Certified Information Systems Security Professional (CISSP)

Duration 5 days

Price £1895.00 plus VAT

Course Description

Passing the CISSP examination is a challenge. Even the most experienced practitioner runs a high risk of failure if they do not do a significant amount of preparation for this examination. One reason is the sheer breadth and diversity of the content; many of the subtopics of the domains are studies in themselves. The CISSP examination costs $450.00 per attempt. This seminar has been developed to help you to reduce your risk of failure. We have gone to great lengths to ensure that all the material you need to know is covered in a meaningful way that is highly relevant to the practical issues faced by security managers today. In-class diagnostic tests are conducted during and after each section so that you can assess your performance and identify the areas you're weak on. During the seminar, through questions and interaction we will help you to judge when you are ready to sit the exam. We will also provide you with a list of on-line resources to help you strengthen and deepen your knowledge in each domain. After the seminar you can call on us to answer your questions and provide support until you pass the exam. You will also get access to our private CISSP support site which contains over seventy papers and presentations organised by domain so tthat you can deepen your knowledge after the course.

Course Objective: To provide delegates with an in-depth view of Information Security and to provie all the material needed to pass the CISSP certification.

Who should attend?

Experienced security professionals who want to expand their knowledge and gain an internationally recognized accreditation. Whilst anyone can attend our seminar, the CISSP accreditation is not available to anyone who does not meet the (ISC)2 entry requirements.

Prerequisites:
Experienced security professionals who want to expand their knowledge and gain an internationally recognized accreditation. Whilst anyone can attend our seminar, the CISSP accreditation is not available to anyone who does not meet the (ISC)2 entry requirements. We will be happy to advise you on your eligibility.

Delivery Method: Instructor-led, group-paced, classroom-delivery learning model with structured, hands-on activities.

Seminar content

The topics reflect the requirements of the ten domains of the Common Body Of Knowledge defined by (ISC)2.

Security Management Practices

  • Identification of information assets
  • Policies, standards, procedures
  • Confidentiality, integrity, and availability.
  • Data classification,
  • Risk management, risk assessment, and risk analysis;
  • Countermeasure evaluation
  • Security roles
  • Security awareness training
  • Personnel policy

Security Architecture & Models

  • Computer architectures
  • Security models
  • Trusted Computer Base
  • ITSEC
  • TCSEC
  • Common Criteria
  • OS security components
  • IETF IPSEC
  • Certification and Accreditation
  • Security issues associated with system architectures

Access Control Systems & Methodology

  • Access Control techniques
  • Access Control Administration
  • Access Control Models
  • Identification and Authentication Techniques
  • Single Sign-On (SSO)
  • Access Control Methodologies and Implementation
  • File and Data Ownership and Custodianship
  • Methods of Attack
  • Monitoring
  • Penetration Testing
 

Applications & Systems Development

  • Systems development management
  • Change Control
  • Certification
  • Accreditation
  • Security Control Architecture
  • Malicious Code
  • Virus writers Hackers, crackers, and phreaks
  • Virus protection, types of computer viruses

  • Mobile code security issues

Cryptography

  • Cryptographic basics
  • Comparison of cryptographic algorithms
  • Key management
  • Key Distribution Methods
  • Kerberos,
  • ISAKMP
  • Public Key Algorithms
  • Public Key Infrastructure (PKI)
  • Certificate Authorities
  • Smart cards and tokens
  • Methods of Attack

Telecommunications & Network Security

  • ISO/OSI Layers and Characteristics
  • Remote Access Dial-In User System/Terminal Access Control
  • RADIUS/TACACS
  • Internet/Intranet/Extranet
  • Secure communication protocols
  • Virtual Private Network (VPN)
  • Network Address Translation
  • E-mail security
  • Facsimile security
  • Secure Voice Communications
  • Security boundaries and how to translate security policy to controls
  • Network Attacks and Countermeasures

 

Operations Security

  • Administrative Management
  • Separation of Duties and Responsibilities
  • Backup of Critical information
  • Standards of Due Care/Due Diligence
  • Record retention
  • Control Types
  • Operations Controls
  • Resource Protection
  • Auditing
  • Reporting mechanisms
  • Monitoring tools and techniques
  • Failure recognition and response
  • Intrusion detection
  • Penetration testing techniques
  • Inappropriate activities
  • Internal threats and Countermeasures
  • Violations, Breaches, and Reporting

Physical Security

  • Physical site security controls
  • Electronic site access controls
  • Environment/Life Safety
  • Physical security threats and countermeasures
  • Fire (sensors, sprinklers, flooding systems, extinguishers)
  • Water (leakage and flooding)
  • Electrical (UPS and generators)
  • Environmental

Business Continuity & Disaster Recovery Planning

  • Business Continuity Planning
  • Cold/Warm/Hot/Mobile Sites
  • Recovery processes
  • Disaster Recovery Planning
  • Recovery Plan Development
  • Emergency Response
  • Reconstruction from Backups
  • Crisis Management
  • BCP/DRP Events

Law, Investigation & Ethics

  • Legal categories
  • Criminal Law
  • Civil Law
  • Administrative Law
  • Investigations
  • Rules of Evidence
  • Collection and preservation of evidence
  • Investigation Processes and Techniques
  • Major categories of computer crime
  • Incident Handling
  • Ethics
  • (ISC2) Code of Ethics