CISSP
Advanced CISSP Prep Guide: Exam Q & A, Ronald L. Krutz/Russell Dean Vines, 2003
CISSP All-in-One Certification Exam Guide", Shon Harris, 2002
CISSP for Dummies", Lawrence Miller/Peter Gregory, 2002
CISSP (Exam Cram)", Mandy Andress, 2001
CISSP Examination Textbooks", S. Rao Vallabhaneni
The CISSP Prep Guide", Ronald L. Krutz/Russell Dean Vines, 2001
The CISSP Prep Guide Gold Edition", Ronald L. Krutz/Russell Dean Vines, 2003
CISSP Training Guide", Roberta Bragg, 2003
Mike Meyers' Certification Passport CISSP", Shon Harris, 2002
Secured Computing", Carl F. Endorf, 2002
The Total CISSP Exam Prep Book", Thomas R. Peltier/Patrick D. Howard, 2002
Wednesday, October 14, 2009
CISSP DOWNLOADS !
These books are recommended for your preparation for CISSP :
Official (ISC)2 Guide to the CISSP Exam, by Susan Hansche, John Berti and Chris Hare, (ISC)2 Press – AuerBach
All in One CISSP Certification Exam Guide, by Shon Harris,McGrawHill
The CISSP Prep Guide: Gold Edition, by Ronald L. Krutz & Russell Dean Vines, Wiley Press, 2002
The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams,Second Edition,by Ronald L. Krutz & Russell Dean Vines,Wiley Press
Information Security Management Handbook CD-ROM 2005,Edition, by various Authors, AuerBach Publications, 2005
The Ethical Hacker’s Handbook, 2nd Edition (McGraw-Hill, January 2008).
Information Security Management Handbook, 5th Edition
CISSP ALL-IN-ONE EXAM GUIDE 4th EDITION by Shon Harris
http://rs12.rapidshare.com/files/1997270/John.Wiley.and.Sons.The.CISSP.Prep.Guide.Mastering.the.CISSP.and.ISSEP.Exams.Second.Edition.Apr.2004
http://rapidshare.com/files/54635434/Auerbach.Publications.Information.Security.Management.Handbook.5Th.Ed.pdf
CISSP Examination Textbooks", S. Rao Vallabhaneni, 2000
CISSP Training Guide", Roberta Bragg, 2003
Mike Meyers' Certification Passport CISSP", Shon Harris, 2002,
Secured Computing", Carl F. Endorf, 2002
The Total CISSP Exam Prep Book", Thomas R. Peltier/Patrick D. Howard
Official (ISC)2 Guide to the CISSP Exam, by Susan Hansche, John Berti and Chris Hare, (ISC)2 Press – AuerBach
All in One CISSP Certification Exam Guide, by Shon Harris,McGrawHill
The CISSP Prep Guide: Gold Edition, by Ronald L. Krutz & Russell Dean Vines, Wiley Press, 2002
The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams,Second Edition,by Ronald L. Krutz & Russell Dean Vines,Wiley Press
Information Security Management Handbook CD-ROM 2005,Edition, by various Authors, AuerBach Publications, 2005
The Ethical Hacker’s Handbook, 2nd Edition (McGraw-Hill, January 2008).
Information Security Management Handbook, 5th Edition
CISSP ALL-IN-ONE EXAM GUIDE 4th EDITION by Shon Harris
http://rs12.rapidshare.com/files/1997270/John.Wiley.and.Sons.The.CISSP.Prep.Guide.Mastering.the.CISSP.and.ISSEP.Exams.Second.Edition.Apr.2004
http://rapidshare.com/files/54635434/Auerbach.Publications.Information.Security.Management.Handbook.5Th.Ed.pdf
CISSP Examination Textbooks", S. Rao Vallabhaneni, 2000
CISSP Training Guide", Roberta Bragg, 2003
Mike Meyers' Certification Passport CISSP", Shon Harris, 2002,
Secured Computing", Carl F. Endorf, 2002
The Total CISSP Exam Prep Book", Thomas R. Peltier/Patrick D. Howard
CISSP DOWNLOADS ! VERY IMPORTANT
THESE ARE THE VARIOUS URLS FOR DIFFERENT DOWNLOADS FOR CISSP :
CISSP URLS FOR DOWNLOAD :
http://www.certbible.org/9-cissp-books/
9 CISSP books
http://rapidshare.com/files/13368515/CISSP_Ebooks.part01.rar.html http://rapidshare.com/files/13366295/CISSP_Ebooks.part02.rar.html
http://rapidshare.com/files/13369510/CISSP_Ebooks.part03.rar.html
http://rapidshare.com/files/13370581/CISSP_Ebooks.part04.rar.html
http://rapidshare.com/files/13371593/CISSP_Ebooks.part05.rar.html
http://rapidshare.com/files/13374071/CISSP_Ebooks.part06.rar.html
http://rapidshare.com/files/13374982/CISSP_Ebooks.part07.rar.html
http://rapidshare.com/files/13376340/CISSP_Ebooks.part08.rar.html
http://rapidshare.com/files/13377160/CISSP_Ebooks.part09.rar.html
http://rapidshare.com/files/13378022/CISSP_Ebooks.part10.rar.html
http://rapidshare.com/files/13379047/CISSP_Ebooks.part11.rar.html
http://rapidshare.com/files/13379907/CISSP_Ebooks.part12.rar.html
http://www.rtek2000.com/Good/CISSP-all-inOne-ch08.pdf
http://www.pdf-search-engine.com/all-in-one-cissp-pdf.html
http://rapidshare.com/files/29069914/CISSP.for.Dummies.2nd.Edition.Apr.2007.eBook-BBL.chm-0470124261.rar
http://rs12.rapidshare.com/files/180632630/linkra.com_CISSP.Exam.Cram.eBook-EEn.rar
http://rapidshare.com/files/29191226/Transcender.ISC2.Cert-CISSP.Practice.Exam.v2.1.2-RBS.zip 12mb
http://rapidshare.com/files/96500964/ActualTests.ISC.CISSP.Exam.Q.and.A.10.12.06.pdf 2mb
http://rapidshare.com/files/1997270/John.Wiley.and.Sons.The.CISSP.Prep.Guide.Mastering.the.CISSP.and.ISSEP.Exams.Second.Edition.Apr.2004
http://rapidshare.com/files/29583077/CISSP_Training_Guide.pdf
http://rapidshare.com/files/6580107/Wiley_Publishing_-_The_CISSP_Prep_Guide._Gold_Edition.pdf
http://rapidshare.com/files/162982414/ebook.The_Cissp_Prep_Guide_All-In-One.047126802X.zip
http://www.4shared.com/account/file/34471414/a3480562/McGraw-HillOsborneMediaCISSPAll-in-OneExamGuideThirdEditionSep2005eBook-YYBC.html
http://www.4shared.com/account/file/41577763/c6e11298/CISSP_-_Certified_Information_Systems_Security_Professional_Study_Guide_Third_Edition.html
http://www.4shared.com/file/36903090/58ddf5c3/Guide_to_the_CISSP-ISSEP_CBK.html
http://www.4shared.com/account/file/52055682/53e175ec/ForDummiesCISSPforDummies2ndEditionApr2007.html
http://www.4shared.com/account/file/94728856/828cf6b2/Cissp_-_Certified_Information_Systems_Security_Profe.html
http://www.4shared.com/file/94729443/5a5bad7d/Cissp.html
http://www.4shared.com/account/file/135473830/113af84/2007_-_CISSP_Certification_All-in-One_Exam_Guide_4th_Ed__All-in-One__-_McGraw-Hill_Osborne_Media_-_0071497870.html
http://cissp-certification-exam-guide.http-www-eplanetlabs-com.qarchive.org/
http://www.brothersoft.com/cissp-practice-tests-from-boson-download-24139.html
http://www.brothersoft.com/cissp-exams--tests-download-62732.html
http://www.freebooklinks.com/ebooks/cissp-for-dummies-1262.html
http://www.rapidshare8.com/rapidshare.com/files/d348627a08fabe278a8909ed03474447/for.dummies.cissp.for.dummies.2nd.edition.apr.2007.ebook-bbl.rar%20%20.html
http://www.pdf-search-engine.com/all-in-one-cissp-pdf.html
http://www.elitecertify.com/demos/cissp.pdf
http://www.brothersoft.com/ucertify-prepkit-for-test-cissp-download-118135.html
http://www.globalitcert.com/demos/CISSP_Demos/CISSP.pdf
http://itsf.biz/CISSP/CISSP.All-in-One.ExamGlossary.pdf
http://www.ebook-search-engine.com/all-in-one-cissp-ebook-pdf.html
http://www.newhorizonscourses.com/pdf/cissp-certification.pdf
http://www.cissps.com/assets/exam_reg_form.pdf
http://www.prlog.org/10038571-fourth-edition-of-renowned-shon-harris-cissp-exam-guide-now-available.pdf
http://www.sharewareconnection.com/redirect.php?windowopen=new&url=http://www.certgear.com/cg/jsp/Download.jsp?cgid=CISSP
http://www.sharewareconnection.com/software.php?list=Books+Cissp
http://www.capitol-college.edu/files/file/PDFs/CICPC/CISSP-syllabus.pdf
http://www.utsa.edu/VPEE/Comp-Net%20Programs/Regristration_Form_CISSP.pdf
http://www.cissp.com/Assets/CISSP_Endorsement_Form.pdf
http://www.avtechusa.com/avsite/Course/Course_Syllabus_CISSP.pdf
http://ihtik.lib.ru/dedic_wiley_29sept2007.html
CISSP URLS FOR DOWNLOAD :
http://www.certbible.org/9-cissp-books/
9 CISSP books
http://rapidshare.com/files/13368515/CISSP_Ebooks.part01.rar.html http://rapidshare.com/files/13366295/CISSP_Ebooks.part02.rar.html
http://rapidshare.com/files/13369510/CISSP_Ebooks.part03.rar.html
http://rapidshare.com/files/13370581/CISSP_Ebooks.part04.rar.html
http://rapidshare.com/files/13371593/CISSP_Ebooks.part05.rar.html
http://rapidshare.com/files/13374071/CISSP_Ebooks.part06.rar.html
http://rapidshare.com/files/13374982/CISSP_Ebooks.part07.rar.html
http://rapidshare.com/files/13376340/CISSP_Ebooks.part08.rar.html
http://rapidshare.com/files/13377160/CISSP_Ebooks.part09.rar.html
http://rapidshare.com/files/13378022/CISSP_Ebooks.part10.rar.html
http://rapidshare.com/files/13379047/CISSP_Ebooks.part11.rar.html
http://rapidshare.com/files/13379907/CISSP_Ebooks.part12.rar.html
http://www.rtek2000.com/Good/CISSP-all-inOne-ch08.pdf
http://www.pdf-search-engine.com/all-in-one-cissp-pdf.html
http://rapidshare.com/files/29069914/CISSP.for.Dummies.2nd.Edition.Apr.2007.eBook-BBL.chm-0470124261.rar
http://rs12.rapidshare.com/files/180632630/linkra.com_CISSP.Exam.Cram.eBook-EEn.rar
http://rapidshare.com/files/29191226/Transcender.ISC2.Cert-CISSP.Practice.Exam.v2.1.2-RBS.zip 12mb
http://rapidshare.com/files/96500964/ActualTests.ISC.CISSP.Exam.Q.and.A.10.12.06.pdf 2mb
http://rapidshare.com/files/1997270/John.Wiley.and.Sons.The.CISSP.Prep.Guide.Mastering.the.CISSP.and.ISSEP.Exams.Second.Edition.Apr.2004
http://rapidshare.com/files/29583077/CISSP_Training_Guide.pdf
http://rapidshare.com/files/6580107/Wiley_Publishing_-_The_CISSP_Prep_Guide._Gold_Edition.pdf
http://rapidshare.com/files/162982414/ebook.The_Cissp_Prep_Guide_All-In-One.047126802X.zip
http://www.4shared.com/account/file/34471414/a3480562/McGraw-HillOsborneMediaCISSPAll-in-OneExamGuideThirdEditionSep2005eBook-YYBC.html
http://www.4shared.com/account/file/41577763/c6e11298/CISSP_-_Certified_Information_Systems_Security_Professional_Study_Guide_Third_Edition.html
http://www.4shared.com/file/36903090/58ddf5c3/Guide_to_the_CISSP-ISSEP_CBK.html
http://www.4shared.com/account/file/52055682/53e175ec/ForDummiesCISSPforDummies2ndEditionApr2007.html
http://www.4shared.com/account/file/94728856/828cf6b2/Cissp_-_Certified_Information_Systems_Security_Profe.html
http://www.4shared.com/file/94729443/5a5bad7d/Cissp.html
http://www.4shared.com/account/file/135473830/113af84/2007_-_CISSP_Certification_All-in-One_Exam_Guide_4th_Ed__All-in-One__-_McGraw-Hill_Osborne_Media_-_0071497870.html
http://cissp-certification-exam-guide.http-www-eplanetlabs-com.qarchive.org/
http://www.brothersoft.com/cissp-practice-tests-from-boson-download-24139.html
http://www.brothersoft.com/cissp-exams--tests-download-62732.html
http://www.freebooklinks.com/ebooks/cissp-for-dummies-1262.html
http://www.rapidshare8.com/rapidshare.com/files/d348627a08fabe278a8909ed03474447/for.dummies.cissp.for.dummies.2nd.edition.apr.2007.ebook-bbl.rar%20%20.html
http://www.pdf-search-engine.com/all-in-one-cissp-pdf.html
http://www.elitecertify.com/demos/cissp.pdf
http://www.brothersoft.com/ucertify-prepkit-for-test-cissp-download-118135.html
http://www.globalitcert.com/demos/CISSP_Demos/CISSP.pdf
http://itsf.biz/CISSP/CISSP.All-in-One.ExamGlossary.pdf
http://www.ebook-search-engine.com/all-in-one-cissp-ebook-pdf.html
http://www.newhorizonscourses.com/pdf/cissp-certification.pdf
http://www.cissps.com/assets/exam_reg_form.pdf
http://www.prlog.org/10038571-fourth-edition-of-renowned-shon-harris-cissp-exam-guide-now-available.pdf
http://www.sharewareconnection.com/redirect.php?windowopen=new&url=http://www.certgear.com/cg/jsp/Download.jsp?cgid=CISSP
http://www.sharewareconnection.com/software.php?list=Books+Cissp
http://www.capitol-college.edu/files/file/PDFs/CICPC/CISSP-syllabus.pdf
http://www.utsa.edu/VPEE/Comp-Net%20Programs/Regristration_Form_CISSP.pdf
http://www.cissp.com/Assets/CISSP_Endorsement_Form.pdf
http://www.avtechusa.com/avsite/Course/Course_Syllabus_CISSP.pdf
http://ihtik.lib.ru/dedic_wiley_29sept2007.html
What Should CISSPs Really Do?
Students n Professionals ,who are attempting to achieve their CISSP certification must study material on their own for months, before attending a CISSP bootcamp course,because no one can really learn the extensive stuffs , covers in just 5/7 days.
Studying for the CISSP exam correctly,can be one of the best investments you will ever make in your career, because all fields of security builds upon the foundational material that the CISSP exam covers.
Since the information security market is continually growing and security professionals are in such high demand, many people are jumping into the industry without a solid foundation of knowledge and experience.
Sadly, like many other certifications, too many people are achieving their CISSP certification through memorization of key components or just looking for brain dumps or other short ways.
Although security is more than just technology.
Studying for the CISSP exam correctly,can be one of the best investments you will ever make in your career, because all fields of security builds upon the foundational material that the CISSP exam covers.
Since the information security market is continually growing and security professionals are in such high demand, many people are jumping into the industry without a solid foundation of knowledge and experience.
Sadly, like many other certifications, too many people are achieving their CISSP certification through memorization of key components or just looking for brain dumps or other short ways.
Although security is more than just technology.
Why Certify with (ISC)²?
Why Certify with (ISC)²?
In a world full of security threats, the need for skilled, knowledgeable information security professionals has greatly increased .Your experience in the field is an important component, but experience isn't enough anymore. Employers need something necessary expertise to show them you have .Certification by a respected accreditation organization is becoming indispensable to the information security professional , earning potential, as well as greatly expanded career opportunities.
In a world full of security threats, the need for skilled, knowledgeable information security professionals has greatly increased .Your experience in the field is an important component, but experience isn't enough anymore. Employers need something necessary expertise to show them you have .Certification by a respected accreditation organization is becoming indispensable to the information security professional , earning potential, as well as greatly expanded career opportunities.
Information Security Certifications
Information Security Certifications
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP)
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Global Information Assurance Certification (GIAC)
Cisco Certified Security Professional (CCSP)
Systems Security Certified Practitioner (SSCP)
GIAC Security Essentials Certification (GSEC)
Certified Ethical Hacker (CEH)
Security Certified Network Architect (SCNA)
Security Certified Network Professional (SCNP)
Computer Hacking Forensic Investigator (CHFI)
Certified Wireless Security Professional (CWSP)
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional (CCNP)
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Global Information Assurance Certification (GIAC)
Cisco Certified Security Professional (CCSP)
Systems Security Certified Practitioner (SSCP)
GIAC Security Essentials Certification (GSEC)
Certified Ethical Hacker (CEH)
Security Certified Network Architect (SCNA)
Security Certified Network Professional (SCNP)
Computer Hacking Forensic Investigator (CHFI)
Certified Wireless Security Professional (CWSP)
Summary of Topics :
Summary of Topics :
IS Audit Process (CISA)
IT Governance (CISA)
IT Service Delivery and Support (CISA)
Operations Security (CISSP)
Information Security Governance (CISM)
Information Risk Management (CISM)
Information Security & Risk Management (CISSP)
Security Architecture & Design (CISSP)
Protection of Information Assets (CISA)
Information Security Program Development (CISM)
Access Control (CISSP)
Cryptography (CISSP)
Telecommunications & Network Security (CISSP)
Physical & Environmental Security (CISSP)
Business Continuity and Disaster Recovery Planning (CISA & CISSP)
Incident Management and Response (CISM)
Systems and Infrastructure Lifecycle (CISA)
Information Security Management (CISM)
Application Security (CISSP)
Business Process Evaluation and Application Controls (CISA)
Legal, Regulations, Compliance and Investigations (CISSP)
Workshops on IS Audit and Security Management Practices
IS Audit Process (CISA)
IT Governance (CISA)
IT Service Delivery and Support (CISA)
Operations Security (CISSP)
Information Security Governance (CISM)
Information Risk Management (CISM)
Information Security & Risk Management (CISSP)
Security Architecture & Design (CISSP)
Protection of Information Assets (CISA)
Information Security Program Development (CISM)
Access Control (CISSP)
Cryptography (CISSP)
Telecommunications & Network Security (CISSP)
Physical & Environmental Security (CISSP)
Business Continuity and Disaster Recovery Planning (CISA & CISSP)
Incident Management and Response (CISM)
Systems and Infrastructure Lifecycle (CISA)
Information Security Management (CISM)
Application Security (CISSP)
Business Process Evaluation and Application Controls (CISA)
Legal, Regulations, Compliance and Investigations (CISSP)
Workshops on IS Audit and Security Management Practices
CISSP and (ISC) 2 Overview :
CISSP and (ISC) 2 Overview :
International Information Systems Security Certification Consortium Established in 1989
Establish the CBK (Common Body of Knowledge) also called the domains of security
In 2004 CISSP was ISO 17024 certified
(ISC)2 - Certifications
CISSP – Certified Information Systems Security Professional
(Level: Advanced)
SSCP – Systems Security Certified Practitioner (Level: Intermediate)
CAP - Certification and Accreditation Professional (Level: Intermediate)
Associate of (ISC)²
ISSEP: Information Systems Security Engineering Professional,
ISSAP: Information Systems Security Architecture Professional, and
ISSMP: Information Systems Security Management Professional
CISSP Domains (CBK)
Access Control Systems and Methodology
Telecommunications and Network Security
Security Management Practices
Applications and System Development Security
Cryptography
Operations Security
Business Continuity Planning
Law, Investigations and Ethics
Physical Security
Security Architecture
Exam
Fee $599
Early registration fee $499
250 Multiple choice questions
25 are beta question
6 hours to complete the exam
Pass with a 700 or higher score
Scantron test forms
Pencils & dictionary
You can bring water, aspirin, food .
Exam Descriptions
“Inch deep and a mile wide”
you need to know everything about everything, like elliptic curves or derivation of the factors of the
product of large prime numbers. Just learn the words and be able to associate them with concepts ,like keystream generation .
Applicant Requirements :
Subscribe to the (ISC)2 Code of Ethics
4 years direct full-time security professional work or 3 years plus college degree or 2 years plus a Bachelor’s Degree and a Master’s.
Degree in Information Security
Recertification every 3 years with 120 CPE
Annual maintenance fee $85
CISSP Endorsement
(ISC)2 Associate program
(ISC)2 Code of Ethics
Code of Ethics Preamble:
Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore ,strict adherence to this code is a condition of certification.
Code of Ethics Canons:
Protect society, the commonwealth, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.
Textbooks
Official (ISC)2 Guide to the CISSP Exam, by Susan Hansche,
John Berti and Chris Hare, (ISC)2 Press – AuerBach
Publications, 2004, ISBN 0-8493-1707-X
All in One CISSP Certification Exam Guide, by Shon Harris,
McGrawHill – Osborne Press, 2002, ISBN 0-07-219353-0
The CISSP Prep Guide: Gold Edition, by Ronald L. Krutz &
Russell Dean Vines, Wiley Press, 2002, ISBN 047126802X
The CISSP Prep Guide: Mastering the CISSP and ISSEP
Exams, Second Edition, by Ronald L. Krutz & Russell Dean
Vines, Wiley Press, 2004, ISBN 076455915X
Information Security Management Handbook CD-ROM 2005
Edition, by various Authors, AuerBach Publications, 2005,
ISBN 0849339472
Preparing for the exam
Read more than one CISSP exam prep book
Attend training
Submerse yourself in information security
Take practice exams
Study weak areas
Know your learning style
Know the security principles
Know the definitions (Language of the discipline)
Websites :
Sites for CISSP
(ISC)2 http://www.isc2.org/
CISSP.com http://www.CISSP.com
CISSP OSG http://www.CCCURE.org
CISSP World
Security Docs http://www.securitydocs.com/Certifications/CISSP
Professional Organizations
(ISC)2 https://www.isc2.org
ISSA http://www.issa.org
ASIS http://www.asisonline.org
SANS http://www.sans.org
ISACA http://www.isaca.org/
Computer Security
Institute http://www.gocsi.com/
AMA
http://www.amanet.org (For Managers)
InfraGard (FBI) http://www.infragard.net
Women in Technology
http://www.witi.com/
Secure Business Quarterly
http://www.sbq.com/
Many, many more…
Action Items
Order your books
Look into practice exams
Some books come with sample exams.
Download the CISSP study guide form (ISC)2 , various resources
www.4shared.com
www.rapidlibrary.com
www.sharebowl.com …….
Check out the study sites
Join or start a study group
International Information Systems Security Certification Consortium Established in 1989
Establish the CBK (Common Body of Knowledge) also called the domains of security
In 2004 CISSP was ISO 17024 certified
(ISC)2 - Certifications
CISSP – Certified Information Systems Security Professional
(Level: Advanced)
SSCP – Systems Security Certified Practitioner (Level: Intermediate)
CAP - Certification and Accreditation Professional (Level: Intermediate)
Associate of (ISC)²
ISSEP: Information Systems Security Engineering Professional,
ISSAP: Information Systems Security Architecture Professional, and
ISSMP: Information Systems Security Management Professional
CISSP Domains (CBK)
Access Control Systems and Methodology
Telecommunications and Network Security
Security Management Practices
Applications and System Development Security
Cryptography
Operations Security
Business Continuity Planning
Law, Investigations and Ethics
Physical Security
Security Architecture
Exam
Fee $599
Early registration fee $499
250 Multiple choice questions
25 are beta question
6 hours to complete the exam
Pass with a 700 or higher score
Scantron test forms
Pencils & dictionary
You can bring water, aspirin, food .
Exam Descriptions
“Inch deep and a mile wide”
you need to know everything about everything, like elliptic curves or derivation of the factors of the
product of large prime numbers. Just learn the words and be able to associate them with concepts ,like keystream generation .
Applicant Requirements :
Subscribe to the (ISC)2 Code of Ethics
4 years direct full-time security professional work or 3 years plus college degree or 2 years plus a Bachelor’s Degree and a Master’s.
Degree in Information Security
Recertification every 3 years with 120 CPE
Annual maintenance fee $85
CISSP Endorsement
(ISC)2 Associate program
(ISC)2 Code of Ethics
Code of Ethics Preamble:
Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore ,strict adherence to this code is a condition of certification.
Code of Ethics Canons:
Protect society, the commonwealth, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.
Textbooks
Official (ISC)2 Guide to the CISSP Exam, by Susan Hansche,
John Berti and Chris Hare, (ISC)2 Press – AuerBach
Publications, 2004, ISBN 0-8493-1707-X
All in One CISSP Certification Exam Guide, by Shon Harris,
McGrawHill – Osborne Press, 2002, ISBN 0-07-219353-0
The CISSP Prep Guide: Gold Edition, by Ronald L. Krutz &
Russell Dean Vines, Wiley Press, 2002, ISBN 047126802X
The CISSP Prep Guide: Mastering the CISSP and ISSEP
Exams, Second Edition, by Ronald L. Krutz & Russell Dean
Vines, Wiley Press, 2004, ISBN 076455915X
Information Security Management Handbook CD-ROM 2005
Edition, by various Authors, AuerBach Publications, 2005,
ISBN 0849339472
Preparing for the exam
Read more than one CISSP exam prep book
Attend training
Submerse yourself in information security
Take practice exams
Study weak areas
Know your learning style
Know the security principles
Know the definitions (Language of the discipline)
Websites :
Sites for CISSP
(ISC)2 http://www.isc2.org/
CISSP.com http://www.CISSP.com
CISSP OSG http://www.CCCURE.org
CISSP World
Security Docs http://www.securitydocs.com/Certifications/CISSP
Professional Organizations
(ISC)2 https://www.isc2.org
ISSA http://www.issa.org
ASIS http://www.asisonline.org
SANS http://www.sans.org
ISACA http://www.isaca.org/
Computer Security
Institute http://www.gocsi.com/
AMA
http://www.amanet.org (For Managers)
InfraGard (FBI) http://www.infragard.net
Women in Technology
http://www.witi.com/
Secure Business Quarterly
http://www.sbq.com/
Many, many more…
Action Items
Order your books
Look into practice exams
Some books come with sample exams.
Download the CISSP study guide form (ISC)2 , various resources
www.4shared.com
www.rapidlibrary.com
www.sharebowl.com …….
Check out the study sites
Join or start a study group
Tuesday, October 13, 2009
BON MOTS :
BON MOTS : Certified Information Systems Security Professional (CISSP®)
This is a pretty expensive exam (around 500 USD) and is a painful 5 hr exam
1. Read at least two books i.e Cram guide series and a Wiley publications book.
2. Read the prerequisites carefully, you need to have at least 5 yrs of security experience.
3. Google for CISSP mock exams and Simulators , you will find several.
4. You also need a CISSP to endorse you, after you have completed the exams, and only then your certificate will be mailed to you.
5. As the exam starts , they give you all the pencil, eraser… etc. Just make sure, you have had a good night’s sleep before you appear for the exam.
6. Prepare well for Security, Telecom. , the various security Algorithms, symmetric, asymmetric, digital signatures etc.
7. Having too much in one sitting will give you a headache. Read it early in the day or with
a large cup of coffee.Even though the study guide covers each CBK domain in depth and
in detail.
This is a pretty expensive exam (around 500 USD) and is a painful 5 hr exam
1. Read at least two books i.e Cram guide series and a Wiley publications book.
2. Read the prerequisites carefully, you need to have at least 5 yrs of security experience.
3. Google for CISSP mock exams and Simulators , you will find several.
4. You also need a CISSP to endorse you, after you have completed the exams, and only then your certificate will be mailed to you.
5. As the exam starts , they give you all the pencil, eraser… etc. Just make sure, you have had a good night’s sleep before you appear for the exam.
6. Prepare well for Security, Telecom. , the various security Algorithms, symmetric, asymmetric, digital signatures etc.
7. Having too much in one sitting will give you a headache. Read it early in the day or with
a large cup of coffee.Even though the study guide covers each CBK domain in depth and
in detail.
CISSP 10 Domains Overview
CISSP 10 Domains Overview
Access Control Systems and Methodology
Mechanisms and methods used to enable administrators and managers to control what subjects can access.
* Identification, Authentication, Authorization, Monitoring.
* Access Control Administration.
* Categories and Controls.
* Control Threats and Measures.
* Dana ownership.
* Attacks to the Access Control.
Telecommunications and Network Security
Protocols and devices security.
* OSI.
* LAN, MAN (metropolitan) and WAN technologies.
* Internet, intranet, extranet.
* VPN's, routers, bridges and repeaters.
* topologies.
* Network Attacks.
* Network Security Concepts and Risks.
* Business Goals and Network Security.
Security Management Practices
Company assets to determine the level of protection required, in order to reducing threats and monetary loss.
* Data classification.
* Policies, procedures, standards and guidelines.
* Risk assessment and management.
* Personal security and awareness.
Applications and Systems Development Security
* Data mining and data warehousing.
* Development practices.
* System storage.
* Malicious code.
* Software Based Controls.
* Software Development Lifecyle and Principles.
Cryptography
Cryptographic technologies, and attacks to the cryptography.
* Basic Concepts and Algorithms.
* Symetric vs Asymetric algorithms.
* Signatures and Certification.
* Cryptanalysis.
* PKI.
Security Architecture and Models
Concepts, Principles and Standards for designing and implementing secure applications.
* SO states, kernel functions and memory mapping.
* Security models.
* TCSSE Trusted Computer Security Evaluations (evaluation criteria)
* Common Criteria and ITSEC
* Common flaws in applications and systems.
* Principles and Benefits
* Trusted Systems and Computing Base.
* System and Enterprise Architecture.
Operations Security
Controls over personnel, hardware, systems, auditing and monitoring.
* Administrative responsibilities to personnel and jobs.
* Maintenance concepts. (AV,FW,auditing)
* Preventive, corrective, and recovery controls.
* Standards.
* Media, Backups and Change Control Management.
* Controls Categories.
Business Continuity Planning and Disaster Recovery Planning
Preservation of business activities when faced with disruptions or disasters.
* Resource identification and value.
* Risk assessment.
* Crisis management.
* Response and Recovery Plans.
* Restoration Activities.
* Plan development, implementation and maintenance.
Laws Investigations and Ethics
* Laws, regulations and crimes.
* Licensing and software privacy.
* Export and import laws and issues.
* Evidence types and admissibility into court.
* Incident handling, and forensics.
* Major Legal Systems
* Common and Civil Law
* Regulations, Laws and Information Security
Physical Security
Threats, risks and contra measures to protect: facilities,hardware,data,media and personnel.
* Restricted areas, authorization methods and controls.
* Sensors and alarms.
* Intrusion detection.
* Fire detection, prevention and suppression.
* Fencing security guards, and security badge types.
* Layered Physical Defense and Entry Points.
* Site Location Principle.
Access Control Systems and Methodology
Mechanisms and methods used to enable administrators and managers to control what subjects can access.
* Identification, Authentication, Authorization, Monitoring.
* Access Control Administration.
* Categories and Controls.
* Control Threats and Measures.
* Dana ownership.
* Attacks to the Access Control.
Telecommunications and Network Security
Protocols and devices security.
* OSI.
* LAN, MAN (metropolitan) and WAN technologies.
* Internet, intranet, extranet.
* VPN's, routers, bridges and repeaters.
* topologies.
* Network Attacks.
* Network Security Concepts and Risks.
* Business Goals and Network Security.
Security Management Practices
Company assets to determine the level of protection required, in order to reducing threats and monetary loss.
* Data classification.
* Policies, procedures, standards and guidelines.
* Risk assessment and management.
* Personal security and awareness.
Applications and Systems Development Security
* Data mining and data warehousing.
* Development practices.
* System storage.
* Malicious code.
* Software Based Controls.
* Software Development Lifecyle and Principles.
Cryptography
Cryptographic technologies, and attacks to the cryptography.
* Basic Concepts and Algorithms.
* Symetric vs Asymetric algorithms.
* Signatures and Certification.
* Cryptanalysis.
* PKI.
Security Architecture and Models
Concepts, Principles and Standards for designing and implementing secure applications.
* SO states, kernel functions and memory mapping.
* Security models.
* TCSSE Trusted Computer Security Evaluations (evaluation criteria)
* Common Criteria and ITSEC
* Common flaws in applications and systems.
* Principles and Benefits
* Trusted Systems and Computing Base.
* System and Enterprise Architecture.
Operations Security
Controls over personnel, hardware, systems, auditing and monitoring.
* Administrative responsibilities to personnel and jobs.
* Maintenance concepts. (AV,FW,auditing)
* Preventive, corrective, and recovery controls.
* Standards.
* Media, Backups and Change Control Management.
* Controls Categories.
Business Continuity Planning and Disaster Recovery Planning
Preservation of business activities when faced with disruptions or disasters.
* Resource identification and value.
* Risk assessment.
* Crisis management.
* Response and Recovery Plans.
* Restoration Activities.
* Plan development, implementation and maintenance.
Laws Investigations and Ethics
* Laws, regulations and crimes.
* Licensing and software privacy.
* Export and import laws and issues.
* Evidence types and admissibility into court.
* Incident handling, and forensics.
* Major Legal Systems
* Common and Civil Law
* Regulations, Laws and Information Security
Physical Security
Threats, risks and contra measures to protect: facilities,hardware,data,media and personnel.
* Restricted areas, authorization methods and controls.
* Sensors and alarms.
* Intrusion detection.
* Fire detection, prevention and suppression.
* Fencing security guards, and security badge types.
* Layered Physical Defense and Entry Points.
* Site Location Principle.
How to study CISSP
How to study CISSP
CISSP Has many domains (10), but it has not much deepening at every domain, so saying "its inch deep and a mile wide".
So, it is more important to know all domains than getting deeper in few domains.You must take notes about every domain, and don't lose much time with the domains where you work every day.
The CISSP exam:
* 250 questions 4 choices and only 1 correct
* 6 hours with exams
* 225 scored and 25 questions for research purpose.
* You have to score 700 points.
The trick is to learn concepts like word/phrase -> meaning then it will be easier, for example :
(ISC)2 -> International Information Systems Security Certification Consortium
CISSP Has many domains (10), but it has not much deepening at every domain, so saying "its inch deep and a mile wide".
So, it is more important to know all domains than getting deeper in few domains.You must take notes about every domain, and don't lose much time with the domains where you work every day.
The CISSP exam:
* 250 questions 4 choices and only 1 correct
* 6 hours with exams
* 225 scored and 25 questions for research purpose.
* You have to score 700 points.
The trick is to learn concepts like word/phrase -> meaning then it will be easier, for example :
(ISC)2 -> International Information Systems Security Certification Consortium
Choose A Certification :
Choose A Certification :
CISSP® - Certified Information Systems Security Professional
The CISSP® is considered the global standard that proves an individual's proficiency in several security disciplines. The CISSP® certification is seen as a requirement for many technical, mid-management, and senior management positions. The holder of a CISSP® displays competence in all ten areas of the Common Body of Knowledge: Access Control, Application Security, Business Continuity and Disaster Recovery Planning, Cryptography, Information Security and Risk Management, Legal, Regulations, Compliance and Investigations, Operations Security, Physical (Environmental) Security, Security Architecture and Design, Telecommunications and Network Security.
CISA - Certified Information Systems Auditor
CISA is an audit professional certification that prepares you to serve the IS audit, control and security industry. Topics include ISACA IS Auditing Standards, Guidelines and Procedures and Code of Professional Ethics.
SSCP - Systems Security Certified Practitioner
This certification is designed for those working on or already have positions as Senior Network Security Engineers, Senior Security Systems Analysts or Senior Security Administrators. The SSCP certification focuses on the seven domains from the (ISC)² Common Book of Knowledge, and is a strong starting point for those interested in continuing further in an information security career.
CEH – Certified Ethical Hacking
This certification will strengthen the knowledge of security officers, auditors and others concerned about network integrity on how to look for the weaknesses and vulnerabilities in target systems and use the same knowledge and tools as a malicious hacker to protect target systems.
Security+
This certification is for foundation-level security professionals on IT security topics, including communication security, infrastructure security, cryptography, operational security, and general security concepts.
CISSP® - Certified Information Systems Security Professional
The CISSP® is considered the global standard that proves an individual's proficiency in several security disciplines. The CISSP® certification is seen as a requirement for many technical, mid-management, and senior management positions. The holder of a CISSP® displays competence in all ten areas of the Common Body of Knowledge: Access Control, Application Security, Business Continuity and Disaster Recovery Planning, Cryptography, Information Security and Risk Management, Legal, Regulations, Compliance and Investigations, Operations Security, Physical (Environmental) Security, Security Architecture and Design, Telecommunications and Network Security.
CISA - Certified Information Systems Auditor
CISA is an audit professional certification that prepares you to serve the IS audit, control and security industry. Topics include ISACA IS Auditing Standards, Guidelines and Procedures and Code of Professional Ethics.
SSCP - Systems Security Certified Practitioner
This certification is designed for those working on or already have positions as Senior Network Security Engineers, Senior Security Systems Analysts or Senior Security Administrators. The SSCP certification focuses on the seven domains from the (ISC)² Common Book of Knowledge, and is a strong starting point for those interested in continuing further in an information security career.
CEH – Certified Ethical Hacking
This certification will strengthen the knowledge of security officers, auditors and others concerned about network integrity on how to look for the weaknesses and vulnerabilities in target systems and use the same knowledge and tools as a malicious hacker to protect target systems.
Security+
This certification is for foundation-level security professionals on IT security topics, including communication security, infrastructure security, cryptography, operational security, and general security concepts.
Verify CISSP Certification
Verify CISSP Certification
The CISSP certification is seen as a standard for security professionals. The exam is based on the following 10 domains:
- Domain 1 Security Management Practices
- Domain 2 Security Architecture and Models
- Domain 3 Preventive Maintenance
- Domain 4 Application Development Security
- Domain 5 Operations Security
- Domain 6 Physical Security
- Domain 7 Cryptography
- Domain 8 Telecommunications, Network, and Internet Security
- Domain 9 Business Continuity Planning
- Domain 10 Law, Investigations, and Ethics
The exam is multiple choice, 250 questions which you have 6 hours to complete. So it is quite a highly sort after certification to have.
Changes to the CISSP Exam
Changes to the CISSP Exam
The CISSP is getting better to the needs of the industry.
Some smaller changes that took place was that (ISC)2 changed the names of some of the CISSP Common Body of Knowledge (CBK) domain names, which has caused some confusion.The core of each domain has not changed, although some items have been added to some of the domains.
The current domains in the CBK (Common Body of Knowledge) are listed below :
• Access Control
• Application Security
• Business Continuity and Disaster Recovery Planning
• Cryptography
• Information Security and Risk Management
• Legal, Regulations, Compliance and Investigations
• Operations Security
• Physical (Environmental) Security
• Security Architecture and Design
• Telecommunications and Network Security
Information Security Risk Management
o New – Security program and blueprints
o New – Risk Models
• Access Control
o New – Identity Management
• Cryptography
o New – more block cipher modes and integrity controls
o New – more attack types
• Physical Security - Environmental
o New – Light types, CCTV, lock picking, lock type
o New – More focus on methodology and process
• Application Security
o New – more focus on methodology and process
o New – web site and application security
o New – more malware types and attack types
• Business Continuity and Disaster Recovery Planning
o New – more focus on methodology and process
• Telecommunications and Network
o New – 802.11 types and security
o New – instant messaging
• Operations Security
o New - Vulnerability and Penetration Testing
o New - Attack Types
o New – Malware Control Types
• Security Architecture and Design
o New – enterprise architecture, building, maintaining, holistic security, security trust zones, Zackman Framework
o New – less Orange Book and more Common Criteria
• Legal, Regulations, Compliance and Investigation
o New - types of Laws
o New – focus on forensics and methodology
To get more information , please visit :
http://www.logicalsecurity.com/education/education_courses_cissp.html.
• Updated study questions and exam material
• http://www.logicalsecurity.com/practice/practice_overview.html
Articles on the CISSP exam
• http://www.logicalsecurity.com/resources/resources_articles.html
•
• http://www.cccure.org
• http://cisspblog.logicalsecurity.com
• http://www.logicalsecurity.com/education/education_courses_cissp.html
The CISSP is getting better to the needs of the industry.
Some smaller changes that took place was that (ISC)2 changed the names of some of the CISSP Common Body of Knowledge (CBK) domain names, which has caused some confusion.The core of each domain has not changed, although some items have been added to some of the domains.
The current domains in the CBK (Common Body of Knowledge) are listed below :
• Access Control
• Application Security
• Business Continuity and Disaster Recovery Planning
• Cryptography
• Information Security and Risk Management
• Legal, Regulations, Compliance and Investigations
• Operations Security
• Physical (Environmental) Security
• Security Architecture and Design
• Telecommunications and Network Security
Information Security Risk Management
o New – Security program and blueprints
o New – Risk Models
• Access Control
o New – Identity Management
• Cryptography
o New – more block cipher modes and integrity controls
o New – more attack types
• Physical Security - Environmental
o New – Light types, CCTV, lock picking, lock type
o New – More focus on methodology and process
• Application Security
o New – more focus on methodology and process
o New – web site and application security
o New – more malware types and attack types
• Business Continuity and Disaster Recovery Planning
o New – more focus on methodology and process
• Telecommunications and Network
o New – 802.11 types and security
o New – instant messaging
• Operations Security
o New - Vulnerability and Penetration Testing
o New - Attack Types
o New – Malware Control Types
• Security Architecture and Design
o New – enterprise architecture, building, maintaining, holistic security, security trust zones, Zackman Framework
o New – less Orange Book and more Common Criteria
• Legal, Regulations, Compliance and Investigation
o New - types of Laws
o New – focus on forensics and methodology
To get more information , please visit :
http://www.logicalsecurity.com/education/education_courses_cissp.html.
• Updated study questions and exam material
• http://www.logicalsecurity.com/practice/practice_overview.html
Articles on the CISSP exam
• http://www.logicalsecurity.com/resources/resources_articles.html
•
• http://www.cccure.org
• http://cisspblog.logicalsecurity.com
• http://www.logicalsecurity.com/education/education_courses_cissp.html
The Cisco's certification program is excellent
Certified Information Systems Security Professional (CISSP®)
The Cisco's certification program is excellent.
Is the CISSP a good cert to have? Absolutely !
The most valuable certification is the Certified Information Systems Security Professional (CISSP). It means you have a good understanding of the 10 bodies of CBK , a combination of real world experience will give you a stronger foundation than most people in the field.
Experience is required. Yes. Experience is required for the CISSP.
Well, the CISSP is certainly recognized in the applicable field.
Having a CISSP certification is more than an HR thing.
What are your plans? Why or why not do you pursue the CISSP ?
The CISSP was never meant to be a test of someone's technical skills, it's meant to show that the owner has a high level understanding of security in general. It does not denote technical knowledge, something many of the owners of the CISSP forget, as well as most of the people viewing it from the outside. The CISSP in no way measures technical skills , rather it is measure for knowledge of security principles.
If you're expecting technical expertise, look for CCNA , CCSP, CCIE or CEH. Unluckily, most of those aren't nearly as readily recognized by the HR departments as being 'security certificates' ; For better or worse !
CISSP is a nice start to someone just gaining credibility and looking to move on up. Something like a Security+ or Network+ is just not the same...
CISSP is not deeper in concepts but is highly recognized around the world, and certifies you have a base. Well, at all certification happens the same, there are people who take it, but doesn't understand really the concepts however you have to have a fairly deep technical understanding to pass the exam. CISSP is all about them who can chain the business needs and the technical capabilities together.
In the realm of information security and technical safeguards we have to understand the real problems, the real risks , the real threats. The biggest failure in the industry right now is having geeks think they are information security professionals. It is rather sad to see a person with an A+ or Cisco Security cert applying qualitative risk analysis and assets need to be protected, and to what degree. They fail miserably because they were taught that security was a technical problem, and not a business one.
The weakness of a certification based entirely on theory without practice :
Theory is worthless in security and risk management, you can't manage risk by simply being a high level person. CISSP does not measure practical skills or practical experience, for a field that is all about practical. Too bad the CISSP doesn’t require a practical.
SANS seems to have it right. You have to prove competence via practical effort. The GSE is an excellent example of that.
But this doesn’t mean that you should not go for it , you must but prior you must try to get some of the tech. certifications of Microsoft, Cisco etc…., then it will be more worth to you .
MCP>MCSE>CCNA>CEH>CCSP>CISSP along with any other as MCA ….
Best of luck, if you are taking this exam !
The Cisco's certification program is excellent.
Is the CISSP a good cert to have? Absolutely !
The most valuable certification is the Certified Information Systems Security Professional (CISSP). It means you have a good understanding of the 10 bodies of CBK , a combination of real world experience will give you a stronger foundation than most people in the field.
Experience is required. Yes. Experience is required for the CISSP.
Well, the CISSP is certainly recognized in the applicable field.
Having a CISSP certification is more than an HR thing.
What are your plans? Why or why not do you pursue the CISSP ?
The CISSP was never meant to be a test of someone's technical skills, it's meant to show that the owner has a high level understanding of security in general. It does not denote technical knowledge, something many of the owners of the CISSP forget, as well as most of the people viewing it from the outside. The CISSP in no way measures technical skills , rather it is measure for knowledge of security principles.
If you're expecting technical expertise, look for CCNA , CCSP, CCIE or CEH. Unluckily, most of those aren't nearly as readily recognized by the HR departments as being 'security certificates' ; For better or worse !
CISSP is a nice start to someone just gaining credibility and looking to move on up. Something like a Security+ or Network+ is just not the same...
CISSP is not deeper in concepts but is highly recognized around the world, and certifies you have a base. Well, at all certification happens the same, there are people who take it, but doesn't understand really the concepts however you have to have a fairly deep technical understanding to pass the exam. CISSP is all about them who can chain the business needs and the technical capabilities together.
In the realm of information security and technical safeguards we have to understand the real problems, the real risks , the real threats. The biggest failure in the industry right now is having geeks think they are information security professionals. It is rather sad to see a person with an A+ or Cisco Security cert applying qualitative risk analysis and assets need to be protected, and to what degree. They fail miserably because they were taught that security was a technical problem, and not a business one.
The weakness of a certification based entirely on theory without practice :
Theory is worthless in security and risk management, you can't manage risk by simply being a high level person. CISSP does not measure practical skills or practical experience, for a field that is all about practical. Too bad the CISSP doesn’t require a practical.
SANS seems to have it right. You have to prove competence via practical effort. The GSE is an excellent example of that.
But this doesn’t mean that you should not go for it , you must but prior you must try to get some of the tech. certifications of Microsoft, Cisco etc…., then it will be more worth to you .
MCP>MCSE>CCNA>CEH>CCSP>CISSP along with any other as MCA ….
Best of luck, if you are taking this exam !
EDUCATION
EDUCATION
MCP( Microsoft certified professional )
MCSA(Microsoft certified system administrator )
Microsoft Certified Systems Engineer (MCSE 2003)
CEH( Certified Ethical Hacker )
CCNA( cisco certified network associate)
CCNP
CISSP Certified Information Systems Security Professional
VMware Certified Professional (VCP)
Microsoft Certified Information Technology Professional (MCITP 2008)
MCP( Microsoft certified professional )
MCSA(Microsoft certified system administrator )
Microsoft Certified Systems Engineer (MCSE 2003)
CEH( Certified Ethical Hacker )
CCNA( cisco certified network associate)
CCNP
CISSP Certified Information Systems Security Professional
VMware Certified Professional (VCP)
Microsoft Certified Information Technology Professional (MCITP 2008)
Security Certifications !
Information Systems Security Architecture Professional (CISSP-ISSAP)
The CISSP-ISSAP is an appropriate credential for Chief Security Architects and
Analysts who may typically work as an independent consultant or in a similar capacity within
an enterprise
The six domains of the CISSP-ISSAP CBK are:
• Access Control Systems and Methodology
• Cryptography
• Physical Security Integration
• Requirements Analysis and Security Standards, Guidelines and Criteria
• Technology Related Business Continuity and Disaster Recovery Planning
• Telecommunications and Network Security
Information Systems Security Engineering Professional
(CISSP-ISSEP)
was developed in conjunction with the U.S. National Security Agency (NSA) providing an invaluable tool for any systems security engineering professional. CISSP-ISSEP is the guide for incorporating security into projects, applications, business processes and all information systems. One of the domains of the CISSP-ISSEP CBK holds specific relevance to U.S. law - however it’s still an extremely relevant tool for any security professional.
The four domains of the CISSP-ISSEP CBK are:
• Certification and Accreditation
• Systems Security Engineering
• Technical Management
• U.S. Government Information Assurance Regulations
Information Systems Security Management Professional (CISSP-ISSMP)
An CISSP-ISSMP® establishes, presents and governs information security policies and
procedures as supportive to overall business goals rather than a drain on resources.
CISSP-ISSMP certification holder will be responsible for constructing the framework of the information security department and define the means of supporting the group internally.
The five domains of the CISSP®-ISSMP® CBK® are:
• Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) and
Continuity of Operations Planning (COOP)
• Enterprise Security Management Practices
• Enterprise-wide System Development Security
• Law, Investigations, Forensics and Ethics
• Overseeing Compliance of Operations Security
For more information on the CISSP Concentrations, visit www.isc2.org/concentrations.
www.isc2.org
Bibliography/References: CISSP All In One Review by Shon Harris, website www.cissp.com,website www.isc.com
http://book.bestwestern.com/bestwestern/productInfo.do?propertyCode=09103
Wayne Hudson (888) 373-5116 ext 102 OR Kathy Conlon (888) 373-5116 ext 104
WayneH@LogicalSecurity.com KathyC@LogicalSecurity.com
The CISSP-ISSAP is an appropriate credential for Chief Security Architects and
Analysts who may typically work as an independent consultant or in a similar capacity within
an enterprise
The six domains of the CISSP-ISSAP CBK are:
• Access Control Systems and Methodology
• Cryptography
• Physical Security Integration
• Requirements Analysis and Security Standards, Guidelines and Criteria
• Technology Related Business Continuity and Disaster Recovery Planning
• Telecommunications and Network Security
Information Systems Security Engineering Professional
(CISSP-ISSEP)
was developed in conjunction with the U.S. National Security Agency (NSA) providing an invaluable tool for any systems security engineering professional. CISSP-ISSEP is the guide for incorporating security into projects, applications, business processes and all information systems. One of the domains of the CISSP-ISSEP CBK holds specific relevance to U.S. law - however it’s still an extremely relevant tool for any security professional.
The four domains of the CISSP-ISSEP CBK are:
• Certification and Accreditation
• Systems Security Engineering
• Technical Management
• U.S. Government Information Assurance Regulations
Information Systems Security Management Professional (CISSP-ISSMP)
An CISSP-ISSMP® establishes, presents and governs information security policies and
procedures as supportive to overall business goals rather than a drain on resources.
CISSP-ISSMP certification holder will be responsible for constructing the framework of the information security department and define the means of supporting the group internally.
The five domains of the CISSP®-ISSMP® CBK® are:
• Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) and
Continuity of Operations Planning (COOP)
• Enterprise Security Management Practices
• Enterprise-wide System Development Security
• Law, Investigations, Forensics and Ethics
• Overseeing Compliance of Operations Security
For more information on the CISSP Concentrations, visit www.isc2.org/concentrations.
www.isc2.org
Bibliography/References: CISSP All In One Review by Shon Harris, website www.cissp.com,website www.isc.com
http://book.bestwestern.com/bestwestern/productInfo.do?propertyCode=09103
Wayne Hudson (888) 373-5116 ext 102 OR Kathy Conlon (888) 373-5116 ext 104
WayneH@LogicalSecurity.com KathyC@LogicalSecurity.com
CISSP Advanced Security Management
CISSP Advanced Security Management
Module 1—Physical Security
Facility Management
Environmental Issues and Controls
Denial of Service
Perimeter Security and Access Controls
Module 2—Cryptography
Cryptographic History and Overview
Secret Key Encryption and Uses
Public Key Algorithms and Uses
PKI and Digital Signatures
Cryptographic Attacks
Module 3—Access Control
Access Control Concepts, Methodologies, and Implementation (AAA)
Access Control Models
Access Control Methods
Access Control Risk, Vulnerabilities, and Exposure
Module 4—Security Models and Architecture
Computer Architecture
System Architecture
Computer Security Models
Security Evaluation Methods
Module 5—Network and Internet Security
Basic Networking Theory and the OSI Model
Basic Networking Theory and the TCP/IP Model
Networking Equipment, Firewalls, Routers, and Network Gear
Preventive, Detective, and Corrective Measures
Voice and Data Communications – LANs, WANs, and Remote Access
RAID, Backups, and Robust Networking
Module 6—Disaster Recovery
Business Continuity Planning and Business Impact Analysis
Disaster Recovery Planning, Development, and Implementation
Tests, Drills, and Emergency Response
Module 7—Law, Investigation, and Ethics
Computer Crime Investigation Methods, Techniques, and Laws
Hackers, Security Professionals, and Ethics
Computer Crime
Forensics, Evidence Gathering, and Preservation Methods
Module 8—Applications and System Development Security
Database Development
Systems Development
Applications Development
SSE – CMM
Module 9—Operations Security
Principles, Techniques, and Mechanisms
Principles and Practices of Good Security
Security by Obscurity
Resource Protection Mechanisms and Techniques
Attacks and Prevention Methods
Module 10—Security Management Practices
Security Management Planning
Most Important Security Component
Data Classification
Risk Management
Security Policy Development
Identification of Information Assets
CISSP® Exam Prep – What You Need to Know
CISSP® Exam Prep – Preparing for the CISSP® Exam
Module 1—Physical Security
Facility Management
Environmental Issues and Controls
Denial of Service
Perimeter Security and Access Controls
Module 2—Cryptography
Cryptographic History and Overview
Secret Key Encryption and Uses
Public Key Algorithms and Uses
PKI and Digital Signatures
Cryptographic Attacks
Module 3—Access Control
Access Control Concepts, Methodologies, and Implementation (AAA)
Access Control Models
Access Control Methods
Access Control Risk, Vulnerabilities, and Exposure
Module 4—Security Models and Architecture
Computer Architecture
System Architecture
Computer Security Models
Security Evaluation Methods
Module 5—Network and Internet Security
Basic Networking Theory and the OSI Model
Basic Networking Theory and the TCP/IP Model
Networking Equipment, Firewalls, Routers, and Network Gear
Preventive, Detective, and Corrective Measures
Voice and Data Communications – LANs, WANs, and Remote Access
RAID, Backups, and Robust Networking
Module 6—Disaster Recovery
Business Continuity Planning and Business Impact Analysis
Disaster Recovery Planning, Development, and Implementation
Tests, Drills, and Emergency Response
Module 7—Law, Investigation, and Ethics
Computer Crime Investigation Methods, Techniques, and Laws
Hackers, Security Professionals, and Ethics
Computer Crime
Forensics, Evidence Gathering, and Preservation Methods
Module 8—Applications and System Development Security
Database Development
Systems Development
Applications Development
SSE – CMM
Module 9—Operations Security
Principles, Techniques, and Mechanisms
Principles and Practices of Good Security
Security by Obscurity
Resource Protection Mechanisms and Techniques
Attacks and Prevention Methods
Module 10—Security Management Practices
Security Management Planning
Most Important Security Component
Data Classification
Risk Management
Security Policy Development
Identification of Information Assets
CISSP® Exam Prep – What You Need to Know
CISSP® Exam Prep – Preparing for the CISSP® Exam
ISC 2 FAQS !
Official (ISC)² Online CISSP® Review Course FAQ
Question: Who is (ISC)²?
Answer: (ISC)² is the international leader in training and certifying information security professionals
worldwide. They are dedicated to offering internationally recognized credibility to government information security professionals at every career level.visit
www.isc2.org.
Question: What is the CISSP® Certification?
Answer: The CISSP Certification was designed to recognize mastery of an international standard for
information security (IS) and understanding of a Common Body of Knowledge (CBK).
Question: What are the 10 CISSP information systems security test domains covered in the
Official CISSP Review Course?
Answer:
Access Control Systems & Methodology
Physical Security
Business Continuity Planning
Law, Investigation & Ethics
Cryptography
Telecommunications Network & Internet Security
Security Architecture & Models
Applications & Systems Development
Security Management Practices
Operations Security
Question: What is the price of the Official Online CISSP Review Course?
Answer: An individual Online CISSP Review Package is priced at $1,395 for a 120-day subscription.
Volume discounts, along with varying subscription lengths, are available.
Question: What is the price of a five-day instructor led CISSP Review Seminar?
Answer: $2,695 (this does not include travel expenses)
Question: Can I view a course demo?
Answer: Yes, visit http://company.vcampus.com/isc2/cisspdemo/launch.htm
Question: Can I receive CPEs for completing the Official Online CISSP Review Course?
Answer: Security professionals who already hold the CISSP designation will obtain 40 CPEs upon
completion of the Official Online CISSP Review Course.
Question: How long will I have to complete the Official Online CISSP Review Course?
Answer: The subscription lengths are 120, 150, 180, and 365 days.
Question: How long does it take to complete the Official Online CISSP Review Course?
Answer: This review course is equivalent to a 5-day instructor led review class. The expected
completion time is 40 hours.
Maintenance Requirements
Recertification is required every three years, primarily accomplished through earning 120 continuing professional education (CPE),with a minimum of 20 CPEs earned each year after certification.
CISSPs must also pay an annual maintenance fee (AMF) of USD85 per year.
For more information on the CISSP certification, visit www.isc2.org/cissp.
Question: Who is (ISC)²?
Answer: (ISC)² is the international leader in training and certifying information security professionals
worldwide. They are dedicated to offering internationally recognized credibility to government information security professionals at every career level.visit
www.isc2.org.
Question: What is the CISSP® Certification?
Answer: The CISSP Certification was designed to recognize mastery of an international standard for
information security (IS) and understanding of a Common Body of Knowledge (CBK).
Question: What are the 10 CISSP information systems security test domains covered in the
Official CISSP Review Course?
Answer:
Access Control Systems & Methodology
Physical Security
Business Continuity Planning
Law, Investigation & Ethics
Cryptography
Telecommunications Network & Internet Security
Security Architecture & Models
Applications & Systems Development
Security Management Practices
Operations Security
Question: What is the price of the Official Online CISSP Review Course?
Answer: An individual Online CISSP Review Package is priced at $1,395 for a 120-day subscription.
Volume discounts, along with varying subscription lengths, are available.
Question: What is the price of a five-day instructor led CISSP Review Seminar?
Answer: $2,695 (this does not include travel expenses)
Question: Can I view a course demo?
Answer: Yes, visit http://company.vcampus.com/isc2/cisspdemo/launch.htm
Question: Can I receive CPEs for completing the Official Online CISSP Review Course?
Answer: Security professionals who already hold the CISSP designation will obtain 40 CPEs upon
completion of the Official Online CISSP Review Course.
Question: How long will I have to complete the Official Online CISSP Review Course?
Answer: The subscription lengths are 120, 150, 180, and 365 days.
Question: How long does it take to complete the Official Online CISSP Review Course?
Answer: This review course is equivalent to a 5-day instructor led review class. The expected
completion time is 40 hours.
Maintenance Requirements
Recertification is required every three years, primarily accomplished through earning 120 continuing professional education (CPE),with a minimum of 20 CPEs earned each year after certification.
CISSPs must also pay an annual maintenance fee (AMF) of USD85 per year.
For more information on the CISSP certification, visit www.isc2.org/cissp.
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Security
Professional (CISSP)
Course Description
This course trains students in all areas of the security Common Body of Knowledge
(CBK). They will learn about security policy development, secure software development
procedures, network vulnerabilities, attack types and corresponding countermeasures,
cryptography concepts and their uses, disaster recovery plans and procedures, risk
analysis, crucial laws and regulations, forensics basics, computer crime investigation
procedures, physical security, and much, much more. They will explore the contents
and concepts that make up the diverse domains and learn how they work together to
provide true in-depth defense.
Course Objectives
1. Security Management Practices
o Types of Security Controls
o Components of a Security Program
o Security Policies, Standards, Procedures, and Guidelines
o Risk Management and Analysis
o Information Classification
o Employee Management Issues
o Threats, Vulnerabilities and Corresponding Administrative Controls
2. Access Control Systems and Methodology
o Identification, Authentication, and Authorization Techniques and
Technologies
o Biometrics, Smart Cards, and Memory Cards
o Single Sign-On Technologies and Their Risks
o Discretionary versus Mandatory Access Control Models
o Rule-based and Role-based Access Control
o Object Reuse Issues and Social Engineering
o Emissions Security Risks and Solutions
o Specific Attacks and Countermeasures
3. Cryptography
o Historical Uses of Cryptography
o Block and Stream Ciphers
o Explanation and Uses of Symmetric Key Algorithms
o Explanation and Uses of Asymmetric Key Algorithms
o Public Key Infrastructure Components
o Data Integrity Algorithms and Technologies
o IPSec, SSL, SSH, and PGP
o Secure Electronic Transactions
o Key Management
o Attacks on Cryptosystems
4. Physical Security
o Facility Location and Construction Issues
o Physical Vulnerabilities and Threats
o Doors, Windows, and Secure Room Concerns
o Hardware Metrics and Backup Options
o Electrical Power Issues and Solutions
o Fire Detection and Suppression
o Fencing, Lighting, and Perimeter Protection
o Physical Intrusion Detection Systems
5. Enterprise Security Architecture
o Critical Components of Every Computer
o Processes and Threads
o The OSI Model
o Operating System Protection Mechanisms
o Ring Architecture and Trusted Components
o Virtual Machines, Layering, and Virtual Memory
o Access Control Models
o Orange Book, ITSEC, and Common Criteria
o Certification and Accreditation
o Covert Channels and Types of Attacks
o Buffer Overflows and Data Validation Attacks
6. Law, Investigation, and Ethics
o Different Ethics Sets
o Computer Criminal Profiles
o Types of Crimes
o Liability and Due Care Topics
o Privacy Laws and Concerns
o Complications of Computer Crime Investigation
o Types of Evidence and How to Collect It
o Forensics
o Legal Systems
7. Telecommunications, Networks, and Internet Security
o TCP\IP Suite
o LAN, MAN, and WAN Topologies and Technologies
o Cable Types and Issues
o Broadband versus Baseband Technologies
o Ethernet and Token Ring
o Network Devices
o Firewall Types and Architectures
o Dial-up and VPN Protocols
o DNS and NAT Network Services
o FDDI and SONET
o X.25, Frame Relay, and ATM
o Wireless LANs and Security Issues
o Cell Phone Fraud
o VoIP
o Types of Attacks
8. Business Continuity Planning
o Roles and Responsibilities
o Liability and Due Care Issues
o Business Impact Analysis
o Identification of Different Types of Threats
o Development Process of BCP
o Backup Options and Technologies
o Types of Offsite Facilities
o Implementation and Testing of BCP
9. Applications & Systems Development
o Software Development Models
o Prototyping and CASE Tools
o Object-Oriented Programming
o Middleware Technologies
o ActiveX, Java, OLE, and ODBC
o Database Models
o Relational Database Components
o CGI, Cookies, and Artificial Intelligence
o Different Types of Malware
10. Operations Security
o Operations Department Responsibilities
o Personnel and Roles
o Media Library and Resource Protection
o Types of Intrusion Detection Systems
o Vulnerability and Penetration Testing
o Facsimile Security
o RAID, Redundant Servers, and Clustering
CISSP Certification Preparation
The Certified Information Systems Security Professional® (CISSP) is an industry- standard
certification for Information Security management, providing Information Security professionals
with an objective measure of competence and a globally recognized standard of achievement.
CISSP is the first ANSI/ISO-accredited certification program in the field of Information Security.
The CISSP credential demonstrates competence in the ten domains of the (ISC)²* CISSP
Common Body of Knowledge® (CBK).
Professional (CISSP)
Course Description
This course trains students in all areas of the security Common Body of Knowledge
(CBK). They will learn about security policy development, secure software development
procedures, network vulnerabilities, attack types and corresponding countermeasures,
cryptography concepts and their uses, disaster recovery plans and procedures, risk
analysis, crucial laws and regulations, forensics basics, computer crime investigation
procedures, physical security, and much, much more. They will explore the contents
and concepts that make up the diverse domains and learn how they work together to
provide true in-depth defense.
Course Objectives
1. Security Management Practices
o Types of Security Controls
o Components of a Security Program
o Security Policies, Standards, Procedures, and Guidelines
o Risk Management and Analysis
o Information Classification
o Employee Management Issues
o Threats, Vulnerabilities and Corresponding Administrative Controls
2. Access Control Systems and Methodology
o Identification, Authentication, and Authorization Techniques and
Technologies
o Biometrics, Smart Cards, and Memory Cards
o Single Sign-On Technologies and Their Risks
o Discretionary versus Mandatory Access Control Models
o Rule-based and Role-based Access Control
o Object Reuse Issues and Social Engineering
o Emissions Security Risks and Solutions
o Specific Attacks and Countermeasures
3. Cryptography
o Historical Uses of Cryptography
o Block and Stream Ciphers
o Explanation and Uses of Symmetric Key Algorithms
o Explanation and Uses of Asymmetric Key Algorithms
o Public Key Infrastructure Components
o Data Integrity Algorithms and Technologies
o IPSec, SSL, SSH, and PGP
o Secure Electronic Transactions
o Key Management
o Attacks on Cryptosystems
4. Physical Security
o Facility Location and Construction Issues
o Physical Vulnerabilities and Threats
o Doors, Windows, and Secure Room Concerns
o Hardware Metrics and Backup Options
o Electrical Power Issues and Solutions
o Fire Detection and Suppression
o Fencing, Lighting, and Perimeter Protection
o Physical Intrusion Detection Systems
5. Enterprise Security Architecture
o Critical Components of Every Computer
o Processes and Threads
o The OSI Model
o Operating System Protection Mechanisms
o Ring Architecture and Trusted Components
o Virtual Machines, Layering, and Virtual Memory
o Access Control Models
o Orange Book, ITSEC, and Common Criteria
o Certification and Accreditation
o Covert Channels and Types of Attacks
o Buffer Overflows and Data Validation Attacks
6. Law, Investigation, and Ethics
o Different Ethics Sets
o Computer Criminal Profiles
o Types of Crimes
o Liability and Due Care Topics
o Privacy Laws and Concerns
o Complications of Computer Crime Investigation
o Types of Evidence and How to Collect It
o Forensics
o Legal Systems
7. Telecommunications, Networks, and Internet Security
o TCP\IP Suite
o LAN, MAN, and WAN Topologies and Technologies
o Cable Types and Issues
o Broadband versus Baseband Technologies
o Ethernet and Token Ring
o Network Devices
o Firewall Types and Architectures
o Dial-up and VPN Protocols
o DNS and NAT Network Services
o FDDI and SONET
o X.25, Frame Relay, and ATM
o Wireless LANs and Security Issues
o Cell Phone Fraud
o VoIP
o Types of Attacks
8. Business Continuity Planning
o Roles and Responsibilities
o Liability and Due Care Issues
o Business Impact Analysis
o Identification of Different Types of Threats
o Development Process of BCP
o Backup Options and Technologies
o Types of Offsite Facilities
o Implementation and Testing of BCP
9. Applications & Systems Development
o Software Development Models
o Prototyping and CASE Tools
o Object-Oriented Programming
o Middleware Technologies
o ActiveX, Java, OLE, and ODBC
o Database Models
o Relational Database Components
o CGI, Cookies, and Artificial Intelligence
o Different Types of Malware
10. Operations Security
o Operations Department Responsibilities
o Personnel and Roles
o Media Library and Resource Protection
o Types of Intrusion Detection Systems
o Vulnerability and Penetration Testing
o Facsimile Security
o RAID, Redundant Servers, and Clustering
CISSP Certification Preparation
The Certified Information Systems Security Professional® (CISSP) is an industry- standard
certification for Information Security management, providing Information Security professionals
with an objective measure of competence and a globally recognized standard of achievement.
CISSP is the first ANSI/ISO-accredited certification program in the field of Information Security.
The CISSP credential demonstrates competence in the ten domains of the (ISC)²* CISSP
Common Body of Knowledge® (CBK).
Daily Lesson Plan !
Daily Lesson Plan
Introduction
Case Study #1
Building a Successful Security Infrastructure
Domain1
Information Security and Risk Management
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 2
Access Control
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 3
Cryptography
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 4
Physical (Environmental) Security
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
2
Domain 5
Security Architecture and Design
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 6
Business Continuity and Disaster Recovery
Planning
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 7
Telecommunications and Network Security
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 8
Application Security
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 9
Operations Security
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 10
Legal, Regulations, Compliance, and
Investigations
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
• Implementing a Successful Security Assessment Process
https://www2.sans.org/reading_room/whitepapers/basics/450.php?id=450&cat=basics
Case Studies
• Identity Authentication Management (IAM)
http://www.indigovision.com/learnabout-iaminipvideo.php
• Cisco Systems Network Admission Control (NAC) Presentation
http://www.cisco.com/cdc_content_elements/flash/nac/demo.htm
4
http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=4000000819
https://www2.sans.org/reading_room/whitepapers/awareness/416.php?id=416&cat=awareness
5
Case Studies
Villagemall.com
http://www.microsoft.com/resources/casestudies/CaseStudy.asp?CaseStudyID=11040
The Case of Brazil
http://www.itu.int/osg/spu/ni/security/workshop/presentations/cni.15.pdf
QualysGuard Demos
http://www.qualysguard.com/products/demos/
QualysGuard Free Trial and Guides
http://www.qualys.com/products/trials/
Penetration Test Automation
http://www.coresecurity.com/files/attachments/CORE_IMPACT-WhitePaper.pdf
http://www.business.com/search/rslt_default.asp?vt=all&query=computer+crime&type=web
Introduction
Case Study #1
Building a Successful Security Infrastructure
Domain1
Information Security and Risk Management
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 2
Access Control
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 3
Cryptography
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 4
Physical (Environmental) Security
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
2
Domain 5
Security Architecture and Design
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 6
Business Continuity and Disaster Recovery
Planning
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 7
Telecommunications and Network Security
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 8
Application Security
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 9
Operations Security
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
Domain 10
Legal, Regulations, Compliance, and
Investigations
• Presentation (Lecture)
• Practice / Exercise / Labs / Demos
• Apply your knowledge
• Practice Test
• Implementing a Successful Security Assessment Process
https://www2.sans.org/reading_room/whitepapers/basics/450.php?id=450&cat=basics
Case Studies
• Identity Authentication Management (IAM)
http://www.indigovision.com/learnabout-iaminipvideo.php
• Cisco Systems Network Admission Control (NAC) Presentation
http://www.cisco.com/cdc_content_elements/flash/nac/demo.htm
4
http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=4000000819
https://www2.sans.org/reading_room/whitepapers/awareness/416.php?id=416&cat=awareness
5
Case Studies
Villagemall.com
http://www.microsoft.com/resources/casestudies/CaseStudy.asp?CaseStudyID=11040
The Case of Brazil
http://www.itu.int/osg/spu/ni/security/workshop/presentations/cni.15.pdf
QualysGuard Demos
http://www.qualysguard.com/products/demos/
QualysGuard Free Trial and Guides
http://www.qualys.com/products/trials/
Penetration Test Automation
http://www.coresecurity.com/files/attachments/CORE_IMPACT-WhitePaper.pdf
http://www.business.com/search/rslt_default.asp?vt=all&query=computer+crime&type=web
Who Should Attend THE Class
Who should attend the class?
Information Security Managers, IT Managers,IT Security Managers, IT Security Administrators/Engineers, Project Managers,Project Coordinators. Those involved in formulating IT or Security policies for their organisations.
Prerequisites
To sit for the CISSP examination, a candidate must:
Submit the examination fee.
Assert that he or she possesses a minimum of four years of professional experience in the information security field or three years plus a college degree. Additionally, a Master's Degree in Information Security from a National Center of Excellence can substitute for one year toward the four-year requirement.
Complete the Candidate Agreement, attesting to the truth of his or her assertions regarding professional experience and legally commit to adhere to the CISSP Code of Ethics.
Successfully answer four questions regarding criminal history and related background.
Certification
To be issued a certificate, a candidate must:
Pass the CISSP exam with a scaled score of 700 points or greater.
Submit a properly completed and executed Endorsement Form.
Successfully pass an audit of their assertions regarding professional experience, if the candidate is selected for audit.
Information Security Managers, IT Managers,IT Security Managers, IT Security Administrators/Engineers, Project Managers,Project Coordinators. Those involved in formulating IT or Security policies for their organisations.
Prerequisites
To sit for the CISSP examination, a candidate must:
Submit the examination fee.
Assert that he or she possesses a minimum of four years of professional experience in the information security field or three years plus a college degree. Additionally, a Master's Degree in Information Security from a National Center of Excellence can substitute for one year toward the four-year requirement.
Complete the Candidate Agreement, attesting to the truth of his or her assertions regarding professional experience and legally commit to adhere to the CISSP Code of Ethics.
Successfully answer four questions regarding criminal history and related background.
Certification
To be issued a certificate, a candidate must:
Pass the CISSP exam with a scaled score of 700 points or greater.
Submit a properly completed and executed Endorsement Form.
Successfully pass an audit of their assertions regarding professional experience, if the candidate is selected for audit.
Course contents
Course Content :
Lesson 1: Controlling Access to Information Systems
Topic 1A: Control Data Access
Topic 1B: Control System Access
Topic 1C: Determine an Access Control Administration Method
Topic 1D: Perform a Penetration Test
Lesson 2: Networking Systems and Telecommunications
Topic 2A: Design Data Networks
Topic 2B: Provide Remote Access to a Data Network
Topic 2C: Secure a Data Network
Topic 2D: Manage a Data Network
Lesson 3: Defining Security Management
Topic 3A: Determine Security Management Goals
Topic 3B: Classify Information
Topic 3C: Develop a Security Program
Topic 3D: Manage Risk
Lesson 4: Creating Applications Security
Topic 4A: Perform Software Configuration Management
Topic 4B: Implement Software Controls
Topic 4C: Secure Database Systems
Lesson 5: Performing Cryptography
Topic 5A: Apply a Basic Cipher
Topic 5B: Select a Symmetric Key Cryptography Method
Topic 5C: Select an Asymmetric Key Cryptography Method
Topic 5D: Determine Email Security
Topic 5E: Determine Internet Security
Lesson 6: Securing System Architecture
Topic 6A: Evaluate Security Models
Topic 6B: Choose a Security Mode
Topic 6C: Provide System Assurance
Lesson 7: Executing Operations Security
Topic 7A: Control Operations Security
Topic 7B: Audit and Monitor Systems
Topic 7C: Handle Threats and Violations
Lesson 8: Performing Business Continuity Planning
Topic 8A: Sustain Business Processes
Topic 8B: Perform Business Impact Analysis
Topic 8C: Define Disaster Recovery Strategies
Topic 8D: Test the Disaster Recovery Plan
Lesson 9: Applying Physical Security
Topic 9A: Control Physical Access
Topic 9B: Monitor Physical Access
Topic 9C: Establish Physical Security Methods
Topic 9D: Design Secure Facilities
Lesson 10: Applying Law, Investigations, and Ethics
Topic 10A: Interpret Computer Crime Laws and Regulations
Topic 10B: Apply the Evidence Life Cycle
Topic 10C: Perform an Investigation
Topic 10D: Identify Codes of Conduct
Lesson 1: Controlling Access to Information Systems
Topic 1A: Control Data Access
Topic 1B: Control System Access
Topic 1C: Determine an Access Control Administration Method
Topic 1D: Perform a Penetration Test
Lesson 2: Networking Systems and Telecommunications
Topic 2A: Design Data Networks
Topic 2B: Provide Remote Access to a Data Network
Topic 2C: Secure a Data Network
Topic 2D: Manage a Data Network
Lesson 3: Defining Security Management
Topic 3A: Determine Security Management Goals
Topic 3B: Classify Information
Topic 3C: Develop a Security Program
Topic 3D: Manage Risk
Lesson 4: Creating Applications Security
Topic 4A: Perform Software Configuration Management
Topic 4B: Implement Software Controls
Topic 4C: Secure Database Systems
Lesson 5: Performing Cryptography
Topic 5A: Apply a Basic Cipher
Topic 5B: Select a Symmetric Key Cryptography Method
Topic 5C: Select an Asymmetric Key Cryptography Method
Topic 5D: Determine Email Security
Topic 5E: Determine Internet Security
Lesson 6: Securing System Architecture
Topic 6A: Evaluate Security Models
Topic 6B: Choose a Security Mode
Topic 6C: Provide System Assurance
Lesson 7: Executing Operations Security
Topic 7A: Control Operations Security
Topic 7B: Audit and Monitor Systems
Topic 7C: Handle Threats and Violations
Lesson 8: Performing Business Continuity Planning
Topic 8A: Sustain Business Processes
Topic 8B: Perform Business Impact Analysis
Topic 8C: Define Disaster Recovery Strategies
Topic 8D: Test the Disaster Recovery Plan
Lesson 9: Applying Physical Security
Topic 9A: Control Physical Access
Topic 9B: Monitor Physical Access
Topic 9C: Establish Physical Security Methods
Topic 9D: Design Secure Facilities
Lesson 10: Applying Law, Investigations, and Ethics
Topic 10A: Interpret Computer Crime Laws and Regulations
Topic 10B: Apply the Evidence Life Cycle
Topic 10C: Perform an Investigation
Topic 10D: Identify Codes of Conduct
AMISAUV CISSP BLOG !
CISSP
Certified Information Systems Security Professional
ACHIEVE THE HIGHEST STANDARD
ADVANCE YOUR CAREER!
The Certification That Inspires Utmost Confidence
An Introduction to the CISSP & SSCP Certifications
CISSP Certification CISSP - Certified Information Systems Security Professional
The (ISC)² CISSP ® CBK ®
A Brief History
■ Formed in 1989
■ Consortium:
– ISSA, DPMA, CIPS, IFIPS, CSI, Idaho State University.
■ First public examination in 1995 In Toronto,Canada
■ Certified thousands of information security practitioners in over twenty-seven countries
Why Get Certified?
■ The CISSP certification is a public acknowledgment that the professional has devoted himself or
herself to the field of information security or a closely related field, and passed a rigorous examination that encompasses all major elements of the industry’s accepted and recognized information system security Common Body of Knowledge (CBK).
Those with the right mix of education, experience and professional credentials are the most sought after for senior positions. These leading-edge careers also command the highest salaries.
https://www.isc2.org/study_guide.html#reference
Course Objective:
You will control access to data and information systems using common access control best practices. You will discover how networks are designed for security, and the components, protocols, and services that allow telecommunications to occur in a secure manner.You will learn about the principles of security management and how to manage risk as part of a comprehensive information security management program. You will explore applications and systems development security controls.
You will learn how to perform cryptography and how to secure system architecture. You will examine operations security and the appropriate controls and best practices to use to keep operations secure.
You will learn how to perform business continuity planning and apply physical security to protect organizational assets and resources.
Finally, you will explore law, investigations, and ethics with respect to information systems security and computer forensics.
Prerequisites:
Students should have certifications in A+, Network+, or Security+, or possess equivalent professional experience. Students may have one or more of the following certifications or equivalent experience: MCSE, SCNP,CCNA,CCNP,RHCE,LCE,CNE,SSCP,SANS,or GIAC.
Performance-Based Objectives
Upon successful completion of this course, students will be able to:
Control access to information systems
Network systems and telecommunications.
Define security management.
Create applications security.
Perform cryptography.
Secure system architecture.
Execute operations security.
Perform business continuity planning.
Apply physical security.
Apply law, investigations, and ethics.
Five Functional Areas Within Each Domain :
■ Information Protection Requirements
■ Information Protection Environment
■ Security Technology and Tools
■ Assurance, Trust, and Confidence
Mechanisms
■ Information Protection and Management
Services
CISSP Exam consists of 10 chapters that directly mirror the 10 CBK domains. They are :
Information Security and Risk Management
Security Architecture and Design Models
Access Control Systems and Methodology
Applications and Security Development
Operations Security
Cryptography
Physical (Environmental) Security
Telecommunications, Network, and Internet Security
Business Continuity Planning and Disaster Recovery Planning.
Law, Investigations, Legal Regulations, Compliance and Ethics.
• Access Control - Access Controls are a collection of mechanisms that work together to create a security architecture to protect the assets of the information system.
• Application Security - This domain addresses the important security concepts that apply to application software development. It outlines the environment where software is designed and developed and explains the critical role software plays in providing information system security.
• Business Continuity and Disaster Recovery Planning - This domain addresses the preservation and recovery of business operations in the event of outages.
• Cryptography - The Cryptography domain addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality and authenticity.
• Information Security and Risk Management - Security Management entails the identification of an organization's information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines. Management tools such as data classification and risk assessment/analysis are used to identify threats, classify assets, and to rate system vulnerabilities so that effective controls can be implemented.
• Legal, Regulations, Compliance, and Investigation - This domain addresses:
o Computer crime laws and regulations
o The measures and technologies used to investigate computer crime incidents
• Operations Security - Operations Security is used to identify the controls over hardware, media, and the operators and administrators with access privileges to any of these resources. Audit and monitoring are the mechanisms, tools, and facilities that permit the identification of security events and subsequent actions to identify the key elements and report the pertinent information to the appropriate individual, group, or process.
• Physical (Environmental) Security - The Physical (Environmental) Security domain provides protection techniques for the entire facility, from the outside perimeter to the inside office space, including all of the information system resources.
• Security Architecture and Design - The Security Architecture and Design domain contains the concepts, principles, structures, and standards used to design, monitor, and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of availability, integrity, and confidentiality.
• Telecommunications and Network Security - The Telecommunications and Network Security domain discusses the:
o Network structures
o Transmission methods
o Transport formats
o Security measures used to provide availability, integrity, and confidentiality
o Authentication for transmissions over private and public communications networks and media
Certified Information Systems Security Professional
ACHIEVE THE HIGHEST STANDARD
ADVANCE YOUR CAREER!
The Certification That Inspires Utmost Confidence
An Introduction to the CISSP & SSCP Certifications
CISSP Certification CISSP - Certified Information Systems Security Professional
The (ISC)² CISSP ® CBK ®
A Brief History
■ Formed in 1989
■ Consortium:
– ISSA, DPMA, CIPS, IFIPS, CSI, Idaho State University.
■ First public examination in 1995 In Toronto,Canada
■ Certified thousands of information security practitioners in over twenty-seven countries
Why Get Certified?
■ The CISSP certification is a public acknowledgment that the professional has devoted himself or
herself to the field of information security or a closely related field, and passed a rigorous examination that encompasses all major elements of the industry’s accepted and recognized information system security Common Body of Knowledge (CBK).
Those with the right mix of education, experience and professional credentials are the most sought after for senior positions. These leading-edge careers also command the highest salaries.
https://www.isc2.org/study_guide.html#reference
Course Objective:
You will control access to data and information systems using common access control best practices. You will discover how networks are designed for security, and the components, protocols, and services that allow telecommunications to occur in a secure manner.You will learn about the principles of security management and how to manage risk as part of a comprehensive information security management program. You will explore applications and systems development security controls.
You will learn how to perform cryptography and how to secure system architecture. You will examine operations security and the appropriate controls and best practices to use to keep operations secure.
You will learn how to perform business continuity planning and apply physical security to protect organizational assets and resources.
Finally, you will explore law, investigations, and ethics with respect to information systems security and computer forensics.
Prerequisites:
Students should have certifications in A+, Network+, or Security+, or possess equivalent professional experience. Students may have one or more of the following certifications or equivalent experience: MCSE, SCNP,CCNA,CCNP,RHCE,LCE,CNE,SSCP,SANS,or GIAC.
Performance-Based Objectives
Upon successful completion of this course, students will be able to:
Control access to information systems
Network systems and telecommunications.
Define security management.
Create applications security.
Perform cryptography.
Secure system architecture.
Execute operations security.
Perform business continuity planning.
Apply physical security.
Apply law, investigations, and ethics.
Five Functional Areas Within Each Domain :
■ Information Protection Requirements
■ Information Protection Environment
■ Security Technology and Tools
■ Assurance, Trust, and Confidence
Mechanisms
■ Information Protection and Management
Services
CISSP Exam consists of 10 chapters that directly mirror the 10 CBK domains. They are :
Information Security and Risk Management
Security Architecture and Design Models
Access Control Systems and Methodology
Applications and Security Development
Operations Security
Cryptography
Physical (Environmental) Security
Telecommunications, Network, and Internet Security
Business Continuity Planning and Disaster Recovery Planning.
Law, Investigations, Legal Regulations, Compliance and Ethics.
• Access Control - Access Controls are a collection of mechanisms that work together to create a security architecture to protect the assets of the information system.
• Application Security - This domain addresses the important security concepts that apply to application software development. It outlines the environment where software is designed and developed and explains the critical role software plays in providing information system security.
• Business Continuity and Disaster Recovery Planning - This domain addresses the preservation and recovery of business operations in the event of outages.
• Cryptography - The Cryptography domain addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality and authenticity.
• Information Security and Risk Management - Security Management entails the identification of an organization's information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines. Management tools such as data classification and risk assessment/analysis are used to identify threats, classify assets, and to rate system vulnerabilities so that effective controls can be implemented.
• Legal, Regulations, Compliance, and Investigation - This domain addresses:
o Computer crime laws and regulations
o The measures and technologies used to investigate computer crime incidents
• Operations Security - Operations Security is used to identify the controls over hardware, media, and the operators and administrators with access privileges to any of these resources. Audit and monitoring are the mechanisms, tools, and facilities that permit the identification of security events and subsequent actions to identify the key elements and report the pertinent information to the appropriate individual, group, or process.
• Physical (Environmental) Security - The Physical (Environmental) Security domain provides protection techniques for the entire facility, from the outside perimeter to the inside office space, including all of the information system resources.
• Security Architecture and Design - The Security Architecture and Design domain contains the concepts, principles, structures, and standards used to design, monitor, and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of availability, integrity, and confidentiality.
• Telecommunications and Network Security - The Telecommunications and Network Security domain discusses the:
o Network structures
o Transmission methods
o Transport formats
o Security measures used to provide availability, integrity, and confidentiality
o Authentication for transmissions over private and public communications networks and media
Subscribe to:
Posts (Atom)
