ISC2 SSCP test
questions and answers
2024-2025
SSCP Domains
1. Security operations and administration
2. Access Controls
3. Risk Identification, Monitoring, and analysis
4. Incident response and recovery
5. Cryptography
6. Network and communications security
7. Systems nd application security.
SSCP Code of Ethics
GAAP (Generally Accepted Accounting Principles)
Standards and practices used by publicly held corporations in the United
States and a few other countries in the preparation of financial statements
Minimization
Collect minimal information and store only as long as it is needed.
(Employee Privacy)
, limit access
As few employees as possible should have access.
Masking
Removes portions of sensitive information to reduce its sensitivity.
Example.
1234-54-5555
XXXX-XX-5555
Need to know
Defines the minimum level of access for subjects based on their job or
business requirements
Least Privilege
Providing only the minimum amount of privileges necessary to perform a
job or function.
Separations of Duties
No individual should possess 2 permissions that, in combination, allow
them to perform a highly sensitive action.
two-person control
The organization of a task or process so that at least two individuals must
work together to complete it. Also known as dual control.
What privacy law covers the financial services sector?
questions and answers
2024-2025
SSCP Domains
1. Security operations and administration
2. Access Controls
3. Risk Identification, Monitoring, and analysis
4. Incident response and recovery
5. Cryptography
6. Network and communications security
7. Systems nd application security.
SSCP Code of Ethics
GAAP (Generally Accepted Accounting Principles)
Standards and practices used by publicly held corporations in the United
States and a few other countries in the preparation of financial statements
Minimization
Collect minimal information and store only as long as it is needed.
(Employee Privacy)
, limit access
As few employees as possible should have access.
Masking
Removes portions of sensitive information to reduce its sensitivity.
Example.
1234-54-5555
XXXX-XX-5555
Need to know
Defines the minimum level of access for subjects based on their job or
business requirements
Least Privilege
Providing only the minimum amount of privileges necessary to perform a
job or function.
Separations of Duties
No individual should possess 2 permissions that, in combination, allow
them to perform a highly sensitive action.
two-person control
The organization of a task or process so that at least two individuals must
work together to complete it. Also known as dual control.
What privacy law covers the financial services sector?
