MGT414: SANS Training Program for CISSP® Certification

This class focuses like a laser on the key concepts you will need to understand the CISSP® exam. Do not struggle with thousand page textbooks. Let this course be your guide!
Carl Williams, Harris Corporation

I have taken several CISSP® prep courses in the last several years and this by far is the best. Finally I feel that I have the confidence to take the test. Thanks.
Jerry Carse, Sarum, LLC

Need training for the CISSP® exam?

SANS MGT414: SANS Training Program for CISSP® Certification is an accelerated review course that has been specifically updated to prepare you to pass the 2015 version of the CISSP® exam.

Course authors Eric Conrad and Seth Misenar have revised MGT414 to take into account the 2015 updates to the CISSP® exam and prepare students to navigate all types of questions included in the new version.

MGT414 focuses solely on the 8 domains of knowledge as determined by (ISC)2 that form a critical part of CISSP® exam. Each domain of knowledge is dissected into its critical components, and those components are then discussed in terms of their relationship with one another and with other areas of information security.

After completing the course students will have:

  • Detailed coverage of the 8 domains of knowledge
  • The analytical skills required to pass the CISSP® exam
  • The technical skills required to understand each question
  • The foundational information needed to become a Certified Information Systems Security Professional (CISSP®)

External Product Notice:

The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam. Please note as well that the GISP exam offered by GIAC is NOT the same as the CISSP® exam offered by (ISC)2.

Course Syllabus
Course Contents
  MGT414.1: Introduction; Security and Risk Management

The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

Overview

On the first day of training for the CISSP® exam, MGT414 introduces the specific requirements needed to obtain certification. The 2015 exam update will be discussed in detail. We will cover the general security principles needed to understand the 8 domains of knowledge, with specific examples for each domain. The first of the 8 domains, Security and Risk Management, is discussed using real-world scenarios to illustrate the critical points.

CPE/CMU Credits: 7

Topics

Overview of CISSP® Certification

Introductory Material

  • Overview of the exam
  • Focus of 2015 exam updates
  • What is required to become a CISSP®?
  • Maintaining a CISSP®
  • Exam overview
  • Test-taking tips and tricks

Overview of the 8 Domains

  • Domain 1: Security and Risk Management
  • Domain 2: Asset Security
  • Domain 3: Security Engineering
  • Domain 4: Communication and Network Security
  • Domain 5: Identity and Access Management
  • Domain 6: Security Assessment and Testing
  • Domain 7: Security Operations
  • Domain 8: Software Development Security

Domain 1: Security and Risk Management

  • Confidentiality, integrity and availability
  • Security governance principles
  • Compliance
  • Legal and regulatory Issues
  • Ethics
  • Business continuity requirements
  • Policies, standards, procedures, and guidelines
  • Risk management concepts
  • Threat modeling
  • Education, training, and awareness
 
  MGT414.2: Asset Security and Security Engineering (Part 1)

The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

Overview

Understanding asset security is critical to building a solid information security program. The Asset Security domain, the initial focus of today's course section, describes data classification programs, including those used by both governments/militaries and the private sector. We will also discuss ownership, covering owners ranging from business/mission owners to data and system owners. We will examine data retention and destruction in detail, including secure methods for purging data from electronic media. We then turn to the first part of the Security Engineering domain, including new topics for the 2015 exam such as the Internet of Things, Trusted Platform Modules, Cloud Security, and much more.

CPE/CMU Credits: 8

Topics

Domain 2: Asset Security

  • Data classification
  • Data owners
  • System owners
  • Business/Mission owners
  • Privacy
  • Data processors
  • Data remanence
  • Limitation on collection of sensitive data
  • Data retention
  • Data destruction
  • Baselines
  • Scoping and Tailoring

Domain 3: Security Engineering (Part 1)

  • Secure design principles
  • Security models
  • Controls and countermeasures
  • Virtualization
  • Trusted platform module
  • Applets
  • Database security
  • Cloud computing
  • SCADA
  • XML
  • OWASP
  • The Internet of Things
 
  MGT414.3: Security Engineering (Part 2); Communication and Network Security

The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

Overview

This section continues the discussion of the Security Engineering domain, including a deep dive into cryptography. The focus is on real-world implementation of core cryptographic concepts, including the three types of cryptography: symmetric, asymmetric, and hashing. Salts are discussed, as well as rainbow tables. We will round out Domain 3 with a look at physical security before turning to Domain 4, Communication and Network Security. The discussion will cover a range of protocols and technologies, from the Open Systems interconnection (OSI) model to storage area networks.

CPE/CMU Credits: 8

Topics

Domain 3: Security Engineering (Part 2)

  • Cryptography
    • Symmetric
    • Asymmetric
    • Hash
    • PKI
    • Digital signatures
    • Non-repudiation
    • Salts
    • Rainbow tables
    • Cryptanalysis
  • Facility design considerations
  • Physical security
    • Safety
    • Data center security
    • Handling evidence
    • HVAC
    • Fire prevention and suppression

Domain 4: Communication and Network Security

  • Network architecture
  • OSI model
  • TCP/IP
  • Mutilayer protocols
  • Storage protocols
    • NAS
    • FCoE
    • iSCSI
  • Voiceover IP
  • Software-defined networks
  • Wireless
    • 802.11
    • WPA and WPA2
  • Network devices
    • Switches
    • Routers
    • Firewalls
    • Proxies
  • Content distribution networks
  • Remote meeting technology
  • Telecommuting
  • Remote access and VPN
    • SSH
    • VPN
    • IPsec
    • SSL/TLS
  • Port isolation
  • VLANs
 
  MGT414.4: Identity and Access Management

The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

Overview

Controlling access to data and systems is one of the primary objectives of information security. Domain 5, Identity and Access Management, strikes at the heart of access control by focusing on identification, authentication, and authorization of accounts. Password-based authentication represents a continued weakness, so Domain 5 stresses multi-factor authentication, biometrics, and secure credential management. The 2015 CISSP® exam underscores the increased role of external users and service providers, and mastery of Domain 5 requires an understanding of federated identity, SSO, SAML, and third-party identity and authorization services like Oauth and OpenID.

CPE/CMU Credits: 8

Topics

Domain 5: Identity and Access Management

  • Physical and logical access
  • SSO
  • LDAP
  • Multi-factor authentication
  • Biometrics
  • Accountability
  • Session management
  • SAML
  • Credential management
  • Third-party identity services
  • Authorization mechanisms
    • MAC
    • DAC
    • Rule-based
    • RBAC
  • Provisioning
 
  MGT414.5: Security Assessment and Testing; Security Operations

The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

Overview

This course section covers Domain 6 (Security Assessment) and Domain 7 (Security Operations). Security Assessment covers types of security tests, testing strategies, and security processes. Security Operations covers investigatory issues, including eDiscovery, logging and monitoring, and provisioning. We will discuss cutting-edge technologies such as cloud, and we'll wrap up day five with a deep dive into disaster recovery.

CPE/CMU Credits: 8

Topics

Domain 6: Security Assessment

  • Assessment and test strategies
  • Security control testing
    • Vulnerability assessment
    • Penetration testing
    • Log reviews
    • Synthetic transactions
  • Security testing strategies
  • Security process
    • Account management
    • Management review
    • Training and awareness
    • Disaster recovery and business continuity
  • Internal and third-party audits

Domain 7: Security Operations

  • Investigations
    • Evidence collection and handling
    • Reporting and documenting
    • Forensics
  • Operational, criminal, civil, and regulatory investigations
  • eDiscovery
  • Logging and monitoring
    • Intrusion detection and prevention
    • SIEM
    • Continuous monitoring
    • Egress monitoring
  • Provisioning
    • Asset inventory
    • Configuration management
    • Physical, virtual, and cloud assets
    • SaaS
  • Security operations
    • Need-to-know and least privilege
    • Service-level agreements
  • Incident management
  • Firewalls
  • IDS and IPS
  • Honeypots and honeynets
  • Vulnerability management
  • Change management processes
  • Recovery strategies
  • Disaster recovery processes
  • Disaster recovery plans
 
  MGT414.6: Software Development Security

The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

Overview

Domain 8 (Software Development Security) describes the requirements for secure software. Security should be "baked in" as part of network design from day one, since it is always less effective when it is added later to a poor design. We will discuss classic development models, including waterfall and spiral methodologies. We will then turn to more modern models, including agile software development methodologies. New content for the 2015 CISSP® exam update will be discussed, including DevOps. We will wrap up 414.6 by discussing security vulnerabilities, secure coding strategies, and testing methodologies.

CPE/CMU Credits: 7

Topics

Domain 8: Software Development Security

  • Software development lifecycle
  • Software development methodologies
    • Waterfall
    • Spiral
    • Agile
  • Software capability maturity models
    • CMM
  • Change management
  • DevOps
  • Security vulnerabilities
    • Bounds checking
    • Input/output validation
    • Buffer overflow
    • Privilege escalation
  • Secure coding
  • Code repositories
  • Programming interfaces
  • Assessing software security
    • Black box testing
    • White box testing
    • Cramming
    • Fuzzing [1]

Click here to see the 2015 CISSP® exam outline: https://www.isc2.org/uploadedfiles/(isc)2_public_content/exam_outlines/cissp-exam-outline-april-2015.pdf

 
Additional Information
 
  Who Should Attend
  • Security professionals who want to understand the concepts covered in the CISSP® exam as determined by (ISC)2.
  • Managers who want to understand the critical areas of information security.
  • System, security, and network administrators who want to understand the pragmatic applications of the CISSP® 8 domains.
  • Security professionals and managers looking for practical ways to apply the 8 domains of knowledge to their current activities.

In short, if you desire a CISSP®, or your job requires it, MGT414 is the training for you.

 
  What You Will Receive

Students will receive with this class:

  • Course books for each of the 8 domains
  • 320 questions to test knowledge and preparation for each domain
  • MP3 audio files of the complete course lecture
 
  You Will Be Able To
  • Understand the 8 domains of knowledge that are covered on the CISSP® exam.
  • Analyze questions on the exam and be able to select the correct answer.
  • Apply the knowledge and testing skills learned in class to pass the CISSP® exam.
  • Understand and explain all of the concepts covered in the 8 domains of knowledge.
  • Apply the skills learned across the 8 domains to solve security problems when you return to work.
 
  Press & Reviews

"This course breaks the huge CISSP® study books down into manageable chunks, and helped me focus and identify weaknesses. The instructor's knowledge and teaching skills are excellent." - Jeff Jones, Constellation Energy Group

"This is a must for anyone who is considering taking the CISSP® exam" - Leigh Lopez, CSUN

"This class focuses like a laser on the key concepts you will need to understand the CISSP® exam. Do not struggle with thousand page textbooks. Let this course be your guide!" - Carl Williams, Harris Corporation

"I have taken several CISSP® prep courses in the last several years and this by far is the best. Finally I feel that I have the confidence to take the test. Thanks." - Jerry Carse, Sarum, LLC

 

Author Statement

The CISSP® certification has been around for almost 20 years and covers security from a 30,000 foot view. CISSP® covers a lot of theoretical information that is critical for a security professional to understand. However, this material can be dry, and since most students do not see the direct applicability to their jobs, they find it boring. The goal of this course is to bring the 8 domains of knowledge of the CISSP® to life. The practical workings of this information can be discovered by explaining important topics with stories, examples, and case studies. I challenge you to attend the SANS CISSP® training course and find the exciting aspect of the 8 domains of knowledge!

- Eric Cole

Additional Resources

Take your learning beyond the classroom. Explore our site network for additional resources related to this course's subject matter.

*CPE/CMU credits not offered for the SelfStudy delivery method

Online options available. Train from any location.
Type
Topic
Course
/ Location
/ Instructor
Date
Register

vLive
Management
Online
Sep 8, 2015 -
Oct 14, 2015
 

vLive
Management
Online
Dec 7, 2015 -
Jan 27, 2016
 

Private Training
All Private Training Course of Your Choice Your Choice  

*Course contents may vary depending upon location, see specific event description for details.