CISSP Security Professional Course

Total Items: 9 Total Time: 24.00 hour(s)

Summary:

This training helps a learner prepare to take and pass the Certified Information Systems Security Professional (CISSP) exam.

This series, like the exam, covers ten domains of information system security knowledge including access control systems and methodology, network and telecommunications security, security management and practices, applications and systems development security, cryptography, security and architecture models, operations security, business continuity and disaster recovery planning, law, investigation, and ethics, as well as physical security.

Learning Segment 1 :Control Systems and Methodology

Summary:

This learning segment covers Domain 1 of the Certified Information Systems Security Professional (CISSP) exam. It explains what you need to know about the mechanisms you can use to exercise either a directing or restraining influence over the behavior, use, and content of a system.

Objectives:

• Discuss the relationship between access control and accountability Define common access control techniques and models
• Detail the specifics of access control administration
• Explain identification and authentication techniques
• Discuss centralized/decentralized control
• Explain intrusion detection and common methods of attack

Topics:

• Authentication, access control, and accountability Access control techniques Access control administration and models Identification and authentication techniques
•  Access control methodologies Methods of attacks Monitoring Penetration testing

Learning Segment 2 : Telecommunications and Network Security

Summary:

This learning segment covers Domain 2 of the Certified Information Systems Security Professional (CISSP) exam. It explains what you need to know about the structures, transmissions methods, transport formats, and security measures used to provide integrity, availability, authentication, and confidentiality for transmissions over private and public communications networks and media.

Objectives:

• Explain the International Standards Organization/Open Systems Interconnection (ISO/OSI) layers and characteristics
• Describe the design and function of communications and network security Describe the components, protocols and services involved in Internet/intranet/extranet design
• Define and describe communications security techniques to prevent, detect, and correct errors so that integrity, availability, and confidentiality of transactions over networks may be maintained Define and describe specific areas of communication and how they can be secured Explain current forms of network attacks and their countermeasures

Topics:

• The Open Systems Interconnection model Network characteristics Network topologies LAN devices WAN technologies Providing remote access capabilities Networking and security protocols Securing communications Error prevention, detection, and correction Intrusion detection, response, and prevention Fault tolerance and data restoration

 Learning Segment 3 : Security Management and Practices

Summary:

This learning segment covers Domain 3 of the Certified Information Systems Security Professional (CISSP) exam. It explains what you need to know about identifying an organization's information assets, as well as the development, documentation, and implementation of appropriate policies, standards, procedures, and guidelines. It also covers how data classification, risk assessment, and risk analysis are used to identify the threats, classify assets, and to rate their vulnerabilities so that effective security controls can be implemented.

Objectives:

• Understand the principles of security management Understand risk management and how to use risk analysis to make information security management decisions Set information security roles and responsibilities throughout your organization Understand the considerations and criteria for classifying data Determine how employment policies and practices are used to enhance information security in your organization Use change control to maintain security

Topics:

• Defining security principles Identification and authentication Accountability and auditing Security management planning Risk management and analysis Risk analysis step by step Policies, standards, guidelines, and procedures Examining roles and responsibility
• Understanding protection mechanisms Classifying data Employment policies and practices Managing change control Security awareness training

Learning Segment 4 : Applications and Systems Development Security

Summary:

This learning segment covers Domain 4 of the Certified Information Systems Security Professional (CISSP) exam. It explains what you need to know about the security controls that are included within systems and applications software and the steps used in their development in both distributed and centralized environments.

Objectives:

• Demonstrate an understanding of challenges in both distributed and nondistributed environments Discuss databases and data warehousing issues Describe knowledge-based systems and examples of edge computing Discuss the types of attacks made on software vulnerabilities Describe and define malicious code Discuss system development controls

Topics:

• Distributed and nondistributed environment challenges Database and data warehousing issues Storage and storage systems Knowledge-based systems and edge computing Attacking software Understanding malicious code System development lifecycle models Security control architecture Software development methodologies Secure software design and coding practices

Learning Segment 5 : Cryptography, Security Architecture, and Security Models

Summary:

This learning segment covers Domains 5 and 6 of the Certified Information Systems Security Professional (CISSP) exam. It explains what you need to know about the principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity. It also covers concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, and applications.

Objectives:

• Compare and contrast symmetric and asymmetric algorithms Describe PKI and key management Detail common methods of attacking encryption, including general and specific attacks List common security models and their function Explain the basics of security architecture Describe the Internet Protocol Security (IPSec) standard

Topics:

• Uses of cryptography Cryptographic concepts, methodologies, and practices Methods of attack Security architecture and model requirements Security models Security system architecture Information system security standards Common criteria IPSec

Learning Segment 6 : Operations Security

Summary:

This learning segment covers Domain 7 of the Certified Information Systems Security Professional (CISSP) exam. It explains what you need to know about identifying the hardware and media controls, as well as the operators with access privileges to any of these resources. It also covers auditing and monitoring techniques that permit the identification of security events and their sources.

Objectives:

• Identify the key roles of operations security Define threats and countermeasures Explain how audit and monitoring can be used as operations security tools Define the role of Administrative management in operations security Define operations security concepts and describe operations security best practices

Topics:

• Key operations security roles The roles of auditing and monitoring Penetration testing techniques Defining threats and countermeasures Countermeasures for employee-related threats The role of administrative management Concepts and best practices

Learning Segment 7 : Business Continuity and Disaster Recovery Planning

Summary:

This learning segment covers Domain 8 of the Certified Information Systems Security Professional (CISSP) exam. It explains what you need to know about preservation in the face of major disruptions to normal business operations. It covers both the preparation and testing of specific actions to protect critical business processes from the effect of major system and network failures.

Objectives:

• Document the natural and man-made events that need to be considered in making disaster recovery and business continuity plans Explain the difference between disaster recovery planning (DRP) and business continuity planning (BCP) and the importance of developing plans that include both Detail the business continuity planning process Explain the need for, and development of, a backup strategy. Include information on determining what to back up, how often to back up, as well as the proper storage facility for backups Detail the disaster recovery planning process, including recovery plan development, implementation, maintenance, and the restoration of business functions

Topics:

• Business operation disasters DRP and BCP differences BCP scope and business impact analysis Developing operational plans for BCP BCP implementation, testing and maintenance Disaster recovery planning Developing a backup strategy Alternative site requirements

Learning Segment  8 : Law, Investigation, Ethics, and Physical Security

Summary:

This learning segment covers Domains 9 and 10 of the Certified Information Systems Security Professional (CISSP) exam. It explains what you need to know about computer crime laws and regulations, as well as the investigative measures and techniques which can be used to determine if a crime has been committed. It also covers the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise's resources and sensitive information.

Objectives:

• Define what constitutes a computer crime and how such a crime is proven in court Explain the laws of evidence Discuss computer ethics Understand general principles that apply to the theft of information and assets Know the general criteria that apply to the location and construction of facilities Describe physical intrusion detection methodologies and products

Topics:

• Fundamentals of law Criminal law and computer crime Computer security incidents Legal evidence Computer forensics Computer ethics Classifying assets and vulnerabilities Site location and construction Physical access controls Power Environmental controls and water exposure problems Fire prevention and protection Tape, media, and document library retention policies Waste disposal Physical intrusion detection

 Learning Segment 9  : Law, Investigation, Ethics, and Physical Security

Summary:

• This learning segment covers Domains 9 and 10 of the Certified Information Systems Security Professional (CISSP) exam. It explains what you need to know about computer crime laws and regulations, as well as the investigative measures and techniques which can be used to determine if a crime has been committed. It also covers the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise's resources and sensitive information.

Objectives:

• Define what constitutes a computer crime and how such a crime is proven in court Explain the laws of evidence Discuss computer ethics Understand general principles that apply to the theft of information and assets Know the general criteria that apply to the location and construction of facilities Describe physical intrusion detection methodologies and products

Topics:

• Fundamentals of law Criminal law and computer crime Computer security incidents Legal evidence Computer forensics Computer ethics Classifying assets and vulnerabilities Site location and construction Physical access controls Power Environmental controls and water exposure problems Fire prevention and protection Tape, media, and document library retention policies Waste disposal Physical intrusion detection

Features:

• A Learning segment Topics list contains active hyperlinks, permitting quick access to specific topics.
• Find-A-Word allows learners to look up an unfamiliar term in the Glossary, on the Web, or in a dictionary. In addition, it lets them find other occurrences of the term in the same learning segment.
• Search text enables learners to rapidly search all text within a course to easily retrieve information required.
• Courses challenge the learner with a variety of question formats, including multi-step simulations, true/false, multiple choice, and fill-in-the-blank.
• A skill assessment generates a customized learning path based on the results of a pre-test.
• A glossary provides a reference for definitions of unfamiliar terms.
• Bookmarking tracks the learner's progress in a course.

Technical Requirements:

P500+ Processor, 128MB of RAM; Windows 2000, 2003, XP, Minimum screen resolution 800x600, Internet Explorer 5.5 or higher; Windows Media Player 9.0 or higher; Flash 8.0 or higher; 56K minimum connection; broadband (256 kpbs or higher) connection recommended; Cookies enabled; Sound card with speakers or headphones strongly recommended.