HERY PURNAMA 081-223344-506 IS A CERTIFIED TRAINER FOR TRAINING : CISSP , CISA, CISM, CDPSE, CRISC, CCISO, CDMP, CTFL , ITILF IN JAKARTA BANDUNG INDONESIA (inhousetrainer.net).
SYLLABUS TRAINING ,
Certified Information Systems Security Professional (CISSP)
Durations :
5 Days (09.00 – 16.00)
Descriptions :
The CISSP certification training develops your expertise in defining the IT architecture and in designing, building, and maintaining a secure business environment using globally approved information security standards. The CISSP training covers industry best practices and prepares you for the CISSP certification exam held by (ISC)².
A CISSP certification validates your skills in IT security. Cybersecurity Ventures predicts a total of 3.5 million Cyber Security jobs by 2021. The global Cyber Security market is expected to reach USD $282.3 Billion by 2024, growing at a rate of 11.1-percent annually.
Objectives :
This Certified Information Systems Security Professional (CISSP) certification course. To obtain the CISSP certification, candidates need to pass an exam that consists of mostly multiple-choice questions. The purpose of this course is to prepare you for the certification exam by introducing you to the concepts and terminology you need to know to pass.
This course is designed to provide you with extensive knowledge, learning strategies, and instructor support along the way. In addition to the exam, you must meet a few other requirements in order to become a Certified Information Systems Security Professional. You must demonstrate that you follow the CISSP Code of Ethics, have a minimum of five years full-time paid work experience in the systems security field, and hold an IS or IT degree. With that in mind, before enrolling in this course, be sure that this is the right course for you.
This course is designed for people who want to become certified security professionals and are looking for jobs that require the CISSP certification. The prerequisites for this course are basic knowledge in networking and some knowledge of systems operations. Throughout this course, you will learn about the basics of asset security, cryptography, security and risk management, and various threats and attacks. This is a theoretical course — not a practical one — and we will cover many regulations, laws, policies, standards, and encryption protocols. With the flashcards, interactive diagrams, video lessons, and instructor support included with this course, you are equipped with everything you need to successfully pass the exam and earn your CISSP certification.
Participants :
The CISSP Course is ideal for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the following positions:
• Chief Information Security Officer
• Chief Information Officer
• Director of Security
• IT Director/Manager
• Security Systems Engineer
• Security Analyst
• Security Manager
• Security Auditor
• Security Architect
• Security Consultant
• Network Architect
Prerequisites :
Roughly five years of direct full-time security work experience is recommended, but not required
Outlines :
DAY 1
CISSP Introduction
DOMAIN 1 : SECURITY AND RISK MANAGEMENT
Understand and Apply Concepts of Confidentiality, Integrity, and Availability
Information Security
Evaluate and Apply Security Governance Principles
Alignment of Security Functions to Business Strategy, Goals, Mission,
and Objectives
Vision, Mission, and Strategy
Governance
Due Care
Determine Compliance Requirements
Legal Compliance
Jurisdiction
Legal Tradition
Legal Compliance Expectations
Understand Legal and Regulatory Issues That Pertain to Information Security in a
Global Context
Cyber Crimes and Data Breaches
Privacy
Understand, Adhere to, and Promote Professional Ethics
Ethical Decision-Making
Established Standards of Ethical Conduct
(ISC)² Ethical Practices
Develop, Document, and Implement Security Policy, Standards, Procedures,
and Guidelines
Organizational Documents
Policy Development
Policy Review Process
Identify, Analyze, and Prioritize Business Continuity Requirements
Contribute to and Enforce Personnel Security Policies and Procedures
Understand and Apply Risk Management Concepts
Understand and Apply Threat Modeling Concepts and Methodologies
Apply Risk-Based Management Concepts to the Supply Chain
Establish and Maintain a Security Awareness, Education, and Training Program
Questions & Answers
DOMAIN 2 : ASSET SECURITY
Asset Security Concepts
Data Policy
Data Governance
Data Quality
Data Documentation
Data Organization
Identify and Classify Information and Assets
Asset Classification
Determine and Maintain Information and Asset Ownership
Asset Management Lifecycle
Software Asset Management
Protect Privacy
Cross-Border Privacy and Data Flow Protection
Data Owners
Data Controllers
Data Processors
Data Stewards
Data Custodians
Data Remanence
Data Sovereignty
Data Localization or Residency
Government and Law Enforcement Access to Data
Collection Limitation
Understanding Data States
Data Issues with Emerging Technologies
Ensure Appropriate Asset Retention
Retention of Records
Determining Appropriate Records Retention
Retention of Records in Data Lifecycle
Records Retention Best Practices
Determine Data Security Controls
Technical, Administrative, and Physical Controls
Establishing the Baseline Security
Scoping and Tailoring
Standards Selection
Data Protection Methods
Establish Information and Asset Handling Requirements
Marking and Labeling
Handling
Declassifying Data
Storage
Questions & Answers
DAY 2
DOMAIN 3: SECURITY ARCHITECTURE AND ENGINEERING
Implement and Manage Engineering Processes Using Secure Design Principles
Saltzer and Schroeder’s Principles
ISO/IEC
Defense in Depth
Using Security Principles
Understand the Fundamental Concepts of Security Models
Select Controls Based upon Systems Security Requirements
Understand Security Capabilities of Information Systems
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and
Assess and Mitigate Vulnerabilities in Web-Based Systems
Assess and Mitigate Vulnerabilities in Mobile Systems
Insecure Devices
Mobile Device Management
Assess and Mitigate Vulnerabilities in Embedded Devices
Apply Cryptography
Cryptographic Lifecycle
Cryptographic Methods
Public Key Infrastructure
Key Management Practices
Digital Signatures
Non-Repudiation
Integrity
Understand Methods of Cryptanalytic Attacks
Digital Rights Management
Apply Security Principles to Site and Facility Design
Implement Site and Facility Security Controls
Physical Access Controls
Wiring Closets/Intermediate Distribution Facilities
Server Rooms/Data Centers
Media Storage Facilities
Evidence Storage
Restricted and Work Area Security
Utilities and Heating, Ventilation, and Air Conditioning
Environmental Issues
Fire Prevention, Detection, and Suppression
Questions & Answers
DOMAIN 4 : COMMUNICATION AND NETWORK SECURITY
Implement Secure Design Principles in Network Architectures
Open Systems Interconnection and Transmission Control
Internet Protocol Networking
Implications of Multilayer Protocols
Converged Protocols
Software-Defined Networks
Wireless Networks
Internet, Intranets, and Extranets
Demilitarized Zones
Virtual LANs
Secure Network Components
Firewalls
Network Address Translation
Intrusion Detection System
Security Information and Event Management
Network Security from Hardware Devices
Transmission Media
Endpoint Security
Implementing Defense in Depth
Content Distribution Networks
Implement Secure Communication Channels According to Design
Secure Voice Communications
Multimedia Collaboration
Remote Access
Data Communications
Virtualized Networks
Questions & Answers
DAY 3
DOMAIN 5 : IDENTITY AND ACCESS MANAGEMENT
Control Physical and Logical Access to Assets
Information
Systems
Devices
Facilities
Manage Identification and Authentication of People, Devices, and Services
Identity Management Implementation
Single Factor/Multifactor Authentication
Accountability
Session Management
Registration and Proofing of Identity
Federated Identity Management
Credential Management Systems
Integrate Identity as a Third-Party Service
On-Premise
Cloud
Federated
Implement and Manage Authorization Mechanisms
Role-Based Access Control
Rule-Based Access Control
Mandatory Access Control
Discretionary Access Control
Attribute-Based Access Control
Manage the Identity and Access Provisioning Lifecycle
User Access Review
System Account Access Review
Provisioning and Deprovisioning
Auditing and Enforcement
Questions & Answers
DAY 4
DOMAIN 6 : SECURITY ASSESSMENT AND TESTING
Design and Validate Assessment, Test, and Audit Strategies
Assessment Standards
Conduct Security Control Testing
Vulnerability Assessment
Penetration Testing
Log Reviews
Synthetic Transactions
Code Review and Testing
Misuse Case Testing
Test Coverage Analysis
Interface Testing
Collect Security Process Data
Account Management
Management Review and Approval
Key Performance and Risk Indicators
Backup Verification Data
Training and Awareness
Disaster Recovery and Business Continuity
Analyze Test Output and Generate Report
Conduct or Facilitate Security Audits
Internal Audits
External Audits
Third-Party Audits
Integrating Internal and External Audits
Auditing Principles
Audit Programs
Questions & Answers
DOMAIN 7: SECURITY OPERATIONS
Understand and Support Investigations
Evidence Collection and Handling
Reporting and Documentation
Investigative Techniques
Digital Forensics Tools, Techniques, and Procedures
Understand Requirements for Investigation Types
Administrative
Criminal
Civil
Regulatory
Industry Standards
Conduct Logging and Monitoring Activities
Define Auditable Events
Time
Protect Logs
Intrusion Detection and Prevention
Security Information and Event Management
Continuous Monitoring
Ingress Monitoring
Egress Monitoring
Securely Provision Resources
Asset Inventory
Asset Management
Configuration Management
Understand and Apply Foundational Security Operations Concepts
Need to Know/Least Privilege
Separation of Duties and Responsibilities
Privileged Account Management
Job Rotation
Information Lifecycle
Service Level Agreements
Apply Resource Protection Techniques to Media
Marking
Protecting
Transport
Sanitization and Disposal
Conduct Incident Management
An Incident Management Program
Detection
Response
Mitigation
Reporting
Recovery
Remediation
Lessons Learned
Third-Party Considerations
Operate and Maintain Detective and Preventative Measures
White-listing/Black-listing
Third-Party Security Services
Honeypots/Honeynets
Anti-Malware
Implement and Support Patch and Vulnerability Management
Understand and Participate in Change Management Processes
Implement Recovery Strategies
Backup Storage Strategies
Recovery Site Strategies
Multiple Processing Sites
System Resilience, High Availability, Quality of Service, and Fault Tolerance
Implement Disaster Recovery Processes
Response
Personnel
Communications
Assessment
Restoration
Training and Awareness
Test Disaster Recovery Plans
Read-Through/Tabletop
Walk-Through
Simulation
Parallel
Full Interruption
Participate in Business Continuity Planning and Exercises
Implement and Manage Physical Security
Physical Access Control
The Data Center
Address Personnel Safety and Security Concerns
Travel
Duress
Questions & Answers
DAY 5
DOMAIN 8: SOFTWARE DEVELOPMENT SECURITY
Understand and Integrate Security in the Software Development Lifecycle
Development Methodologies
Maturity Models
Operations and Maintenance
Change Management
Integrated Product Team
Identify and Apply Security Controls in Development Environments
Security of the Software Environment
Configuration Management as an Aspect of Secure Coding
Security of Code Repositories
Assess the Effectiveness of Software Security
Logging and Auditing of Changes
Risk Analysis and Mitigation
Assess the Security Impact of Acquired Software
Acquired Software Types
Software Acquisition Process
Relevant Standards
Software Assurance
Certification and Accreditation
Define and Apply Secure Coding Standards and Guidelines
Security Weaknesses and Vulnerabilities at the
Security of Application Programming Interfaces
Secure Coding Practices
Questions & Answers