CISSP Security Professional
1. Access Control Systems and Methodology
Objectives
- Discuss the relationship between access control and accountability
- Define common access control techniques and models
- Detail the specifics of access control administration
- Explain identification and authentication techniques
- Discuss centralized/decentralized control
- Explain intrusion detection and common methods of attack
2. Telecommunications and Network Security
Objectives
- Explain the International Standards Organization/Open Systems Interconnection
- (ISO/OSI) layers and characteristics
- Describe the design and function of communications and network security
- Describe the components, protocols and services involved in Internet/intranet/extranet design
- Define and describe communications security techniques to prevent, detect, and correct errors so that integrity, availability, and confidentiality of transactions over networks may be maintained
- Define and describe specific areas of communication and how they can be secured
- Explain current forms of network attacks and their countermeasures
Topics
- The Open Systems Interconnection model
- Network characteristics
- Network topologies
- LAN devices
- WAN technologies
- Providing remote access capabilities
- Networking and security protocols
- Securing communications
- Error prevention, detection, and correction
- Intrusion detection, response, and prevention
- Fault tolerance and data restoration
3. Security Management and Practices
Objectives
- Understand the principles of security management
- Understand risk management and how to use risk analysis to make information security management decisions
- Set information security roles and responsibilities throughout your organization
- Understand the considerations and criteria for classifying data
- Determine how employment policies and practices are used to enhance information security in your organization
- Use change control to maintain security
Topics
- Defining security principles
- Identification and authentication
- Accountability and auditing
- Security management planning
- Risk management and analysis
- Risk analysis step by step
- Policies, standards, guidelines, and procedures
- Examining roles and responsibility
- Understanding protection mechanisms
- Classifying data
- Employment policies and practices
- Managing change control
- Security awareness training
4. Applications and Systems Development Security
Objectives
- Demonstrate an understanding of challenges in both distributed and nondistributed environments
- Discuss databases and data warehousing issues
- Describe knowledge-based systems and examples of edge computing
- Discuss the types of attacks made on software vulnerabilities
- Describe and define malicious code
- Discuss system development controls
Topics
- Distributed and nondistributed environment challenges
- Database and data warehousing issues
- Storage and storage systems
- Knowledge-based systems and edge computing
- Attacking software
- Understanding malicious code
- System development lifecycle models
- Security control architecture
- Software development methodologies
- Secure software design and coding practices
5. Cryptography, Security Architecture, and Security Models
Objectives
- Compare and contrast symmetric and asymmetric algorithms
- Describe PKI and key management
- Detail common methods of attacking encryption, including general and specific attacks
- List common security models and their function
- Explain the basics of security architecture
- Describe the Internet Protocol Security (IPSec) standard
6. Operations Security
Objectives
- Identify the key roles of operations security
- Define threats and countermeasures
- Explain how audit and monitoring can be used as operations security tools
- Define the role of Administrative management in operations security
- Define operations security concepts and describe operations security best practices
7. Business Continuity and Disaster Recovery Planning
Objectives
- Document the natural and man-made events that need to be considered in making disaster recovery and business continuity plans
- Explain the difference between disaster recovery planning (DRP) and business continuity planning (BCP) and the importance of developing plans that include both
- Detail the business continuity planning process
- Explain the need for, and development of, a backup strategy. Include information on determining what to back up, how often to back up, as well as the proper storage facility for backups
- Detail the disaster recovery planning process, including recovery plan development, implementation, maintenance, and the restoration of business functions
8. Law, Investigation, Ethics, and Physical Security
Objectives
- Define what constitutes a computer crime and how such a crime is proven in court
- Explain the laws of evidence
- Discuss computer ethics
- Understand general principles that apply to the theft of information and assets
- Know the general criteria that apply to the location and construction of facilities
- Describe physical intrusion detection methodologies and products
Topics
- Fundamentals of law
- Criminal law and computer crime
- Computer security incidents
- Legal evidence
- Computer forensics
- Computer ethics
- Classifying assets and vulnerabilities
- Site location and construction
- Physical access controls
- Power
- Environmental controls and water exposure problems
- Fire prevention and protection
- Tape, media, and document library retention policies
- Waste disposal
- Physical intrusion detection