ISC2®


	Learn Everything for CISSP® (2008 Edition) Use CISSP® (2008 Edition) LearnSmart Video Training to learn everything that a CISSP® needs to know and pass your CISSP® (2008 Edition) certification exam. When you complete this CBT course, you'll be an expert on the following "must-know" skills for your CISSP® (2008 Edition) certification: Access Control Systems and Methodology Session 1 Section A: Access Control Basics Access Control Least Privilege Accountability Physical Access Administrative Access Logical Access Section B: Data Classification Overview Classification Criteria Data Responsibility Commercial Data Government Data Section C: Access Control Techniques Control Types Control Categories Security Labels Discretionary Mandatory Nondiscretionary Access Control Lists Section D: Access Control Implementation Centralized Authentication RADIUS TACACS Decentralized Hybrid Model Section E: Identification and Authentication Phases Type 1 Authentication Type 2 Authentication Type 3 Authentication Single Sign-on Kerberos Kerberos Process SESAME Section F: Attack and Monitor Brute Force Dictionary Denial of Service Spoofing Man-in-the-Middle Access Control Assurance Monitoring Intrusion Detection Penetration Testing Telecommunications and Network Security Session 2 Section A: OSI Reference Model Protocols Standards Organizations OSI Overview Logical Data Flow Physical Data Flow Section B: OSI Layers Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data-link Layer Physical Layer TCP/IP Model Section C: Media/LAN Topologies Twisted Pair Coaxial Fiber Optics Wireless Technologies Star Topology Bus Topology Ring Topology Tree Topology Mesh Topology Section D: LAN/WAN/Remote Access Ethernet Other Access Methods Signaling Types Network Types Dial-up ISDN DSL Wireless/Cable Section E: Remote Access Security VPN PPTP IPSec Connection Security User Authentication Node Authentication Telecommunications and Network Security Session 3 Section A: Network Devices Hubs Bridges Switches Routers Gateways Firewalls Section B: Firewalls 1st Generation 2nd and 3rd Generation 4th and 5th Generation Packet Filtering Router Screened Host Dual-Homed Host Screened Subnet Section C: Security Protocols and Services TCP/IP Network Layer Transport Layer Application Layer SDLC/HDLC Frame Relay ISDN X.25 Section D: Security Techniques Tunneling Network Monitors Transparency Hash Totals E-mail Security Facsimile Security Voice Communication Section E: Common Network Attacks Network Abuses ARP DoS/DDoS Flooding Spoofing Spamming Eavesdropping Sniffers Information Security and Risk Management Session 4 Section A: Introduction Why CISSP? Requirements Required Domains Section B: The Security Triangle Securing the System Confidentiality Integrity Availability Section C: Security Management Training Information Security Governance Audit Frameworks for Compliance Security Administration Organizational Physical Risks Human Risks Risk Management Terms Risk Management Options Legal Responsibility Risk Assessment Methodologies Risk Assessment Team Section D: Risk Assessment Overview Cost vs. Benefit Single Loss Expectancy Annual Loss Expectancy Calculating Overall Risk Pros and Cons Qualitative Assessment Selecting Controls Section E: Security Policy Overview Security Policy Types Standards Guidelines Procedures Section F: Job Policies and Training Hiring Practices Termination Practices Job Descriptions Job Activities Security Awareness Tailoring Training ISO Responsibilities Section G: Ethics Overview (ISC)2 Code of Ethics Ten Commandments RFC 1087 Ethics Topics Common Computer Ethics Fallacies Application Security Session 5 Section A: Application Issues Software Development Application Environments Malicious Code Agents Applets Objects Section B: Databases and Warehousing Databases Relational Database Record Identification Query Language Data Access Methods Data Warehouses Aggregation Inference Polyinstantiation Section C: Data and Information Storage Data Handling Data Storage Virtual Memory Information Retrieval Knowledge-based Systems Audit and Assurance Mechanisms Section D: System Development Controls Coding Controls Development Life Cycle Design Certification Certification Standards Section E: Security Development Controls Isolation Architecture Administration Controls Design Control System Control Modes of Operation Integrity Levels Service Level Agreement Section F: Malicious Code Overview Players Viruses Virus Types OS Vulnerability Other Malicious Code Antivirus Protection Section G: Methods of Attack Brute Force Social Engineering DoS/DDoS Spoofing Pseudo Flaw Buffer Overflow TOC/TOU Rootkits Cryptography Session 6 Section A: History and Goals Ancient History Modern History Confidentiality Integrity Authentication Nonrepudiation Cryptographic Uses Section B: Concepts and Methodologies Overview Transposition Cipher Substitution Cipher Cipher Categories Cipher Process Symmetric Algorithms Asymmetric Algorithms Message Authentication Section C: Cryptographic Algorithms Overview DES Triple DES IDEA/Blowfish/Skipjack AES RSA/El Gamal Hashing Algorithms Other Hashing Algorithms Section D: Cryptographic Practices Digital Signatures Signature Types Key Distribution Steganography PKI Section E: System Architecture PEM MOSS S/MIME SSL HTTPS SET IPSec ISAKMP Section F: Methods of Attack Brute Force Known Plaintext Chosen Ciphertext Chosen Plaintext Meet-in-the-Middle Man-in-the-Middle Birthday Replay Physical Environmental Security Session 7 Section A: Organization Computer Hardware Types CPU RAM ROM Erasable PROM Memory Addressing Cache Memory Virtual Memory Section B: Machine Operation Hardware/Software Machine Types Execution Cycle Scalar Processors CPU Types Capabilities Section C: Operating Modes/Protection Mechanisms Operating States Operating Modes Storage Types Layering Abstraction Least Privilege Accountability Definitions Section D: Evaluation Criteria Overview Orange Book TCSEC Other Criteria International Criteria SEI-CMMI Section E: Security Models State Machine Model Bell-LaPadula Model Biba Model Clark-Wilson Model Information Flow Model Noninterference Model Graham-Denning Model Harrison-Ruzzo-Ullman Model Brewer-Nash Model Section F: Common Flaws and Security Issues Covert Channels Initialization State Parameter Checking Maintenance Hooks Programming Timing Issues EMR Operations Security Session 8 Section A: Administrative Management Overview Duty Separation Least Access Accountability Privacy and Protection Legal Requirements Illegal Activities Section B: Operation Controls Record Retention Backups Data Removal Antivirus Controls Privileged Functions Resource Protection Section C: Auditing Audit Procedures Frequency Audit Trails Audit Reporting Sampling Retention Section D: Monitoring What is Monitoring? Categories Warning Banners Keystroke Monitoring Traffic Analysis Trend Analysis Tools Failure Recognition Section E: Intrusion Detection Intrusion Prevention IDS Types Penetration Testing Inappropriate Activity Section F: Threats and Countermeasures Interception Human Factors Fraud and Theft Employee Sabotage Disaster Recovery Hackers Espionage Malicious Code Business Continuity and Disaster Recovery Planning Session 9 Section A: BCP Project Scope Industry and Professional Standards Legislative Compliance Overview Organization Analysis Planning Team Resource Requirements Legal Requirements Section B: Business Impact Analysis Overview Interruption Resource Prioritization Continuity Strategy BCP Approval Section C: DRP Planning and Recovery Overview Identification Crisis Management Recovery Data Center Alternatives More Alternatives Processing Agreement Section D: Recovery Plan Emergency Response Data Backup Backup Types Off-site Storage Utilities Logistics Emergency Services Section E: Recovery Plan Implementation Overview Training Checklist Test Structured Walk-through Simulation Test Parallel Test Full-interruption Test Law, Regulation, Compliance, and Investigations Session 10 Section A: Types of Computer Crime Overview Military Attacks Business Attacks Financial Attacks Terrorist Attacks Grudge Attacks Fun Attacks Hacking/Cracking Section B: Categories of Law Criminal Law Civil Law Admin/Regulatory Law Categories of Law Intellectual Property Law Trade Secrets Copyrights Trademarks Patents Section C: Computer Laws Technology Threat Government Intervention Fraud and Abuse Act Computer Security Act Amended Security Act Security Reform Act Privacy Acts USA Patriot Act Liability Section D: Types of Incidents Overview Incident Categories Scanning Incidents Compromise Incidents Malicious Code Incidents DoS Incidents Section E: Incident Handling Knowledge Response Contain Damage Reporting Section F: Investigation and Evidence Overview Evidence Handling Evidence Types Evidence Admissibility Search and Seizure Physical Environmental Security Session 11 Section A: Physical Security Threats Overview Threats 1 - 5 Threats 6 - 9 Threats 10 - 12 Section B: Facility Requirements Security Policy Critical Path Analysis Access Controls Section C: Physical Security Controls Administrative Controls Fences/Gates Lighting Security Guards/Dogs Keys/Badges Detective Controls/CCTV Restriction/Escorts Technical Controls Section D: Environmental Issues Power HVAC Water Leakage/Flooding Fire Detection/Suppress Natural Disasters Section E: Physical Security Fire Safety Physical Access Control Administrative Controls Employee Training Egress Safety Detective Controls


	With 33 hours of instruction on DVD-ROM (or 11 CDs), PrepLogic’s CISSP® (2008 Edition) LearnSmart Video Training is the only core learning you need to become an expert in information security management and critical security issues. No other outside training is needed! In this comprehensive training, leading expert instructor Michael Solomon covers the full CISSP® Common Body of Knowledge®, explains how the various domains relate in an overall security policy and delivers solid preparation for the certification exam. Using his skilled background and a variety of visual resources, such as diagrams and animations, Michael is able to clearly communicate information to you in a way that’s easy to understand. When you’ve completed this LearnSmart Video Training, you will understand security concepts and issues in the CBK® required for the CISSP exam.


	The CISSP® is an extremely advanced certification meant for IT professionals who want to achieve "mastery of an international standard for information security and understanding of a Common Body of Knowledge (CBK®)." Earning the CISSP® certification requires a candidate to pass a single exam and meet the exam vendor's prerequisites. The two prerequisites for this exam are for the candidate to: "execute the candidate agreement, attesting to the truth of the candidate's experience assertions and legally commit to adhering to the Code of Ethics"; and successfully "answer four questions regarding criminal history and related background." Users that attain this exam commonly carry the titles of Security Auditor or Network Security Analyst. The topics covered by this exam come from the CISSP® Common Body of Knowledge (CBK®) and include: Access Control Systems & Methodology Applications & Systems Development Business Continuity Planning Cryptography Law, Investigation & Ethics Operations Security Physical Security Security Architecture & Models Security Management Practices Telecommunications, Network & Internet Security Within this Common Body of Knowledge (CBK®), the vendor will ask a series of very challenging question involving particular extracted from the published information. While the material itself is not considered to be overly complex, the actual amount of information on the exam can be slightly intimidating to users new to the security field. The pass score for this form-based multiple choice exam is a scaled score of 700 points or greater. There are 250 questions and the exam lasts 6 hours.

CISSP® LearnSmart Video Training