Question

What will you review within the System/Applications Domain as part of your security assessment?

Answer 1

The Systems and Applications Security domain defines five (5) tasks that a certified SSCP should be able to perform:

1. Identify and Analyze Malicious Code and Activity
2. Implement and Operate Endpoint Device Security
3. Operate and Configure Cloud Security
4. Secure Big Data Systems
5. Operate and Secure Virtual Environments

Security assessments help you identify risks and avoid future cyberattacks. We break down everything you need to know, from how to do an internal security review to the ins and outs of external security assessments.

Do you have anti-virus software to protect your business’s data? Maybe you also have firewalls and encryption technology, so you think you can just sit back and let technology protect you from a malicious cyberattack.

Sorry-but you’re wrong.

If your IT security strategy relies solely on installing anti-virus software with no further checks or training, you are vulnerable to an attack.

Security assessments are periodic exercises that test your organization’s security preparedness. They include checks for vulnerabilities in your IT systems and business processes, as well as recommending steps to lower the risk of future attacks. Security assessments are also useful for keeping your systems and policies up to date.

You can conduct security assessments internally with help from your IT team, or through a third-party assessor. Third-party security assessments, though more costly, are useful if an internal preliminary assessment reveals grave security gaps, or if you don’t have a dedicated team of IT professionals with expertise in this area.