Training

CISSP Exam Preparation and Information Security Controls Training

The CISSP certification ensures that information security experts have a certain theoretical knowledge of information security controls organized into 8 main domains. In addition to passing the exam, supporting this theoretical knowledge with practical experience is a prerequisite for certification.

The aim of the training is to prepare participants for the CISSP exam as well as to ensure that they have mastered the information security controls gathered by ISC2 in 8 domains.

The training also contains sample questions and their solutions to have participants assess their knowledge and introduce them to the format of the exam.

CISSP

Training Details

Although there are no technical prerequisites for training, having experience in a information technology position or IT audit field will increase the benefit from training.

  • CHAPTER-1 Security and Risk Management
    • Information Technologies Fundamentals
    • Other Information Assets
    • Fundamental IT Processes
    • Security Requirements
    • Security Governance
    • Third Party Risk Management
    • American Control Assurance Regulations and Standards
    • International Third Party Service Provider Auditing Standards
    • Differences between Audit and Assessment
    • Risk Analysis
    • Risk Management
    • Continuous Monitoring for Leading Risk Indicators
    • Control Concepts
    • Security Controls for Human Layer
    • Social Engineering Attacks
    • Legal Framework
    • Governance and Security Organizations and Their Focus Areas
    • (ISC)2 Code of Professional Ethics
    • Internet Ethics
    • Business Continuity
    • Business Continuity and Disaster Recovery
  • CHAPTER-2 Asset Security
    • Data Protection
    • Data Roles
    • Examples of Data Leakage Risks
    • Data Protection Controls
    • Data Cleaning / Destruction Concepts
    • Cryptographic Concepts
    • Steganography and Watermarking
    • Digital Rights Management (DRM)
    • Cryptographic Attacks
    • Examples of Cryptographic Vulnerabilities
  • CHAPTER-3 Security Engineering
    • Security Models
    • Security Assessment Models
    • Security Assessment
    • Some System Security Features and Technologies
    • System and Software Concepts
    • Basic Computer Technology Concepts
    • CPU Protection Rings
    • Policy-Based System Security Modes
    • Policy-Based System Security Modes Defined by the US Government
    • Compartmentalization and Need To Know Concepts
    • Memory Types
    • Addressing Types Used by CPU
    • Storage (Data Storage Tools) Classes
    • Firmware Concepts
    • Database Concepts and Database Security
    • Distributed Systems
    • Cloud Computing Concepts
    • Industrial Control Systems (ICS)
    • Web Application Technologies
    • Web Application Vulnerabilities (OWASP Top 10 – 2013)
    • Web Application Vulnerabilities
    • Mobile Device Security and Risks
    • Mobile Device Security Controls
    • Mobile Application Security
    • Embedded Device and IoT Security
    • General Security Architecture Mistakes and Vulnerabilities
    • Physical Security
    • Concepts Related to Electrical Energy
    • Fire Risk
  • CHAPTER-4 Communications and Network Security
    • TCP/IP Fundamentals
    • OSI Model
    • Fundamental Network Devices
    • Routing Protocol Examples
    • Ethernet Protocol and MAC Address
    • ARP Protocol and Local Network Attacks
    • What is Tunneling and Encapsulation
    • Converged Protocols
    • Software Defined Networking (SDN)
    • Content Distribution Networks (CDN)
    • Wireless Networks (802.11)
    • Captive Portals
    • Wardriving / Warwalking
    • Wireless De-Authentication Attack
    • Network Security Zoning Concepts
    • Importance of Network Zoning in SCADA Security
    • Network Access Control (NAC)
    • Firewalls
    • Packet Filtering Firewalls Problem Example
    • Firewall Installation Architectures
    • Egress Filtering in Firewalls
    • Intrusion Detection System (IDS) / Intrusion Prevention System (IPS)
    • Endpoint Security
    • Physical Network Topologies
    • Local Area Network (LAN) and Wide Area Network (WAN) Concepts
    • LAN Technologies
    • LAN Media Access Methods
    • Cable Types
    • Wireless Networks Physical Communications Protocols
    • Bluetooth (802.15) Risks
    • Bluetooth Controls
    • Bluetooth Scans
    • Various Network Terms
    • Basic Network Authentication Protocols
    • Centralized Remote Authentication Services
    • Voice Over IP (VoIP)
    • PSTN Fraud
    • Wardialing
    • Multimedia Collaboration Tools and Risks
    • E-Mail Security
    • Fax Security
    • Application Programming Interface (API) and Screen Scraper Solutions
    • Telecommuting Technologies
    • VPN (Virtual Private Network)
    • Operating System Virtualization Technologies
    • Application Virtualization
    • WAN / Voice Switching Methods
    • WAN Technologies
    • Network Threats
    • What is Broadcast Address
    • What is Packet Fragmentation
    • Network Administration Basic User Tools
  • CHAPTER-5 Identity and Access Management
    • Fundamental Access Control Concepts
    • Authentication Factors
    • Passwords
    • SmartCards
    • Hardware Tokens
    • Software Tokens
    • Biometrics
    • Biometric Factor Error Types
    • Other Concepts Related to Biometric Controls
    • Concepts of Central Identity Management and Central Authentication
    • Central Identity and Access Management Technologies
    • Federation in Identity Management
    • Examples of Other SSO Technologies
    • Credential Management Systems
    • IDaaS (Identity as a Service)
    • Third Party User Authentication and Awareness
    • Enterprise Identity Management (IDM) Solutions Concepts
    • Session Timeout Controls
    • HTTP and Web Applications Access Control Protocols and Methods
    • Identity and Access Management Lifecycle
    • Access Controls for Preventing Fraud
    • Other Access Control and Authorization Concepts
    • Privileged Access
    • Access Control Models
    • Non-Discretionary Access Control Models
    • Access Control Attacks
    • Use of Salt in Password Hashes
    • Password Key Space and Power of Passwords
    • Precautions Against Access Control Attacks
  • CHAPTER-6 Security Assessment and Testing
    • Audit Types (According to Organization Performing the Audit)
    • Vulnerability Assessments
    • Penetration Testing
    • Browser Client Technologies
    • Information Gathering in Blackbox Pentests
    • When Should Security Assessments Be Done
    • Software Testing
    • SECTION-7 Security Operations
    • System Administrator Accounts for Windows and Unix Systems
    • Access Control Procedures Critical for Security Operations
    • Information Security and IT Service Management Relationship
    • Service Level Agreements (SLA)
    • Asset Inventory Management
    • Software License Types
    • Storage Media Lifecycle Management
    • Release and Configuration Management
    • Change Management
    • Relation of Change, Configuration and Patch Management
    • Exploit Life Cycle and Patch Management Process
    • Patch Management
    • Incident Management
    • Types of Malware
    • Features of Heuristic Based Anti-Malware Solutions
    • Malware Analysis
    • Malware Analysis and Reversing Tools
    • Application Inventory Whitelisting / Blacklisting
    • Concepts of Sabotage and Espionage
    • Attacker Traps and Analysis Methods and Tools
    • Warning Banners
    • Logging and Monitoring
    • Manual Review of Logs, Alarms or Transaction Records
    • Basic Network Monitoring Concepts
    • Redundant Array of Disks (RAID)
    • Failover Cluster (Fault Tolerant Server Backup)
    • Failure Response Concepts in Network, Application and Physical Access
    • Network Quality of Service (QoS) Concepts
    • Database Offsite Backup and Recovery Methods
    • Data Backup Strategies
    • Tape Rotation Strategies
    • Software Escrow Agreements
    • Types of Investigations
    • Admissibility of evidence
    • Amendments About the Investigations in the US Constitution
    • Types of Evidence
    • Documentary Evidence Rules
    • Interview Types During Investigations
    • Chain of Evidence (Chain of Custody)
    • Admissibility of Computer Log Records
    • Computer Forensics Types
    • Evidence Collection and Forensic Procedures
    • Examples of Media Forensic Duplication Tools
    • Media Forensic Tools
    • Types of Attackers
  • CHAPTER-8 Software Development Security
    • Software Technologies
    • Language Generations
    • 4th GL Example (Software AG – Natural Language)
    • Object Oriented Programming (OOP)
    • Object Oriented Programming (OOP) Concepts
    • Input Validation Controls
    • Controls Against Web Application Injection Attacks
    • Controls Against Web Application Access and Session Attacks
    • Buffer Overflow Controls for Machine Compiled Applications
    • Other Overflow Examples
    • Software Development Life Cycle (SDLC) Methodologies
    • The Concept of DEVOPS
    • Software Quality and Capability Maturity Model (CMM)
    • Generic Software Development Lifecycle and Secure Software Development
    • The Relation of Software Development Life Cycle to the IT Service Management Processes
    • Project Management Methods and Tools
    • Change Management and Software Integrity
    • Software Testing
    • Code Repository Management
    • Database Management Systems
    • Relational Database Model Concepts
    • Data Dictionary and Entity Relationship (ER) Diagrams
    • Entity Relationship (ER) Diagrams
    • Data Processing Errors Related to Data Integrity Losses
    • Knowledge Based Systems

Duration: 5 Days

Location: Istanbul

  • All participants are entitled to CERTIFICATE OF PARTICIPATION