CISSP Training Program
Register Now
Purpose
There are two primary purposes for this course:
1. Provide the training necessary for the student to sit for and pass the CISSP exam, and;
2. Transfer knowledge from the instructor to the student. The goal in this purpose is to enable the student to be a proficient information security professional, and provide value to his/her employer.
Who This Course Is For
This course is designed for anyone that has an interest in Information Security. Technical knowledge can be helpful, but is not required. Sys Admins tend to be ideal, since they have security responsibilities in their current roles.
About The Instructor
Evan Francen, CISSP CISM CCSK
Evan Francen is a passionate information security expert who serves businesses of all sizes, in all industries by cooperatively solving the complex issues surrounding information security. He considers himself an “information security evangelist”.
Prior to establishing FRSecure, Evan spent more than 15 years as a leading information security professional and corporate leader in both private and public companies. He is well-versed in governmental and industry-specific regulations, standards and guidelines including ISO/IEC 27002 (17799:2005), HIPAA, GLBA, PCI-DSS, FDA CFR Part 11, SOX and COBIT, but also understands the intricacies in aligning compliance with business objectives. Most recently, and prior to establishing FRSecure LLC, Evan established the formal information security programs for two publicly-traded companies.
Course Description
This course focuses on and prepares the student for the Certified Information Systems Security Professional (CISSP®) examination, owned and maintained by the International Information Systems Security Certification Consortium (ISC)2®. Successful completion of this course requires the student to complete all required assignments and self-study.
NOTE: Effective January 1st, 2012, professional work experience requirements for the CISSP will remain five years, but the domains will change. This course has accounted for these changes.
This course and the CISSP® examination are comprised of in-depth training in 10 CISSP® domains:
• Access Control
• Telecommunications and Network Security
• Information Security Governance & Risk Management
• Software Development Security
• Cryptography
• Security Architecture & Design
• Operations Security
• Business Continuity & Disaster Recovery Planning
• Legal, Regulations, Investigations, and Compliance
• Physical (Environmental) Security
Access Control
The Access Control domain covers mechanisms by which a system grants or revokes the right to access data or perform an action on an information system.
Access Control systems include:
• File permissions, such as “create”, “read”, “edit”, or “delete” on a file server.
• Program permissions, such as the right to execute a program on an application server.
• Data rights, such as the right to retrieve or update information in a database.
Telecommunications and Network Security
The Telecommunications and Network Security domain encompasses the structures, techniques, transport protocols, and security measures used to provide integrity, availability, confidentiality and authentication for transmissions over private and public communication networks.
Information Security Governance & Risk Management
The Information Security Governance and Risk Management domain entails the identification of an organization’s information assets and the development, documentation, implementation and updating of policies, standards, procedures, and guidelines that ensure confidentiality, integrity, and availability. Management tools such as data classification, risk assessment, and risk analysis are used to identify threats, classify assets, and to rate their vulnerabilities so that effective security measures and controls can be implemented.
Software Development Security
The Software Development Security domain refers to the controls that are included within systems and applications software and the steps used in their development (e.g. SDLC).
Software refers to system software (operating systems) and application programs such as agents, applets, software, databases, data warehouses, and knowledge-based systems. These applications may be used in distributed or centralized environments.
Cryptography
The Cryptography domain addresses the principles, means, and methods of applying mathematical algorithms and data transformations to information to ensure its integrity, confidentiality and authenticity.
Security Architecture & Design
The Security Architecture & Design domain contains the concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability.
Information security architecture and design covers the practice of applying a comprehensive and rigorous method of describing a current and/or future structure and behavior for an organization’s security processes, information security systems, personnel and organizational sub-units, so that these practices and processes align with the organization’s core goals and strategic direction.
Operations Security
The Operations Security domain is used to identify critical information and the execution of selected measures that eliminate or reduce adversary exploitation of critical information. It includes the definition of the controls over hardware, media, and the operators with access privileges to any of these resources. Auditing and monitoring are the mechanisms, tools and facilities that permit the identification of security events and subsequent actions to identify the key elements and report the pertinent information to the appropriate individual, group, or process.
Business Continuity & Disaster Recovery Planning
The Business Continuity and Disaster Recovery Planning domain addresses the preservation of the business in the face of major disruptions to normal business operations. BCP and DRP involve the preparation, testing and updating of specific actions to protect critical business processes from the effect of major system and network failures.
Legal, Regulations, Investigations and Compliance
The Legal, Regulations, Investigations and Compliance domain addresses ethical behavior and compliance with regulatory frameworks. It includes the investigative measures and techniques that can be used to determine if a crime has been committed, and methods used to gather evidence (e.g. forensics). A computer crime is any illegal action where the data on a computer is accessed with permission. This includes unauthorized access or alteration of data, or unlawful use of computers and services. This domain also includes understanding the computer incident forensic response capability to identify Advanced Persistent Threats (“APTs”) that many organizations are facing today.
Physical (Environmental) Security
The Physical (Environmental) Security domain addresses the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information. These resources include people, the facility in which they work, and the data, equipment, support systems, media, and supplies they utilize.
Physical security describes measures that are designed to deny access to unauthorized personnel (including attackers) from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts.
Required Materials
The following materials will be used during this class, and will be provided to the student by FRSecure (as part of the tuition amount):
Course Textbook
Official (ISC)²® Guide to the CISSP® CBK®, 2nd ed.
Recognized as one of the best tools available for the information security professional and especially for candidates studying for the (ISC)2 CISSP examination, the Official (ISC)2® Guide to the CISSP® CBK®, Second Edition has been updated and revised to reflect the latest developments in this ever-changing field. Endorsed by the (ISC)2, this book provides unrivaled preparation for the certification exam that is both up to date and authoritative. Compiled and reviewed by CISSPs and (ISC)2 members, the text provides an exhaustive review of the 10 current domains of the CBK-and the high-level topics contained in each domain.
Pretest Assessment
Official (ISC)²® studISCope Self Assessment
The (ISC)² studISCope Self Assessment lets the student experience the official CISSP, certification exam as closely as possible before they take them. This self-assessment allows the student to
• Work through 100 CISSP exam questions,
• Experience the look and feel of the real exam, and;
• Get a score based on the official algorithm used in the real exam to assess readiness for certification.
After an analysis of the student’s answers a personalized study plan is prepared that highlights areas where the student would perform well and identifies the topics that may need learning or reviewing.
Optional Resources (not provided by FRSecure)
There are additional resources that the student may feel inclined to purchase to supplement the learning provided in this course or for exam preparation. Other students have found success in supplementing their learning with:
• CISSP All-in-One Exam Guide, Fifth Edition (ISBN-10: 0071602178)
• CISSP Study Guide (ISBN-10: 1597495638)
• Various practice exams available online
Class Schedule
The next class will run Monday and Wednesday evenings from May 7th - June 20th, 2012. The class schedule is based upon preparation for the July 15th CISSP examination.
Classes are held online via WebEx from 8:00 - 10:00 PM CST
May 7 – Introduction and Domain 1 (Access Control)
May 9 – Domain 2 (Telecommunications and Network Security)
May 14 – Domain 3 (Information Security Governance & Risk Management)
May 16 – Domain 4 (Software Development Security)
May 21 – Domain 5 (Cryptography)
May 23 – Domain 6 (Security Architecture & Design)
May 28 – OFF (Self-Study)
May 30 – OFF (Self-Study)
June 4 – Domain 7 (Operations Security)
June 6 – Domain 8 (Business Continuity & Disaster Recovery Planning)
* EXAM REGISTRATION
June 11 – Domain 9 (Legal, Regulations, Investigations and Compliance)
June 13 – Domain 10 (Physical ‘Environmental’ Security)
June 18 – Test Preparation, Review and Wrap-up
June 20 - Test Preparation, Review and Wrap-up
July 15 – Examination Date
Expectations
The student is expected to commit a minimum of 20 hours/week to self-study, and complete all of the assignments given by the instructor.
Costs
The cost of the course is $2,300.
Examination Cost
The cost of the examination itself ($549) is not included in the price of tuition. The examination enrollment is available on ISC2’s website (http://www.isc2.org).
Register Now
