CISSP: Certified Information Systems Security Professional Training

Globally recognized, CISSP is a leading certification and internationally recognized information security certification designed for information security professionals. The CISSP examination measures the competence of candidates against an internationally accepted common body of knowledge encompassing eight (8) security domains which include: Security & Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations and Software Development Security.

THE EIGHT DOMAINS OF SECURITY COVERED IN CLASS:

Security & Risk Management

  • Confidentiality, Integrity & Availability
  • Security Governance – Alignment of security function to strategy, goals, mission and objectives; organizational processes; security roles and responsibilities; due care and due diligence
  • Compliance – Legislative and regulatory; privacy requirements compliance
  • Legal & Regulatory Issues Pertaining to Information Security in Global Context – Computer Crimes; Licensing and intellectual property; import/export controls; trans-border data flow; privacy; data breaches
  • Professional Ethics
  • Documented Security Policy, Standards, Procedures & Guidelines
  • Business Continuity Requirements
  • Personnel Security Policies
  • Risk Management Concepts
  • Threat Modeling – identifying; determining and diagramming potential attacks; reduction analysis; technologies and processes to remediate threats
  • Security Risk Considerations Integrated into Acquisition Strategy & Practice – hardware, software and services; third-party assessment and monitoring; minimum security requirements and service-level requirements
  • Information Security Education, Training & Awareness

Asset Security

  • Classify Information and Supporting Assets
  • Determine & Maintain Ownership
  • Data Privacy
  • Retention
  • Data Security Controls
  • Handling Requirements

Security Engineering

  • Engineering Processes Using Secure Design Principles
  • Concepts of Security Models
  • Controls & Countermeasures
  • Security Capabilities of Information Systems
  • Assess & Mitigate Vulnerabilities of Security Architectures, Designs & Solution Elements – client-based; server-based; database security; large-scale parallel systems; distributed systems; cryptographic systems; industrial control systems
  • Assess & Mitigate Vulnerabilities in Web-based Systems
  • Assess & Mitigate Vulnerabilities in Mobile Systems
  • Assess & Mitigate Vulnerabilities in in Embedded Devices & Cyber-Physical Systems
  • Apply Cryptography – life cycle; types; PKI; key management practices; digital signatures; digital rights management; non-repudiation; integrity; methods of cryptanalytic attacks
  • Secure Principles: Site and Facility Design
  • Design & Implement Physical Security

Communication & Network Security

  • Secure Design Principles Applied to Network Architecture – OSI and TCP/IP models; IP networking; implications of multilayer protocols; converged protocols; software-defined networks; wireless networks; cryptography used to maintain communication security
  • Secure Network Components – operation of hardware; transmission media; network access control devices; endpoint security; content-distribution networks; physical devices
  • Secure Communication Channels – voice; multimedia collaboration; remotes access; data communications; virtualized networks
  • Prevent or Mitigate Network Attacks

Identity & Access Management

  • Control Physical & Logical Access to Assets
  • Manage Identification & Authentication of People and Devices
  • Identity as a Service
  • Third-Party identity Services
  • Implement & Manage Authorization Mechanisms
  • Prevent or Mitigate Access Controls Attacks
  • Manage Identity & Access Provisioning Lifecycle

Security Assessment & Testing

  • Design & Validate Assessment & Test Strategies
  • Conduct Security Control Testing
  • Collect Security Process Data
  • Analyze & Report Test Outputs
  • Conduct or Facilitate Internal & Third Party Audits

Security Operations

  • Investigations – evidence collection and handling; reporting and documenting; investigative techniques; digital forensics
  • Requirements for Investigation Types – operations; criminal; civil; regulatory; eDiscovery
  • Logging & Monitoring Activities
  • Sure Provisioning of Resources
  • Foundational Security Operations Concepts
  • Resource protection Techniques
  • Incident Management
  • Operate & Maintain Preventative Measures
  • Patch & Vulnerability Management
  • Change Management Processes
  • Recovery Stages – backup storage strategies; recovery site strategies; multiple processing sites; system resilience, high availability, quality of service and fault tolerance
  • Disaster Recovery Processes
  • Test Disaster Recovery Plans
  • Business Continuity Planning & Exercises
  • Implement & Manage Physical Security
  • Address Personal Safety Concerns

Software Development Security

  • Security in the Software Development Lifecycle
  • Security Controls in Development Environments
  • Assess Effectiveness of Software Security
  • Assess Security Impact of Acquired Software

 

AND THERE’S MORE PERKS WITH THE CLASS:

  • Award-Winning Instructor
  • Instructor Certified in What They Teach
  • Instructor Who Is a Practitioner – Bringing Expertise and Real-World Experience to Classroom
  • Customized Courseware in Electronic and Hard Copy Forms
  • Practice Tests
  • Instructor Availability
  • And More

COURSE PREREQUISITES & ASSUMPTIONS:

  • This is a straight boot camp/certification prep and the exam voucher and exam are NOT included. Students shall arrange and pay for test at a later date via (ISC)² or PearsonVue. We would be happy to assist you if needed.
  • You possess 5 years of cumulative paid full-time security professional work experience in two or more of the eight domains of the (ISC)²® CISSP CBK®
  • Candidates who presently hold an active certification that appears on the ISC2 approved list may receive a one year experience waiver
  • Alternately, a four-year Baccalaureate degree or the regional equivalent may be substituted for one year of experience
  • No more than 1 year of total experience may be waived

Your Instructor:
Dave Chronister is co-founder and Managing Partner of Parameter Security, an ethical hacking firm. As a Certified Ethical Hacker and Certified Information Systems Security Professional, Chronister possesses deep security expertise in some of the most heavily regulated industries including financial services and healthcare. Specifically, Sarbanes Oxley (SOX), Gramm-Leach-Bliley Act (GLBA), Payment Card Industries (PCI), and the Health Insurance Portability and Accountability Act (HIPAA).

Cutting his teeth on technology at the age of 5, Chronister gained an instant attraction to the inner-workings of his computer. Before the age of 8, he wrote his first computer software program and by the time he was a teenager he ran one of St. Louis’ biggest networked bulletin board systems. It was at this time he experienced war dialing and first encountered the underground world of hacking.

During the course of his professional career, Chronister served as Architect for A.G Edwards’ electronic messaging system – the largest Exchange Server deployment at the time. At Cybersource, he was the technical liaison to the various credit card organizations, developing their payment card compliance standards. Additionally, working with numerous medical and dental practices, Chronister served as Technical Advisor helping these practices meet HIPAA compliance. Recently, he served as Chief Technology Officer for a $700 million dollar bank holding company for over 5 years prior to starting Parameter Security.

Chronister’s expertise has been featured on television’s CNN, Bloomberg TV, CNBC, Fox Business, ABC World News with Diane Sawyer, America Now with Leeza Gibbons, FOX 2 KTVI, KMOV Channel 4, KSDK News Channel 5 as well as several local radio stations. Also spotlighted in online and print publications such as FOX Business News, CNBC, CBS, Associated Press, CIO Magazine, Information Security Magazine, InfoWorld Magazine, Computerworld, Entrepreneur Magazine, Popular Science, American Banking Journal, BankNet 360, Bank News, Credit Union Tech Talk, The Kansas City Star, St. Louis Post-Dispatch, The Suburban Journal, St. Louis Business Journal, St. Louis Business Monthly and other publications. Plus, Chronister has written several articles for numerous industry publications. Chronister appears as a regular cybersecurity expert on Fox Business, CNBC, MSNBC, and CNN.