Home » ISC(2) Training » ISC(2) CISSP

ISC(2) Certified Information Systems Security Professional CISSP

The major IT Security Certification for Senior Managers.

Course Contents:

Stage 1: Information Security and Risk Management

Stage 2: Security Architecture and Design

Stage 3: Access Control

Stage 4: Application Security

Stage 5 Operation Security

Stage 6: Cryptography

Stage 7: Physical (Environmental) Security

Stage 8: Telecommunications and Network Security

Stage 9: Business Continuity and Disaster Recovery Planning

Stage 10: Legal, Regulations, Compliance and Investigations

Course Code:

CISSP-2

Course Duration:

12 months

Typical Study Hours:

40 - 50 hours

Course Fees:

See our Fee Guide

Course Demo:

Request an online Course Demo

Study Prerequisite:

Mid to Senior Level Managerial experience. A minimum of five years of professional experience in the information security field, or four years plus a degree.

Additional Information for Stage 1:

• Information Security and Risk Management

  • Recognise the goals of security management and change control.
  • Identify the change control mechanisms used to secure the operational environment.
  • Recognise the objectives and criteria associated with data classification, and distinguish between information classification roles.
  • Distinguish between policies, standards, baselines, and guidelines.
  • Recognise best practices and procedures for dealing with different aspects of employee relations.
  • Determine the appropriate security procedures for hiring a new employee in a given scenario.
  • Identify the principles of risk management, distinguish between planning types, and recognise what's involved in the analysis of different threats and vulnerabilities.
  • Calculate the potential loss expectancy and the cost of countermeasures used for risk reduction in a given scenario.
  • Calculate the loss expectancy associated with an information asset, perform a cost-benefit analysis, and determine how to handle the risk depending on the outcome of the countermeasure.
  • Identify the security-related responsibilities associated with different roles within an organisation.

^top

Additional information for Stage 2:

• Security Architecture and Design

  • Recognise the components of the basic information system architecture and their functionality, and differentiate between hardware, software, and firmware.
  • Differentiate between machine types and recognise the functions of network protocols and the resource manager.
  • Distinguish between types of storage device and how they are used.
  • Determine which system resources can be found at the different rings and how the rings control subject access to objects.
  • Differentiate between key security concepts, recognise the role of TCB, reference monitor, and security kernel in protecting the operating system, and recognise the two basic access control types.
  • Differentiate between the various criteria and standards used to evaluate security in a networking environment.
  • Specify the security level that should be assigned to various objects and determine how to implement the standards.
  • Recognise the logistics of various security models used to enforce rules and protection mechanisms.

^top

Additional information for Stage 3:

• Access Control

  • Identify the types of access control technologies used in a networking environment.
  • Identify knowledge-based and characteristics-based authentication technologies.
  • Recognise how single sign-on systems (SSOs), one-time passwords (OTPs), and smart cards are used for authentication.
  • Determine the appropriate type of authentication to implement in a given enterprise scenario.
  • Recognise ways of securing passwords and identify different types of attack against passwords and password files.
  • Select the appropriate access control model for a scenario.
  • Determine the most appropriate access control model to implement in a given scenario.
  • Recognise how different types of access control technique control access to resources, and distinguish between centralised and decentralised access control administration mechanisms.
  • Identify information detection system (IDS) mechanisms and implementation methods, and recognise various intrusion detection and prevention techniques.

^top

Additional information for Stage 4:

• Application Security

  • Distinguish between open and closed source code and recognise the functionality of different program types.
  • Distinguish between the types of attacks used in the enterprise environment and identify the appropriate methods to counteract them.
  • Recognise the different types of malicious code that can affect a system or network and identify the methods that can be used to mitigate them.
  • Identify the type of attack being perpetrated in a given scenario and determine the appropriate steps to counteract it.
  • Recognise the characteristics of various knowledge-based systems and identify the activities involved in the different phases of the information systems development life cycle.
  • Distinguish between various database models and technologies, and define basic concepts associated with databases and data warehousing.
  • Select the appropriate database model for a given set of criteria.

^top

Additional information for Stage 5:

• Operation Security

  • Recognise the activities involved in securing the operations of an enterprise and identify the technologies used to maintain network and resource availability.
  • Identify the effects of various hardware and software violations on the system, and recognise how different types of operational and life-cycle assurance are used to secure operations.
  • Determine the effects of different attacks on the network and identify the consequences of those effects.
  • Recognise how different auditing and monitoring techniques are used to identify and protect against system and network attacks.
  • Recognise the need for resource protection, distinguish between e-mail protocols, and identify different types of e-mail vulnerability.
  • Identify basic mechanisms and security issues associated with the Web, and recognise different technologies for transferring and sharing files over the Internet.
  • Recognise key reconnaissance attack methods and identify different types of administrative management and media storage control.
  • Identify the appropriate security measures and controls for creating a more secure workspace in given scenarios.

^top

Additional information for Stage 6:

• Cryptography

  • Define key cryptographic terms and distinguish between types of symmetric key algorithms.
  • Distinguish between types of asymmetric algorithms.
  • Determine the appropriate cryptography implementation for a given scenario.
  • Distinguish between types of cipher and identify different categories of cryptanalytic attack.
  • Distinguish between the various algorithms used for message authentication.
  • Determine the appropriate hashing algorithm to use in a given scenario.
  • Recognise how certificate authorities (CAs), digital signatures, and the Public Key Infrastructure (PKI) are used to provide confidentiality, integrity, and authentication.

^top

Additional information for Stage 7:

• Physical (Environmental) Security

  • Recognise basic threats to an organisation's physical security and identify the security mechanisms used in securing an enterprise environment.
  • Identify the security mechanisms and strategies used to protect the perimeter of a facility.
  • Identify the appropriate physical security mechanisms to implement in a given scenario.
  • Identify the appropriate mechanisms and controls for securing the inside of a building or facility.
  • Select the most appropriate intrusion detection technology for a scenario.
  • Determine the appropriate intrusion detection system to implement, given a specific scenario.
  • Select the appropriate strategy for securing compartmentalised areas in a given scenario.

^top

Additional information for Stage 8:

• Telecommunications and Network Security

  • Identify security issues associated with e-mail, facsimile, and PBX systems, and recognise how the LPC algorithm is used to secure voice communications.
  • Identify the characteristics and functionality of the different technologies used to protect an organisation at the network edge.
  • Identify the characteristics of TCP and IP, and recognise the functionality of the OSI reference model.
  • Distinguish between the layers of the OSI reference model and their associated functionality and technologies.
  • Distinguish between types of data topology and physical media, and recognise the functionality of different LAN technologies.
  • Recognise the network topologies, media access methods, data transmission types, and devices used by LANs and WANs.
  • Identify the characteristics of the switching, remote access, and authentication methods used by LANs and WANs, and recognise the functionality of Ethernet and Token Ring technologies.
  • Recognise the characteristics of the various network communications mechanisms and technologies used in an enterprise environment, and identify the protocols used by VPNs.
  • Recognise the characteristics and functionality of the protocols used to secure data in transit in an enterprise environment.
  • Recognise how different transport layer mechanisms secure network data.
  • Recognise how different technologies are used to protect data at the Application layer.
  • Determine the most appropriate methods and mechanisms for securing information at the Application layer, given a scenario.

^top

Additional information for Stage 9:

• Business Continuity and Disaster Recovery Planning

  • Recognise the phases involved in creating a business continuity plan (BCP).
  • Recognise what's involved in the project initiation and management phase of the business continuity planning process.
  • Identify the steps for conducting a business impact analysis (BIA) in a given scenario.
  • Determine the appropriate strategy for performing a business impact analysis (BIA) in a given scenario.
  • Identify the appropriate strategies for recovering critical business systems and resources, and maintaining business continuity in the event of a disaster.
  • Identify the factors that need to be reviewed and documented in a business continuity plan, given a scenario.
  • Identify the objectives and functions associated with testing and maintaining a business continuity plan.
  • Determine the appropriate strategy for designing a business continuity plan (BCP) in a given scenario.

^top

Additional information for Stage 10:

• Legal, Regulations, Compliance and Investigations

  • Distinguish between the major categories of computer crime and recognise examples of them.
  • Recognise the characteristics of various computer-related crimes and identify the type of intellectual property law that applies in a given scenario.
  • Determine the type of intellectual property that should be put in place in a given scenario.
  • Recognise the characteristics of various law systems and categories of law, and identify laws related to information security and privacy.
  • Distinguish between the laws that have been created to deal with different types of computer crime.
  • Recognise the definition of the principles of due care and due diligence, and identify the phases and types of evidence involved in computer crime.
  • Determine the appropriate process for controlling evidence when investigating a computer-related crime in a given scenario.
  • Recognise the investigative and ethical considerations involved in dealing with computer crime.

^top

<< back to previous page