Welcome to ONLC Training Centers


CISSP On-Demand: CISSP Certified Information Systems Security Professional Course Outline

 (5 days)

**Note: This is an On-Demand Self Study Course, 5 days of content, 6-months unlimited access, $1795
(Applicable State and Local taxes may be added for On-Demand purchases, depending on your location.)**

About This Course
The Online On-Demand (self-study) training course includes expert lectures, PowerPoint visuals, demonstrations, labs, and study guide. You will be able to follow along and successfully complete the course by completing the quizzes and exams. You may take this course at any time and from any device, provided you have internet access.

Course Overview
This course will teach students about security and risk management, asset management, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security.Do You Still Prefer a Live, Instructor-led Class?

Do you Still Prefer a Live, Instructor-led Class?
Already know CISSP On-Demand is not right for you? We also offer this same course content in a live, instructor-led format. For more details, click on the links below:
CISSP: Certified Information System Security Professional

Duration
This course takes 5 days to complete and includes 15h 38m of video presentation plus practice labs.

Course Outline

Security and Risk Management
Confidentiality
Integrity
Availability
Security Governance Principles
Security Functions to Business Goals
Organizational Processes
Roles and Responsibilities
Security Control Frameworks
Due Care / Due Diligence
Compliance Requirements
Contracts, Legal, Industry Standards
Privacy Requirements
Legal and Regulatory - Global
Cyber Crimes and Data Breaches
Intellectual Property
Import / Export Controls
Trans-border Data Flows
Privacy
Professional Ethics
Security Policy, Standards, Procedures
Business Continuity
Document Scope and Plan
Business Impact Analysis
Personal Security Policies
Candidate Screening / Hiring
Employment Agreements / Polices
On-boarding / Termination Process
Vendor, Consultant, Contractor
Compliance Policy Requirements
Privacy Policy Requirements
Apply Risk Management
Threat Modeling Concepts / Methodology
Threat Modeling Categorizing Threats
Threat Modeling Generic Steps
Threat Modeling Analyzing Risk
Risk Management Hardware, Software
Risk Management 3rd Party Evaluations
Risk Management Minimum Security
Security Awareness and Training
Methods and Techniques
Periodic Content Reviews
Effectiveness Evaluations

Asset Management
Data Classification
Asset Classification
Asset Ownership
Data Owners
Data Processors
Data Remanence
Data Collection
Asset Retention
Record Retention
Data Security Controls
Scoping and Tailoring
Standards Selection
Data Protection Methods
Information / Asset Handling
Failure Examples
Storage Options

Security Architecture and Engineering
Engineering Processes and Secure Design
Closed / Open Systems
Closed / Open Source Code
Techniques / Confinement
Bounds
Process Isolation
Controls / MAC and DAC
Concepts of Security Models
Security Perimeter
Reference Monitors / Security Kernels
Various Models
Controls Based on Security Requirements
Rainbow Series
TCSEC
ITSEC / Common Criteria
Common Criteria
Security Capabilities of Information Systems
Virtualization
Trusted Platform Module
Assess / Mitigate Vulnerabilities
Local Caches
Server-Based Systems
Database Systems
Industrial Control Systems
Cloud-Based Systems
Distributed Systems
Internet of Things
Assess / Mitigate Vulnerabilities (Web)
Assess / Mitigate Vulnerabilities (Mobile)
Device Security
Application Security
Assess / Mitigate Vulnerabilities (Embedded)
Embedded / Static Systems
Securing Embedded / Static Systems
Apply Cryptography
Cryptographic Life Cycle
Cryptographic Methods
Symmetric Key
Asymmetric Key
Elliptic Curve
Public Key Infrastructure
Certificates
Key Management
Digital Signatures
Integrity - Hashing
Cryptanalytic Attacks
Digital Rights Management (DRM)
Site / Facility Security Principles
Site / Facility Security Controls
Server Rooms / Data Centers
Media Storage Facilities
Evidence Storage
Restricted and Work Area Security
Utilities and HVAC
Environmental Issues
Fire Prevention, Detection, and Suppression
Fire Extinguishers / Detection
Water Suppression / Gas Discharge

Communication and Network Security
Secure Design and Network Architecture
OSI Model
Encapsulation / Decapsulation
Physical / Data Link Layers
Network Layer
Transport Layer
Session Layer
Presentation Layer
Application Layer
IP Networking
TCP/IP
SYN / ACK / TCP
IP Classes
Multilayer Protocols
Converged Protocols
Wireless Networks
Secure SSID
Secure Encryption Protocols
Operation of Hardware
Firewalls
Firewall Inspection
Transmission Media
Baseband / Broadband
Twisted Pair
Network Access Controls
Network Access Controls - Concepts
Endpoint Security
Distribution Networks
Voice
PBX Fraud
Multimedia Collaboration
Remote Meeting
Securing Email
Remote Access
Remote Authentication
Virtualized Networks
VPN Protocols

Identity and Access Management
Information
Access Control Process
Logical and Technical Access Controls
Systems
Devices
Facilities
Identity Implementation
Single / Multi-factor Authentication
Service Authentication
Accountability
Session Management
Registration / Proofing Identity
Federated Identity Management
Common Language
Credential Management Systems
CyberArk
On-Premise
Cloud
Federated
Role-Based Access
Upsides / Downsides
Rule-Based Access
Mandatory Access
Discretionary Access
Attribute-based Access
Account Review
System Access Review
Provisioning

Security Assessment and Testing
Security Assessment / Testing
Security Assessments
External / Third Party
Auditing Standards
Vulnerability Assessment
Vulnerability Scans
Network Vulnerability Scans
Web Vulnerability Scans
Penetration Testing
Testing Options
Log Reviews
Synthetic Transaction
Code Review / Testing
Misuse Case Testing
Test Coverage Analysis
Interface Testing
Account Management
Management Review
Performance and Risk Indicators
Backup Verification
Training and Awareness
Analyze Test Output /Generate Reports
External Scan Report
Internal Aspects
External / 3rd Party Aspect

Security Operations
Evidence Collection
Network / Software / Hardware Analysis
Reporting and Documentation
Investigative Techniques
Gathering Evidence
Digital Forensics
Chain of Custody
Administrative Aspects
Criminal Investigations
Civil Investigations
Regulatory Investigations
SIEM
Deployment
Continuous Monitoring
Egress Monitoring
Tools to Assist
Asset Inventory
Asset Management
Cloud-Based Management
Configuration Management
Separation of Duties
Need to Know / Least Privilege
Separation of Privilege
Privileged Account Management
Job Rotation
Information Lifecycle
Key Phases of Data
Service Level Agreements
Media Management
Hardware / Software Asset Management
Software
Detection
Responsive
Reporting
Legal / Compliance
Recovery
Remediation
Lessons Learned
Firewalls
Intrusion Detection / Prevention
Knowledge / Behavior-Based
Network / Host-Based
Whitelisting / Blacklisting
Third-Party Security Services
Sandboxing
Honeypots/Honeynets
Anti-Malware
Patch / Vulnerability Management
Patch Management
Change Management
Security Impact Analysis
Backup Storage
Recovery Site Strategies
Business / Functional Unit Priorities
Crisis Management
Multiple Processing Sites
Options
Cloud Computing
High Availability / QoS
Hard Drives / Power Sources
QoS
Response
Personnel
Communications
Assessment
Restoration
Training and Awareness
Read-Through Checklists
Walk-Through (Table-Top)
Simulation Test
Parallel Test
Full Interruption
Perimeter Security
Fences, Gates and Lighting
Security Dogs
Internal Security Controls
Badges / Regulatory Requirements
Travel
Security Training and Awareness
Emergency Management
Duress

Software Development Security
Development Methodologies
Functional Requirements / Control Specifications
Design / Code Review
User Acceptance Testing / Change Management
Maturity Models
Agile / SW-CMM
Change Management
Integrated Product Team
Security of Software Environments
Development Security
Secure Coding Configuration Management
Code Repositories
Best Practices
Auditing and Logging
ODBC / NoSQL
Risk Analysis / Mitigation
Development Methodology
Tracking Progress / Repeat
Security Impact of Acquired Software
OWASP Key Considerations
Security Weaknesses / Vulnerabilities
Reconnaissance Attacks
Masquerading Attacks
API Security
Secure Coding Practices
Testing Options

View outline in Word

GCISSP

Attend hands-on, instructor-led CISSP On-Demand: CISSP Certified Information Systems Security Professional training classes at ONLC's more than 300 locations. Not near one of our locations? Attend these same live classes from your home/office PC via our Remote Classroom Instruction (RCI) technology.

For additional training options, check out our list of Courses and select the one that's right for you.

Microsoft Gold Partner

Price:$1795

Need a price quote?

Follow the link to our self-service price quote form to generate an email with a price quote.

Attend computer classes from ONLC Training Centers Request a copy via mail

GENERAL INFO

Class Format
Class Policies
Student Reviews

Bookmark and Share


HAVE QUESTIONS?
First Name

Last Name

Company

Phone

Email

Location

Question/Comment



ONLC TRAINING CENTERS
800-288-8221
www.onlc.com