SSCP - Security Operations and Administration Flashcards
ISC2 Systems Security Certified Practitioner (SSCP) Flashcards
| Front | Back |
| Acceptable Use Policy (AUP) | Rules outlining the proper use of organization systems and data |
| Backup Strategies | Methods for creating copies of data, such as full, incremental, or differential backups |
| Business Continuity Plan (BCP) | A strategy for ensuring essential functions continue during disasters |
| Change Management Process | A standardized approach to handling changes in IT systems to minimize impact |
| CIA Triad | The core principles of security: Confidentiality, Integrity, Availability |
| Data Classification | Categorizing data based on its sensitivity and impact on the organization |
| Defense-in-Depth | Implementing multiple layers of security controls to protect assets |
| Disaster Recovery Plan | A documented process for restoring IT operations after a disruption |
| Encryption | Process of converting data into a secure format to prevent unauthorized access |
| Incident Response Plan (IRP) | A documented approach to identifying, managing, and mitigating incidents |
| Incident Response Steps | Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned |
| Log Monitoring | Ongoing review of system logs to identify and respond to anomalies |
| Multifactor Authentication (MFA) | Security mechanism combining two or more authentication factors |
| Password Policy Best Practices | Enforce strong passwords, set expiration dates, and prevent reuse |
| Patch Management | Regular updating of systems to fix vulnerabilities and improve performance |
| Personnel Security | Steps to minimize insider threats through background checks and training |
| Principle of Least Privilege | Limiting user access rights to only what is necessary for their job roles |
| Risk Assessment | Process of identifying, analyzing, and evaluating risks to assets |
| Role-Based Access Control (RBAC) | Access control model based on users’ roles and responsibilities |
| Security Awareness Training | Educating employees about security threats and best practices |
| Security Policy | A set of rules and practices that regulate how organizational assets are protected |
| Separation of Duties | Dividing tasks among multiple people to prevent fraud or errors |
| Vulnerability Assessment | The process of identifying, quantifying, and prioritizing system vulnerabilities |
| Zero Trust Model | Security principle of not automatically trusting anyone inside or outside the network |
About the Flashcards
Flashcards for the ISC2 Systems Security Certified Practitioner (SSCP) exam provide concise review of core information security terminology and concepts. The deck covers the CIA Triad, Principle of Least Privilege, Zero Trust, role-based access control, encryption, multifactor authentication, and defense-in-depth while reinforcing definitions and practical examples students are likely to see on the test.
Cards also emphasize governance and operational practices: security policy, change management, patch management, incident response steps and plans, business continuity and disaster recovery, backup strategies, log monitoring, separation of duties, and personnel security, plus training and acceptable use policies to help you recall procedural steps and policy details.
Topics covered in this flashcard deck:
- Access control (RBAC, MFA)
- Incident response steps
- Risk and vulnerability assessment
- Business continuity and disaster recovery
- Security policy and governance
- Patch management and logging