Certified Information Systems Security Professional Course Outline

Tel: +44 (0) 845 1305486

Certified Information Systems Security Professional Course Outline

Security Management Practices

Identification of information assets
Policies, standards, procedures
Confidentiality, integrity, and availability.
Data classification,
Risk management, risk assessment, and risk analysis;
Countermeasure evaluation
Security roles
Security awareness training
Personnel policy

Security Architecture & Models

Computer architectures
Security models
Trusted Computer Base
ITSEC
TCSEC
Common Criteria
OS security components
IETF IPSEC
Certification and Accreditation
Security issues associated with system architectures

Access Control Systems & Methodology

Access Control techniques
Access Control Administration
Access Control Models
Identification and Authentication Techniques
Single Sign-On (SSO)
Access Control Methodologies and Implementation
File and Data Ownership and Custodianship
Methods of Attack
Monitoring
Penetration Testing

Applications & Systems Development

Systems development management
Change Control
Certification
Accreditation
Security Control Architecture
Malicious Code
Virus writers Hackers, crackers, and phreaks
Virus protection, types of computer viruses
Mobile code security issues

Cryptography

Cryptographic basics
Comparison of cryptographic algorithms
Key management
Key Distribution Methods
Kerberos,
ISAKMP
Public Key Algorithms
Public Key Infrastructure (PKI)
Certificate Authorities
Smart cards and tokens
Methods of Attack

Telecommunications & Network Security

ISO/OSI Layers and Characteristics
Remote Access Dial-In User System/Terminal Access Control
RADIUS/TACACS
Internet/Intranet/Extranet
Secure communication protocols
Virtual Private Network (VPN)
Network Address Translation
E-mail security
Facsimile security
Secure Voice Communications
Security boundaries and how to translate security policy to controls
Network Attacks and Countermeasures

Operations Security

Administrative Management
Separation of Duties and Responsibilities
Backup of Critical information
Standards of Due Care/Due Diligence
Record retention
Control Types
Operations Controls
Resource Protection
Auditing
Reporting mechanisms
Monitoring tools and techniques
Failure recognition and response
Intrusion detection
Penetration testing techniques
Inappropriate activities
Internal threats and Countermeasures
Violations, Breaches, and Reporting

Physical Security

Physical site security controls
Electronic site access controls
Environment/Life Safety
Physical security threats and countermeasures
Fire (sensors, sprinklers, flooding systems, extinguishers)
Water (leakage and flooding)
Electrical (UPS and generators)
Environmental

Business Continuity & Disaster Recovery Planning

Business Continuity Planning
Cold/Warm/Hot/Mobile Sites
Recovery processes
Disaster Recovery Planning
Recovery Plan Development
Emergency Response
Reconstruction from Backups
Crisis Management
BCP/DRP Events

Law, Investigation & Ethics

Legal categories
Criminal Law
Civil Law
Administrative Law
Investigations
Rules of Evidence
Collection and preservation of evidence
Investigation Processes and Techniques
Major categories of computer crime
Incident Handling
Ethics
(ISC2) Code of Ethics

About us | Course Locations | Registration
CISSP | Security Expert Bootcamp | Top Two - CISSP & CEH | Certified Web Applications Security Tester | Computer Hacking Forensics Investigator | Certified Ethical Hacker
Enterprise Security | Writing ISO & BS Security policies | Security Awareness | SIRO/IAS Course | DSO/ITSO Course

© IT Security Training Ltd 2002. All rights reserved.