SYS Computer Training

Our custom 5-day CISSP workshop is the most comprehensive, complete course covering the entire information systems security Common Body of Knowledge (CBK). The benefit of the workshop is, of course, to help the individual prepare for the exam. However, it also provides practical experience, and serves as a very good learning tool for concepts and topics related to all aspects of today’s information systems security.

Prerequisites for taking the CISSP Exam:
The CISSP boot camp training program is targeted at professionals with at least 4 years of experience in the information security field or 3 years of experience and a college degree (or equivalent life experience).

What past students have to say about this class:
Very nice facility, very clean, user friendly, quiet and comfortable learning environment. Very knowledgeable instructor with Real World current examples. ~D.M. \ Navy

Introduction

We discuss where we are today with information Security, how we got here and the relevance of becoming CISSP certified.

Security management entails the identification of an organization’s information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines.

Management tools such as data classification and risk assessment/analysis are used to identify threats, classify assets, and to rate system vulnerabilities so that effective controls can be implemented.

Access Control Systems and Methodology

Access controls are a collection of mechanisms that work together to create security architecture to protect the assets of the information system.

· Accountability

· Access Control Techniques

· Access Control Administration

· Access Control Models

· Bell-LaPadula

· Identification and Authentication Techniques

· Access Control Methodologies and Implementation

· File and Data Ownership and Custodianship

· Methods of Attack

· Monitoring

· Penetration Testing

Security Models and Architecture

The Security Architecture and Models domain contains the concepts, principles, structures, and standards used to design, monitor, and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of availability, integrity, and confidentiality.

· Principles of common computer and network organizations, architectures and designs

· Principle of common security models, architectures, and evaluation criteria

· Common flaws and security issues associated with system architectures and designs

Physical Security

The physical security domain provides protection techniques for the entire facility, from the outside perimeter to the inside office space, including all of the information system resources.

· Facility Requirements

· Technical Controls

· Environment/Life Safety

· Physical Security Threats

· Elements of Physical Security

Telecommunications, Network, and Internet Security

The telecommunications, network, and Internet security domain discusses Network Structures, Transmission methods, Transport formats and Security measures used to provide availability, integrity, and confidentiality.

· International Standards Organization/Open Systems Interconnection

· (ISO/OSI) Layers and Characteristics

· Communications and Network Security

Telecommunications, Network, and Internet Security (Continued…)

· Communications security techniques to prevent, detect, and correct errors so that integrity, availability, and confidentiality of transactions over networks may be maintained.

The cryptography domain addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality, authenticity and non-repudiation.

Business Continuity Planning

The Business Continuity Plan (BCP) domain addresses the preservation and recovery of business operations in the event of outages.

Law, Investigations, and Ethics

The Law, Investigations, and Ethics domain addresses computer crime laws and regulations. It covers the measures and technologies used to investigate computer crime incidents.

This domain addresses the important security concepts that apply to application software development. It outlines the environment where software is designed and developed and explains the critical role software plays in providing information system security.

Operations Security is used to identify the controls over hardware, media, and the operators and administrators with access privileges to any of these resources. Audit and monitoring are the mechanisms, tools, and facilities that permit the identification of security events and subsequent actions to identify the key elements and report the pertinent information to the appropriate individual, group, or process.

· Concepts such as Need-to-Know/Least Privilege and Standards of Due Care/Due Diligence