Certified Information Systems Security Professional (CISSP)
Duration
5 Days
Audience
Students pursuing CISSP training want to establish themselves as credible computer security professionals through a study of all 10 CISSP Common Body of Knowledge domains. Validating this knowledge is the goal of certification; therefore, students attending this training should also meet the requirements needed to sit for the CISSP certification exam. These include four years of direct professional work experience in one or more fields related to 10 CBK security domains, or a college degree and three years of experience. Check with (ISC)2 for the most up-to-date requirements. New certifications have emerged and will continue to emerge from (ISC)2, which may cause changes to base requirements.
Course Description
Welcome to Certified Information Systems Security Professional (CISSP). With your completion of the prerequisites and necessary years of experience, you are firmly grounded in the knowledge requirements of today’s security professional. This course will expand upon your knowledge by addressing the essential elements of the 10 domains that comprise a Common Body of Knowledge (CBK) for information systems security professionals. The course offers a job-related approach to the security process, while providing the basic skills required to prepare for CISSP certification.
Course Objectives
You will control access to data and information systems using common access control best practices. You will discover how networks are designed for security, and the components, protocols, and services that allow telecommunications to occur in a secure manner. Next, you will learn about the principles of security management and how to manage risk as part of a comprehensive information security management program. You will explore applications and systems development security controls. Then, you will learn how to perform cryptography and how to secure system architecture. You will examine operations security and the appropriate controls and best practices to use to keep operations secure. You will learn how to perform business continuity planning and apply physical security to protect organizational assets and resources. Finally, you will explore law, investigations, and ethics with respect to information systems security and computer forensics.
Upon successful completion of this course, students will be able to:
• Control access to information systems.
• Network systems and telecommunications.
• Define security management.
• Create applications security.
• Perform cryptography.
• Secure system architecture.
• Execute operations security.
• Perform business continuity planning.
• Apply physical security.
• Apply law, investigations, and ethics.
Prerequisites
Students should have certifications in A+, Network+, or Security+, or possess equivalent professional experience. Students may have one or more of the following certifications or equivalent experience: MCSE, SCNP, CCNP, RHCE, LCE, CNE, SSCP, SANS, or GIAC.
Course Outline
Controlling Access to Information Systems
Control Data Access
Control System Access
Determine an Access Control Administration Method
Perform a Penetration Test
Networking Systems and Telecommunications
Design Data Networks
Provide Remote Access to a Data Network
Secure a Data Network
Manage a Data Network
Defining Security Management
Determine Security Management Goals
Classify Information
Develop a Security Program
Manage Risk
Creating Applications Security
Perform Software Configuration Management
Implement Software Controls
Secure Database Systems
Performing Cryptography
Apply a Basic Cipher
Select a Symmetric Key Cryptography Method
Select an Asymmetric Key Cryptography Method
Determine Email Security
Determine Internet Security
Securing System Architecture
Evaluate Security Models
Choose a Security Mode
Provide System Assurance
Executing Operations Security
Control Operations Security
Audit and Monitor Systems
Handle Threats and Violations
Performing Business Continuity Planning
Sustain Business Processes
Perform Business Impact Analysis
Define Disaster Recovery Strategies
Test the Disaster Recovery Plan
Applying Physical Security
Control Physical Access
Monitor Physical Access
Establish Physical Security Methods
Design Secure Facilities
Applying Law, Investigations, and Ethics
Interpret Computer Crime Laws and Regulations
Apply the Evidence Life Cycle
Perform an Investigation
Identify Codes of Conduct
Appendix A: CISSP Certification Exam Objectives
Appendix B: SSCP Certification Exam Objectives |
