Home
  Technology Courses
  Management Courses
  Certification
  MyHistory
 Course Schedule
  Free Catalog
  About Us
  What's New

  Contest
  Contact Us
Photo Galary
 
The (ISC)2 CISSP CBK Review Seminar
You Will Learn How To
  • Prepare for CISSP Certification based on the (ISC)2 CBK
  • Identify the access control mechanisms that create a security architecture and protect assets
  • Recognize the cryptography principles, means and methods of disguising information
  • Explore business continuity and disaster recovery planning for the preservation of business operations
  • Examine core elements of network security including network structures and transmission methods
  • Inspect the key security concepts for application software development

Course Benefits
This course provides a comprehensive overview of information security concepts and industry best practices and is the only review course endorsed by (ISC)2. In this course, you cover the ten CISSP domains as outlined in the (ISC)2 CBK and analyze the latest information-system security issues. You also develop an individual study plan to enhance your exam preparation skills.

Who Should Attend
Security professionals, government and military personnel seeking IAT-3, IAM-2 or IAM-3 certification to fulfill the DoD 8570.1 Directive, network security personnel and managers. Participants should be aware of the exam eligibility criteria established by (ISC)2.

Course Workshop
Throughout this course, you get an in-depth review of the ten CISSP domains as outlined by the (ISC)2 CBK. Workshops include:
  • Reviewing the ten domains of the CBK including application and network security and cryptography
  • Uncovering areas to further develop and expand your exam preparedness
  • Investigating the latest information-system security issues, concerns and countermeasures
  • Reinforcing key areas of the CBK through numerous review sessions

Course Content
Information Security and Risk Management
  • Introduction to (ISC)2 and the exam process
  • The AIC (availability, integrity, confidentiality) triad
  • Security awareness training and education
  • Risk mitigation, quantitative and qualitative risk assessment, countermeasure selection
  • Ethics: personal, corporate, professional
Access Control
Definitions
  • Need to know, least privilege, separation of duties
  • Information classification
Access control categories and types
  • Threats: external and internal, natural, man-made
  • Technologies: single sign on, Kerberos, temporal, biometrics
  • Assurance mechanisms: IDS, IPS, logs, audits
Cryptography
Key concepts
  • History: manual, mechanical, electronic, quantum systems
  • Encryption systems: stream cipher, block ciphers
  • Symmetric and asymmetric algorithms
Integrity controls
  • MD5
  • SHA-1
  • CBC-MAC
  • Digital signatures: DSS
  • Cryptographic systems: keys, recovery, PKI, trust models
  • Attacks: plaintext and ciphertext, slide, side channel
Physical Security
Definitions
  • Guards
  • Fences
  • Locks
Site location
  • The Layered Defense Model
  • Infrastructure support systems
  • Equipment protection: theft, damage
Security Architecture and Design
Components and principles
  • System security: zones, domains, ring-based protection
  • Hardware: CPU, memory, communications devices
  • Software: operating systems, utilities, applications
Security models and architecture theory
  • Bell LaPadula
  • Biba
  • Clark-Wilson
  • Integrity models
  • Security evaluation methods and criteria
Business Continuity Planning and Disaster Recovery Planning
Project scope development and planning
  • Business impact analysis
  • Emergency assessment: incident response, mitigation
Continuity and recovery strategy
  • Plan, design and development
  • Implementation: testing techniques, awareness
  • Restoration: rebuilding and return to normal
  • Plan management: updating
Telecommunications and Network Security
Central concepts
  • Analog vs. digital
  • Synchronous vs. asynchronous
  • Circuit vs. packet switched traffic
Networks:
  • LAN
  • WAN
  • DMZ
  • Internet
  • Remote access: RADIUS, TACACS+
  • Network components: switch, router, ATM, MPLS
  • Telephony: VoIP, PBX
Application Security
System life cycle security
  • SDLC phases
  • Application environment and security controls
Applications
  • Programming languages and tools: compilers, interpreters
  • Databases and data warehouses: data mining and DBMS
  • Applications systems threats and vulnerabilities: malware
  • Applications security controls: implementation testing
Operations Security
  • Resource protection: equipment, operations areas, personnel
  • Change control management
  • Physical security controls: controlled access
  • Privileged entity control: administrators, operators
Legal, Regulations, Compliance and Investigation
  • Major legal systems: intellectual property, computer crime
  • Legal concepts: due care versus due diligence
  • Regulatory issues: privacy, financial compliance
  • Investigation: chain of custody and evidence gathering
  • Computer forensics and investigation

galaxy information systems