CISSP Certification Curriculum Outline
Information Security and Risk Management
Overview/Description
To identify the security requirements associated with identifying and protecting organizational information assets, perform the analysis techniques used in risk management, and recognize the responsibilities associated with different roles in an organization
Target Audience
Mid-level and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers
Prerequisites
A minimum of four years of professional experience in the information security field or three years plus a college degree
Expected Duration
3.00 Hours
Objectives :Information Security and Risk Management
- Recognize the goals of security management and change control.
- Identify the change control mechanisms used to secure the operational environment.
- Recognize the objectives and criteria associated with data classification, and distinguish between information classification roles.
- Distinguish between policies, standards, baselines, and guidelines.
- Recognize best practices and procedures for dealing with different aspects of employee relations.
- Determine the appropriate security procedures for hiring a new employee in a given scenario.
- Identify the principles of risk management, distinguish between planning types, and recognize whats involved in the analysis of different threats and vulnerabilities.
- Calculate the potential loss expectancy and the cost of countermeasures used for risk reduction in a given scenario.
- Calculate the loss expectancy associated with an information asset, perform a cost-benefit analysis, and determine how to handle the risk depending on the outcome of the countermeasure.
- Identify the security-related responsibilities associated with different roles within an organization.
Back to ListSecurity Architecture and Design
Overview/Description
To understand the principles of common computer architectures, distinguish between machine types and memory storage types, and recognize the logistics of common security models
Target Audience
Mid-level and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers
Prerequisites
A minimum of four years of professional experience in the information security field or three years plus a college degree
Expected Duration
2.25 Hours
Objectives :Security Architecture and Design
- Recognize the components of the basic information system architecture and their functionality, and differentiate between hardware, software, and firmware.
- Differentiate between machine types and recognize the functions of network protocols and the resource manager.
- Distinguish between types of storage device and how they are used.
- Determine which system resources can be found at the different rings and how the rings control subject access to objects.
- Differentiate between key security concepts, recognize the role of TCB, reference monitor, and security kernel in protecting the operating system, and recognize the two basic access control types.
- Differentiate between the various criteria and standards used to evaluate security in a networking environment.
- Specify the security level that should be assigned to various objects and determine how to implement the standards.
- Recognize the logistics of various security models used to enforce rules and protection mechanisms.
Back to ListAccess Control
Overview/Description
To introduce access control concepts and methodologies and explain how theyre implemented and administered in a centralized or decentralized environment
Target Audience
Mid-level and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers
Prerequisites
A minimum of four years of professional experience in the information security field or three years plus a college degree
Expected Duration
2.50 Hours
Objectives :Access Control
Identify the types of access control technologies used in a networking environment. Identify knowledge-based and characteristics-based authentication technologies. Recognize how single sign-on systems (SSOs), one-time passwords (OTPs), and smart cards are used for authentication. Determine the appropriate type of authentication to implement in a given enterprise scenario. Recognize ways of securing passwords and identify different types of attack against passwords and password files. Select the appropriate access control model for a scenario. Determine the most appropriate access control model to implement in a given scenario. Recognize how different types of access control technique control access to resources, and distinguish between centralized and decentralized access control administration mechanisms. Identify information detection system (IDS) mechanisms and implementation methods, and recognize various intrusion detection and prevention techniques. Back to ListApplication Security
Overview/Description
To understand different threats to the enterprise environment and recognize different ways of increasing the security of application development
Target Audience
Mid-level and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers
Prerequisites
A minimum of four years of professional experience in the information security field or three years plus a college degree
Expected Duration
2.00 Hours
Objectives :Application Security
- Distinguish between open and closed source code and recognize the functionality of different program types.
- Distinguish between the types of attacks used in the enterprise environment and identify the appropriate methods to counteract them.
- Recognize the different types of malicious code that can affect a system or network and identify the methods that can be used to mitigate them.
- Identify the type of attack being perpetrated in a given scenario and determine the appropriate steps to counteract it.
- Recognize the characteristics of various knowledge-based systems and identify the activities involved in the different phases of the information systems development life cycle.
- Distinguish between various database models and technologies, and define basic concepts associated with databases and data warehousing.
- Select the appropriate database model for a given set of criteria.
Back to ListOperations Security
Overview/Description
To understand the different mechanisms used to identify different types of attack and their effects, and protect system resources, e-mail and Internet communication to ensure operations security
Target Audience
Mid-level and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers
Prerequisites
A minimum of four years of professional experience in the information security field or three years plus a college degree
Expected Duration
2.25 Hours
Objectives :Operations Security
- Recognize the activities involved in securing the operations of an enterprise and identify the technologies used to maintain network and resource availability.
- Identify the effects of various hardware and software violations on the system, and recognize how different types of operational and life-cycle assurance are used to secure operations.
- Determine the effects of different attacks on the network and identify the consequences of those effects.
- Recognize how different auditing and monitoring techniques are used to identify and protect against system and network attacks.
- Recognize the need for resource protection, distinguish between e-mail protocols, and identify different types of e-mail vulnerability.
- Identify basic mechanisms and security issues associated with the Web, and recognize different technologies for transferring and sharing files over the Internet.
- Recognize key reconnaissance attack methods and identify different types of administrative management and media storage control.
- Identify the appropriate security measures and controls for creating a more secure workspace in given scenarios.
Back to ListCryptography
Overview/Description
To recognize how different cryptographic technologies are used to provide confidentiality, integrity, and authentication for data being transferred across untrusted networks
Target Audience
Mid-level and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers
Prerequisites
A minimum of four years of professional experience in the information security field or three years plus a college degree
Expected Duration
2.00 Hours
Objectives :Cryptography
- Define key cryptographic terms and distinguish between types of symmetric key algorithms.
- Distinguish between types of asymmetric algorithms.
- Determine the appropriate cryptography implementation for a given scenario.
- Distinguish between types of cipher and identify different categories of cryptanalytic attack.
- Distinguish between the various algorithms used for message authentication.
- Determine the appropriate hashing algorithm to use in a given scenario.
- Recognize how certificate authorities (CAs), digital signatures, and the Public Key Infrastructure (PKI) are used to provide confidentiality, integrity, and authentication.
Back to ListPhysical (Environmental) Security
Overview/Description
To understand the considerations and mechanisms involved in implementing the physical security of an enterprise
Target Audience
Mid-level and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers
Prerequisites
A minimum of four years of professional experience in the information security field or three years plus a college degree
Expected Duration
2.00 Hours
Objectives :Physical (Environmental) Security
- Recognize basic threats to an organizations physical security and identify the security mechanisms used in securing an enterprise environment.
- Identify the security mechanisms and strategies used to protect the perimeter of a facility.
- Identify the appropriate physical security mechanisms to implement in a given scenario.
- Identify the appropriate mechanisms and controls for securing the inside of a building or facility.
- Select the most appropriate intrusion detection technology for a scenario.
- Determine the appropriate intrusion detection system to implement, given a specific scenario.
- Select the appropriate strategy for securing compartmentalized areas in a given scenario.
Back to ListTelecommunications and Network Security
Overview/Description
To understand the structures, transmission methods, transport formats, and security technologies used in providing telecommunications and network security
Target Audience
Mid-level and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers
Prerequisites
A minimum of four years of professional experience in the information security field or three years plus a college degree
Expected Duration
3.75 Hours
Objectives :Telecommunications and Network Security
- Identify security issues associated with e-mail, facsimile, and PBX systems, and recognize how the LPC algorithm is used to secure voice communications.
- Identify the characteristics and functionality of the different technologies used to protect an organization at the network edge.
- Identify the characteristics of TCP and IP, and recognize the functionality of the OSI reference model.
- Distinguish between the layers of the OSI reference model and their associated functionality and technologies.
- Distinguish between types of data topology and physical media, and recognize the functionality of different LAN technologies.
- Recognize the network topologies, media access methods, data transmission types, and devices used by LANs and WANs.
- Identify the characteristics of the switching, remote access, and authentication methods used by LANs and WANs, and recognize the functionality of Ethernet and Token Ring technologies.
- Recognize the characteristics of the various network communications mechanisms and technologies used in an enterprise environment, and identify the protocols used by VPNs.
- Recognize the characteristics and functionality of the protocols used to secure data in transit in an enterprise environment.
- Recognize how different transport layer mechanisms secure network data.
- Recognize how different technologies are used to protect data at the Application layer.
- Determine the most appropriate methods and mechanisms for securing information at the Application layer, given a scenario.
Back to ListBusiness Continuity and Disaster Recovery Planning
Overview/Description
To recognize how to plan for business continuity and disaster recovery in the event of unforeseen and critical loss
Target Audience
Mid-level and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers
Prerequisites
A minimum of four years of professional experience in the information security field or three years plus a college degree
Expected Duration
2.25 Hours
Objectives :Business Continuity and Disaster Recovery Planning
- Recognize the phases involved in creating a business continuity plan (BCP).
- Recognize whats involved in the project initiation and management phase of the business continuity planning process.
- Identify the steps for conducting a business impact analysis (BIA) in a given scenario.
- Determine the appropriate strategy for performing a business impact analysis (BIA) in a given scenario.
- Identify the appropriate strategies for recovering critical business systems and resources, and maintaining business continuity in the event of a disaster.
- Identify the factors that need to be reviewed and documented in a business continuity plan, given a scenario.
- Identify the objectives and functions associated with testing and maintaining a business continuity plan.
- Determine the appropriate strategy for designing a business continuity plan (BCP) in a given scenario.
Back to ListLegal, Regulations, Compliance, and Investigations
Overview/Description
To identify the types and characteristics of computer crime, distinguish between the laws relating to information technology, and recognize the investigative and ethnical considerations involved in dealing with computer crime
Target Audience
Mid-level and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers
Prerequisites
A minimum of four years of professional experience in the information security field or three years plus a college degree
Expected Duration
2.00 Hours
Objectives :Legal, Regulations, Compliance, and Investigations
- Distinguish between the major categories of computer crime and recognize examples of them.
- Recognize the characteristics of various computer-related crimes and identify the type of intellectual property law that applies in a given scenario.
- Determine the type of intellectual property that should be put in place in a given scenario.
- Recognize the characteristics of various law systems and categories of law, and identify laws related to information security and privacy.
- Distinguish between the laws that have been created to deal with different types of computer crime.
- Recognize the definition of the principles of due care and due diligence, and identify the phases and types of evidence involved in computer crime.
- Determine the appropriate process for controlling evidence when investigating a computer-related crime in a given scenario.
- Recognize the investigative and ethnical considerations involved in dealing with computer crime.
Back to List
(ISC)2 CISSP Certification
(Certified Information Systems Security Professional)
If you plan to build a career in information security – one of today’s most visible professions – and if you have at least five full
years of experience in information security, then the CISSP® credential should be your next career goal.
ISC2 certification validates the latest skills needed by today's computer security professionals.
It is an international, vendor-neutral certification recognized by major hardware and software vendors, distributors and resellers. The
CISSP course provides you with the knowledge and skills to pass the CISSP certification, after which
you'll have the ability to manage, operate, develop and plan an effective network security infrastructure.
Benefits of CBT Direct’s Online (ISC)2 CISSP Certification Training
CBT Direct boasts the most beneficial online certification training on the market. With online training, you have the flexibility
to study on your schedule, and with the speed and reliability of the internet, CBT Direct’s (ISC)2
CISSP training course is accessible anywhere you have an internet connection. Convenience finally costs less with CBT Direct – the
most affordable online training solution today.
The unique design of CBT Direct’s (ISC)2 CISSP certification course incorporates a proven four-step
learning process: presentation, demonstration, guidance and independent practice. This four-step proven learning model for CBT Direct’s
(ISC)2 CISSP training course ensures the greatest level of retention to prepare you for your
(ISC)2 CISSP certification exam.
CBT Direct also offers online mentoring for over 100 current major certification exams, including (ISC)2
CISSP, for IT professionals and end-users alike. CBT Direct’s mentors have a minimum of 20 certifications each and are
available 24/7*.
* Available for most courses.
Who Benefits from CBT Direct’s (ISC)2 CISSP Training?
This training would be beneficial for individuals looking for IT job positions such as; Network Administrator, Windows Administrator,
Windows System Engineer, Linux Administrator, Network Security Specialist, Information Security Manager or Chief Security Officer.
What Professionals Will Learn from CBT Direct’s (ISC)2 CISSP Training
(ISC)2 CISSP Certification Exam:
The CISSP was the first credential in the field of information security, accredited by the ANSI (American National Standards Institute)
to ISO (International Standards Organization) Standard 17024:2003. CISSP certification is not only an objective measure of excellence,
but a globally recognized standard of achievement. Click here to see a detailed curriculum outline.
| CISSP | ISC2 CISSP (Certified Information Systems
Security Professional) | ü | | ü |
CISSP Prerequisites
To sit for the CISSP examination, a candidate must:
- Sign up for the examination date and location
- Submit the examination fee
- Assert that he or she possesses a minimum of five years of professional experience in the information security field or four years plus a college degree. Or, an Advanced Degree in Information Security from a National Center of Excellence or the regional equivalent can substitute for one year towards the five-year requirement.
- Complete the Examination Agreement, attesting to the truth of his or her assertions regarding professional experience, and legally committing to the adherence of the (ISC)²Code of Ethics
- Successfully answer four questions regarding criminal history and related background
Click Here for CISSP Facts.
(ISC)2 CISSP Certification Exam
