In this 5-day course we will review and discuss the topics tested in the CISSP exams as described in the ten domains of the CISSP Common Body of Knowledge:
This training is intended to be a review of the topics and assumes that the participants already have a good knowledge of the concepts.
We will discuss the concepts in the class and provide recommendations for the exam.
1. Information Security and Risk Management: Security Management, Security Administration, Organizational Security Model, Information Risk Management, Risk Analysis, Policies, Standards, Baselines, Guidelines, Procedures, Information Classification, Responsibility layers, Security Awareness
2. Access Control: Security Principles, Identification, Authentication, Authorization and Accountability, Access Control Models, Access Control Technologies, Access Control Administration, Access Control Methods and Types, Accountability, Access Control Practices, Access Control Monitoring, Threats to Access Control
3. Security Architecture and Design: Computer Architecture, Central Processing Unit, System Architecture, Security Models, Security Modes of Operation, Systems Evaluation Methods, ITSec, Common Criteria, Enterprise Architecture, Threats related to Architecture
4. Physical and Environmental Security: Planning Physical Security, Internal Support Systems, Perimeter Security
5. Telecommunications and Network Security: OSI Reference Model, TCP/IP, Transmission Types, Networking, Networking Devices, Networking Services and Protocols, Intranets and Extranets, Wide Area Networks, Remote Access, Wireless Technologies, Rootkits
6. Cryptography: Cryptography Concepts, Cipher Types, Encryption Methods, Symmetric Systems, Asymmetric Systems, Message Integrity, Public Key Infrastructure, Key Management, Link Encryption, E-mail security, Internet Security, Cryptographic attacks
7. Business Continuity and Disaster Recovery: Business Continuity vs Disaster Recovery, Business Continuity Planning
8. Legal, Regulations, Compliance and Investigations: Cybercrime, Intellectual Property, Privacy, Liability, Investigation, Ethics
9. Application Security: Application Security Concepts, Database Management, System Development, Application Development Methodologies, Distributed Computing, Web Security, Mobile Code, Patch Management
10. Operations Security: The role of Operations Department, Administrative Management, Operational Roles and Responsibilities, Configuration Management, Media Controls, Network and Resource Availability, E-mail Security, Vulnerability Testing, Enterprise Architecture, Threats related to Architecture