CISSP - Certified Information Systems Security Professional (CISSP)

Using this course, students prepare for the exam, while at the same time obtaining essential security knowledge that can be immediately used to improve organizational security. This knowledge enhances services and products, secures business functions and infrastructures, provides better implementation processes, and can be used to restructure critical programs and procedures to help keep companies up-to-date on today's business and security strategies, technologies, and best practices.

Prerequisites

None

The course materials, lectures, and lab exercises are in English. To benefit fully from our instruction, students need an understanding of the English language and completion of the prerequisites.

Return to top

Course Outline

Course Overview
This course trains students in all areas of the security Common Body of Knowledge (CBK). They will learn about security policy development, secure software development procedures, network vulnerabilities, attack types and corresponding countermeasures, cryptography concepts and their uses, disaster recovery plans and procedures, risk analysis, crucial laws and regulations, forensics basics, computer crime investigation procedures, physical security, and much, much more. They will explore the contents and concepts that make up the diverse domains and learn how they work together to provide true "in-depth" defense.

Day 1: Security Management Practices; Access Control Systems and Methodology
Day 2: Cryptography; Physical Security
Day 3: Enterprise Security Architecture; Law, Investigation, and Ethics
Day 4: Telecommunications and Network Security; Business Continuity Planning
Day 5: Applications and Systems Development; Operations Security

The coursework is difficult, and the exam is extremely challenging. Students should plan on evening hour study and after-class work assignments. Study groups are encouraged.

Prerequisites
Anyone may attend this course, but those with experience in one or more of the ten domains will reap the greatest benefits.

What's Included:
The Shon Harris All-In-One workbook includes:

• 10 modules covering each of the 10 CBK domains
• Professionally developed graphics and 3-D animations that enhance the understanding of complex concepts.
• Extensive notes accompanying each slide, including Configuration Steps, Hints, Warnings, Tips, Tables, etc.
• Quick Tips section, Summary section, Terminology section, and 20 question and answers for each module.

The Ten Domains In Detail:

CISSP candidates are expected to be knowledgeable of the concepts, skills and technologies embodied in each domain. Here is an overview of the range of topics students will explore for each domain:

1.    Security Management Practices

o    Types of Security Controls

o    Components of a Security Program

o    Security Policies, Standards, Procedures, and Guidelines

o    Risk Management and Analysis

o    Information Classification

o    Employee Management Issues

o    Threats, Vulnerabilities and Corresponding Administrative Controls

2.    Access Control Systems and Methodology

o    Identification, Authentication, and Authorization Techniques and Technologies

o    Biometrics, Smart Cards, and Memory Cards

o    Single Sign-On Technologies and Their Risks

o    Discretionary versus Mandatory Access Control Models

o    Rule-based and Role-based Access Control

o    Object Reuse Issues and Social Engineering

o    Emissions Security Risks and Solutions

o    Specific Attacks and Countermeasures

3.    Cryptography

o    Historical Uses of Cryptography

o    Block and Stream Ciphers

o    Explanation and Uses of Symmetric Key Algorithms

o    Explanation and Uses of Asymmetric Key Algorithms

o    Public Key Infrastructure Components

o    Data Integrity Algorithms and Technologies

o    IPSec, SSL, SSH, and PGP

o    Secure Electronic Transactions

o    Key Management

o    Attacks on Cryptosystems

4.    Physical Security

o    Facility Location and Construction Issues

o    Physical Vulnerabilities and Threats

o    Doors, Windows, and Secure Room Concerns

o    Hardware Metrics and Backup Options

o    Electrical Power Issues and Solutions

o    Fire Detection and Suppression

o    Fencing, Lighting, and Perimeter Protection

o    Physical Intrusion Detection Systems

5.    Enterprise Security Architecture

o    Critical Components of Every Computer

o    Processes and Threads

o    The OSI Model

o    Operating System Protection Mechanisms

o    Ring Architecture and Trusted Components

o    Virtual Machines, Layering, and Virtual Memory

o    Access Control Models

o    Orange Book, ITSEC, and Common Criteria

o    Certification and Accreditation

o    Covert Channels and Types of Attacks

o    Buffer Overflows and Data Validation Attacks

6.    Law, Investigation, and Ethics

o    Different Ethics Sets

o    Computer Criminal Profiles

o    Types of Crimes

o    Liability and Due Care Topics

o    Privacy Laws and Concerns

o    Complications of Computer Crime Investigation

o    Types of Evidence and How to Collect It

o    Forensics

o    Legal Systems

7.    Telecommunications, Networks, and Internet Security

o    TCP\IP Suite

o    LAN, MAN, and WAN Topologies and Technologies

o    Cable Types and Issues

o    Broadband versus Baseband Technologies

o    Ethernet and Token Ring

o    Network Devices

o    Firewall Types and Architectures

o    Dial-up and VPN Protocols

o    DNS and NAT Network Services

o    FDDI and SONET

o    X.25, Frame Relay, and ATM

o    Wireless LANs and Security Issues

o    Cell Phone Fraud

o    VoIP

o    Types of Attacks

8.    Business Continuity Planning

o    Roles and Responsibilities

o    Liability and Due Care Issues

o    Business Impact Analysis

o    Identification of Different Types of Threats

o    Development Process of BCP

o    Backup Options and Technologies

o    Types of Offsite Facilities

o    Implementation and Testing of BCP

9.    Applications & Systems Development

o    Software Development Models

o    Prototyping and CASE Tools

o    Object-Oriented Programming

o    Middleware Technologies

o    ActiveX, Java, OLE, and ODBC

o    Database Models

o    Relational Database Components

o    CGI, Cookies, and Artificial Intelligence

o    Different Types of Malware

10. Operations Security

o    Operations Department Responsibilities

o    Personnel and Roles

o    Media Library and Resource Protection

o    Types of Intrusion Detection Systems

o    Vulnerability and Penetration Testing

o    Facsimile Security

o    RAID, Redundant Servers, and Clustering