This course is intended for experienced IT security-related practitioners, auditors, consultants, investigators, or instructors, including network or security analysts and engineers, network administrators, information security specialists, and risk management professionals, who are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current computer security careers or to migrate to a related career. Through the study of all 10 CISSP CBK domains, students will validate their knowledge by meeting the necessary preparation requirements to qualify to sit for the CISSP certification exam. The CISSP exam is intentionally difficult and should not be taken lightly. Even students with years of security experience should assume that they will have additional study time after class. Because the domains are so varied, it is unlikely that any one student will have experience in all 10 domains. Additional CISSP certification requirements include a minimum of five years of direct professional work experience in one or more fields related to the 10 CBK security domains, or a college degree and four years of experience.
Prerequisites
It is highly recommended that students have certifications in Network+ or Security+, or possess equivalent professional experience upon entering CISSP training. It will be beneficial if students have one or more of the following security-related or technology-related certifications or equivalent industry experience: MCSE, MCTS, MCITP, SCNP, CCNP, RHCE, LCE, CNE, SSCP®, GIAC, CISA™, or CISM®.
Course Objectives
Upon successful completion of this course, students will be able to:
Lesson 1: Information Systems Access Control
Prerequisites
It is highly recommended that students have certifications in Network+ or Security+, or possess equivalent professional experience upon entering CISSP training. It will be beneficial if students have one or more of the following security-related or technology-related certifications or equivalent industry experience: MCSE, MCTS, MCITP, SCNP, CCNP, RHCE, LCE, CNE, SSCP®, GIAC, CISA™, or CISM®.
Course Objectives
Upon successful completion of this course, students will be able to:
- analyze information systems access control.
- analyze security architecture and design.
- analyze network security systems and telecommunications.
- analyze information security management goals.
- analyze information security classification and program development.
- analyze risk management criteria and ethical codes of conduct.
- analyze software development security.
- analyze cryptography characteristics and elements.
- analyze physical security.
- analyze operations security.
- apply Business Continuity and Disaster Recovery Plans.
- identify legal issues, regulations, compliance standards, and investigation practices relating to information systems security.
Lesson 1: Information Systems Access Control
- Topic 1A: Data Access Principles
- Topic 1B: System Access and Authentication
- Topic 1C: Attacks and Penetration Tests
- Topic 2A: Security Architecture Frameworks and Security Models
- Topic 2B: Security Modes
- Topic 2C: System Assurance
- Topic 3A: Data Network Design
- Topic 3B: Remote Data Access
- Topic 3C: Data Network Security
- Topic 3D: Data Network Management
- Topic 4A: Organizational Security
- Topic 4B: The Application of Security Concepts
- Topic 5A: Information Classification
- Topic 5B: Security Program Development
- Topic 6A: Risk Management
- Topic 6B: Ethics
- Topic 7A: Software Configuration Management
- Topic 7B: Software Controls
- Topic 7C: Database System Security
- Topic 8A: Ciphers and Cryptography
- Topic 8B: Symmetric-Key Cryptography
- Topic 8C: Asymmetric-Key Cryptography
- Topic 8D: Hashing and Message Digests
- Topic 8E: Email, Internet, and Wireless Security
- Topic 8F: Cryptographic Weaknesses
- Topic 9A: Physical Access Control
- Topic 9B: Physical Access Monitoring
- Topic 9C: Physical Security Methods
- Topic 9D: Facilities Security
- Topic 10A: Operations Security Control
- Topic 10B: Operations Security Auditing and Monitoring
- Topic 10C: Operational Threats and Violations
- Topic 11A: Business Continuity Plan Fundamentals
- Topic 11B: Business Continuity Plan Implementation
- Topic 11C: Disaster Recovery Plan Fundamentals
- Topic 11D: Disaster Recovery Plan Implementation
- Topic 12A: Computer Crime Laws and Regulations
- Topic 12B: Computer Crime Incident Response
