LearnKey Training

CISSP 2015 Series

CISSP 2015 Series

Back to Product Page


CISSP 2015 Series

0 Sessions -
25 Hours of Interactive Training

LearnKey's Certified Information Systems Security Professional (CISSP) series covers all 8 domains making up the CISSP Common Body of Knowledge (CBK). Join LearnKey expert Michael Solomon as he covers all of the necessary objectives required in the CISSP certification exam: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, and Software Development Security.

Benefits
  • Be up-to-date with training based on the most recent CISSP CBK
  • Interactive labs, and hundreds of pre/post test questions
  • View your online courseware anytime, anywhere

CISSP Asset Security 2015 Course
Session 1

Section A: Information and Asset Classification

  • Data Policy
  • Data Classification
  • Classification Criteria
  • Data Classification Categories

Section B: Asset Owners

  • Roles and Responsibilities
  • Data Attributes and Qualities

Section C: Privacy

  • Owner and Processor Privacy
  • Data Remanence
  • Data Collection Limitation
  • Appropriate Retention

Section D: Data Security Controls

  • Primary Locations of Data
  • Baselines
  • Scoping and Tailoring
  • Standards Selection
  • Cryptography
  • Data Handling

CISSP Communication and Network Security 2015 Course
Session 1

Section A: Local Network Architecture

  • OSI Reference Model
  • Message Migration
  • Application and Presentation Layers
  • Session, Transport, and Network Layers
  • Data-Link and Physical Layers
  • TCP/IP Model
  • Network Protocol Standards

Section B: IP Networking Overview

  • IP Networking
  • Multilayer Protocols
  • Converged Protocols

Section C: Software-Defined

  • Software-Defined Networks
  • Wireless Networks
  • Modulation
  • Wireless Security
  • Cryptography in Communications

Section D: Secure Network Components

  • Network Devices, Hubs
  • Switch
  • Bridge, Router, Gateway
  • Physical Media Characteristics
  • Coaxial and Fiber Optics

Section E: Firewall Architecture

  • Firewall
  • Firewall Types
  • Application Layer Gateway Filter
  • Stateful Inspection
  • Dynamic Filtering and Kernel Proxy
  • Packet Filtering Router, Screened-Host
  • Dual-Homed Host
  • Screened-Subnet (DMZ)
  • Endpoint Security
  • Content Distribution Networks

Section F: Secure Communication Channels

  • Secure Voice Communications
  • Multimedia Collaboration
  • Remote Access, Telecommuting
  • DSL
  • Cable, X.25, Frame Relay, and ATM

Section G: Remote Access Security

  • Virtual Private Network
  • VPN, IPsec, Connection Security
  • Remote Access, Node Authentication

Section H: LAN Topologies

  • Star, Bus, and Ring LAN Topologies
  • Tree, Mesh LAN Topologies

Section I: LAN Access Methods

  • Ethernet
  • ARCNET, Token Ring, FDDI
  • LAN Signaling Types, Remote Access
  • Virtualized Networks
  • Private VLAN and Virtual Network

Section J: Network Attacks

  • Understand Network Attacks
  • Common Attacks
  • DoS, DDoS
  • Flooding, Spoofing
  • Spamming, Eavesdropping, and Sniffers
  • Network Attack Mitigation

CISSP Identity and Access Management 2015 Course
Session 1

Section A: Physical and Logical Access to Assets

  • Access Control Basics
  • Least Privilege and Accountability
  • Physical Access Controls
  • Physical Access Control System
  • Administrative and Logical Controls

Section B: Identification and Authentication

  • Identity Control Implementation
  • Access Control Implementation
  • Single Sign-On
  • Kerberos
  • Identification vs. Authentication
  • Knowledge-Based Authentication
  • Tokens, Tickets, and One-Time Passwords
  • Characteristic-Based Authentication

Section C: Auditing

  • Accountability
  • Session Management
  • Registration and Proof of Identity
  • Federated Identity Management
  • Credential Management Systems

Section D: Identity as a Service

  • IDaaS Functions, Features, and Benefits
  • IDaaS Issues
  • Integrate Third-Party Identity Services

Section E: Authorization Mechanisms

  • Access Control Techniques
  • Security Labels
  • Mandatory Access Control
  • Rule-Based Access Control
  • Non-Discretionary Access Control
  • Access Control Lists

Section F: Attacks and Monitoring

  • Methods of Attack
  • Access Control Assurance
  • Monitoring
  • Intrusion Detection
  • Penetration Testing
  • Provisioning Lifecycle Factors
  • Access Review

CISSP Security and Risk Management 2015 Course
Session 1

Section A: CISSP

  • Why a CISSP?
  • CISSP Requirements
  • Types of Questions
  • Exam Tips
  • Required Domains

Section B: The Security Triangle

  • CIA - The Big Three
  • Confidentiality
  • Integrity
  • Availability

Section C: Information Security Governance

  • What is Information Security Governance?
  • Organizational Processes
  • ISO Responsibilities
  • Other Security Roles
  • Control Frameworks
  • Due Care and Due Diligence

Section D: Compliance

  • Legislative Compliance
  • Privacy Compliance

Section E: Legal and Regulatory Issues

  • Computer Crime
  • Financial and Terrorist Attacks
  • Grudge and Fun Attacks
  • Examples of Computer Crime
  • Intellectual Property Law
  • Import/Export Controls
  • Transborder Data Flow
  • Privacy
  • Incidents, Breaches, and Disclosures
  • Example Breaches
  • Computer Laws

Section F: Ethics

  • Ethics Topics
  • Common Computer Ethics Fallacies
  • Ethics Codes of Conduct
  • (ISC)² Code of Ethics
  • Ten Commandments of Computer Ethics
  • Internet Activities Board Statement

Section G: Security

  • Security Policy
  • Standards, Guidelines
  • Procedures

Section H: Business Continuity Requirements

  • BCP Project Scope and Planning
  • Business Organization Analysis
  • Planning Team Creation
  • Resource Requirements
  • Business Impact Analysis
  • Results of an Interruption
  • Resource Prioritization
  • Continuity Strategy
  • BCP Approval and Acceptance
  • DRP Project Scope and Planning
  • Possible Man-Made Disasters
  • Recovery Strategy
  • Training and Documentation

Section I: Personnel Security Policies

  • Employment Policies

CISSP Security and Risk Management 2015 Course
Session 2

Section A: Risk Management Concepts

  • Risk Management
  • Risk Management Terms
  • Frameworks and Methodologies
  • Tools and Techniques
  • Quantitative Risk Assessment
  • Quantitative Risk Calculations
  • Quantitative Risk Pros and Cons
  • Qualitative Risk Assessment

Section B: From Assessment to Response

  • Risk Management Options
  • Controls and Countermeasures
  • Countermeasure Implementation
  • Types of Controls
  • Administrative Access Controls
  • Logical Access Controls
  • Physical Access Controls
  • Monitoring
  • Monitoring Categories

Section C: Monitoring Tools

  • Monitoring Tools and Techniques
  • Assessment and Penetration Testing
  • Asset Valuation
  • Reporting
  • Continuous Improvement
  • Risk Management Frameworks

Section D: Threat Modeling

  • Threat Modeling Process
  • Common Attack Types
  • Defensive Measures
  • Threat Handling
  • Technologies to Remediate Threats

Section E: Acquisition

  • Acquisition Strategy and Practice
  • Acquisition Risk
  • Security Awareness Training

CISSP Security Assessment and Testing 2015 Course
Session 1

Section A: Assessment and Test Strategies

  • Reasons for Strategies
  • Software vs. Hardware
  • Development and Testing
  • Vulnerability Assessment
  • Log Reviews
  • Synthetic Transactions
  • Code Review and Testing
  • Negative Testing
  • Test Coverage Analysis
  • Interface Testing

Section B: Data, Outputs, and Audits

  • Collect Security Process Data
  • Collect Security Process Data Points
  • Analyze Test Output
  • Conduct or Facilitate Audits

CISSP Security Engineering 2015 Course
Session 1

Section A: Security Engineering

  • Security Design Principles
  • NIST Planning Phases and Principles
  • Other Resources
  • Security Model Types
  • Bell-LaPadula Model
  • Biba Model
  • Clark-Wilson Model, Brewer-Nash
  • Graham-Denning, Harrison-Ruzzo-Ullman

Section B: Security Evaluation Models

  • Evaluation Criteria
  • The Orange Book
  • Other Criteria
  • Operating States
  • Operating Modes
  • Storage Types
  • Protection Mechanisms
  • Least Privilege and Accountability
  • Additional Protection Mechanisms

Section C: System Architecture Vulnerabilities

  • Threats, Vulnerabilities, and Reports
  • Covert Channels
  • Initialization and Failure States
  • Programming Vulnerabilities
  • Timing Issues
  • Client-Based Security
  • Mobile Device Security
  • Server-Based Security
  • Database Security
  • Large-Scale Parallel Systems Security
  • Distributed Systems Security
  • Cryptographic Systems Security
  • Industrial Control Systems Security
  • Web-Based System Security
  • Mobile Systems Security
  • Cyber-Physical Systems Security

Section D: Introduction to Cryptography

  • History of Cryptography
  • Goals of Cryptography
  • Cryptographic Lifecycle
  • Algorithm/Protocol Governance
  • Transposition Cipher
  • Substitution Cipher, One-Time Pad
  • Stream/Block Ciphers, One-Way Functions
  • Symmetric Algorithms
  • Asymmetric Algorithms
  • Elliptic Curve Cryptography

Section E: Cryptographic Practices and Algorithms

  • Steganography
  • Data Encryption Standard, DES Modes
  • Triple DES
  • Other Symmetric Cryptographic Algorithms
  • Asymmetric Cryptographic Algorithms

CISSP Security Engineering 2015 Course
Session 2

Section A: Applied Cryptography

  • Public Key Infrastructure
  • Key Management Processes
  • Digital Signatures
  • Digital Rights Management
  • Non-Repudiation, Hashing
  • Hashing Algorithms
  • Methods of Attack

Section B: Facility Physical Security

  • Site and Facility Design
  • Physical Security, Threats, and Policy
  • Facility Requirements
  • Cable/Media Security Management

Section C: Physical Access Controls

  • Fences and Gates
  • Turnstiles and Mantraps, Lighting
  • Guards, Keys, Locks, Badges, Biometrics
  • Motion Detectors and CCTV
  • Restricted Areas and Visitor Control
  • Technical Controls
  • Power and HVAC Considerations
  • Water Leakage and Flooding
  • Fire Detection and Suppression
  • Natural Disasters

CISSP Security Operations 2015 Course
Session 1

Section A: Investigations

  • Incident Investigations
  • Evidence
  • Reporting and Documenting
  • Investigative Techniques
  • Digital Forensics
  • Evidence Types
  • Evidence Admissibility, Search/Seizure
  • Investigation Types

Section B: Logging and Monitoring

  • Monitoring Definition, Categories
  • Monitoring Tools and Techniques
  • Intrusion Detection and Prevention
  • SIEM
  • Continuous Monitoring
  • Egress Monitoring
  • Egress Monitoring Techniques

Section C: Secure Resource Provisioning

  • Configuration Management
  • Configuration Items
  • Need to Know/Least Privilege
  • Separation of Duties
  • Job Rotation
  • Information Lifecycle
  • Service Level Agreements

Section D: Resource Protection

  • Media Management
  • Software
  • Hardware and Data
  • Main Phases
  • Incident Detection, Response, Mitigation
  • Incident Reporting, Recovery
  • Remediation and Lessons Learned
  • Preventative Measures

CISSP Security Operations 2015 Course
Session 2

Section A: Vulnerability and Change Management

  • Patch Management Process
  • Change Management
  • Recovery Plan
  • Recovery Time Objective
  • Backup Storage Strategy
  • Containment, Recovery, and Alternatives
  • Hot Site, Dual Redundant Site
  • Mobile Site, Selection Criteria
  • Processing Agreements
  • Recovery Strategies

Section B: Disaster and Continuity Planning

  • Recovery Process
  • External Communications, Assessment
  • Test Disaster Recovery Plans
  • Plan Test Types
  • Continuity Strategy

Section C: Physical Security and Personnel Safety

  • Reasons for Physical Security
  • Fences and Gates
  • Turnstiles, Mantraps, Lights, and Guards
  • Keys, Locks, Badges, and Biometrics
  • Motion Detectors and CCTV
  • Restricted Areas and Visitor Control
  • Technical Controls
  • Personnel Safety

CISSP Software Development Security 2015 Course
Session 1

Section A: Software Development Security

  • Application Issues
  • Local Environment
  • Malicious Code
  • Distributed Environment
  • Applets, Object-Oriented Programming
  • Systems Development Controls
  • Systems Development Life Cycle
  • Certification, Accreditation
  • Project Management Methodologies

Section B: Database Concepts

  • Databases and Data Warehousing
  • Relational Database Concepts
  • Candidate, Primary, Foreign Key
  • Common Database Methods
  • Data Warehouses and Mining
  • Aggregation
  • Inference, Polyinstantiation
  • Maturity Models
  • Operation and Maintenance
  • Change Management
  • Integrated Product Team

Section C: Security in Development Environments

  • Data/Information Storage
  • Virtual Memory
  • Random Memory
  • Knowledge Systems, Security Controls
  • Separation of Privilege, Accountability
  • Layering, Abstraction, Data Hiding
  • Security Kernel, Reference Monitor
  • Modes of Operation

Section D: Malicious Software

  • Malicious Code
  • Viruses
  • Multipartite, Macro
  • Stealth, Polymorphic, Operating Systems
  • Worms, Trojan Horses
  • Logic Bomb, Trapdoor, Scanning
  • Methods of Attack
  • Denial of Service
  • Distributed Denial of Service
  • Buffer Overflows, Hidden Code
  • Time of Check/Use, Rootkits
  • Code Repositories
  • Application Programming Interfaces

Section E: Software Security

  • Audit and Assurance Mechanisms
  • Risk Analysis and Mitigation
  • Acceptance and Testing
  • Assess Software Acquisition Security