Saturday, September 15, 2018

SSCP 2018 Exam Changes



With effect from 1st November 2018, (ISC)2 would be doing a domain refresh in the course content of SSCP certification. This is in line with a refresh cycle of 3 years for every certification which (ISC)2 offers.

In this post, we look at changes which will take place in this refresh. We will look at it from a perspective of what will remain the same for an exam giver and what would change.

Question 1. Have the domains changed completely?

No, the weight of the domains has changed. There are minor changes. So if “Security Operations & Administration” had a weight of 17% in the earlier exam (2015), it has been reduced to 15% in the new exam outline.

Question 2. Would the changes affect my already bought course material?

No, the course content broadly remains the same. The course content does not change. Your old books or exam material will remain fully valid. 

Question 3. Is there a change in the exam format too just like CISSP?

Absolutely No. The format remains the same. You will have 125 questions to answer in 3 hours where 100 questions will be graded. 25 questions are research questions, however, from an examination point of view, you’ll not be able to differentiate amongst them. There is no negative marking, hence you must attempt all the questions. You need to secure 700 out of 1000 points to clear the exam.

Question 4. Where can I identify the changes that have been brought in topic wise with respect to various domains?

Here are the exam outlines for your reference: 



Domain Wise Changes are also mentioned here for your assistance:

Domain 1 Access Controls
New Additions:
Federated Access, IAM systems, Subject-based & Object-Based Access Controls.

Domain 2 Security Operations and Administration
New Additions:
Software inventory and licensing, Data Storage, Periodic audit review.

Domain 3 Risk Identification, Monitoring, and Analysis
New Additions:
Risk management frameworks (e.g., ISO, NIST), Remediation validation, Audit finding remediation, Legal and regulatory concerns (e.g., jurisdiction, limitations, privacy).

Domain 4 Incident Response and Recovery
New Additions:
Support incident lifecycle (Preparation, Detection, analysis, and escalation, Containment, Eradication, Recovery, Lessons learned/implementation of new countermeasure)

Domain 5 Cryptography
New Additions:
Web of Trust (WOT) (e.g., PGP, GPG) 
Note – In this domain, some restructuring has taken place. Although the new exam outline shows some topics, they were also present in the older CBK too.

Domain 6 Network and Communications Security
New Additions:
Transmission media types (e.g., fiber, wired, wireless), Network relationships (e.g., peer to peer, client-server), Wireless security devices (e.g., WIPS, WIDS), Bluetooth, 

Domain 7  Systems and Application Security
Removed: Secure Big Data Systems (Application vulnerabilities, Architecture or design vulnerabilities)

Question 5. Has the cost of the exam changed?

No, the cost of the exam remains the same. You need to pay 250USD or equivalent and book the exam through the Pearson Vue Centre only.

Question 6. When will these changes go into effect?

All changes will reflect from 1st November 2018. 

Question  7. Do these updates affect the experience requirement for the SSCP?

No. The changes do not affect the experience requirement. For the SSCP, a candidate is required to have a minimum of one year of cumulative work experience in one or more of the seven domains of the SSCP CBK.

Question 8. Where can I practice exam based questions for the new changes?

I have created two courses for the same. The links to these courses are given below. Please be rest assured that these practice questions have been made considering the new changes that have been brought in. SSCP Mock Exam 2 is also coming in November.



Question 9. Is there a training available with respect to the new course changes?

For official training, you can check the (ISC)2 website. 
I would be uploading the complete training course on Teachable which will reflect all the changes. This training will contain all the new topics and the updated course content. A new tab called the “SSCP Training Course” will be available in November on the website.

Overall, the changes brought in by (ISC)2 do not reflect any major changes as such. Certain topics which have been added reflect the importance which (ISC)2 wants to showcase in certain areas. From a domain perspective too, the weight of “Cryptography” has increased, which makes more sense.

In case you have any more questions regarding the SSCP 2018, feel free to drop in as comments in the comment section below. I will be happy to answer them for you.

Happy Learning.

No comments: