LearnKey Training

CISSP Security Engineering 2015 Course

CISSP Security Engineering 2015 Course

Back to Product Page

CISSP Security Engineering 2015 Course

2 Sessions -
4 Hours of Interactive Training

LearnKey's CISSP Security Engineering 2015 course is one of 8 domains making up the Certified Information Systems Security Professional (CISSP) Common Body of Knowledge (CBK). Join LearnKey expert Michael Solomon as he presents information on secure design principles, security evaluation models, cryptography, and more! At the conclusion of this course, learners will be familiar with the issues and concepts of the Security Engineering knowledge required to pass the CISSP exam.

  • Be up-to-date with training based on the most recent CISSP CBK
  • Interactive labs, and dozens of pre/post test questions
  • View your online courseware anytime, anywhere

About The Author
Michael Solomon, CISSP, PMP®, TICSA, is a speaker, consultant and trainer who specializes in project management and database application-level security topics. Since 1987 Solomon has worked on IT projects or instructed for more than 60 organizations including EarthLink, Nike, Lucent Technologies, BellSouth, UPS, Boart Longyear, and the U.S. Coast Guard. Solomon holds an MS in Computer Science from Emory University (1998), and a BS in Computer Science from Kennesaw State University (1987) where he was also an instructor from 1998 - 2001. He has been a contributor to various certification books.

Session 1

Section A: Security Engineering

  • Security Design Principles
  • NIST Planning Phases and Principles
  • Other Resources
  • Security Model Types
  • Bell-LaPadula Model
  • Biba Model
  • Clark-Wilson Model, Brewer-Nash
  • Graham-Denning, Harrison-Ruzzo-Ullman

Section B: Security Evaluation Models

  • Evaluation Criteria
  • The Orange Book
  • Other Criteria
  • Operating States
  • Operating Modes
  • Storage Types
  • Protection Mechanisms
  • Least Privilege and Accountability
  • Additional Protection Mechanisms

Section C: System Architecture Vulnerabilities

  • Threats, Vulnerabilities, and Reports
  • Covert Channels
  • Initialization and Failure States
  • Programming Vulnerabilities
  • Timing Issues
  • Client-Based Security
  • Mobile Device Security
  • Server-Based Security
  • Database Security
  • Large-Scale Parallel Systems Security
  • Distributed Systems Security
  • Cryptographic Systems Security
  • Industrial Control Systems Security
  • Web-Based System Security
  • Mobile Systems Security
  • Cyber-Physical Systems Security

Section D: Introduction to Cryptography

  • History of Cryptography
  • Goals of Cryptography
  • Cryptographic Lifecycle
  • Algorithm/Protocol Governance
  • Transposition Cipher
  • Substitution Cipher, One-Time Pad
  • Stream/Block Ciphers, One-Way Functions
  • Symmetric Algorithms
  • Asymmetric Algorithms
  • Elliptic Curve Cryptography

Section E: Cryptographic Practices and Algorithms

  • Steganography
  • Data Encryption Standard, DES Modes
  • Triple DES
  • Other Symmetric Cryptographic Algorithms
  • Asymmetric Cryptographic Algorithms

Session 2

Section A: Applied Cryptography

  • Public Key Infrastructure
  • Key Management Processes
  • Digital Signatures
  • Digital Rights Management
  • Non-Repudiation, Hashing
  • Hashing Algorithms
  • Methods of Attack

Section B: Facility Physical Security

  • Site and Facility Design
  • Physical Security, Threats, and Policy
  • Facility Requirements
  • Cable/Media Security Management

Section C: Physical Access Controls

  • Fences and Gates
  • Turnstiles and Mantraps, Lighting
  • Guards, Keys, Locks, Badges, Biometrics
  • Motion Detectors and CCTV
  • Restricted Areas and Visitor Control
  • Technical Controls
  • Power and HVAC Considerations
  • Water Leakage and Flooding
  • Fire Detection and Suppression
  • Natural Disasters