TC2 is pleased to announce the following training opportunity. If you wish to attend, please contact Jeanne Glauser jglauser@tcwib.net for more information and to register.

Course Outline
Certified Information Systems Security Professional (CISSP)
Length: 5 Days
Published: August, 2008
Language(s): English
Audience(s): IT Professionals
Technology: Network Security
Type: Course
Delivery Method: Instructor-led (classroom)

About this Course
This five-day, instructor-led course trains students in all areas of the security Common Body of Knowledge (CBK). They will learn about security policy development, secure software development procedures, network vulnerabilities, attack types and corresponding countermeasures, cryptography concepts and their uses, disaster recovery plans and procedures, risk analysis, crucial laws and regulations, forensics basics, computer crime investigation procedures, physical security, and much, much more. They will explore the contents and concepts that make up the diverse domains and learn how they work together to provide true “in-depth” defense.
Audience Profile:
This course is intended for people Information Technology (IT) professionals who have networking and administrative skills in Windows-based TCP/IP networks and who want to further a career in IT by acquiring a more advanced knowledge of security topics. Others who may take this course include IT generalists and or those seeking security certifications. Anyone may attend this course, but those with experience in one or more of the ten domains will reap the greatest benefits.

After completing this course, students will be able to:
• Identify concepts of computer security.
• Identify security threats.
• Harden internal systems and services.
• Harden internetwork devices and services.
• Secure network communications.
• Establish security best practices for creating and running web-based applications.
• Manage public key infrastructure (PKI).
• Manage certificates.
• Enforce organizational security policies.
• Monitor the security infrastructure.
• Manage security incidents.

Prerequisites:
In addition to their professional experience, students who attend this training are encouraged to have experience with the one or more of the ten domains:
• Security Management Practices.
• Access Control Systems and Methodology.
• Cryptography.
• Physical Security.
• Enterprise Security Architecture.
• Law, Investigation, and Ethics.
• Telecommunications, Networks, and Internet Security.
• Business Continuity Planning
• Applications & Systems Development
• Operations Security.

Course Outline:
Day 1: Security Management Practices; Access Control Systems and Methodology

Security Management Practices
o Types of Security Controls
o Components of a Security Program
o Security Policies, Standards, Procedures, and Guidelines
o Risk Management and Analysis
o Information Classification
o Employee Management Issues
o Threats, Vulnerabilities and Corresponding Administrative Controls

Access Control Systems and Methodology
o Identification, Authentication, and Authorization Techniques and Technologies
o Biometrics, Smart Cards, and Memory Cards
o Single Sign-On Technologies and Their Risks
o Discretionary versus Mandatory Access Control Models
o Rule-based and Role-based Access Control
o Object Reuse Issues and Social Engineering
o Emissions Security Risks and Solutions
o Specific Attacks and Countermeasures

Day 2: Cryptography; Physical Security

Cryptography
o Historical Uses of Cryptography
o Block and Stream Ciphers
o Explanation and Uses of Symmetric Key Algorithms
o Explanation and Uses of Asymmetric Key Algorithms
o Public Key Infrastructure Components
o Data Integrity Algorithms and Technologies
o IPSec, SSL, SSH, and PGP
o Secure Electronic Transactions
o Key Management
o Attacks on Cryptosystems

Physical Security
o Facility Location and Construction Issues
o Physical Vulnerabilities and Threats
o Doors, Windows, and Secure Room Concerns
o Hardware Metrics and Backup Options
o Electrical Power Issues and Solutions
o Fire Detection and Suppression
o Fencing, Lighting, and Perimeter Protection
o Physical Intrusion Detection Systems

Day 3: Enterprise Security Architecture; Law, Investigation, and Ethics

Enterprise Security Architecture
o Critical Components of Every Computer
o Processes and Threads
o The OSI Model
o Operating System Protection Mechanisms
o Ring Architecture and Trusted Components
o Virtual Machines, Layering, and Virtual Memory
o Access Control Models
o Orange Book, ITSEC, and Common Criteria
o Certification and Accreditation
o Covert Channels and Types of Attacks
o Buffer Overflows and Data Validation Attacks

Law, Investigation, and Ethics
o Different Ethics Sets
o Computer Criminal Profiles
o Types of Crimes
o Liability and Due Care Topics
o Privacy Laws and Concerns
o Complications of Computer Crime Investigation
o Types of Evidence and How to Collect It
o Forensics
o Legal Systems

Day 4: Telecommunications and Network Security; Business Continuity Planning

Telecommunications, Networks, and Internet Security
o TCP\IP Suite
o LAN, MAN, and WAN Topologies and Technologies
o Cable Types and Issues
o Broadband versus Baseband Technologies
o Ethernet and Token Ring
o Network Devices
o Firewall Types and Architectures
o Dial-up and VPN Protocols
o DNS and NAT Network Services
o FDDI and SONET
o X.25, Frame Relay, and ATM
o Wireless LANs and Security Issues
o Cell Phone Fraud
o VoIP
o Types of Attacks

Business Continuity Planning
o Roles and Responsibilities
o Liability and Due Care Issues
o Business Impact Analysis
o Identification of Different Types of Threats
o Development Process of BCP
o Backup Options and Technologies
o Types of Offsite Facilities
o Implementation and Testing of BCP

Day 5: Applications and Systems Development; Operations Security

Applications & Systems Development
o Software Development Models
o Prototyping and CASE Tools
o Object-Oriented Programming
o Middleware Technologies
o ActiveX, Java, OLE, and ODBC
o Database Models
o Relational Database Components
o CGI, Cookies, and Artificial Intelligence
o Different Types of Malware

Operations Security
o Operations Department Responsibilities
o Personnel and Roles
o Media Library and Resource Protection
o Types of Intrusion Detection Systems
o Vulnerability and Penetration Testing
o Facsimile Security
o RAID, Redundant Servers, and Clustering