AMISAUV CISSP BLOG !

CISSP
Certified Information Systems Security Professional
ACHIEVE THE HIGHEST STANDARD

ADVANCE YOUR CAREER!
The Certification That Inspires Utmost Confidence


An Introduction to the CISSP & SSCP Certifications

CISSP Certification CISSP - Certified Information Systems Security Professional
The (ISC)² CISSP ® CBK ®


A Brief History
■ Formed in 1989
■ Consortium:

– ISSA, DPMA, CIPS, IFIPS, CSI, Idaho State University.
■ First public examination in 1995 In Toronto,Canada
■ Certified thousands of information security practitioners in over twenty-seven countries

Why Get Certified?
■ The CISSP certification is a public acknowledgment that the professional has devoted himself or
herself to the field of information security or a closely related field, and passed a rigorous examination that encompasses all major elements of the industry’s accepted and recognized information system security Common Body of Knowledge (CBK).

Those with the right mix of education, experience and professional credentials are the most sought after for senior positions. These leading-edge careers also command the highest salaries.

https://www.isc2.org/study_guide.html#reference


Course Objective:

You will control access to data and information systems using common access control best practices. You will discover how networks are designed for security, and the components, protocols, and services that allow telecommunications to occur in a secure manner.You will learn about the principles of security management and how to manage risk as part of a comprehensive information security management program. You will explore applications and systems development security controls.

You will learn how to perform cryptography and how to secure system architecture. You will examine operations security and the appropriate controls and best practices to use to keep operations secure.

You will learn how to perform business continuity planning and apply physical security to protect organizational assets and resources.

Finally, you will explore law, investigations, and ethics with respect to information systems security and computer forensics.

Prerequisites:

Students should have certifications in A+, Network+, or Security+, or possess equivalent professional experience. Students may have one or more of the following certifications or equivalent experience: MCSE, SCNP,CCNA,CCNP,RHCE,LCE,CNE,SSCP,SANS,or GIAC.

Performance-Based Objectives

Upon successful completion of this course, students will be able to:

Control access to information systems
Network systems and telecommunications.
Define security management.
Create applications security.
Perform cryptography.
Secure system architecture.
Execute operations security.
Perform business continuity planning.
Apply physical security.
Apply law, investigations, and ethics.



Five Functional Areas Within Each Domain :

■ Information Protection Requirements
■ Information Protection Environment
■ Security Technology and Tools
■ Assurance, Trust, and Confidence
Mechanisms
■ Information Protection and Management
Services


CISSP Exam consists of 10 chapters that directly mirror the 10 CBK domains. They are :


Information Security and Risk Management

Security Architecture and Design Models

Access Control Systems and Methodology

Applications and Security Development

Operations Security
Cryptography
Physical (Environmental) Security
Telecommunications, Network, and Internet Security
Business Continuity Planning and Disaster Recovery Planning.

Law, Investigations, Legal Regulations, Compliance and Ethics.


• Access Control - Access Controls are a collection of mechanisms that work together to create a security architecture to protect the assets of the information system.
• Application Security - This domain addresses the important security concepts that apply to application software development. It outlines the environment where software is designed and developed and explains the critical role software plays in providing information system security.
• Business Continuity and Disaster Recovery Planning - This domain addresses the preservation and recovery of business operations in the event of outages.
• Cryptography - The Cryptography domain addresses the principles, means, and methods of disguising information to ensure its integrity, confidentiality and authenticity.
• Information Security and Risk Management - Security Management entails the identification of an organization's information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines. Management tools such as data classification and risk assessment/analysis are used to identify threats, classify assets, and to rate system vulnerabilities so that effective controls can be implemented.
• Legal, Regulations, Compliance, and Investigation - This domain addresses:
o Computer crime laws and regulations
o The measures and technologies used to investigate computer crime incidents
• Operations Security - Operations Security is used to identify the controls over hardware, media, and the operators and administrators with access privileges to any of these resources. Audit and monitoring are the mechanisms, tools, and facilities that permit the identification of security events and subsequent actions to identify the key elements and report the pertinent information to the appropriate individual, group, or process.
• Physical (Environmental) Security - The Physical (Environmental) Security domain provides protection techniques for the entire facility, from the outside perimeter to the inside office space, including all of the information system resources.

• Security Architecture and Design - The Security Architecture and Design domain contains the concepts, principles, structures, and standards used to design, monitor, and secure operating systems, equipment, networks, applications and those controls used to enforce various levels of availability, integrity, and confidentiality.
• Telecommunications and Network Security - The Telecommunications and Network Security domain discusses the:
o Network structures
o Transmission methods
o Transport formats
o Security measures used to provide availability, integrity, and confidentiality
o Authentication for transmissions over private and public communications networks and media