National Cybersecurity Institute at Excelsior College CISSP Training ...
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
National Cybersecurity Institute at Excelsior College CISSP Training Course Outline According to (ISC)², the vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks. Backed by (ISC)², the globally recognized, not-for-profit organization dedicated to advancing the information security field, the CISSP was the first credential in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024. Not only is the CISSP an objective measure of excellence, but also a globally recognized standard of achievement. Who should obtain the CISSP certification? To qualify for the CISSP, you must have a minimum of five years of cumulative paid full-time work experience in two or more of the eight domains.
Security and Risk Management Asset Security Security Engineering Communications and Network Security
Identity and Access Management Security Assessment and Testing Security Operations Software Development Security
The CISSP is ideal for those working in positions such as, but not limited to:
Security Consultant Security Manager IT Director/Manager Security Auditor Security Architect
Security Analyst Security Systems Engineer Chief Information Security Officer Director of Security Network Architect
Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity) 1. 2. 3. 4. 5. 6.
Confidentiality, integrity, and availability concepts Security governance principles Compliance Legal and regulatory issues Professional ethic Security policies, standards, procedures and guidelines
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
Asset Security (Protecting Security of Assets) 1. 2. 3. 4. 5. 6.
Information and asset classification Ownership (e.g. data owners, system owners) Protect privacy Appropriate retention Data security controls Handling requirements (e.g. markings, labels, storage)
Security Engineering (Engineering and Management of Security) 1. Engineering processes using secure design principles 2. Security models fundamental concepts 3. Security evaluation models 4. Security capabilities of information systems 5. Security architectures, designs, and solution elements vulnerabilities 6. Web-based systems vulnerabilities 7. Mobile systems vulnerabilities 8. Embedded devices and cyber-physical systems vulnerabilities 9. Cryptography 10. Site and facility design secure principles 11. Physical security Communication and Network Security (Designing and Protecting Network Security) 1. 2. 3. 4.
Secure network architecture design (e.g. IP & non-IP protocols, segmentation) Secure network components Secure communication channels Network attacks
Identity and Access Management (Controlling Access and Managing Identity) 1. 2. 3. 4. 5. 6.
Physical and logical assets control Identification and authentication of people and devices Identity as a service (e.g. cloud identity) Third-party identity services (e.g. on premise) Access control attacks Identity and access provisioning lifecycle (e.g. provisioning review)
Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) 1. 2. 3. 4. 5.
Assessment and test strategies Security process data (e.g. management and operational controls) Security control testing Test outputs (e.g. automated, manual) Security architectures vulnerabilities
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery) 1. Investigations support and requirements 2. Logging and monitoring activities 3. Provisioning of resources 4. Foundational security operations concepts 5. Resource protection techniques 6. Incident management 7. Preventative measures 8. Patch and vulnerability management 9. Change management processes 10. Recovery strategies 11. Disaster recovery processes and plans 12. Business continuity planning and exercises 13. Physical security 14. Personnel safety concerns Software Development Security (Understanding, Applying, and Enforcing Software Security) 1. 2. 3. 4.
Security in the software development lifecycle Development environment security controls Software security effectiveness Acquired software security impact
National Cybersecurity Institute at Excelsior College CISSP Training Course Outline According to (ISC)², the vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks. Backed by (ISC)², the globally recognized, not-for-profit organization dedicated to advancing the information security field, the CISSP was the first credential in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024. Not only is the CISSP an objective measure of excellence, but also a globally recognized standard of achievement. Who should obtain the CISSP certification? To qualify for the CISSP, you must have a minimum of five years of cumulative paid full-time work experience in two or more of the eight domains.
Security and Risk Management Asset Security Security Engineering Communications and Network Security
Identity and Access Management Security Assessment and Testing Security Operations Software Development Security
The CISSP is ideal for those working in positions such as, but not limited to:
Security Consultant Security Manager IT Director/Manager Security Auditor Security Architect
Security Analyst Security Systems Engineer Chief Information Security Officer Director of Security Network Architect
Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity) 1. 2. 3. 4. 5. 6.
Confidentiality, integrity, and availability concepts Security governance principles Compliance Legal and regulatory issues Professional ethic Security policies, standards, procedures and guidelines
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
Asset Security (Protecting Security of Assets) 1. 2. 3. 4. 5. 6.
Information and asset classification Ownership (e.g. data owners, system owners) Protect privacy Appropriate retention Data security controls Handling requirements (e.g. markings, labels, storage)
Security Engineering (Engineering and Management of Security) 1. Engineering processes using secure design principles 2. Security models fundamental concepts 3. Security evaluation models 4. Security capabilities of information systems 5. Security architectures, designs, and solution elements vulnerabilities 6. Web-based systems vulnerabilities 7. Mobile systems vulnerabilities 8. Embedded devices and cyber-physical systems vulnerabilities 9. Cryptography 10. Site and facility design secure principles 11. Physical security Communication and Network Security (Designing and Protecting Network Security) 1. 2. 3. 4.
Secure network architecture design (e.g. IP & non-IP protocols, segmentation) Secure network components Secure communication channels Network attacks
Identity and Access Management (Controlling Access and Managing Identity) 1. 2. 3. 4. 5. 6.
Physical and logical assets control Identification and authentication of people and devices Identity as a service (e.g. cloud identity) Third-party identity services (e.g. on premise) Access control attacks Identity and access provisioning lifecycle (e.g. provisioning review)
Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) 1. 2. 3. 4. 5.
Assessment and test strategies Security process data (e.g. management and operational controls) Security control testing Test outputs (e.g. automated, manual) Security architectures vulnerabilities
2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1201│ Email: [email protected] Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG
Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery) 1. Investigations support and requirements 2. Logging and monitoring activities 3. Provisioning of resources 4. Foundational security operations concepts 5. Resource protection techniques 6. Incident management 7. Preventative measures 8. Patch and vulnerability management 9. Change management processes 10. Recovery strategies 11. Disaster recovery processes and plans 12. Business continuity planning and exercises 13. Physical security 14. Personnel safety concerns Software Development Security (Understanding, Applying, and Enforcing Software Security) 1. 2. 3. 4.
Security in the software development lifecycle Development environment security controls Software security effectiveness Acquired software security impact
