Course Objectives

Upon class completion, students will have been providedbackground and participated in discussions related to the 10 domains. Thisinformation will provide a solid foundation in preparation for securityprofessionals taking the CISSP exam administered by (ISC)2. More importantly,this course will broaden the student’s current understanding of all of thecomponents that are necessary to provide true security. These items arepresented in a manner that will allow the students to bring back security solutions to their current employer.

Prerequisites

The course best benefits individuals with 3-4 years of experience in one or more of the 10 domains described in the Course Outline. Students with no prior experience in the security field should have taken and completed the CompTia Security+.  It is targeted at security professionals who already have a fundamental understanding of information security.

Course Track

I. Security Management Practices

• Types of Security Controls
• Components of a Security Program
• Security Policies, Standards, Procedures, and Guidelines
• Risk Management and Analysis
• Information Classification
• Employee Management Issues
• Threats and Corresponding Administrative Controls

II. Access Control Systems and Methodology

• Identification, Authentication, and Authorization Techniques and Technologies
• Biometrics, Smart Cards, and Memory Cards
• Single Sign-On Technologies and Their Risks
• Discretionary versus Mandatory Access Control Models
• Rule-based and Role-based Access Control
• Object Reuse Issues and Social Engineering
• Emissions Security Risks and Solutions
• Specific Attacks and Countermeasures

III. Cryptography

• Historical Uses of Cryptography
• Block and Stream Ciphers
• Explanation and Uses of Symmetric Key Algorithms
• Explanation and Uses of Asymmetric Key Algorithms
• Public Key Infrastructure Components
• Data Integrity Algorithms and Technologies
• IPSec, SSL, SSH, and PGP
• Secure Electronic Transactions
• Key Management
• Attacks on Cryptosystems

IV. Physical Security

• Facility Location and Construction Issues
• Physical Vulnerabilities and Threats
• Doors, Windows, and Secure Room Concerns
• Hardware Metrics and Backup Options
• Electrical Power Issues and Solutions
• Fire Detection and Suppression
• Fencing, Lighting, and Perimeter Protection
• Physical Intrusion Detection Systems

V. Enterprise Security Architecture

• Critical Components of Every Computer
• Processes and Threads
• The OSI Model
• Operating System Protection Mechanisms
• Ring Architecture and Trusted Components
• Virtual Machines, Layering, and Virtual Memory
• Access Control Models
• Orange Book, ITSEC, and Common Criteria
• Certification and Accreditation
• Covert Channels and Types of Attacks
• Buffer Overflows and Data Validation Attacks

VI. Law, Investigation, and Ethics

• Different Ethics Sets
• Computer Criminal Profiles
• Types of Crimes
• Liability and Due Care Topics
• Privacy Laws and Concerns
• Complications of Computer Crime Investigation
• Types of Evidence and How to Collect It
• Forensics
• Legal Systems

VII. Telecommunications, Networks, and Internet Security

• TCP\IP Suite
• LAN, MAN, and WAN Topologies and Technologies
• Cable Types and Issues
• Broadband versus Baseband Technologies
• Ethernet and Token Ring
• Network Devices
• Firewall Types and Architectures
• Dial-up and VPN Protocols
• DNS and NAT Network Services
• FDDI and SONET
• X.25, Frame Relay, and ATM
• Wireless LANs and Security Issues
• Cell Phone Fraud
• VoIP
• Types of Attacks

VIII. Business Continuity Planning

• Roles and Responsibilities
• Liability and Due Care Issues
• Business Impact Analysis
• Identification of Different Types of Threats
• Development Process of BCP
• Backup Options and Technologies
• Types of Offsite Facilities
• Implementation and Testing of BCP

IX. Applications & Systems Development

• Software Development Models
• Prototyping and CASE Tools
• Object-Oriented Programming
• Middleware Technologies
• ActiveX, Java, OLE, and ODBC
• Database Models
• Relational Database Components
• CGI, Cookies, and Artificial Intelligence
• Different Types of Malware

X. Operations Security

• Operations Department Responsibilities
• Personnel and Roles
• Media Library and Resource Protection
• Types of Intrusion Detection Systems
• Vulnerability and Penetration Testing
• Facsimile Security
• RAID, Redundant Servers, and Clustering

Course Benefits

This is one of the highest paying certifications in the Information Technology industry. After graduating from this course students will be able to apply for positions such as Security Engineers, Systems Engineers and Systems Administrators.

Course Duration

This course is covered in 40 hours of instructor led hands – on training sessions.