CISSP Series

CISSP Training

11 Sessions –

33 Hours of Interactive Training

The Certified Information Systems Security Professional (CISSP) designation is a recognized international standard for information security certifications. The CISSP series from LearnKey will provide certification candidates, and others interested in information security management, an understanding of crucial security issues. Expert instructor Michael Solomon covers the full CISSP Common Body of Knowledge (CBK). He explains how the various domains relate in an overall security policy and delivers solid preparation for the certification exam. At the conclusion of this series, you will understand security concepts and issues in the CBK required for the CISSP exam.

Benefits

LearnKey courses meet or exceed course objectives to prepare you for the CISSP exam.

Increase your earning potential with technical security mastery.

Enhance your employment opportunities with in-demand IT security knowledge.

About The Author

Michael Solomon, CISSP, PMP, TICSA, is a speaker, consultant and trainer who specializes in project management and database application-level security topics. Since 1987 Solomon has worked on IT projects or instructed for more than 60 organizations including EarthLink, Nike, Lucent Technologies, BellSouth, UPS, Boart Longyear, and the U.S. Coast Guard. Solomon holds an MS in Computer Science from Emory University (1998), and a BS in Computer Science from Kennesaw State University (1987) where he was also an instructor from 1998 - 2001. He has been a contributor to various certification books.

Information Security and Risk Management
Session 1

Section A: Introduction
· Why CISSP?
· Requirements
· Required Domains

Section B: The Security Triangle
· Securing the System
· Confidentiality
· Integrity
· Availability

Section C: Security Management Training
· Information Security Governance
· Audit Frameworks for Compliance
· Security Administration
· Organizational
· Physical Risks
· Human Risks
· Risk Management Terms
· Risk Management Options
· Legal Responsibility
· Risk Assessment Methodologies
· Risk Assessment Team

Section D: Risk Assessment
· Overview
· Cost vs. Benefit
· Single Loss Expectancy
· Annual Loss Expectancy
· Calculating Overall Risk
· Pros and Cons
· Qualitative Assessment
· Selecting Controls

Section E: Security Policy
· Overview
· Security Policy Types
· Standards
· Guidelines
· Procedures

Section F: Job Policies and Training
· Hiring Practices
· Termination Practices
· Job Descriptions
· Job Activities
· Security Awareness
· Tailoring Training
· ISO Responsibilities

Section G: Ethics
· Overview
· (ISC)2 Code of Ethics
· Ten Commandments
· RFC 1087
· Ethics Topics
· Common Computer Ethics Fallacies

Access Control Systems and Methodology
Session 1

Section A: Access Control Basics
· Access Control
· Least Privilege
· Accountability
· Physical Access
· Administrative Access
· Logical Access

Section B: Data Classification
· Overview
· Classification Criteria
· Data Responsibility
· Commercial Data
· Government Data

Section C: Access Control Techniques
· Control Types
· Control Categories
· Security Labels
· Discretionary
· Mandatory
· Nondiscretionary
· Access Control Lists

Section D: Access Control Implementation
· Centralized Authentication
· RADIUS
· TACACS
· Decentralized
· Hybrid Model

Section E: Identification and Authentication
· Phases
· Type 1 Authentication
· Type 2 Authentication
· Type 3 Authentication
· Single Sign-on
· Kerberos
· Kerberos Process
· SESAME

Section F: Attack and Monitor
· Brute Force
· Dictionary
· Denial of Service
· Spoofing
· Man-in-the-Middle
· Access Control Assurance
· Monitoring
· Intrusion Detection
· Penetration Testing

Cryptography
Session 1

Section A: History and Goals
· Ancient History
· Modern History
· Confidentiality
· Integrity
· Authentication
· Nonrepudiation
· Cryptographic Uses

Section B: Concepts and Methodologies
· Overview
· Transposition Cipher
· Substitution Cipher
· Cipher Categories
· Cipher Process
· Symmetric Algorithms
· Asymmetric Algorithms
· Message Authentication

Section C: Cryptographic Algorithms
· Overview
· DES
· Triple DES
· IDEA/Blowfish/Skipjack
· AES
· RSA/El Gamal
· Hashing Algorithms
· Other Hashing Algorithms

Section D: Cryptographic Practices
· Digital Signatures
· Signature Types
· Key Distribution
· Steganography
· PKI

Section E: System Architecture
· PEM
· MOSS
· S/MIME
· SSL
· HTTPS
· SET
· IPSec
· ISAKMP

Section F: Methods of Attack
· Brute Force
· Known Plaintext
· Chosen Ciphertext
· Chosen Plaintext
· Meet-in-the-Middle
· Man-in-the-Middle
· Birthday
· Replay

CISSP Series continued

Physical (Environmental) Security
Session 1

Section A: Physical Security Threats
· Overview
· Threats 1 - 5
· Threats 6 - 9
· Threats 10 - 12

Section B: Facility Requirements
· Security Policy
· Critical Path Analysis
· Access Controls

Section C: Physical Security Controls
· Administrative Controls
· Fences/Gates
· Lighting
· Security Guards/Dogs
· Keys/Badges
· Detective Controls/CCTV
· Restriction/Escorts
· Technical Controls

Section D: Environmental Issues
· Power
· HVAC
· Water Leakage/Flooding
· Fire Detection/Suppress
· Natural Disasters

Section E: Physical Security
· Fire Safety
· Physical Access Control
· Administrative Controls
· Employee Training
· Egress Safety
· Detective Controls

Security Architecture and Design
Session 1

Section A: Organization
· Computer Hardware Types
· CPU
· RAM
· ROM
· Erasable PROM
· Memory Addressing
· Cache Memory
· Virtual Memory

Section B: Machine Operation
· Hardware/Software
· Machine Types
· Execution Cycle
· Scalar Processors
· CPU Types
· Capabilities

Section C: Operating Modes/Protection Mechanisms
· Operating States
· Operating Modes
· Storage Types
· Layering
· Abstraction
· Least Privilege
· Accountability
· Definitions

Section D: Evaluation Criteria
· Overview
· Orange Book
· TCSEC
· Other Criteria
· International Criteria
· SEI-CMMI

Section E: Security Models
· State Machine Model
· Bell-LaPadula Model
· Biba Model
· Clark-Wilson Model
· Information Flow Model
· Noninterference Model
· Graham-Denning Model
· Harrison-Ruzzo-Ullman Model
· Brewer-Nash Model

Section F: Common Flaws and Security Issues
· Covert Channels
· Initialization State
· Parameter Checking
· Maintenance Hooks
· Programming
· Timing Issues
· EMR

Business Continuity and Disaster Recovery Planning
Session 1

Section A: BCP Project Scope
· Industry and Professional Standards
· Legislative Compliance
· Overview
· Organization Analysis
· Planning Team
· Resource Requirements
· Legal Requirements

Section B: Business Impact Analysis
· Overview
· Interruption
· Resource Prioritization
· Continuity Strategy
· BCP Approval

Section C: DRP Planning and Recovery
· Overview
· Identification
· Crisis Management
· Recovery
· Data Center Alternatives
· More Alternatives
· Processing Agreement

Section D: Recovery Plan
· Emergency Response
· Data Backup
· Backup Types
· Off-site Storage
· Utilities
· Logistics
· Emergency Services

Section E: Recovery Plan Implementation
· Overview
· Training
· Checklist Test
· Structured Walk-through
· Simulation Test
· Parallel Test
· Full-interruption Test

Telecommunications and Network Security
Session 1

Section A: OSI Reference Model
· Protocols
· Standards Organizations
· OSI Overview
· Logical Data Flow
· Physical Data Flow

Section B: OSI Layers
· Application Layer
· Presentation Layer
· Session Layer
· Transport Layer
· Network Layer
· Data-link Layer
· Physical Layer
· TCP/IP Model

Section C: Media/LAN Topologies
· Twisted Pair
· Coaxial
· Fiber Optics
· Wireless Technologies
· Star Topology
· Bus Topology
· Ring Topology
· Tree Topology
· Mesh Topology

Section D: LAN/WAN/Remote Access
· Ethernet
· Other Access Methods
· Signaling Types
· Network Types
· Dial-up
· ISDN
· DSL
· Wireless/Cable

Section E: Remote Access Security
· VPN
· PPTP
· IPSec
· Connection Security
· User Authentication
· Node Authentication

CISSP Series continued

Telecommunications and Network Security
Session 2

Section A: Network Devices
· Hubs
· Bridges
· Switches
· Routers
· Gateways
· Firewalls

Section B: Firewalls
· 1st Generation
· 2nd and 3rd Generation
· 4th and 5th Generation
· Packet Filtering Router
· Screened Host
· Dual-Homed Host
· Screened Subnet

Section C: Security Protocols and Services
· TCP/IP
· Network Layer
· Transport Layer
· Application Layer
· SDLC/HDLC
· Frame Relay
· ISDN
· X.25

Section D: Security Techniques
· Tunneling
· Network Monitors
· Transparency
· Hash Totals
· E-mail Security
· Facsimile Security
· Voice Communication

Section E: Common Network Attacks
· Network Abuses
· ARP
· DoS/DDoS
· Flooding
· Spoofing
· Spamming
· Eavesdropping
· Sniffers

Application Security
Session 1

Section A: Application Issues
· Software Development
· Application Environments
· Malicious Code
· Agents
· Applets
· Objects

Section B: Databases and Warehousing
· Databases
· Relational Database
· Record Identification
· Query Language
· Data Access Methods
· Data Warehouses
· Aggregation
· Inference
· Polyinstantiation

Section C: Data and Information Storage
· Data Handling
· Data Storage
· Virtual Memory
· Information Retrieval
· Knowledge-based Systems
· Audit and Assurance Mechanisms

Section D: System Development Controls
· Coding Controls
· Development Life Cycle
· Design
· Certification
· Certification Standards

Section E: Security Development Controls
· Isolation Architecture
· Administration Controls
· Design Control
· System Control
· Modes of Operation
· Integrity Levels
· Service Level Agreement

Section F: Malicious Code
· Overview
· Players
· Viruses
· Virus Types
· OS Vulnerability
· Other Malicious Code
· Antivirus Protection

Section G: Methods of Attack
· Brute Force
· Social Engineering
· DoS/DDoS
· Spoofing
· Pseudo Flaw
· Buffer Overflow
· TOC/TOU
· Rootkits

Operations Security
Session 1

Section A: Administrative Management
· Overview
· Duty Separation
· Least Access
· Accountability
· Privacy and Protection
· Legal Requirements
· Illegal Activities

Section B: Operation Controls
· Record Retention
· Backups
· Data Removal
· Antivirus Controls
· Privileged Functions
· Resource Protection

Section C: Auditing
· Audit Procedures
· Frequency
· Audit Trails
· Audit Reporting
· Sampling
· Retention

Section D: Monitoring
· What is Monitoring?
· Categories
· Warning Banners
· Keystroke Monitoring
· Traffic Analysis
· Trend Analysis
· Tools
· Failure Recognition

Section E: Intrusion Detection
· Intrusion Prevention
· IDS Types
· Penetration Testing
· Inappropriate Activity

Section F: Threats and Countermeasures
· Interception
· Human Factors
· Fraud and Theft
· Employee Sabotage
· Disaster Recovery
· Hackers
· Espionage
· Malicious Code

Law, Regulation, Compliance, and Investigations
Session 1

Section A: Types of Computer Crime
· Overview
· Military Attacks
· Business Attacks
· Financial Attacks
· Terrorist Attacks
· Grudge Attacks
· Fun Attacks
· Hacking/Cracking

Section B: Categories of Law
· Criminal Law
· Civil Law
· Admin/Regulatory Law
· Categories of Law
· Intellectual Property Law
· Trade Secrets
· Copyrights
· Trademarks
· Patents

Section C: Computer Laws
· Technology Threat
· Government Intervention
· Fraud and Abuse Act
· Computer Security Act
· Amended Security Act
· Security Reform Act
· Privacy Acts
· USA Patriot Act
· Liability

Section D: Types of Incidents
· Overview
· Incident Categories
· Scanning Incidents
· Compromise Incidents
· Malicious Code Incidents
· DoS Incidents

Section E: Incident Handling
· Knowledge
· Response
· Contain Damage
· Reporting

Section F: Investigation and Evidence
· Overview
· Evidence Handling
· Evidence Types
· Evidence Admissibility
· Search and Seizure