CISSP 2012 Certification Curriculum Outline

CISSP 2012 Domain: Access Control

Overview/Description
This course focuses on the need for access control mechanisms to secure an organizations network and minimize its vulnerability to attacks or intrusion. It covers various access control models, techniques, mechanisms, and methodologies. You will learn about the latest in authentication strategies and intrusion detection and prevention techniques. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains. The CISSP credential certifies student expertise in ten different knowledge domains.

Target Audience
Mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers

Expected Duration (hours)
2.0

Lesson Objectives

CISSP 2012 Domain: Access Control

Identify the types of access control technologies used in a networking environment

Identify critical activities related to information classification

Identify knowledge-based authentication technologies

Identify characteristics-based authentication technologies

Recognize how single sign-on systems (SSOs) are used for authentication

Recognize how one-time passwords (OTPs) and smart cards are used for authentication

Recognize ways of securing passwords

Identify different types of attack against passwords and password files

Determine the appropriate type of authentication to implement in a given enterprise scenario

Evaluate given passwords

Recognize appropriate access control models given a scenario

Identify the features of the DAC and MAC access control models

Recognize how different types of access control technique control access to resources

Identify the advantages and disadvantages of centralized and decentralized identity management systems

Identify intrusion detection system (IDS) mechanisms and implementation methods

Identify intrusion detection and prevention techniques

Determine the most appropriate access control model to implement in a given scenario

Recognize access control and intrusion detection techniques

Course Number:
sp_cpte_a01_it_enus

Back to List

CISSP 2012 Domain: Telecommunications and Network Security

Overview/Description
Access to a companys resources through unauthorized means is the number one goal of most attackers. The security professional must understand the proper countermeasures in order to stop attacks on e-mail systems, over the network, and on the PBX. This course discusses the transport mechanisms, structures, and security measures used to ensure availability, confidentiality, integrity, and authentication over both public and private networks. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.

Target Audience
The CISSP credential is ideal for mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers.

Expected Duration (hours)
3.5

Lesson Objectives

CISSP 2012 Domain: Telecommunications and Network Security

Recognize the components of a network infrastructure

Identify the key features of firewall technologies

Identify the characteristics of TCP/IP

Match the layers of the OSI model to their functions

Recognize how specific network attack techniques operate

Propose a high level security solution for a given scenario

Define how networks interact

Specify the type of cable to use in a given scenario

Recognize LAN transmission considerations

Identify network topology characteristics

Recognize features of media access technologies

Classify statements as characteristics of either synchronous and asynchronous communications

Recognize LAN and WAN specific devices and technologies

Match the technologies used by packet-switched networks to their descriptions

Match the remote access protocols to their functions

Identify the characteristics of Ethernet

Recognize how data is transmitted in Token Ring networks

Recognize the characteristics of the network communications mechanisms and technologies used in an enterprise environment

Identify currently available VPN protocols

Specify the most appropriate network components for a given scenario

Propose a network communication solution for a given scenario

Match the network protocols to their descriptions

Recognize how transport layer mechanisms secure network data

Recognize how different technologies are used to protect data at the application layer

Identify how to secure network communications in a given scenario

Distinguish between the technologies that secure the transport and application layers

Course Number:
sp_cpte_a02_it_enus

Back to List

CISSP 2012 Domain: Information Security Governance and Risk Management

Overview/Description
Information Security Governance and Risk Management is an all encompassing domain that the information security professional must constantly be aware of. This course examines the frameworks and planning structures used to make sure that information assets are protected within an organization. This course also examines the governance, organizational structures and cultures, and the awareness training that should be imparted to employees at all levels. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.

Target Audience
Mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers

Expected Duration (hours)
2.5

Lesson Objectives

CISSP 2012 Domain: Information Security Governance and Risk Management

Recognize responsibilities related to information security risk management

Match information security principles with examples of controls used to apply them

Match the components of a policy framework with their corresponding descriptions

Identify methodological frameworks for implementing and auditing security controls

Identify methodological frameworks for performing information security risk assessment

Distinguish between the results of qualitative and quantitative risk assessments

Match stages of the risk assessment process with corresponding descriptions

Label examples of actions taken by a company in response to a risk as either avoidance, transfer, mitigation, or acceptance

Recognize the appropriate application of risk management concepts

Distinguish between risk assessment and control methodologies

Identify responsibilities of an Information Security Officer

Recognize the advantages and disadvantages of various reporting models

Recognize how various personnel security strategies work to minimize employee risk

Recognize strategies for implementing information security training

Recognize the topics a computer ethics program should address

Match common computer ethics fallacies to the corresponding correct views

Recognize the ethical principles that all information security professionals should apply as they do their jobs

Recognize how to handle organizational issues

Recognize appropriate actions to implement security awareness training in your organization

Recognize ethical principles that all information security professionals must apply

Course Number:
sp_cpte_a03_it_enus

Back to List

CISSP 2012 Domain: Cryptography

Overview/Description
Cryptography has been used for thousands of years to secure messages, identities, vital information, and communications mechanisms. This course covers the invention of cryptography, the use of algorithms and ciphers, and the secure mechanisms used for message authentication and certificate authority. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.

Target Audience
Mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers

Expected Duration (hours)
2.0

Lesson Objectives

CISSP 2012 Domain: Cryptography

Define key cryptographic terms

Identify the characteristics of quantum cryptography

Match symmetric key algorithms to their corresponding descriptions

Distinguish between types of asymmetric algorithms

Determine the appropriate use for a given message format

Recognize types of ciphers

Match types of cryptanalytic attack with their corresponding descriptions

Distinguish between types of algorithms, message formats, ciphers, and cryptanalytic attacks

Determine the appropriate cryptography implementation for a given scenario

Determine the appropriate hash algorithm to use in a given scenario

Recognize characteristics of message authentication codes

Identify the characteristics of digital signatures

Identify guidelines for key management and distribution

Identify characteristics of the XKMS

Recognize the appropriate application of the split knowledge method of key management

Recognize methods of key distribution

Determine the appropriate hashing algorithm to use in a given scenario

Evaluate the actions of an individual who is practicing key management

Recognize examples of key management methods

Course Number:
sp_cpte_a05_it_enus

Back to List

CISSP 2012 Domain: Operations Security

Overview/Description
In todays enterprise environment, security operations takes on many faces, but always comes back to making sure that all aspects of the operation of an enterprise environment are secured and functioning correctly. This course delves into the mechanisms used to track security threats, resource protection, and securing the enterprise environment. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.

Target Audience
Mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers

Expected Duration (hours)
2.5

Lesson Objectives

CISSP 2012 Domain: Operations Security

Recognize the activities involved in securing the operations of an enterprise

Classify audit measures as either internal or external

Identify the technologies used to maintain resource availability

Match the attack type to their potential effects

Recognize different approaches to securing operations

Identify how audit trails can be used in operations security

Differentiate between monitoring tools and techniques

Define a strategy for securing and maintaining resources for a given scenario

Secure enterprise operations against network violations for a given scenario

Identify approaches to examining operations security

Identify the reasons for resource protection

Distinguish between e-mail protocols

Recognize different types of e-mail vulnerability

Recognize security issues associated with the web interfacing

Identify the characteristics of technologies for transferring and sharing files over the Internet

Match the reconnaissance methods to their descriptions

Identify the key considerations involved in implementing administrative controls

Specify how to secure media and media storage devices

Specify the reasons resource and e-mail should be secure

Propose safer file sharing practices for a given scenario

Determine how to secure media in a given scenario

Course Number:
sp_cpte_a07_it_enus

Back to List

CISSP 2012 Domain: Business Continuity and Disaster Recovery Planning

Overview/Description
Business continuity is an essential part of any enterprise. When a disaster occurs, it is imperative that a company be prepared, and has policies and people in place to step in and restore normal business operations. This course discusses the processes that are used to create a business continuity and disaster recovery plan and strategies for critical resource recovery. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.

Target Audience
Mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers

Expected Duration (hours)
1.5

Lesson Objectives

CISSP 2012 Domain: Business Continuity and Disaster Recovery Planning

Identify activities that occur during the project initiation phase of business continuity planning

Recognize considerations for business continuity and disaster recovery planning

Perform a business impact analysis on given business functions

Recognize key considerations when conducting a business impact analysis

Conduct activities related to initiating a project to plan a business continuity and disaster recovery program

Perform the steps of a business impact analysis given a scenario

Recognize the considerations that are weighed when determining an appropriate recovery strategy

Match recovery strategies for business operations to corresponding descriptions

Match recovery strategies for technology environments to corresponding descriptions

Recognize the components of a business continuity and disaster recovery plan

Match test types to their corresponding purposes

Determine the appropriate recovery strategy, given a scenario

Recognize elements of a business continuity and disaster recovery plan

Course Number:
sp_cpte_a08_it_enus

Back to List

CISSP 2012 Domain: Legal, Regulations, Investigations, and Compliance

Overview/Description
Computer crime is a major area of concern for everyone from the standard end user to the enterprise environment. Government agencies and corporate groups have come together to create rules and laws that deal with computer crimes and how perpetrators should be dealt with. This course brings together different aspects of computer crime, such as types of crime, laws to deal with crimes, and the ethics that must be used when investigating crime. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.

Target Audience
Mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers

Expected Duration (hours)
2.0

Lesson Objectives

CISSP 2012 Domain: Legal, Regulations, Investigations, and Compliance

Distinguish between the major categories of computer crime

Match examples of categories of computer crime to their descriptions

Recognize the characteristics of various computer-related crimes

Match the type of intellectual property law that applies to a given scenario

Match categories of law to their descriptions

Identify laws related to information security and privacy

Categorize laws according to the computer crime they protect against

Determine what type of computer crime has been committed in a given scenario

Specify the law that protects against a computer crime in a given scenario

Identify definitions of due care and due diligence

Recognize the characteristics of computer crime investigations

Recognize the investigative considerations involved in dealing with computer crime

Differentiate between ethics and ethical fallacies

Determine the appropriate processes for investigating a computer-related crime in a given scenario

Course Number:
sp_cpte_a09_it_enus

Back to List

CISSP 2012 Domain: Physical (Environment) Security

Overview/Description
Physical security is the foundation for all networking security mechanisms. Unless a network is physically secure from threats, all other types of security can be negated. This course focuses on the need for, and implementation of physical security and how it is used as an all encompassing backbone for enterprise security. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.

Target Audience
Mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers

Expected Duration (hours)
2.0

Lesson Objectives

CISSP 2012 Domain: Physical (Environment) Security

Recognize threats to an organizations physical security

Identify the components of a layered defense system

Identify perimeter security mechanisms

Identify the physical security considerations when designing or building a facility

Match the CPTED strategies to their descriptions

Propose a security solution for a given scenario

Determine the design measures that can be taken to increase facility security for a given scenario

Identify the mechanisms and controls for securing building services

Match the technologies used by an IDS to their descriptions

Select the most appropriate intrusion detection technology for a scenario

Identify the characteristics of a compartmentalized area

Specify an appropriate strategy for securing compartmentalized areas in a given scenario

Recognize the features of physical security elements

Identify the fundamental considerations involved in key control

Determine the best approach to securing building services for a given scenario

Identify how to secure a facility and its contents in a given scenario

Recognize how to implement an effective physical barrier as a security measure

Course Number:
sp_cpte_a10_it_enus

Back to List

CISSP 2012 Domain: Software Development Security

Overview/Description
Poorly written systems or applications can allow an attacker to exploit coding errors and thus interrupt the orderly processes of the system or application. This course discusses methods to increase the security of operating system and application development and thwart attacker attempts to manipulate source code. It also covers application and database development models such as the SDLC and how choosing the right model supports security. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.

Target Audience
Mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers

Expected Duration (hours)
2.0

Lesson Objectives

CISSP 2012 Domain: Software Development Security

Match issues related to software development with corresponding ways in which they create security vulnerabilities

Recognize types of attacks used in the enterprise environment

Determine the appropriate methods to counteract a given attack

Match types of computer attacks to their corresponding countermeasures

Match types of malicious code to their corresponding descriptions

Recognize the purpose of software forensics

Match types of antivirus software with their corresponding descriptions

Recognize the type of attack being perpetrated in a given scenario

Determine the appropriate steps to counteract a given attack

Recognize the characteristics of knowledge-based systems

Determine the appropriate development model to use for a given software development project

Distinguish between various database models and technologies

Recognize the software development phase a given project team is in

Determine the appropriate development model to use for a given software development project

Select the appropriate database model for a given set of criteria

Course Number:
sp_cpte_a04_it_enus

Back to List

CISSP 2012 Domain: Security Architecture and Design

Overview/Description
Computer administrators have a variety of mechanisms that can be used to secure modern enterprise environments. Several access control standards and models have been created by the international community to secure both personnel access and information recovery within an enterprise environment. This course examines hardware and software systems, memory storage types, security models, and security controls. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.

Target Audience
Mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers

Expected Duration (hours)
2.5

Lesson Objectives

CISSP 2012 Domain: Security Architecture and Design

Recognize the components of a basic information system architecture

Identify the considerations involved in implementing security architecture

Recognize key CPU operational factors involved in secure addressing

Match system operating states to their descriptions

Differentiate between machine types

Identify the purpose of the resource manager

Classify memory types as either RAM or ROM

Match storage types to their descriptions

Plan a secure computer network

Determine the network resources required for a given scenario

Match the phases of the evaluation process to their descriptions

Recognize the essential features of operating system protection

Match the access control mechanism to its description

Recognize the methods used to evaluate security in a networking environment

Identify the key features of security models

Match key peer-to-peer security issues with their descriptions

Describe the main security issues associated with grid computing

Describe the key challenges related to securing data in the cloud

Identify the questions a potential user of cloud data storage needs to ask when conducting a risk assessment

Propose an operating system security solution for a given scenario

Evaluate security in a networking environment

Determine the appropriate security model for a given scenario

Describe the security challenges presented by distributed systems

Course Number:
sp_cpte_a06_it_enus

Back to List