• Home
• La Empresa
• Forense Digital
• Recuperacion de Datos
• Seguridad Informatica
• Entrenamiento
• Noticias/News
• Contactenos
• eafit16
• emeaintelligence2012

• Productos Forense Digital
  • DIGITAL INTELLIGENCE
    • Forensic Hardware
      • Forensic Systems
        • Freddie
        • Fred sc
        • Fred And Fred DX
        • Fred SR
        • Fred l
        • Ufred
        • Fredm
      • Forensic Devices
        • Fannie
        • Super Chief
        • Rack A Tacc Decryption
        • Tacc1441 Acelerator
        • Forensic Duplicator
        • Hardcopy 3
        • Hardcopy 2
        • Shadow 2
      • Forensic Write Blockers
        • Ultrakit
        • UB Esata IDE /SATA (RO)
        • UB Esata IDE /SATA (RW)
        • Ultrablock SAS (RO)
        • Ultrablock IDE/SATA (RW)
        • Ultrablock SCSI (RO)
        • Firewire Write Blocker
        • USB Write Blocker
        • Forensic Media Card Reader
      • Accessories
        • Multidrive Adapter
        • Zif Adapter
        • 1.8" Hard Drive Enclosure
        • 2.5" USB3 Sata HD Enclosure
        • 3.5"/2.5" Hard Drive Enclosure
        • Modular Storage System
        • Forensic Archive And Restore
        • Microsata Adapter
        • SATA To IDE Adapter
        • IDE To SATA Adapter
        • USB3 PCIe Controller
        • USB3 External Hub
        • Expresscard USB3 Adapter
        • Expresscard Esata Adapter
        • Expresscard Firewire Adapter
        • 2.5" Laptop HD Adapter
        • 1.8"Laptop HD Adapter
        • Laptop HD Adapter Set
        • SCSI3 To SCSI2 Adapter
        • SCSI3 To SCA Adapter
        • SCSI Adapter Kit
        • Firefly/UB Power Supply Kit
        • Travel Plug Adapter
        • Sata Hard Drive Tray
        • IDE Hard Drive Tray
        • Firewire Cable 9-6 Pin
        • Firewire Cable 9-9 Pin
    • Forensic Software
      • DI Software
        • Drivespy
        • Image
        • Part
        • PD Block
        • PD Wipe
      • Accessdata
        • Forensic Toolkit 3.0
        • Pasword Recovery Toolkit
      • Paraben Forensic Tools
        • Forensic Replicator
        • Chat Examiner
        • Network Email Examiner
        • Email Examiner
        • Device Seizure
      • Hot Papper Technology
        • Email Detective
      • Stepanet Datalifter
        • Forensicware Solution
        • V2.0 Whit File Extractor Pro
        • Net Bonus Tools
        • File Extractor Pro
    • Forensic Training
      • Computer Forensic With Fred
      • Encase Advanced
      • CFFAD
      • CFFXP
      • CFFEN
      • Mobile Devices Forensic
      • Farm
      • Cell Phone Analysis
      • Computer Forensic Essentials
      • Fire
    • Forensic Services
  • PASSWARE
    • Forensic Solutions
      • Passware Kit Forensic
      • Subscription
      • Encryption Analyzer
      • Search Index Examiner
  • PARABEN
    • Products
      • Enterprise Forensics
        • P2 Enterprise
        • P2 ShuttlePro
        • P2 Shuttle Free
      • Mobile Forensics
        • Device Seizure
        • Device Seizure Fiel Kit
        • Deployable Fiel Kit
        • DDS (Deployable Devices Seizure)
        • DS Box
        • Sim Card Seizure
        • Stronghold Bag
        • Stronghold Box
        • Project A Phone
      • Hard Drive Forensics
        • P2 Commander
        • Deployable P2 Commander
        • Email Examiner
        • Network Email Examiner
        • P2 Explorer Pro
        • Forensic Replicator
        • Chat Examiner
        • Passware Kit Forensic
        • Parabens Lockdown
      • Consumer Tools
        • Irecovery Stick
        • Porn Detection Stick
        • Chat Stick
        • Possport Stronghold
        • Simcon
      • Free Software
        • P2 Shuttle Free
        • P2 Explorer Free
        • Link2
      • Bundles
        • P2 Command Kit
        • Devices Seizure Command Kit
        • Device Seizure Fiel Kit
        • Handheld Training Bondle
        • Mobile Lab Kit
    • Services
      • Cell Phone Forensic Consulting
      • Computer Forensic Consulting
      • Expert Testimony
    • Training
      • Cell Phone Forensic Training (PCME)
        • Mobile Level1
        • Mobile Level 2
        • Mobile Level 3
        • PCme Certification
      • P2 Commander Training (PCFE)
        • INTO TO P2 COMMANDER LEVEL 1
        • ADVANCE P2 COMMANDER LEVEL 2
        • PCFE CERTIFICATION LEVEL 3
      • Training Centers
      • Free Webinars
  • MILLE2
    • Training Options
      • live online security training
      • classroom based
      • self paced CBTS
      • Study kits
      • Customized Training
      • Trainig Brochure
    • Courses
      • Back
      • wireless security
        • CWSEngineer
      • Course shedule
      • Course Pricing
      • Guaranteed To Run Classes
      • General Security
        • c) Isso
        • Cissp
        • Cap
        • Sans GSLC-C) SLO
        • Sans Top 20 Security Controls
        • Social Engeneering
        • Security Eseential
        • Security Essentias
        • Iscap
        • Cihe
      • Pen Testing Ethical Hacking
        • Pen Testing Boot Camp
        • C)PTE
        • C)PTC
        • C)PEH
        • Certifield Ethical Hacker
      • Digital Forensics
        • C)DFE-CHFI
      • Other Security Titles
        • ITILv3
        • CISA-info Sys Auditor
    • Secure Coding y Web Apps
      • Secure Web App Engineer
      • C) SCE
    • Disaster Recovery
  • TABLEAU
    • Products
      • Duplicators
      • Forensic Bidges
      • Modular Storage Sistems
      • Hardware Accelerators
      • Sotfware
      • Power Supplies
      • drive adapters
      • Acquisition Accessories
      • Cables y Cables Adapter
  • BELKASOFT
    • Products
      • Belkasoft Evidence Center
        • Features
        • Installation instruction
      • Belkasoft Forensic Studio
        • Features
      • Belkasoft Forensic im Analyzer
        • features
      • Belkasoft Forensic Carver
        • Features
      • Belkasoft Mail Analyzer
        • features
      • Belkasoft Browser Analyzer
        • analyzer
      • Belkasaoft Skype Analyzer
        • features
      • Belkasoft ICQ Analyzer
        • features
      • Belkasoft qq Analyzer
        • features
      • Belkasoft icq History Extractor
      • Belkasoft Popup Suppresser
      • Belkasoft Removex
  • SARC
    • About Steganography
    • Product
      • StegAlizerAS-Steganography Analyzer Artifact Scanner
      • StegAlizerSS-Steganography Analyzer Signature Scanner
      • StegAlizerRTS-Steganography Analyzer Real-Time Scanner
      • Steganography Detection Policy for fidelis XPS
      • Custom Steganalysis Solutions
    • Training
      • Certifield Steganography Examiner Training
  • MUSHROOM
    • Solutions
      • Enterprise
      • Small Business
      • Broadcasting
      • Internet Data Centers
      • School & NPOs
      • Apartments
      • LECs & ISPs
    • Product
      • Truffle 5201G
      • Truffle 6401
      • Porcini 4422
      • Portabella 2242
      • Portabella 141
      • Teleporter
      • Virtual Leased Line
      • Broadband Bonding Service
    • Technology
      • Overview
      • Truffle BBNA
  • X-WAYS
    • Producto
      • X-ways Forensics
      • X-ways Investigator
      • WinHex
      • X-ways Capture
      • X-ways Trace
      • Davory
      • X-ways Security
  • D-FLABS
    • Solutions & Products
      • PTK Forensics
      • Incman-Incident management Suite
      • Dflog-log Management
  • WETSTONE
    • Product
      • Advanced Threat Identification (ATI)
      • G-FLASH
      • Gargoyle Investigator Forensic Pro
      • Gargoyle Investigator Enterprise Module (GEM)
      • Gargoyle Investigator Windows Forensic Edition (G-FE)
      • ¡FOSSIL
      • Sovereign Time
      • Stego Suite
      • US-LATT
  • FERNICO
    • Product
      • Far ProX Blu-ray
        • Overview
        • Technical Data
        • Options
      • Far ProX DVD
        • Overview
        • Technical Data
        • Options
      • Far ProX Imager
        • Overview
        • Technical Data
        • Options
      • Far LE
        • Overview
        • Technical Data
        • Options
      • ZRT 2 HD
        • Overview
        • Software
        • Options
        • Accesories
        • Upgrade Form
      • ZRT 2
        • Overview
        • Software
        • Options
        • Accesories
        • Upgrade Form
      • ZRT 2 Accesories
      • ERT
        • Overview
        • Software
        • Options
      • Phone View
      • Tomtology
  • PROJECTPHONE
    • products
      • Overview
      • Screenview
      • Snap
      • ICD_5200
      • ICD-1300
  • ADF SOLUTIONS
    • Products
      • Triage-Examiner
      • Triage-Investigator
      • Triage-G2
      • ADF-Triage Kit
      • Technologies
        • Capture Pak
        • Searchpak
        • ActivitySensor
        • Visual Search
  • CLEARWELL
    • products
      • Identification & Collection
      • Processing Search & Analysis
      • Review & Production
      • Case Management & Reporting
      • Clearwell
  • COGNITECH
    • Product
      • TRI-Suite11
        • Video Investigator
        • VideoActive
        • AutoMeasure
      • Forensic Acquisition
      • Goverment Applications
      • PIXL2GPS
      • Video Mobile Desktop Resplacement Supercomputer
  • ELCOMSOFT
    • Products
      • Elcomsoft Password Recovery Bundle
      • Elcomsoft Wireless Security Auditor
      • Elcomsoft Distributed Password Recovery
      • Elcomsoft Internet Password Breaker
      • Advance Archive Password Recovery
      • Advance Office Password Recovery
      • Advance Office Password Breaker
      • Advance PDF Password Recovery
      • Advance SQL Password Recovery
      • Advance Wordperfect Office Password Recovery
      • Advance Lotus Password Recovery
      • Advance Intuit Password Recovery
      • Advance Sage Password Recovery
      • Advance Mailbox Password Recovery
      • Advance IM Password Recovery
      • Advance VBA Password Recovery
      • Lightning Hash Cracker
      • Elcomsoft Phone Password Breaker
      • Elcomsoft Wireless Security Auditor
      • Proactive Password Auditor
      • Proactive System Password Recovery
      • Advance EFS Data Recovery
  • ACRONIS
    • products
      • Acronis Backup & Recovery
      • Acronis® Backup & Recovery™ 10 Online
      • Acronis® Backup & Recovery™ 10
      • Advanced Server Virtual Edition
      • Server for Windows
      • Server for Linux
      • 10 Advanced Server SBS Edition
      • Advanced Workstation
      • Workstation
      • Disk Director 11 Advanced Server
      • Home & Home Office
    • Home And Home Office
      • True Image Home 2011
      • Home 2011 Netbook Edition
      • Disk Director® 11 Home
      • Backup and Security™ 2011
      • Online Backup
      • AntiVirus 2010
      • Drive Monitor™
      • Migrate Easy 7.0
  • ACE LABORATORY
  • DECISION GROUP
    • Product
      • E-Detective
      • Wireless-Detective
      • E-Detective Decoding Centre (EDDC)
      • HTTPS/SSL Network Packet Forencics Device
      • Voip-Detective
      • Network Investigation Toolkit (NIT)
      • Network Packet Forensics Analysis Training (NPFAT)
      • Forensics Investigation Toolkit (FIT)
  • DIGITAL ASSEMBLY
    • Product
  • DT SEARCH
    • Product
      • Desktop With Spider
      • Netwwork With Spider
      • Publish (Portable Media)
      • Web With Spider
      • Engine For Linux
      • Engine For Win & Net
  • MOBILEDIT
    • Product
      • MOBILedit
      • MOBILedit ForenSic
      • Cables Kit
      • Phone copiar
      • COM Components
      • SyncML Server
  • HOT PEPPER
    • Product
      • E-Mail Detective-Forensic Software Tool
      • eChat Locker
      • 9501 Iridium Pager
      • 9501 Iridium/sp-66k-Pager Utility
        • General
        • Service
        • Developer
      • 9501 Iridium Pager Programmer-PPS
      • 9501 Iridium Pager Message Notification
  • NETWITNESS
    • Product
      • Spectrum
      • Visualize
      • Live
      • Informer
      • Investigator
      • SiemLink
      • API/SDK
      • NextGen Infrastructure
      • Decoder
      • Concentrator & Brocker
      • Investigator Freeware
• Servicios Forense Digital

Certified Information Systems Security Officer - C)ISSO

Certification Map:
Certified ISSO
Covers CISSP exam objectives

Duration: 5 days

Language: English

Format:
• Instructor-led classroom
• Computer Based Training
• Live Virtual Training

Prerequisites:
• Experience in at least 2 modules of the outline is beneficial but not required

Student Materials:
• Student Workbook
• Student CD
• Key Security Concepts & Definitions Book
• Quick Tips section, Summary section
• Questions and answers for each module
 Mile2's Certified Information Systems Security Officer - C)ISSO -  program prepares and certifies individuals to analyze an organization's information security infrastructure in respects to threats and risks.  This course helps you design a security program to mitigate risks relevant to 2011. In mile2's certification process, Information Systems Security Officers will also be proficient in risk analysis, risk mitigation, application security, network security, operations security, business continuity and disaster recovery planning.

Mile2 has observed that many respected organizations and instructors approach the delivery of both the CISSP® and Information Systems Security Officer prep events as an information technology security event. The focus therefore is inevitably on the technology used in the processing of data into information. This is relatively incomplete, as technology is only one of the many components of an information system. mile2's certified Information Systems Security Officer training attempts to balance both theory and technology.

Certification Background: our Information Systems Security Officer certification was inspired by a Dual Initiative between the DOD and DND: CANCUS CDISM MOU – ID#1974100118. This was a direct initiative of the DND – Department of National Defense of Canada in cooperation with the DOD – Department of Defense of the United States.  These and other institutions use and recognize the ISSO acronym - Information Systems Security Officer.Certified Information Systems Security Officer Module Topics:

Module 1: Security Management Practices
Module 2: Access Control
Module 3: Cryptography
Module 4: Physical Security
Module 5: Security Architecture and Models
Module 6: Law, Investigation and Ethics
Module 7: Telecommunications and Network
Module 8: Business Continuity Objectives
Module 9: Application and System Development
Module 10: Operations Security

Module 1 – Security Management Practices

•Overview
•Agenda
•Security Definitions
•Agenda
•Control Types
•“Soft” Controls
•Technical or Logical Controls
•Physical Controls
•AIC Triad
•How Visible Should Countermeasures Be?
•A Layered Approach
•Agenda
•Building Foundation
•Planning Horizon Components
•Enterprise Security – The Business Requirements
•Enterprise Security Program Components
•What Does the Architecture Need to Do for You?
•Security Roadmap
•The security architecture must address all components of the enterprise security
•rogram, not just the technical components
•Security Requires Communication
•Agenda
•Approach to Security Management
•Policy Types
•Policies with Different Goals
•Industry Best Practice Standards
•Components that Support the Security Policy
•Senior Management’s Role in Security
•Security Roles
•Information Classification
•Information Classification Criteria
•Declassifying Information
•Types of Classification Levels
•Information Classification
•Agenda
•How Is Liability Determined?
•Examples of Due Diligence and Due Care
•Prudent Person Rule
•Agenda
•Risk Management
•Why Is Risk Management Difficult?
•Risk Analysis Objectives
•Putting Together the Team and Components
•What Is the Value of an Asset?
•Examples of Some Vulnerabilities that Are Not Always Obvious
•Categorizing Risks
•Some Examples of Types of Losses
•Different Approaches to Analysis
•Who Uses What?
•Qualitative Analysis Steps
•Quantitative Analysis
•ALE Values Uses
•ALE Example
•ARO Values and Their Meaning
•ALE Calculation
•Can a Purely Quantitative Analysis Be Accomplished?
•Comparing Cost and Benefit
•Countermeasure Criteria
•Calculating Cost/Benefit
•Cost of a Countermeasure
•Can You Get Rid of All Risk?
•Management’s Response to Identified Risks
•Liability of Actions
•Agenda
•Enforcement
•Security Enforcement Issues
•Employee Management
•Importance to Security?
•Hiring and Firing Issues
•Informing Employees About Security
•Review
Module 2 – Access Control

•Access Control Domain Objectives
•Role of Access Control
•Agenda
•Definitions
•More Definitions
•Layers of Access Control
•Access Control Mechanism Examples
•Access Control Characteristics
•Preventive Control Types
•Control Combinations
•Administrating Access Control
•Accountability and Access Control
•Trusted Path
•Agenda
•Who Are You?
•Authentication Mechanisms’ Characteristics
•Strong Authentication
•Access Criteria
•Fraud Controls
•Access Control Mechanisms in Use Today
•Biometrics Technology
•Biometrics Enrolment Process
•Downfalls to Biometric Use
•Biometrics Error Types
•Crossover Error Rate (CER)
•Biometric System Types
•Passwords
•Password “Shoulds”
•Password Attacks
•Countermeasures for Password Cracking
•Cognitive Passwords
•One-Time Password Authentication
•Synchronous Token
•Asynchronous Token Device
•Cryptographic Keys
•Passphrase Authentication
•Memory Cards
•Smart Card
•Agenda
•Single Sign-on Technology
•Different Technologies
•Scripts as a Single Sign-on Technology
•Directory Services as a Single Sign-on Technology
•Thin Clients
•Kerberos as a Single Sign-on Technology
•Kerberos Components Working Together
•More Components of Kerberos
•Kerberos Authentication Steps
•Tickets
•Why Go Through All of this Trouble?
•Issues Pertaining to Kerberos
•SESAME as a Single Sign-on Technology
•SESAME Steps for Authentication
•Models for Access
•Discretionary Access Control Model
•Enforcing a DAC Policy
•Mandatory Access Control Model
•MAC Enforcement Mechanism – Labels
•Where Are They Used?
•MAC Versus DAC
•Role-Based Access Control (RBAC)
•Acquiring Rights and Permissions
•Rule-Based Access Control
•Access Control Matrix
•Access Control Administration
•Access Control Methods
•Remote Centralized Administration
•RADIUS Characteristics
•RADIUS
•TACACS+ Characteristics
•Diameter Characteristics
•Decentralized Access Control Administration
•Administrative Controls
•Controlling Access to Sensitive Data
•Other Ways of Controlling Access
•Technical Access Controls
•Physical Access Controls
•Accountability
•Agenda
•IDS
•Network IDS Sensors
•Types of IDSs
•Behavior-Based IDS
•IDS Response Mechanisms
•IDS Issues
•Trapping an Intruder
•Review
 Module 3 – Cryptography

•Cryptography Objectives
•Cryptography Uses Yesterday and Today
•Cryptographic Definitions
•A Few More Definitions
•Need Some More Definitions?
•Symmetric Cryptography – Use of Secret Keys
•Historical Uses of Symmetric
•Cryptography Historical Uses of Symmetric
•Cryptography– Hieroglyphics
•Historical Uses of Symmetric Cryptography
Scytale Cipher
Substitution Cipher
Caesar Cipher Example
Vigenere Cipher
Polyalphabetic Substitution
Enigma Machine
Vernam Cipher
One-Time Pad Characteristics
Running Key and Concealment
•Today’s Cryptography Components
•Binary Mathematical Function
•Key and Algorithm Relationship
•Why Does a 128-Bit Key Provide More
•Protection than a 64-Bit Key?
•Ways of Breaking Cryptosystems
•Strength of a Cryptosystem
•Characteristics of Strong Algorithms
•Open or Closed More Secure?
•Types of Ciphers Used Today
•Encryption/Decryption Methods
•Type of Symmetric Cipher – Block Cipher
•S-Boxes Used in Block Ciphers
•Type of Symmetric Cipher – Stream Cipher
•Encryption Process
•Symmetric Characteristics
•Sender and Receiver Must Generate the Same Keystream
•Strength of a Stream Cipher
•Let’s Dive in Deeper
•Symmetric Key Cryptography
•Symmetric Key Management Issue
•Symmetric Algorithm Examples
•Symmetric Downfalls
•Asymmetric Cryptography
•Public Key Cryptography Advantages
•Asymmetric Algorithm Disadvantages
•Symmetric versus Asymmetric
•Asymmetric Algorithm Examples
•Using the Algorithm Types Together
•Example of Hybrid Cryptography
•When to Use Which Key
•What if You Need All of the Services?
•Secret Versus Session Keys
•Asymmetric Algorithms We Will Dive Into
Diffie-Hellman
RSA
El Gamal and ECC
•Symmetric Ciphers We Will Dive Into
•Symmetric Algorithms – DES
•Evolution of DES
•Block Cipher Modes – CBC
•Different Modes of Block Ciphers – ECB
•Block Cipher Modes – CFB and OFB
•CFB and OFB Modes
•Symmetric Cipher – AES
•Other Symmetric Algorithms
•Protecting the Integrity of Data
•Hashing Algorithms
•Data Integrity Mechanisms
•Weakness in Using Only Hash Algorithms
•More Protection in Data Integrity
•MAC – Sender
•MAC – Receiver
•Digital Signature and MAC Comparison
•U.S. Government Standard
•Security Issues in Hashing
•Birthday Attack
•Example of a Birthday Attack
•Now What?
•Key Management
•Why Do We Need a PKI?
•PKI and Its Components
•CA and RA Roles
•Let’s Walk Through an Example
•Digital Certificates
•What Do You Do with a Certificate?
•Components of PKI – Repository and CRLs
•Steganography
•Cryptography in Use
•Link versus End-to-End Encryption
•End-to-End Encryption
•E-mail Standards
•Encrypted message
•Secure Protocols
•SSL and the OSI Model
•SSL Connection Setup
•Secure E-mail Standard
•SSH Security Protocol
•Secure Electronic Transaction
•Entities Involved in a SET Implementation
•Network Layer Protection
•IPSec Key Management
•Key Issues Within IPSec
•IPSec Handshaking Process
•SAs in Use
•IPSec Is a Suite of Protocols
•IPSec Modes of Operation
•Attacks on Cryptosystems
•More Attacks
•Review 
 Module 4 – Physical Security

•Physical Security Objectives
•Physical Security – Threats
•Different Types of Threats & Planning
•Facility Site Selection
•Facility Construction
•Devices Will Fail
•Controlling Access
•Possible Threats
•External Boundary Protection
•Lock Types
•Facility Access
•Piggybacking
•Entrance Protection
•Perimeter Protection – Fencing
•Perimeter Protection – Lighting
•Perimeter Security – Security Guards
•Monitoring
•Types of Physical Intrusion Detection Systems
•Electro-Mechanical Sensors
•Volumetric Sensors
•Securing Mobile Devices
•Facility Attributes
•Electrical Power
•Problems with Steady Power Current
•Power Interference
•Power Preventive Measures
•Environmental Considerations
•Fire Prevention
•Automatic Detector Mechanisms
•Fire Detection
•Fire Types
•Suppression Methods
•Fire Extinguishers
•Fire Suppression
•Fire Extinguishers
•Review 
 Module 5 - Security Architecture and Models

•Security Architecture and Models Objectives
•Hardware Components – Central Processing Unit (CPU)
•Processing Data
•Memory Types
•Virtual Memory
•Memory Management
•Accessing Memory Securely
•Memory Addressing
•Hardware Components – Buses
•Process Versus Thread
•States that Processes Work In
•System Functionality
•Language Types
•Security Modes of Operation
•System Protection – Levels of Trust
•System Protection – Process Isolation
•System Protection – Layering
•System Protection - Application Program Interface
•System Protection - Protection Rings
•What Does It Mean to Be in a Specific Ring?
•System Protection – Virtual Machines
•System Protection - Trusted Computing Base
•System Protection - Reference Monitor
•Security Kernel Requirements
•Types of Compromises
•Access Control Models
•Access Control Models – State Machine
•Access Control Models - Information Flow
•Access Control Models - Bell-LaPadula
•Rules of Bell-LaPadula
•Access Control Model - Biba
•Clark-Wilson Model
•Non-interference Model
•Lattice-based Access Control
•Access Control Matrix Model
•Brewer and Nash Model – Chinese Wall
•Brewer and Nash Model
•Take-Grant Model
•Trusted Computer System Evaluation Criteria (TCSEC)
•TCSEC Rating Breakdown
•Evaluation Criteria - ITSEC
•ITSEC Ratings
•ITSEC – Good and Bad
•Common Criteria
•Common Criteria Components
•First Set of Requirements
•Second Set of Requirements
•Package Ratings
•Common Criteria Outline
•Certification Versus Accreditation
•Disclosing Data in an Unauthorized Manner
•Circumventing Access Controls
•Attacks
•Attack Type – Race Condition
•Attack Type - Data Validation
•Attacking Through Applications
•How Buffers and Stacks Are
•Supposed to Work
•How a Buffer Overflow Works
•Attack Characteristics
•Attack Types
•More Attacks
•Host Name Resolution Attacks
•More Attacks (2)
•Watching Network Traffic
•Traffic Analysis
•Cell Phone Cloning
•Illegal Activities
•Review
 Module 6 – Law, Investigation and Ethics

•Law, Investigation and Ethics Objectives
•Not Just Fun and Games
•Examples of Computer Crimes
•Who Perpetrates These Crimes?
•Types of Motivation for Attacks
•A Few Attack Types
•Telephone Fraud
•Identification Protection & Prosecution
•Privacy of Sensitive Data
•Privacy Issues – U.S. Laws as Examples
•European Union Principles on Privacy
•Routing Data Through Different Countries
•Employee Privacy Issues
•Common Laws – Civil
•Common Laws – Criminal
•Common Laws – Administrative
•U.S. Federal Laws
•Intellectual Property Laws
•More Intellectual Property Laws
•Software Licensing
•Digital Millennium Copyright Act
•Computer Crime and Its Barriers
•Countries Working Together
•Security Principles for International Use
•Determine if a Crime Has Indeed Been
•Committed
•Bringing in Law Enforcement
•Citizen versus Law Enforcement Investigation
•Investigation of Any Crime
•Role of Evidence in a Trial
•Evidence Requirements
•Chain of Custody
•How Is Evidence Processed?
•Evidence Types
•Hearsay Rule Exception
•Agenda
•Preparing for a Crime Before It Happens
•Incident Handling
•Evidence Collection Topics
•Computer Forensics
•Trying to Trap the Bad Guy
•Companies Can Be Found Liable
•Sets of Ethics
(ISC)2
Computer Ethics Institute
Internet Architecture Board
•GAISP Generally Accepted Information Security Principles
•Review
 Module 7 – Telecommunications and Network

•Telecommunications and Network
•Cabling Types – Coaxial
•Cabling Types – Twisted Pair
•Types of Cabling – Fiber
•Signal and Cable Issues
•Transmission Types – Analog and Digital
•Transmission Types – Synchronous and Asynchronous
•Transmission Types – Baseband and Broadband
•Cabling Issues – Plenum-Rated
•Transmission Types – Number of Receivers
•Types of Networks
•Network Technologies
•Network Configurations
•OSI Model
•An Older Model
•Data Encapsulation
•OSI – Application Layer
•OSI – Presentation Layer
•OSI – Session Layer
•OSI - Transport Layer
•OSI – Network Layer
•OSI – Data Link
•OSI – Physical Layer
•Protocols at Each Layer
•Devices Work at Different Layers
•Network Topologies – Physical Layer
•Topology Type – Bus
•Topology Type – Ring
•Topology Type – Star
•Network Topologies – Mesh
•Summary of Topologies
•LAN Media Access Technologies
•One Goal of Media Access Technologies
•Two Types of Carrier Sense Multiple Access
•Media Access Technologies - Ethernet
•Media Access Technologies - Token Passing
•Media Access Technologies – Polling
•Standards Comparison
•Wireless Network Topologies
•Wi-Fi Network Types
•Station Moves from One AP to Another
•Wireless Technologies – Service Set ID
•Wireless Technologies – Authenticating to an AP
•Weak IV Packets
•More WEP Weaknesses
•How WPA Improves on WEP
•How WPA Improves on WEP
•TKIP
•The WPA MIC Vulnerability
•802.11i – WPA2
•WPA and WPA2 Mode Types
•WPA-PSK Encryption
•Wireless Technologies
WAP
WEP
WTLS
Common Attacks
War Driving
NetStumbler Example
Kismet
Wireless Countermeasures
•Protocols
•TCP/IP Suite
•Port and Protocol Relationship
•Conceptual Use of Ports
•UDP versus TCP
•Protocols – ARP
•ARP Attack
•Protocols
ICMP
SNMP
SMTP
FTP, TFTP, Telnet
RARP and BootP
•Networking Devices
Repeater
Hub
Bridge
Switch
Router
Gateway
Bastion Host
Virtual LAN
Firewalls
Packet Filtering
Proxy Firewalls
Circuit-Level Proxy Firewall
SOCKS
Application-Layer Proxy
Stateful
Dynamic Packet-Filtering
Kernel Proxies
Firewall Placement
Firewall Architecture Types – Screened Host
Firewall Architecture Types – Multi- or Dual-Homed
Firewall Architecture Types – Screened
•Subnet
•Dial-Up Protocols and Authentication Protocols
SLIP
PPP
•Authentication Protocols – PAP and CHAP
•Authentication Protocol – EAP
•Virtual Private Network Technologies
•What Is a Tunnelling Protocol?
PPTP
L2TP
IPSec
•Network Services – DNS
•Network Services – NAT
•Metropolitan Area Network Technologies
•MAN Technologies – FDDI
•MAN Technologies – SONET
•Wide Area Network Technologies
PSTN
Dedicated Lines
Area Circuit or Packet Switched
ISDN
ISDN Service Types
DSL
Cable Modem
Packet Switched
X.25
Frame Relay
•ATM
•Multiplexing
•Voice Over IP
•Private Branch Exchange
•PBX Vulnerabilities
•PBX Best Practices
•Review
 Module 8 – Business Continuity Objectives

•Business Continuity Objectives
•Pieces of the BCP
•Where Do We Start?
•Why Is BCP a Hard Sell to Management?
•Plan Development Delegated to a Committee
•BCP Risk Analysis
•How to Identify the Most Critical
•Company Functions
•Interdependencies
•Identifying Functions’ Resources
•How Long Can the Company Be
•Without These Resources?
•Preventative Measures
•What Items Need to Be Considered?
•Proper Planning
•Executive Succession Planning
•Identify Vulnerabilities and Threats
•Categories
•Loss Criteria
•Disk Shadowing
•Backing Up Over Telecommunication
•Serial Lines
•HSM
•SAN
•Co-Location
•Facility Backups – Hot Site
•Facility Backups – Warm Site Facility Backups – Cold Site
•Compatibility Issues with Offsite Facility
•Which Do We Use?
•Choosing Offsite Services
•Subscription Costs
•Choosing Site Location
•Other Offsite Approaches
•Results from the BIA
•Priorities
•Plan Objectives
•Defining Roles
•Environment
•Operational Planning
•Preventive Measures
•Emergency Response
•Recovery
•Return to Normal Operations
•Reviewing Insurance
•When Is the Danger Over?
•Now What?
•Testing and Drills
•Types of Tests to Choose From
•What Is Success?
•BCP Plans Commonly and Quickly
•Become Out of Date
•Phases of Plan
•Who Is Ready?
•Review
Module 9 – Application and System Development

•Applications and System Development
•How Did We Get Here?
•Device Vs Software Security
•Why Are We Not Improving at a Higher Rate?
•Usual Trend of Dealing with Security
•Where to Implement Security
•Software Development Tools
•Development Tool
•New Paradigm of Coding
•Security Issues
•Object-Oriented Programming
•Classes and Objects
•Object Characteristics
•Modularity of Objects
•Object-Oriented Programming Characteristic
•Another Characteristic of OOP
•Module Characteristics
•Distributed Computing
•Distributed Computing – ORBs
•Distributed Communication Architecture
•COM Architecture
•DCOM Architecture
•Enterprise Java Beans
•Linking Through COM
•Mobile Code with Active Content
•World Wide Web OLE
•ActiveX Security
•Java and Applets
•Common Gateway Interface
•How CGI Scripts Work
•Cross-Site Scripting Attack
•Cookies
•Database Models – Hierarchical
•Database Models – Distributed
•Database Models – Object-Oriented Database
•Database Models – Relational
•Database Models – Relational Components
•Foreign Key
•Database Component
•Database Security Mechanisms
•Database Data Integrity Controls
•Add-On Security
•Database Security Issues
•Controlling Access
•Database Integrity
•Databases
•Data Mart
•Data Mining
•Artificial Intelligence
•Artificial Intelligence
•Expert System Components
•Artificial Neural Networks
•Software Development Models
•Project Development – Phases III, IV, and V
•Project Development – Phases VI and VII
•Verification versus Validation
•Evaluating the Resulting Product
•Controlling How Changes Take Place
•Change Control Process
•Change Control Steps (Continued)
•Administrative Controls
•Malware
•Virus
•DDoS Attack Types
•DDoS Issues
•DDoS Mail Bombing
•Timing Attacks
•More Advanced Attacks
•Review
 Module 10 – Operations Security

•Operations Security Objectives
•Role of the Operations Department
•Computer Operations
•Security Operations Product Evaluation
•Compliancy Tools
•Some Threats to Computer Operations
•Specific Operations Tasks
•Product Evaluation
•Trusted Recovery of Software
•Change Control
•Resource Protection
•Contingency Planning
•System Controls
•Duplexing, Mirroring, Check Pointing
•Redundant Array of Independent Disks (RAID)
•Fault Tolerance
•Redundancy Mechanism
•Backups
•Backup Types
•Remote Access
•Facsimile Security
•Email Security
•Before Carrying Out Vulnerability Testing
•Vulnerability Assessments
•Methodology
•Penetration Testing
•Penetration Testing
•Hack and Attack Strategies
•Protection Mechanism – Honeypot
•Data Leakage – Social Engineering
•Data Leakage – Object Reuse
•Object Reuse
•Why Not Just Delete File or Format the Disk?
•Data Leakage – Keystroke Logging
•Data Leakage – Emanation
•Controlling Data Leakage – TEMPEST
•Controlling Data Leakage – Control Zone
•Controlling Data Leakage – White Noise
•Review
 Information Systems Security Officer Training is available in : LIVE REMOTE TRAINING format.  Attend live classes from anywhere in the world!
• Live Presentations with Powerful functionality that delivers easy viewing of slides and other documents, shared Internet access, virtual whiteboard, and a media center all through an easy-to-use toolbar.
• Application, file, and desktop sharing enable you to view live demonstrations.
• Dedicated high spec remote PC per student with full access as if you are sitting in-front of the PC in the classroom.
• Instructor views each students session when you perform your hands on labs, the instructor can access your remote system to demonstrate and assist while you sit back to absorb the classroom style mentoring you expect.
• Public and private text chat allows for increased interactivity between students and instructor

Start your Information Systems Security Officer Certification today with mile2!