SANSFIRE 2014

Baltimore, MD | Sat, Jun 21 - Mon, Jun 30, 2014

Special Offer

Take advantage of SANS' CISSP Get Certified Program . Get Hands-on expert instruction, case studies, CISSP study guide, supplemental test questions and a free-training re-take if needed. Click here for more information.

MGT414: SANS® +S™ Training Program for the CISSP® Certification Exam

Updated Course / Content Notice

The MGT 414: SANS® +S™ Training Program for the CISSP® Certification Exam course includes materials to prepare students for the updates to the CISSP® exam that occurred in January 2012. The course is constantly updated to keep track with any changes and updates to the exam.

Overview

SANS® +S™ Training Program for the CISSP® Certification Exam is designed to prepare you to pass the exam. This course is an accelerated review course that assumes the student has a basic understanding of networks and operating systems and focuses solely on the ten domains of knowledge as determined by (ISC)2.

Each domain of knowledge is dissected into its critical components. Every component is discussed showing its relationship to each other and other areas of network security. After completion of the course the student will have a good working knowledge of the ten domains of knowledge.

Note: The CISSP® exam is NOT provided as part of the training.

Note: The GISP exam offered by GIAC is NOT the same as the CISSP® exam offered by (ISC)2.

External Product Notice:

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

Notice:

Over the past 4 years, 98% of all respondents, who studied our SANS® +S™ Training Program for the CISSP® Certification Exam and then took the exam passed; compared to a national average of around 70% for other prep courses.

Course Syllabus
Course Contents InstructorsSchedule
  MGT414.1: Introduction and Access Control Eric Conrad Mon Jun 23rd, 2014
9:00 AM - 7:00 PM
Overview

Learn the specific requirements needed to obtain the CISSP® certification. General security principles needed in order to understand the 10 domains of knowledge are covered in detail with specific examples in each area.

The first of 10 domains, Access Control, is discussed using real-world scenarios to illustrate the critical points. Access control which includes AAA (authentication, authorization and accountability) will be covered with an emphasis on controlling access to critical systems.

CPE/CMU Credits: 7

Topics

Overview of the CISSP® Certification

Introductory Material

  • Overview of the exam
  • What is required to become a CISSP®
  • Maintaining a CISSP®
  • Exam overview
  • Testing taking tips and tricks
  • Overview of the 10 domains

Domain 1: Access Controls

  • Controlling who can do what
  • What access control is
  • How access control relates to risk
  • Key terms and principles
  • Access Control Models
  • Threat modeling
  • Understanding weaknesses to access control
  • Measuring the effectiveness of access control
  • Audit review
  • Access provisioning lifecycle

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

 
  MGT414.2: Telecommunications and Network Security Eric Conrad Tue Jun 24th, 2014
8:00 AM - 7:00 PM
Overview

Understanding network communications is critical to building a solid foundation for network security. All aspects of network security will be examined to include routing, switches, key protocols and how they can be properly protected on the network. The telecommunications domain covers all aspects of communication and what is required to provide an infrastructure that has embedded security.

CPE/CMU Credits: 8

Topics

Domain 2: Telecommunications and Network Security

  • Key components of network security
  • Intrusion detection
  • Firewalls
  • Packet filtering
  • Stateful
  • Proxy
  • Network vulnerability scanning
  • Penetration testing
  • Security assessment
  • Methods of attack
  • Types of networks
  • LANS
  • MANS
  • WANS
  • Topologies
  • Physical
  • Bus
  • Ring
  • star
  • Logical
  • Ethernet
  • Token ring
  • FDDI
  • WAN technologies
  • VoIP
  • Remote Access
  • Virtual applications
  • Screen scraping
  • Multi-media applications
  • Network hardware
  • Wiring
  • Routers bridges
  • Switches
  • Hubs
  • Numbering systems
  • Binary
  • Octal
  • Decimal
  • Hex
  • Protocol stacks
  • OSI
  • TCP/IP
  • Multi-layer protocols
  • Network addresses
  • MAC
  • IPv4 and IPv6
  • VPNS
  • IPSEC
  • Virtual Machines

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

 
  MGT414.3: Information Security Governance, Risk Management, and Software Development Security Eric Conrad Wed Jun 25th, 2014
8:00 AM - 7:00 PM
Overview

In order to secure an organization, it is important to understand the critical components of network security and issues that are needed in order to manage security in an enterprise. Security is all about mitigating risk to an organization. The core areas and methods of calculating risk will be discussed.

In order to secure an application it is important to understand system engineering principles and techniques. Software development lifecycles (SDL) are examined, including examples of what types of projects are suited for different life cycles.

CPE/CMU Credits: 8

Topics

Domain 3: Information Security Governance & Risk Management

  • Data classification
  • Information lifecycle
  • Organizational processes and governance
  • Due care and due diligence
  • Managing security in the enterprise
  • Risk
  • Threat
  • Vulnerabilities
  • Counter measures-Dealing with risk
  • Accepting
  • Reducing
  • Eliminating
  • Transferring
  • Risk management questions
  • Risk models
  • Single Loss Expectancy (SLE)
  • Annualize Loss Expectancy (ALE)
  • Quantitative
  • Qualitative
  • Threat vectors
  • Outsider attack from network
  • Outsider attack from telephone
  • Insider attack from local network
  • Insider attack from local system
  • Attack from malicious code
  • Managing third party risk
  • Security documentation
  • Policy
  • Procedure
  • Standard
  • Baseline
  • Guidelines
  • Policy, training, and awareness

Domain 4: Software Development Security

  • Application controls
  • Client server applications
  • Distributed data processing
  • Modes of Operation
  • System high
  • Compartment
  • High-level security
  • Software Development Lifecycle (SDL) guidelines
  • Certification and accreditation
  • Application controls
  • Security controls
  • Development process
  • Software Lifecycle
  • Waterfall Model
  • Spiral Model
  • Top-Down Development
  • Bottom-Up Development
  • Hybrid Development
  • Rapid Prototyping Model
  • Object-Oriented Development
  • Agents
  • Case tools and software prototyping
  • Software Capability Maturity Model (CMM)
  • Software security effectiveness
  • Artificial Intelligence
  • Database technology

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

 
  MGT414.4: Cryptography and Security Architecture & Design Eric Conrad Thu Jun 26th, 2014
8:00 AM - 7:00 PM
Overview

Cryptography plays a critical role in the protection of information. Examples showing the correct and incorrect ways to deploy cryptography, and common mistakes made, will be presented. The three types of crypto systems are examined to show how they work together to accomplish the goals of crypto.

A computer consists of both hardware and software. Understanding the components of the hardware and how they interoperate with each other and the software is critical in order to implement proper security measures. We examine the different hardware components and how they interact to make a functioning computer.

CPE/CMU Credits: 8

Topics

Domain 5: Cryptography

  • History of Cryptography
  • Goals of cryptography
  • Confidentiality
  • Integrity
  • Authentication
  • Non-repudiation
  • Cryptography lifecycle
  • General encryption techniques
  • Ways to encrypt data
  • Stream
  • Block
  • Types of cryptography
  • Symmetric
  • Asymmetric
  • Hash
  • Diffie-Hellman key exchange
  • Key management and PKI
  • Real-world implementations for crypto
  • Kerberos
  • Digital substitution
  • Diffie-Hellman
  • PGP
  • SSL
  • Types of encryption algorithms
  • DES
  • Triple-DES
  • AES
  • RSA
  • MD5
  • SHA
  • Applications of cryptography
  • Data at rest
  • Data in transit
  • Key management
  • Types of crypto attacks
  • Steganography and digital watermarking

Domain 6: Security Architecture and Design

  • Hardware
  • Memory
  • Addressing
  • Storage types
  • Types of memory
  • CPU Terms
  • Pipelining
  • Complex Instruction Set Computer (CISC)
  • Reduced Instruction Set Computer (RISC)
  • Scalar processor
  • Superscalar processor
  • Multitasking
  • Multiprocessing
  • OS States
  • User
  • Privileged
  • OS Protection Mechanisms
  • Layering
  • Abstraction
  • Process isolation
  • Hardware segmentation
  • OS fundamentals
  • Single user
  • Multi user
  • Software languages
  • Software vulnerabilities and countermeasures
  • Network programming
  • API
  • Applets
  • System security evaluation
  • Certification and PCI

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

 
  MGT414.5: Security Operations and Business Continuity & Disaster Recovery Planning Eric Conrad Fri Jun 27th, 2014
8:00 AM - 7:00 PM
Overview

Non-technical aspects of security are just as critical as technical aspects. Security operations security focuses on the legal and managerial aspects of security and covers components such as background checks and non-disclosure agreements, which can eliminate problems from occurring down the road.

Business Continuity Planning (BCP) is examined, comparing the differences between BCP and Disaster Recovery Planning (DRP). A lifecycle model for BCP/DRP is covered giving scenarios of how each step should be developed.

CPE/CMU Credits: 8

Topics

Domain 7: Security Operations

  • Security operations
  • Legal requirements
  • Privacy and protection
  • Configuration management and change control
  • Non-disclosure agreement
  • Sensitivity markings
  • Control types
  • Directive controls
  • Preventive controls
  • Detective controls
  • Corrective controls
  • Recovery controls
  • Auditing
  • Reporting concepts and mechanisms
  • Roles and responsibilities
  • Incident response
  • System resilience

Domain 8: Business Continuity and Disaster Recovery Planning

  • Business Continuity Planning (BCP)
  • Disaster Recovery Planning (DRP)
  • Network security policy
  • Sample disasters
  • BCP-DRP Lifecycle
  • Business Impact Analysis (BIA)
  • Basic elements of continuity planning
  • Steps to building a plan
  • Project initiation
  • Risk analysis and reduction
  • Recovery strategies
  • Developing the continuity plan
  • Exercising and maintaining the plan
  • Training and awareness
  • Business Impact Analysis
  • Alternative sites
  • Hot sites
  • Warm sites
  • Cold sites
  • Hybrid
  • Mobile
  • Types of testing

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

 
  MGT414.6: Legal, Regulations, Investigations & Compliance, and Physical (Environmental) Security Eric Conrad Sat Jun 28th, 2014
8:00 AM - 5:00 PM
Overview

If you work in network security, understanding the law is critical during incident responses and investigations. The common types of laws are examined, showing how critical ethics are during any type of investigation.

If you do not have proper physical security, it doesn't matter how good your network security is; someone can still obtain access to sensitive information. In this section various aspects and controls of physical security are discussed.

CPE/CMU Credits: 7

Topics

Domain 9: Legal, Regulations, Investigations, and Compliance

  • Code of ethics
  • Types of law
  • Criminal
  • Civil
  • Regulatory
  • Computer security laws
  • International laws
  • Computer crime laws
  • Intellectual property rights
  • Legal liability
  • Investigation steps
  • Computer forensics
  • Rules of evidence
  • Embedding security into contracts and procurement
  • Advanced Persistent Threat APT

Domain 10: Physical (Environmental) Security

  • Significance of physical security
  • Personnel safety
  • Objectives
  • Safety
  • Counter-examples
  • Passwords
  • Disk encryption
  • Redundancy
  • Evacuation roles and procedures
  • Access control types
  • Deterrent
  • Preventive
  • Detective
  • Corrective
  • Preventing unauthorized access
  • Locks
  • Mantraps
  • Fences
  • CCTV
  • X-ray
  • Facility requirements
  • Technical controls
  • Environmental controls
  • Protection and securing of equipment
  • Biometrics

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

 
Additional Information
 
  Testimonial

"This is a must for anyone that is considering taking the CISSP® exam." - Leigh Lopez, CSUN

"This course breaks the huge CISSP study books down into manageable chunks, and helped me focus and identify weaknesses. The instructor's knowledge and teaching skills are excellent." - Jeff Jones, Constellation Energy Group

"This class focuses like a laser on the key concepts you will need to understand the CISSP exam. Do not struggle with thousand page text books - let this course be your guide!" - Carl Williams, Harris Corporation

"I have taken several CISSP prep courses in the last several years and this by far is the best. Finally I feel that I have the confidence to take the test. Thanks." - Jerry Carse, Sarum, LLC

 
  Who Should Attend
  • Security professionals who are interested in understanding the concepts covered in the CISSP® exam as determined by (ISC)2
  • Managers who want to understand the critical areas of network security
  • System, security, and network administrators who want to understand the pragmatic applications of the CISSP® 10 Domains
  • Security professionals and managers looking for practical ways the 10 domains of knowledge can be applied to the current job
  • In short, if you desire a CISSP®, or your job requires it, MGT414 is the training for you.
 
  You Will Be Able To
  • Understand the 10 domains of knowledge that are covered on the CISSP® exam
  • analyze questions on the exam and be able to select the correct answer
  • Apply the knowledge and testing skills learned in class to pass the CISSP® exam
  • Apply the skills learned across the 10 domains to solve security problems when you return back to work
  • Understand and explain all of the concepts covered in the in the 10 domains of knowledge

 

Author Statement

Author Statement

The CISSP® certification has been around for almost twenty years and covers security from a 30,000 foot view. CISSP® covers a lot of theoretical information that is critical for a security professional to understand. However, this material can be dry and since most students do not see the direct applicability to their jobs, they find it boring. The goal of this course is to bring the CISSP® 10 domains of knowledge to life. By explaining important topics with stories, examples, and case studies, the practical workings of this information can be discovered. I challenge you to attend the SANS CISSP® training course and find the exciting aspect of the ten domains of knowledge.

- Eric Cole