CISSP

Course Description

The official (ISC)2 CISSP® is a full CBK® review session that covers all ten (10) domains. This course is best positioned for IT security professionals already knowledgeable in IT security concepts and techniques who need to brush up and obtain a high-level review of all ten (10) domains of the CBK® to prepare them for the CISSP Exam. The course materials used are the official ISC2 books provided through Tactical Security Inc in partnership with Forsythe.

Certification: Certified Information Systems Security Professional (CISSP)

Who Should Take This Course?

Course Fee: $2,495

Course Prerequisites

Course Length and Hours: Mon-Fri, 9 a.m. – 5 p.m.

Key Topics

• Security Management Practices: Manages the identification of a company's information assets, and the development, documentation and implementation of security policies.
• Access Control Systems & Methodology: Requires that the candidate understand the concepts, systems and methodologies involved in granting and restricting access to resources.
• Applications & Systems Development: Requires that the candidate understand the security controls found in systems and application software, such as the affects of malicious code on distributed application environments and the security controls involved in data warehousing.
• Business Continuity & Disaster Recovery Planning: Involves the preparation, planning and updating of specific actions to protect mission critical services and data.
• Cryptography: This domain addresses the concepts, means, and methods of encrypting data to ensure authenticity, integrity, and confidentiality.
• Law, Investigation & Ethics: Pertains to computer crime laws, methods for gathering evidence, and related ethical issues.
• Operations Security (Computer): Identifies the controls over hardware, media, and the operators of these resources, and issues related to auditing and monitoring.
• Physical Security: Involves the threats, vulnerabilities, and countermeasures utilized to physically protect enterprises' resources.
• Security Architecture & Models: This domain engages in the design, concepts, standards, and implementation security measures that ensure the availability, integrity, and confidentiality of operating systems, applications, and equipment.
• Telecommunications & Network Security: This domain involves designing and planning voice and data infrastructure and communications with a security strategy that includes preventative, detective, and corrective measures.

   

   

Course Outline

Day 1

Introduction

Overview of Forsythe

• Administrative
• Introduction to CISSP Review Seminar

Information Security Management

• Identify roles of individuals in identifying and securing information assets
• Define policies, standards, guidelines and procedures in security administration
• Define the importance of security awareness
• Describe the importance of risk management practices and tools
• Define the roles of users in support of security processes

Access Control

• Describe the access control concepts and methodologies
• Identify access control security tools and technologies
• Describe the auditing mechanisms

Day 2

Cryptography

• Define the basic concepts within cryptography
• Describe public (asymmetric) and secret/shared (symmetric) key algorithms
• Identify algorithm types, key distribution, management, and methods of attack
• Define the applications, construction, and use of digital signatures

Physical Security

Describe the threats, vulnerabilities, and countermeasures related to physical security

Identify the risk to facilities, data, media, equipment, support systems, and supplies as they relate to physical security.

Day 3

Enterprise Sec Architecture

• Identify the security issues and controls that can be associated with architectures and designs
• Describe the principles of common computer and network organization, enterprise architectures, and designs
• Define and understand security models

Application Security

• The principles for securing applications throughout the lifecycle management process
• Change control
• Data warehousing, data mining, & knowledge-based systems
• Program interfaces
• Concepts used to ensure application availability, integrity, and confidentiality.

Day 4

Telecommunication, Network and Internet Security

• Describe the telecommunications and network security elements
• Define the concepts associated with the Internet, intranet, and extranet communications
• Identify the communications security management and techniques that prevent, detect, and correct errors

Law

• Crime laws and regulations that affect organizations and personnel
• Laws and legal issues that is applicable to computer crime

Investigations

• Investigative measures and techniques to determine a crime has been committed
• Investigation of crime incidents, collection of evidence, and contacting of law enforcement
• Forensic methods that are used to gather and preserve evidence and investigate computer crimes

Ethics

• Ethics as applied to society, employees, and (ISC) 2 members
• Ethical issues and the code of conduct applicable for the security professional.

Day 5

Business Continuity

Specific actions required to preserve critical business operations

• Active and passive information security controls that Identify security events (historical and real-time)
• Identify security events (historical and real-time)
• Capture event actions
• Identify key elements
• Alert appropriate authorities
• Facilitate the deployment of corrective and recovery actions

* Note: Order of domain presentations may change at the instructor’s discretion