CISSP Exam Preparation Boot Camp

All Prices Are in Candian Dollars

Price : CAD

$3,200.00 $2,500.00

Description

**NEW** CISSP preparation video

 

Summary

Students in this 5-day course will come away with a thorough understanding of IT Security through the perspective of ISC2 and the CISSP Common Body of Knowledge (CBK), and will be prepared to take the CISSP exam.

COURSE FORMAT:

Instructor-led classroom or live virtual

AUDIENCE
Professionals seeking comprehensive knowledge of security and/or CISSP certification:

  • Security Consultant
  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Security Architect
  • Security Analyst
  • Security Systems Engineer
  • Chief Information Security Officer
  • Director of Security
  • Network Architect

PREREQUISITES

  • There are no prerequisites to attend the seminar, however participants that plan to take the CISSP exam must meet mandatory experience requirements.  5 years of experience in 2 of the 10 domains.
  • Those without necessary experience can take Associate of ISC2 certification or C)ISSO Mile2 certification

STUDENT MATERIALS:

  • Course Manual
  • BONUS ***Electronic Prep guide to pass the CISSP exam. Kevin Henry (Author of both the Official ISC2 CISSP Book)
  • BONUS ***CBT video that covers the entire course. (Value $550)
  • C)ISSO Exam
  • C)ISSO prep test exam engine (Value $50)

CONTINUING PROFESSIONAL EDUCATION (CPEs):

  • This course can be submitted to (ISC)2, ISACA, SANS and other professional organizations that require CPE credits
  • 40 CPE credits are obtained by submitting a copy of your course completion certificate that we provide

UPON COMPLETION:

  • Have knowledge concerning the 10 CBK® Domains of the CISSP®
  • Ready to sit the CISSP® exam
  • Ready to sit for mile2’s C)ISSO exam

CISSP EXAM INFORMATION:

  • CISSP® Exam: The CISSP® is a 4 hour exam proctored by ISC2. You must have both industry experiences as well as have an acceptable passing score under ISC2 standards.
  • Exams are purchased and administered through Pearson VUE

 

C)ISSO EXAM INFORMATION:

  • C)ISSO exam voucher is provided at no additional expense.
  • The C)ISSO exam is taken online through mile2’s Assessment and Certification System “MACS”
  • C)ISSO exam is 2 hours long/100 questions.
  • C)ISSO is internationally accredited by the NSA CNSS* and is recognized by Canada’s Department of Defense.
  • C)ISSO pass information is provided immediately and each passing student will receive an official mile2 Certificate with the NSA CNSS logo (attached).
  • All passing C)ISSO student names are simultaneous loaded on the external facing student search button on mile2 to validate their certification.
  • All C)ISSO students will have a deeper understanding on DND’s Information Systems Management methodology.
  • *NSTISSI-4011 National Training Standard for Information Systems Security (INFOSEC)

LEARNING OBJECTIVES:

The CISSP course covers in detail, the following ten domains:

  • Access Control
  • Telecommunications and Network Security
  • Information Security Governance and Risk Management
  • Software Development Security
  • Cryptography
  • Security Architecture and Design
  • Operations Security
  • Business Continuity and Disaster Recovery Planning
  • Legal, Regulations, Investigations and Compliance
  • Physical (Environmental) Security

COURSE DETAILS (This course expands the 10 CBK® Domains to 19 bite-sized modules)
Module 0: Course Overview
Module 1: Security Management Practices
Module 2: Access Control
Module 3: Cryptography
Module 4: Physical Security
Module 5: Security Architecture & Modules
Module 6: Legal & Compliance
Module 7: Telecommunications & Network
Module 8: Business Continuity Objectives
Module 9: Application & System development
Module 10: Operations Security

(Expanded modules introduced in the C)ISSO)
Module 1: Risk Management
Module 2: Security Management
Module 3: Identification and Authentication
Module 4: Access Control
Module 5: Security Models and Evaluation Criteria
Module 6: Operations Security
Module 7: Symmetric Cryptography and Hashing
Module 8: Asymmetric Cryptography and PKI
Module 9: Network Connections
Module 10: Network Protocols and Devices
Module 11: Telephony, VPNs and Wireless
Module 12: Security Architecture and Attacks
Module 13: Software Development Security
Module 14: Database Security and System Development
Module 15: Malware and Software Attacks
Module 16: Business Continuity
Module 17: Disaster Recovery
Module 18: Incident Management, Law, and Ethics
Module 19: Physical Security

DETAILED DESCRIPTION

Module 1 – Risk Management

  • What Is the Value of an Asset?
  • What Is a Threat Source/Agent?
  • What Is a Threat?
  • What Is a Vulnerability?
  • Examples of Some Vulnerabilities that Are Not Always Obvious
  • What Is a Control?
  • What Is Likelihood?
  • What Is Impact?
  • Control Effectiveness
  • Risk Management
  • Purpose of Risk Management
  • Risk Assessment
  • Why Is Risk Assessment Difficult?
  • Types of Risk Assessment
  • Different Approaches to Analysis
  • Quantitative Analysis
  • ALE Values Uses
  • Qualitative Analysis – Likelihood
  • Qualitative Analysis – Impact
  • Qualitative Analysis – Risk Level
  • Qualitative Analysis Steps
  • Management’s Response to Identified Risks
  • Comparing Cost and Benefit
  • Cost of a Countermeasure

 

Module 2 – Security Management

  • Enterprise Security Program
  • Building A Foundation
  • Planning Horizon Components
  • Enterprise Security – The Business Requirements
  • Enterprise Security Program Components
  • Control Types
  • “Soft” Controls
  • Technical or Logical Controls
  • Physical Controls
  • Security Roadmap
  • Senior Management’s Role in Security
  • Negligence and Liability
  • Security Roles and Responsibilities
  • Security Program Components
  • Security and the Human Factors
  • Employee Management
  • Human Resources Issues
  • Importance to Security?
  • Recruitment Issues
  • Termination of Employment
  • Informing Employees
  • About Security
  • Enforcement
  • Security Enforcement Issues

 

Module 3 – Authentication

  • Agenda
  • Access Control Methodology
  • Access Control Administration
  • Accountability and Access Control
  • Trusted Path
  • Who Are You?
  • Authentication Mechanisms
  • Strong Authentication
  • Authorization
  • Access Criteria
  • Fraud Controls
  • Access Control Mechanisms
  • Agenda
  • Biometrics Technology
  • Biometrics Enrollment Process
  • Downfalls to Biometric Use
  • Biometrics Error Types
  • Biometrics Diagram
  • Biometric System Types
  • Agenda
  • Passwords and PINs
  • Password “Shoulds”
  • Password Attacks
  • Countermeasures for Password Cracking
  • Cognitive Passwords
  • One-Time Password Authentication
  • Agenda
  • Synchronous Token
  • Asynchronous Token Device
  • Cryptographic Keys
  • Passphrase Authentication
  • Memory Cards
  • Smart Card
  • Agenda
  • Single Sign-on Technology
  • Different Technologies
  • Scripts as a Single Sign-on Technology
  • Directory Services as a Single Sign-on Technology
  • Thin Clients
  • Kerberos as a Single Sign-on Technology
  • Tickets
  • Kerberos Components Working Together
  • Major Components of Kerberos
  • Kerberos Authentication Steps
  • Why Go Through All of this Trouble?
  • Issues Pertaining to Kerberos
  • SESAME as a Single Sign-on Technology
  • Federated Authentication
  • Agenda
  • IDS
  • Network IDS Sensors
  • Types of IDSs
  • Behavior-Based IDS
  • IDS Response Mechanisms
  • IDS Issues
  • Trapping an Intruder

 

Module 4 – Access Control

  • Role of Access Control
  • Definitions
  • More Definitions
  • Layers of Access Control
  • Layers of Access Controls
  • Access Control Mechanism Examples
  • Access Control Characteristics
  • Preventive Control Types
  • Control Combinations
  • Administrative Controls
  • Controlling Access
  • Other Ways of Controlling Access
  • Technical Access Controls
  • Physical Access Controls
  • Accountability
  • Information Classification
  • Information Classification Criteria
  • Declassifying Information
  • Types of Classification Levels
  • Models for Access
  • Discretionary Access Control Model
  • Enforcing a DAC Policy
  • Mandatory Access Control Model
  • MAC Enforcement Mechanism – Labels
  • Where Are They Used?
  • Role-Based Access Control (RBAC)
  • Acquiring Rights and Permissions
  • Rule-Based Access Control
  • Access Control Matrix
  • Access Control Administration
  • Access Control Methods
  • Remote Centralized Administration
  • RADIUS Characteristics
  • RADIUS
  • TACACS+ Characteristics
  • Diameter Characteristics
  • Decentralized Access
  • Control Administration

 

Module 5 – Security Models and Evaluation Criteria

  • System Protection– Reference Monitor
  • System Protection – Trusted Computing Base
  • Security Kernel Requirements
  • Security Modes of Operation
  • System Protection– Levels of Trust
  • System Protection– Process Isolation
  • System Protection – Layering
  • System Protection – Application Program Interface
  • System Protection- Protection Rings
  • What Does It Mean to Be in a Specific Ring?
  • Security Models
  • State Machine
  • Information Flow
  • Bell-LaPadula
  • Rules of Bell-LaPadula
  • Biba
  • Clark-Wilson Model
  • Non-interference Model
  • Brewer and Nash – Chinese Wall
  • Take-Grant Model
  • Trusted Computer System Evaluation Criteria (TCSEC)
  • TCSEC Rating Breakdown
  • Evaluation Criteria – ITSEC
  • ITSEC Ratings
  • ITSEC – Good and Bad
  • Common Criteria
  • Common Criteria Components
  • First Set of Requirements
  • Second Set of Requirements
  • Package Ratings
  • Common Criteria Outline
  • Certification vs. Accreditation

 

Module 6 – Operations Security

  • Operations Issues
  • Role of Operations
  • Administrator Access
  • Computer Operations – Systems Administrators
  • Security Administrator
  • Operational Assurance
  • Audit and Compliance
  • Some Threats to Computer Operations
  • Specific Operations Tasks
  • Product Implementation Concerns
  • Logs and Monitoring
  • Records Management
  • Change Control
  • Resource Protection
  • Contingency Planning
  • System Controls
  • Trusted Recovery
  • Fault-Tolerance Mechanisms
  • Duplexing, Mirroring, Check Pointing
  • Redundant Array of Independent Disks (RAID)
  • Fault Tolerance
  • Redundancy Mechanism
  • Backups
  • Backup Types
  • Remote Access
  • Facsimile Security
  • Email Security
  • Before Carrying Out Vulnerability Testing
  • Vulnerability Assessments
  • Methodology
  • Penetration Testing
  • Penetration Testing
  • Hack and Attack Strategies
  • Protection Mechanism – Honeypot
  • Threats to Operations
  • Data Leakage – Social Engineering
  • Data Leakage – Object Reuse
  • Object Reuse
  • Why Not Just Delete File or Format the Disk?
  • Data Leakage – Keystroke Logging
  • Data Leakage – Emanation
  • Controlling Data Leakage – TEMPEST
  • Controlling Data Leakage – Control Zone
  • Controlling Data Leakage – White Noise
  • Summary

 

Module 7 – Symmetric Cryptography and Hashing

  • Cryptography Objectives
  • Cryptographic Definitions
  • A Few More Definitions
  • Need Some More Definitions?
  • Symmetric Cryptography – Use of Secret Keys
  • Cryptography Uses Yesterday and Today
  • Historical Uses of Symmetric Cryptography
  • Historical Uses of Symmetric Cryptography – Scytale Cipher
  • Historical Uses of Symmetric Cryptography: Substitution Cipher
  • Caesar Cipher Example
  • Historical Uses of Symmetric Cryptography: Vigenere Cipher
  • Polyalphabetic Substitution
  • Vigenere Table Example
  • Example Continued
  • Historical Uses of Symmetric Cryptography: Enigma Machine
  • Historical Uses of Symmetric Cryptography: Vernam Cipher
  • Historical Uses of Symmetric Cryptography: Running Key and Concealment
  • One-Time Pad Characteristics
  • Binary Mathematical Function
  • Key and Algorithm Relationship
  • Why Does a 128-Bit Key Provide More Protection than a 64-Bit Key?
  • Ways of Breaking Cryptosystems – Brute Force
  • Ways of Breaking Cryptosystems – Frequency Analysis
  • Determining Strength in a Cryptosystem
  • Characteristics of Strong Algorithms
  • Open or Closed More Secure?
  • Types of Ciphers Used Today
  • Encryption/Decryption Methods
  • Type of Symmetric Cipher – Block Cipher
  • S-Boxes Used in Block Ciphers
  • Type of Symmetric Cipher – Stream Cipher
  • Encryption Process
  • Symmetric Characteristics
  • Sender and Receiver Must Generate the Same Keystream
  • They both must have the same key and IV
  • Strength of a Stream Cipher
  • Let’s Dive in Deeper
  • Symmetric Key Cryptography
  • Symmetric Key Management Issue
  • Symmetric Algorithm Examples
  • Symmetric Downfalls
  • Secret Versus Session Keys
  • Symmetric Ciphers We Will Dive Into
  • Symmetric Algorithms – DES
  • Evolution of DES
  • Block Cipher Modes – CBC
  • Different Modes of Block Ciphers – ECB
  • Block Cipher Modes – CFB and OFB
  • CFB and OFB Modes
  • Symmetric Cipher – AES
  • Other Symmetric Algorithms
  • Hashing Algorithms
  • Protecting the Integrity of Data
  • Data Integrity Mechanisms
  • Weakness in Using Only Hash Algorithms
  • More Protection in Data Integrity
  • MAC – Sender
  • MAC – Receiver
  • Security Issues in Hashing
  • Birthday Attack
  • Example of a Birthday Attack

 

Module 8 – Asymmetric Cryptography and PKI

  • Asymmetric Cryptography
  • Public Key Cryptography Advantages
  • Asymmetric Algorithm Disadvantages
  • Symmetric versus Asymmetric
  • Asymmetric
  • Asymmetric Algorithm – Diffie-Hellman
  • Asymmetric Algorithm – RSA
  • Asymmetric Algorithms – El Gamal and ECC
  • Example of Hybrid Cryptography
  • When to Use Which Key
  • Using the Algorithm Types Together
  • Digital Signatures
  • Digital Signature and MAC Comparison
  • What if You Need All of the Services?
  • U.S. Government Standard
  • Why Do We Need a PKI?
  • PKI and Its Components
  • CA and RA Roles
  • Let’s Walk Through an Example
  • Digital Certificates
  • What Do You Do with a Certificate?
  • Components of PKI – Repository and CRLs
  • Steganography
  • Key Management
  • Link versus End-to-End Encryption
  • End-to-End Encryption
  • E-mail Standards
  • Encrypted message
  • Secure Protocols
  • SSL and the OSI Model
  • SSL Hybrid Encryption
  • SSL Connection Setup
  • Secure E-mail Standard
  • SSH Security Protocol
  • Network Layer Protection
  • IPSec Key Management
  • Key Issues Within IPSec
  • IPSec Handshaking Process
  • SAs in Use
  • IPSec Is a Suite of Protocols
  • IPSec Modes of Operation
  • IPsec Modes of Operation
  • Attacks on Cryptosystems
  • More Attacks

 

Module 9 – Network Connections

  • Network Topologies– Physical Layer
  • Topology Type – Bus
  • Topology Type – Ring
  • Topology Type – Star
  • Network Topologies – Mesh
  • Summary of Topologies
  • LAN Media Access Technologies
  • One Goal of Media Access Technologies
  • Transmission Types – Analog and Digital
  • Transmission Types – Synchronous and Asynchronous
  • Transmission Types – Baseband and Broadband
  • Two Types of Carrier Sense Multiple Access
  • Transmission Types– Number of Receivers
  • Media Access Technologies – Ethernet
  • Media Access Technologies – Token Passing
  • Media Access Technologies – Polling
  • Cabling
  • Signal and Cable Issues
  • Cabling Types – Coaxial
  • Cabling Types – Twisted Pair
  • Types of Cabling – Fiber
  • Cabling Issues – Plenum-Rated
  • Types of Networks
  • Network Technologies
  • Network Technologies
  • Network Configurations
  • MAN Technologies – SONET
  • Wide Area Network Technologies
  • WAN Technologies Are Circuit or Packet Switched
  • WAN Technologies – ISDN
  • ISDN Service Types
  • WAN Technologies – DSL
  • WAN Technologies– Cable Modem
  • WAN Technologies– Packet Switched
  • WAN Technologies – X.25
  • WAN Technologies – Frame Relay
  • WAN Technologies – ATM
  • Multiplexing

 

Module 10 – Network Protocols and Devices

  • OSI Model
  • An Older Model
  • Data Encapsulation
  • OSI – Application Layer
  • OSI – Presentation Layer
  • OSI – Session Layer
  • Transport Layer
  • OSI – Network Layer
  • OSI – Data Link
  • OSI – Physical Layer
  • Protocols at Each Layer
  • Devices Work at Different Layers
  • Networking Devices
  • Repeater
  • Hub
  • Bridge
  • Switch
  • Virtual LAN
  • Router
  • Gateway
  • Bastion Host
  • Firewalls
  • Firewall – First line of defense
  • Firewall Types – Packet Filtering
  • Firewall Types – Proxy Firewalls
  • Firewall Types – Circuit-Level Proxy Firewall
  • Type of Circuit- Level Proxy – SOCKS
  • Firewall Types – Application-Layer Proxy
  • Firewall Types – Stateful
  • Firewall Types – Dynamic Packet-Filtering
  • Firewall Types – Kernel Proxies
  • Firewall Placement
  • Firewall Architecture Types – Screened Host
  • Firewall Architecture Types – Multi- or Dual-Homed
  • Firewall Architecture Types – Screened Subnet
  • IDS – Second line of defense
  • IPS – Last line of defense?
  • HIPS
  • Unified Threat Management
  • UMT Product Criteria
  • Protocols
  • TCP/IP Suite
  • Port and Protocol
  • Relationship
  • Conceptual Use of Ports
  • UDP versus TCP
  • Protocols – ARP
  • Protocols – ICMP
  • Protocols – SNMP
  • Protocols – SMTP
  • Protocols – FTP, TFTP, Telnet
  • Protocols – RARP and BootP
  • Network Service – DNS
  • Network Service – NAT

 

Module 11 – Telephony, VPNs and Wireless

  • PSTN
  • Remote Access
  • Dial-Up Protocols and Authentication
  • Protocols
  • Dial-Up Protocol – SLIP
  • Dial-Up Protocol – PPP
  • Authentication Protocols – PAP and CHAP
  • Authentication Protocol – EAP
  • Voice Over IP
  • Private Branch Exchange
  • PBX Vulnerabilities
  • PBX Best Practices
  • Virtual Private
  • Network Technologies
  • What Is a Tunnelling Protocol?
  • Tunnelling Protocols – PPTP
  • Tunnelling Protocols – L2TP
  • Tunnelling Protocols – IPSec
  • IPSec – Network Layer Protection
  • IPSec
  • IPSec
  • SSL/TLS
  • Wireless Technologies– Access Point
  • Standards Comparison
  • Wireless Network Topologies
  • Wi-Fi Network Types
  • Wireless Technologies – Access Point
  • Wireless Technologies – Service Set ID
  • Wireless Technologies – Authenticating to an AP
  • Wireless Technologies – WEP
  • WEP
  • Wireless Technologies –
  • More WEP Woes
  • Weak IV Packets
  • More WEP Weaknesses
  • How WPA Improves on WEP
  • How WPA Improves on WEP
  • TKIP
  • The WPA MIC Vulnerability
  • 802.11i – WPA2
  • WPA and WPA2 Mode Types
  • WPA-PSK Encryption
  • Wireless Technologies – WAP
  • Wireless Technologies – WTLS
  • Wireless Technologies – Common Attacks
  • Wireless Technologies – War Driving
  • Kismet
  • Wireless Technologies – Countermeasures
  • Network Based Attacks
  • ARP Attack
  • DDoS Issues
  • Man-in-the Middle
  • Traceroute Operation

 

Module 12 – Security Architecture and Attacks

  • ESA Definition…
  • What is Architecture?
  • Architecture Components
  • Key Architecture Concepts – Plan
  • Objectives of Security Architecture
  • Technology Domain Modeling
  • Integrated Security is Designed Security
  • Security by Design
  • Architectural Models
  • Virtual Machines
  • Cloud Computing
  • Memory Types
  • Virtual Memory
  • Memory Management
  • Accessing Memory Securely
  • Different States that Processes Work In
  • System Functionality
  • Types of Compromises
  • Disclosing Data in an Unauthorized Manner
  • Circumventing Access Controls
  • Attacks
  • Attack Type – Race Condition
  • Attack Type – Data Validation
  • Attacking Through Applications
  • How Buffers and Stacks Are Supposed to Work
  • How a Buffer Overflow Works
  • Attack Characteristics
  • Attack Types
  • More Attacks
  • Host Name Resolution Attacks
  • More Attacks (2)
  • Watching Network Traffic
  • Traffic Analysis
  • Cell Phone Cloning
  • Illegal Activities

 

Module 13 – Software Development Security

  • How Did We Get Here?
  • Device vs. Software Security
  • Why Are We Not Improving at a Higher Rate?
  • Usual Trend of Dealing with Security
  • Where to Implement Security
  • The Objective
  • Security of Embedded Systems
  • Development Methodologies
  • Maturity Models
  • Security Issues
  • OWASP Top Ten (2011)
  • Modularity of Objects
  • Object-Oriented Programming Characteristic
  • Module Characteristics
  • Linking Through COM
  • Mobile Code with Active Content
  • World Wide Web OLE
  • ActiveX Security
  • Java and Applets
  • Common Gateway Interface
  • How CGI Scripts Work
  • Cookies
  • PCI Requirements
  • Virtualization – Type 1
  • Virtualization – Type 2

 

Module 14 – Database Security and System Development

  • Database Model
  • Database Models – Hierarchical
  • Database Models – Distributed
  • Database Models – Relational
  • Database Systems
  • Database Models – Relational Components
  • Foreign Key
  • Database Component
  • Database Security Mechanisms
  • Database Data Integrity Controls
  • Add-On Security
  • Database Security Issues
  • Controlling Access
  • Database Integrity
  • Data Warehousing
  • Data Mining
  • Artificial Intelligence
  • Expert System Components
  • Artificial Neural Networks
  • Software Development Models
  • Project Development – Phases III, IV, and V
  • Project Development–Phases VI and VII
  • Verification versus Validation
  • Evaluating the Resulting Product
  • Controlling How Changes Take Place
  • Change Control Process
  • Administrative Controls
  • Malware
  • Virus
  • More Malware
  • Rootkits and Backdoors
  • DDoS Attack Types
  • Escalation of Privilege
  • Protect against privilege escalation
  • DDoS Issues
  • DDoS
  • Buffer Overflow Definition
  • Overflow Illustration
  • Mail Bombing
  • E-Mail Links
  • Phishing
  • Spear Phishing
  • Replay Attack
  • Cross-Site Scripting Attack
  • Timing Attacks
  • More Advanced Attacks
  • Summary

 

Module 15 – Malware and Software Attacks

  • Malware
  • Virus
  • More Malware
  • Rootkits and Backdoors
  • DDoS Attack Types
  • Escalation of Privilege
  • DDoS Issues
  • DDoS
  • Buffer Overflow Definition
  • Overflow Illustration
  • Buffer Overflows
  • Mail Bombing
  • E-Mail Links
  • Phishing
  • Spear Phishing
  • Replay Attack
  • Cross-Site Scripting Attack
  • Timing Attacks
  • More Advanced Attacks
  • Summary

 

Module 16 – Business Continuity

  • Phases of Plan
  • Who Is Ready?
  • Pieces of the BCP
  • BCP Development
  • Where Do We Start?
  • Why Is BCP a Hard Sell to Management?
  • Understanding the Organization
  • Critical products and services
  • Dependencies
  • Supply chain
  • Between departments
  • Personnel
  • Information
  • Equipment
  • Facilities
  • BCP Committee
  • BCP  Risk Analysis
  • Identify Vulnerabilities and Threats
  • Categories
  • How to Identify the Most Critical Company Functions
  • Loss Criteria
  • Interdependencies
  • Identifying Functions’ Resources
  • How Long Can the Company Be Without These Resources?
  • Calculating MTD
  • Recovery Point Objective
  • Calculation of maximum data loss
  • Determines backup strategy
  • Defines the most current state of data upon recovery
  • Recovery Strategies
  • Based on the results of the BIA
  • May be different for each department
  • Must be less than MTD
  • Sets the RTO
  • What Items Need to Be Considered in a Recovery?
  • Facility Backups – Hot Site
  • Facility Backups – Warm Site
  • Facility Backups – Cold Site
  • Compatibility Issues with Offsite Facility
  • Which Do We Use?
  • Choosing Offsite Services
  • Subscription Costs
  • Choosing Site Location
  • Other Offsite Approaches
  • BCP Plans Commonly and Quickly Become Out of Date
  • Summary

 

Module 17 – Disaster Recovery

  • Proper Planning
  • Executive Succession Planning
  • Preventing a Disaster
  • Preventive Measures
  • Backup/Redundancy Options
  • Disk Shadowing
  • Backing Up Over Telecommunication
  • Serial Lines
  • HSM
  • SAN
  • Co-Location
  • Other Options
  • Review – Results from the BIA
  • Review – Results from
  • Recovery Strategy
  • Now What?
  • Priorities
  • Plan Objectives
  • Defining Roles
  • The Plan
  • Recovery
  • Return to Normal Operations
  • Environment
  • Operational Planning
  • Emergency Response
  • Reviewing Insurance
  • When Is the Danger Over?
  • Now What?
  • Testing and Drills
  • Types of Tests to Choose From
  • What Is Success?
  • Summary

 

Module 18 – Incident Management, Law, and Ethics

  • Seriousness of Computer Crimes
  • Incidents
  • Incident Management Priorities
  • Incident Response Capability
  • Incident Management Requires
  • Preparing for a Crime Before It Happens
  • Incident Response Phases
  • Types of Law
  • Foundational Concepts of Law
  • Common Laws – Criminal
  • Common Laws – Civil
  • Common Laws – Administrative
  • Intellectual Property Laws
  • More Intellectual Property Laws
  • Software Licensing
  • Digital Millennium Copyright Act
  • Historic Examples of Computer Crimes
  • Who Perpetrates These Crimes?
  • The Evolving Threat
  • Types of Motivation for Attacks
  • A Few Attack Types
  • Telephone Fraud
  • Identification Protection & Prosecution
  • Computer Crime and Its Barriers
  • Countries Working Together
  • Security Principles for International Use
  • Determine if a Crime Has Indeed Been Committed
  • When Should Law Enforcement Get Involved?
  • Citizen versus Law Enforcement Investigation
  • Investigation of Any Crime
  • Role of Evidence in a Trial
  • General Rules for Evidence
  • Evidence Requirements
  • Evidence Collection Topics
  • Chain of Custody
  • How Is Evidence Processed?
  • Evidence Types
  • Hearsay Rule Exception
  • Privacy of Sensitive Data
  • Privacy Issues – U.S. Laws as Examples
  • European Union Principles on Privacy
  • Routing Data Through Different Countries
  • Employee Privacy Issues
  • Computer Forensics
  • Trying to Trap the Bad Guy
  • Companies Can Be Found Liable
  • Sets of Ethics
  • Ethics – mile2
  • Ethics – Computer Ethics Institute
  • Ethics – Internet Architecture Board
  • GAISP- Generally Accepted Information Security Principles

 

Module 19 – Physical Security

  • Physical Security – Threats
  • Different Types of Threats & Planning
  • Facility Site Selection
  • Facility Construction
  • Devices Will Fail
  • Controlling Access
  • Possible Threats
  • External Boundary Protection
  • Lock Types
  • Facility Access
  • Piggybacking
  • Securing Mobile Devices
  • Entrance Protection
  • Perimeter Protection – Fencing
  • Perimeter Protection – Lighting
  • Perimeter Security – Security Guards
  • Surveillance/Monitoring
  • Types of Physical IDS
  • Electro-Mechanical Sensors
  • Volumetric Sensors
  • Facility Attributes
  • Electrical Power
  • Problems with Steady Power Current
  • Power Interference
  • Power Preventive Measures
  • Environmental Considerations
  • Fire Prevention
  • Automatic Detector Mechanisms
  • Fire Detection
  • Fire Types
  • Suppression Methods
  • Fire Extinguishers
  • Fire Suppression
  • Fire Extinguishers
All search results