CISSP Essentials for Cyber Security as taught by ABCO
Technology in Los Angeles. Customized hands-on training for CISSP
at its’ best. ABCO students receive a thorough overview of all topics
covered in the CISSP exam. Our training also doubles as a comprehensive
security resource that enables proactive information security professionals on
every level to keep their skills sharp and gain a greater understanding of how
the network pieces in the information security puzzle fit together.
The 10 CISSP modules are
described and broken down into three domain groups. The first three domains
focus on securing data and reveal the essential elements to build an
organizational security program, including the theories, technologies and
methodologies to protect the company's primary information asset: its data.
Domains 4-6 focus on securing the network’s
infrastructure as they reveal the nuts and bolts of how to best apply security
to everyday computer and business operations. Fundamental concepts explored in
the sessions include how to effectively design security architectures,
implement secure networks, and build security into workable applications and
systems.
Finally domains 7-10 cover the business of security, an
area that is poorly covered by most programs.
Security is often thought of exclusively in terms of technology, but corporate
security is much more. It involves everything from governance, business
management and regulatory compliance, to an understanding of physical security,
disaster recovery and the law.
While viruses, worms and hacking grab the major
headlines, sound security management practices are the foundation of any
organization's security success. CISSP module 1 explores:
- Security management responsibilities
- The core components of security management: risk management, security policies and security education.
- Administrative, technical and physical controls
- Risk management and risk analysis
- Data classification
- Security roles and personnel security issues
A cornerstone of information security is controlling how
resources are accessed so they can be protected from unauthorized modification
or disclosure. The controls that enforce access control can be hardware or
software tools, which are technical, physical or administrative in nature.
CISSP Essentials Module 2 tackles:
- Identification methods and technologies
- Biometrics
- Authentication models and tools
- Access control types: discretionary, mandatory and nondiscretionary
- Accountability, monitoring and auditing practices
- Emanation security and technologies
- Possible threats to access control practices and technologies
Cryptography is one of the essential elements in the
protection of electronic data. Most e-commerce applications rely on some form
of encryption to protect the confidentiality and integrity of sensitive
information as it transits across the Internet. Encryption is also an essential
component in protecting stored data from unauthorized access. CISSP Essentials
Module 3 covers:
- Cryptographic components and their relationships
- Government involvement in cryptography
- Symmetric and asymmetric key cryptosystems
- PKI concepts and mechanisms
- Hashing algorithms
- Types of attacks on cryptosystems
Two fundamental concepts in computer and information
security are the security model, which outlines how security is to be
implemented; and the architecture of a security system, which is the framework
and structure of a system. CISSP Essentials Module 4 offers an in-depth review
of:
- Computer architectures, from the core operating system kernel to the applications to the network
- Trusted computing base and security mechanisms
- Components within the operating system
- Different security models used in software development
- Security criterion and ratings
- Certification and accreditation processes
This session prepares students for the CISSP exam by
focusing on the "glue" of network security: how networks work, how
data is transmitted from one device to another, how protocols transmit
information, and how applications understand, interpret and translate data.
Topics to be featured in this Module include:
- OSI model
- TCP/IP and protocols
- LAN, WAN and WAN technologies
- Cabling and data transmission types
- Network devices and services
- Intranets and extranets
- Telecommunication protocols and devices
- Remote access methodologies and technologies
- Resource availability
- Wireless technologies
Applications and computer systems are usually developed
for functionality first, not security. But it's always more effective to build
security into every system from the outset rather than attach it afterward. The
exact reasons why are revealed in this CISSP Module through topics focused on:
- Different types of software controls and implementation
- Database concepts and security issues
- Data warehousing and data mining
- Software life cycle development processes
- Change control concepts
- Object-oriented programming components
- Expert systems and artificial intelligence
One of the fundamental objectives of security is
"availability" — the ability to access computer data and resources
whenever necessary. This session focuses on one of the often overlooked but
critical aspects of availability: business continuity planning and disaster
recovery. Topics in this CISSP certification prep section focus on:
- Business impact analysis
- Operational and financial impact analysis
- Contingency planning requirements
- Selecting, developing and implementing disaster and contingency plans
- Backup and offsite facilities
Fraud, theft and embezzlement have always been an
unfortunate fact of life, but the computer age has brought on new opportunities
for a different and more malicious set of thieves and criminals. While many
security professionals focus on "preventing" cyber-attacks, the CISSP
teaches that it's equally important to understand how to investigate a computer
crime and gather evidence – that's exactly what this Module addresses.
Additional topics highlighted are information security regulations, laws and
ethics that guide the practice:
- Ethics and best practices for security professionals
- Computer crimes and computer law
- Computer crime investigation processes and evidence collection
- Incident-handling procedures
- Different types of evidence
Physical security has taken on added importance in the
continuing wake of September 11, 2001. While most IT professionals are focused
on logical systems—computers, networks, systems, devices—a comprehensive
security program must address critical physical risks, too. The convergence of
physical and logical systems makes this practice even more important. CISSP
Essentials Module 9 covers:
- Administrative, technical and physical controls pertaining to physical security
- Facility location, construction and management
- Physical security risks, threats and countermeasures
- Fire prevention, detection and suppression
- Authenticating individuals and intrusion detection
Operations security pertains to everything needed to keep
a network, computer system and environment up and running in a secure and
protected manner. Since networks are "evolutionary" and always
changing, it's essential that security pros understand the fundamental
procedures for managing security continuity and consistency in an operational
environment. CISSP Essentials Module 10 reveals mission critical answers
centered on key operations security topics:
- Administrative and management responsibilities
- Product evaluation and operational assurance
- Change configuration management
- Trusted recovery states
- E-mail security
For more information visit us online @ ABCO Technology
Check
us Out, We Are All Over the Web
