Building Blocks Technologies

Training Services
Course Develsopment Services
Training Instruction Services Consulting Services

Services

Technology Training: Security: Revised 5-Day CISSP Exam Preparation Boot Camp

Course Objectives:

Upon completion of this course the student will be able to:

  • Understand information security and risk management concepts and practices and their relationship to the needs of the business
  • Differentiate between the tools available for the protection of information
  • Explain the mechanisms required to provide assurance of information security controls
  • Understand the threats and vulnerabilities to information technology

Course Type:

This is an exam preparation course taught in class with an instructor via lecture, discussion, and practice quizzes.

Prerequisite:

None

Duration:

5-days

Audience:

The CISSP certification is relevant for middle to senior level Managers, and network engineers, security planners and administrators in the security field, seeking a higher understanding regarding the theory and models of information security and the relationship to effective, practical security implementations.

Course Description:

This course reflects the most recent updates and changes to the CISSP exam and the Official (ISC2) Guide to the CISSP CBK (published Nov. 2006). The CISSP Exam Prep course provides students an understanding of the 10 domains of security represented by the ISC2 CISSP Common Body of Knowledge regarding Information, Infrastructure, and Physical security. These 10 domains represent a vendor neutral overview of the Information Technology spectrum related to security management practices. Through a series of lectures, discussions, and practice quizzes the student will gain knowledge of these concepts and possess an understanding of the areas of study required prior to taking the CISSP exam.
Course Outline

Telecommunications and Network Security

  • Physical & Logical topologies
  • The OSI Model, Layers, and Characteristics; TCP/IP architecture
  • Communications and Network Security; VPN's
  • Internet, Intranet and Extranets
  • Wireless and VoIP;
  • Network Attacks and Countermeasures

Access Control

  • Introduction to Access Controls
  • Access Control Techniques, Administration, and Security Models
  • Identification and Authentication Techniques; Single Sign-On
  • Access Control Methodologies
  • Methods of Attack
  • Monitoring Techniques

Operations Security

  • Administrative Management
  • Operational Standards & Compliance Concepts
  • Control Types and Operations
  • Resource Protection
  • Auditing and Audit Trails
  • Monitoring Tools and Techniques
  • Intrusion Detection
  • Penetration Testing
  • Inappropriate Activities
  • Threats and Countermeasures

Application Security

  • Distributed Environments
  • Databases and Data Warehousing
  • Data and Information Storage
  • Knowledge Based Systems
  • Malicious Code
  • System/Software Development Life Cycles and Controls
  • Change Control
  • Application Security
  • Methods of Attack

Business Continuity and Disaster Recovery Planning

  • Business Continuity Planning
  • Business Impact Analysis
  • Managing Risk and Planning for Crisis
  • BCP/DRP Planning & Events
  • Disaster Recovery

Physical (Environmental) Security

  • Facility Security Requirements
  • Technical Controls
  • Environment and Safety
  • Physical Security Threats

Security Architecture and Design

  • Architecture and Design Principles for Applications and Operating Systems
  • Security Models, Architecture and Evaluation Criteria e.g. TCSEC and Common Criteria
  • Trusted Computing Base, Reference Monitor, and Kernels
  • System Architecture Security Issues
    • Covert Channels, TOC/TOU, Emanations and Privileged Programs
  • Certification and Accreditation

Cryptography

  • Cryptography Defined
  • Cryptography History & Concepts
  • Symmetric and Asymmetric Cryptography
  • Protocols and Implementation
  • Public Key Infrastructure
  • Hashing Functions
  • Methods of Attack

Legal, Regulations, Compliance and Investigations

  • Legal Systems
  • Types of Law; Licensing
  • Computer Crime
  • Incident Handling, Investigations & Forensics
  • Handling Evidence
  • Ethics

Information Security and Risk Management

  • Security Concept's and Principles
  • Business Corporate, IT, and Security Governance
  • Protection Mechanisms
  • Change Control and Management
  • Data Classification
  • Employment Policies and Practises
  • Policies, Standards, Guidelines and Procedures
  • Roles and Responsibilities
  • Risk Management and Cost Benefit
  • Types of, and conducting, Risk Assessments
  • Threats and Vulnerabilities and Residual Risk