CISSP Certified Information Systems Security Professional
Overview
Aimed at seasoned security professionals, this course surveys the entire information security landscape and the technologies involved.
The course addresses the ten knowledge domains that comprise the Common Body of Knowledge (CBK) for information systems security professionals and prepares delegates for CISSP certification. The course offers a theory based approach to the security process, with opportunities to discuss the immediate application of concepts and techniques described in the CBK to the real world. It can be considered as providing a good introduction to security management, architecture and engineering.
The course comprises ten sessions that map directly to the (CBK), each one is theory based with instructor led discussions; there are no hands on labs. The work completed in the classroom should be complimented by extra reading, references to internet resources will be provided by the instructor.
Who Should Attend
Quote from (ISC)2 expressing who should take the CISSP certification:
“If you plan to build a career in information security …the CISSP® credential should be your next career goal. It’s the credential for professionals who develop policies and procedures in information security.”
Course Format:
The course can run in two basic formats, the standard public event, or as a Boot Camp. The Boot Camp allows the customer to specify longer working hours which allows a deeper and more detailed discussion of the technologies involved, or a faster pace to cover more over the standard day.
When booking the course the teaching hours should be discussed with the sales executive. This in turn can be complimented with further reading each evening. The Boot Camp also traditionally finishes with a test prep exam, which takes place after lunch on the last day. This allows the delegates to approach the topics covered in a question and answer format, the opportunity to discuss your answers with the class and trainer is provided at the end.
Please note the exam is not a part of the course, delegates will be required to book their own exam through (ISC)2 and should reference www.isc2.org for a schedule.
Prerequisites
Delegates should have experience in at least two of the domains in the (CBK), for 5 years or more (4 years if they have achieved relevant certifications, e.g. MCSE) to achieve full certification. Associate status can be achieved without the full 4/5 years experience; full certification will be assigned when the correct amount of experience is obtained.
- Delegates must ensure that they have some knowledge of all CBK domains and are encouraged to read one or two of the books on the Reading List at ISC2.org.
- QA will provide a CISSP guide book as pre-reading, with some ‘test prep’ questions.
Course outline
Module 1: Access Control
- Identification, Authentication, Authorisation and Accounting
- Digital Identities
- SSO
- DAC, MAC and RBAC
- Accountability
- Data Classification
- Access Control Attacks
Module 2: Security Architecture and Design
- Computer Hardware
- Operating System Architecture
- Trusted Computing Base
- OS Modes and Protection Rings
- System Architecture Design
- Security Models
- Secure Modes of Operation
- System Evaluation
Module 3: Telecommunications and Network Security
- Network Attacks
- IP and TCP headers
- Firewalls
- DNS
- IPS and IDS
- IPSEC
- VPN’s
- Wireless
- Data Communications
Module 4: Cryptography
- Hashing
- Symmetric Encipher
- Asymmetric Encipher
- Certificates
- Signatures
- PKI Public Key Cryptography
- Stream and Block Ciphers
- Cryptographic attacks
Module 5: Information Security Governance and Risk Management
- Security Management
- Risk Management
- Information Security Policies
- Controls
- Awareness
- Governance
Module 6: Application Security
- Design
- Software Development Lifecycle
- Development Methodologies
- System Modelling
- Coding Methodologies
- Application Infrastructure
- Application Design Best Practices
- Databases
- Web Applications
Module 7: Operations Security
- Operations
- Roles
- Monitoring
- Auditing
- Server Management
- Configuration Management
- Storage Media
- Data Leaks
Module 8: Physical Security
- Physical Threats
- Access Control
- Fire
- Comm.’s Room
- Locks and Keys
- Utilities
Module 9: Business Continuity and Disaster Recovery Planning
- Project Plan
- Recovery and Continuity Planning
- Business Impact Analysis
- Disaster Recovery and Continuity
- Backup and DR Sites
- Drills and Tests
- Crisis
- High Availability
- Lifecycle of Recovery
Module 10: Legal, Regulations, Compliance and Investigation
- Types of Law
- Data Protection Act
- Privacy
- Intellectual Property
- Investigations
- Hackers
- Ethics
- PCI
Examinations
This course will assist delegates preparing for the following exam:
- CISSP Certified Information Systems Security Professional