1-800-THE-TREE (1-800-843-8733)

The (ISC)2 CISSP CBK Review Seminar

Course: 958 Type: Course Workshop Duration: 5 Days

You Will Learn How To

Prepare for CISSP Certification based on the (ISC)2 CBK
Identify the access control mechanisms that create a security architecture and protect assets
Recognize the cryptography principles, means and methods of disguising information
Explore business continuity and disaster recovery planning for the preservation of business operations
Examine core elements of network security including network structures and transmission methods
Inspect the key security concepts for application software development

Course Benefits

This course provides a comprehensive overview of information security concepts and industry best practices and is the only review course endorsed by (ISC)2. In this course, you cover the ten CISSP domains as outlined in the (ISC)2 CBK and analyze the latest information-system security issues. You also develop an individual study plan to enhance your exam preparation skills.

Who Should Attend

Security professionals, government and military personnel seeking IAT-3, IAM-2 or IAM-3 certification to fulfill the DoD 8570.1 Directive, network security personnel and managers. Participants should be aware of the exam eligibility criteria established by (ISC)2.

Course Workshop

Throughout this course, you review in-depth the ten CISSP domains as outlined by the (ISC)2 CBK. Workshops include:

Reviewing the ten domains of the CBK including application and network security and cryptography
Uncovering areas to further develop and expand your exam preparedness
Investigating the latest information-system security issues, concerns and countermeasures
Reinforcing key areas of the CBK through numerous review sessions

Course 958 Content

Information Security and Risk Management

Introduction to (ISC)2 and the exam process
The AIC (availability, integrity, confidentiality) triad
Security awareness training and education
Risk mitigation, quantitative and qualitative risk assessment, countermeasure selection
Ethics: personal, corporate, professional

Access Control

Definitions

Need to know, least privilege, separation of duties
Information classification

Access control categories and types

Threats: external and internal, natural, man-made
Technologies: single sign on, Kerberos, temporal, biometrics
Assurance mechanisms: IDS, IPS, logs, audits

Cryptography

Key concepts

History: manual, mechanical, electronic, quantum systems
Encryption systems: stream cipher, block ciphers
Symmetric and asymmetric algorithms

Integrity controls

MD5
SHA-1
CBC-MAC
Digital signatures: DSS
Cryptographic systems: keys, recovery, PKI, trust models
Attacks: plaintext and ciphertext, slide, side channel

Physical Security

Definitions

Guards
Fences
Locks

Site location

The Layered Defense Model
Infrastructure support systems
Equipment protection: theft, damage

Security Architecture and Design

Components and principles

System security: zones, domains, ring-based protection
Hardware: CPU, memory, communications devices
Software: operating systems, utilities, applications

Security models and architecture theory

Bell LaPadula
Biba
Clark-Wilson
Integrity models
Security evaluation methods and criteria

Business Continuity Planning and Disaster Recovery Planning

Project scope development and planning

Business impact analysis
Emergency assessment: incident response, mitigation

Continuity and recovery strategy

Plan, design and development
Implementation: testing techniques, awareness
Restoration: rebuilding and return to normal
Plan management: updating

Telecommunications and Network Security

Central concepts

Analog vs. digital
Synchronous vs. asynchronous,
Circuit vs. packet switched traffic

Networks:

LAN
WAN
DMZ
Internet
Remote access: RADIUS, TACACS+
Network components: switch, router, ATM, MPLS
Telephony: VoIP, PBX

Application Security

System lifecycle security

SDLC phases
Application environment and security controls

Applications

Programming languages and tools: compilers, interpreters
Databases and data warehouses: data mining and DBMS
Applications systems threats and vulnerabilities: malware
Applications security controls: implementation testing

Operations Security

Resource protection: equipment, operations areas, personnel
Change control management
Physical security controls: controlled access
Privileged entity control: administrators, operators

Legal, Regulations, Compliance and Investigation

Major legal systems: intellectual property, computer crime
Legal concepts: due care versus due diligence
Regulatory issues: privacy, financial compliance
Investigation: chain of custody and evidence gathering
Computer forensics and investigation

(ISC)2, CBK, and CISSP are registered certification marks of (ISC)2, Inc.

Course Description

Save as much as $2,350 on a Triple-Pack!

Enter online today to win one FREE Learning Tree Course per year for life plus a FREE Course for your Colleague!

Upcoming Dates

Jul 14 - 18, 2008
Washington, DC (Reston, VA)

Aug 11 - 15, 2008
New York

Aug 25 - 29, 2008
Washington, DC (Rockville, MD)

Sep 15 - 19, 2008
Los Angeles

Sep 29 - Oct 3, 2008
Chicago (Schaumburg)

Oct 6 - 10, 2008
Washington, DC (Reston, VA)

Nov 3 - 7, 2008
New York

Nov 17 - 21, 2008
Washington, DC (Rockville, MD)

Dec 8 - 12, 2008
Los Angeles

Jan 12 - 16, 2009
Washington, DC (Reston, VA)

Course Tuition

$ 2,950	Standard Tuition
Tuition with a Savings Plan
$ 2,655	Alumni Gold Discount
$ 2,620	Government Discount

Course participants preparing for the CISSP Certification Exam.

Special Course Promotions:

Exam Voucher is Included. Please Note: No savings program may be applied to this Course.

Customer Service or Enroll: 1-800-843-8733