| Session |
From |
To |
Duration |
Days - Time |
|
| TBD |
TBD |
TBD |
TBD |
TBD |
|
Knowledge and experience with several of the following general security areas: Designing, implementing and maintaining firewalls, auditing, intrusion detection systems, access control lists, availability strategies, discretionary access lists, biometric devices, certificates, disaster recovery.
This course trains students in all areas of the security Common Body of Knowledge. They will learn security policy development, secure software development procedures, network vulnerabilities, attack types and corresponding countermeasures, cryptography concepts and their uses, disaster recovery plans and procedures, risk analysis, crucial laws and regulations, forensics basics, computer crime investigation procedures, physical security, and more.
ACCESS CONTROL SYSTEMS AND METHODOLOGIES
• Access control concepts, methodologies, and implementation
• Access controls: detective, corrective, and preventative
• Access control techniques in centralized and decentralized environments
• Access control risks, vulnerabilities, and exposures
SECURITY ARCHITECTURE AND MODELS
• Secure operating system principles, concepts, mechanisms, controls, and standards
• Secure architecture design, modeling, and protection
• Security models: confidentiality, integrity, and information flow
• Government and commercial security requirements
• Common criteria, ITSEC, TCSEC, IETF, IPSEC
• Technical platforms
• System security preventative, detective, and corrective measures
DISASTER RECOVERY AND BUSINESS CONTINUITY PLANNING
• Business continuity planning, business impact analysis, recovery strategies, recovery plan development, and implementation
• Disaster recovery planning, implementation, and restoration
• Compare and contrast disaster recovery and business continuity
SECURITY MANAGEMENT PRACTICES
• Organizational security roles
• Identification of information assets
• Security management planning
• Security policy development; use of guidelines, standards, and procedures
• Security awareness training
• Data classification and marking
• Employment agreements and practices
• Risk management tools and techniques
LAW, INVESTIGATION, AND ETHICS
• Computer crime detection methods
• Applicable computer crime, security, and privacy laws
• Evidence gathering and preservation methods
• Computer crime investigation methods and techniques
• Civil, criminal, and investigative law
• Intellectual property law
• ISC2 and IAB ethics application
PHYSICAL SECURITY
• Prevention, detection, and correction of physical hazards
• Secure site design, configuration, and selection elements
• Access control and protection methods for facility, information, equipment, and personnel
OPERATIONS SECURITY
• Resource protection mechanisms and techniques
• Operation security principles, techniques, and mechanisms; principles of good practice and limitation of abuses
• Operations security preventative, detective, and corrective measures
• Information attacks
• Access Control Subversion
CRYPTOGRAPHY
• Cryptographic concepts, methods, and practices
• Construction of algorithms
• Attacks on cryptosystems
• Ancient cryptography and modern methods
• Public and private key algorithms and uses
• Key distribution and key management
• Digital signature construction and use
• Methods of attack, strength of function
TELECOMMUNICATIONS AND NETWORK SECURITY
• Overview of communications and network security
• Voice communications, data communications, local area, wide area, and remote access
• Internet/Intranet/Extranet, firewalls, routers, and network protocols
• Telecommunication and network security preventative, detective, and corrective measures
• System development process and security controls
• System development life cycle, change controls, application controls, and system and application integrity
• Database structure, concepts, design techniques, and security implications
• Object oriented programming
• Data warehousing and data mining
REVIEW AND Q&A SESSION
• Review concepts introduced in previous sessions
• Answer specific questions or concerns regarding CISSP preparation material
TESTING-TAKING TIPS AND STUDY TECHNIQUES
• Tips for additional preparation for the CISSP exam
• Additional resources
• Techniques for scoring well on the exam
