Hours: 40
Short Description:
The goal of this course is to prepare the student for the CISSP examination. Students will become proficient in the
10 domains that are covered on the CISSP exam, including Security Management Practices, Security Architecture
and Models, Access Control, Systems & Methodology, Application Development Security, Operations Security,
Physical Security, Cryptography, Telecommunications, Network & Internet Security, Business Continuity Planning
and Law Investigations & Ethics.
Prerequisites: CISSP® candidates must meet the following requirements prior to taking the CISSP examination:
• Four years of direct full-time security professional work experience in one or more of the ten domains of the
(ISC)2 CISSP®
• Three years of direct full-time security professional work experience in one or more of the ten domains of the
CISSP® ® with a college degree.
Additionally, a Master's Degree in Information Security from a National Center of Excellence can substitute for one
year toward the four-year requirement.
Valid professional experience includes information systems security-related work performed as a practitioner,
auditor, consultant, vendor, investigator or instructor, or that which requires IS security knowledge and involves
direct application of that knowledge.
Course Outline:
|
Domain 1: Access Control • Concepts & Principles • Identification, Authentication, Authorization, and Accountability • Models • Techniques and Technologies • Administration • Methods • Types • Practices • Monitoring
• The OSI Model • TCP/IP • Network Topology • LAN Media Access Techniques • Protocols • Devices • Network Segregation • Networking Services • Intranets & Extranets • MANs • WANs • Remote Access • Network and Resource Availability • Wireless Technologies Domain 3: Security Management • Responsibilities • Security Administration • Security Principles • Definitions • Top-Down Approach • Organizational Security Model • Business Requirements • Risk Management • Risk Analysis • Policies, Procedures, Standards, and Guidelines • Information Classification • Layers of Responsibility • Hiring Practices • Security Awareness Domain 4: Applications Security • Data Types, Formats and Length • Failure States • Database Management • System Development Life Cycle (SDLC) • Application Development Methodology • Security Controls and the Application Environment • Application and System Vulnerabilities and Threats Domain 5: Cryptography • Applications and uses • Types of Ciphers • Methods of Encryption • Cryptographic Concepts • Steganography • PKI • Message Integrity • Key Management • Link Encryption • End-to-end Encryption • Email Encryption • Internet Security • Cryptanalysis • Attacks |
Domain 6: Security Architecture • Computer Architecture • System Architecture • Security Models • Security Modes of Operation • System Evaluation Methods • ITSEC • Common Criteria • Certification vs. Accreditation
• Open vs. Closed Systems • Threats Domain 7: Operations Security • Operational Security • Email Security • Handling Violations, Incidents and Breaches • Administration Management and Control • Incidence
Response Domain 8: Business Continuity Planning Business Continuity • Disaster Recovery • Business Impact Analysis • BCP Requirements • Backup Alternatives • Recovery and Restoration • Testing and Drills • Emergency Response Domain 9: Law, Investigation, and Ethics • Ethics • Hackers and Crackers • Forensics • Identification, Protection, and Prosecution • Computer Crime Investigations • Laws, Directives, and Regulations • Privacy • International Cooperation Domain 10: Physical Security • Planning Process • Facilities Management • Restricted Areas • Visitor Control • Security Guards • Turnstiles and Mantraps • Badges, Smart Cards, Dumb Cards • Keys and Locks • Site Selection & Facility Design Considerations • CCTV • Biometrics • Power and HVAC • Water Issues • Fire Detection and Suppression • Natural Disasters • Data Center Security • Portable Devices and Components • Perimeter Security • Administrative Controls • Threats |