CISSP - Domain 1

Information Security and Risk Management

• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test

CISSP - Domain 2

Access Control

• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test

CISSP - Domain 3

Cryptography

• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test

CISSP - Domain 4

Physical (Environmental) Security

• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test

CISSP - Domain 5

Security Architecture and Design

• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test

CISSP - Domain 6

Business Continuity and Disaster Recovery Planning

• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test

CISSP - Domain 7

Telecommunications and Network Security

• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test

CISSP - Domain 8

Application Security

• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test

CISSP - Domain 9

Operations Security

• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test

CISSP - Domain 10

Legal, Regulations, Compliance, and Investigations

• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test

CISSP MODULE 1: Information Security and Risk Management

Overview For CISSP or C²ISSM Course

CISSP or C²ISSM Course - Security management entails the identification of an organizations information assets and the development, documentation, and implementation of policies, standards, procedures and guidelines that ensure confidentiality, integrity, and availability. Management tools such as data classification, risk assessment, and risk analysis are used to identify the threats, classify assets, and to rate their vulnerabilities so that effective security controls can be implemented. Risk management is the identification, measurement, control, and minimization of loss associated with uncertain events or risks. It includes overall security review, risk analysis;selection and evaluation of safeguards, cost benefit analysis, management decision, safeguard implementation and effectiveness review.

From the ISC2

The candidate will be expected to understand the planning, organization, and roles of individuals in identifying and securing an organizations information assets; the development and use of policies stating managements views and position on particular topics and the use of guidelines, standards, and procedures to support the policies; security awareness training to make employees aware of the importance of information security, its significance, and the specific security-related requirements relative to their position; the importance of confidentiality, proprietary and private information; employment agreements; employee hiring and termination practices; and risk management practices and tools to identify, rate, and reduce the risk to specific resources.

Case Studies for CISSP or C²ISSMcourse

Implementing a Successful Security Assessment Process

CISSP MODULE 2:Access Control

Overview For CISSP or C²ISSM Course

CISSP or C²ISSM Course - Access Control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It permits management to specify what users can do, which resources they can access, and what operations they can perform on a system. The candidate should fully understand access control concepts, methodologies and implementation within centralized and decentralized environments across the enterprises computer systems. Access control techniques, detective and corrective measures should be studied to understand the potential risks, vulnerabilities, and exposures.

Case Studies

Identity Authentication Management (IAM)

Cisco Systems Network Admission Control (NAC) Presentation

CISSP MODULE 3:Cryptography

Overview For CISSP or C²ISSM Course

CISSP or C²ISSM Course - Cryptography domain addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity. The candidate will be expected to know basic concepts within cryptography; public and private key algorithms in terms of their applications and uses; algorithm construction, key distribution and management, and methods of attack; and the applications, construction and use of digital signatures to provide authenticity of electronic transactions, and non-repudiation of the parties involved.

Case Studies for CISSP or C²ISSM course

AXA Technology Services Reduces Data Security Costs with Public Key Infrastructure

CISSP MODULE 4:Physical (Environmental) Security

Overview For CISSP or C²ISSM Course

CISSP or C²ISSM Course - Physical Security domain addresses the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprises resources and sensitive information. These resources include people, the facility in which they work, and the data, equipment, support systems, media, and supplies they utilize.

From the ISC2

The candidate will be expected to know the elements involved in choosing a secure site, its design and configuration, and the methods for securing the facility against unauthorized access, theft of equipment and information, and the environmental and safety measures needed to protect people, the facility, and its resources.

Case Studies

Data Center Physical Security Checklist

CISSP MODULE 5:Security Architecture and Design

Overview For CISSP or C²ISSM Course

CISSP or C²ISSM Course - Security Architecture and Models domain contains the concepts, principles, structures, and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability. The candidate should understand security models in terms of confidentiality, integrity, information flow, commercial vs. government requirements; system models in terms of the Common Criteria, international (ITSEC), United States Department of Defense (TCSEC), and Internet (IETF IPSEC); technical platforms in terms of hardware, firmware, and software; and system security techniques in terms of preventative, detective, and corrective controls.

Case Studies

Villagemall.com

CISSP MODULE 6:Business Continuity & Disaster Recovery Planning

Overview For CISSP or C²ISSM Course

CISSP or C²ISSM Course - Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) domain addresses the preservation of the business in the face of major disruptions to normal business operations. BCP and DRP involve the preparation, testing and updating of specific actions to protect critical business processes from the effect of major system and network failures. Business Continuity Plans counteract interruptions to business activities and should be available to protect critical business processes from the effects of major failures or disasters. It deals with the natural and man-made events and the consequences if not dealt with promptly and effectively. Business Impact Assessment determines the proportion of impact an individual business unit would sustain subsequent to a significant interruption of computing or telecommunication services. These impacts may be financial, in terms of monetary loss, or operational, in terms of inability to deliver.

Disaster Recovery Plans contain procedures for emergency response, extended backup operation and postdisaster recovery should a computer installation experience a partial or total loss of computer resources and physical facilities. The primary objective of the Disaster Recovery Plan is to provide the capability to process mission-essential applications, in a degraded mode, and return to normal mode of operation within a reasonable amount of time.

From the ISC2

The candidate will be expected to know the difference between business continuity planning and disaster recovery; business continuity planning in terms of project scope and planning, business impact analysis, recovery strategies, recovery plan development, and implementation. The candidate should understand disaster recovery in terms of recovery plan development, implementation and restoration.

CISSP MODULE 7:Telecommunication & Network Security

Overview For CISSP or C²ISSM Course

CISSP or C²ISSM Course - Telecommunications and Network Security domain encompasses the structures, transmission methods, transport formats, and security measures used to provide integrity, availability, authentication, and confidentiality for transmissions over private and public communications networks and media. The candidate is expected to demonstrate an understanding of communications and network security as it relates to voice communications; data communications in terms of local area, wide area, and remote access; Internet/Intranet/Extranet in terms of Firewalls, Routers, and TCP/IP; and communications security management and techniques in terms of preventive, detective and corrective measures.

Case Studies

The Case of Brazil

CISSP MODULE 8:Application Security

Overview For CISSP or C²ISSM Course

CISSP or C²ISSM Course - Applications and systems development security refers to the controls that are included within systems and applications software and the steps used in their development. Applications refer to agents, applets, software, databases, data warehouses, and knowledge-based systems. These applications may be used in distributed or centralized environments.

From the ISC2

The candidate should fully understand the security and controls of the systems development process, system life cycle, application controls, change controls, data warehousing, data mining, knowledge-based systems, program interfaces, and concepts used to ensure data and application integrity, security, and availability.

CISSP MODULE 9:Operations Security

Overview For CISSP or C²ISSM Course

CISSP or C²ISSM Course - Operations Security is used to identify the controls over hardware, media, and the operators with access privileges to any of these resources. Audit and monitoring is the mechanisms, tools and facilities that permit the identification of security events and subsequent actions to identify the key elements and report the pertinent information to the appropriate individual, group, or process. Operations Security covers the knowledge of what resources must be protected, what privileges should be restricted, the control mechanisms available, the potential for abuse of access, the appropriate controls, and the principles of good practice.

Case Studies

QualysGuard Free Trial and Guides

QualysGuard Demos

Penetration Test Automation

Social Engineering Workshop Introduction:

Discuss social engineering and its impact on operational security. Discuss what the workshop will entail.

CISSP MODULE 10:Legal, Regulations, Compliance and Investigation

Overview For CISSP or C²ISSM Course

CISSP or C²ISSM Course - The Law, Investigations, and Ethics domain addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed, methods to gather evidence if it has, as well as the ethical issues and code of conduct for the security professional.

From the ISC2

The candidate will be expected to know the methods for determining whether a computer crime has been committed; the laws that would be applicable for the crime; laws prohibiting specific types of computer crime; methods to gather and preserve evidence of a computer crime, investigative methods and techniques; and ways in which RFC 1087 and the (ISC) 2 Code of Ethics can be applied to resolve ethical dilemmas.

Case Studies For CISSP or C²ISSM Course

International review of criminal policy - United Nations Manual on the prevention and control of computer-related crime

Final Review Test For CISSP or C²ISSM Course:

Students will take a 50 question final review test, covering all the CBK,

Review Test Scoring and Q & A:

Grade tests out loud for self-check assessment. Field questions and clarification for areas not understood by students. Suggest areas of further study for those that need it.

Closure and Instructor Review: Hand out an Instructor Evaluation form for the students to fill out, say thanks, and wish them luck.