Certified ISSO - Certified Information Systems Security Officer

Course

Online

£ 2,137.06 VAT exempt

*Indicative price

Original amount in USD:

$ 2,695

Description

  • Type

    Course

  • Methodology

    Online

  • Duration

    5 Days

Outline. Module 1: Security Management Practices. Module 2: Access Control. Module 3: Cryptography. Module 4: Physical Security. Module 5: Security Architecture and Models. Module 6: Law, Investigation and Ethics. Module 7: Telecommunications and Network. Module 8: Business Continuity Objectives. Module 9: Application and System Development. Module 10: Operations Security

About this course

Experience in at least 2 modules of the outline is beneficial but not required

Questions & Answers

Add your question

Our advisors and other users will be able to reply to you

Who would you like to address this question to?

Fill in your details to get a reply

We will only publish your name and question

Reviews

Course programme

Certified ISSO - Certified Information Systems Security Officer

mile2's Certified ISSO training covers:

Information Security Governance and Risk Management
Access Control
Cryptography
Physical (Environmental) Security
Security Architecture and Design
Business Continuity and Disaster Recovery Planning
Telecommunications and Network Security
Application Development Security
Operations Security
Legal, Regulations, Investigations and Compliance

Mile2's Certified Information Systems Security Officer - C)ISSO - program prepares and certifies individuals to analyze an organization's information security infrastructure in respects to threats, risks, and design a security program to mitigate risks relevant to 2010. In mile2's certification process, ISSO’s will also be proficient in risk analysis, risk mitigation, application security, network security, operations security, business continuity and disaster recovery planning.

Mile2 has observed that many respected organizations and instructors approach the delivery of both the CISSP® and ISSO prep events as an information technology security event. The focus therefore is inevitably on the technology used in the processing of data into information. This is relatively incomplete, as technology is only one of the many components of an information system. mile2's certified ISSO training attempts to balance both theory and technology.

Certification Background: our ISSO certification was inspired by a Dual Initiative between the DOD and DND: CANCUS CDISM MOU – ID#1974100118. This was a direct initiative of the DND – Department of National Defense of Canada in cooperation with the DOD – Department of Defense of the United States. These and other institutions use and recognize the ISSO acronym - Information Systems Security Officer.


Module 1: Security Management Practices
Module 2: Access Control
Module 3: Cryptography
Module 4: Physical Security
Module 5: Security Architecture and Models
Module 6: Law, Investigation and Ethics
Module 7: Telecommunications and Network
Module 8: Business Continuity Objectives
Module 9: Application and System Development
Module 10: Operations Security

LIVE REMOTE TRAINING: Attend live classes from anywhere in the world!

• Live Presentations with Powerful functionality that delivers easy viewing of slides and other documents, shared Internet access, virtual whiteboard, and a media center all through an easy-to-use toolbar.
• Application, file, and desktop sharing enable you to view live demonstrations.
• Dedicated high spec remote PC per student with full access as if you are sitting in-front of the PC in the classroom.
• Instructor views each students session when you perform your hands on labs, the instructor can access your remote system to demonstrate and assist while you sit back to absorb the classroom style mentoring you expect.
• Public and private text chat allows for increased interactivity between students and instructor

Module 1 – Security Management Practices
  • Overview
  • Agenda
  • Security Definitions
  • Agenda
  • Control Types
  • “Soft” Controls
  • Technical or Logical Controls
  • Physical Controls
  • AIC Triad
  • How Visible Should Countermeasures Be?
  • A Layered Approach
  • Agenda
  • Building Foundation
  • Planning Horizon Components
  • Enterprise Security – The Business Requirements
  • Enterprise Security Program Components
  • What Does the Architecture Need to Do for You?
  • Security Roadmap
  • The security architecture must address all components of the enterprise security
  • rogram, not just the technical components
  • Security Requires Communication
  • Agenda
  • Approach to Security Management
  • Policy Types
  • Policies with Different Goals
  • Industry Best Practice Standards
  • Components that Support the Security Policy
  • Senior Management’s Role in Security
  • Security Roles
  • Information Classification
  • Information Classification Criteria
  • Declassifying Information
  • Types of Classification Levels
  • Information Classification
  • Agenda
  • How Is Liability Determined?
  • Examples of Due Diligence and Due Care
  • Prudent Person Rule
  • Agenda
  • Risk Management
  • Why Is Risk Management Difficult?
  • Risk Analysis Objectives
  • Putting Together the Team and Components
  • What Is the Value of an Asset?
  • Examples of Some Vulnerabilities that Are Not Always Obvious
  • Categorizing Risks
  • Some Examples of Types of Losses
  • Different Approaches to Analysis
  • Who Uses What?
  • Qualitative Analysis Steps
  • Quantitative Analysis
  • ALE Values Uses
  • ALE Example
  • ARO Values and Their Meaning
  • ALE Calculation
  • Can a Purely Quantitative Analysis Be Accomplished?
  • Comparing Cost and Benefit
  • Countermeasure Criteria
  • Calculating Cost/Benefit
  • Cost of a Countermeasure
  • Can You Get Rid of All Risk?
  • Management’s Response to Identified Risks
  • Liability of Actions
  • Agenda
  • Enforcement
  • Security Enforcement Issues
  • Employee Management
  • Importance to Security?
  • Hiring and Firing Issues
  • Informing Employees About Security
  • Review

Module 2 – Access Control

  • Access Control Domain Objectives
  • Role of Access Control
  • Agenda
  • Definitions
  • More Definitions
  • Layers of Access Control
  • Access Control Mechanism Examples
  • Access Control Characteristics
  • Preventive Control Types
  • Control Combinations
  • Administrating Access Control
  • Accountability and Access Control
  • Trusted Path
  • Agenda
  • Who Are You?
  • Authentication Mechanisms’ Characteristics
  • Strong Authentication
  • Access Criteria
  • Fraud Controls
  • Access Control Mechanisms in Use Today
  • Biometrics Technology
  • Biometrics Enrolment Process
  • Downfalls to Biometric Use
  • Biometrics Error Types
  • Crossover Error Rate (CER)
  • Biometric System Types
  • Passwords
  • Password “Shoulds”
  • Password Attacks
  • Countermeasures for Password Cracking
  • Cognitive Passwords
  • One-Time Password Authentication
  • Synchronous Token
  • Asynchronous Token Device
  • Cryptographic Keys
  • Passphrase Authentication
  • Memory Cards
  • Smart Card
  • Agenda
  • Single Sign-on Technology
  • Different Technologies
  • Scripts as a Single Sign-on Technology
  • Directory Services as a Single Sign-on Technology
  • Thin Clients
  • Kerberos as a Single Sign-on Technology
  • Kerberos Components Working Together
  • More Components of Kerberos
  • Kerberos Authentication Steps
  • Tickets
  • Why Go Through All of this Trouble?
  • Issues Pertaining to Kerberos
  • SESAME as a Single Sign-on Technology
  • SESAME Steps for Authentication
  • Models for Access
  • Discretionary Access Control Model
  • Enforcing a DAC Policy
  • Mandatory Access Control Model
  • MAC Enforcement Mechanism – Labels
  • Where Are They Used?
  • MAC Versus DAC
  • Role-Based Access Control (RBAC)
  • Acquiring Rights and Permissions
  • Rule-Based Access Control
  • Access Control Matrix
  • Access Control Administration
  • Access Control Methods
  • Remote Centralized Administration
  • RADIUS Characteristics
  • RADIUS
  • TACACS+ Characteristics
  • Diameter Characteristics
  • Decentralized Access Control Administration
  • Administrative Controls
  • Controlling Access to Sensitive Data
  • Other Ways of Controlling Access
  • Technical Access Controls
  • Physical Access Controls
  • Accountability
  • Agenda
  • IDS
  • Network IDS Sensors
  • Types of IDSs
  • Behavior-Based IDS
  • IDS Response Mechanisms
  • IDS Issues
  • Trapping an Intruder
  • Review

Module 3 – Cryptography

  • Cryptography Objectives
  • Cryptography Uses Yesterday and Today
  • Cryptographic Definitions
  • A Few More Definitions
  • Need Some More Definitions?
  • Symmetric Cryptography – Use of Secret Keys
  • Historical Uses of Symmetric
  • Cryptography Historical Uses of Symmetric
  • Cryptography– Hieroglyphics
  • Historical Uses of Symmetric Cryptography
    • Scytale Cipher
    • Substitution Cipher
    • Caesar Cipher Example
    • Vigenere Cipher
    • Polyalphabetic Substitution
    • Enigma Machine
    • Vernam Cipher
    • One-Time Pad Characteristics
    • Running Key and Concealment
  • Today’s Cryptography Components
  • Binary Mathematical Function
  • Key and Algorithm Relationship
  • Why Does a 128-Bit Key Provide More
  • Protection than a 64-Bit Key?
  • Ways of Breaking Cryptosystems
  • Strength of a Cryptosystem
  • Characteristics of Strong Algorithms
  • Open or Closed More Secure?
  • Types of Ciphers Used Today
  • Encryption/Decryption Methods
  • Type of Symmetric Cipher – Block Cipher
  • S-Boxes Used in Block Ciphers
  • Type of Symmetric Cipher – Stream Cipher
  • Encryption Process
  • Symmetric Characteristics
  • Sender and Receiver Must Generate the Same Keystream
  • Strength of a Stream Cipher
  • Let’s Dive in Deeper
  • Symmetric Key Cryptography
  • Symmetric Key Management Issue
  • Symmetric Algorithm Examples
  • Symmetric Downfalls
  • Asymmetric Cryptography
  • Public Key Cryptography Advantages
  • Asymmetric Algorithm Disadvantages
  • Symmetric versus Asymmetric
  • Asymmetric Algorithm Examples
  • Using the Algorithm Types Together
  • Example of Hybrid Cryptography
  • When to Use Which Key
  • What if You Need All of the Services?
  • Secret Versus Session Keys
  • Asymmetric Algorithms We Will Dive Into
    • Diffie-Hellman
    • RSA
    • El Gamal and ECC
  • Symmetric Ciphers We Will Dive Into
  • Symmetric Algorithms – DES
  • Evolution of DES
  • Block Cipher Modes – CBC
  • Different Modes of Block Ciphers – ECB
  • Block Cipher Modes – CFB and OFB
  • CFB and OFB Modes
  • Symmetric Cipher – AES
  • Other Symmetric Algorithms
  • Protecting the Integrity of Data
  • Hashing Algorithms
  • Data Integrity Mechanisms
  • Weakness in Using Only Hash Algorithms
  • More Protection in Data Integrity
  • MAC – Sender
  • MAC – Receiver
  • Digital Signature and MAC Comparison
  • U.S. Government Standard
  • Security Issues in Hashing
  • Birthday Attack
  • Example of a Birthday Attack
  • Now What?
  • Key Management
  • Why Do We Need a PKI?
  • PKI and Its Components
  • CA and RA Roles
  • Let’s Walk Through an Example
  • Digital Certificates
  • What Do You Do with a Certificate?
  • Components of PKI – Repository and CRLs
  • Steganography
  • Cryptography in Use
  • Link versus End-to-End Encryption
  • End-to-End Encryption
  • E-mail Standards
  • Encrypted message
  • Secure Protocols
  • SSL and the OSI Model
  • SSL Connection Setup
  • Secure E-mail Standard
  • SSH Security Protocol
  • Secure Electronic Transaction
  • Entities Involved in a SET Implementation
  • Network Layer Protection
  • IPSec Key Management
  • Key Issues Within IPSec
  • IPSec Handshaking Process
  • SAs in Use
  • IPSec Is a Suite of Protocols
  • IPSec Modes of Operation
  • Attacks on Cryptosystems
  • More Attacks
  • Review

Module 4 – Physical Security

  • Physical Security Objectives
  • Physical Security – Threats
  • Different Types of Threats & Planning
  • Facility Site Selection
  • Facility Construction
  • Devices Will Fail
  • Controlling Access
  • Possible Threats
  • External Boundary Protection
  • Lock Types
  • Facility Access
  • Piggybacking
  • Entrance Protection
  • Perimeter Protection – Fencing
  • Perimeter Protection – Lighting
  • Perimeter Security – Security Guards
  • Monitoring
  • Types of Physical Intrusion Detection Systems
  • Electro-Mechanical Sensors
  • Volumetric Sensors
  • Securing Mobile Devices
  • Facility Attributes
  • Electrical Power
  • Problems with Steady Power Current
  • Power Interference
  • Power Preventive Measures
  • Environmental Considerations
  • Fire Prevention
  • Automatic Detector Mechanisms
  • Fire Detection
  • Fire Types
  • Suppression Methods
  • Fire Extinguishers
  • Fire Suppression
  • Fire Extinguishers
  • Review

Module 5 - Security Architecture and Models

  • Security Architecture and Models Objectives
  • Hardware Components – Central Processing Unit (CPU)
  • Processing Data
  • Memory Types
  • Virtual Memory
  • Memory Management
  • Accessing Memory Securely
  • Memory Addressing
  • Hardware Components – Buses
  • Process Versus Thread
  • States that Processes Work In
  • System Functionality
  • Language Types
  • Security Modes of Operation
  • System Protection – Levels of Trust
  • System Protection – Process Isolation
  • System Protection – Layering
  • System Protection - Application Program Interface
  • System Protection - Protection Rings
  • What Does It Mean to Be in a Specific Ring?
  • System Protection – Virtual Machines
  • System Protection - Trusted Computing Base
  • System Protection - Reference Monitor
  • Security Kernel Requirements
  • Types of Compromises
  • Access Control Models
  • Access Control Models – State Machine
  • Access Control Models - Information Flow
  • Access Control Models - Bell-LaPadula
  • Rules of Bell-LaPadula
  • Access Control Model - Biba
  • Clark-Wilson Model
  • Non-interference Model
  • Lattice-based Access Control
  • Access Control Matrix Model
  • Brewer and Nash Model – Chinese Wall
  • Brewer and Nash Model
  • Take-Grant Model
  • Trusted Computer System Evaluation Criteria (TCSEC)
  • TCSEC Rating Breakdown
  • Evaluation Criteria - ITSEC
  • ITSEC Ratings
  • ITSEC – Good and Bad
  • Common Criteria
  • Common Criteria Components
  • First Set of Requirements
  • Second Set of Requirements
  • Package Ratings
  • Common Criteria Outline
  • Certification Versus Accreditation
  • Disclosing Data in an Unauthorized Manner
  • Circumventing Access Controls
  • Attacks
  • Attack Type – Race Condition
  • Attack Type - Data Validation
  • Attacking Through Applications
  • How Buffers and Stacks Are
  • Supposed to Work
  • How a Buffer Overflow Works
  • Attack Characteristics
  • Attack Types
  • More Attacks
  • Host Name Resolution Attacks
  • More Attacks (2)
  • Watching Network Traffic
  • Traffic Analysis
  • Cell Phone Cloning
  • Illegal Activities
  • Review

Certified ISSO - Certified Information Systems Security Officer

£ 2,137.06 VAT exempt

*Indicative price

Original amount in USD:

$ 2,695