Need training for the CISSP® exam?
SANS MGT414: SANS Training Program for CISSP® Certification is an accelerated review course that is specifically designed to prepare students to successfully pass the CISSP® exam.
MGT414 focuses solely on the 8 domains of knowledge as determined by (ISC)2 that form a critical part of CISSP® exam. Each domain of knowledge is dissected into its critical components, and those components are then discussed in terms of their relationship with one another and with other areas of information security.
Course Syllabus
MGT414.1: Introduction; Security and Risk Management
The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.
Overview
On the first day of training for the CISSP® exam, MGT414 introduces the specific requirements needed to obtain certification. The 2015 exam update will be discussed in detail. We will cover the general security principles needed to understand the 8 domains of knowledge, with specific examples for each domain. The first of the 8 domains, Security and Risk Management, is discussed using real-world scenarios to illustrate the critical points.
CPE/CMU Credits: 7
Topics
Overview of CISSP® Certification
Introductory Material
Overview of the 8 Domains
Domain 1: Security and Risk Management
MGT414.2: Asset Security and Security Engineering (Part 1)
The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.
Overview
Understanding asset security is critical to building a solid information security program. The Asset Security domain, the initial focus of today's course section, describes data classification programs, including those used by both governments/militaries and the private sector. We will also discuss ownership, covering owners ranging from business/mission owners to data and system owners. We will examine data retention and destruction in detail, including secure methods for purging data from electronic media. We then turn to the first part of the Security Engineering domain, including new topics for the 2015 exam such as the Internet of Things, Trusted Platform Modules, Cloud Security, and much more.
CPE/CMU Credits: 8
Topics
Domain 2: Asset Security
Domain 3: Security Engineering (Part 1)
MGT414.3: Security Engineering (Part 2); Communication and Network Security
The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.
Overview
This section continues the discussion of the Security Engineering domain, including a deep dive into cryptography. The focus is on real-world implementation of core cryptographic concepts, including the three types of cryptography: symmetric, asymmetric, and hashing. Salts are discussed, as well as rainbow tables. We will round out Domain 3 with a look at physical security before turning to Domain 4, Communication and Network Security. The discussion will cover a range of protocols and technologies, from the Open Systems interconnection (OSI) model to storage area networks.
CPE/CMU Credits: 8
Topics
Domain 3: Security Engineering (Part 2)
Domain 4: Communication and Network Security
MGT414.4: Identity and Access Management
The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.
Overview
Controlling access to data and systems is one of the primary objectives of information security. Domain 5, Identity and Access Management, strikes at the heart of access control by focusing on identification, authentication, and authorization of accounts. Password-based authentication represents a continued weakness, so Domain 5 stresses multi-factor authentication, biometrics, and secure credential management. The 2015 CISSP® exam underscores the increased role of external users and service providers, and mastery of Domain 5 requires an understanding of federated identity, SSO, SAML, and third-party identity and authorization services like Oauth and OpenID.
CPE/CMU Credits: 8
Topics
Domain 5: Identity and Access Management
MGT414.5: Security Assessment and Testing; Security Operations
The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.
Overview
This course section covers Domain 6 (Security Assessment) and Domain 7 (Security Operations). Security Assessment covers types of security tests, testing strategies, and security processes. Security Operations covers investigatory issues, including eDiscovery, logging and monitoring, and provisioning. We will discuss cutting-edge technologies such as cloud, and we'll wrap up day five with a deep dive into disaster recovery.
CPE/CMU Credits: 8
Topics
Domain 6: Security Assessment
Domain 7: Security Operations
MGT414.6: Software Development Security
The CISSP® exam itself is not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.
Overview
Domain 8 (Software Development Security) describes the requirements for secure software. Security should be "baked in" as part of network design from day one, since it is always less effective when it is added later to a poor design. We will discuss classic development models, including waterfall and spiral methodologies. We will then turn to more modern models, including agile software development methodologies. New content for the 2015 CISSP® exam update will be discussed, including DevOps. We will wrap up 414.6 by discussing security vulnerabilities, secure coding strategies, and testing methodologies.
CPE/CMU Credits: 7
Topics
Domain 8: Software Development Security
Who Should Attend
In short, if you desire a CISSP®, or your job requires it, MGT414 is the training for you.
What You Will Receive
Students will receive with this class:
You Will Be Able To