MGT414: SANS Training Program for the CISSP Certification

Overview

In this first section, MGT414 introduces the specific requirements needed to obtain CISSP® certification. The 2021 exam update will be discussed in detail. We will cover the general security principles needed to understand the 8 domains of knowledge, with specific examples for each domain. The first of the 8 domains, Security and Risk Management, will be discussed using real-world scenarios to illustrate the critical points.

Topics

Introductory Material

• Overview of the exam
• Focus of 2021 exam updates
• What is required to become a CISSP®?
• Maintaining a CISSP®
• Exam overview
• Test-taking tips and tricks

Overview of the 8 Domains

• Domain 1: Security and Risk Management
• Domain 2: Asset Security
• Domain 3: Security Engineering
• Domain 4: Communication and Network Security
• Domain 5: Identity and Access Management (IAM)
• Domain 6: Security Assessment and Testing
• Domain 7: Security Operations
• Domain 8: Software Development Security

Domain 1: Security and Risk Management

• Confidentiality, integrity, and availability
• Security governance principles
• Compliance
• Supply Chain Risk Management (SCRM) concepts
• Legal and regulatory Issues
• General Data Protection Regulation (GDPR)
• Ethics
• Business continuity requirements
• Policies, standards, procedures, and guidelines
• Risk management concepts
• Threat modeling
• Security champions
• Gamification
• Security Operations Center reports
• Education, training, and awareness

Overview

Understanding asset security is critical to building a solid information security program. The Asset Security domain, the initial focus of the second course section, describes data classification programs, including those used by governments, the military, and the private sector. We will also discuss ownership, covering owners ranging from business/mission owners to data and system owners. We will examine data retention and destruction in detail, including secure methods to purge data from electronic media. We then turn to the first part of the Security Engineering domain, including new topics for the 2021 exam such as Data Loss Prevention (DLP), Cloud Access Security Brokers (CASB), microservices, containerization, serverless, High-Performance Computing (HPC) systems, and much more.

Topics

Domain 2: Asset Security

• Data and asset classification
• Tangible and intangible assets
• Data owners
• System owners
• Business/Mission owners
• Privacy
• Data processors
• Data remanence
• Limitation on collection of sensitive data
• Digital Rights Management (DRM)
• Data retention
• Data destruction
• Data Loss Prevention (DLP)
• Cloud Access Security Broker (CASB)
• Baselines
• Scoping and Tailoring

Domain 3: Security Engineering (Part 1)

• Secure design principles
• Security models
• Controls and countermeasures
• Virtualization
• Microservices
• Containerization
• Serverless
• Trusted platform module
• Industrial Control Systems (ICS)
• Embedded systems
• Applets
• Database security
• Cloud computing
• SCADA
• XML
• OWASP
• The Internet of Things

Overview

This section continues the discussion of the Security Engineering domain, including a deep dive into cryptography. The focus is on real-world implementation of core cryptographic concepts, including the three types of cryptography: symmetric, asymmetric, and hashing. Quantum cryptography and fault injection attacks (newly added in the 2021 exam) will be discussed, as well as salts and rainbow tables. We will round out Domain 3 with a look at physical security before turning to Domain 4, Communication and Network Security. The discussion will cover a range of protocols and technologies, from the Open Systems Interconnection (OSI) model to storage area networks. New topics for the 2021 exam will be discussed, including micro-segmentation, Virtual eXtensible Local Area Network (VXLAN), Software-Defined Wide Area Network (SD-WAN), and Li-Fi.

Topics

Domain 3: Security Engineering (Part 2)

• Cryptography
• Symmetric
• Asymmetric
• Hash
• Quantum
• PKI
• Digital signatures
• Non-repudiation
• Salts
• Rainbow tables
• Pass the hash
• Cryptanalysis
• Fault injection
• Implementation attacks
• Facility design considerations
• Physical security
• Safety
• Data center security
• Handling evidence
• HVAC
• Fire prevention and suppression

Domain 4: Communication and Network Security

• Network architecture
• OSI model
• TCP/IP
• Multilayer protocols
• Storage protocols
• NAS
• FCoE
• iSCSI
• Voiceover IP
• Wireless
• 802.11
• WPA and WPA2
• Li-Fi
• Zigbee
• Network devices
• Switches
• Routers
• Firewalls
• Proxies
• Content distribution networks
• Remote meeting technology
• Telecommuting
• Remote access and VPN
• SSH
• VPN
• IPsec
• SSL/TLS
• Port isolation
• VLANs
• Software-defined networks
• Micro-segmentation
• Virtual eXtensible Local Area Network (VXLAN)
• Software-Defined Wide Area Network (SD-WAN)

Overview

Controlling access to data and systems is one of the primary objectives of information security. Domain 5, Identity and Access Management, strikes at the heart of access control by focusing on the identification, authentication, and authorization of accounts. Password-based authentication represents a continued weakness, so Domain 5 stresses multi-factor authentication, biometrics, and secure credential management. The 2021 CISSP® exam underscores the increased role of external users and service providers, and mastery of Domain 5 requires an understanding of credential management systems, federated identity, SSO, SAML, cloud identity, and third-party identity and authorization services like OpenID Connect (OIDC) and Open Authorization (Oauth)

Topics

Domain 5: Identity and Access Management (IAM)

• Physical and logical access
• Credential management systems
• Just-In-Time (JIT)
• SSO
• LDAP
• Multi-factor authentication
• Biometrics
• Accountability
• Session management
• SAML
• Credential management
• Third-party identity services
• On-premise, cloud, and hybrid identity
• Authorization mechanisms
• MAC
• DAC
• Rule-based
• RBAC
• ABAC
• Provisioning

Overview

This course section covers Domain 6 (Security Assessment) and Domain 7 (Security Operations). Security Assessment covers types of security tests, testing strategies, and security processes. Security Operations covers investigatory issues, including eDiscovery, logging and monitoring, and provisioning. We will discuss cutting-edge technologies such as cloud, and we'll wrap up the section with a deep dive into disaster recovery.

Topics

Domain 6: Security Assessment

• Assessment and test strategies
• Security control testing
• Vulnerability assessment
• Penetration testing
• Log reviews
• Synthetic transactions
• Misuse case testing
• Test coverage analysis
• Responsible disclosure
• Security testing strategies
• Interface testing
• Breach attack simulations
• Security process
• Account management
• Management review
• Training and awareness
• Disaster recovery and business continuity
• Exception handling
• Internal and third-party audits

Domain 7: Security Operations

• Investigations
• Evidence collection and handling
• Reporting and documenting
• Forensics
• Operational, criminal, civil, and regulatory investigations
• eDiscovery
• Logging and monitoring
• Intrusion detection and prevention
• SIEM
• Continuous monitoring
• Egress monitoring
• User and Entity Behavior Analytics (UEBA)
• Tools based on machine learning and Artificial Intelligence (AI)
• Provisioning
• Asset inventory
• Configuration management
• Physical, virtual, and cloud assets
• Software as a Service (SaaS)
• Security operations
• Need-to-know and least privilege
• Service-level agreements
• System resilience
• Quality of Service (QoS)
• Threat feeds
• Threat hunting
• Incident management
• Firewalls
• IDS and IPS
• Honeypots and honeynets
• Vulnerability management
• Change management processes
• Recovery strategies
• Disaster recovery processes
• Disaster recovery plans

Overview

The final course section examines Domain 8 (Software Development Security), which describes the requirements for secure software. Security should be "baked in" as part of network design from day one, since it is always less effective when it is added later to a poor design. We will discuss classic development models, including waterfall and spiral methodologies. We will then turn to more modern models, including agile software development methodologies. New content for the 2021 CISSP® exam update will be discussed, including DevOps. We will wrap up 414.6 by discussing security vulnerabilities, secure coding strategies, and testing methodologies.

Topics

Domain 8: Software Development Security

• Software development lifecycle
• Software development methodologies
• Waterfall
• Spiral
• Agile
• Integrated Product Team (IPT)
• Software capability maturity models
• Capability Maturity Model Integration (CMMi)
• Software Assurance Maturity Model (SAMM)
• Change management
• DevOps
• Continuous Integration/Continuous Delivery (CI/CD)
• Security Orchestration, Automation, and Response (SOAR)
• Security vulnerabilities
• Bounds checking
• Input/output validation
• Buffer overflow
• Privilege escalation
• Secure coding
• Code repositories
• Programming interfaces
• Software-defined security
• Assessing software security
• Black box testing
• White box testing
• Cramming
• Fuzzing
• Security of Application Programming Interfaces (APIs)