Cisco Partner
800-297-4294
Chat Live

Cart:

Now in your cart0 items





 
Bookmark and Share
Class Information

Synopsis of:
Certified Information Systems Security Professional

Class Details

Date: 8/27/2012 - 8/31/2012
Time: 8:30AM - 4:30PM CT
Location: Web - Central
Price: $2,795.00
Learning Credits: Learning Credits Not Applicable 		Sign Up Now
Add To Cart
Course Description

Learn and prepare for the CISSP 2012 exam.


CISSP training is an advanced course designed to meet the high demands of the information security industry by preparing students for the Certified Information Systems Security Professional (CISSP) exam. This certification is managed by the internationally recognized and highly prestigious International Information Systems Security Certifications Consortium ISC.

The exam covers ISC's ten domains from the Common Body of Knowledge (CBK), encompassing the whole of information security. The exam consists of 250 multiple-choice questions. Candidates have up to 6 hours to complete the examination.

Course Overview

Course materials reflect the latest information system security issues, concerns, and countermeasures.

  • Discusses all ten domains of Common Body of Knowledge (CBK), helping to prepare for the CISSP exam.
  • The CBK is the compilation and distillation of all information systems security material collected internationally of relevance to information system security professionals.
  • Ensures information system security professionals have an opportunity to review the CBK in-depth, in preparation for the certification examination and to stay current on the ever-evolving domains within the information system security field.
  • Presents a high-level review of the main topics
  • Identifies specific areas students should study for exam preparation
  • Provides an overview of the scope of the field

Prerequisites

To fully benefit from this course, it is recommended that you have the following prerequisite skills and knowledge:

  • Anyone may attend this course, but those with experience in one or more of the ten domains will reap the greatest benefits.

Course Outline

1. Access Controls

  • Threat Modeling
  • Asset Valuation
  • Vulnerability Analysis
  • Access Aggregation
  • User Entitlement
  • Access Review & Audit
  • Identity and Access Provisioning Lifecycle (e.g., Provisioining, Review, Revocation)

2. Telecommunications & Network Security
  • Understand secure network architecture and design (e.g., IP & non-IP protocols, segmentation)
  • OSI and TCP/IP models
  • IP networking
  • Implications of multi-layer protocols
  • Hardware (e.g., modems, switches, routers, wireless access pionts)
  • Transmission media (e.g., wired, wireless, fiber)
  • Network access control devices (e.g., firewalls, proxies)
  • Establish secure communication channels (e.g., VPN, TLS/SSL, VLAN)
  • Voice (e.g., POTS, PBX, VoIP)
  • Remote access (e.g., screen scraper, virtual application/desktop, telecommuting)
  • Data Communications
  • Understand network attacks (e.g., DDoS, spoofing, session highjack)

3. Information Security Governance & Risk Management
  • Organizational processes (e.g., acquisitions, diverstitures, governance committees)
  • Security roles and responsibilities
  • Manage third-party governance (e.g., on-site assessment, document exchange and review, process/policy review)
  • Risk assessment/analysis (qualitative, quantitative. hybrid)
  • Tangible and intangible asset valuation
  • Manage personnel security
  • Employment candidate screening (e.g., reference checks, education verification, background checks)
  • Manage the Security Function
  • Budget
  • Metrics

4. Software Development Security
  • Understand and apply security in the software development life cycle
  • Development Life Cycle
  • Understand the environment and security controls
  • Security of the software environment
  • Security issues in source code (e.g., buffer overflow, escalation of privilege, backdoor)
  • Assess the effectiveness of software security
  • Certification and accreditation (i.e., system authorization)

5. Cryptography
  • Understand the cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance)
  • Brute Force (e.g., rainbow tables, specialized/scalable architecture, GPUs, CUDA)
  • Use cryptography to maintain network security
  • Use cryptography to maintain application security

6. Security Architecture & Design
  • Web-based (e.g., XML, SAML, OWASP)
  • Database security (e.g., inference, aggregation, data mining. warehousing)
  • Distributed systems (e.g., cloud computing, grid computing, peer to peer)

7. Operations Security
  • Understand security operations concepts
  • Asset management (e.g., equipment life cycle, software licensing)
  • Remediation and review (e.g., root cause analysis)
  • Preventitive measures against attacks (e.g., malicious code, zero-day exploit, denial of service)
  • Understand change and configuration management (e.g., versioning, baselining)
  • Understand system resilience and fault tolerance requirements

8. Business Continuity & Disaster Recovery Planning
  • Exercise, assess and maintain the plan (e.g., version control, distribution)
  • Personnel privacy and safety (e.g., duress, travel, monitoring)

9. Legal, Regulations, Investigations and Compliance
  • Understand professional ethics
  • (ISC)2 Code of Professional Ethics
  • Support organization's code of ethics
  • Policy, roles and responsibilities (e.g., rules of engagement, authorization, scope)
  • Hardware/embedded device analysis
  • Ensure security in contractual agreements and procurement processes (e.g., cloud computing, outsourcing, vendor governance)

10. Physical (Environment) Security
  • Understand site and facility design considerations
  • Support the implementation and operation of facilities security (e.g., technology, physical, and network convergence)
  • Personnel privacy and safety (e.g., duress, travel, monitoring)