CNIT 125: Information Security Professional (CISSP Preparation)

Fall 2011 Sam Bowne

Scores

Schedule · Lecture Notes · Projects · Links · Home Page


73754 601 Lec SAT 09:00-12:00PM SCIE 136

Catalog Description

Covers information security in depth, including access control, application security, business continuity, cryptography, risk management, legal issues, physical security, and telecommunications and network security. This class helps to prepare students for the Certified Information Systems Security Professional (CISSP) credential, which is essential for high-level information security professionals.

Advisory: Students should have taken CNIT 123, or hold the Certified Ethical Hacker credential, or have equivalent knowedge of basic security.

Upon successful completion of this course, the student will be able to:

Explain security and risk management.
Define and implement access controls.
Assess application security.
Plan for business continuity and disaster recovery.
Apply cryptography correctly to protect information.
Explain legal regulations and ensure compliance.
Perform investigations, preserve evidence, and cooperate with law enforcement authorities.
Explain codes of conduct and ethical issues.
Maintain security of operations.
Assess physical and environmental security.
Design security architecture.
Explain telecommunications and network security.

Textbooks

"CISSP Guide to Security Essentials, 1st Edition", by Peter Gregory ISBN-10: 1435428196 Buy from Amazon

"CNIT 125 Lecture Notes", by Sam Bowne (buy at CCSF bookstore)

Schedule
Date	Quiz	Topic
Sat 8-20		Class Structure and Introduction
Sat 8-27		Ch 1: Information Security and Risk Management
*Fri 9-2*	*Last Day to Add Classes*
*Sat 9-3*	*Holiday - No Class*
Sat 9-10		Ch 2: Access controls
*Thu 9-15*	*Last Day to Request Pass/No Pass Grading*
Sat 9-17	No Quiz LOCKDOWN	Ch 2: Access controls
Sat 9-24	Quiz on Ch 1 & 2	Ch 3: Application Security
Sat 10-1	Quiz on Ch 3	Ch 4: Business Continuity and Disaster Recovery Planning
Sat 10-8	Quiz on Ch 4	Ch 5: Cryptography
*Fri 10-21*	*Mid-Term Grades Due*
Sat 10-15	Quiz on Ch 5	Ch 6: Legal, Regulations, Compliance and Investigations
Sat 10-22	Quiz on Ch 6	Ch 7: Operations Security
Sat 10-29	Quiz on Ch 7	Ch 8: Physical and Environmental Security
Sat 11-5	No Quiz	Ch 8 Continued
*Sat 11-12*	*Holiday - No Class*
*Thu 11-17*	*Last Day to Withdraw*
Sat 11-19	Quiz on Ch 8	Ch 9: Security Architecture and Design
*Sat 11-26*	*Holiday - No Class*
Sat 12-3	Quiz on Ch 9	Ch 10: Telecommunications and Network Security
Sat 12-10	Class Cancelled for BayThreat
Sat 12-17		*Final Exam: 9 am*

Lecture Notes
Policy
Student Agreement
Introduction to CNIT 125
Security Circus
1: Information Security and Risk Management PowerPoint
2: Access controls PowerPoint
3: Application Security PowerPoint
OWASP's Top Ten Web Application Risks
4: Business Continuity and Disaster Recovery Planning PowerPoint
5: Cryptography PowerPoint
6: Legal, Regulations, Compliance and Investigations PowerPoint
7: Operations Security PowerPoint
8: Physical and Environmental Security PowerPoint
9: Security Architecture and Design PowerPoint
10: Telecommunications and Network Security PowerPoint
The lectures are in Word and PowerPoint formats. If you do not have Word or PowerPoint you will need to install the Free Word Viewer 2003 and/or the Free PowerPoint Viewer 2003.

Back to Top

Projects
Twitter Project (10 pts.) Cold Calls Procedure Research & Present (extra credit) Instead of the usual homework assignments, students will all work together in teams, led by student managers, to perform real security audits of real information systems and other projects with real significance. Every student will be required to sign a non-disclosure agreement. Students are required to prepare professional resumes.

Projects

Twitter Project (10 pts.)

Cold Calls Procedure

Research & Present (extra credit)

Instead of the usual homework assignments, students will all work together in teams, led by student managers, to perform real security audits of real information systems and other projects with real significance. Every student will be required to sign a non-disclosure agreement.

Students are required to prepare professional resumes.

Back to Top

Links
Introduction to CISSP and CNIT 125 CISSP 1: CISSP Education & Certification CISSP 2: (ISC)2 \| Certified Information Security Education CISSP 3: CISSP was the third highest salaried certification in 2009 CISSP 4: DOD 8570 requires CISSP, Sec+, and other certs for all gov\'t Information Assurance employees CISSP 5: CISSP exam prices CISSP 6: (ISC)2 Code of Ethics CISSP 7: Associate of (ISC)² Certification CISSP 8: SSCP Education & Certification CISSP 9: Exam Prices (pdf) CISSP 10: Test Prep: 10 Tips For Preparing and Passing the CISSP Exam CISSP 11: How to get continuing education credit for CISSP certification holders CISSP 12: GIAC Research in the Common Body of Knowledge -- Good white papers for the ten CISSP domains CISSP 13: DoD Directive 8570.1 M - DoD Approved Baseline Certifications CISSP 14: Associate of (ISC)^2 FAQ CISSP 16: How I Prepared for the CISSP Exam--Sam Bowne CISSP 17: A CISSP Study Plan Memoir CISSP 18: CISSP Practice Test CISSP 19: San Francisco Bay Area ISSA--CISSP Study Sessions CISSP 20: CPE Requirements CISSP 21: (ISC)^2 SF Chapter CISSP 22: Average CISSP Salary 2017 CISSP 23: Exam Prices 2017 CISSP 24: Dilbert : How the CISSP Exam was Written CISSP 25: Your Guide to the Certified Information Systems Security Professional (CISSP) Exam CISSP 26: CyberVista Practice Exam (Recommended as of 2021) CISSP 27: CASP vs. CISSP: The Real Fight Is For Candidates' Attention CISSP 28: CISSP Certification Cheat Sheet, Study Guides & Best Courses CISSP 29: ISC2 Launches New CISSP Exam Format to Help Bring More Cybersecurity Professionals into the Field CISSP 30: Official (ISC)^2 CISSP Study App Links for Chapter Lectures Ch 2a: Octomom's hospital records accessed, 15 workers fired (from 2009) Ch 2b: Three Primary Analytics Lessons Learned from 9/11 (2012) Ch 2c: The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America: James Bamford: 9780307279392: Amazon.com: Books Ch 2d: Chelsea Manning explains why she leaked secret military documents, fought for transgender rights behind bars Ch 2e: WikiLeaks Q & A: who is Bradley Manning and what did he do? Ch 2f: Chelsea Manning - Wikipedia Ch 2g: U.S.-EU & U.S.-Swiss Safe Harbor Frameworks Ch 2h: Privacy Shield Ch 2i: Privacy Shield -- Is Safe Harbour's Replacement Up To The Job In 2017? (May, 2017) Ch 3a: DOD Directive 5200.28 defining security modes Ch 4a: Memory segmentation - Wikipedia Ch 4b: Trusted Computer System Evaluation Criteria - Wikipedia Ch 4c: Internet of Shit (@internetofshit) \| Twitter Ch 4d: OWASP Top Ten Project Ch 4e: Secret Service codename - Wikipedia Ch 4f: Pretty Rindjael Animation Ch 4g: IPsec - Wikipedia Ch 5a: 64-bit Global Identifier (EUI-64) Ch 5b: How FTP port requests challenge firewall security Ch 5c: Online Dig \| Men & Mice Ch 6a: Call It Super Bowl Face Scan I (From 2001) Ch 6b: Obama Eyeing Internet ID for Americans (from 2011) Ch 9a: Metasploit Module Source Code in Ruby Other Links A Beginner's Guide to Data Compliance HIPAA certification HCISPP vs CSCS Certified Security Compliance Specialist How to Reverse Engineering with Radare2 -- INTERESTING FOR PROJECTS COBIT 5 Laminate Describe the main differences in due dilligence and due care DREAD (risk assessment model) - Wikipedia US-EU Safe Harbor Data-Transfer Talks Enter Final Week (1-25-16) Separation of Duties in Information Technology Top 20 CIS Critical Security Controls (CSC) You Need to Implement OWASP Top 10 Security Risks - Part V The Phoenix Project New Unsorted Links Certified Information Systems Security Professional (CISSP) \| Practice Test Free Trial - CyberVista RSA 2022 Volunteers 2022-05-03: CCSF Sleep-Out Protest 2023-05-10: KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

Links

Introduction to CISSP and CNIT 125
CISSP 1: CISSP Education & Certification
CISSP 2: (ISC)2 | Certified Information Security Education
CISSP 3: CISSP was the third highest salaried certification in 2009
CISSP 4: DOD 8570 requires CISSP, Sec+, and other certs for all gov\'t Information Assurance employees
CISSP 5: CISSP exam prices
CISSP 6: (ISC)2 Code of Ethics
CISSP 7: Associate of (ISC)² Certification
CISSP 8: SSCP Education & Certification
CISSP 9: Exam Prices (pdf)
CISSP 10: Test Prep: 10 Tips For Preparing and Passing the CISSP Exam
CISSP 11: How to get continuing education credit for CISSP certification holders
CISSP 12: GIAC Research in the Common Body of Knowledge -- Good white papers for the ten CISSP domains
CISSP 13: DoD Directive 8570.1 M - DoD Approved Baseline Certifications
CISSP 14: Associate of (ISC)^2 FAQ
CISSP 16: How I Prepared for the CISSP Exam--Sam Bowne
CISSP 17: A CISSP Study Plan Memoir
CISSP 18: CISSP Practice Test
CISSP 19: San Francisco Bay Area ISSA--CISSP Study Sessions
CISSP 20: CPE Requirements
CISSP 21: (ISC)^2 SF Chapter
CISSP 22: Average CISSP Salary 2017
CISSP 23: Exam Prices 2017
CISSP 24: Dilbert : How the CISSP Exam was Written
CISSP 25: Your Guide to the Certified Information Systems Security Professional (CISSP) Exam
CISSP 26: CyberVista Practice Exam (Recommended as of 2021)
CISSP 27: CASP vs. CISSP: The Real Fight Is For Candidates' Attention
CISSP 28: CISSP Certification Cheat Sheet, Study Guides & Best Courses
CISSP 29: ISC2 Launches New CISSP Exam Format to Help Bring More Cybersecurity Professionals into the Field
CISSP 30: Official (ISC)^2 CISSP Study App

Links for Chapter Lectures
Ch 2a: Octomom's hospital records accessed, 15 workers fired (from 2009)
Ch 2b: Three Primary Analytics Lessons Learned from 9/11 (2012)
Ch 2c: The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America: James Bamford: 9780307279392: Amazon.com: Books
Ch 2d: Chelsea Manning explains why she leaked secret military documents, fought for transgender rights behind bars
Ch 2e: WikiLeaks Q & A: who is Bradley Manning and what did he do?
Ch 2f: Chelsea Manning - Wikipedia
Ch 2g: U.S.-EU & U.S.-Swiss Safe Harbor Frameworks
Ch 2h: Privacy Shield
Ch 2i: Privacy Shield -- Is Safe Harbour's Replacement Up To The Job In 2017? (May, 2017)

Ch 3a: DOD Directive 5200.28 defining security modes

Ch 4a: Memory segmentation - Wikipedia
Ch 4b: Trusted Computer System Evaluation Criteria - Wikipedia
Ch 4c: Internet of Shit (@internetofshit) | Twitter
Ch 4d: OWASP Top Ten Project
Ch 4e: Secret Service codename - Wikipedia
Ch 4f: Pretty Rindjael Animation
Ch 4g: IPsec - Wikipedia

Ch 5a: 64-bit Global Identifier (EUI-64)
Ch 5b: How FTP port requests challenge firewall security
Ch 5c: Online Dig | Men & Mice

Ch 6a: Call It Super Bowl Face Scan I (From 2001)
Ch 6b: Obama Eyeing Internet ID for Americans (from 2011)

Ch 9a: Metasploit Module Source Code in Ruby

Other Links
A Beginner's Guide to Data Compliance
HIPAA certification HCISPP vs CSCS
Certified Security Compliance Specialist
How to Reverse Engineering with Radare2 -- INTERESTING FOR PROJECTS
COBIT 5 Laminate
Describe the main differences in due dilligence and due care
DREAD (risk assessment model) - Wikipedia
US-EU Safe Harbor Data-Transfer Talks Enter Final Week (1-25-16)
Separation of Duties in Information Technology
Top 20 CIS Critical Security Controls (CSC) You Need to Implement
OWASP Top 10 Security Risks - Part V
The Phoenix Project

New Unsorted Links
Certified Information Systems Security Professional (CISSP) | Practice Test Free Trial - CyberVista
RSA 2022 Volunteers
2022-05-03: CCSF Sleep-Out Protest
2023-05-10: KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

Back to Top

Last Updated: 11-6-11 7 am