CNIT 125: Information Security Professional (CISSP Preparation)

Fall 2014 Sam Bowne

Schedule · Powerpoints · Projects · Links · Home Page

75572 501 Lec W 06:10-09:00PM CLOUD 218


Catalog Description

Covers information security in depth, including access control, application security, business continuity, cryptography, risk management, legal issues, physical security, and telecommunications and network security. This class helps to prepare students for the Certified Information Systems Security Professional (CISSP) credential, which is essential for high-level information security professionals.

Advisory: Students should have taken CNIT 123, or hold the Certified Ethical Hacker credential, or have equivalent knowedge of basic security.

Upon successful completion of this course, the student will be able to:
  1. Explain security and risk management.
  2. Define and implement access controls.
  3. Assess application security.
  4. Plan for business continuity and disaster recovery.
  5. Apply cryptography correctly to protect information.
  6. Explain legal regulations and ensure compliance.
  7. Perform investigations, preserve evidence, and cooperate with law enforcement authorities.
  8. Explain codes of conduct and ethical issues.
  9. Maintain security of operations.
  10. Assess physical and environmental security.
  11. Design security architecture.
  12. Explain telecommunications and network security.


"CISSP for Dummies", by Lawrence Miller and Peter Gregory ISBN-10: 111836239X Buy from Amazon


DateQuiz & AssignmentMeeting Time - Topic
Wed 8-20  6:10 - Class Structure and Introduction; Forming Groups; NDA
Wed 8-27 6:10 - Ch 1-3: Certification Basics
Wed 9-3 6:10 - Ch 4: Access Control
Fri 9-5 Last Day to Add Classes
Wed 9-10Group Projects Begin
First Assignment Given
Quiz: Ch 4
6:10 - Ch 5: Telecommunications and Network Security (Part 1)
Wed 9-17No Quiz
Assignment 1 Due
6:10 - Managers
6:30 - Ch 5: Telecommunications and Network Security (Part 2)
Wed 9-24Quiz on Ch 5
Assignment 2 Due
6:10 - Managers
6:30 - Ch 6: Information Security Governance and Risk Management
Wed 10-1Quiz on Ch 6
Assignment 3 Due
6:10 - Managers
6:30 - Ch 7: Software Development Security
Wed 10-8Quiz on Ch 7
Assignment 4 Due
6:10 - Managers
6:30 - Ch 8: Cryptography
Wed 10-15Quiz on Ch 8
Assignment 5 Due
6:10 - Managers
6:30 - Ch 9: Security Architecture and Design
Wed 10-22Quiz on Ch 9
Assignment 6 Due
6:10 - Managers
6:30 - Ch 10: Security Operations
Mon 10-27 Mid-Term Grades Due
Wed 10-29Quiz on Ch 10
Assignment 7 Due
6:10 - Managers
6:30 - Ch 11: Business Continuity and Disaster Recovery Planning
Wed 11-5Quiz on Ch 11
Assignment 8 Due
6:10 - Managers
6:30 - Ch 12: Legal, Regulations Investigations, and Compliance
Wed 11-12Quiz on Ch 12
Assignment 9 Due
6:10 - Managers
6:30 - Ch 13: Physical (Environmental) Security

Thu, Nov 13
6 PM SCIE 200
Wardriving (extra credit)

Wed 11-19 Quiz on Ch 13
Assignment 10 Due
6:10 - Managers
6:30 - Review Questions
Wed 11-26No Quiz
Assignment 11 Due
6:10 - Managers
6:30 - Review Questions
Wed 12-3No Quiz
Assignment 12 Due
6:10 - Managers
6:30 - Review Questions

Fri, Dec 5 &
Sat, Dec 6
Mt. View


Wed 12-10 6:10 - Last Class: TBA
Wed 12-17  6:10 - Final Exam: Room Cloud 218 with Doug Spindler


Introductory Materials

Welcome message
Student Agreement
Non-Disclosure Agreement

Introduction to CNIT 125

HOPE: Stupid Whitehat Tricks on this page in "Summer 2014 Events"

Technical Lectures

Ch 1-3: Certification Basics       PPT
Ch 4: Access Control       PPT
Ch 5: Telecommunications and Network Security (Part 1)       PPT
Ch 5: Telecommunications and Network Security (Part 2)       PPT
Ch 6: Information Security Governance and Risk Management       PPT
Ch 7: Software Development Security       PPT
Ch 8: Cryptography       PPT
Ch 9: Security Architecture and Design       PPT
Ch 10: Security Operations       PPT
Ch 11: Business Continuity and Disaster Recovery Planning       PPT
Ch 12: Legal, Regulations Investigations, and Compliance       PPT
Ch 13: Physical (Environmental) Security       PPT
The lectures are in Word and PowerPoint formats.
If you do not have Word or PowerPoint you can use Open Office.

Back to Top


Cold Calls Procedure

Research & Present (extra credit)

Instead of the usual homework assignments, students will all work together in teams, led by student managers, to perform security audits of information systems and other projects with real significance. Every student will be required to sign a non-disclosure agreement.

Students are required to prepare professional resumes.

Students are required to give presentations in class.

Back to Top


Introduction to CISSP and CNIT 125

CISSP 1: CISSP Education & Certification
CISSP 2: (ISC)2 | Certified Information Security Education
CISSP 3: CISSP was the third highest salaried certification in 2009
CISSP 4: DOD 8570 requires CISSP, Sec+, and other certs for all gov\'t Information Assurance employees
CISSP 5: CISSP exam prices
CISSP 6: (ISC)2 Code of Ethics
CISSP 7: Associate of (ISC) Certification
CISSP 8: SSCP Education & Certification
CISSP 9: Exam Prices (pdf)
CISSP 10: Test Prep: 10 Tips For Preparing and Passing the CISSP Exam
CISSP 11: How to get continuing education credit for CISSP certification holders
CISSP 12: GIAC Research in the Common Body of Knowledge -- Good white papers for the ten CISSP domains
CISSP 13: DoD Directive 8570.1 M - DoD Approved Baseline Certifications
CISSP 14: Associate of (ISC)^2 FAQ
CISSP 15: 7 Types of Hard CISSP Exam Questions and How To Approach Them
CISSP 16: How I Prepared for the CISSP Exam--Sam Bowne
CISSP 17: A CISSP Study Plan Memoir
CISSP 18: CISSP Practice Test
CISSP 19: San Francisco Bay Area ISSA--CISSP Study Sessions
CISSP 20: CPE Requirements
CISSP 21: (ISC)^2 SF Chapter
CISSP 22: Average CISSP Salary 2017
CISSP 23: Exam Prices 2017
CISSP 24: Dilbert : How the CISSP Exam was Written
CISSP 25: Your Guide to the Certified Information Systems Security Professional (CISSP) Exam
CISSP 26: Transcender Practice Exam

Links for Chapter Lectures

Ch 2a: Octomom's hospital records accessed, 15 workers fired (from 2009)
Ch 2b: Three Primary Analytics Lessons Learned from 9/11 (2012)
Ch 2c: The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America: James Bamford: 9780307279392: Amazon.com: Books
Ch 2d: Chelsea Manning explains why she leaked secret military documents, fought for transgender rights behind bars
Ch 2e: WikiLeaks Q & A: who is Bradley Manning and what did he do?
Ch 2f: Chelsea Manning - Wikipedia

Ch 4a: Memory segmentation - Wikipedia
Ch 4b: Trusted Computer System Evaluation Criteria - Wikipedia
Ch 4c: Internet of Shit (@internetofshit) | Twitter
Ch 4d: OWASP Top Ten Project
Ch 4e: Secret Service codename - Wikipedia
Ch 4f: Pretty Rindjael Animation
Ch 4g: IPsec - Wikipedia

Ch 5a: 64-bit Global Identifier (EUI-64)
Ch 5b: How FTP port requests challenge firewall security
Ch 5c: Online Dig | Men & Mice

Ch 6a: Call It Super Bowl Face Scan I (From 2001)
Ch 6b: Obama Eyeing Internet ID for Americans (from 2011)

Ch 9a: Metasploit Module Source Code in Ruby

Other Links

A Beginner's Guide to Data Compliance
HIPAA certification HCISPP vs CSCS
Certified Security Compliance Specialist
How to Reverse Engineering with Radare2 -- INTERESTING FOR PROJECTS
COBIT 5 Laminate
Describe the main differences in due dilligence and due care
DREAD (risk assessment model) - Wikipedia
US-EU Safe Harbor Data-Transfer Talks Enter Final Week (1-25-16)
Separation of Duties in Information Technology

New Unsorted Links

Ch 2g: U.S.-EU & U.S.-Swiss Safe Harbor Frameworks
Ch 2h: Privacy Shield
Ch 2i: Privacy Shield -- Is Safe Harbour's Replacement Up To The Job In 2017? (May, 2017)
ISC2 Launches New CISSP Exam Format to Help Bring More Cybersecurity Professionals into the Field
Ideas for Student Projects 2017
Official (ISC)^2 CISSP Study App
SpiderMonkey -- Deobfuscates JavaScript Malware ty @lennyzeltser #IRespondCon
CISSP 27: CASP vs. CISSP: The Real Fight Is For Candidates' Attention
Top 20 CIS Critical Security Controls (CSC) You Need to Implement
OWASP Top 10 Security Risks - Part V
The Phoenix Project
2020-02-03: CISSP Certification Cheat Sheet, Study Guides & Best Courses
Ch 3a: DOD Directive 5200.28 defining security modes

Back to Top
Last Updated: 12-12-14 1:46 pm