Certified Information Systems Security Professional (CISSP) Second Edition - E-Learning

Certified Information Systems Security Professional (CISSP)

CISSP Domain: Information Security and Risk Management

Overview/Description

To identify the security requirements associated with identifying and protecting organizational information assets, perform the analysis techniques used in risk management, and recognize the responsibilities associated with different roles in an organization; to prepare candidates for one of the ten knowledge domains assessed in (ISC)² CISSP certification exam

Target Audience

Mid-level and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers

Lesson Objectives

• recognize the goals of security management and change control.
• identify the change control mechanisms used to secure the operational environment.
• recognize the objectives and criteria associated with data classification, and distinguish between information classification roles.
• distinguish between policies, standards, baselines, and guidelines.
• recognize best practices and procedures for dealing with different aspects of employee relations.
• determine the appropriate security procedures for hiring a new employee in a given scenario.
• identify the principles of risk management, distinguish between planning types, and recognize what's involved in the analysis of different threats and vulnerabilities.
• calculate the potential loss expectancy and the cost of countermeasures used for risk reduction in a given scenario.
• calculate the loss expectancy associated with an information asset, perform a cost-benefit analysis, and determine how to handle the risk depending on the outcome of the countermeasure.
• identify the security-related responsibilities associated with different roles within an organization.

CISSP Domain: Security Architecture and Design

Overview/Description

To understand the principles of common computer architectures, distinguish between machine types and memory storage types, and recognize the logistics of common security models; to prepare candidates for one of the ten knowledge domains assessed in (ISC)2's CISSP certification exam

Lesson Objectives

• recognize the components of the basic information system architecture and their functionality, and differentiate between hardware, software, and firmware.
• differentiate between machine types and recognize the functions of network protocols and the resource manager.
• distinguish between types of storage device and how they are used.
• determine which system resources can be found at the different rings and how the rings control subject access to objects.
• differentiate between key security concepts, recognize the role of TCB, reference monitor, and security kernel in protecting the operating system, and recognize the two basic access control types.
• differentiate between the various criteria and standards used to evaluate security in a networking environment.
• specify the security level that should be assigned to various objects and determine how to implement the standards.
• recognize the logistics of various security models used to enforce rules and protection mechanisms.

CISSP Domain: Access Control

Overview/Description

To introduce access control concepts and methodologies and explain how they're implemented and administered in a centralized or decentralized environment; to prepare candidates for one of the ten knowledge domains assessed in (ISC)2's CISSP certification exam

Lesson Objectives

• identify the types of access control technologies used in a networking environment.
• identify knowledge-based and characteristics-based authentication technologies.
• recognize how single sign-on systems (SSOs), one-time passwords (OTPs), and smart cards are used for authentication.
• determine the appropriate type of authentication to implement in a given enterprise scenario.
• •recognize ways of securing passwords and identify different types of attack against passwords and password files.
• select the appropriate access control model for a scenario.
• determine the most appropriate access control model to implement in a given scenario.
• •recognize how different types of access control technique control access to resources, and distinguish between centralized and decentralized access control administration mechanisms.
• identify information detection system (IDS) mechanisms and implementation methods, and recognize various intrusion detection and prevention techniques.

CISSP Domain: Application Security

Overview/Description  

To understand different threats to the enterprise environment and recognize different ways of increasing the security of application development; to prepare candidates for one of the ten knowledge domains assessed in (ISC)2's CISSP certification exam

Lesson Objectives

• distinguish between open and closed source code and recognize the functionality of different program types.
• distinguish between the types of attacks used in the enterprise environment and identify the appropriate methods to counteract them.
• recognize the different types of malicious code that can affect a system or network and identify the methods that can be used to mitigate them.
• identify the type of attack being perpetrated in a given scenario and determine the appropriate steps to counteract it.
• •recognize the characteristics of various knowledge-based systems and identify the activities involved in the different phases of the information systems development life cycle.
• •distinguish between various database models and technologies, and define basic concepts associated with databases and data warehousing.
• select the appropriate database model for a given set of criteria.

CISSP Domain: Operations Security

Overview/Description  

To understand the different mechanisms used to identify different types of attack and their effects, and protect system resources, e-mail and Internet communication to ensure operations security; to prepare candidates for one of the ten knowledge domains assessed in (ISC)2's CISSP certification exam

Lesson Objectives

• recognize the activities involved in securing the operations of an enterprise and identify the technologies used to maintain network and resource availability.
• identify the effects of various hardware and software violations on the system, and recognize how different types of operational and life-cycle assurance are used to secure operations.
• determine the effects of different attacks on the network and identify the consequences of those effects.
• recognize how different auditing and monitoring techniques are used to identify and protect against system and network attacks.
• recognize the need for resource protection, distinguish between e-mail protocols, and identify different types of e-mail vulnerability.
• identify basic mechanisms and security issues associated with the Web, and recognize different technologies for transferring and sharing files over the Internet.
• •recognize key reconnaissance attack methods and identify different types of administrative management and media storage control.
• identify the appropriate security measures and controls for creating a more secure workspace in any given scenarios.

CISSP Domain: Cryptography

Overview/Description

To recognize how different cryptographic technologies are used to provide confidentiality, integrity, and authentication for data being transferred across un-trusted networks; to prepare candidates for one of the ten knowledge domains assessed in (ISC)2's CISSP certification exam

Lesson Objectives

• define key cryptographic terms and distinguish between types of symmetric key algorithms.
• distinguish between types of asymmetric algorithms.
• determine the appropriate cryptography implementation for a given scenario.
• distinguish between types of cipher and identify different categories of cryptanalytic attack.
• distinguish between the various algorithms used for message authentication.
• •determine the appropriate hashing algorithm to use in a given scenario.
• •recognize how certificate authorities (CAs), digital signatures, and the Public Key Infrastructure (PKI) are used to provide confidentiality, integrity, and authentication.

CISSP Domain: Physical (Environmental) Security

Overview/Description

To understand the considerations and mechanisms involved in implementing the physical security of an enterprise; to prepare candidates for one of the ten knowledge domains assessed in (ISC)2's CISSP certification exam

Lesson Objectives

• recognize basic threats to an organization's physical security and identify the security mechanisms used in securing an enterprise environment.
• identify the security mechanisms and strategies used to protect the perimeter of a facility.
• identify the appropriate physical security mechanisms to implement in a given scenario.
• identify the appropriate mechanisms and controls for securing the inside of a building or facility.
• select the most appropriate intrusion detection technology for a scenario.
• determine the appropriate intrusion detection system to implement, given a specific scenario.
• select the appropriate strategy for securing compartmentalized areas in a given scenario

CISSP Domain: Telecommunications and Network Security

Overview/Description

To understand the structures, transmission methods, transport formats, and security technologies used in providing telecommunications and network security; to prepare candidates for one of the ten knowledge domains assessed in (ISC)2's CISSP certification exam

Lesson Objectives

• identify security issues associated with e-mail, facsimile, and PBX systems, and recognize how the LPC algorithm is used to secure voice communications.
• identify the characteristics and functionality of the different technologies used to protect an organization at the network edge.
• identify the characteristics of TCP and IP, and recognize the functionality of the OSI reference model.
• distinguish between the layers of the OSI reference model and their associated functionality and technologies.
• distinguish between types of data topology and physical media, and recognize the functionality of different LAN technologies.
• recognize the network topologies, media access methods, data transmission types, and devices used by LANs and WANs.
• identify the characteristics of the switching, remote access, and authentication methods used by LANs and WANs, and recognize the functionality of Ethernet and Token Ring technologies.
• recognize the characteristics of the various network communications mechanisms and technologies used in an enterprise environment, and identify the protocols used by VPNs.
• recognize the characteristics and functionality of the protocols used to secure data in transit in an enterprise environment.
• recognize how different transport layer mechanisms secure network data.
• recognize how different technologies are used to protect data at the Application layer.
• determine the most appropriate methods and mechanisms for securing information at the Application layer, given a scenario.

CISSP Domain: Business Continuity and Disaster Recovery Planning

Overview/Description

To recognize how to plan for business continuity and disaster recovery in the event of unforeseen and critical loss; to prepare candidates for one of the ten knowledge domains assessed in (ISC)2's CISSP certification exam

Lesson Objectives

• recognize the phases involved in creating a business continuity plan (BCP).
• recognize what's involved in the project initiation and management phase of the business continuity planning process.
• identify the steps for conducting a business impact analysis (BIA) in a given scenario.
• determine the appropriate strategy for performing a business impact analysis (BIA) in a given scenario.
• identify the appropriate strategies for recovering critical business systems and resources, and maintaining business continuity in the event of a disaster.
• identify the factors that need to be reviewed and documented in a business continuity plan, given a scenario.
• identify the objectives and functions associated with testing and maintaining a business continuity plan.
• determine the appropriate strategy for designing a business continuity plan (BCP) in a given scenario.

CISSP Domain: Legal, Regulations, Compliance and Investigations

Overview/Description

To identify the types and characteristics of computer crime, distinguish between the laws relating to information technology, and recognize the investigative and ethical considerations involved in dealing with computer crime; to prepare candidates for one of the ten knowledge domains assessed in (ISC)2's CISSP certification exam

Lesson Objectives

• distinguish between the major categories of computer crime and recognize examples of them.
• recognize the characteristics of various computer-related crimes and identify the type of intellectual property law that applies in a given scenario.
• determine the type of intellectual property that should be put in place in a given scenario.
• recognize the characteristics of various law systems and categories of law, and identify laws related to information security and privacy.
• distinguish between the laws that have been created to deal with different types of computer crime.
• recognize the definition of the principles of due care and due diligence, and identify the phases and types of evidence involved in computer crime.
• determine the appropriate process for controlling evidence when investigating a computer-related crime in a given scenario.
• recognize the investigative and ethical considerations involved in dealing with computer crime.