---

CISSP Domain Courses

Access Control - 4 CPEs

The Access Control domain of the CISSP® CBK® centers on the mechanisms that work together to create a security architecture to protect the assets of the information system. Access control permits management to specify what users can do, what resources they can access, and what operations they can perform.

Course Structure

Module 1: Access Control Categories and Types

Module 2: Access Control Threats

Module 3: Access to System

Module 4: Access to Data

Module 5: Intrusion Prevention, Intrusion Detection, and Audit Trail Monitoring

Module 6: Information Security Activities

Course Test

Objectives

At the completion of this course, you will be able to:

• Describe the access control concepts and methodologies
• Identify access control security tools and technologies
• Describe the auditing mechanisms for analyzing behavior, use, and content of the information system

Seat hours: 4-6 hours

Application Security - 4 CPEs

The Application Security domain of the CISSP® CBK® addresses the important security concepts that apply to the software application development: the environment where software is designed and developed and the critical role software plays in providing security to the information system.

Course Structure

Module 1: Applications and Database Environments

Module 2: Environment Threats

Module 3: System Life Cycle and Software Development Methods

Module 4: Programming Languages and Object-Oriented Technology

Module 5: Software Protection Mechanisms

Module 6: Web Application Environment

Module 7: Assurance Mechanisms

Course Test

Objectives

At the completion of this course, you will be able to:

• Describe the principles for securing applications throughout the life cycle management process
• List the basic processes of change control
• Identify the concepts related to data warehousing, data mining and knowledge-based systems
• Define the application software design engineering principles
• Identify the various types of malicious software and how malicious software can be introduced into the computing environment
• Describe protection mechanisms that can be used to prevent, detect, and correct malicious software attacks

Seat hours: 4-6 hours

Business Continuity and Disaster Recovery Planning - 2 CPEs

The Business Continuity and Disaster Recovery Planning domain of the CISSP® CBK® addresses the preservation and recovery of the business in the event of incidents that could otherwise interrupt normal business operations.

Course Structure

Module 1: Business Continuity Management

Module 2: Phases of BCP

Module 3: Restoration Action and the Recovery Process

Course Test

Objectives

At the completion of this course, you will be able to:

• Define business continuity planning and business continuity management
• Describe the phases of business continuity planning
• Identify preparation for specific actions required to preserve critical business operations

Seat hours: 2-3 hours

Cryptography - 7 CPEs

The Cryptography domain of the CISSP® CBK® addresses the principles, means, and methods of disguising information to ensure its confidentiality, integrity, authentication and non-repudiation.

Course Structure

Module 1: History of Cryptography

Module 2: Encryption Methods and Systems

Module 3: Symmetric Key Encryption

Module 4: Asymmetric and Hybrid Systems

Module 5: Message Integrity Control and Digital Signatures

Module 6: Certification, Key Management and PKI

Module 7: Cryptanalysis and Attacks

Module 8: Email and Internet Encryption and the Role of the Security Professional

Course Test

Objectives

At the completion of this course, you will be able to:

• Define the basic concepts within cryptography
• Describe public (asymmetric) and secret/shared (symmetric) key algorithms in terms of their applications and uses
• Identify algorithm types, key distribution and management, and methods of attack
• Define the applications, construction, and use of digital signatures

Seat hours: 7-10 hours

Legal, Regulations, Compliance and Investigations - 3 CPEs

The Legal, Regulations, Compliance and Investigations domain of the CISSP® CBK® addresses computer crime laws and regulations that affect organizations and personnel, including individual and corporate responsibility. It also deals with the investigative measures and techniques that can be used to determine if a crime has been committed, as well as the investigation of crime incidents, collection of evidence and contacting of law enforcement. Finally, it looks at information security ethics as applied to society, employees and (ISC)2 members.

Course Structure

Module 1: Law and Computer Crime

Module 2: Investigation

Module 3: Ethics

Course Test

Objectives

At the completion of this course, you will be able to:

• Describe the laws and legal issues that are applicable to computer crime
• Describe the forensic methods that are used to gather and preserve evidence and investigate computer crimes
• Outline the ethical issues and the code of conduct applicable to the security professional

Seat hours: 3-5 hours

Operations Security - 2 CPEs

The Operations Security domain of the CISSP® CBK® relates to the controls over hardware, media, and the operators and administrators with access privileges to any of these resources.

Course Structure

Module 1: The Environment for Operations Security

Module 2: Hardware and Software

Module 3: Data/Media, Telecom Equipment and Support Systems

Module 4: Operations, Personnel and Information Security Activities

Course Test

Objectives

At the completion of this course, you will be able to:

• Define the types of security controls
• List security guidelines for hardware and software
• Describe data and environment recovery tools
• Identify security guidelines for data/media, telecom equipment and support systems
• List information security activities required of operators and network administrators

Seat hours: 2-3 hours

Physical (Environmental) Security - 2 CPEs

The Physical (Environmental) Security domain of the CISSP® CBK® encompasses protection techniques for the entire facility, from the outside perimeter to the inside office space, including all the information system resources. Physical security refers to the physical measures and their associated procedures to safeguard and protect against damage, loss and theft. It also refers to the implementation of controls that discourage attackers by convincing them that the cost of attacking is greater than the value received from the attack.

Course Structure

Module 1: Threats and Countermeasures

Module 2: Crime Prevention Through Environmental Design

Course Test

Objectives

At the completion of this course, you will be able to:

• Describe the threats, vulnerabilities, and countermeasures related to physically protecting the enterprise's sensitive information assets
• Identify the risk to facilities, data, media, equipment, support systems, and supplies as they relate to physical security

Seat hours: 4-5 hours

Security Architecture and Design - 4 CPEs

The Security Architecture and Design domain of the CISSP® CBK® centers on the concepts, principles, structures, and standards used to design, monitor, and secure operating systems, hardware, networks, applications and those controls used to enforce various levels of availability, integrity, and confidentiality.

Course Structure

Module 1: Common Computer Architecture

Module 2: Enterprise Security Architecture

Module 3: Security Models

Course Test

Objectives

At the completion of this course, you will be able to:

• Identify the security issues and controls that can be associated with architectures and designs
• Describe the principles of common computer and network organization, enterprise architectures and designs
• Define and understand security models

Seat hours: 4-6 hours

Information Security and Risk Management - 4 CPEs

The Information Security and Risk Management domain of the CISSP® CBK® involves the identification of an organization's information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines.

Course Structure

Module 1: Principles and Requirements

Module 2: Organizational Roles and Responsibilities

Module 3: Organizational Policy

Module 4: Information Classification

Module 5: Risk Management and Analysis

Course Test

Objectives

At the completion of this course, you will be able to:

• Identify the planning, organization, and roles of individuals in identifying and securing an organization's information assets
• Define the differences between policies, standards, guidelines and procedures in terms of their application to security administration
• Define the importance of security awareness so employees are aware of the need for information security
• Describe the importance of risk management practices and tools to identify, prioritize, and reduce the risk to specific information assets
• Define the roles of users in support of security processes

Seat hours: 4-6 hours

Telecommunications and Network Security - 8 CPEs

The Telecommunications and Network Security domain of the CISSP® CBK® focuses on network structures, transmission methods, transport formats, security measures used to provide availability, integrity, and confidentiality, and authentication for transmission over private and public communications networks and media.

Course Structure

Module 1: Data Networks

Module 2: Network Protocols

Module 3: Telephony

Module 4: Remote Access

Module 5: Network Threats, Attacks and Counterattacks

Module 6: Network Access Controls

Module 7: Network Availability Technologies

Module 8: Internet and Web Security Protocols

Module 9: Multimedia and Quality of Service

Module 10: Information Security Activities

Course Test

Objectives

At the completion of this course, you will be able to:

• Describe the telecommunications and network security elements as they relate to the transmission of information in local area, wide area, and remote access
• Define the concepts associated with the Internet, intranet, and extranet communications, such as firewalls, gateways, and associated protocols
• Identify the communications security management and techniques that prevent, detect, and correct errors so that the protection of information transmitted over networks is maintained

Seat hours: 8-12 hours

Back to top

---

SSCP Domain Courses

Understanding how to protect data and prevent information theft (controlling access) is a key function in protecting the security of a corporation or government entity.

In this course, IT Security Practitioners will learn about major access control concepts, protocols and issues and will learn how to apply sound solutions and strategies consistent with their own policies, standards and procedures.

Course Structure

Module 1: Access Control Overview

Module 2: Access Control Design Goals

Module 3: Identification and Authentication Techniques

Module 4: Access Control Concepts and Models

Module 5: Identification and Authentication Protocols and Applications

Module 6: Access Control Implementations

Module 7: Administration and Monitoring

Objectives

After completing this course, you will be able to:

• Given different access control scenarios, you will be able to identify vulnerabilities to specific attack types, and the associated costs.
• Given a list of business goals, you will be able to identify those that are achieved for your organization based on the defined design goals.
• You will be able to explain the main identification and authentication techniques, and will be able to select the most appropriate techniques for your organization’s Access Control System.
• You will be able to list and explain the strengths and weaknesses of each of the ten most common access control models.
• You will understand the various types of indirect attacks and will be able to select an appropriate defense against them.
• You will be able to design a security policy and choose an associated access control method that best secures your organization and its data.

Seat hours: 12-20 hours

In this course, IT Security Practitioners will explore the principles, means, and methods of cryptography necessary to protect information.

Course Structure

Module 1: Introduction to Cryptography

Module 2: Cryptographic Basic Principles, Concepts, and Terminology

Module 3: Cryptographic Algorithms

Module 4: Cryptographic Applications, Tools, and Resources

Module 5: Cryptographic Business Issues

Module 6: Cryptographic Attack and Defense Mechanisms

Objectives

At the completion of this course, you will be able to:

• You will be able to explain how cryptography works, and demonstrate its applicability to business issues.
• Given an understanding of the basic principles and concepts of cryptography, you will be able to demonstrate the workings of the primary components of modern cryptographic systems.
• Based on an understanding of cryptographic algorithms, you will be able to perform the mathematics associated with modern cryptographic systems.
• Based on knowledge of cryptographic applications, you will be able to match business requirements with cryptographic solutions and applicable toolsets.
• Using an understanding of business issues, you will be able to formulate cryptographic strategies and select proper algorithms to address major business security issues.
• With an understanding of cryptanalysis, you will be able to show how cryptographic systems are compromised and how they can be defended against attack.

Seat hours: 12-20 hours

In this course, IT Security Practitioners address the questions of Who, What, Why, and How regarding the impact on organizations from malicious software code and other threats.

Course Structure

Module 1: Introduction to Malicious Code

Module 2: Profiles of Malicious Code Perpetrators

Module 3: Key Targets and Objectives of Malicious Code

Module 4: Characteristics, Architecture, and Operations of Hostile Code

Module 5: Malicious Code Countermeasures

Module 6: The IT Security Practitioners' Role

Objectives

At the completion of this course, you will be able to:

• Recount a brief history of malicious code and threats from the 1970s until the present date
• Explain the relevance of malicious code threats to business organizations
• Identify the profiles and motivations of persons who engage intentionally or unintentionally in hostile code attacks and discuss the key business impact on an organization in terms of confidentiality, integrity, availability, productivity, and potential legal liability
• Identify specific types of malicious code attacks, classify them into appropriate categories, and relate them to specific threats against the key business security concerns
• Given specific types of malicious code attacks, organize them into categories, discuss specific characteristics of each attack, and differentiate the key characteristics of each
• Given examples of malicious code attacks on an enterprise network, provide examples of security tools or practices that can be used to detect, prevent, and mitigate each type of attack
• List the five ongoing activities that can be used to ensure that adequate IT security countermeasures and practices are performed to protect and combat malicious code attacks

Seat hours: 6-10 hours

Back to top