CISSP/CISSO Certified Information Systems Security Officer
CLASS DATE(s):
9/14/2020 - 9/18/2020

COURSE LENGTH: 5 Days

COURSE COST: $2995

COURSE TIMES: 9:00am - 4:30pm

Printable version of this course
print
Register for this course
register

COURSE OVERVIEW

The CISSO addresses the broad range of industry best practices, knowledge and skills expected of a security manager/0fficer. The candidate will learn in-depth theory pertaining to the practical implementation of core security concepts, practices, monitoring and compliance in the full panorama of IS management. Through the use of a risk-based approach, the CISSO is able to implement and maintain cost-effective security controls that are closely aligned with both business and industry standards. Whether you’re responsible for the management of a Cyber Security team, a Security Officer, an IT auditor or a Business Analyst, the CISSO certification course is an ideal way to increase your knowledge, expertise and skill!

Upon completion, CISSO students will be able to establish industry acceptable Cyber Security & IS management standards with current best practices and will be prepared to take the CISSO exam.

AUDIENCE AND PREREQUISITES

The CISSO course is designed for a forward­thinking security professional or consultant that manages or plays a key role in an organization’s information security department.
Intended for:

  • IS Security Officers
  • IS Managers
  • Risk Managers / Auditors
  • Information Systems Owners
  • IS Control Assessors
  • System Managers
  • Government


Prerequisites:
  • 1 Year experience in at least 2 modules or 1 year in IS Management
  • 1 year in IS Management

  

Course will run as a live-virtual class unless a minimum enrollment is reached. Exam Information: The Certified Information Systems Security Officer exam is taken online through a Assessment and Certification System (“MACS”), The exam will take 2 hours and consist of 100 multiple choice questions. The cost is $400 USD.

COURSE TOPICS:


Module 1: Risk Management
Examples of Some Vulnerabilities that Are Not Always Obvious
Control Effectiveness
Risk Management
Types of Risk Assessment
Different Approaches to Analysis
Quantitative Analysis
ALE Values Uses
Qualitative Analysis - Likelihood, Impact, Risk Level, & Steps
Management’s Response to Identified Risks
Comparing Cost and Benefit
Cost of a Countermeasure

Module 2 - Security Management
Enterprise Security Program
Building A Foundation
Planning Horizon Components
Enterprise Security Program Components
Control Types
Security Roadmap
Senior Management’s Role in Security
Security Program Components
Employee Management
Enforcement

Module 3 - Authentication
Agenda
Accountability and Access Control Methodology / Administration
Trusted Path
Authentication Mechanisms
Authorization
Fraud Controls
Biometrics Technology
Passwords and PINs
Synchronous Token
Cryptographic Keys
Memory Cards
Major Components of Kerberos

Module 4 - Access Control
Role and layers of Access Control
Preventive Control Types
Control Administration, Combinations, Characteristics, Technical, and Physical
Accountability
Information Classification & Criteria
Declassifying Information
Models for Access
Role-Based Access Control (RBAC)
RADIUS
TACACS+ Characteristics
Diameter Characteristics
Decentralized Access

Module 5 - Security Models and Evaluation Criteria
System Protection
Security Models
State Machine
Information Flow
Bell-LaPadula
Biba
Clark-Wilso, Take-Grant, & Non-interface Model
Brewer and Nash – Chinese Wall
Trusted Computer System Evaluation Criteria (TCSEC)
Evaluation Criteria - ITSEC
Common Criteria
First & Second Set of Requirements

Module 6 - Operations Security
Rolls of Operations & Issues
Administrator Access
Computer Operations – Systems & Security Administrators
Operational Assurance
Audit and Compliance
Logs and Monitoring
Records Management
Contingency Planning
System Controls
Remote Access
Vulnerability Assessments, Methodology, & Penetration Testing
Data Leakage

Module 7 - Symmetric Cryptography and Hashing
Cryptography Objectives & Definitions
Cipher & Substitution Cipher
Key and Concealment
One-Time Pad Characteristics
Binary Mathematical Function
Key and Algorithm Relationship
Ways of Breaking Cryptosystems – Brute Force & Frequency
Encryption/Decryption Methods
S-Boxes Used in Block Ciphers
Type of Symmetric Cipher – Stream Cipher & Block Cipher
Data Integrity Mechanisms
MAC – Sender
Security Issues in Hashing
Birthday Attack

Module 8 - Asymmetric Cryptography and PKI
Asymmetric Cryptography & Algorithm
Symmetric versus Asymmetric
Digital Signatures
U.S. Government Standard
PKI and Its Components
CA and RA Roles
Digital Certificates
Steganography
Key Management
Link versus End-to-End Encryption
E-mail StandardsSecure Protocols
Secure Protocols
Network Layer Protection
IPSec Key Manage

Module 9 - Network Connections
Network Topologies– Physical Layer
Router
Gateway
Bastion Host
Firewalls
IDS – Second line of defense
HIPS
Unified Threat Management
UMT Product Criteria
Protocols
TCP/IP Suite
Port and Protocol

Module 11 - Telephony, VPNs and Wireless
PSTN
Remote Access
Dial-Up Protocols and Authentication
Dial-Up Protocol – SLIP & PPP
Authentication Protocols – PAP, CHAP , EAP
Voice Over IP
Private Branch Exchange
PBX Vulnerabilities & Best Practices
Network Technologies
Tunneling Protocols – PPTP, L2TP, IPSec
Tunneling Protocols – PPTP
Wireless Technologies- Access Point
Standards Comparison
Wireless Network Topologies
TKIP