With today's complex and diverse enterprise networks, maintaining security is one of the greatest challenges organisations face. It is difficult to properly configure systems and networks for maximum security.
With today's complex and diverse enterprise networks, maintaining security is one of the greatest challenges organisations face. It is difficult to properly configure systems and networks for maximum security.
Any weakness in the defence is enough to render the organisation vulnerable. The skill set required of the security team is very wide. In an effort to define the knowledgebase required for enterprise security (ISC)2 have defined the Common Body of Knowledge (CBK), which consists of ten test domains.
The Certified Information Systems Security Professional CISSP® exam is built from a pool of multiple-choice questions drawn from the CBK.
Prerequisites:
For CISSP ISC2 exam requires that candidates have work experience (4 years with degree or 5 years without degree) in two, or more of the ten test domains of the information systems [IS] security Common Body of Knowledge (CBK). Note that candidates for CISSP without the required work experience can still sit the exam and become an associate CISSP.
Course Content
Security Management Practices
Identification of information assets
Policies, standards, procedures
Confidentiality, integrity, and availability.
Data classification,
Risk management, risk assessment, and risk analysis;
Countermeasure evaluation
Security roles
Security awareness training
Personnel policy
Security Architecture & Models
Computer architectures
Security models
Trusted Computer Base
ITSEC
TCSEC
Common Criteria
OS security components
IETF IPSEC
Certification and Accreditation
Security issues associated with system architectures
Access Control Systems & Methodology
Access Control techniques
Access Control Administration
Access Control Models
Identification and Authentication Techniques
Single Sign-On (SSO)
Access Control Methodologies and Implementation
File and Data Ownership and Custodianship
Methods of Attack
Monitoring
Penetration Testing
Applications & Systems Development
Systems development management
Change Control
Certification
Accreditation
Security Control Architecture
Malicious Code
Virus writers Hackers, crackers, and phreaks
Virus protection, types of computer viruses
Mobile code security issues
Cryptography
Cryptographic basics
Comparison of cryptographic algorithms
Key management
Key Distribution Methods
Kerberos,
ISAKMP
Public Key Algorithms
Public Key Infrastructure (PKI)
Certificate Authorities
Smart cards and tokens
Methods of Attack
Telecommunications & Network Security
ISO/OSI Layers and Characteristics
Remote Access Dial-In User System/Terminal Access Control
RADIUS/TACACS
Internet/Intranet/Extranet
Secure communication protocols
Virtual Private Network (VPN)
Network Address Translation
E-mail security
Facsimile security
Secure Voice Communications
Security boundaries and how to translate security policy to controls
Network Attacks and Countermeasures
Operations Security
Administrative Management
Separation of Duties and Responsibilities
Backup of Critical information
Standards of Due Care/Due Diligence
Record retention
Control Types
Operations Controls
Resource Protection
Auditing
Reporting mechanisms
Monitoring tools and techniques
Failure recognition and response
Intrusion detection
Penetration testing techniques
Inappropriate activities
Internal threats and Countermeasures
Violations, Breaches, and Reporting
Physical Security
Physical site security controls
Electronic site access controls
Environment/Life Safety
Physical security threats and countermeasures
Fire (sensors, sprinklers, flooding systems, extinguishers)
Water (leakage and flooding)
Electrical (UPS and generators)
Environmental
Business Continuity & Disaster Recovery Planning
Business Continuity Planning
Cold/Warm/Hot/Mobile Sites
Recovery processes
Disaster Recovery Planning
Recovery Plan Development
Emergency Response
Reconstruction from Backups
Crisis Management
BCP/DRP Events
Law, Investigation & Ethics
Legal categories
Criminal Law
Civil Law
Administrative Law
Investigations
Rules of Evidence
Collection and preservation of evidence
Investigation Processes and Techniques
Major categories of computer crime
Incident Handling
Ethics
(ISC2) Code of Ethics
Founded in 2006 with headquarters in Glasgow, Elite Training offers a comprehensive range of IT, Professional Best Practice and Business Skills training across the UK.
At Elite Training, we understand that every client is different and as such customise training solutions to suit your individual requirements. We are interested in building strong, long lasting business relationships based on high quality training and customer care. We pride ourselves on responding quickly to queries and providing advice on all your training requirements.
Our experienced Account Managers work closely with our clients to deliver a range of solutions based on budgets, timelines and individual requirements. Whether you require one-to-one or group sessions, public or closed company training, we ensure you receive an individually tailored training service.
This event fully covers the current CRISC exam syllabus by explaining how to use COBIT, ValIT and RiskIT to implement an InfoSec Risk Management process while supporting the core business strategy. Sample exam questions, exam techniques and study plans are also covered
Over the course of two days, delegates who are taking the COBIT® training course will learn a series of skills. They will provided with thorough knowledge of the course during their first day, given to them by experienced trainers who are of a very high quality.
From its foundation in the IT audit community, COBIT has developed into a broader and more comprehensive information and technology (I&T) governance and management framework and continues to establish itself as a generally accepted framework for I&T governance.
CRISC course is offered by Net Security Training for all skill level. Net Security Training is an independent specialist Cyber Security training company whose total focus is the provision of specialised courses and appreticeships catering for Cyber Security and Information Assurance professionals...
Auditing is an essential tool in the battle to identify, assess and address information security risks posed by challenges such as employee error and data breaches.
© 2024 coursetakers.com All Rights Reserved. Terms and Conditions of use | Privacy Policy