Академический Документы
Профессиональный Документы
Культура Документы
Introduction
Muhammad Yousaf
Riphah Institute of Systems Engineering (RISE), Riphah International University (RIU), Islamabad
Instructor
MUHAMMAD YOUSAF
MS (Computer Engineering)
Specialization in Computer Networks Center for Advanced Studies in Engineering (CASE) U.E.T. Taxila
Becoming a CISSP
Certified Information Systems Security Professional
muhammad.yousaf@riu.edu.pk
Contents
Why to become a CISSP The CISSP exam Recommended Books Grading Policy The Common Body of Knowledge and
muhammad.yousaf@riu.edu.pk
muhammad.yousaf@riu.edu.pk
Ten domains of security make up the CISSP Common Body of Knowledge (CBK) Covers breath of the Information Systems Security
An Inch Deep & A Mile Wide
250 MCQs in 6 Hours Exam Minimum passing score is 700/1000 Exam is NOT product or vendor oriented
muhammad.yousaf@riu.edu.pk 6
Recommended Books
ALL-IN-ONE CISSP EXAM GUIDE
By Shon Harris Sixth Edition McGraw Hill, 2013
muhammad.yousaf@riu.edu.pk
Grading Policy Quizzes (10) Mid Term (2) Final Exam 10*3=30 2*15=30 40
muhammad.yousaf@riu.edu.pk
muhammad.yousaf@riu.edu.pk
10
Access Control
Examines mechanisms that enable administrators and managers to control what subjects can access, Extent of their capabilities after authorization and authentication, Auditing and monitoring of these activities. Some of the topics covered include
Access control threats Attack methods Identification and authentication techniques Single sign-on technologies Access control administration
muhammad.yousaf@riu.edu.pk
11
muhammad.yousaf@riu.edu.pk
13
Cryptography
This domain examines cryptography techniques, approaches, and technologies. Some of the topics covered include
Encryption protocols and implementation Symmetric versus asymmetric algorithms and uses Public key infrastructure (PKI) and hashing functions Attack methods
muhammad.yousaf@riu.edu.pk
15
muhammad.yousaf@riu.edu.pk
16
muhammad.yousaf@riu.edu.pk
18
Security Operations
Examines controls over personnel, hardware, systems, and auditing and monitoring techniques. Possible abuse channels and how to recognize and address them. Some of the topics covered include
Administrative responsibilities pertaining to personnel and job functions Maintenance concepts of antivirus, training, auditing, and resource protection activities Preventive, detective, corrective, and recovery controls Security and fault-tolerance technologies
muhammad.yousaf@riu.edu.pk
19
Questions ???
muhammad.yousaf@riu.edu.pk
20