
(ISC)2 Certified Information Systems Security Professional (CISSP) 2015
£595.00
The new eight domains are:
Security and Risk Management
Asset Security
Security Engineering
Communications and Network Security
Identity and Access Management
Security Assessment and Testing
Security Operations
Software Development Security
The CISSP Certification is administered by the International Information Systems Security Certification Consortium or (ISC)². (ISC)² promotes the CISSP exam as an aid to evaluating personnel performing information security functions. Candidates for this exam are typically network security professionals and system administrators with at least four years of direct work experience in two or more of the ten test domains. As the first ANSI ISO accredited credential in the field of information security, the Certified Information Systems Security Professional (CISSP) certification provides information security professionals with not only an objective measure of competence, but a globally recognized standard of achievement.
Syllabus:
Module 1 – The CISSP Exam
Course Introduction
CISSP Certification Goals
Security Professional Certification Value
Exam Common Body of Knowledge
Becoming a CISSP
Module 2 – Cryptography
Cryptography Concepts
History of Cryptography
Cryptosystem Features
Encryption Systems
Substitution Ciphers
Symmetric Algorithms
Asymmetric Algorithms
Message Integrity
Digital Signatures
Public Key Infrastructure
Trusted Platform Module
Encryption Communication Levels
E-Mail Security
Internet Security
Cryptography Attacks
Module 3 – Physical (Environmental) Security
Threat Mitigation Techniques
Geographical-Man Made and Political Threats
Site and Facility Design
Perimeter Security
Building and Internal Security
Secure Data Centers and Fire Detection Systems
Types of Power Issues
HVAC Guidelines
Equipment Security and Personal Security
Module 4 – Security Architecture and Design
Security Model Concepts
System Architecture
Computing Platforms
Virtual Computing and Security Services
System Components
Memory Concepts
Enforcing Process Security and Multitasking
System Security Architecture
Security Models and Modes
System Evaluation and Assurance Levels
Certification and Accreditation
Security Architecture Threats
Database Security and Distributed Systems Security
Module 5 – Access Control
Access Control Concepts
Identification and Authentication
Password Types and Management
Ownership-Character-Physiological-Behavioral Factors
Biometric Considerations
Authorization Concepts
User Accountability
Vulnerability Assessment
Penetration Testing and Threat Modeling
Access Control Categories-Types-Models and Administration
Provisioning Life Cycle and Access Control Monitoring
Access Control Threats
Module 6 – Software Development Security
System Development Life Cycle
Software Testing and Validation
Software Development Security Best Practices
Software Development Methods
Programming Languages
Database Architecture and Models
Database Interface Languages
Data Warehouse-Mining and Threats
Database and Application Access Control
Monitoring for Problems
Software Threats and Security
Module 7 – Information Security Governance and Risk Management
Principles and Terms
Security Frameworks and Methodologies
Risk Assessment
Asset Values-Vulnerabilities and Threats
Quantitative Risk Analysis
Safeguard Selection
Risk Management
Security Governance Components
Security Policies
Classification Life Cycle
Responsibilities and Roles
Personnel Security
Security Awareness Training
Module 8 – Telecommunications and Network Security
OSI and TCIP Models
IP Addressing
Transmission Methods
Types of Cabling
Network Topologies
Network Protocols and Services
Network Routing and Devices
Network Connection Types
Network Authentication
Wireless Technologies
WLAN Security Methods
Network Threats and Cabling Behaviors
Module 9 – Operation Security
Operation Security Concepts
Protecting Tangible and Intangible Assets
Asset and Media Management
Storage Options
Network and Resource Management
Incident Response and Change Management
Patch Management-Audit and Review
Threats and Preventative Measures
Trusted Paths-Trusted Recovery and System Hardening
Monitoring and Reporting
Module 10 – Business Continuity and Disaster Recovery
Business Continuity and Disaster Recovery Concepts
BIA Development
Business Continuity Planning
Preventive Controls
Recovery Strategies
Data Backup Types
Data Recovery Terms
Critical Teams and Duties
BCP Testing
Module 11 – Legal, Regulations and Investigations and Compliance
Digital Crime
Computer Crime Concepts
Major Legal Systems
Intellectual Property Law
Privacy
Liability
Incident Response
Forensic and Digital Investigations
Evidence
Security Professional Ethics
Course Access Period: 12 months
Course Delivery: online