Course 919: CISSP Preparation

Course 919:
CISSP Preparation

(6 days: 4 + 2 format recommended)

Course Description

The CISSP Certification is based around experience and knowledge in the eight domains of security. Through Lecture, Examples, Workshops, and Quiz/Testing, the foundation knowledge of the eight domains will be explored and discussed to help prepare students to sit the CISSP examination.

Note: This course is designed for the new CISSP-Domains effective April 15, 2015, and the exams offered April 15, 2015, and later.

Who Should Attend

This course is designed for students preparing for the CISSP Exam.

Prerequisites

Five years of experience in two or more of the CISSP domains (this is a requirement of the CISSP certification).

Course Outline

Unit 1: CISSP Domain Overview

Exam Overview
Overview of CISSP Domains
- Security and Risk Management
- Asset Security
- Security Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security

Unit 2: Testing Techniques and Examples

What To Expect
Question Types
Strategies for Answering Questions
Elimination of Answers
To Answer or Not to Answer a Question
Exam Practice: Classroom Pre-Test

Unit 3: Cryptography Fundamentals

Encryption Concepts
Digital Signatures
Cryptanalytic Attacks
Public Key Infrastructure (PKI)
Information Hiding Alternatives
Practice Questions: Cryptography

Unit 4: Security and Risk Management

Security, Risk, Compliance, Law, Regulations, Business Continuity
Understand and Apply Concepts of Confidentiality, Integrity, and Availability
Apply Security Governance Principals
Compliance: Legislative, Regulatory, and Privacy
Understand Legal and Regulatory Issues that Pertain to Information Security in a Global Context
Understand Professional Ethics
Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines
Understand Business Continuity Requirements
Contribute to Personnel Security Policies
Understand and Apply Risk Management Concepts
Understand and Apply Threat Modeling
Establish and Manage Information Security Education, Training, and Awareness
Practice Questions: Security and Risk Management

Unit 5: Asset Security

Protecting Security of Assets
Classify Information and Supporting Assets
Determine and Maintain Ownership
Protect Privacy
Ensure Appropriate Retention
Determine Data Security Controls
Establish Handling Requirements
Practice Questions: Asset Security

Unit 6: Security Engineering

Engineering and Management of Security
Implement and Manage Engineering Processes Using Secure Design Principles
Understand the Fundamental Concepts of Security Models
Select Controls and Countermeasures Based upon Systems Security Evaluation Models
Understand Security Capabilities of Information Systems
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
Assess and Mitigate Vulnerabilities in Web-Based Systems
Assess and Mitigate Vulnerabilities in Mobile Systems
Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
Apply Cryptography
Apply Secure Principles to Site and Facility Design
Design and Implement Physical Security
Practice Questions: Asset Security

Unit 7: Communications and Network Security

Designing and Protecting Network Security
Apply Secure Design Principles to Network Architecture
Secure Network Components
Design and Establish Secure Communication Channels
Prevent or Mitigate Network Attacks
Practice Questions: Communications and Network Security

Unit 8: Identity and Access Management

Controlling Access and Managing Identity
Control Physical and Logical Access to Assets
Manage Identification and Authentication of People and Devices
Integrate Identity as a Service
Integrate Third-Party Identity Services
Implement and Manage Authorization Mechanisms
Prevent or Mitigate Access Control Attacks
Manage the Identity and Access Provisioning Life Cycle
Practice Questions: Identity and Access Management

Unit 9: Security Assessment and Testing

Designing, Performing, and Analyzing Security Testing
Design and Validate Assessment and Test Strategies
Conduct Security Control Testing
Collect Security Process Data
Management and Operational Controls
Analyze and Report Test Outputs
Conduct or Facilitate Internal and Third-Party Audits
Practice Questions: Security Assessment and Testing

Unit 10: Security Operations

Foundational Concepts, Investigations, Incident Management, Disaster
Understand and Support Investigations
Understand Requirements for Investigation Types
Conduct Logging and Monitoring Activities
Secure the Provisioning of Resources
Understand and Apply Foundational Security Operations Concepts
Employ Resource Protection Techniques
Conduct incident Management
Operate and Maintain Preventative Measures
Implement and Support Patch and Vulnerability Management
Participate in and Understand Change Management Processes
Implement Recovery Strategies
Implement Disaster Recovery Processes
Test Disaster Recovery Plans
Business Continuity Planning and Exercises
Implement and Manage Physical Security
Addressing Personnel Safety Concerns
Practice Questions: Security Operations

Unit 11: Software Development Security

Understanding, Applying, and Enforcing Software Security
Understand and Apply Security in the Software Development Life Cycle
Enforce Security Controls in Development Environments
Assess the Effectiveness of Software Security
Assess Security Impact of Acquired Software
Practice Questions: Software Development Security

Unit 12: Bringing Security Together

Bringing the CISSP Domains Together
- Security and Risk Management
- Asset Security
- Security Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security

Unit 13: End of Course Practice Testing and Summary

Exam Practice: Classroom Pre-Test

Please Contact Your ROI Representative to Discuss Course Tailoring!