At the end of this course delegates will have a thorough understanding of the following topics and be prepared to take the CISSP exam:

• Operations Security
• Information Security and Risk Management
• Physical (Environmental) Security
• Cryptography
• Access Control
• Security Architecture and Design
• Telecommunications and Network Security
• Business Continuity and Disaster Recovery Planning
• Application Security
• Legal, Regulations, Compliance, and Investigations

Pre-Requisites

Basic knowledge of all CBK domains; see books on the Reading List at http://www.isc2.org/

Understanding of networking and computer hardware.

To achieve full certification delegates should have experience in at least two of the domains in the CBK for 5 years or more (4 years if they have achieved relevant industry or degree level certifications).

Associate status can be achieved without the full 4/5 years experience; full certification will be assigned when the correct amount of experience is obtained.

Test-Taking Tips and Study Techniques
• Preparation for the CISSP Exam
• Submitting Required Paperwork
• Resources and Study Aids
• Passing the Exam the First Time

Operations Security
• Change Control/Configuration Management
• Dual Control, Separation of Duties, Rotation of Duties
• Vulnerability Assessment and Pen-Testing

Access Control
• AAA
• Authentication Methods (Types 1, 2, & 3)
• Authorization – DAC, RBAC, MAC
• Accounting – Logging, Monitoring, Auditing
• Central/Decentralized and Hybrid Management
• Single Sign-on – Kerberos, Radius, Diameter, TACACS
• Vulnerabilities – Emanations, Impersonation, Rouge Infrastructure,
• Social Engineering

Cryptography
• Intro – History
• Symmetric
• Asymmetric
• Hashing
• Cryptosystems – SSL, S/MIME, PGP
• PKI
• Cryptanalysis

Security Architecture and Design
• Layering, Data Hiding and Abstraction
• Processors
• Memory – Segmentation/Rings, Types of Memory
• Operating Systems
• Models
• Assurance – TCSEC, ITSEC, CC
• Architecture Problems – Covert Channels + TOC/TOU, Object Reuse

Telecommunications and Network Security
• OSI/DoD TCP/IP Models
• TCP/UDP/ICMP/IP
• Ethernet
• Devices – Routers/Switches/Hubs
• Firewalls
• Wireless
• WAN Technologies – X.25/Frame Relay/PPP/ISDN/DSL/Cable
• Voice – PBX/Cell Phones/VOIP
• IPSec
• Network Vulnerabilities

Application Security
• SDLC
• Change (Lifecycle) Management
• Database Security
• AI
• OOD
• Mobil Code
• Malware

Disaster Recovery and Business Continuity
• This course is part of the
• following programs or tracks:
• CISSP – Certified Information
• Systems Security Professional
• Security Management Expert
• Also Available
• Online IT Library

College Credits
• Policy
• Roles and Teams
• BIA
• Data Backups, Vaulting, Journaling, Shadowing
• Alternate Sites
• Emergency Response
• Required Notifications
• Tests

Legal, Regulations, Compliance, and Investigations
• Ethics – Due Care/Due Diligence
• Intellectual Property
• Incident Response
• Forensics
• Evidence
• Laws – HIPAA, GLB, SOX

Physical (Environmental) Security
• CPTED
• Facility Design
• Fire Safety
• Electrical Security
• HVAC
• Perimeter Security – Fences, Gates, Lighting
• Physical Access Control – Transponders, Badges, Swipe Cards
• Theft
• Intrusion Detection – CCTV, Alarms, Guards, & Dogs

Information Security and Risk Management
• CIA
• Roles and Responsibilities – RACI
• Asset Management
• Taxonomy – Information Classification
• Risk Management
• SDLC (Security Development Lifecycle)
• Certification and Accreditation
• Policies, Procedures, Standards, Guidelines, Baselines
• Knowledge Transfer – Awareness, Training, Education

Review and Q&A Session

Final Review and Exam Preparation