Certified Information Systems Security Professional / Officer

As the first credential accredited by ANSI to ISO Standard 17024:2003 in the field of information security, the Certified Information Systems Security Professional (CISSP®) certification provides information security professionals with not only an objective measure of competence but a globally recognized standard of achievement. The CISSP credential demonstrates competence in the 10 domains of the (ISC)² CISSP® CBK®.

The CISSP credential is ideal for mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers.

Course Outline

Lesson 1: Security Management Practices
• Security management concepts
• Policies, standards, guidelines, and procedures
• Security awareness concepts
• Risk management practices
• Basic information on classification levels

Lesson 2: Access Control Systems
• Access controls are a collection of administrative, physical, and technical mechanisms that work together within a security architecture to protect the assets of an information system. Coverage of the threats, vulnerabilities, and risks associated with an information system’s infrastructure, and the available preventive and detective measures to counter them.

Lesson 3: Telecommunications, Network and  Internet Security
• Network Structures
• Transmission methods
• Transport formats
• Security measures providing availability, integrity, and confidentiality
• Authentication for transmissions over public and private communications networks

Lesson 4: Cryptography
• Definitions
• History
• Cryptology Fundamentals
• Symmetric Key Cryptosystem Fundamentals
• Asymmetric Key Cryptosystem Fundamentals
• Key Distribution and Management Issues
• Public Key Infrastructure Definitions and Concepts

Lesson 5: Security Architecture and Models
• Computer organization
• Hardware components
• Software/firmware components
• Open systems
• Distributed systems
• Protection mechanisms
• Evaluation criteria
• Certification and accreditation
• Formal security models
• Confidentiality models
• Integrity models
• Information flow models

Lesson 6: Operations Security
• Identifies the controls over hardware and media, and the operators and administrators with access privileges to any of these resources. Auditing and monitoring provide the mechanisms, tools, and facilities that permit the identification of security events. Subsequent actions identify key elements and report pertinent information to the appropriate individual, group, or process.

Lesson 7:  Applications and Systems Development Security
• The software development life cycle
• Object-oriented systems
• Artificial intelligence systems
• Database security issues
• Data warehousing
• Data mining
• Application controls

Lesson 8: Business Continuity Planning and Disaster Recovery Planning
• Project scope and planning, business impact analysis
• Recovery strategies
• Recovery plan development
• Implementation
• Recovery plan development, implementation and restoration

Lesson 9: Law, Investigations & Ethics
• Computer crime laws and regulations
• The measures and technologies used to investigate computer crime incidents
• Laws applying to computer crimes
• How to determine if a crime has occurred
• Preserving evidence
• The basic of conducting an investigation
• Liabilities under the law

Lesson 10: Physical Security
• Elements involved in choosing a secure site, its design and configuration
• Methods for securing a facility against unauthorized access
• Methods for securing the equipment against theft of the equipment or its contained information
• Environmental and safety measures needed to protect personnel, the facility and its resources

View upcoming Class Schedule & Signup for a Class!