Course Catalog

Certified Information Systems Security Professional (CISSP)

Course ID

53100

Course Description

This course covers materials that are anticipated to be presented in the CISSP exam through ten CBK (Common Bodies of Knowledge) domains. Attendees will also hear about current information security issues that may be pertinent to their organizations as well as to the certification process

Prerequisites

Have a minimum of 5 years of direct full-time security work experience or 4 years and a college degree. Candidate agreement attesting to truth of experience and legally committing to Code of Ethics Criminal history and background check

Audience

Information security personnel, corporate security personnel, auditors, risk management personnel

Course Content

Chapter 1 Security Governance Through Principles and Policies

Understand and Apply Concepts of Confidentiality, Integrity, and Availability
Confidentiality
Integrity
Availability
Other Security Concepts
Protection Mechanisms
Layering
Abstraction
Data Hiding
Encryption
Apply Security Governance Principles
Alignment of Security Function to Strategy, Goals, Mission, and Objectives
Organizational Processes
Security Roles and Responsibilities
Control Frameworks
Due Care and Due Diligence
Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines
Security Policies
Security Standards, Baselines, and Guidelines
Security Procedures
Understand and Apply Threat Modeling
Identifying Threats
Determining and Diagramming Potential Attacks
Performing Reduction Analysis
Prioritization and Response
Integrate Security Risk Considerations into Acquisition Strategy and Practice
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 2 Personnel Security and Risk Management Concepts

Contribute to Personnel Security Policies
Employment Candidate Screening
Employment Agreements and Policies
Employment Termination Processes
Vendor, Consultant, and Contractor Controls
Compliance
Privacy
Security Governance
Understand and Apply Risk Management Concepts
Risk Terminology
Identify Threats and Vulnerabilities
Risk Assessment/Analysis
Risk Assignment/Acceptance
Countermeasure Selection and Assessment
Implementation
Types of Controls
Monitoring and Measurement
Asset Valuation
Continuous Improvement
Risk Frameworks
Establish and Manage Information Security Education, Training, and Awareness
Manage the Security Function
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 3 Business Continuity Planning

Planning for Business Continuity
Project Scope and Planning
Business Organization Analysis
BCP Team Selection
Resource Requirements
Legal and Regulatory Requirements
Business Impact Assessment
Identify Priorities
Risk Identification
Likelihood Assessment
Impact Assessment
Resource Prioritization
Continuity Planning
Strategy Development
Provisions and Processes
Plan Approval
Plan Implementation
Training and Education
BCP Documentation
Continuity Planning Goals
Statement of Importance
Statement of Priorities
Statement of Organizational Responsibility
Statement of Urgency and Timing
Risk Assessment
Risk Acceptance/Mitigation
Vital Records Program
Emergency-Response Guidelines
Maintenance
Testing and Exercises
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 4 Laws, Regulations, and Compliance

Categories of Laws
Criminal Law
Civil Law
Administrative Law
Laws
Computer Crime
Intellectual Property
Licensing
Import/Export
Privacy
Compliance
Contracting and Procurement
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 5 Protecting Security of Assets

Classifying and Labeling Assets
Defining Sensitive Data
Defining Classifications
Defining Data Security Requirements
Understanding Data States
Managing Sensitive Data
Protecting Confidentiality with Cryptography
Identifying Data Roles
Data Owners
System Owners
Business/Mission Owners
Data Processors
Administrators
Custodians
Users
Protecting Privacy
Using Security Baselines
Scoping and Tailoring
Selecting Standards
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 6 Cryptography and Symmetric Key Algorithms

Historical Milestones in Cryptography
Caesar Cipher
American Civil War
Ultra vs. Enigma
Cryptographic Basics
Goals of Cryptography
Cryptography Concepts
Cryptographic Mathematics
Ciphers
Modern Cryptography
Cryptographic Keys
Symmetric Key Algorithms
Asymmetric Key Algorithms
Hashing Algorithms
Symmetric Cryptography
Data Encryption Standard
Triple DES
International Data Encryption Algorithm
Blowfish
Skipjack
Advanced Encryption Standard
Symmetric Key Management
Cryptographic Life Cycle
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 7 PKI and Cryptographic Applications

Asymmetric Cryptography
Public and Private Keys
RSA
El Gamal
Elliptic Curve
Hash Functions
SHA
MD2
MD4
MD5
Digital Signatures
HMAC
Digital Signature Standard
Public Key Infrastructure
Certificates
Certificate Authorities
Certificate Generation and Destruction
Asymmetric Key Management
Applied Cryptography
Portable Devices
Email
Web Applications
Digital Rights Management
Networking
Cryptographic Attacks
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 8 Principles of Security Models, Design, and Capabilities

Implement and Manage Engineering Processes Using Secure Design Principles
Objects and Subjects
Closed and Open Systems
Techniques for Ensuring Confidentiality, Integrity, and Availability
Controls
Trust and Assurance
Understand the Fundamental Concepts of Security Models
Trusted Computing Base
State Machine Model
Information Flow Model
Noninterference Model
Take-Grant Model
Access Control Matrix
Bell-LaPadula Model
Biba Model
Clark-Wilson Model
Brewer and Nash Model (aka Chinese Wall)
Goguen-Meseguer Model
Sutherland Model
Graham-Denning Model
Select Controls and Countermeasures Based on Systems Security Evaluation Models
Rainbow Series
ITSEC Classes and Required Assurance and Functionality
Common Criteria
Industry and International Security Implementation Guidelines
Certification and Accreditation
Understand Security Capabilities of Information Systems
Memory Protection
Virtualization
Trusted Platform Module
Interfaces
Fault Tolerance
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 9 Security Vulnerabilities, Threats, and Countermeasures

Assess and Mitigate Security Vulnerabilities
Hardware
Input/Output Structures
Firmware
Client-Based
Applets
Local Caches
Server Based
Database Security
Aggregation
Inference
Data Mining and Data Warehousing
Data Analytics
Large-Scale Parallel Data Systems
Distributed Systems
Cloud Computing
Grid Computing
Peer to Peer
Industrial Control Systems
Assess and Mitigate Vulnerabilities in Web-Based Systems
Assess and Mitigate Vulnerabilities in Mobile Systems
Device Security
Application Security
BYOD Concerns
Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
Examples of Embedded and Static Systems
Methods of Securing
Essential Security Protection Mechanisms
Technical Mechanisms
Security Policy and Computer Architecture
Policy Mechanisms
Common Architecture Flaws and Security Issues
Covert Channels
Attacks Based on Design or Coding Flaws and Security Issues
Programming
Timing, State Changes, and Communication Disconnects
Technology and Process Integration
Electromagnetic Radiation
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 10 Physical Security Requirements

Apply Secure Principles to Site and Facility Design
Secure Facility Plan
Site Selection
Visibility
Natural Disasters
Facility Design
Design and Implement Physical Security
Equipment Failure
Wiring Closets
Server Rooms
Media Storage Facilities
Evidence Storage
Restricted and Work Area Security (e.g., Operations Centers)
Datacenter Security
Utilities and HVAC Considerations
Water Issues (e.g., Leakage, Flooding)
Fire Prevention, Detection, and Suppression
Implement and Manage Physical Security
Perimeter (e.g., Access Control and Monitoring)
Internal Security (e.g., Escort Requirements/Visitor Control, Keys, and Locks)
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 11 Secure Network Architecture and Securing Network Components

OSI Model
History of the OSI Model
OSI Functionality
Encapsulation/Deencapsulation
OSI Layers
TCP/IP Model
TCP/IP Protocol Suite Overview
Converged Protocols
Content Distribution Networks
Wireless Networks
Securing Wireless Access Points
Securing the SSID
Conducting a Site Survey
Using Secure Encryption Protocols
Determining Antenna Placement
Antenna Types
Adjusting Power Level Controls
Using Captive Portals
General Wi-Fi Security Procedure
Secure Network Components
Network Access Control
Firewalls
Endpoint Security
Other Network Devices
Cabling, Wireless, Topology, and Communications Technology
Network Cabling
Network Topologies
Wireless Communications and Security
LAN Technologies
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 12 Secure Communications and Network Attacks

Network and Protocol Security Mechanisms
Secure Communications Protocols
Authentication Protocols
Secure Voice Communications
Voice over Internet Protocol (VoIP)
Social Engineering
Fraud and Abuse
Multimedia Collaboration
Remote Meeting
Instant Messaging
Manage Email Security
Email Security Goals
Understand Email Security Issues
Email Security Solutions
Remote Access Security Management
Plan Remote Access Security
Dial-Up Protocols
Centralized Remote Authentication Services
Virtual Private Network
Tunneling
How VPNs Work
Common VPN Protocols
Virtual LAN
Virtualization
Virtual Software
Virtual Networking
Network Address Translation
Private IP Addresses
Stateful NAT
Static and Dynamic NAT
Automatic Private IP Addressing
Switching Technologies
Circuit Switching
Packet Switching
Virtual Circuits
WAN Technologies
WAN Connection Technologies
Dial-Up Encapsulation Protocols
Miscellaneous Security Control Characteristics
Transparency
Verify Integrity
Transmission Mechanisms
Security Boundaries
Prevent or Mitigate Network Attacks
DoS and DDoS
Eavesdropping
Impersonation/Masquerading
Replay Attacks
Modification Attacks
Address Resolution Protocol Spoofing
DNS Poisoning, Spoofing, and Hijacking
Hyperlink Spoofing
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 13 Managing Identity and Authentication

Controlling Access to Assets
Comparing Subjects and Objects
Types of Access Control
The CIA Triad
Comparing Identification and Authentication
Registration and Proofing of Identity
Authorization and Accountability
Authentication Factors
Passwords
Smartcards and Tokens
Biometrics
Multifactor Authentication
Device Authentication
Implementing Identity Management
Single Sign-On
Credential Management Systems
Integrating Identity Services
Managing Sessions
AAA Protocols
Managing the Identity and Access Provisioning Life Cycle
Provisioning
Account Review
Account Revocation
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 14 Controlling and Monitoring Access

Comparing Access Control Models
Comparing Permissions, Rights, and Privileges
Understanding Authorization Mechanisms
Defining Requirements with a Security Policy
Implementing Defense in Depth
Discretionary Access Controls
Nondiscretionary Access Controls
Understanding Access Control Attacks
Risk Elements
Identifying Assets
Identifying Threats
Identifying Vulnerabilities
Common Access Control Attacks
Summary of Protection Methods
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 15 Security Assessment and Testing

Building a Security Assessment and Testing Program
Security Testing
Security Assessments
Security Audits
Performing Vulnerability Assessments
Vulnerability Scans
Penetration Testing
Testing Your Software
Code Review and Testing
Interface Testing
Misuse Case Testing
Test Coverage Analysis
Implementing Security Management Processes
Log Reviews
Account Management
Backup Verification
Key Performance and Risk Indicators
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 16 Managing Security Operations

Applying Security Operations Concepts
Need to Know and Least Privilege
Separation of Duties and Responsibilities
Job Rotation
Mandatory Vacations
Monitor Special Privileges
Managing the Information Life Cycle
Service Level Agreements
Addressing Personnel Safety
Provisioning and Managing Resources
Managing Hardware and Software Assets
Protecting Physical Assets
Managing Virtual Assets
Managing Cloud-based Assets
Media Management
Managing Configuration
Baselining
Using Images for Baselining
Managing Change
Security Impact Analysis
Versioning
Configuration Documentation
Managing Patches and Reducing Vulnerabilities
Patch Management
Vulnerability Management
Common Vulnerabilities and Exposures
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 17 Preventing and Responding to Incidents

Managing Incident Response
Defining an Incident
Incident Response Steps
Implementing Preventive Measures
Basic Preventive Measures
Understanding Attacks
Intrusion Detection and Prevention Systems
Specific Preventive Measures
Logging, Monitoring, and Auditing
Logging and Monitoring
Egress Monitoring
Auditing to Assess Effectiveness
Security Audits and Reviews
Reporting Audit Results
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 18 Disaster Recovery Planning

The Nature of Disaster
Natural Disasters
Man-made Disasters
Understand System Resilience and Fault Tolerance
Protecting Hard Drives
Protecting Servers
Protecting Power Sources
Trusted Recovery
Quality of Service
Recovery Strategy
Business Unit and Functional Priorities
Crisis Management
Emergency Communications
Workgroup Recovery
Alternate Processing Sites
Mutual Assistance Agreements
Database Recovery
Recovery Plan Development
Emergency Response
Personnel and Communications
Assessment
Backups and Offsite Storage
Software Escrow Arrangements
External Communications
Utilities
Logistics and Supplies
Recovery vs. Restoration
Training, Awareness, and Documentation
Testing and Maintenance
Read-Through Test
Structured Walk-Through
Simulation Test
Parallel Test
Full-Interruption Test
Maintenance
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 19 Incidents and Ethics

Investigations
Investigation Types
Evidence
Investigation Process
Major Categories of Computer Crime
Military and Intelligence Attacks
Business Attacks
Financial Attacks
Terrorist Attacks
Grudge Attacks
Thrill Attacks
Incident Handling
Common Types of Incidents
Response Teams
Incident Response Process
Interviewing Individuals
Incident Data Integrity and Retention
Reporting and Documenting Incidents
Ethics
(ISC)2 Code of Ethics
Ethics and the Internet
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 20 Software Development Security

Introducing Systems Development Controls
Software Development
Systems Development Life Cycle
Life Cycle Models
Gantt Charts and PERT
Change and Configuration Management
The DevOps Approach
Application Programming Interfaces
Software Testing
Code Repositories
Service-Level Agreements
Software Acquisition
Establishing Databases and Data Warehousing
Database Management System Architecture
Database Transactions
Security for Multilevel Databases
ODBC
Storing Data and Information
Types of Storage
Storage Threats
Understanding Knowledge-based Systems
Expert Systems
Neural Networks
Decision Support Systems
Security Applications
Summary
Exam Essentials
Written Lab
Review Questions

Chapter 21 Malicious Code and Application Attacks

Malicious Code
Sources of Malicious Code
Viruses
Logic Bombs
Trojan Horses
Worms
Spyware and Adware
Countermeasures
Password Attacks
Password Guessing
Dictionary Attacks
Social Engineering
Countermeasures
Application Attacks
Buffer Overflows
Time of Check to Time of Use
Back Doors
Escalation of Privilege and Rootkits
Web Application Security
Cross-Site Scripting (XSS)
SQL Injection
Reconnaissance Attacks
IP Probes
Port Scans
Vulnerability Scans
Dumpster Diving
Masquerading Attacks
IP Spoofing
Session Hijacking
Summary
Exam Essentials
Written Lab
Review Questions

For More Information

For training inquiries, call 850-308-1376

or email us at eramos@gbsi.com

Course Details

Duration - 5 days
Price - $4095.00 USD

(Discounts may apply. Call for more information.)

Course Actions

Acceletrain CLE

Acceletrain Collaborative Learning Environment (formerly know as VILT) places industry certified and expert instructors, peers, learners and multi-media components into a "borderless classroom", and interactive learning environment that can span multiple physical locations. VILT combines the benefits of the traditional brick-and-mortar classroom with innovative learning techniques and the cost savings of internet-based training.