Home   Technology Courses   Management Courses   Certification   MyHistory  Course Schedule   Free Catalog   About Us   What's New   Contest   Contact Us Photo Galary

The (ISC)2 SSCP CBK Review Seminar You Will Learn How To Prepare for SSCP Certification based on the (ISC)2 CBK Identify the access control standards and procedures that define users and user rights Explore security operations and administration policies that maintain confidentiality and availability Examine the risk, response and recovery processes essential for identifying and controlling information loss Recognize the cryptography principles for disguising information and ensuring information integrity Review core elements of network security including network structures and transmission methods Course Benefits This course provides a comprehensive overview of information security concepts and industry best practices and is the only review course endorsed by (ISC)2. In this course, you cover the seven SSCP domains as outlined in the (ISC)2 CBK and analyze the latest information-system security issues. You also develop an individual study plan to enhance your exam preparation skills. Who Should Attend Security professionals, government and military personnel seeking IAT-1 or IAT-2 certification to fulfill the DoD 8570.1 Directive, network security personnel and managers. Participants should be aware of the exam eligibility criteria established by (ISC)2. Course Workshop Throughout this course, you review in-depth the seven SSCP domains as outlined by the (ISC)2 CBK. Workshops include: Reviewing the seven SSCP domains including access controls, network security and cryptography Uncovering areas to further develop and expand your exam preparedness Investigating the latest information-system security issues, concerns and countermeasures Reinforcing key areas of the CBK through numerous review sessions Course Content Introduction Overview of (ISC)2 and the exam process Introduction to the AIC (availability, integrity, confidentiality) triad Access Controls Access control principles Least privilege, need to know, separation of duties Methods of identification and registration process User account maintenance and identity management Hardening of systems Levels of access: system/desktop/network/data Patches and updates, ports, protocols Physical access controls: environmental controls Authentication: three factors of authentication Directories: LDAP, Active Directory, X.500, Kerberos IDS and IPS: monitoring and implementation Firewalls: circuit, stateful inspection, packet filtering Anti-virus: signature/heuristics/anomaly Security Operations and Administration Security administration Event logging: SYSLOG, log protection and analysis Information classification: compliance monitoring Managed security service provider for secured outsourcing Change management and configuration management Systems development: SDLC, security design and implementation Evaluation: penetration testing, vulnerability assessments User Security Awareness Code of Ethics: Personal, corporate, professional ethics Certification and Accreditation: Purpose and process of certification Facility and Power Management: Equipment protection, UPS, generators, surge protectors Analysis and Monitoring Audits: compliance and monitoring/social engineering Log management: correlation/clipping levels Monitoring systems: central management, retention periods for logs Secure configurations: password cracking, war driving, war dialing, unauthorized changes Risk, Response, and Recovery Risk management process and incident handling Risk assessment, risk mitigation, risk acceptance, SLE, ALE, ARO and countermeasures Security assessments: network scanning Response process, isolating networks, chain of evidence Business Continuity Disaster recovery: definitions and tests Backups: SANS, RAID, fault-tolerant systems, frequency Cryptography Definitions Algorithms: symmetric/asymmetric ciphers and stream/block Business and security Requirements Non-repudiation,confidentiality, integrity, authenthication Certificates: X.509, PKCS, trust models, PKI Key recovery, generation, distribution, negotiation Cryptographic Implementations Secure protocols: IPSEC, SSL, SSH Cryptanalysis: plaintext/cipher-based attacks Message integrity checks: SHA-1, MD5, hash functions, parity, checksums, digital signatures Networks and Telecommunications Protocols OSI TCP/IP IPv4 IPv6 IP-based attacks: fragmentation, teardrop Transmission Control Protocol (TCP): syn flood Routing and switching protocols: RIP, OSPF, BGP Dynamic Host Authentication Protocol (DHCP) Transmission technologies ATM X.25 Frame Relay MPLS SVC PVC Remote access controls: RADIUS, TACACS+ Wireless technologies: IEEE 802.11 a/b/g, 802.15, 802.16 Network configuration: LAN/WAN/DMZ/intranet Attacks: Port scans/null scans, honeypots, source routing Malicious Code and Other Attacks Types of malware: viruses, worms, Trojan horses, logic bombs Spyware/adware, keystroke loggers/botnets/spam, phishing Anti-virus software Integrity-checking software