Part 5 of 5 in the Systems Security Certified Practitioner (SSCP®) series. This series will prepare you for the Systems Security Certified Practitioner (SSCP®) certification. Learn about cool topics like access controls, security operations, security administration, monitoring, analysis, risks, responses, recovery, cryptography, networks, communication, malicious code, and malicious activity. This training course is the perfect entry-level course for someone looking to launch their career in security or advance their current security position.
Malicious Code Hi, this is Tony Northrup for TrainSignal's SSCP certification video training course. And in this video lesson I'm going to be talking about malicious code. This is going to be a really fun and pretty quick lesson because we're going to go over all those software-based bad guys that you're going to see. And I'm going to talk about real world events in the news, and even show you how you could, theoretically, put on a black hat and do a big DDoS attack.
Malicious Activity Countermeasures Hi, this is Tony Northrup for TrainSignal's SSCP certification video training course, and in this lesson I'm going to talk about malicious activity countermeasures. All the ways you can protect yourself from all those clever attacks that I've been talking about in the other lessons. First and foremost, lots of training. Now-a-days so many attacks can't be prevented with firewalls, and anti-malware, and software because they exploit our weaknesses as human beings. So you just need to train your people. Spend lots and lots of time training them and refresh it on a regular basis. now I've covered this in way more depth in other lessons so I won't go into a lot of detail here, but be sure to teach them how to avoid phishing, and malware, and shoulder surfing, piggybacking, impersonation, social network attacks. Tell them over and over again: if you see something, say something. And maybe even have a reward system in place so they get paid because some people, you know, maybe they'd rather not, what they call, rat, or tattle, so you have to kind of motivate people to say something. Even though they're protecting their organization. You're IT people need really special training because they're the ones managing these systems, which now are so often the focus of these attacks. You're systems administrators, and systems engineers, and architects, get them SSCP- and CISSP-certified. As you can tell this whole process of certification requires you to learn about and respect security. For your developers, you need them to learn secure coding best practices. They can also get that by pursuing a certification in their development environment of choice.
Maintaining the Certification and CPEs Hi, this is Tony Northrup for TrainSignal's SSCP video certification training course, and in this lesson I'm going to discuss how you maintain your certification and your CPEs. First I'll introduce the ISC2, this is the organization that oversees the SSCP certification, and they want to make sure that you stay up-to-date. They don't want somebody who passed the certification 10 years ago, and then did something not security related to still call themself an SSCP. So you aren't guaranteed to hold on to your SSCP for life. If you don't use it, if you don't continue working in the security field you will lose your certification. You're forced to renew your SSCP every three years. Now, how does the ISC2 make sure that you're actually keeping up-to-date on security things? Well, they give you these Continuing Professional Education credits, these CPEs. And they require you to earn a certain number of CPEs every year, and every three years. And you earn CPEs by doing things like reading or writing security articles or books, going to security conferences, watching online seminars, teaching other people security stuff through public speaking, and I'll go over more comprehensive lists as we go through this lesson.