2 days to save $500 for SANS San Diego 2013

vLive MGT414 Session

Mon Feb 24 - Wed Apr 9, 2014

Special Offer

Take advantage of SANS CISSP Get Certified Program . Get Hands-on expert instruction, case studies, CISSP study guide, supplemental test questions and a free-training re-take if needed. Click here for more information.

SANS +S Training Program for the CISSP® Certification Exam

Updated Course / Content Notice

The MGT 414: SANS® +S™ Training Program for the CISSP® Certification Exam course includes materials to prepare students for the updates to the CISSP® exam that occurred in January 2012. The course is constantly updated to keep track with any changes and updates to the exam.

Overview

SANS® +S™ Training Program for the CISSP® Certification Exam is designed to prepare you to pass the exam. This course is an accelerated review course that assumes the student has a basic understanding of networks and operating systems and focuses solely on the ten domains of knowledge as determined by (ISC)2.

Each domain of knowledge is dissected into its critical components. Every component is discussed showing its relationship to each other and other areas of network security. After completion of the course the student will have a good working knowledge of the ten domains of knowledge.

Note: The CISSP® exam is NOT provided as part of the training.

Note: The GISP exam offered by GIAC is NOT the same as the CISSP® exam offered by (ISC)2.

External Product Notice:

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

Notice:

Over the past 4 years, 98% of all respondents, who studied our SANS® +S™ Training Program for the CISSP® Certification Exam and then took the exam passed; compared to a national average of around 70% for other prep courses.

Course Syllabus
Course Contents
  MGT414.1: Introduction and Access Control
Overview

Learn the specific requirements needed to obtain the CISSP® certification. General security principles needed in order to understand the 10 domains of knowledge are covered in detail with specific examples in each area.

The first of 10 domains, Access Control, is discussed using real-world scenarios to illustrate the critical points. Access control which includes AAA (authentication, authorization and accountability) will be covered with an emphasis on controlling access to critical systems.

CPE/CMU Credits: 7

Topics

Overview of the CISSP® Certification

Introductory Material

  • Overview of the exam
  • What is required to become a CISSP®
  • Maintaining a CISSP®
  • Exam overview
  • Testing taking tips and tricks
  • Overview of the 10 domains

Domain 1: Access Controls

  • Controlling who can do what
  • What access control is
  • How access control relates to risk
  • Key terms and principles
  • Access Control Models
  • Threat modeling
  • Understanding weaknesses to access control
  • Measuring the effectiveness of access control
  • Audit review
  • Access provisioning lifecycle

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.
 
  MGT414.2: Telecommunications and Network Security
Overview

Understanding network communications is critical to building a solid foundation for network security. All aspects of network security will be examined to include routing, switches, key protocols and how they can be properly protected on the network. The telecommunications domain covers all aspects of communication and what is required to provide an infrastructure that has embedded security.

CPE/CMU Credits: 8

Topics

Domain 2: Telecommunications and Network Security

  • Key components of network security
  • Intrusion detection
  • Firewalls
  • Packet filtering
  • Stateful
  • Proxy
  • Network vulnerability scanning
  • Penetration testing
  • Security assessment
  • Methods of attack
  • Types of networks
  • LANS
  • MANS
  • WANS
  • Topologies
  • Physical
  • Bus
  • Ring
  • star
  • Logical
  • Ethernet
  • Token ring
  • FDDI
  • WAN technologies
  • VoIP
  • Remote Access
  • Virtual applications
  • Screen scraping
  • Multi-media applications
  • Network hardware
  • Wiring
  • Routers bridges
  • Switches
  • Hubs
  • Numbering systems
  • Binary
  • Octal
  • Decimal
  • Hex
  • Protocol stacks
  • OSI
  • TCP/IP
  • Multi-layer protocols
  • Network addresses
  • MAC
  • IPv4 and IPv6
  • VPNS
  • IPSEC
  • Virtual Machines

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.
 
  MGT414.3: Information Security Governance, Risk Management, and Software Development Security
Overview

In order to secure an organization, it is important to understand the critical components of network security and issues that are needed in order to manage security in an enterprise. Security is all about mitigating risk to an organization. The core areas and methods of calculating risk will be discussed.

In order to secure an application it is important to understand system engineering principles and techniques. Software development lifecycles (SDL) are examined, including examples of what types of projects are suited for different life cycles.

CPE/CMU Credits: 8

Topics

Domain 3: Information Security Governance & Risk Management

  • Data classification
  • Information lifecycle
  • Organizational processes and governance
  • Due care and due diligence
  • Managing security in the enterprise
  • Risk
  • Threat
  • Vulnerabilities
  • Counter measures-Dealing with risk
  • Accepting
  • Reducing
  • Eliminating
  • Transferring
  • Risk management questions
  • Risk models
  • Single Loss Expectancy (SLE)
  • Annualize Loss Expectancy (ALE)
  • Quantitative
  • Qualitative
  • Threat vectors
  • Outsider attack from network
  • Outsider attack from telephone
  • Insider attack from local network
  • Insider attack from local system
  • Attack from malicious code
  • Managing third party risk
  • Security documentation
  • Policy
  • Procedure
  • Standard
  • Baseline
  • Guidelines
  • Policy, training, and awareness

Domain 4: Software Development Security

  • Application controls
  • Client server applications
  • Distributed data processing
  • Modes of Operation
  • System high
  • Compartment
  • High-level security
  • Software Development Lifecycle (SDL) guidelines
  • Certification and accreditation
  • Application controls
  • Security controls
  • Development process
  • Software Lifecycle
  • Waterfall Model
  • Spiral Model
  • Top-Down Development
  • Bottom-Up Development
  • Hybrid Development
  • Rapid Prototyping Model
  • Object-Oriented Development
  • Agents
  • Case tools and software prototyping
  • Software Capability Maturity Model (CMM)
  • Software security effectiveness
  • Artificial Intelligence
  • Database technology

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.
 
  MGT414.4: Cryptography and Security Architecture & Design
Overview

Cryptography plays a critical role in the protection of information. Examples showing the correct and incorrect ways to deploy cryptography, and common mistakes made, will be presented. The three types of crypto systems are examined to show how they work together to accomplish the goals of crypto.

A computer consists of both hardware and software. Understanding the components of the hardware and how they interoperate with each other and the software is critical in order to implement proper security measures. We examine the different hardware components and how they interact to make a functioning computer.

CPE/CMU Credits: 8

Topics

Domain 5: Cryptography

  • History of Cryptography
  • Goals of cryptography
  • Confidentiality
  • Integrity
  • Authentication
  • Non-repudiation
  • Cryptography lifecycle
  • General encryption techniques
  • Ways to encrypt data
  • Stream
  • Block
  • Types of cryptography
  • Symmetric
  • Asymmetric
  • Hash
  • Diffie-Hellman key exchange
  • Key management and PKI
  • Real-world implementations for crypto
  • Kerberos
  • Digital substitution
  • Diffie-Hellman
  • PGP
  • SSL
  • Types of encryption algorithms
  • DES
  • Triple-DES
  • AES
  • RSA
  • MD5
  • SHA
  • Applications of cryptography
  • Data at rest
  • Data in transit
  • Key management
  • Types of crypto attacks
  • Steganography and digital watermarking

Domain 6: Security Architecture and Design

  • Hardware
  • Memory
  • Addressing
  • Storage types
  • Types of memory
  • CPU Terms
  • Pipelining
  • Complex Instruction Set Computer (CISC)
  • Reduced Instruction Set Computer (RISC)
  • Scalar processor
  • Superscalar processor
  • Multitasking
  • Multiprocessing
  • OS States
  • User
  • Privileged
  • OS Protection Mechanisms
  • Layering
  • Abstraction
  • Process isolation
  • Hardware segmentation
  • OS fundamentals
  • Single user
  • Multi user
  • Software languages
  • Software vulnerabilities and countermeasures
  • Network programming
  • API
  • Applets
  • System security evaluation
  • Certification and PCI

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.
 
  MGT414.5: Security Operations and Business Continuity & Disaster Recovery Planning
Overview

Non-technical aspects of security are just as critical as technical aspects. Security operations security focuses on the legal and managerial aspects of security and covers components such as background checks and non-disclosure agreements, which can eliminate problems from occurring down the road.

Business Continuity Planning (BCP) is examined, comparing the differences between BCP and Disaster Recovery Planning (DRP). A lifecycle model for BCP/DRP is covered giving scenarios of how each step should be developed.

CPE/CMU Credits: 8

Topics

Domain 7: Security Operations

  • Security operations
  • Legal requirements
  • Privacy and protection
  • Configuration management and change control
  • Non-disclosure agreement
  • Sensitivity markings
  • Control types
  • Directive controls
  • Preventive controls
  • Detective controls
  • Corrective controls
  • Recovery controls
  • Auditing
  • Reporting concepts and mechanisms
  • Roles and responsibilities
  • Incident response
  • System resilience

Domain 8: Business Continuity and Disaster Recovery Planning

  • Business Continuity Planning (BCP)
  • Disaster Recovery Planning (DRP)
  • Network security policy
  • Sample disasters
  • BCP-DRP Lifecycle
  • Business Impact Analysis (BIA)
  • Basic elements of continuity planning
  • Steps to building a plan
  • Project initiation
  • Risk analysis and reduction
  • Recovery strategies
  • Developing the continuity plan
  • Exercising and maintaining the plan
  • Training and awareness
  • Business Impact Analysis
  • Alternative sites
  • Hot sites
  • Warm sites
  • Cold sites
  • Hybrid
  • Mobile
  • Types of testing

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.
 
  MGT414.6: Legal, Regulations, Investigations & Compliance, and Physical (Environmental) Security
Overview

If you work in network security, understanding the law is critical during incident responses and investigations. The common types of laws are examined, showing how critical ethics are during any type of investigation.

If you do not have proper physical security, it doesn't matter how good your network security is; someone can still obtain access to sensitive information. In this section various aspects and controls of physical security are discussed.

CPE/CMU Credits: 7

Topics

Domain 9: Legal, Regulations, Investigations, and Compliance

  • Code of ethics
  • Types of law
  • Criminal
  • Civil
  • Regulatory
  • Computer security laws
  • International laws
  • Computer crime laws
  • Intellectual property rights
  • Legal liability
  • Investigation steps
  • Computer forensics
  • Rules of evidence
  • Embedding security into contracts and procurement
  • Advanced Persistent Threat APT

Domain 10: Physical (Environmental) Security

  • Significance of physical security
  • Personnel safety
  • Objectives
  • Safety
  • Counter-examples
  • Passwords
  • Disk encryption
  • Redundancy
  • Evacuation roles and procedures
  • Access control types
  • Deterrent
  • Preventive
  • Detective
  • Corrective
  • Preventing unauthorized access
  • Locks
  • Mantraps
  • Fences
  • CCTV
  • X-ray
  • Facility requirements
  • Technical controls
  • Environmental controls
  • Protection and securing of equipment
  • Biometrics

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.
 
Schedule Instructor
 
Mon Feb 24th, 2014
7:00 PM - 10:00 PM ET
 Staff
Wed Feb 26th, 2014
7:00 PM - 10:00 PM ET
 Staff
Mon Mar 3rd, 2014
7:00 PM - 10:00 PM ET
 Staff
Wed Mar 5th, 2014
7:00 PM - 10:00 PM ET
 Staff
Mon Mar 10th, 2014
7:00 PM - 10:00 PM ET
 Staff
Wed Mar 12th, 2014
7:00 PM - 10:00 PM ET
 Staff
Mon Mar 17th, 2014
7:00 PM - 10:00 PM ET
 Staff
Wed Mar 19th, 2014
7:00 PM - 10:00 PM ET
 Staff
Mon Mar 24th, 2014
7:00 PM - 10:00 PM ET
 Staff
Wed Mar 26th, 2014
7:00 PM - 10:00 PM ET
 Staff
Mon Mar 31st, 2014
7:00 PM - 10:00 PM ET
 Staff
Wed Apr 2nd, 2014
7:00 PM - 10:00 PM ET
 Staff
Mon Apr 7th, 2014
7:00 PM - 10:00 PM ET
 Staff
Wed Apr 9th, 2014
7:00 PM - 10:00 PM ET
 Staff
Additional Information
 
  Testimonial

"This is a must for anyone that is considering taking the CISSP® exam"

-Leigh Lopez, CSUN

This course breaks the huge CISSP study books down into manageable chunks, and helped me focus and identify weaknesses. The instructors knowledge and teaching skills are excellent.

-Jeff Jones, Constellation Energy Group

This class focuses like a laser on the key concepts youll need to understand the CISSP exam. Dont strug- gle with thousand page tex t- books let this course be your guide!

-Carl Williams, Harris Corporation

I have taken several CISSP prep courses in the last sev- eral years and this by far is the best. Finally I feel that I have the confidence to take the test. Thanks.

-Jerry Carse, Sarum, LLC
 
  Who Should Attend
  • Security professionals who are interested in understanding the concepts covered in the CISSP® exam as determined by (ISC)2
  • Managers who want to understand the critical areas of network security
  • System, security, and network administrators who want to understand the pragmatic applications of the CISSP® 10 Domains
  • Security professionals and managers looking for practical ways the 10 domains of knowledge can be applied to the current job
  • In short, if you desire a CISSP®, or your job requires it, MGT414 is the training for you.
 
  You Will Be Able To
  • Understand the 10 domains of knowledge that are covered on the CISSP® exam
  • analyze questions on the exam and be able to select the correct answer
  • Apply the knowledge and testing skills learned in class to pass the CISSP® exam
  • Apply the skills learned across the 10 domains to solve security problems when you return back to work
  • Understand and explain all of the concepts covered in the in the 10 domains of knowledge
 

Author Statement

Author Statement

The CISSP® certification has been around for almost twenty years and covers security from a 30,000 foot view. CISSP® covers a lot of theoretical information that is critical for a security professional to understand. However, this material can be dry and since most students do not see the direct applicability to their jobs, they find it boring. The goal of this course is to bring the CISSP® 10 domains of knowledge to life. By explaining important topics with stories, examples, and case studies, the practical workings of this information can be discovered. I challenge you to attend the SANS CISSP® training course and find the exciting aspect of the ten domains of knowledge.

- Eric Cole

Pricing
Price Options
$3,800
  •  Cancel Date: Feb 10, 2014

Venue Information

  • World Wide Web
  • Secure Site Requires Login ID & Password
    Webcast Classroom Training,
Event starts in 146 Days
 

As a SysAdmin, I found this course invaluable. It not only gave me the skills I need to audit my own systems, but also gave me some insight on how to better work with external auditors.
Christoper O'Keefe

Share
Get an iPad or Nexus 10 with Online Training
Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Last 25 Papers »

Latest Tweets @SANSInstitute

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health and Security

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU