1

IS security and the (ISC)²'s CBK

• Information system security.
• The why of CISSP certification.
• Overview of the scope covered by the CBK.

2

Security management and operations security.

• Security management practices. Writing policies, directives, procedures, and standards for security.
• The security awareness program, management practices, risk management, etc.
• Operations security: Preventive, detective, and corrective measures, roles and responsibilities of those involved.
• Best practices, security when hiring, etc.

3

Architecture, security models, and access control

• Architecture and security models: System architecture, theoretical informational security models.
• System evaluation methods, operational security modes, etc.
• Access control systems and methodologies. Categories and types of access controls.
• Access to data and systems, intrusion prevention systems (IPS) and intrusion detection systems (IDS).
• Audit trails, threats and attacks related to access control, etc.

4

Cryptography and development security

• Cryptography. Concepts, symmetrical and asymmetrical cryptography.
• Hash functions, public key infrastructure, etc.
• Security of application and system developments. Databases, data warehouses.
• The development cycle, object-oriented programming, expert systems, artificial intelligence, etc.

5

Telecom and network security

• Telecom and network security. Basic concepts, TCP/IP model, network and security equipment.
• Security protocols, attacks on networks, data backups, wireless technologies, VPNs, etc.

6

Continuity of business, laws, ethics, and physical security.

• Continuity of operations and disaster recovery plan.
• Business continuity plan, disaster recovery plan.
• Emergency measures, training and awareness program, crisis communications, exercises and tests, etc.
• Law, investigations, and ethics: Civil, criminal, and administrative law, intellectual property.
• Legal framework of investigations, evidence admissibility rules, etc.
• Physical security. Threats and vulnerabilities related to the environment of a place, scope of security.
• Layout requirements, site monitoring, staff protection, etc.