LearnKey Training

CISSP Security and Risk Management 2015 Course

CISSP Security and Risk Management 2015 Course

CISSP Security and Risk Management 2015 Course

2 Sessions -
5 Hours of Interactive Training

LearnKey's CISSP Security and Risk Management 2015 course is one of 8 domains making up the Certified Information Systems Security Professional (CISSP) Common Body of Knowledge (CBK). Join LearnKey expert Michael Solomon as he presents information on confidentiality, security governance principles, professional ethics, and more! At the conclusion of this course, learners will be familiar with the issues and concepts of the Security and Risk Management knowledge required to pass the CISSP exam.

  • Be up-to-date with training based on the most recent CISSP CBK
  • Interactive labs, and dozens of pre/post test questions
  • View your online courseware anytime, anywhere

About The Author
Michael Solomon, CISSP, PMP®, TICSA, is a speaker, consultant and trainer who specializes in project management and database application-level security topics. Since 1987 Solomon has worked on IT projects or instructed for more than 60 organizations including EarthLink, Nike, Lucent Technologies, BellSouth, UPS, Boart Longyear, and the U.S. Coast Guard. Solomon holds an MS in Computer Science from Emory University (1998), and a BS in Computer Science from Kennesaw State University (1987) where he was also an instructor from 1998 - 2001. He has been a contributor to various certification books.

Session 1

Section A: CISSP

  • Why a CISSP?
  • CISSP Requirements
  • Types of Questions
  • Exam Tips
  • Required Domains

Section B: The Security Triangle

  • CIA - The Big Three
  • Confidentiality
  • Integrity
  • Availability

Section C: Information Security Governance

  • What is Information Security Governance?
  • Organizational Processes
  • ISO Responsibilities
  • Other Security Roles
  • Control Frameworks
  • Due Care and Due Diligence

Section D: Compliance

  • Legislative Compliance
  • Privacy Compliance

Section E: Legal and Regulatory Issues

  • Computer Crime
  • Financial and Terrorist Attacks
  • Grudge and Fun Attacks
  • Examples of Computer Crime
  • Intellectual Property Law
  • Import/Export Controls
  • Transborder Data Flow
  • Privacy
  • Incidents, Breaches, and Disclosures
  • Example Breaches
  • Computer Laws

Section F: Ethics

  • Ethics Topics
  • Common Computer Ethics Fallacies
  • Ethics Codes of Conduct
  • (ISC)² Code of Ethics
  • Ten Commandments of Computer Ethics
  • Internet Activities Board Statement

Section G: Security

  • Security Policy
  • Standards, Guidelines
  • Procedures

Section H: Business Continuity Requirements

  • BCP Project Scope and Planning
  • Business Organization Analysis
  • Planning Team Creation
  • Resource Requirements
  • Business Impact Analysis
  • Results of an Interruption
  • Resource Prioritization
  • Continuity Strategy
  • BCP Approval and Acceptance
  • DRP Project Scope and Planning
  • Possible Man-Made Disasters
  • Recovery Strategy
  • Training and Documentation

Section I: Personnel Security Policies

  • Employment Policies

Session 2

Section A: Risk Management Concepts

  • Risk Management
  • Risk Management Terms
  • Frameworks and Methodologies
  • Tools and Techniques
  • Quantitative Risk Assessment
  • Quantitative Risk Calculations
  • Quantitative Risk Pros and Cons
  • Qualitative Risk Assessment

Section B: From Assessment to Response

  • Risk Management Options
  • Controls and Countermeasures
  • Countermeasure Implementation
  • Types of Controls
  • Administrative Access Controls
  • Logical Access Controls
  • Physical Access Controls
  • Monitoring
  • Monitoring Categories

Section C: Monitoring Tools

  • Monitoring Tools and Techniques
  • Assessment and Penetration Testing
  • Asset Valuation
  • Reporting
  • Continuous Improvement
  • Risk Management Frameworks

Section D: Threat Modeling

  • Threat Modeling Process
  • Common Attack Types
  • Defensive Measures
  • Threat Handling
  • Technologies to Remediate Threats

Section E: Acquisition

  • Acquisition Strategy and Practice
  • Acquisition Risk
  • Security Awareness Training