CISSP Overview
Businesses make
substantial investments in information assets, including
technology, architecture, and processes. These assets are
protected on the strengths of the professionals in charge.
Industry
standards, ethics and certification of IS professionals becomes
critical to ensuring that higher standards for security are
achieved. Training for the CISSP exam covers all ten
domains of the Common Body of Knowledge.
This
course should be attended by network and firewall
administrators, information security officers, and anyone
interested in understanding the principles, best practices, and
core concepts of information systems security.
Course Overview
Tiburon Technical's CISSP training is an advanced course designed to
meet the high demands of the information security industry by
preparing students for the Certified
Information Systems Security Professional (CISSP) exam. This
certification is managed by the internationally recognized and
highly prestigious International Information Systems Security
Certifications Consortium ISCē.
This 5-day course can be
delivered onsite with exceptional pricing to audiences of at
least six students. Please call for a location-specific
quote.
The exam covers ISCē's
ten domains from the Common Body of Knowledge (CBK), encompassing the whole of information
security. The
exam consists of 250 multiple-choice questions. Candidates have
up to 6 hours to complete the examination.
Course materials
reflect the latest information system security issues, concerns,
and countermeasures.
- Discusses all ten
domains of Common Body of Knowledge (CBK), helping to
prepare for the CISSP exam.
- The CBK is the
compilation and distillation of all information systems security
material collected internationally of relevance to information
system security professionals.
- Ensures information
system security professionals have an opportunity to review the
CBK in-depth, in preparation for the certification examination and
to stay current on the ever-evolving domains within the
information system security field.
- Presents
a high-level review of the main topics
- Identifies
specific areas
students should study for exam preparation
- Provides an overview of the
scope of the field
Course Topics
1. Security Management Practices
- Security management concepts
- Policies, standards, guidelines, and procedures
- Security awareness
concepts
- Risk
management practices
- Basic information on
classification levels
Security management entails the identification of an
organization's information assets and the development,
documentation, and implementation of policies, standards,
procedures, and guidelines.
Management tools such as data classification and risk
assessment and analysis are used to identify threats, classify
assets, and to rate system vulnerabilities so that effective
controls can be implemented.
2. Access Control Systems
Access controls are a collection of
administrative, physical, and technical mechanisms that work
together within a security architecture to protect the assets
of an information system. Coverage of the threats, vulnerabilities, and risks
associated with an information system's infrastructure, and
the available preventive and detective measures to
counter them.
3. Telecommunications, Network, and Internet Security
- Network Structures
- Transmission methods
- Transport formats
- Security measures
providing availability, integrity, and
confidentiality
- Authentication for
transmissions over public and private communications
networks
4. Cryptography
Addresses the principles, means, and
methods of disguising information to ensure its integrity,
confidentiality and authenticity.
- Definitions
- History
- Cryptology Fundamentals
- Symmetric Key Cryptosystem
Fundamentals
- Asymmetric Key Cryptosystem
Fundamentals
- Key Distribution and
Management Issues
- Public Key Infrastructure
Definitions and Concepts
5. Security Architecture and Models
Concepts, principles, structures, and standards used to design,
monitor, and secure operating systems, equipment, networks,
applications and those controls used to enforce various levels
of confidentiality, availability, and integrity.
- Computer organization
- Hardware components
- Software/firmware components
- Open systems
- Distributed systems
- Protection mechanisms
- Evaluation criteria
- Certification and
accreditation
- Formal security models
- Confidentiality models
- Integrity models
- Information flow models
6. Operations Security
Identifies the controls over
hardware and media, and the operators and administrators with
access privileges to any of these resources. Auditing and
monitoring provide the mechanisms, tools, and facilities that permit
the identification of security events. Subsequent actions identify key elements and report pertinent information
to the appropriate individual, group, or process.
7. Applications and Systems Development Security
Addresses the important security concepts that
apply to application software development. Outlines the
environment where software is designed and developed and
explains the critical role software plays in providing
information system security.
- The software
development life cycle
- Object-oriented systems
- Artificial intelligence
systems
- Database security
issues
- Data warehousing
- Data mining
- Application controls
8. Business Continuity Planning and Disaster Recovery
Planning
Addresses the
preservation and recovery of business operations in the event of
outages. Differences
between business continuity planning and disaster recovery.
- Project scope and planning,
business impact analysis
- Recovery strategies
- Recovery plan
development
- Implementation
- Recovery plan development,
implementation and restoration
9. Law, Investigations, and Ethics
- Computer crime laws
and regulations
- The measures and
technologies used to investigate computer crime incidents
- Laws applying to computer
crimes
- How to determine if a crime
has occurred
- Preserving evidence
- The basic of conducting
an investigation
- Liabilities under the
law
10. Physical Security
Provides protection techniques
for the entire facility, from the outside perimeter to
inside office space, including all information system
resources.
|