Course Code: 5418

CISSP/CISSO Certified Information Systems Security Officer

Class Dates:
1/1/0001
1/1/0001
Length:
5 Days
Cost:
$2995
Class Time:
Technology:
Security
Delivery:
Virtual Instructor-Led Training, Instructor-Led Training

Overview

  • Course Overview
  • The CISSO addresses the broad range of industry best practices, knowledge and skills expected of a security manager/0fficer. The candidate will learn in-depth theory pertaining to the practical implementation of core security concepts, practices, monitoring and compliance in the full panorama of IS management. Through the use of a risk-based approach, the CISSO is able to implement and maintain cost-effective security controls that are closely aligned with both business and industry standards. Whether you’re responsible for the management of a Cyber Security team, a Security Officer, an IT auditor or a Business Analyst, the CISSO certification course is an ideal way to increase your knowledge, expertise and skill!

    Upon completion, CISSO students will be able to establish industry acceptable Cyber Security & IS management standards with current best practices and will be prepared to take the CISSO exam.
  • Audience
  • The CISSO course is designed for a forward­thinking security professional or consultant that manages or plays a key role in an organization’s information security department.
    Intended for:
    • IS Security Officers
    • IS Managers
    • Risk Managers / Auditors
    • Information Systems Owners
    • IS Control Assessors
    • System Managers
    • Government

Prerequisites



  • Prerequisites:
    • 1 Year experience in at least 2 modules or 1 year in IS Management
    • 1 year in IS Management

Course Details

  • Module 1: Risk Management
  • Examples of Some Vulnerabilities that Are Not Always Obvious
  • Control Effectiveness
  • Risk Management
  • Types of Risk Assessment
  • Different Approaches to Analysis
  • Quantitative Analysis
  • ALE Values Uses
  • Qualitative Analysis - Likelihood, Impact, Risk Level, & Steps
  • Management’s Response to Identified Risks
  • Comparing Cost and Benefit
  • Cost of a Countermeasure
  • Module 2 - Security Management
  • Enterprise Security Program
  • Building A Foundation
  • Planning Horizon Components
  • Enterprise Security Program Components
  • Control Types
  • Security Roadmap
  • Senior Management’s Role in Security
  • Security Program Components
  • Employee Management
  • Enforcement
  • Module 3 - Authentication
  • Agenda
  • Accountability and Access Control Methodology / Administration
  • Trusted Path
  • Authentication Mechanisms
  • Authorization
  • Fraud Controls
  • Biometrics Technology
  • Passwords and PINs
  • Synchronous Token
  • Cryptographic Keys
  • Memory Cards
  • Major Components of Kerberos
  • Module 4 - Access Control
  • Role and layers of Access Control
  • Preventive Control Types
  • Control Administration, Combinations, Characteristics, Technical, and Physical
  • Accountability
  • Information Classification & Criteria
  • Declassifying Information
  • Models for Access
  • Role-Based Access Control (RBAC)
  • RADIUS
  • TACACS+ Characteristics
  • Diameter Characteristics
  • Decentralized Access
  • Module 5 - Security Models and Evaluation Criteria
  • System Protection
  • Security Models
  • State Machine
  • Information Flow
  • Bell-LaPadula
  • Biba
  • Clark-Wilso, Take-Grant, & Non-interface Model
  • Brewer and Nash – Chinese Wall
  • Trusted Computer System Evaluation Criteria (TCSEC)
  • Evaluation Criteria - ITSEC
  • Common Criteria
  • First & Second Set of Requirements
  • Module 6 - Operations Security
  • Rolls of Operations & Issues
  • Administrator Access
  • Computer Operations – Systems & Security Administrators
  • Operational Assurance
  • Audit and Compliance
  • Logs and Monitoring
  • Records Management
  • Contingency Planning
  • System Controls
  • Remote Access
  • Vulnerability Assessments, Methodology, & Penetration Testing
  • Data Leakage
  • Module 7 - Symmetric Cryptography and Hashing
  • Cryptography Objectives & Definitions
  • Cipher & Substitution Cipher
  • Key and Concealment
  • One-Time Pad Characteristics
  • Binary Mathematical Function
  • Key and Algorithm Relationship
  • Ways of Breaking Cryptosystems – Brute Force & Frequency
  • Encryption/Decryption Methods
  • S-Boxes Used in Block Ciphers
  • Type of Symmetric Cipher – Stream Cipher & Block Cipher
  • Data Integrity Mechanisms
  • MAC – Sender
    Security Issues in Hashing
    Birthday Attack
  • Module 8 - Asymmetric Cryptography and PKI
  • Asymmetric Cryptography & Algorithm
  • Symmetric versus Asymmetric
  • Digital Signatures
  • U.S. Government Standard
  • PKI and Its Components
  • CA and RA Roles
  • Digital Certificates
  • Steganography
  • Key Management
  • Link versus End-to-End Encryption
  • E-mail StandardsSecure Protocols
  • Secure Protocols
    Network Layer Protection
    IPSec Key Manage
  • Module 9 - Network Connections
  • Network Topologies– Physical Layer
  • Router
  • Gateway
  • Bastion Host
  • Firewalls
  • IDS – Second line of defense
  • HIPS
  • Unified Threat Management
  • UMT Product Criteria
  • Protocols
  • TCP/IP Suite
  • Port and Protocol
  • Module 11 - Telephony, VPNs and Wireless
  • PSTN
  • Remote Access
  • Dial-Up Protocols and Authentication
  • Dial-Up Protocol – SLIP & PPP
  • Authentication Protocols – PAP, CHAP , EAP
  • Voice Over IP
  • Private Branch Exchange
  • PBX Vulnerabilities & Best Practices
  • Network Technologies
  • Tunneling Protocols – PPTP, L2TP, IPSec
  • Tunneling Protocols – PPTP
    Wireless Technologies- Access Point
  • Standards Comparison
    Wireless Network Topologies
    TKIP