CISSP Certification Preparation

IT consultants, managers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, security engineers, and other security professionals whose positions require CISSP certification.

• At the end of this course delegates will be able to;
• In-depth coverage of the ten domains required to pass the CISSP exam:
• Operations Security
• Information Security and Risk Management
• Physical (Environmental) SecurityCryptography

• Access Control
• Security Architecture and Design
• Telecommunications and Network Security
• Business Continuity and Disaster Recovery Planning
• Application SecurityLegal, Regulations, Compliance, and Investigations

Test-Taking Tips and Study Techniques

• Preparation for the CISSP Exam
• Submitting Required Paperwork
• Resources and Study Aids
• Passing the Exam the First Time

Operations Security

• Change Control/Configuration Management
• Dual Control, Separation of Duties, Rotation of Duties
• Vulnerability Assessment and Pen-Testing

Access Control

• AAA
• Authentication Methods (Types 1, 2, & 3)
• Authorization - DAC, RBAC, MAC
• Accounting - Logging, Monitoring, Auditing
• Central/Decentralized and Hybrid Management
• Single Sign-on - Kerberos, Radius, Diameter, TACACS
• Vulnerabilities - Emanations, Impersonation, Rouge Infrastructure,
• Social Engineering

Cryptography

• Intro - History
• Symmetric
• Asymmetric
• Hashing
• Cryptosystems - SSL, S/MIME, PGP
• PKI
• Cryptanalysis

Security Architecture and Design

• Layering, Data Hiding and Abstraction
• Processors
• Memory - Segmentation/Rings, Types of Memory
• Operating Systems
• Models
• Assurance - TCSEC, ITSEC, CC
• Architecture Problems - Covert Channels + TOC/TOU, Object Reuse

Telecommunications and Network Security

• OSI/DoD TCP/IP Models
• TCP/UDP/ICMP/IP
• Ethernet
• Devices - Routers/Switches/Hubs
• Firewalls
• Wireless
• WAN Technologies - X.25/Frame Relay/PPP/ISDN/DSL/Cable
• Voice - PBX/Cell Phones/VOIP
• IPSec
• Network Vulnerabilities

Application Security

• SDLC
• Change (Lifecycle) Management
• Database Security
• AI
• OOD
• Mobil Code
• Malware

Disaster Recovery and Business Continuity

• This course is part of the
• following programs or tracks:
• CISSP - Certified Information
• Systems Security Professional
• Security Management Expert
• Also Available
• Online IT Library

College Credits

• Policy
• Roles and Teams
• BIA
• Data Backups, Vaulting, Journaling, Shadowing
• Alternate Sites
• Emergency Response
• Required Notifications
• Tests
  

Legal, Regulations, Compliance, and Investigations

• Ethics - Due Care/Due Diligence
• Intellectual Property
• Incident Response
• Forensics
• Evidence
• Laws - HIPAA, GLB, SOX

Physical (Environmental) Security

• CPTED
• Facility Design
• Fire Safety
• Electrical Security
• HVAC
• Perimeter Security - Fences, Gates, Lighting
• Physical Access Control - Transponders, Badges, Swipe Cards
• Theft
• Intrusion Detection - CCTV, Alarms, Guards, & Dogs

Information Security and Risk Management

• CIA
• Roles and Responsibilities - RACI
• Asset Management
• Taxonomy - Information Classification
• Risk Management
• SDLC (Security Development Lifecycle)
• Certification and Accreditation
• Policies, Procedures, Standards, Guidelines, Baselines
• Knowledge Transfer - Awareness, Training, Education

Review and Q&A Session

• Final Review and Test Prep