CISSP/CISSO Certified Information Systems Security Officer
9/14/2020 - 9/18/2020COURSE LENGTH:
9:00am - 4:30pm
The CISSO addresses the broad range of industry best practices, knowledge and skills expected of a security manager/0fficer. The candidate will learn in-depth theory pertaining to the practical implementation of core security concepts, practices, monitoring and compliance in the full panorama of IS management. Through the use of a risk-based approach, the CISSO is able to implement and maintain cost-effective security controls that are closely aligned with both business and industry standards. Whether you’re responsible for the management of a Cyber Security team, a Security Officer, an IT auditor or a Business Analyst, the CISSO certification course is an ideal way to increase your knowledge, expertise and skill!
AUDIENCE AND PREREQUISITES
Upon completion, CISSO students will be able to establish industry acceptable Cyber Security & IS management standards with current best practices and will be prepared to take the CISSO exam.
The CISSO course is designed for a forwardthinking security professional or consultant that manages or plays a key role in an organization’s information security department.
- IS Security Officers
- IS Managers
- Risk Managers / Auditors
- Information Systems Owners
- IS Control Assessors
- System Managers
- 1 Year experience in at least 2 modules or 1 year in IS Management
- 1 year in IS Management
Course will run as a live-virtual class unless a minimum enrollment is reached.
The Certified Information Systems Security Officer exam is taken online through a Assessment and Certification System (“MACS”), The exam will take 2 hours and consist of 100 multiple choice questions. The cost is $400 USD.
Module 1: Risk Management Examples of Some Vulnerabilities that Are Not Always Obvious Control Effectiveness Risk Management Types of Risk Assessment Different Approaches to Analysis Quantitative Analysis ALE Values Uses Qualitative Analysis - Likelihood, Impact, Risk Level, & Steps Management’s Response to Identified Risks Comparing Cost and Benefit Cost of a CountermeasureModule 2 - Security Management Enterprise Security Program Building A Foundation Planning Horizon Components Enterprise Security Program Components Control Types Security Roadmap Senior Management’s Role in Security Security Program Components Employee Management Enforcement Module 3 - Authentication Agenda Accountability and Access Control Methodology / Administration Trusted Path Authentication Mechanisms Authorization Fraud Controls Biometrics Technology Passwords and PINs Synchronous Token Cryptographic Keys Memory Cards Major Components of Kerberos Module 4 - Access Control Role and layers of Access Control Preventive Control Types Control Administration, Combinations, Characteristics, Technical, and Physical Accountability Information Classification & Criteria Declassifying Information Models for Access Role-Based Access Control (RBAC) RADIUS TACACS+ Characteristics Diameter Characteristics Decentralized AccessModule 5 - Security Models and Evaluation Criteria System Protection Security Models State Machine Information Flow Bell-LaPadula Biba Clark-Wilso, Take-Grant, & Non-interface Model Brewer and Nash – Chinese Wall Trusted Computer System Evaluation Criteria (TCSEC) Evaluation Criteria - ITSEC Common Criteria First & Second Set of RequirementsModule 6 - Operations Security Rolls of Operations & Issues Administrator Access Computer Operations – Systems & Security Administrators Operational Assurance Audit and Compliance Logs and Monitoring Records Management Contingency Planning System Controls Remote Access Vulnerability Assessments, Methodology, & Penetration Testing Data Leakage Module 7 - Symmetric Cryptography and Hashing Cryptography Objectives & Definitions Cipher & Substitution Cipher Key and Concealment One-Time Pad Characteristics Binary Mathematical Function Key and Algorithm Relationship Ways of Breaking Cryptosystems – Brute Force & Frequency Encryption/Decryption Methods S-Boxes Used in Block Ciphers Type of Symmetric Cipher – Stream Cipher & Block Cipher Data Integrity Mechanisms MAC – SenderSecurity Issues in HashingBirthday AttackModule 8 - Asymmetric Cryptography and PKI Asymmetric Cryptography & Algorithm Symmetric versus Asymmetric Digital Signatures U.S. Government Standard PKI and Its Components CA and RA Roles Digital Certificates Steganography Key Management Link versus End-to-End Encryption E-mail StandardsSecure Protocols Secure Protocols Network Layer Protection IPSec Key ManageModule 9 - Network Connections Network Topologies– Physical Layer Router Gateway Bastion Host Firewalls IDS – Second line of defense HIPS Unified Threat Management UMT Product Criteria Protocols TCP/IP Suite Port and Protocol Module 11 - Telephony, VPNs and Wireless PSTN Remote Access Dial-Up Protocols and Authentication Dial-Up Protocol – SLIP & PPP Authentication Protocols – PAP, CHAP , EAP Voice Over IP Private Branch Exchange PBX Vulnerabilities & Best Practices Network Technologies Tunneling Protocols – PPTP, L2TP, IPSec Tunneling Protocols – PPTP Wireless Technologies- Access Point Standards Comparison Wireless Network Topologies TKIP