Course Description:

Welcome to Certified Information Systems Security Professional (CISSP)®. With your completion of the prerequisites and necessary years of experience, you are firmly grounded in the knowledge requirements of today’s security professional. This course will expand upon your knowledge by addressing the essential elements of the 10 domains that comprise a Common Body of Knowledge (CBK)® for information systems security professionals. The course offers a job-related approach to the security process, while providing the basic skills required to prepare for CISSP certification.

Outline

Lesson 1 Becoming a CISSP

Lesson 2 Information Security Governance and Risk Management

• Fundamental Principles of Security
• Security Definitions
• Control Types
• Security Frameworks
• Risk Management
• Risk Assessment and Analysis
• Risk Analysis Approaches
• Information Classification
• Layers of Responsibility
• Security Steering Committee
• Security Governance

Lesson 3 Access Controls Overview

• Security Principles
• Identification, Authentication, Authorization, and Accountability
• Access Control Models
• Access Control Techniques and Technologies
• Access Control Administration
• Decentralized Access Control Administration
• Accountability
• Access Control Practices
• Threats to Access Control

Lesson 4 Security Architecture and Design

• Computer Security
• System Architecture
• Computer Architecture
• Operating System Architectures
• System Security Architecture
• Security Models
• Clark-Wilson Model
• The Orange Book and the Rainbow Series
• Common Criteria
• Certification vs. Accreditation
• Open vs. Closed Systems

Lesson 5 Physical and Environmental Security

• Introduction to Physical Security
• The Planning Process
• Protecting Assets
• Internal Support Systems
• Perimeter Security

Lesson 6 Telecommunications and Network Security

• Telecommunications
• Open Systems Interconnection Reference Model
• TCP/IP Model
• Types of Transmission
• Cabling
• Networking Foundations
• E-mail Services
• Intranets and Extranets
• Metropolitan Area Networks
• Wide Area Networks
• Remote Connectivity
• Wireless Technologies

Lesson 7 Cryptography

• The History of Cryptography
• Cryptography Definitions and Concepts
• Types of Ciphers
• Methods of Encryption
• Types of Asymmetric Systems
• Message Integrity
• Various Hashing Algorithms
• Key Management
• Trusted Platform Module
• Link Encryption vs. End-to-End Encryption
• E-mail Standards
• Internet Security
• Attacks

Lesson 8 Business Continuity and Disaster Recovery Planning

• Business Continuity and Disaster Recovery
• BCP Project Components
• Preventive Measures
• Recovery Strategies
• Insurance
• Recovery and Restoration
• Testing and Revising the Plan

Lesson 9 Legal, Regulations, Investigations, and Compliance

• The Many Facets of Cyber law
• The Crux of Computer Crime Laws
• Intellectual Property Laws
• Privacy
• Liability and Its Ramifications
• Procurement and Vendor Processes
• Investigations
• Ethics

Lesson 10 Software Development Security

• Software’s Importance
• Where Do We Place Security?
• System Development Life Cycle
• Software Development Life Cycle
• Secure Software Development Best Practices
• Software Development Models
• Change Control
• Programming Languages and Concepts
• Distributed Computing
• Web Security
• Web Application Security Principles
• Expert Systems/Knowledge-Based Systems
• Artificial Neural Networks
• Malicious Software (Malware)

Lesson 11 Security Operations

• The Role of the Operations Department
• Administrative Management
• Assurance Levels
• Operational Responsibilities
• Configuration Management
• Media Controls
• Network and Resource Availability
• Mainframes
• Vulnerability Testing