CISSP 2012 Certification Curriculum Outline
CISSP 2012 Domain: Access Control
Overview/DescriptionThis course focuses on the need for access control mechanisms to secure an organizations network and minimize its vulnerability to attacks or intrusion. It covers various access control models, techniques, mechanisms, and methodologies. You will learn about the latest in authentication strategies and intrusion detection and prevention techniques. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains. The CISSP credential certifies student expertise in ten different knowledge domains.
Target AudienceMid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers
Expected Duration (hours)2.0
Lesson Objectives CISSP 2012 Domain: Access Control
Identify the types of access control technologies used in a networking environment Identify critical activities related to information classification Identify knowledge-based authentication technologies Identify characteristics-based authentication technologies Recognize how single sign-on systems (SSOs) are used for authentication Recognize how one-time passwords (OTPs) and smart cards are used for authentication Recognize ways of securing passwords Identify different types of attack against passwords and password files Determine the appropriate type of authentication to implement in a given enterprise scenario Evaluate given passwords Recognize appropriate access control models given a scenario Identify the features of the DAC and MAC access control models Recognize how different types of access control technique control access to resources Identify the advantages and disadvantages of centralized and decentralized identity management systems Identify intrusion detection system (IDS) mechanisms and implementation methods Identify intrusion detection and prevention techniques Determine the most appropriate access control model to implement in a given scenario Recognize access control and intrusion detection techniques Course Number:
sp_cpte_a01_it_enus Back to ListCISSP 2012 Domain: Telecommunications and Network Security
Overview/DescriptionAccess to a companys resources through unauthorized means is the number one goal of most attackers. The security professional must understand the proper countermeasures in order to stop attacks on e-mail systems, over the network, and on the PBX. This course discusses the transport mechanisms, structures, and security measures used to ensure availability, confidentiality, integrity, and authentication over both public and private networks. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.
Target AudienceThe CISSP credential is ideal for mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers.
Expected Duration (hours)3.5
Lesson Objectives CISSP 2012 Domain: Telecommunications and Network Security
Recognize the components of a network infrastructure Identify the key features of firewall technologies Identify the characteristics of TCP/IP Match the layers of the OSI model to their functions Recognize how specific network attack techniques operate Propose a high level security solution for a given scenario Define how networks interact Specify the type of cable to use in a given scenario Recognize LAN transmission considerations Identify network topology characteristics Recognize features of media access technologies Classify statements as characteristics of either synchronous and asynchronous communications Recognize LAN and WAN specific devices and technologies Match the technologies used by packet-switched networks to their descriptions Match the remote access protocols to their functions Identify the characteristics of Ethernet Recognize how data is transmitted in Token Ring networks Recognize the characteristics of the network communications mechanisms and technologies used in an enterprise environment Identify currently available VPN protocols Specify the most appropriate network components for a given scenario Propose a network communication solution for a given scenario Match the network protocols to their descriptions Recognize how transport layer mechanisms secure network data Recognize how different technologies are used to protect data at the application layer Identify how to secure network communications in a given scenario Distinguish between the technologies that secure the transport and application layers Course Number:
sp_cpte_a02_it_enus Back to ListCISSP 2012 Domain: Information Security Governance and Risk Management
Overview/DescriptionInformation Security Governance and Risk Management is an all encompassing domain that the information security professional must constantly be aware of. This course examines the frameworks and planning structures used to make sure that information assets are protected within an organization. This course also examines the governance, organizational structures and cultures, and the awareness training that should be imparted to employees at all levels. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.
Target AudienceMid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers
Expected Duration (hours)2.5
Lesson Objectives CISSP 2012 Domain: Information Security Governance and Risk Management
Recognize responsibilities related to information security risk management Match information security principles with examples of controls used to apply them Match the components of a policy framework with their corresponding descriptions Identify methodological frameworks for implementing and auditing security controls Identify methodological frameworks for performing information security risk assessment Distinguish between the results of qualitative and quantitative risk assessments Match stages of the risk assessment process with corresponding descriptions Label examples of actions taken by a company in response to a risk as either avoidance, transfer, mitigation, or acceptance Recognize the appropriate application of risk management concepts Distinguish between risk assessment and control methodologies Identify responsibilities of an Information Security Officer Recognize the advantages and disadvantages of various reporting models Recognize how various personnel security strategies work to minimize employee risk Recognize strategies for implementing information security training Recognize the topics a computer ethics program should address Match common computer ethics fallacies to the corresponding correct views Recognize the ethical principles that all information security professionals should apply as they do their jobs Recognize how to handle organizational issues Recognize appropriate actions to implement security awareness training in your organization Recognize ethical principles that all information security professionals must apply Course Number:
sp_cpte_a03_it_enus Back to ListCISSP 2012 Domain: Cryptography
Overview/DescriptionCryptography has been used for thousands of years to secure messages, identities, vital information, and communications mechanisms. This course covers the invention of cryptography, the use of algorithms and ciphers, and the secure mechanisms used for message authentication and certificate authority. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.
Target AudienceMid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers
Expected Duration (hours)2.0
Lesson Objectives CISSP 2012 Domain: Cryptography
Define key cryptographic terms Identify the characteristics of quantum cryptography Match symmetric key algorithms to their corresponding descriptions Distinguish between types of asymmetric algorithms Determine the appropriate use for a given message format Recognize types of ciphers Match types of cryptanalytic attack with their corresponding descriptions Distinguish between types of algorithms, message formats, ciphers, and cryptanalytic attacks Determine the appropriate cryptography implementation for a given scenario Determine the appropriate hash algorithm to use in a given scenario Recognize characteristics of message authentication codes Identify the characteristics of digital signatures Identify guidelines for key management and distribution Identify characteristics of the XKMS Recognize the appropriate application of the split knowledge method of key management Recognize methods of key distribution Determine the appropriate hashing algorithm to use in a given scenario Evaluate the actions of an individual who is practicing key management Recognize examples of key management methods Course Number:
sp_cpte_a05_it_enus Back to ListCISSP 2012 Domain: Operations Security
Overview/DescriptionIn todays enterprise environment, security operations takes on many faces, but always comes back to making sure that all aspects of the operation of an enterprise environment are secured and functioning correctly. This course delves into the mechanisms used to track security threats, resource protection, and securing the enterprise environment. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.
Target AudienceMid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers
Expected Duration (hours)2.5
Lesson Objectives CISSP 2012 Domain: Operations Security
Recognize the activities involved in securing the operations of an enterprise Classify audit measures as either internal or external Identify the technologies used to maintain resource availability Match the attack type to their potential effects Recognize different approaches to securing operations Identify how audit trails can be used in operations security Differentiate between monitoring tools and techniques Define a strategy for securing and maintaining resources for a given scenario Secure enterprise operations against network violations for a given scenario Identify approaches to examining operations security Identify the reasons for resource protection Distinguish between e-mail protocols Recognize different types of e-mail vulnerability Recognize security issues associated with the web interfacing Identify the characteristics of technologies for transferring and sharing files over the Internet Match the reconnaissance methods to their descriptions Identify the key considerations involved in implementing administrative controls Specify how to secure media and media storage devices Specify the reasons resource and e-mail should be secure Propose safer file sharing practices for a given scenario Determine how to secure media in a given scenario Course Number:
sp_cpte_a07_it_enus Back to ListCISSP 2012 Domain: Business Continuity and Disaster Recovery Planning
Overview/DescriptionBusiness continuity is an essential part of any enterprise. When a disaster occurs, it is imperative that a company be prepared, and has policies and people in place to step in and restore normal business operations. This course discusses the processes that are used to create a business continuity and disaster recovery plan and strategies for critical resource recovery. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.
Target AudienceMid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers
Expected Duration (hours)1.5
Lesson Objectives CISSP 2012 Domain: Business Continuity and Disaster Recovery Planning
Identify activities that occur during the project initiation phase of business continuity planning Recognize considerations for business continuity and disaster recovery planning Perform a business impact analysis on given business functions Recognize key considerations when conducting a business impact analysis Conduct activities related to initiating a project to plan a business continuity and disaster recovery program Perform the steps of a business impact analysis given a scenario Recognize the considerations that are weighed when determining an appropriate recovery strategy Match recovery strategies for business operations to corresponding descriptions Match recovery strategies for technology environments to corresponding descriptions Recognize the components of a business continuity and disaster recovery plan Match test types to their corresponding purposes Determine the appropriate recovery strategy, given a scenario Recognize elements of a business continuity and disaster recovery plan Course Number:
sp_cpte_a08_it_enus Back to ListCISSP 2012 Domain: Legal, Regulations, Investigations, and Compliance
Overview/DescriptionComputer crime is a major area of concern for everyone from the standard end user to the enterprise environment. Government agencies and corporate groups have come together to create rules and laws that deal with computer crimes and how perpetrators should be dealt with. This course brings together different aspects of computer crime, such as types of crime, laws to deal with crimes, and the ethics that must be used when investigating crime. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.
Target AudienceMid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers
Expected Duration (hours)2.0
Lesson Objectives CISSP 2012 Domain: Legal, Regulations, Investigations, and Compliance
Distinguish between the major categories of computer crime Match examples of categories of computer crime to their descriptions Recognize the characteristics of various computer-related crimes Match the type of intellectual property law that applies to a given scenario Match categories of law to their descriptions Identify laws related to information security and privacy Categorize laws according to the computer crime they protect against Determine what type of computer crime has been committed in a given scenario Specify the law that protects against a computer crime in a given scenario Identify definitions of due care and due diligence Recognize the characteristics of computer crime investigations Recognize the investigative considerations involved in dealing with computer crime Differentiate between ethics and ethical fallacies Determine the appropriate processes for investigating a computer-related crime in a given scenario Course Number:
sp_cpte_a09_it_enus Back to ListCISSP 2012 Domain: Physical (Environment) Security
Overview/DescriptionPhysical security is the foundation for all networking security mechanisms. Unless a network is physically secure from threats, all other types of security can be negated. This course focuses on the need for, and implementation of physical security and how it is used as an all encompassing backbone for enterprise security. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.
Target AudienceMid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers
Expected Duration (hours)2.0
Lesson Objectives CISSP 2012 Domain: Physical (Environment) Security
Recognize threats to an organizations physical security Identify the components of a layered defense system Identify perimeter security mechanisms Identify the physical security considerations when designing or building a facility Match the CPTED strategies to their descriptions Propose a security solution for a given scenario Determine the design measures that can be taken to increase facility security for a given scenario Identify the mechanisms and controls for securing building services Match the technologies used by an IDS to their descriptions Select the most appropriate intrusion detection technology for a scenario Identify the characteristics of a compartmentalized area Specify an appropriate strategy for securing compartmentalized areas in a given scenario Recognize the features of physical security elements Identify the fundamental considerations involved in key control Determine the best approach to securing building services for a given scenario Identify how to secure a facility and its contents in a given scenario Recognize how to implement an effective physical barrier as a security measure Course Number:
sp_cpte_a10_it_enus Back to ListCISSP 2012 Domain: Software Development Security
Overview/DescriptionPoorly written systems or applications can allow an attacker to exploit coding errors and thus interrupt the orderly processes of the system or application. This course discusses methods to increase the security of operating system and application development and thwart attacker attempts to manipulate source code. It also covers application and database development models such as the SDLC and how choosing the right model supports security. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.
Target AudienceMid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers
Expected Duration (hours)2.0
Lesson Objectives CISSP 2012 Domain: Software Development Security
Match issues related to software development with corresponding ways in which they create security vulnerabilities Recognize types of attacks used in the enterprise environment Determine the appropriate methods to counteract a given attack Match types of computer attacks to their corresponding countermeasures Match types of malicious code to their corresponding descriptions Recognize the purpose of software forensics Match types of antivirus software with their corresponding descriptions Recognize the type of attack being perpetrated in a given scenario Determine the appropriate steps to counteract a given attack Recognize the characteristics of knowledge-based systems Determine the appropriate development model to use for a given software development project Distinguish between various database models and technologies Recognize the software development phase a given project team is in Determine the appropriate development model to use for a given software development project Select the appropriate database model for a given set of criteria Course Number:
sp_cpte_a04_it_enus Back to ListCISSP 2012 Domain: Security Architecture and Design
Overview/DescriptionComputer administrators have a variety of mechanisms that can be used to secure modern enterprise environments. Several access control standards and models have been created by the international community to secure both personnel access and information recovery within an enterprise environment. This course examines hardware and software systems, memory storage types, security models, and security controls. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.
Target AudienceMid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers
Expected Duration (hours)2.5
Lesson Objectives CISSP 2012 Domain: Security Architecture and Design
Recognize the components of a basic information system architecture Identify the considerations involved in implementing security architecture Recognize key CPU operational factors involved in secure addressing Match system operating states to their descriptions Differentiate between machine types Identify the purpose of the resource manager Classify memory types as either RAM or ROM Match storage types to their descriptions Plan a secure computer network Determine the network resources required for a given scenario Match the phases of the evaluation process to their descriptions Recognize the essential features of operating system protection Match the access control mechanism to its description Recognize the methods used to evaluate security in a networking environment Identify the key features of security models Match key peer-to-peer security issues with their descriptions Describe the main security issues associated with grid computing Describe the key challenges related to securing data in the cloud Identify the questions a potential user of cloud data storage needs to ask when conducting a risk assessment Propose an operating system security solution for a given scenario Evaluate security in a networking environment Determine the appropriate security model for a given scenario Describe the security challenges presented by distributed systems Course Number:
sp_cpte_a06_it_enus Back to List
(ISC)2 CISSP 2012 Certification
(Certified Information Systems Security Professional)
If you plan to build a career in information security – one of today’s most visible professions – and if you have at least five full
years of experience in information security, then the CISSP® credential should be your next career goal.
ISC2 certification validates the latest skills needed by today's computer security professionals.
It is an international, vendor-neutral certification recognized by major hardware and software vendors, distributors and resellers. The
CISSP course provides you with the knowledge and skills to pass the CISSP certification, after which
you'll have the ability to manage, operate, develop and plan an effective network security infrastructure.
Benefits of CBT Direct’s Online (ISC)2 CISSP Certification Training
CBT Direct boasts the most beneficial online certification training on the market. With online training, you have the flexibility
to study on your schedule, and with the speed and reliability of the internet, CBT Direct’s (ISC)2
CISSP training course is accessible anywhere you have an internet connection. Convenience finally costs less with CBT Direct – the
most affordable online training solution today.
The unique design of CBT Direct’s (ISC)2 CISSP certification course incorporates a proven four-step
learning process: presentation, demonstration, guidance and independent practice. This four-step proven learning model for CBT Direct’s
(ISC)2 CISSP training course ensures the greatest level of retention to prepare you for your
(ISC)2 CISSP certification exam.
CBT Direct also offers online mentoring for over 100 current major certification exams, including (ISC)2
CISSP, for IT professionals and end-users alike. CBT Direct’s mentors have a minimum of 20 certifications each and are
available 24/7*.
* Available for most courses.
Who Benefits from CBT Direct’s (ISC)2 CISSP Training?
This training would be beneficial for individuals looking for IT job positions such as; Network Administrator, Windows Administrator,
Windows System Engineer, Linux Administrator, Network Security Specialist, Information Security Manager or Chief Security Officer.
What Professionals Will Learn from CBT Direct’s (ISC)2 CISSP Training
(ISC)2 CISSP Certification Exam:
The CISSP was the first credential in the field of information security, accredited by the ANSI (American National Standards Institute)
to ISO (International Standards Organization) Standard 17024:2003. CISSP certification is not only an objective measure of excellence,
but a globally recognized standard of achievement. Click here to see a detailed curriculum outline.
The chart below indicates what mentoring services are available.
CISSP | ISC2 CISSP 2012 (Certified Information Systems Security Professional) | ü | | ü |
Chart definitions:
24x7
Live Chat available 24x7.
Email My Mentor included with a guaranteed 6 hour response time.
Daily E-mail with select courses; requires student activation.
Test Prep if available.
9-5
Live Chat available 9-5 EST M-F.
Email My Mentor included with a guaranteed 6 hour response time between 9-5 EST M-F,
otherwise within 24 hours.
Daily E-mail with select courses; requires student activation.
Test Prep if available.
Tier 3
No live chat.
Email Support with a guaranteed 24 hour response time.
Daily E-mail with select courses; requires student activation.
Test Prep if available.
Click to see a detailed description of the mentoring services.
CISSP Prerequisites
To sit for the CISSP examination, a candidate must:
- Sign up for the examination date and location
- Submit the examination fee
- Assert that he or she possesses a minimum of five years of professional experience in the information security field or four years plus a college degree. Or, an Advanced Degree in Information Security from a National Center of Excellence or the regional equivalent can substitute for one year towards the five-year requirement.
- Complete the Examination Agreement, attesting to the truth of his or her assertions regarding professional experience, and legally committing to the adherence of the (ISC)²Code of Ethics
- Successfully answer four questions regarding criminal history and related background
Click Here for CISSP Facts.
Click on the link(s) to view curriculum outline.
(ISC)2 CISSP 2012 Certification Exam