CISSP Bootcamp

În acest curs de 5 zile vom analiza și discuta subiectele testate în examenele CISSP

Cui i se adresează?

Acest curs este destinat persoanelor care intenționează să urmeze certificarea CISSP.

Ce vei învăța?

  • Securitate și management al riscurilor
  • Securitatea activelor
  • Arhitectură și inginerie de securitate
  • Comunicații și securitatea rețelei
  • Managementul identității și accesului
  • Evaluarea și testarea securității
  • Operațiuni de securitate
  • Securitatea dezvoltării software

Cerințe preliminare:

Înainte de a urma acest curs, cursantul ar trebui să aibă următoarea cunoștințe obținute în timpul îndeplinirii următoarelor roluri:
• Chief Information Officer
• Chief Information Security Officer
• Director Tehnic
• Manager/Ofițer de conformitate
• Director de securitate
• Arhitectul informaţiei
• Manager de informații / Manager de riscuri de informații sau consultant
• Specialist IT/Director/Manager
• Administrator de rețea/sistem
• Administrator de securitate
• Arhitect de securitate / Analist de securitate
• Consultant de securitate
• Manager de securitate
• Inginer Sisteme de Securitate/ Inginer Securitate

Agenda cursului:

Materialele de curs sunt în limba Engleză. Predarea se face în limba Română.

Module 1: SECURITY AND RISK MANAGEMENT
Learning Objectives:
• Justify an organizational code of ethics.
• Relate confidentiality, integrity, availability, non-repudiation, authenticity, privacy and safety to due care and due diligence.
• Relate information security governance to organizational business strategies, goals, missions, and objectives.
• Apply the concepts of cybercrime to data breaches and other information security compromises.
• Relate legal, contractual, and regulatory requirements for privacy and data protection to information security objectives.
• Relate transborder data movement and import-export issues to data protection, privacy, and intellectual property protection.

Module 2: INFORMATION ASSET SECURITY
Learning Objectives:
• Relate the IT asset management and data security lifecycle models to information security.
• Explain the use of information classification and categorization, as two separate but related processes.
• Describe the different data states and their information security considerations.
• Describe the different roles involved in the use of information, and the security considerations for these roles.
• Describe the different types and categories of information security controls and their use.
• Select data security standards to meet organizational compliance requirements.

Module 3: IDENTITY AND ACCESS MANAGEMENT (IAM)
Learning Objectives:
• Explain the identity lifecycle as it applies to human and nonhuman users.
• Compare and contrast access control models, mechanisms, and concepts.
• Explain the role of authentication, authorization, and accounting in achieving information security goals and objectives.
• Explain how IAM implementations must protect physical and logical assets.
• Describe the role of credentials and the identity store in IAM systems.

Module 4: SECURITY ARCHITECTURE AND ENGINEERING
Learning Objectives:
• Describe the major components of security engineering standards.
• Explain major architectural models for information security.
• Explain the security capabilities implemented in hardware and firmware.
• Apply security principles to different information systems architectures and their environments.
• Determine the best application of cryptographic approaches to solving organizational information security needs.
• Manage the use of certificates and digital signatures to meet organizational information security needs.
• Discover the implications of the failure to use cryptographic techniques to protect the supply chain.
• Apply different cryptographic management solutions to meet the organizational information security needs.
• Verify cryptographic solutions are working and meeting the evolving threat of the real world.
• Describe defenses against common cryptographic attacks.
• Develop a management checklist to determine the organization’s cryptologic state of health and readiness.

Module 5: COMMUNICATION AND NETWORK SECURITY
Learning Objectives:
• Describe the architectural characteristics, relevant technologies, protocols and security considerations of each of the layers in the OSI model.
• Explain the application of secure design practices in developing network infrastructure.
• Describe the evolution of methods to secure IP communications protocols.
• Explain the security implications of bound (cable and fiber) and unbound (wireless) network environments.
• Describe the evolution of, and security implications for, key network devices.
• Evaluate and contrast the security issues with voice communications in traditional and VoIP infrastructures.
• Describe and contrast the security considerations for key remote access technologies.
• Explain the security implications of software-defined networking (SDN) and network virtualization technologies.

Module 6: SOFTWARE DEVELOPMENT SECURITY
Learning Objectives:
• Recognize the many software elements that can put information systems security at risk.
• Identify and illustrate major causes of security weaknesses in source code.
• Illustrate major causes of security weaknesses in database and data warehouse systems.
• Explain the applicability of the OWASP framework to various web architectures.
• Select malware mitigation strategies appropriate to organizational information security needs.
• Contrast the ways that different software development methodologies, frameworks, and guidelines contribute to systems security.
• Explain the implementation of security controls for software development ecosystems.
• Choose an appropriate mix of security testing, assessment, controls, and management methods for different systems and applications environments

Module 7: SECURITY ASSESSMENT AND TESTING
Learning Objectives:
• Describe the purpose, process, and objectives of formal and informal security assessment and testing.
• Apply professional and organizational ethics to security assessment and testing.
• Explain internal, external, and third-party assessment and testing.
• Explain management and governance issues related to planning and conducting security assessments.
• Explain the role of assessment in data-driven security decision-making.

Module 8: SECURITY OPERATIONS
Learning Objectives:
• Show how to efficiently and effectively gather and assess security data.
• Explain the security benefits of effective change management and change control.
• Develop incident response policies and plans.
• Link incident response to needs for security controls and their operational use.
• Relate security controls to improving and achieving required availability of information assets and systems.
• Understand the security and safety ramifications of various facilities, systems, and infrastructure characteristics.

Recomandăm să continui cu:

Programe de certificare

Candidații trebuie să aibă minimum 5 ani de experiență cumulativă de lucru cu normă întreagă, plătită, în 2 sau mai multe dintre cele 8 domenii ale CISSP CBK. Obținerea unei diplome de colegiu de 4 ani sau echivalent regional sau a unei acreditări suplimentare din lista aprobată (ISC)² va satisface 1 an de experiență necesară. Creditul pentru studii va satisface doar 1 an de experiență.
Un candidat care nu are experiența necesară pentru a deveni CISSP poate deveni Asociat al (ISC)² prin promovarea cu succes a examenului CISSP. Asociatul (ISC)² va avea apoi 6 ani pentru a câștiga cei 5 ani de experiență necesari.

Acreditare
CISSP a fost prima acreditare din domeniul securității informațiilor care a îndeplinit cerințele stricte ale standardului ANSI/ISO/IEC 17024.

Informații despre examenul CISSP CAT
Durata examenului: 3 ore
Număr de întrebări: 100 – 150
Format de întrebare: întrebări cu răspunsuri multiple și întrebări inovatoare avansate
Nota de promovare: 700 din 1000 de puncte
Disponibilitatea limbii examenului: engleză
Centru de testare: (ISC)2 Centre de testare autorizate PPC și PVTC Selectați Pearson VUE

CISSP Bootcamp

CISSP Bootcamp

Oferte personalizate pentru grupuri de minim 2 persoane

Detalii curs

Durată:

5
zile

Preț:

1320 EUR

Livrare:

Predare în clasă, Clasă hibridă, Clasă virtuală

Nivel:

4. Expert

Roluri:

Security Engineer

Oferte personalizate pentru grupuri de minim 2 persoane