination center.
It is often comforting to have a plan for what to do and how to relax the evening before an exam and what to do the morning or afternoon of exam day. For example, you can plan for unusual traffic delays or take into account the time involved locating the exam center in an unfamiliar part of the city.
It may have worked for some people when they were in college, but the SSCP exam is not something that you can cram for the evening before. As mentioned earlier, you should establish a study regime that allows you adequate time to read and reflect on the material. The evening before the exam, you might do a very brief review, have a good dinner, and get plenty of rest. Although you may not need all of the time allotted, it is a three-hour exam.
It is important to plan the day of your exam. Here are some best practices to keep in mind:
An ideal use for the plastic worksheet is for a memory dump. Upon beginning the examination, many examination candidates write down on the plastic worksheet information they memorized, including items that might be confusing or detailed, such as the layers of the OSI model, the names of various protocols, cryptography algorithms, and risk formulas. This may be done prior to answering the first test question when the information is fresh in your mind.
Because this is a three-hour exam, you may take a break. This might encompass sitting back in your seat and relaxing for a few minutes, standing at your place and stretching quietly, or taking a few steps. When standing, stretching, or communicating with the proctor, it is important to not create any distraction for other exam takers.
Many exam takers use a break as a stopping point or goal. For instance, you might take a first pass through the exam, answering questions that you recognize and marking those that you wish to return to. At the end of the first pass, you might take a short break. You would then proceed through a second pass, reviewing the questions that were marked during the first pass.
When the exam begins, you will observe a multiple-choice question and four possible answers. In the upper-right portion of your screen, you will see a Mark For Review button. This allows you to return to questions you had a problem with or would like to review at the end of the exam. In the lower section of the screen, you will see forward and back buttons so that you can navigate through the exam. At the end of the exam, you will see a page listing the questions you have marked for review. You can access and review any of the questions prior to submitting your final exam result. At the end of the exam, there will be a Finish And Submit button, which ends the exam.
(ISC)2 is very good about responding to you by email with the expected number of weeks it requires to complete the procedures prior to issuing you a certificate. Upon submission of your resume and endorsement form, you'll receive an email specifying the amount of time required to review the materials. Once your resume and endorsement form have been approved, you'll receive an email congratulating you for having been awarded the SSCP certification. The same email also specifies that you will receive your certification certificate within four to six weeks.
Each member of (ISC)2 receives a member number. Once you receive your member number, you may access the (ISC)2 website, establish login credentials, and view members-only information. While on the (ISC)2 member website, you may also complete your member profile, view open jobs and positions, and subscribe to various periodicals and webinars.
In this chapter, you became familiar with the (ISC)2 organization and its history and the certifications it offers. Various corporate, industrial, and government organizations either require certifications or will state that they prefer candidates for employment to have acquired various certifications.
The SSCP exam is based upon the SSCP Common Body of Knowledge, which has been established as including the knowledge and skills an SSCP should possess. Examination vendors are typically vendor neutral, vendor specific, or a professional association. (ISC)2 is a professional association offering premier certifications that are recognized worldwide.
Most successful exam candidates plan their study time and use various methods such as marking the textbook, drawing a concept, or viewing pictures or videos. It is also important to relax and not cram the evening before the exam. Planning for the exam day is also important. The examination centers are busy places. At Pearson Professional Centers, you should register no later than 15 minutes prior to exam time, but it is suggested that you arrive 30 to 45 minutes prior to the exam because other folks will be registering before you. In many centers, expect to “take a number.” As an exam taker, you may take a break, call the exam proctor, and make use of a plastic marker sheet and erasable pen during the exam.
I discussed various strategies for taking the exam, such as making an initial pass through the exam and answering questions you recognize first and then returning to those you have marked to review at a later time. All answers count, so do not leave any blank.
Department of Defense Directive 8140 replaces 8570.1, which has been retired. DODD 8140 encompasses a much broader scope based upon job tasks rather than position titles.
18.222.20.20