Course Description
With today's complex and diverse enterprise networks, maintaining security is one of the greatest challenges organizations face. It is difficult to properly configure systems and networks for maximum security. Any weakness in the defense is enough to render the organization vulnerable. The skillset required of the security team is very wide. In an effort to define the knowledgebase required for enterprise security (ISC)2 has defined the Common Body of Knowledge (CBK), which consists of ten test domains. The Certified Information Systems Security Professional CISSP® exam is built from a pool of multiple-choice questions drawn from the CBK.
Prerequisites
For CISSP ISC2 exam requires that candidates have work experience (4 years with a degree or 5 years without a degree) in two, or more of the ten test domains of the information systems [IS] security Common Body of Knowledge (CBK). Note that candidates for CISSP without the required work experience can still sit the exam and become an associate CISSP.
Course Content
Security Management Practices
- Identification of information assets
- Policies, standards, procedures
- Confidentiality, integrity, and availability.
- Data classification,
- Risk management, risk assessment, and risk analysis;
- Countermeasure evaluation
- Security roles
- Security awareness training
- Personnel policy
Security Architecture & Models
- Computer architectures
- Security models
- Trusted Computer Base
- ITSEC
- TCSEC
- Common Criteria
- OS security components
- IETF IPSEC
- Certification and Accreditation
- Security issues associated with system architectures
Access Control Systems & Methodology
- Access Control techniques
- Access Control Administration
- Access Control Models
- Identification and Authentication Techniques
- Single Sign-On (SSO)
- Access Control Methodologies and Implementation
- File and Data Ownership and Custodianship
- Methods of Attack
- Monitoring
- Penetration Testing
Applications & Systems Development
- Systems development management
- Change Control
- Certification
- Accreditation
- Security Control Architecture
- Malicious Code
- Virus writers Hackers, crackers, and phreaks
- Virus protection, types of computer viruses
- Mobile code security issues
Cryptography
- Cryptographic basics
- Comparison of cryptographic algorithms
- Key management
- Key Distribution Methods
- Kerberos,
- ISAKMP
- Public Key Algorithms
- Public Key Infrastructure (PKI)
- Certificate Authorities
- Smart cards and tokens
- Methods of Attack
Telecommunications & Network Security
- ISO/OSI Layers and Characteristics
- Remote Access Dial-In User System/Terminal Access Control
- RADIUS/TACACS
- Internet/Intranet/Extranet
- Secure communication protocols
- Virtual Private Network (VPN)
- Network Address Translation
- E-mail security
- Facsimile security
- Secure Voice Communications
- Security boundaries and how to translate security policy to controls
- Network Attacks and Countermeasures
Operations Security
- Administrative Management
- Separation of Duties and Responsibilities
- Backup of Critical information
- Standards of Due Care/Due Diligence
- Record retention
- Control Types
- Operations Controls
- Resource Protection
- Auditing
- Reporting mechanisms
- Monitoring tools and techniques
- Failure recognition and response
- Intrusion detection
- Penetration testing techniques
- Inappropriate activities
- Internal threats and Countermeasures
- Violations, Breaches, and Reporting
Physical Security
- Physical site security controls
- Electronic site access controls
- Environment/Life Safety
- Physical security threats and countermeasures
- Fire (sensors, sprinklers, flooding systems, extinguishers)
- Water (leakage and flooding)
- Electrical (UPS and generators)
- Environmental
Business Continuity & Disaster Recovery Planning
- Business Continuity Planning
- Cold/Warm/Hot/Mobile Sites
- Recovery processes
- Disaster Recovery Planning
- Recovery Plan Development
- Emergency Response
- Reconstruction from Backups
- Crisis Management
- BCP/DRP Events
Law, Investigation & Ethics
- Legal categories
- Criminal Law
- Civil Law
- Administrative Law
- Investigations
- Rules of Evidence
- Collection and preservation of evidence
- Investigation Processes and Techniques
- Major categories of computer crime
- Incident Handling
- Ethics
- (ISC2) Code of Ethics