Scribd
Upload
255 views

Syllabus - CISSP

The document summarizes a 5-session bootcamp for preparing for the CISSP exam. The bootcamp will be taught by instructor Michael Shannon and will cover all CISSP exam domains at a fast pace over the five sessions. It includes an outline of the topics to be discussed in each session, which range from security governance, risk management, and cryptography to physical security, application security, and emerging technologies like virtualization, cloud computing and mobile/embedded devices.

Uploaded by

wfelicesc
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
255 views

Syllabus - CISSP

The document summarizes a 5-session bootcamp for preparing for the CISSP exam. The bootcamp will be taught by instructor Michael Shannon and will cover all CISSP exam domains at a fast pace over the five sessions. It includes an outline of the topics to be discussed in each session, which range from security governance, risk management, and cryptography to physical security, application security, and emerging technologies like virtualization, cloud computing and mobile/embedded devices.

Uploaded by

wfelicesc
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

The CISSP Bootcamp is a fast-paced, highly condensed, “11th hour” crash course for those students who

are getting ready to take the CISSP exam in the next few weeks. It is also an excellent course for those
who want to discover the depth and breadth of the exam and build their security knowledge foundation
for the real world. The course will cover the objectives, high-points and more difficult topics of all CISSP
domains.

The instructor for this bootcamp will be Michael J Shannon. Mr. Shannon began his IT career when he
transitioned from recording studio engineer to network technician for a major telecommunications
company in the early 1990’s. He soon began to focus on security and was one of the first 10 people to
attain the HIPAA Certified Security Specialist. Throughout his 30 years in IT he has worked as an
employee, contractor, and consultant for several companies including Platinum Technologies, Fujitsu,
IBM, State Farm, MindSharp, Thomson, Pearson, and Skillsoft among others. Mr. Shannon has authored
several books, training manuals, blog articles, and CBT modules over the years as well. He has attained
the CISSP, Security+, CCNP Security, Palo Alto PCNSE7, ITIL 4 Managing Professional, and OpenFAIR
security-related certifications, as well as other various cloud- based certifications.

Course Syllabus
Session 1
• Introduction to CISSP 2018
o The (ISC)2 organization
o (ISC)² Code of Ethics
o The (ISC)² Code of Ethics Preamble and Canons
o The CISSP exam and certification
• Security Governance
o The CIA triad
o Global governance and security governance
o Aligning security to business strategy
o External and internal influences
o Survey of business models and agreements
o Types of law and partnering with legal
• Privacy
o Protecting IP, PHI, and PII
o Licensing and digital rights management (DRM)
o Privacy laws and security frameworks
o Deperimeterization, due diligence, and due care
• Risk Management
o Asset inventory, labeling, handling, and ownership
o Categories and types of controls
o Data states and disposition
o Defining and handling risk
o Key performance and risk indicators
o Qualitative risk analysis
o Semi-quantitative and quantitative analysis
Session 2
• Cryptography and Cryptanalysis
o Ciphers and keys
o Perfect forward secrecy
o Integrity and cryptographic hashing
o Hashed message authentication codes (HMAC)
o Symmetric key cryptography
o Asymmetric key cryptography
o Cryptanalysis
o Digital signatures
• Public Key Infrastructure (PKI)
o Trusted third parties and certificate authorities
o CA trust hierarchies
o Chaining, revocation, and suspension
o OCSP stapling and certificate pinning
• Infrastructure Devices
o Zoning and compartmentalization
o Secure switches
o Wireless access points (WAP)
o Secure routers and multilayer switches
o Firewalls and WAFs
o IDS and IPS sensors
o EDR and next-generation endpoint security
o Proxies and SIEM systems
o Email gateways and DLP systems
o Encryption gateways
o VPN gateways and concentrators
o Content delivery (distribution) networking (CDN)
• Wireless Network Security
o Types of wireless networks
o WPA and WPA2
o WPA2 personal
o WPA2 enterprise

Session 3
• Physical Security
o Primary and secondary threats
o Protective barriers
o Security guards
o Signage and cameras
o Motion detection and lighting
o Locks and alarms
o Protecting sensitive areas
o Secure enclosures
o Evidence storage
o Environmental security controls
• Identity and Access Management
o Example solutions
o Account types
o Authentication tokens
o Biometric MFA
o Federated services and Single-sign-on (SSO)
• Security Principles and Design
o Principles of secure design
o Security lifecycles
o Patch, configuration, and change management
o Access control models and architectures

Session 4
• Security Policy
o Policies, standards, guidelines, and procedures
o Acceptable use policies (AUP)
o Security awareness training
o Personnel policies
o Malware and cybercrime policies
• Vulnerability Assessment and Analysis
o Identifying vulnerabilities
o Vulnerability assessment and scanning
o Protocol and network scanners
o Configuration and compliance scanning
o Common misconfigurations
o Gap analysis and expert judgment
o Security auditing and testing
• Business Continuity Planning (BCP)
o Continuity planning and terminology
o Business impact analysis (BIA)
o Disaster recovery planning
o Sites and testing
o Backups and restoration
o Lessons learned
o Incident response teams
o Forensic investigations
o Background investigations
o

Session 5
• Virtualization and Cloud Computing
o Virtualization concepts and types
o Virtualization attacks
o Cloud computing value propositions
o Cloud models and service types
• Application Security
o Design considerations and lifecycles
o Application threat modeling and DevSecOps
o Application development security controls
o SQli, XSS, and CSRF attacks and mitigation
o Secure development and coding
o Security Requirements Traceability Matrix (SRTM)
• Mobile Security
o Enterprise mobility management
o Mobile device management (MDM)
o Mobile application management (MAM)
o Jailbreaking vs. rooting
o Application sandboxing
o Mobility tokenization and biometrics
• Embedded Device Security
o Assessing embedded device vulnerabilities
o Common threats and issues
o Device security countermeasures

You might also like