Description
Instructor-led classroom or live virtual
**NEW** CISSP preparation video
Summary Students in this 5-day course will come away with a thorough understanding of IT Security through the perspective of ISC2 and the CISSP Common Body of Knowledge (CBK), and will be prepared to take the CISSP exam.
COURSE FORMAT: Instructor-led classroom or live virtual
AUDIENCE: Professionals seeking comprehensive knowledge of security and/or CISSP certification:
- Security Consultant
- Security Manager
- IT Director/Manager
- Security Auditor
- Security Architect
- Security Analyst
- Security Systems Engineer
- Chief Information Security Officer
- Director of Security
- Network Architect
PREREQUISITES
- There are no prerequisites to attend the seminar, however participants that plan to take the CISSP exam must meet mandatory experience requirements. 5 years of experience in 2 of the 10 domains.
- Those without necessary experience can take Associate of ISC2 certification or C)ISSO Mile2 certification
STUDENT MATERIALS:
- Course Manual
- BONUS ***Electronic Prep guide to pass the CISSP exam. Kevin Henry (Author of both the Official ISC2 CISSP Book)
- BONUS ***CBT video that covers the entire course. (Value $550)
- C)ISSO Exam
- C)ISSO prep test exam engine (Value $50)
CONTINUING PROFESSIONAL EDUCATION (CPEs):
- This course can be submitted to (ISC)2, ISACA, SANS and other professional organizations that require CPE credits
- 40 CPE credits are obtained by submitting a copy of your course completion certificate that we provide
UPON COMPLETION:
- Have knowledge concerning the 10 CBK® Domains of the CISSP®
- Ready to sit the CISSP® exam
- Ready to sit for mile2’s C)ISSO exam
CISSP EXAM INFORMATION:
- CISSP® Exam: The CISSP® is a 4 hour exam proctored by ISC2. You must have both industry experiences as well as have an acceptable passing score under ISC2 standards.
- Exams are purchased and administered through Pearson VUE
C)ISSO EXAM INFORMATION:
- C)ISSO exam voucher is provided at no additional expense.
- The C)ISSO exam is taken online through mile2’s Assessment and Certification System “MACS”
- C)ISSO exam is 2 hours long/100 questions.
- C)ISSO is internationally accredited by the NSA CNSS* and is recognized by Canada’s Department of Defense.
- C)ISSO pass information is provided immediately and each passing student will receive an official mile2 Certificate with the NSA CNSS logo (attached).
- All passing C)ISSO student names are simultaneous loaded on the external facing student search button on mile2 to validate their certification.
- All C)ISSO students will have a deeper understanding on DND’s Information Systems Management methodology.
- *NSTISSI-4011 National Training Standard for Information Systems Security (INFOSEC)
LEARNING OBJECTIVES: The CISSP course covers in detail, the following ten domains:
- Access Control
- Telecommunications and Network Security
- Information Security Governance and Risk Management
- Software Development Security
- Cryptography
- Security Architecture and Design
- Operations Security
- Business Continuity and Disaster Recovery Planning
- Legal, Regulations, Investigations and Compliance
- Physical (Environmental) Security
COURSE DETAILS (This course expands the 10 CBK® Domains to 19 bite-sized modules) Module 0: Course Overview Module 1: Security Management Practices Module 2: Access Control Module 3: Cryptography Module 4: Physical Security Module 5: Security Architecture & Modules Module 6: Legal & Compliance Module 7: Telecommunications & Network Module 8: Business Continuity Objectives Module 9: Application & System development Module 10: Operations Security (Expanded modules introduced in the C)ISSO) Module 1: Risk Management Module 2: Security Management Module 3: Identification and Authentication Module 4: Access Control Module 5: Security Models and Evaluation Criteria Module 6: Operations Security Module 7: Symmetric Cryptography and Hashing Module 8: Asymmetric Cryptography and PKI Module 9: Network Connections Module 10: Network Protocols and Devices Module 11: Telephony, VPNs and Wireless Module 12: Security Architecture and Attacks Module 13: Software Development Security Module 14: Database Security and System Development Module 15: Malware and Software Attacks Module 16: Business Continuity Module 17: Disaster Recovery Module 18: Incident Management, Law, and Ethics Module 19: Physical Security DETAILED DESCRIPTION Module 1 – Risk Management
- What Is the Value of an Asset?
- What Is a Threat Source/Agent?
- What Is a Threat?
- What Is a Vulnerability?
- Examples of Some Vulnerabilities that Are Not Always Obvious
- What Is a Control?
- What Is Likelihood?
- What Is Impact?
- Control Effectiveness
- Risk Management
- Purpose of Risk Management
- Risk Assessment
- Why Is Risk Assessment Difficult?
- Types of Risk Assessment
- Different Approaches to Analysis
- Quantitative Analysis
- ALE Values Uses
- Qualitative Analysis – Likelihood
- Qualitative Analysis – Impact
- Qualitative Analysis – Risk Level
- Qualitative Analysis Steps
- Management’s Response to Identified Risks
- Comparing Cost and Benefit
- Cost of a Countermeasure
Module 2 – Security Management
- Enterprise Security Program
- Building A Foundation
- Planning Horizon Components
- Enterprise Security – The Business Requirements
- Enterprise Security Program Components
- Control Types
- “Soft” Controls
- Technical or Logical Controls
- Physical Controls
- Security Roadmap
- Senior Management’s Role in Security
- Negligence and Liability
- Security Roles and Responsibilities
- Security Program Components
- Security and the Human Factors
- Employee Management
- Human Resources Issues
- Importance to Security?
- Recruitment Issues
- Termination of Employment
- Informing Employees
- About Security
- Enforcement
- Security Enforcement Issues
Module 3 – Authentication
- Agenda
- Access Control Methodology
- Access Control Administration
- Accountability and Access Control
- Trusted Path
- Who Are You?
- Authentication Mechanisms
- Strong Authentication
- Authorization
- Access Criteria
- Fraud Controls
- Access Control Mechanisms
- Agenda
- Biometrics Technology
- Biometrics Enrollment Process
- Downfalls to Biometric Use
- Biometrics Error Types
- Biometrics Diagram
- Biometric System Types
- Agenda
- Passwords and PINs
- Password “Shoulds”
- Password Attacks
- Countermeasures for Password Cracking
- Cognitive Passwords
- One-Time Password Authentication
- Agenda
- Synchronous Token
- Asynchronous Token Device
- Cryptographic Keys
- Passphrase Authentication
- Memory Cards
- Smart Card
- Agenda
- Single Sign-on Technology
- Different Technologies
- Scripts as a Single Sign-on Technology
- Directory Services as a Single Sign-on Technology
- Thin Clients
- Kerberos as a Single Sign-on Technology
- Tickets
- Kerberos Components Working Together
- Major Components of Kerberos
- Kerberos Authentication Steps
- Why Go Through All of this Trouble?
- Issues Pertaining to Kerberos
- SESAME as a Single Sign-on Technology
- Federated Authentication
- Agenda
- IDS
- Network IDS Sensors
- Types of IDSs
- Behavior-Based IDS
- IDS Response Mechanisms
- IDS Issues
- Trapping an Intruder
Module 4 – Access Control
- Role of Access Control
- Definitions
- More Definitions
- Layers of Access Control
- Layers of Access Controls
- Access Control Mechanism Examples
- Access Control Characteristics
- Preventive Control Types
- Control Combinations
- Administrative Controls
- Controlling Access
- Other Ways of Controlling Access
- Technical Access Controls
- Physical Access Controls
- Accountability
- Information Classification
- Information Classification Criteria
- Declassifying Information
- Types of Classification Levels
- Models for Access
- Discretionary Access Control Model
- Enforcing a DAC Policy
- Mandatory Access Control Model
- MAC Enforcement Mechanism – Labels
- Where Are They Used?
- Role-Based Access Control (RBAC)
- Acquiring Rights and Permissions
- Rule-Based Access Control
- Access Control Matrix
- Access Control Administration
- Access Control Methods
- Remote Centralized Administration
- RADIUS Characteristics
- RADIUS
- TACACS+ Characteristics
- Diameter Characteristics
- Decentralized Access
- Control Administration
Module 5 – Security Models and Evaluation Criteria
- System Protection– Reference Monitor
- System Protection – Trusted Computing Base
- Security Kernel Requirements
- Security Modes of Operation
- System Protection– Levels of Trust
- System Protection– Process Isolation
- System Protection – Layering
- System Protection – Application Program Interface
- System Protection- Protection Rings
- What Does It Mean to Be in a Specific Ring?
- Security Models
- State Machine
- Information Flow
- Bell-LaPadula
- Rules of Bell-LaPadula
- Biba
- Clark-Wilson Model
- Non-interference Model
- Brewer and Nash – Chinese Wall
- Take-Grant Model
- Trusted Computer System Evaluation Criteria (TCSEC)
- TCSEC Rating Breakdown
- Evaluation Criteria – ITSEC
- ITSEC Ratings
- ITSEC – Good and Bad
- Common Criteria
- Common Criteria Components
- First Set of Requirements
- Second Set of Requirements
- Package Ratings
- Common Criteria Outline
- Certification vs. Accreditation
Module 6 – Operations Security
- Operations Issues
- Role of Operations
- Administrator Access
- Computer Operations – Systems Administrators
- Security Administrator
- Operational Assurance
- Audit and Compliance
- Some Threats to Computer Operations
- Specific Operations Tasks
- Product Implementation Concerns
- Logs and Monitoring
- Records Management
- Change Control
- Resource Protection
- Contingency Planning
- System Controls
- Trusted Recovery
- Fault-Tolerance Mechanisms
- Duplexing, Mirroring, Check Pointing
- Redundant Array of Independent Disks (RAID)
- Fault Tolerance
- Redundancy Mechanism
- Backups
- Backup Types
- Remote Access
- Facsimile Security
- Email Security
- Before Carrying Out Vulnerability Testing
- Vulnerability Assessments
- Methodology
- Penetration Testing
- Penetration Testing
- Hack and Attack Strategies
- Protection Mechanism – Honeypot
- Threats to Operations
- Data Leakage – Social Engineering
- Data Leakage – Object Reuse
- Object Reuse
- Why Not Just Delete File or Format the Disk?
- Data Leakage – Keystroke Logging
- Data Leakage – Emanation
- Controlling Data Leakage – TEMPEST
- Controlling Data Leakage – Control Zone
- Controlling Data Leakage – White Noise
- Summary
Module 7 – Symmetric Cryptography and Hashing
- Cryptography Objectives
- Cryptographic Definitions
- A Few More Definitions
- Need Some More Definitions?
- Symmetric Cryptography – Use of Secret Keys
- Cryptography Uses Yesterday and Today
- Historical Uses of Symmetric Cryptography
- Historical Uses of Symmetric Cryptography – Scytale Cipher
- Historical Uses of Symmetric Cryptography: Substitution Cipher
- Caesar Cipher Example
- Historical Uses of Symmetric Cryptography: Vigenere Cipher
- Polyalphabetic Substitution
- Vigenere Table Example
- Example Continued
- Historical Uses of Symmetric Cryptography: Enigma Machine
- Historical Uses of Symmetric Cryptography: Vernam Cipher
- Historical Uses of Symmetric Cryptography: Running Key and Concealment
- One-Time Pad Characteristics
- Binary Mathematical Function
- Key and Algorithm Relationship
- Why Does a 128-Bit Key Provide More Protection than a 64-Bit Key?
- Ways of Breaking Cryptosystems – Brute Force
- Ways of Breaking Cryptosystems – Frequency Analysis
- Determining Strength in a Cryptosystem
- Characteristics of Strong Algorithms
- Open or Closed More Secure?
- Types of Ciphers Used Today
- Encryption/Decryption Methods
- Type of Symmetric Cipher – Block Cipher
- S-Boxes Used in Block Ciphers
- Type of Symmetric Cipher – Stream Cipher
- Encryption Process
- Symmetric Characteristics
- Sender and Receiver Must Generate the Same Keystream
- They both must have the same key and IV
- Strength of a Stream Cipher
- Let’s Dive in Deeper
- Symmetric Key Cryptography
- Symmetric Key Management Issue
- Symmetric Algorithm Examples
- Symmetric Downfalls
- Secret Versus Session Keys
- Symmetric Ciphers We Will Dive Into
- Symmetric Algorithms – DES
- Evolution of DES
- Block Cipher Modes – CBC
- Different Modes of Block Ciphers – ECB
- Block Cipher Modes – CFB and OFB
- CFB and OFB Modes
- Symmetric Cipher – AES
- Other Symmetric Algorithms
- Hashing Algorithms
- Protecting the Integrity of Data
- Data Integrity Mechanisms
- Weakness in Using Only Hash Algorithms
- More Protection in Data Integrity
- MAC – Sender
- MAC – Receiver
- Security Issues in Hashing
- Birthday Attack
- Example of a Birthday Attack
Module 8 – Asymmetric Cryptography and PKI
- Asymmetric Cryptography
- Public Key Cryptography Advantages
- Asymmetric Algorithm Disadvantages
- Symmetric versus Asymmetric
- Asymmetric
- Asymmetric Algorithm – Diffie-Hellman
- Asymmetric Algorithm – RSA
- Asymmetric Algorithms – El Gamal and ECC
- Example of Hybrid Cryptography
- When to Use Which Key
- Using the Algorithm Types Together
- Digital Signatures
- Digital Signature and MAC Comparison
- What if You Need All of the Services?
- U.S. Government Standard
- Why Do We Need a PKI?
- PKI and Its Components
- CA and RA Roles
- Let’s Walk Through an Example
- Digital Certificates
- What Do You Do with a Certificate?
- Components of PKI – Repository and CRLs
- Steganography
- Key Management
- Link versus End-to-End Encryption
- End-to-End Encryption
- E-mail Standards
- Encrypted message
- Secure Protocols
- SSL and the OSI Model
- SSL Hybrid Encryption
- SSL Connection Setup
- Secure E-mail Standard
- SSH Security Protocol
- Network Layer Protection
- IPSec Key Management
- Key Issues Within IPSec
- IPSec Handshaking Process
- SAs in Use
- IPSec Is a Suite of Protocols
- IPSec Modes of Operation
- IPsec Modes of Operation
- Attacks on Cryptosystems
- More Attacks
Module 9 – Network Connections
- Network Topologies– Physical Layer
- Topology Type – Bus
- Topology Type – Ring
- Topology Type – Star
- Network Topologies – Mesh
- Summary of Topologies
- LAN Media Access Technologies
- One Goal of Media Access Technologies
- Transmission Types – Analog and Digital
- Transmission Types – Synchronous and Asynchronous
- Transmission Types – Baseband and Broadband
- Two Types of Carrier Sense Multiple Access
- Transmission Types– Number of Receivers
- Media Access Technologies – Ethernet
- Media Access Technologies – Token Passing
- Media Access Technologies – Polling
- Cabling
- Signal and Cable Issues
- Cabling Types – Coaxial
- Cabling Types – Twisted Pair
- Types of Cabling – Fiber
- Cabling Issues – Plenum-Rated
- Types of Networks
- Network Technologies
- Network Technologies
- Network Configurations
- MAN Technologies – SONET
- Wide Area Network Technologies
- WAN Technologies Are Circuit or Packet Switched
- WAN Technologies – ISDN
- ISDN Service Types
- WAN Technologies – DSL
- WAN Technologies– Cable Modem
- WAN Technologies– Packet Switched
- WAN Technologies – X.25
- WAN Technologies – Frame Relay
- WAN Technologies – ATM
- Multiplexing
Module 10 – Network Protocols and Devices
- OSI Model
- An Older Model
- Data Encapsulation
- OSI – Application Layer
- OSI – Presentation Layer
- OSI – Session Layer
- Transport Layer
- OSI – Network Layer
- OSI – Data Link
- OSI – Physical Layer
- Protocols at Each Layer
- Devices Work at Different Layers
- Networking Devices
- Repeater
- Hub
- Bridge
- Switch
- Virtual LAN
- Router
- Gateway
- Bastion Host
- Firewalls
- Firewall – First line of defense
- Firewall Types – Packet Filtering
- Firewall Types – Proxy Firewalls
- Firewall Types – Circuit-Level Proxy Firewall
- Type of Circuit- Level Proxy – SOCKS
- Firewall Types – Application-Layer Proxy
- Firewall Types – Stateful
- Firewall Types – Dynamic Packet-Filtering
- Firewall Types – Kernel Proxies
- Firewall Placement
- Firewall Architecture Types – Screened Host
- Firewall Architecture Types – Multi- or Dual-Homed
- Firewall Architecture Types – Screened Subnet
- IDS – Second line of defense
- IPS – Last line of defense?
- HIPS
- Unified Threat Management
- UMT Product Criteria
- Protocols
- TCP/IP Suite
- Port and Protocol
- Relationship
- Conceptual Use of Ports
- UDP versus TCP
- Protocols – ARP
- Protocols – ICMP
- Protocols – SNMP
- Protocols – SMTP
- Protocols – FTP, TFTP, Telnet
- Protocols – RARP and BootP
- Network Service – DNS
- Network Service – NAT
Module 11 – Telephony, VPNs and Wireless
- PSTN
- Remote Access
- Dial-Up Protocols and Authentication
- Protocols
- Dial-Up Protocol – SLIP
- Dial-Up Protocol – PPP
- Authentication Protocols – PAP and CHAP
- Authentication Protocol – EAP
- Voice Over IP
- Private Branch Exchange
- PBX Vulnerabilities
- PBX Best Practices
- Virtual Private
- Network Technologies
- What Is a Tunnelling Protocol?
- Tunnelling Protocols – PPTP
- Tunnelling Protocols – L2TP
- Tunnelling Protocols – IPSec
- IPSec – Network Layer Protection
- IPSec
- IPSec
- SSL/TLS
- Wireless Technologies– Access Point
- Standards Comparison
- Wireless Network Topologies
- Wi-Fi Network Types
- Wireless Technologies – Access Point
- Wireless Technologies – Service Set ID
- Wireless Technologies – Authenticating to an AP
- Wireless Technologies – WEP
- WEP
- Wireless Technologies –
- More WEP Woes
- Weak IV Packets
- More WEP Weaknesses
- How WPA Improves on WEP
- How WPA Improves on WEP
- TKIP
- The WPA MIC Vulnerability
- 802.11i – WPA2
- WPA and WPA2 Mode Types
- WPA-PSK Encryption
- Wireless Technologies – WAP
- Wireless Technologies – WTLS
- Wireless Technologies – Common Attacks
- Wireless Technologies – War Driving
- Kismet
- Wireless Technologies – Countermeasures
- Network Based Attacks
- ARP Attack
- DDoS Issues
- Man-in-the Middle
- Traceroute Operation
Module 12 – Security Architecture and Attacks
- ESA Definition…
- What is Architecture?
- Architecture Components
- Key Architecture Concepts – Plan
- Objectives of Security Architecture
- Technology Domain Modeling
- Integrated Security is Designed Security
- Security by Design
- Architectural Models
- Virtual Machines
- Cloud Computing
- Memory Types
- Virtual Memory
- Memory Management
- Accessing Memory Securely
- Different States that Processes Work In
- System Functionality
- Types of Compromises
- Disclosing Data in an Unauthorized Manner
- Circumventing Access Controls
- Attacks
- Attack Type – Race Condition
- Attack Type – Data Validation
- Attacking Through Applications
- How Buffers and Stacks Are Supposed to Work
- How a Buffer Overflow Works
- Attack Characteristics
- Attack Types
- More Attacks
- Host Name Resolution Attacks
- More Attacks (2)
- Watching Network Traffic
- Traffic Analysis
- Cell Phone Cloning
- Illegal Activities
Module 13 – Software Development Security
- How Did We Get Here?
- Device vs. Software Security
- Why Are We Not Improving at a Higher Rate?
- Usual Trend of Dealing with Security
- Where to Implement Security
- The Objective
- Security of Embedded Systems
- Development Methodologies
- Maturity Models
- Security Issues
- OWASP Top Ten (2011)
- Modularity of Objects
- Object-Oriented Programming Characteristic
- Module Characteristics
- Linking Through COM
- Mobile Code with Active Content
- World Wide Web OLE
- ActiveX Security
- Java and Applets
- Common Gateway Interface
- How CGI Scripts Work
- Cookies
- PCI Requirements
- Virtualization – Type 1
- Virtualization – Type 2
Module 14 – Database Security and System Development
- Database Model
- Database Models – Hierarchical
- Database Models – Distributed
- Database Models – Relational
- Database Systems
- Database Models – Relational Components
- Foreign Key
- Database Component
- Database Security Mechanisms
- Database Data Integrity Controls
- Add-On Security
- Database Security Issues
- Controlling Access
- Database Integrity
- Data Warehousing
- Data Mining
- Artificial Intelligence
- Expert System Components
- Artificial Neural Networks
- Software Development Models
- Project Development – Phases III, IV, and V
- Project Development–Phases VI and VII
- Verification versus Validation
- Evaluating the Resulting Product
- Controlling How Changes Take Place
- Change Control Process
- Administrative Controls
- Malware
- Virus
- More Malware
- Rootkits and Backdoors
- DDoS Attack Types
- Escalation of Privilege
- Protect against privilege escalation
- DDoS Issues
- DDoS
- Buffer Overflow Definition
- Overflow Illustration
- Mail Bombing
- E-Mail Links
- Phishing
- Spear Phishing
- Replay Attack
- Cross-Site Scripting Attack
- Timing Attacks
- More Advanced Attacks
- Summary
Module 15 – Malware and Software Attacks
- Malware
- Virus
- More Malware
- Rootkits and Backdoors
- DDoS Attack Types
- Escalation of Privilege
- DDoS Issues
- DDoS
- Buffer Overflow Definition
- Overflow Illustration
- Buffer Overflows
- Mail Bombing
- E-Mail Links
- Phishing
- Spear Phishing
- Replay Attack
- Cross-Site Scripting Attack
- Timing Attacks
- More Advanced Attacks
- Summary
Module 16 – Business Continuity
- Phases of Plan
- Who Is Ready?
- Pieces of the BCP
- BCP Development
- Where Do We Start?
- Why Is BCP a Hard Sell to Management?
- Understanding the Organization
- Critical products and services
- Dependencies
- Supply chain
- Between departments
- Personnel
- Information
- Equipment
- Facilities
- BCP Committee
- BCP Risk Analysis
- Identify Vulnerabilities and Threats
- Categories
- How to Identify the Most Critical Company Functions
- Loss Criteria
- Interdependencies
- Identifying Functions’ Resources
- How Long Can the Company Be Without These Resources?
- Calculating MTD
- Recovery Point Objective
- Calculation of maximum data loss
- Determines backup strategy
- Defines the most current state of data upon recovery
- Recovery Strategies
- Based on the results of the BIA
- May be different for each department
- Must be less than MTD
- Sets the RTO
- What Items Need to Be Considered in a Recovery?
- Facility Backups – Hot Site
- Facility Backups – Warm Site
- Facility Backups – Cold Site
- Compatibility Issues with Offsite Facility
- Which Do We Use?
- Choosing Offsite Services
- Subscription Costs
- Choosing Site Location
- Other Offsite Approaches
- BCP Plans Commonly and Quickly Become Out of Date
- Summary
Module 17 – Disaster Recovery
- Proper Planning
- Executive Succession Planning
- Preventing a Disaster
- Preventive Measures
- Backup/Redundancy Options
- Disk Shadowing
- Backing Up Over Telecommunication
- Serial Lines
- HSM
- SAN
- Co-Location
- Other Options
- Review – Results from the BIA
- Review – Results from
- Recovery Strategy
- Now What?
- Priorities
- Plan Objectives
- Defining Roles
- The Plan
- Recovery
- Return to Normal Operations
- Environment
- Operational Planning
- Emergency Response
- Reviewing Insurance
- When Is the Danger Over?
- Now What?
- Testing and Drills
- Types of Tests to Choose From
- What Is Success?
- Summary
Module 18 – Incident Management, Law, and Ethics
- Seriousness of Computer Crimes
- Incidents
- Incident Management Priorities
- Incident Response Capability
- Incident Management Requires
- Preparing for a Crime Before It Happens
- Incident Response Phases
- Types of Law
- Foundational Concepts of Law
- Common Laws – Criminal
- Common Laws – Civil
- Common Laws – Administrative
- Intellectual Property Laws
- More Intellectual Property Laws
- Software Licensing
- Digital Millennium Copyright Act
- Historic Examples of Computer Crimes
- Who Perpetrates These Crimes?
- The Evolving Threat
- Types of Motivation for Attacks
- A Few Attack Types
- Telephone Fraud
- Identification Protection & Prosecution
- Computer Crime and Its Barriers
- Countries Working Together
- Security Principles for International Use
- Determine if a Crime Has Indeed Been Committed
- When Should Law Enforcement Get Involved?
- Citizen versus Law Enforcement Investigation
- Investigation of Any Crime
- Role of Evidence in a Trial
- General Rules for Evidence
- Evidence Requirements
- Evidence Collection Topics
- Chain of Custody
- How Is Evidence Processed?
- Evidence Types
- Hearsay Rule Exception
- Privacy of Sensitive Data
- Privacy Issues – U.S. Laws as Examples
- European Union Principles on Privacy
- Routing Data Through Different Countries
- Employee Privacy Issues
- Computer Forensics
- Trying to Trap the Bad Guy
- Companies Can Be Found Liable
- Sets of Ethics
- Ethics – mile2
- Ethics – Computer Ethics Institute
- Ethics – Internet Architecture Board
- GAISP- Generally Accepted Information Security Principles
Module 19 – Physical Security
- Physical Security – Threats
- Different Types of Threats & Planning
- Facility Site Selection
- Facility Construction
- Devices Will Fail
- Controlling Access
- Possible Threats
- External Boundary Protection
- Lock Types
- Facility Access
- Piggybacking
- Securing Mobile Devices
- Entrance Protection
- Perimeter Protection – Fencing
- Perimeter Protection – Lighting
- Perimeter Security – Security Guards
- Surveillance/Monitoring
- Types of Physical IDS
- Electro-Mechanical Sensors
- Volumetric Sensors
- Facility Attributes
- Electrical Power
- Problems with Steady Power Current
- Power Interference
- Power Preventive Measures
- Environmental Considerations
- Fire Prevention
- Automatic Detector Mechanisms
- Fire Detection
- Fire Types
- Suppression Methods
- Fire Extinguishers
- Fire Suppression
- Fire Extinguishers