Contents

CMSY 264 Successful CISSP Preparation

The Computer Information Systems Security Professional (CISSP) designation is particularly useful for those who are focused on managing either process or people responsible for activities related to the design, implementation, and administration of an information security infrastructure. Topics include practical aspects of law and forensics, physical and operations security, technical elements of networking and encryption, and basic tenets of access control, security models, and management practices. Upon completion of the course, students will have a framework necessary to successfully complete the CISSP exam. Three to four years of related experience are needed to sit for this exam. Testing instruments similar to the CISSP examination will be used to demonstrate comprehension during midterm and noncumulative final exams.

Credits

3

Hours Weekly

3 hours weekly

Course Objectives

  1. 1. Describe major elements of security planning to include risk analysis, data classification and access
    control.
  2. 2. Describe key elements of computer architecture to include systems and security models.
  3. 3. Describe elements of physical security to include electrical power, fire suppression and perimeter
    security.
  4. 4. Analyze major elements of computer networking to include the OSI layers, LAN access technologies,
    network topologies, firewalls and network types.
  5. 5. Compare and contrast elements of encryption to include cipher types, encryption methods, PKI, Internet
    security and typical attacks.
  6. 6. Describe operations issues for security to include separation of duties, need to know, least privilege,
    change control, and typical attacks.
  7. 7. Develop a business recovery plan to include business continuation, disaster recovery, backup models,
    stages of recovery planning, types of recovery sites and types of recovery testing.
  8. 8. Analyze legal and ethical issues related to security to include well known ethical standards, types of
    computer fraud, examples of computer crimes, forms of law, forms of evidence, elements of computer
    forensics and well-known government regulations.
  9. 9. Describe security aspects related to applications to include security controls, database terms and function
    and elements of object-oriented programming.

Course Objectives

  1. 1. Describe major elements of security planning to include risk analysis, data classification and access
    control.
  2. 2. Describe key elements of computer architecture to include systems and security models.
  3. 3. Describe elements of physical security to include electrical power, fire suppression and perimeter
    security.
  4. 4. Analyze major elements of computer networking to include the OSI layers, LAN access technologies,
    network topologies, firewalls and network types.
  5. 5. Compare and contrast elements of encryption to include cipher types, encryption methods, PKI, Internet
    security and typical attacks.
  6. 6. Describe operations issues for security to include separation of duties, need to know, least privilege,
    change control, and typical attacks.
  7. 7. Develop a business recovery plan to include business continuation, disaster recovery, backup models,
    stages of recovery planning, types of recovery sites and types of recovery testing.
  8. 8. Analyze legal and ethical issues related to security to include well known ethical standards, types of
    computer fraud, examples of computer crimes, forms of law, forms of evidence, elements of computer
    forensics and well-known government regulations.
  9. 9. Describe security aspects related to applications to include security controls, database terms and function
    and elements of object-oriented programming.