Spezialisierung Certified Information Systems Security Professional (CISSP)

One of the most important jobs an information security professional has is the protection of organizational assets. We will look at the various types of assets and discuss their value. We will then look at common threats to information and their mitigation, providing coverage throughout the entire data life cycle.

In this course, we will cover Domain 3 of the CISSP exam, which focuses on security architecture and engineering. We introduce principles of security design like “secure-by-default” and principles of least privilege. We will examine security models on which systems can be built and look at the hardware, software and firmware that will enforce these models. We will also dive into cloud services and CISSP. Beginning with a high-level overview of how cloud computing works, you'll see different deployment models, different service structures and the various security risks inherent in each model.

This course focuses on Domain 4 of the CISSP exam, covering network security. It begins with an in-depth look at the OSI Reference Model. At each layer, we will discuss functionality, threats/vulnerabilities and common mitigation strategies. In addition, we will focus on firewalls, proxy servers and remote access solutions. It also covers the security services that cryptography can provide and examine common terms like initialization vectors, salts, hashing, algorithms and keys. We will then build on this foundation to explore symmetric, asymmetric and hybrid cryptography and look at its practical implementations.

The Identity and Access Management course corresponds to Domain 5 of the CISSP exam. It provides an insight into the steps of access control. We will begin by discussing identity management and provisioning/deprovisioning accounts. We will then move to the AAA functions of authentication, authorization and accounting. We will additionally cover the concepts of single sign-on in local domains, as well as across the internet.

Security assessment and testing is the focus of Domain 6 on the CISSP exam. We will look at the processes and systems necessary to provide an insight into the organization’s security posture. We will explore security tests, vulnerability analysis and penetration testing, then look at security devices like SIEM systems, intrusion detection systems and honeypots.

This course covers Domain 7 of the CISSP exam, focusing on security operations. In it we will look at incident response and forensic investigations, including response planning and change management. We'll also discuss how to keep your systems ready for anything with redundancy and how to plan ahead with a module on contingency planning, including facility recovery and testing. And finally, we'll explore physical security, including site and facility design; fire safety and prevention; and data center security.

This course examines the need to provide security throughout the SDLC, which aligns with Domain 8 on the CISSP exam. We will compare and contrast Agile and the waterfall methodologies, and look at the assessment of web applications and more traditional applications. We will examine common threats like cross-site scripting, buffer overflows and race conditions. Finally, we will examine databases and their vulnerabilities/solutions.