This is a cybersecurity certification that proves that an individual have the fundamental knowledge, skills and ability for an entry-level or junior-level cybersecurity role. It is ANAB accredited, ISO/IEC STANDARD 17024.
This training was originally designed to span a maximum of 180 days, but I completed it much more quickly. I adhered to the schedule and prepared for the Pearson Vue examination. On the day of the test, I followed all the rules and successfully passed the examination. My exam materials underwent further scrutiny in a forensic examination to ensure adherence to best practices, and I passed this evaluation as well. Subsequently, I was afforded the opportunity to embrace the ISC2 code of ethics, which now serves as a guiding principle throughout my journey as a cybersecurity expert. I wholeheartedly accepted this commitment.
I paid my Annual Maintenance fee and maintained my membership with ISC in good standing. Additionally, I have actively pursued opportunities for continuing education on the same ISC2 platform to keep my knowledge up-to-date. My aspiration is to acquire further qualifications, reinforcing my dedication to the cybersecurity industry.
MORE ABOUT ISC2 CC
ISC2 introduced the Certified in Cybersecurity (CC) credential to cater to individuals entering the cybersecurity field, acknowledging the increasing trend of newcomers without prior IT experience. Achieving the Certified in Cybersecurity designation provides employers with the assurance that you possess a solid understanding of essential technical concepts and a proven ability to learn on the job. As an ISC2 certification, those who hold the CC benefit from the support of the world's largest network of certified cybersecurity professionals, enabling them to continuously advance their professional development and attain new accomplishments and qualifications throughout their careers.
The CC exam covers various topics, including:
- Security Principles
- Incident Response, Business Continuity (BC), and Disaster Recovery (DR) Concepts
- Access Controls Concepts
- Network Security
- Security Operations
The duration of this exam is 2hrs, number of items is 100 and passing grade is 700 out of 1000.
DOMAINS
Domain 1: Security Principles 1.1 - Understand the security concepts of information assurance Confidentiality Integrity Availability Authentication (e.g., methods of authentication, multi-factor authentication (MFA)) Non-repudiation Privacy 1.2 - Understand the risk management process Risk management (e.g., risk priorities, risk tolerance) Risk identification, assessment and treatment 1.3 - Understand security controls Technical controls Administrative controls Physical controls 1.4 - Understand ISC2 Code of Ethics Professional code of conduct 1.5 - Understand governance processes Policies Procedures Standards Regulations and laws
Domain 2: Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts 2.1 - Understand business continuity (BC) Purpose Importance Components 2.2 - Understand disaster recovery (DR) Purpose Importance Components 2.3 - Understand incident response Purpose Importance Components
Domain 3: Access Controls Concepts 3.1 - Understand physical access controls Physical security controls (e.g., badge systems, gate entry, environmental design) Monitoring (e.g., security guards, closed-circuit television (CCTV), alarm systems, logs) Authorized versus unauthorized personnel 3.2 - Understand logical access controls Principle of least privilege Segregation of duties Discretionary access control (DAC) Mandatory access control (MAC) Role-based access control (RBAC)
Domain 4: Network Security 4.1 - Understand computer networking Networks (e.g., Open Systems Interconnection (OSI) model, Transmission Control Protocol/Internet Protocol (TCP/IP) model, Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6), WiFi) Ports Applications 4.2 - Understand network threats and attacks Types of threats (e.g., distributed denial-of-service (DDoS), virus, worm, Trojan, man-in-the-middle (MITM), side-channel) Identification (e.g., intrusion detection system (IDS), host-based intrusion detection system (HIDS), network intrusion detection system (NIDS)) Prevention (e.g., antivirus, scans, firewalls, intrusion prevention system (IPS)) 4.3 - Understand network security infrastructure On-premises (e.g., power, data center/closets, Heating, Ventilation, and Air Conditioning (HVAC), environmental, fire suppression, redundancy, memorandum of understanding (MOU)/memorandum of agreement (MOA)) Design (e.g., network segmentation (demilitarized zone (DMZ), virtual local area network (VLAN), virtual private network (VPN), micro-segmentation), defense in depth, Network Access Control (NAC) (segmentation for embedded systems, Internet of Things (IoT)) Cloud (e.g., service-level agreement (SLA), managed service provider (MSP), Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), hybrid)
Domain 5: Security Operations 5.1 - Understand data security Encryption (e.g., symmetric, asymmetric, hashing) Data handling (e.g., destruction, retention, classification, labeling) Logging and monitoring security events 5.2 - Understand system hardening Configuration management (e.g., baselines, updates, patches) 5.3 - Understand best practice security policies Data handling policy Password policy Acceptable Use Policy (AUP) Bring your own device (BYOD) policy Change management policy (e.g., documentation, approval, rollback) Privacy policy 5.4 - Understand security awareness training Purpose/concepts (e.g., social engineering, password protection) Importance.