Duration: 5 days

Course Content

The CISSP has clearly emerged as THE key certification for security professionals. In fact, in an informal survey of information security jobs on a major employment Web site, over 70 percent of the positions required CISSP certification! Corporations are demanding experienced information security professionals with the certifications to prove it to protect their information and assets.

Our course has been prepared with great care to provide the most exhaustive survey of the CISSP information, test taking techniques, and preparation materials available in the industry. While other CISSP courses on the market require extensive reading and practice test preparation between finishing the class and taking the exam, our students have consistently found that the high quality of our course and its in-class practice test result in a minimum of extra time spent preparing for a successful pass of the exam. In today's hectic business conditions, time is of the essence!

Course Objectives

The CISSP Prep class was developed to meet current demands and the growing needs of the computer industry. This class provides the student with the level of knowledge needed as part of the (ISC)2 certification requirements for the Certified Information System Security Professional (CISSP) Certification. This certification is rapidly becoming a requirement for employment with security tasks. Students gain a solid background on security concerns, communications, infrastructure, basic cryptography, and operational

Course Content

1.  Introduction

• Students & Trainer Introduction
• Who Should Take This Course?
• About (ISC)2
• CISSP Certification
• CISSP Examination
• CBK Review, Domain and Function Areas

2. Information Security Management

• Introduction
• Information Protection Requirements

Organization Policy, Roles and Responsibilities

• Security Technology and Tools

Standards, Baselines, Procedures, Guidelines

Personnel Security

• Assurance, Trusts and Confidence Mechanism

Countermeasures and Safeguard Selection Principles

• Information Protection and Management Services

Information Protection Awareness, Training and Education

3. Enterprise Security Architecture

• Introduction
• Information Protection Requirements

Objectives and Benefits of Enterprise Security Architecture

• Security Technology and Tools

Enterprise Security Architecture Environment

Platform

Security Architectures

Security Models

• Assurance, Trusts and Confidence Mechanism
• Information Protection and Management Services

4. Access Control Systems and Methodology

• Introduction
• Information Protection Requirements

Importance of an Access Control Policy

• Information Protection Environment

Threats Related to Access Control

• Security Technology and Tools

Technology and Tools in Access Control

Access to System

o        Identity Management

o        Identification and authentication

o        Access Control Services

o        Technology for Access Control

Access to Data

• Assurance, Trusts and Confidence Mechanism

Intrusion Prevention and Detection

• Information Protection and Management Services

Penetration Testing

5. Application Security

• Introduction
• Information Protection Requirements
• Information Protection Environment

Application Environment

Database and Data Warehousing Environment

Web Application Environment

Application Environment Threats

• Security Technology and Tools

System Life Cycle

Programming Languages

Software Protection Mechanisms

Database Management and Data Warehousing Controls

Web Application Security

• Assurance, Trust and Confidence Mechanisms
• Information Protection and Management Services (IPMS)

6. Operation Security

• Introduction
• Information Protection Requirements
• Information Protection Environment

Threats and Elements

• Security Technology and Tools

Guidelines and Tools

• Assurance, Trusts and Confidence Mechanism

Configuration, Contingency and Change Management

• Information Protection and Management Services

Operation System Management and Reviews

7. Cryptography

• Introduction
• Information Protection Requirements

Cryptographic Systems

Applications of Cryptography

• Information Protection Environment

Methods of Encryption

Cryptanalysis and Attacks

Import/Export Issues

• Security Technology and Tools

Secret Writing Types

Encryption Schemes

Symmetric Encryption Systems

Asymmetric Encryption Systems

Hybrid Encryption Systems

Message Integrity Controls

Digital Signatures

• Assurance, Trusts and Confidence Mechanism

Certification

Key Management

Public Key Infrastructure

Email Security

Internet Security

• Information Protection and Management Services

8. Physical Security

• Introduction
• Information Protection Requirements

Physical Security

• Information Protection Environment

Threats and Practices

• Security Technology and Tools

Physical Security Tools – Elements and Functions

• Assurance, Trusts and Confidence Mechanism

Testing, Checklists and Maintenance

• Information Protection and Management Services

Responsibility of the Security Professional

9. Telecommunications, Networks and Internet Security

• Introduction
• Information Protection Requirements

Data Networks

Telephony

• Information Protection Environments

Remote Access Service

Network Protocol

Network Threats and Attacks

• Security Technology and Tools

Network Access Controls

Network Availability Technologies

Internet and Web Security Protocol

Multimedia Security Technologies

• Assurance, Trusts and Confidence Mechanism
• Information Protection and Management Services

10. Business Continuity and Planning

• Introduction
• Information Protection Requirements
• Information Protection Environment
• Security Technology and Tools

Business Continuity Management

Restoration Action

Example of a Recovery Process

• Assurance, Trusts and Confidence Mechanism

Testing and Maintenance

• Information Protection and Management Services
• Module Review

11. Law, Investigation and Ethics

• Introduction
• Information Protection Requirements
• Information Protection Environment

Information Security Legal Issues

Major Legal Systems

Intellectual Property Laws

Privacy Laws

Legal Liability of Corporate Officers

Investigation Environment

Computer Forensics

• Security Technology and Tools

Legal Security Technology and Tools

Computer Forensics

Incident Response and Handling

Investigation – Interviewing and Interrogation

Working with Outside Agencies

Ethics – Action Plan

• Assurance, Trusts and Confidence Mechanism

Follow-Up

Ethics – Reviews and Violation Reports

• Information Protection and Management Services

New Laws and Regulations

Who Needs to Attend

CISSP certification is beneficial to IT consultants, managers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, and security engineers.