SSCP Cert Prep: 3 Risk Identification, Monitoring, and Analysis

Get the detailed information you need to prepare for the risk identification, monitoring, and analysis domain of the SSCP exam.

Introduction

• Managing risks
• What you need to know
• Study resources

1. Risk Management

• Risk assessment
• Quantitative risk assessment
• Risk management
• Ongoing risk management
• Risk management frameworks
• Risk visibility and reporting

2. Threat Modeling

• Threat intelligence
• Managing threat indicators
• Intelligence sharing
• Identifying threats
• Automating threat intelligence
• Threat hunting

3. Understanding Vulnerability Types

• Vulnerability impacts
• Supply chain vulnerabilities
• Configuration vulnerabilities
• Architectural vulnerabilities

4. Vulnerability Scanning

• What is vulnerability management?
• Identifying scan targets
• Scan configuration
• Scan perspective
• CVSS (Common Vulnerability Scoring System)
• Analyzing scan reports
• Correlating scan results

5. Legal and Regulatory Concerns

• Legal and compliance risks
• Legal definitions
• Data privacy
• Data breaches

6. Security Monitoring

• Monitoring log files
• Security information and event management
• Continuous security monitoring
• Visualization and reporting
• Compliance monitoring
• Legal and ethical issues in monitoring

Conclusion

• Continuing your studies